Phoenix Technology Summit 2024

"ElevateIT: Phoenix Technology Summit is a premier conference for technology leaders, professionals, and enthusiasts in the Phoenix area. The conference brings together industry experts and thought leaders to discuss emerging trends, best practices, and innovative solutions in the field of technology. At the ElevateIT: Phoenix Technology Summit, attendees will have the opportunity to participate in engaging keynotes, panel discussions, and interactive sessions.

Cyber Intelligence Europe

"We are pleased to bring our 10th Cyber Intelligence Europe conference and exhibition to Dublin, Ireland. Our international event brings together leading cyber security officials from across Europe and North America to discuss the latest national cyber security strategies and policies. Cyber Intelligence Europe will also discuss recent cybercrime trends and threats. With the event returning the European Union participants will be able to hear how EU nations share information and cooperate in combating cybercrimes."

New York Cybersecurity Summit

"The 13th Edition of the New York Cybersecurity Summit connects C-Suite & Senior Executives responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. Admission gives you access to all Interactive Panels, Discussions, Catered Breakfast, Lunch & Cocktail Reception."

"New Linux glibc Flaw Lets Attackers Get Root on Major Distros"

"New Linux glibc Flaw Lets Attackers Get Root on Major Distros"

Attackers can gain root access on multiple major Linux distributions in their default configurations by exploiting a Local Privilege Escalation (LPE) vulnerability in the GNU C Library (glibc). This security flaw, tracked as CVE-2023-6246, was discovered in a glibc function called by the syslog and vsyslog functions to write messages to the system message logger. The flaw stems from a heap-based buffer overflow vulnerability that was accidentally introduced in glibc 2.37 and later backported to glibc 2.36.

Submitted by Gregory Rigby on

"CyberArk Releases Online Ransomware Decryptor"

"CyberArk Releases Online Ransomware Decryptor"

CyberArk has released an online version of its open-source White Phoenix ransomware decryptor to help ransomware victims recover their files. Users can upload encrypted files using this new online version and then the tool ensures that as many files as possible are recoverable. The effectiveness of CyberArk's White Phoenix ransomware decryptor is heavily dependent on the encryption type and ransomware variant used. PDF, Word, Excel, ZIP, and PowerPoint files are all supported. This article continues to discuss CyberArk's White Phoenix ransomware decryptor.

Submitted by Gregory Rigby on

"Ivanti Zero-Day Patches Delayed as 'KrustyLoader' Attacks Mount"

"Ivanti Zero-Day Patches Delayed as 'KrustyLoader' Attacks Mount"

Attackers exploited a pair of now-patched critical zero-day vulnerabilities in Ivanti VPNs. They have used the flaws to launch a Rust-based set of backdoors, which then download a backdoor malware called "KrustyLoader." The two flaws enable unauthenticated Remote Code Execution (RCE) and authentication bypass, impacting Ivanti's Connect Secure VPN gear. This article continues to discuss the Ivanti vulnerabilities and their exploitation by attackers.

Submitted by Gregory Rigby on

"Leaked GitHub Token Exposed Mercedes Source Code"

"Leaked GitHub Token Exposed Mercedes Source Code"

According to security researchers at RedHunt, a GitHub token leaked by a Mercedes-Benz employee provided access to all the source code stored on the carmaker’s GitHub Enterprise server.  The token, discovered during an internet scan, was leaked in the employee’s GitHub repository, providing unrestricted and unmonitored access to the source code.  The researchers stated that the breach occurred on September 29, 2023, but was not discovered until January 11, 2024.  Mercedes revoked the leaked token on January 24, two days after being alerted of the incident.

Submitted by Adam Ekwall on

"US Sanctions Two ISIS-Affiliated Cybersecurity Experts"

"US Sanctions Two ISIS-Affiliated Cybersecurity Experts"

The US Treasury Department recently announced sanctions against two "cybersecurity experts" accused of running a platform affiliated with the Islamic State group.  The sanctioned individuals are both Egyptian nationals.  One of them is Mu'min Al-Mawji Mahmud Salim, the creator of a platform named Electronic Horizons Foundation (EHF), which provides cybersecurity training and guidance to ISIS supporters.  The platform offers information on conducting cyber operations, including for evading law enforcement and working with cryptocurrencies.

Submitted by Adam Ekwall on

"Researchers Win Award for Study on Text Embedding Privacy Risks"

"Researchers Win Award for Study on Text Embedding Privacy Risks"

Four researchers from Cornell Tech won the Outstanding Paper Award at the 2023 Empirical Methods in Natural Language Processing (EMNLP) Conference for their paper titled "Text Embeddings Reveal (Almost) As Much As Text." Their paper delves into privacy concerns regarding text embeddings, a Natural Language Processing (NLP) technique that addresses the challenges posed by the nuanced and ambiguity of words and phrases. Machines can quickly and efficiently understand numbers, but human language is more complicated.

Submitted by Gregory Rigby on

"Mapping Attacks on Generative AI to Business Impact"

"Mapping Attacks on Generative AI to Business Impact"

The IBM Institute for Business Value discovered that 84 percent of CEOs are concerned about widespread or destructive cyberattacks that generative Artificial Intelligence (AI) adoption could cause. As organizations consider how to incorporate generative AI into their business models and assess the security risks the technology may introduce, it is essential to look at the top attacks that threat actors could use against AI models.

Submitted by Gregory Rigby on
Subscribe to