Nobody needs Mythos or 0-days to build a chaos-causing computer worm – free open source models work just fine
'Attackers can now cheaply operationalize known vulnerabilities at scale,' boffins tell The Reg
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
'Attackers can now cheaply operationalize known vulnerabilities at scale,' boffins tell The Reg
Investigators Find Violations of State Cyber RegulationsNew York fined Delta Dental $2.25 million for the company's response to the mass exploit of a zero-day vulnerability in Progress Software' MOVEit file transfer application. Delta Dental is one of thousands of organizations caught up in the blast radius of an automated 2023 Memorial Day hack.
Also: CISA Warns of Unpatched Train Brake VulnerabilityThis week: Louis Vuitton and Co-op confirm breaches, unpatched train brake flaw, Barclays fined £42M pounds for financial crime failures, secret U.K. program relocated thousands of Afghans, ex-soldier pleads guilty to hacking, Ukrainian hackers claim hit on Russian drone supplier.
Data stolen included checklist for medics on how to get into vulnerable people's homes The UK's data protection watchdog is dishing out a £3.07 million ($3.95 million) fine to Advanced Computer Software Group, whose subsidiary's security failings led to a ransomware attack affecting NHS care.…
Model was fine-tuned to write vulnerable software – then suggested enslaving humanity Computer scientists have found that fine-tuning notionally safe large language models to do one thing badly can negatively impact the AI’s output across a range of topics.…
AG Says HealthAlliance Tried But Failed to Fix Zero-Day Flaw That Led to ExploitNew York State has levied a $550,000 fine against a healthcare group that tried - but failed - to patch a critical zero-day vulnerability in a Citrix NetScaler appliance used for telemedicine. Hackers exploited the flaw, stealing 196 gigabytes of data in an incident affecting 242,000 people.
Two new flaws, one zero-day, countless different patches, but everything's fine! Network-attached storage (NAS) specialist QNAP has disclosed and released fixes for two new vulnerabilities, one of them a zero-day discovered in early November.…
Spotting a plaintext password and using it in research without authorization deemed a crime A security researcher in Germany has been fined €3,000 ($3,300, £2,600) for finding and reporting an e-commerce database vulnerability that was exposing almost 700,000 customer records.…
ALSO: most Mainers are MOVEit victims, NY radiology firm fined for not updating kit, and some critical vulnerabilities Infosec in brief After spending almost a year cleaning up after various security snafus, the UK's Royal Mail has left an open redirect flaw on one of its sites, according to infosec types. We're told this vulnerability potentially exposes customers to malware infections and phishing attacks.…
ALSO: Verizon turns self in for reduced fine, malvertising comes to macOS, and this week's critical vulnerabilities In brief Watch out, cyber security researchers: Suspected North Korean-backed hackers are targeting members of the infosec community again, according to Google's Threat Analysis Group (TAG).…
Makers of vulnerable apps that are exploited in wide-scale supply chain attacks need to improve software security or face steep fines and settlement fees.
The (Other) Risk in Finance A few years ago, a Washington-based real estate developer received a document link from First American – a financial services company in the real estate industry – relating to a deal he was working on. Everything about the document was perfectly fine and normal
There's a fine line between a hacker and an attacker, but it pays to be proactive. Consider tests by ethical hackers, a red team, or pen testers, and then bolster your company's defenses against malicious attacks.
Nice. They went after vulnerable people and those over 60 who'd registered with Telephone Preference Service Britain's data watchdog has slapped financial penalties totaling £435,000 (c $529,000) on five companies it says collectively made almost half of million marketing calls to people registered with the Telephone Preference Service (TPS).…
Businesses targeted elderly, made 750,000 calls to people on Telephone Preference System Five British companies are collectively nursing a £405,000 fine from the UK's data watchdog for making a combined total of 750,000 unsolicited marketing calls targeting vulnerable elderly people.…