784 matches found
AI in Cybersecurity: What's Effective and What's Not – Insights from 200 Experts
Curious about the buzz around AI in cybersecurity? Wonder if it's just a shiny new toy in the tech world or a serious game changer? Let's unpack this together in a not-to-be-missed webinar that goes beyond the hype to explore the real impact of AI on cybersecurity. Join Ravid Circus , a seasoned...
HackGATE: Setting New Standards for Visibility and Control in Penetration Testing Projects
Imagine receiving a penetration test report that leaves you with more questions than answers. Questions like, "Were all functionalities of the web app tested?" or " Were there any security issues that could have been identified during testing?" often go unresolved, raising concerns about the...
Dutch DPA Fines Netflix €4.75 Million for GDPR Violations Over Data Transparency
The Dutch Data Protection Authority DPA on Wednesday fined video on-demand streaming service Netflix €4.75 million $4.93 million for not giving consumers enough information about how it used their data between 2018 and 2020. An investigation launched by the DPA in 2019 found that the tech giant d...
CVE-2024-55655 sigstore-python has insufficient validation of integration timestamp during verification
sigstore-python is a Python tool for generating and verifying Sigstore signatures. Versions of sigstore-python newer than 2.0.0 but prior to 3.6.0 perform insufficient validation of the "integration time" present in "v2" and "v3" bundles during the verification flow: the "integration time" is...
Repeat offenders drive bulk of tech support scams via Google Ads
Of all the different kinds of malicious search ads we track, those related to customer service are by far the most common. Brands such as PayPal, eBay, Apple or Netflix are among the most coveted ones as they tend to drive a lot of online searches. Tech support scammers are leveraging Google ads ...
GLASSBRIDGE: Google Blocks Thousands of Pro-China Fake News Sites
Google reveals GLASSBRIDGE: A network of thousands of fake news sites pushing pro-China narratives globally. These sites, run by PR firms, spread disinformation and lack transparency...
Toward greater transparency: Publishing machine-readable CSAF files
Welcome to the third installment in our series on transparency at the Microsoft Security Response Center MSRC. In this ongoing discussion, we talk about our commitment to providing comprehensive vulnerability information to our customers. At MSRC, our mission is to protect our customers,...
FBI: Spike in Hacked Police Emails, Fake Subpoenas
The Federal Bureau of Investigation FBI is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to...
Irish Watchdog Imposes Record €310 Million Fine on LinkedIn for GDPR Violations
The Irish data protection watchdog on Thursday fined LinkedIn €310 million $335 million for violating the privacy of its users by conducting behavioral analyses of personal data for targeted advertising. "The inquiry examined LinkedIn's processing of personal data for the purposes of behavioral...
Unauthorized data access vulnerability in macOS is detailed by Microsoft
The Microsoft Threat Intelligence team disclosed details about a macOS vulnerability, dubbed "HM Surf," that could allow an attacker to gain access to the user’s data in Safari. The data the attacker could access without users’ consent includes browsed pages, along with the device’s camera,...
Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser
Microsoft has disclosed details about a now-patched security flaw in Apple's Transparency, Consent, and Control TCC framework in macOS that has likely come under exploitation to get around a user's privacy preferences and access data. The shortcoming, codenamed HM Surf by the tech giant, is track...
Guidance: Framing Software Component Transparency: Establishing a Common Software Bill of Materials (SBOM)
Today, CISA published the Framing Software Component Transparency, created by the Software Bill of Materials SBOM Tooling & Implementation Working Group, one of the five SBOM community-driven workstreams facilitated by CISA. CISA’s community-driven working groups publish documents and reports to...
Telegram Agrees to Share User Data With Authorities for Criminal Investigations
In a major policy reversal, the popular messaging app Telegram has announced it will give users' IP addresses and phone numbers to authorities in response to valid legal requests in an attempt to rein in criminal activity on the platform. "We've made it clear that the IP addresses and phone numbe...
Snapchat wants to put your AI-generated face in its ads
Snapchat is reserving the right to use your selfie images to power Cameos, Generative AI, and other experiences on Snapchat, including ads, according to our friends at 404 Media, The Snapchat Support page about its My Selfie feature says: “You’ll take selfies with your Snap camera or select image...
Meta to Train AI Models Using Public U.K. Facebook and Instagram Posts
Meta has announced that it will begin training its artificial intelligence AI systems using public content shared by adult users across Facebook and Instagram in the U.K. in the coming months. "This means that our generative AI models will reflect British culture, history, and idiom, and that U.K...
SUSE CVE-2024-45395
sigstore-go, a Go library for Sigstore signing and verification, is susceptible to a denial of service attack in versions prior to 0.6.1 when a verifier is provided a maliciously crafted Sigstore Bundle containing large amounts of verifiable data, in the form of signed transparency log entries, R...
New Flaws in Microsoft macOS Apps Could Allow Hackers to Gain Unrestricted Access
Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating system's permissions-based model, which revolves around the Transparency, Consent, and Control TCC...
SUSE SLES15: libQt53DAnimation-devel / libQt53DAnimation5 / libQt53DCore-devel / etc (SUSE-SU-2024:2976-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2976-1 advisory. - CVE-2024-40724: Fixed heap-based buffer overflow in the PLY importer class in assimp bsc1228204 Other fixes: - Check for a nullptr returne...
SUSE-SU-2024:2984-1 Security update for libqt5-qt3d
This update for libqt5-qt3d fixes the following issues: - CVE-2024-40724: Fixed a heap-based buffer overflow in the PLY importer class bsc1228204 - Checked for a nullptr returned from the shader manager - Fill image with transparency by default to avoid having junk if it's not filled properly...
SUSE-SU-2024:2975-1 Security update for libqt5-qt3d
This update for libqt5-qt3d fixes the following issues: - CVE-2024-40724: Fixed heap-based buffer overflow in the PLY importer class in assimp bsc1228204 Other fixes: - Check for a nullptr returned from the shader manager - Fill image with transparency by default to avoid having junk if it's not...