Threat Intelligence
Hundreds of Clusters Attacked Due to Unpatched Flaw in Ray AI Framework
Thousands of servers running AI workloads are under attack by threat actors exploiting an unpatched vulnerability in the open-source Ray AI framework – widely used by such companies as OpenAI, Uber, Amazon, ...
Security Boulevard
Revealed: Facebook’s “Incredibly Aggressive” Alleged Theft of Snapchat App Data
Richi Jennings | | Brian J. Dunne, class action, class action lawsuit, DeleteFacebook, facebook, facebook fine, free vpn app, Ghostbusters, IAPP, Man In The Middle, man in the middle attack, man in the middle attacks, Mark Zuckerberg, Meta, mitm, MitM Attack, mitm attacks, mitm tool, mitm tools, Onavo, Onavo VPN, SB Blogwatch, Snapchat, SSL Bump, VPN
Meta MITM IAAP SSL bump: Zuck ordered “Project Ghostbusters”—with criminal consequences, says class action lawsuit ...
Security Boulevard
CISA, FBI Push Software Developers to Eliminate SQL Injection Flaws
The federal government is putting pressure on software makers to ensure that their products don’t include SQL injection vulnerabilities, a longtime and ongoing threat that was put in the spotlight with last ...
Security Boulevard
US, UK Accuse China of Years-Long Cyberespionage Campaign
The United States, the UK, and other countries this week accused a state-sponsored Chinese threat group of running a massive global hacking campaign for more than a decade that targeted political figures, ...
Security Boulevard
Embrace Generative AI for Security, But Use Caution
Generative AI will be a net positive for security, but with a large caveat: It could make security teams dangerously complacent ...
Security Boulevard
China Steals Defense Secrets ‘on Industrial Scale’
Richi Jennings | | china, china espionage, China-linked Hackers, Chinese, Chinese Communists, chinese government, chinese hacker, Chinese hackers, Chinese Intelligence, Chinese state-sponsored hacking group, Chinese Threat Actors, ConnectWise, ConnectWise Vulnerabilities, CVE-2022-0185, CVE-2022-3052, CVE-2023-22518, CVE-2024-1709, Data Stolen By China, Dawn Calvary, f5, F5 BIG-IP, F5 BIG-IP vulnerability, Genesis Day, gov.uk, Mandiant, MSS, MSS Hackers, Peoples Republic of China, PRC, PRC Espionage, SB Blogwatch, ScreenConnect, Teng Snake, uk, UNC302, UNC5174, Uteus, Xiaoqiying
UNC5174 ❤ UNC302: CVSS 10 and 9.8 vulnerabilities exploited by Chinese threat actor for People’s Republic ...
Security Boulevard
Tax Scams Ramping Up as the April 15 Deadline Approaches
With the IRS deadline only weeks away, businesses and individuals are racing to get their taxes filed, and bad actors are doing what they can to keep pace with them. Both Microsoft ...
Security Boulevard
RaaS Groups Go Recruiting in Wake of LockBit, BlackCat Takedowns
The effects of the recent high-profile disruptions of LockBit’s and BlackCat ransomware operations by law enforcement agencies are rippling through the dark web, with smaller threat gangs looking to scoop up the ...
Security Boulevard
CISA, NSA, Others Outline Security Steps Against Volt Typhoon
Top cybersecurity agencies in the United States and other countries are again warning critical infrastructure companies about the “urgent risk” posed by Chinese state-sponsored threat group Volt Typhoon and are recommending steps ...
Security Boulevard
Ordr Taps AI to Augment Attack Surface Management
Michael Vizard | | AI, ASM, asset management, Attack Surface, Attack Surface Management, generative AI, Ordr
Ordr this week added an attack surface management (ASM) tool infused with artificial intelligence (AI) to its existing asset management portfolio ...
Security Boulevard