Researchers this week disclosed details on two security vulnerabilities in Microsoft Outlook that, when chained together, give attackers a way to execute arbitrary code on affected systems without any user interaction. Unusually, both of them can be triggered using a sound file. One of the flaws, tracked as CVE-2023-35384, is actually the second patch bypass…
The BlackCat ransomware-as-a-service operation’s putative “unseizing” of its leak site from the FBI is a stunt made possible by way the dark web handles address resolution, security researchers said Monday. The stunt was a “tactical error” that could alienate affiliates. U.S. authorities as part of an international law enforcement operation announced Monday morning that they…
Nearly 70% of Iran’s gas stations went out of service on Monday following possible sabotage — a reference to cyberattacks, Iranian state TV reported. The report said a “software problem” caused the irregularity in the gas stations. It urged people not to rush to the stations that were still operational. Israeli media, including the Times…
When videoconferencing service Zoom searched for a better way to assign a severity to vulnerabilities found during bug bounty programs, the company’s security team could not find a suitable approach: The popular Common Vulnerability Scoring System (CVSS) was too subjective, and the Exploit Prediction Scoring System (EPSS) was too focused on the probability of exploitation….
Visa’s newest security piece applies AI to customer transactions, analyzing them for their probability of fraud. Payment network Visa will offer a new AI-powered system designed to combat token fraud, analyzing transactions for patterns that could indicate fraudulent activity and help protect financial institutions against losses. The new product, dubbed Visa Provisioning Intelligence, is now…
Concerns are high over a critical, recently disclosed remote code execution (RCE) vulnerability in Apache Struts 2 that attackers have been actively exploiting over the past few days. Apache Struts is a widely used open source framework for building Java applications. Developers can use it to build modular Web applications based on what is known…
A new vulnerability found in the Apache Struts 2 framework has received a critical severity rating from NIST’s national database. A new vulnerability in the Struts 2 web application framework can potentially enable a remote attacker to execute code on systems running apps based on earlier versions of the software. The vulnerability, announced this week…
The password manager vendor totally embraces passwordless technology. A top-tier password manager maker is ditching the use of master passwords and offering its users a totally passwordless experience. Dashlane made the announcement Wednesday, saying the feature allows new users to create an account without having to set up and remember a master password. It added…
The new AI Safety Initiative has attracted participation from tech heavyweights Microsoft, Amazon and Google OpenAI and Anthropic and plans to work on tools, templates and data for deploying AI/LLM technology in a safe, ethical and compliant manner. “The AI Safety Initiative is actively developing practical safeguards for today’s generative AI, structured in a way…
On Sunday night in the United Arab Emirates (UAE), hackers took over television streams around the country to broadcast an AI-delivered message about the war in Gaza. According to the Khaleej Times, the attack affected “European live channels” streaming on the HK1 RBOX, an Android-based set-top box. Emiratis watching the BBC, quiz shows, and more…
Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File
