Friend or Foe? AI’s Complicated Role in Cybersecurity
The mad dash to the cloud a few years back left many organizations scrambling to understand the true implications of this technological shift. Fueled by promises of scalability and cost savings, many companies jumped on board without fully comprehending key details. For example, many were asking how secure their data was in the cloud, who…
Cisco Patches an Exploited Zero-Day Vulnerability
Cisco on Monday patched a zero-day vulnerability discovered months ago that allowed a China-nexus hacker to execute arbitrary commands as root on the compromised devices. The threat group, dubbed Velvet Ant, remotely connected to Cisco’s NX-OS software used in switches and executed malicious code. The networking giant in an advisory attributes the discovery to cybersecurity…
Google Patches 25 Android Flaws, Including Critical Privilege Escalation Bug
The critical bug, tracked as CVE-2024-31320, impacts Android versions 12 and 12L and allows an attacker to escalate privileges on a vulnerable device. “The most severe of these issues is a critical security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed,” Google explains in…
AI agents can find and exploit known vulnerabilities, study shows
Researchers at the University of Illinois gave a team of autonomous AI agents a CVE description of a vulnerability and the agents were able to autonomously find and exploit the vulnerability in a test environment in April. Two months later, the same researchers showed that those teams can now find and exploit previously unknown vulnerabilities….
Juniper Rushes Out Emergency Patch for Critical Smart Router Flaw
Juniper Networks has released an emergency patch for a critical authentication bypass vulnerability that has been assigned the highest possible CVSS score of 10. The vulnerability, tracked under CVE-2024-2973, affects the Juniper Networks Session Smart Router, Session Smart Conductor, and WAN Assurance Router, and could allow a threat actor to take full control of an…
Groups Ask HHS for Guidance on Massive Change Breach Reports
Two weeks ago, Change Healthcare began notifying thousands of medical practices about a massive data breach affecting millions of patients. The healthcare software firm says it will handle breach notifications, but industry groups want to guarantee the government will go along with that plan. If not, the groups fear that small medical practices, hospitals and…
