All the latest blog posts from the most relevant cyber security companies in the business.

Generative artificial intelligence-enabled ransomware and nation-state hacks in the United Kingdom are “almost certainly” likely to surge after this year, the National Cyber Security Center warned. And British lawmakers called on the government to roll out measures to prevent AI scams. In a report evaluating the cyber risk posed by artificial intelligence, the NCSC evaluated…

Apple released security updates to address a zero-day vulnerability, tracked as CVE-2024-23222, that impacts iPhones, Macs, and Apple TVs. This is the first actively exploited zero-day vulnerability fixed by the company this year. The vulnerability is a type confusion issue that resides in the WebKit, an attacker can exploit this issue by tricking the victims…

Skateboarding shoe and outdoor apparel maker VF Corp. said data pertaining to 35.5 million customers appears to have been stolen in a recent data breach. The Colorado maker of apparel and footwear brands including Vans, Supreme, The North Face and Timberland told investors Thursday that its data breach estimate is based on a “preliminary analysis.”…

Researchers uncovered a critical vulnerability in graphic processing units of popular devices that could allow attackers to access data from large language models. The flaw, dubbed LeftoverLocals, affects the GPU frameworks of Apple, AMD and Qualcomm devices. Researchers at security firm Trail of Bits, who uncovered the flaw, said it stems from how the affected…

The Microsoft-owned platform received the vulnerability report on December 26, 2023, and took immediate action to address the issue and revoke potentially exposed credentials, which led to disruptions between December 27 and 29. The security defect, which allowed access to credentials within a production container, had no impact beyond the security researcher who identified and…

The British data regulator is set to analyze the privacy implications of processing scrapped data used for training generative artificial intelligence algorithms. The Information Commissioners’ Office on Monday announced that it’s soliciting comments from AI developers, legal experts, and other industry stakeholders on how privacy rights might be affected by developments in generative AI. Since…

A fast rising ransomware outfit is escalating its activities and has launched a new blog offering victims a variety of payoff options, according to a report released Thursday by Palo Alto Networks’ Unit 42. The new Medusa Blog is used by the group to post stolen data with the threat of exposing the data if…

Amazon in a Luxembourg court Tuesday contested a once-record privacy fine levied against the e-commerce giant for its advertising practices by the diminutive country’s data protection authority. At the hearing in Luxembourg’s administrative court, Amazon lawyer Thomas Berger accused the Luxembourg regulator of attacking the company based on unfound allegations, Bloomberg reported. Amazon’s European headquarters…

Ivanti researchers this week flagged two zero-day vulnerabilities discovered in its products — CVE-2023-46805 and CVE-2024-21887— that are already being actively exploited by threat actors. The vulnerabilities were found in Ivanti Connect Secure (ICS) and Ivanti Policy Secure gateways, and the vulnerabilities affect all supported versions (Version 9.x and 22.x). Volexity assisted in identifying and…

The vulnerabilities, tracked as CVE-2023-46805 and CVE-2024-21887, affect fully patched Internet-facing Ivanti Connect Secure VPN appliances (formerly known as Pulse Secure) and were caught during in-the-wild zero-day exploitation. Ivanti, a company that has struggled with major security problems, released pre-patch mitigations for the new vulnerabilities but said comprehensive fixes will be released on a staggered…