Aggregator

愈来愈多的投资者担心 AI 并不能带来他们所寻求的巨额利润。过去几周，驱动 AI 革命的几家西方公司的股价下跌了 15%。观察家们开始质疑大模型的局限性。大型科技公司已在 AI 上投入了数百亿美元，并承诺未来会投入更多。数据显示，只有 4.8% 的美国公司在产品和服务中使用 AI，相比下年初这一比例高达 5.4%。AI 会改变世界还是今天的 AI 狂热只是昙花一现，目前还难以判断。科技巨头们面临的一大挑战是证明 AI 能帮助实体经济。今天的 AI 热也许“来的容易去的也快”。

Financial services is among the most highly regulated of any industry – and justifiably so. As critical infrastructure, the sector provides services which, if interrupted or destabilized, could have a catastrophic impact on economic and national security. Increasingly, these regulations mandate not only cyber-resilience (eg the EU’s DORA) but also digital sovereignty – which includes the idea that wherever data is collected or stored, it should be subject to local laws.

The post How Financial Institutions Can Manage Mounting Digital Sovereignty Requirements appeared first on Security Boulevard.

Keep tabs on ChromeLoader and other browser-related threats in this month's edition of Intelligence Insights

A prompt injection flaw in the AI feature of the workforce collaboration suite makes malicious queries of data sources appear legitimate.

Cthulhu Stealer targets macOS, posing a major threat by disguising as legitimate software via DMG files

Mastering API error codes is essential for building robust and user-friendly applications. This comprehensive guide explores best practices for handling and documenting errors, ensuring clear communication between your API and its users.

The post Comprehensive Guide to API Error Code Management appeared first on Security Boulevard.

As many as 15,000 applications using Amazon Web Services' (AWS) Application Load Balancer (ALB) for authentication are potentially susceptible to a configuration-based issue that could expose them to sidestep access controls and compromise applications. That's according to findings from Israeli cybersecurity company Miggo, which dubbed the problem ALBeast. "This vulnerability allows attackers to

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding a newly discovered vulnerability in SolarWinds’ Web Help Desk solution, which has already been exploited in active attacks.   Tell me more about the SolarWinds RCE Vulnerability  SolarWinds’ Web Help Desk software is widely used by large enterprises, government agencies, healthcare providers and educational institutions to manage ... Read More

The post CISA Warns of Critical SolarWinds RCE Vulnerability Exploited in Attacks appeared first on Nuspire.

The post CISA Warns of Critical SolarWinds RCE Vulnerability Exploited in Attacks appeared first on Security Boulevard.

SolarWinds has released a hotfix for a critical Web Help Desk vulnerability that allows attackers to log into unpatched systems using hardcoded credentials. [...]

Authors/Presenters:Khaled Serag, Rohit Bhatia, Akram Faqih, and Muslum Ozgur Ozmen, Purdue University; Vireshwar Kumar, Indian Institute of Technology, Delhi; Z. Berkay Celik and Dongyan Xu, Purdue University

Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.

Permalink

The post USENIX Security ’23 – ZBCAN: A Zero-Byte CAN Defense System appeared first on Security Boulevard.

A vulnerability, which was classified as very critical, was found in Mobotix P3 D24M, P3 M24M, P3 Q24M, P3 T24M, P3 D14Di, P3 S14, P3 V14D, P3 i25, P3 c25, P3 p25, P3 v25, P3 D25M, P3 M25M, P3 Q25M, P3 T25M, P3 D15Di, P3 M15, P3 M15-Thermal, P3 S15, P3 V15D, Mx6 D16, Mx6 M16, Mx6 S16, Mx6 V16, Mx6 D26, Mx6 M26, Mx6 Q26, Mx6 S26, Mx6 T26, Mx6 c26, Mx6 i26, Mx6 p26 and Mx6 v26. Affected is an unknown function of the component tcpdump. The manipulation leads to improper neutralization of expression/command delimiters. This vulnerability is traded as CVE-2023-34873. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in File Manager Pro Plugin up to 8.3.7 on WordPress. This issue affects some unknown processing. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2024-7559. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in honojs hono up to 4.5.7. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-43787. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in rexml Gem up to 3.3.5 on Ruby. This affects the function REXML::Document.new of the component API Parser. The manipulation leads to xml entity expansion. This vulnerability is uniquely identified as CVE-2024-43398. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Byron gitoxide up to 0.37.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to improper neutralization of escape, meta, or control sequences. This vulnerability is handled as CVE-2024-43785. The attack may be launched remotely. There is no exploit available.

Кибератаки становятся умнее: сотрудники на передовой линии угроз.

A vulnerability was found in Swissphone DiCal-RED 4009. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component FTP Service. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-36443. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply restrictive firewalling.

QNAP has released the QTS 5.2 NAS operating system. A standout feature of this release is the debut of Security Center, which actively monitors file activities and thwarts ransomware threats. Additionally, system security receives a boost with the inclusion of support for TCG-Ruby self-encrypting drives (SED). Extensive optimizations have been implemented to streamline operations, configuration, and management processes, significantly elevating the overall user experience. “We greatly appreciate the invaluable feedback provided by our dedicated QTS … More →

The post QNAP releases QTS 5.2 to prevent data loss from ransomware threats appeared first on Help Net Security.

The US FAA has proposed new rules for aircraft to address cyber vulnerabilities caused by the increased interconnectivity of critical systems