"Citrix Warns NetScaler ADC Customers of New Zero-Day Exploitation"

"Citrix Warns NetScaler ADC Customers of New Zero-Day Exploitation"

Citrix recently informed customers that two new zero-day vulnerabilities affecting its NetScaler ADC and Gateway products have been exploited in attacks.  One of the flaws tracked as CVE-2023-6548 is a medium-severity issue that allows a low-privileged authenticated attacker to execute arbitrary code on the management interface remotely.  The second vulnerability, CVE-2023-6549, is a high-severity issue that can be exploited for denial-of-service (DoS) attacks.

Submitted by Adam Ekwall on

"Google Warns of Chrome Browser Zero-Day Being Exploited"

"Google Warns of Chrome Browser Zero-Day Being Exploited"

Google has recently pushed out an urgent Chrome browser update to fix a trio of high-severity security defects and warned that one of the bugs is already being exploited in the wild.  Google describes the exploited zero-day, CVE-2024-0519, as an out-of-bounds memory access issue in the V8 JavaScript engine.  Google did not provide any additional details on the scope of the observed attacks or share telemetry to help defenders hunt for signs of compromise.

Submitted by Adam Ekwall on

"Chinese Researchers Use Quantum To Protect E-Commerce Transactions"

"Chinese Researchers Use Quantum To Protect E-Commerce Transactions"

Researchers from Nanjing University and Renmin University in China have significantly advanced e-commerce security by developing the world's first five-user online trading platform using quantum technology. Their research could improve online transaction security. Traditional e-commerce systems, which are protected by classical encryption algorithms, are becoming increasingly vulnerable to hacking, particularly with the rise of powerful quantum computing.

Submitted by Gregory Rigby on

"Computer Scientists Makes Noisy Data: Can Improve Treatments in Healthcare"

"Computer Scientists Makes Noisy Data: Can Improve Treatments in Healthcare"

Collecting and analyzing data from a large number of patients in order to discover patterns is an important aspect of modern healthcare, but such data must be protected to prevent the violation of individuals' privacy. Breaches could also damage general trust, resulting in fewer people consenting to participate. Researchers at the University of Copenhagen's Department of Computer Science have developed a method for protecting data sets used to train Machine Learning (ML) models. According to Ph.D.

Submitted by Gregory Rigby on

"Researchers Demo New CI/CD Attack Techniques in PyTorch Supply-Chain"

"Researchers Demo New CI/CD Attack Techniques in PyTorch Supply-Chain"

Security researchers used new techniques to infiltrate PyTorch's development infrastructure. They exploited insecure configurations in GitHub Actions workflows. Their proof-of-concept (POC) attack was disclosed to PyTorch's lead developer Meta AI. However, other software development organizations using GitHub Actions are likely to have made similar deployment mistakes, potentially exposing themselves to software supply chain attacks.

Submitted by Gregory Rigby on

"Group-IB Uncovers 16,000 Malicious Domains Used in Inferno Drainer Crypto Scam"

"Group-IB Uncovers 16,000 Malicious Domains Used in Inferno Drainer Crypto Scam"

A new report from Group-IB details the discovery of over 16,000 malicious domains created during the Inferno Drainer cryptocurrency scam last year. The Inferno Drainer group has been linked to the theft of more than $80 million in digital assets. Inferno Drainer targeted about 100 cryptocurrency brands using thousands of unique domains. The scam involved stealing the digital assets of victims who were duped into connecting their cryptocurrency wallets to fake websites and authorizing transactions.

Submitted by Gregory Rigby on

"Researchers Spot Critical Security Flaw in Bosch Thermostats"

"Researchers Spot Critical Security Flaw in Bosch Thermostats"

According to cybersecurity researchers at Bitdefender, thermostats sold by the multinational engineering company Bosch had a flaw that enabled hackers to cut the heating system's power and override the firmware. Models that did not receive an over-the-air firmware update late last year have a flaw that allows hackers to brick or replace the original firmware. The flaw stems from the Wi-Fi chip embedded in the Bosch thermostat. This article continues to discuss the critical security vulnerability found in Bosch thermostats. 

Submitted by Gregory Rigby on

"OpenAI's New GPT Store May Carry Data Security Risks"

"OpenAI's New GPT Store May Carry Data Security Risks"

A new app store for ChatGPT could expose users to both malicious and legitimate bots that send their data to insecure and remote locations. ChatGPT's rise in popularity, together with the open-source accessibility of early GPT models, widespread jailbreaks, and creative workarounds, have resulted in a proliferation of custom GPT models in 2023. The newly launched GPT store enables OpenAI subscribers to discover and create custom bots in one place.

Submitted by Gregory Rigby on

"CISA: Critical SharePoint Bug Actively Exploited"

"CISA: Critical SharePoint Bug Actively Exploited"

The Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities (KEV) catalog now includes a critical Microsoft SharePoint server bug that can be used as part of a Remote Code Execution (RCE) exploit chain. The vulnerability, tracked as CVE-2023-29357, is an elevation of privilege flaw with a CVSS v3 score of 9.8. The flaw enables attackers to gain administrator privileges on the SharePoint host by using spoofed JSON web tokens (JWTs).

Submitted by Gregory Rigby on

"Crypto Heists Surge in 2023, $16.93m Already Stolen in 2024"

"Crypto Heists Surge in 2023, $16.93m Already Stolen in 2024"

According to security researchers at Comparitech, crypto heists increased in volume by 42% in 2023, with 283 incidents.  This compares to 199 crypto theft incidents in 2022.  However, the total monetary value stolen in 2023 fell by 51% from $3.55bn in 2022 to $1.75bn.  The researchers noted that worryingly, $16.93m of crypto has already been stolen in 2024 as of January 15.  This is double the $8.37m stolen throughout January 2023.

Submitted by Adam Ekwall on
Subscribe to