December 2023 - Page 2 of 4 - Cyber Security Minute

Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File

Issued by: Dark Reading

Researchers this week disclosed details on two security vulnerabilities in Microsoft Outlook that, when chained together, give attackers a way to execute arbitrary code on affected systems without any user interaction. Unusually, both of them can be triggered using a sound file. One of the flaws, tracked as CVE-2023-35384, is actually the second patch bypass…

Malware & Threats

BlackCat Ransomware ‘Unseizing’ a Dark Web Stunt

Issued by: DataBreach Today

The BlackCat ransomware-as-a-service operation’s putative “unseizing” of its leak site from the FBI is a stunt made possible by way the dark web handles address resolution, security researchers said Monday. The stunt was a “tactical error” that could alienate affiliates. U.S. authorities as part of an international law enforcement operation announced Monday morning that they…

Malware & Threats

A Suspected Cyberattack Paralyzes the Majority of Gas Stations Across Iran

Issued by: SecurityWeek

Nearly 70% of Iran’s gas stations went out of service on Monday following possible sabotage — a reference to cyberattacks, Iranian state TV reported. The report said a “software problem” caused the irregularity in the gas stations. It urged people not to rush to the stations that were still operational. Israeli media, including the Times…

Vulnerabilities

Will Putting a Dollar Value on Vulnerabilities Help Prioritize Them?

Issued by: Dark Reading

When videoconferencing service Zoom searched for a better way to assign a severity to vulnerabilities found during bug bounty programs, the company’s security team could not find a suitable approach: The popular Common Vulnerability Scoring System (CVSS) was too subjective, and the Exploit Prediction Scoring System (EPSS) was too focused on the probability of exploitation….

Application Security

Visa debuts AI-based token fraud prevention product

Issued by: CSO Online

Visa’s newest security piece applies AI to customer transactions, analyzing them for their probability of fraud. Payment network Visa will offer a new AI-powered system designed to combat token fraud, analyzing transactions for patterns that could indicate fraudulent activity and help protect financial institutions against losses. The new product, dubbed Visa Provisioning Intelligence, is now…

Malware & Threats

Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug

Issued by: Dark Reading

Concerns are high over a critical, recently disclosed remote code execution (RCE) vulnerability in Apache Struts 2 that attackers have been actively exploiting over the past few days. Apache Struts is a widely used open source framework for building Java applications. Developers can use it to build modular Web applications based on what is known…

Vulnerabilities

Apache Struts 2 vulnerability discovered, as proof of concept circulates

Issued by: CSO Online

A new vulnerability found in the Apache Struts 2 framework has received a critical severity rating from NIST’s national database. A new vulnerability in the Struts 2 web application framework can potentially enable a remote attacker to execute code on systems running apps based on earlier versions of the software. The vulnerability, announced this week…

Application Security

Dashlane ditching master passwords

Issued by: CSO Online

The password manager vendor totally embraces passwordless technology. A top-tier password manager maker is ditching the use of master passwords and offering its users a totally passwordless experience. Dashlane made the announcement Wednesday, saying the feature allows new users to create an account without having to set up and remember a master password. It added…

Application Security

New AI Safety Initiative Aims to Set Responsible Standards for Artificial Intelligence

Issued by: SecurityWeek

The new AI Safety Initiative has attracted participation from tech heavyweights Microsoft, Amazon and Google OpenAI and Anthropic and plans to work on tools, templates and data for deploying AI/LLM technology in a safe, ethical and compliant manner. “The AI Safety Initiative is actively developing practical safeguards for today’s generative AI, structured in a way…

News

Hacktivists Interrupt UAE TV Streams With a Message About Gaza

Issued by: Dark Reading

On Sunday night in the United Arab Emirates (UAE), hackers took over television streams around the country to broadcast an AI-delivered message about the war in Gaza. According to the Khaleej Times, the attack affected “European live channels” streaming on the HK1 RBOX, an Android-based set-top box. Emiratis watching the BBC, quiz shows, and more…