DDoS attack leads to significant disruption in ChatGPT services
OpenAI confirmed earlier today that the outage suffered by ChatGPT and its API on Wednesday was caused by a distributed denial-of-service (DDoS) attack. “We are dealing with periodic outages due to an abnormal traffic pattern reflective of a DDoS attack. We are continuing work to mitigate this.” reads the update posted by OpenAI on its…
Cisco fixes serious flaws in emergency responder and other products
Cisco patched authentication, privilege escalation, and denial-of-service vulnerabilities this week in several of its products, including one that’s used for identifying the location of 9-1-1 emergency callers. The flaw in Cisco Emergency Responder is caused by the presence of default static credentials for the root account that were used during development but were never removed….
Canadian Flair Airlines left user data leaking for months
The leak consisted of publicly accessible environment files hosted on the flyflair.com website. Flyflair.com belongs to the Canadian ultra-low-cost carrier Flair Airlines, founded in 2005. According to SimilarWeb, the website attracts 3.2 million monthly visitors. Environment files are commonly used in software development to manage environment-specific settings or sensitive information such as API keys and…
ASPM Is Good, But It’s Not a Cure-All for App Security
Application security posture management (ASPM) is a method of managing and improving the security of software applications. It encompasses the processes, tools, and practices designed to identify, classify, and mitigate security vulnerabilities across an application’s life cycle. It includes scanning for vulnerabilities, tracking identified vulnerabilities, managing patch processes, and implementing continuous monitoring and improvement procedures….
Cisco Flags Critical SD-WAN Vulnerability
A critical security vulnerability in Cisco’s SD-WAN vManage software could allow a remote, unauthenticated attacker to gain read and limited write permissions, and access data. The bug carries a score of 9.1 out of 10 on the CVSS vulnerability-severity scale, and it exists in the vManage API, which is used to monitor and configure Cisco…
ChatGPT creates mutating malware that evades detection by EDR
A global sensation since its initial release at the end of last year, ChatGPT’s popularity among consumers and IT professionals alike has stirred up cybersecurity nightmares about how it can be used to exploit system vulnerabilities. A key problem, cybersecurity experts have demonstrated, is the ability of ChatGPT and other large language models (LLMs) to…
Safe Security Raises $50M to Bring ML to Risk Quantification
A cyber risk quantification startup backed by ex-Cisco CEO John Chambers has raised $50 million to apply machine-learning technology and build more API adapters. The Silicon Valley-based company said the Series B funding will allow Safe Security to capitalize on generative artificial intelligence to help nontechnical leaders better understand their organizations security postures, said co-founder…
Hacker Cracks Toyota Customer Search Tool
A production API in Toyota’s C360 customer relationship management (CRM) tool loaded with the personal information of an unknown number of the carmaker’s customers in Mexico was found to expose reams of sensitive data. A disclosure from threat hunter Eaton Zveare outlines how it was possible to access Toyota customers’ names, addresses, phone numbers, emails,…
Scores of Redis Servers Infested by Sophisticated Custom-Built Malware
An unknown threat actor has been quietly mining Monero cryptocurrency on open source Redis servers around the world for years, using a custom-made malware variant that is virtually undetectable by agentless and conventional antivirus tools. Since September 2021, the threat actor has compromised at least 1,200 Redis servers — that thousands of mostly smaller organizations…
Nvidia targets insider attacks with digital fingerprinting technology
Nvidia today announced that a digital lab playground for its latest security offering is now available, letting users try out an AI-powered system designed to monitor individual user accounts for potentially hazardous behavior. The idea, according to the company, is to leverage the large amounts of data that many organizations compile anyway about login and…
