18 matches found
Security of OpenClaw Agents: Fundamentals, Attacks, and Countermeasures
The rapid evolution of large language model LLM-driven autonomous agents has given rise to OpenClaw, a new class of open-source agent frameworks that operate as continuously running, skill-augmented systems with persistent memory, multi-channel interaction, and high degrees of autonomy. Such...
Securing the gaming culture of cultures
The Deputy CISO blog series is where Microsoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...
Evolving Enterprise Defense to Secure the Modern AI Supply Chain
The world of enterprise technology is undergoing a dramatic shift. Gen-AI adoption is accelerating at an unprecedented pace, and SaaS vendors are embedding powerful LLMs directly into their platforms. Organizations are embracing AI-powered applications across every function, from marketing and...
Allianz Life Data Breach Hits 1.4 Million Customers
Allianz Life Insurance confirms a July 2025 data breach impacting 1.4 million customers, financial pros and employees. Learn how social engineering exploited a third-party CRM, the hallmarks of Scattered Spider tactics, and the broader risks of supply chain vulnerabilities...
Architectural Backdoors in Deep Learning: a Survey of Vulnerabilities, Detection, and Defense
Architectural backdoors pose an under-examined but critical threat to deep neural networks, embedding malicious logic directly into a model's computational graph. Unlike traditional data poisoning or parameter manipulation, architectural backdoors evade standard mitigation techniques and persist...
ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains
In ZDI-23-1527 and ZDI-23-1528 we uncover two possible scenarios where attackers could have compromised the Microsoft PC Manager supply chain...
CVE-2019-16760
creationtimestamp| type| source ---|---|--- 2024-10-21 16:00:45+00:00| seen| https://github.blog/security/supply-chain-security/securing-the-open-source-supply-chain-the-essential-role-of-cves/...
Israel’s Pager Attacks and Supply Chain Vulnerabilities
Israel's brazen attacks on Hezbollah last week, in which hundreds of pagers and two-way radios exploded and killed at least 37 people, graphically illustrated a threat that cybersecurity experts have been warning about for years: Our international supply chains for computerized equipment leave us...
Latvian TV Channels Hacked to Broadcast Russian Victory Day Parade
By Deeba Ahmed Confused Latvians woke up to the Russian Victory Day parade on their TVs! Hackers targeted a content delivery network to manipulate broadcasts exposing media supply chain vulnerabilities. This is a post from HackRead.com Read the original post: Latvian TV Channels Hacked to Broadca...
Vulnerabilities fixed in Oracle Supply Chain products
Oracle has fixed vulnerabilities in several Supply Chain products. A malicious party could exploit the vulnerabilities to execute attacks that could result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Remote code execution User rights...
Critical Flaws in AMI MegaRAC BMC Software Expose Servers to Remote Attacks
Two more security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller BMC software that, if successfully exploited, could allow threat actors to remotely commandeer vulnerable servers and deploy malware. "These new vulnerabilities range in severity from High to Critical,...
Additional Supply Chain Vulnerabilities Uncovered in AMI MegaRAC BMC Software
Two more supply chain security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller BMC software, nearly two months after three security vulnerabilities were brought to light in the same product. Firmware security firm Eclypsium said the two shortcomings were held back until n...
Realtek Vulnerability Under Attack: Over 134 Million Attempts to Hack IoT Devices
Researchers are warning about a spike in exploitation attempts weaponizing a now-patched critical remote code execution flaw in Realtek Jungle SDK since the start of August 2022. According to Palo Alto Networks Unit 42, the ongoing campaign is said to have recorded 134 million exploit attempts as...
Discover the anatomy of an external cyberattack surface with new RiskIQ report
The internet is now part of the network. That might sound like hyperbole, but the massive shift to hybrid and remote work and a multicloud environment means security teams must now defend their entire online ecosystem. Recent ransomware attacks against internet-facing systems have served as a...
Vulnerabilities fixed in Oracle Supply Chain
Oracle has fixed vulnerabilities in the following products: Demantra Demand Management Agile Engineering Data Management Agile PLM MCAD Connector Agile PLM Framework Agile Product Lifecycle Management Integration Pack for Oracle E-Business Suite Rapid Planning Product Lifecycle Analytics The...
The Future of Security: Lessons from Black Hat USA
For the last 23 years, Black Hat has been the world’s leading information security event where attendees are able to experience the latest security research, development, and trends. While 2020 marks the first year that Black Hat will be virtual, it does not limit the level of engaging content th...
DART: the Microsoft cybersecurity team we hope you never meet
If you spent 270 days away from home, not on vacation, you’d want it to be for a good reason. When boarding a plane, sometimes having been pulled out of bed to leave family for weeks on end, I know it’s because one of our customers is in need. It means there is a security compromise and they may ...
Safeguarding the Nation’s Critical Infrastructure
In May of 1998, President Clinton issued Presidential Decision Directive 63: Protecting America’s Critical Infrastructures. This Directive proposed steps to enact the recommendations of the President’s Commission on Critical Infrastructure Protection, published in October 1997. Twenty years on, h...