News
-
"Delaware Taps Artificial Intelligence to Evacuate Crowded Beaches When Floods Hit"Delaware's transportation department, which controls more than 90% of roads in a state with the lowest average elevation in the country, is tasked with implementing evacuation plans during high water, which is a bureaucratic nightmare considering how…
-
"API Bug in OAuth Dev Tool Opened Websites, Apps to Account Hijacking"A critical Application Programming Interface (API) vulnerability in the Expo open source framework enabled the harvesting of auth credentials via the Open Authorization (OAuth) protocol. According to researchers at Salt Labs, the vulnerability, while…
-
"GitLab Security Update Patches Critical Vulnerability"DevOps platform GitLab recently resolved a critical-severity vulnerability impacting both GitLab Community Edition (CE) and Enterprise Edition (EE). An open source end-to-end software development platform, GitLab helps developers and organizations…
-
"CyLab Faculty Earn Two 'Test of Time' Awards at IEEE Symposium on Security and Privacy"During the 44th Symposium on Security and Privacy, the Institute of Electrical and Electronics Engineers (IEEE) gave two "Test of Time" awards to papers co-authored by faculty members at Carnegie Mellon University's (CMU) CyLab Security and Privacy…
-
"GUAC 0.1 Beta: Google's Breakthrough Framework for Secure Software Supply Chains"Google has announced the 0.1 Beta version of GUAC, which stands for Graph for Understanding Artifact Composition. It will help organizations secure their software supply chains. The search giant is making the open source framework available as an…
-
"New Buhti Ransomware Gang Uses Leaked Windows, Linux Encryptors"A new ransomware operation, "Buhti," targets Windows and Linux systems using leaked code from the LockBit and Babuk ransomware families. Although the threat actors behind Buhti, now tracked as "Blacktail," have not developed their own ransomware strain,…
-
"Phishing Campaign Targets ChatGPT Users"Researchers at Inky have discovered a phishing campaign designed to steal business email account credentials by impersonating OpenAI, the company behind the ChatGPT Artificial Intelligence (AI)-driven chatbot. ChatGPT has rapidly gained popularity and is…
-
"'Volt Typhoon' China-Backed APT Infiltrates US Critical Infrastructure Orgs"An investigation conducted by Microsoft reveals that China-backed threat actors have established persistent access to telecommunications networks and other critical infrastructure targets in the US for espionage and, potentially, to disrupt…
-
"UC Santa Cruz Engineers Join Major Transportation Cybersecurity Project"As part of a new national center, UC Santa Cruz (UCSC) researchers will play an important role in protecting US transportation systems from cyber threats. Researchers at UCSC will focus on enhancing the Artificial Intelligence (AI) systems powering…
-
"AT&T Resolves Issue That Would Allow Account Takeover Through ZIP Code and Phone Number"AT&T recently patched a vulnerability that would have allowed anyone to hijack someone's account on the telecommunications company's official website by using the account holder's phone number and ZIP code. Joseph Harris, a cybersecurity researcher,…
-
"SAS Airlines Breached by Pro-Russian Hackers – Again"The pro-Russian hacking group Anonymous Sudan compromised Scandinavian Airlines (SAS) for the second time this year, knocking the SAS website and app offline for hours. The group tried to extort SAS with a $3,500 ransom to stop the attack. According to…
-
"NSA and Partners Identify China State-Sponsored Cyber Actor Using Built-in Network Tools When Targeting US Critical Infrastructure Sectors"The National Security Agency (NSA) and its partners have identified indicators of compromise (IOCs) related to a People's Republic of China (PRC) state-sponsored cyber actor using living off the land (LOTL) techniques to target networks across the…