lemmydev2

On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro’s Zero Day Initiative (ZDI), has found being leveraged by attackers in the wild. “Threat actors are sending exploits in a zipped file to evade EDR/NDR detection and then using this bug (and others) to bypass MotW,” notes Dustin Childs, head of threat … More → The post Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988) appeared first on Help Net Security.

Threat actors can exploit a security vulnerability in the Rust standard library to target Windows systems in command injection attacks. [...]

Four new vulnerabilities affecting thousands of LG TVs have been found by researchers who said the issues could allow hackers to add themselves as users and take other actions.  Researchers from cybersecurity firm Bitdefender said the bugs — three of which carry a 9.1 out 10 severity rating — center on LG WebOS, the

Paris Saint-Germain (PSG), one of France’s premier football clubs, has been the victim of a cyber attack. The club’s ticketing system was explicitly targeted, raising concerns over data security and the safety of fan information just as the Champions League quarter-finals loom on the horizon. On April 3, the Information Systems Department of Paris Saint-Germain […] The post French Football Club Ticketing System Targeted in Cyber Attack appeared first on Cyber Security News.

We describe the characteristics of malware-initiated scanning attacks. These attacks differ from direct scanning and are increasing according to our data. The post It Was Not Me! Malware-Initiated Vulnerability Scanning Is on the Rise appeared first on Unit 42.

While typing away on our DIN, PS/2, USB or Bluetooth keyboards one of the questions which we rarely concern ourselves with is that of how the keyboard registers which keys …read more

    Photo by Amelia Holoway Krales / The Verge

The Humane AI pin promises to give users a way to use generative AI in the physical world. You can clip the pin to your shirt, talk to it, and project answers from chatbots onto any surface, most often your palm. We know a little bit about what powers the tiny square pin, and thanks to a new report, we have a much better view of what goes on under the hood. The Federal Communications Commission (FCC) included a photographic teardown of the AI pin in a new report. The photos show the clearest look so far into what comprises the Humane AI pin, as well as a close-up of the Snapdragon processor it uses. The FCC must certify devices that use wireless communications to ensure they follow regulations before they are released to the public....

Continue reading…

SaaS slip up leads to scumbags seeking sinecure Home Depot has confirmed that a third-party company accidentally exposed some of its employees' personal details after a criminal copy-pasted the data online.…

In a recent US Chamber of Commerce poll, small businesses identified cybersecurity as their biggest concern.

A threat researcher has disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) device models. [...]

Resaerchers found that 90% of websites were in violation of one or more privacy regulations concerning cookie consent.

Disruptive technologies like AI are heightening the longstanding tension between organizational security and employee productivity, according to 1Password. Employees are under increasing pressure to perform; to boost efficiency they’re embracing generative AI, hybrid and remote work, and unapproved applications and devices. IT and security teams are having difficulty keeping up, even as their organizations face new urgency in a landscape constantly remade by mounting cyberthreats and disruptive technologies. “Since the pandemic, employees have gained unprecedented … More → The post 22% of employees admit to breaching company rules with GenAI appeared first on Help Net Security.