'

Google Fixes Another Chrome Zero Day

Google Fixes Another Chrome Zero Day

Google has released an update for Chrome that fixes a serious vulnerability that has been exploited in the wild. This is the eighth zero day that Google has patched in Chrome in the last five months. The latest flaw (CVE-2024-5274) is a type confusion bug in the V8 engine in Chrome, and one of Google’s … Read more

Categories duo

Privacy, Security Concerns Mount Over Microsoft Recall Feature

Privacy, Security Concerns Mount Over Microsoft Recall Feature

Privacy experts are criticizing a new Microsoft feature on its recently announced Copilot Plus PCs that takes continuous screenshots of users’ activity, which could include passwords or financial account numbers, and stores those screenshots locally on their devices. The purpose of the feature, called Recall, is to serve as a search tool to help consumers … Read more

Categories duo

Kimsuky APT Using Newly Discovered Gomir Linux Backdoor

Kimsuky APT Using Newly Discovered Gomir Linux Backdoor

The Kimsuky APT group, which is closely linked to the North Korean military intelligence organization, has been deploying a newly discovered Linux backdoor in attacks against organizations in South Korea. The backdoor is known as Gomir and is closely related to another piece of malware called GoBear, which is built for Windows targets. Researchers from … Read more

Categories duo

AI Security ‘Is a Software Problem’

AI Security ‘Is a Software Problem’

SAN FRANCISCO–Trying to figure out where the field of AI is going and how attackers and defenders will be using it is no one’s idea of a good time. AI usage is still in its very early stages, but some of the people working on and thinking about the safety and security of AI systems … Read more

Categories duo

Rather Than Measuring Risk, Fix an Interesting Problem

Rather Than Measuring Risk, Fix an Interesting Problem

SAN FRANCISCO–Measuring risk is one of the more difficult tasks that enterprise GRC teams face, as risk itself is a notoriously difficult thing to actually define and pin down. But perhaps fixing the fixable problems that contribute to risk, rather than measuring risk in absolute terms, should be the goal. The concept of risk is … Read more

Categories duo

F5 Fixes Critical RCE Bugs in BIG-IP Next Central Manager

F5 Fixes Critical RCE Bugs in BIG-IP Next Central Manager

F5 has released updates to fix two vulnerabilities that can allow an unauthenticated remote attacker to gain complete control of the company’s BIG-IP Next Central Manager console. The attacker could then take advantage of three separate bugs to add invisible accounts on other BIG-IP devices controlled by the Next Central Manager. The flaws affect versions … Read more

Categories duo

How CISA is Preparing For the Influx of CIRCIA Reports

How CISA is Preparing For the Influx of CIRCIA Reports

SAN FRANCISCO – The streamlining of incident reporting is a large part of the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), and at RSA Conference this week, a CISA official outlined how it is laying the groundwork for the backend processes related to collecting and analyzing the information in these reports. In the weeks … Read more

Categories duo

To Fix IoT Security, ‘We Need to Aim at the Security Have-Nots’

To Fix IoT Security, ‘We Need to Aim at the Security Have-Nots’

SAN FRANCISCO–On the long and ever-growing list of security priorities for enterprises and SMBs, IoT devices tend to fall somewhere near the bottom, something that attackers of all stripes have gladly taken advantage of for many years. But government and private sector experts alike are working to change that through regulatory efforts, advocacy, and technical … Read more

Categories duo

Krebs: ‘Business Risk and Geopolitical Risk Are Intertwined’

Krebs: ‘Business Risk and Geopolitical Risk Are Intertwined’

SAN FRANCISCO – Businesses navigating cybersecurity risks are dealing with the dual challenge of an exploding threat actor landscape, and technology that’s inherently not secure and that by design must be deployed in an extremely complex way. The overarching concern on the backend of these issues is the increasingly intertwined nature of business risk and … Read more

Categories duo