Critical flaw in AI testing framework MLflow can lead to server and data compromise
The now-patched vulnerability in the popular MLflow platform could expose AI and machine-learning models stored in the cloud and allow for lateral movement.
Stories by Lucian Constantin
55 zero-day flaws exploited last year show the importance of security risk management
Cybercriminals are now exploiting zero-day vulnerabilities for higher profits, which might require a reassessment of your risk.
Two Patch Tuesday flaws you should fix right now
Vulnerabilities affecting both Outlook for Windows and Microsoft SmartScreen were patched recently — both could have wide-ranging impact.
DNS data shows one in 10 organisations have malware traffic on their networks
Akamai report highlights how widespread malware threats remain, noting the dangers of threats specific to DNS infrastructure.
Stolen credentials increasingly empower the cybercrime underground
New research shows that criminal gangs are focusing more on acquiring stolen credentials to bypass security measures.
Attack campaign uses PHP-based infostealer to target Facebook business accounts
The threat actor uses the malware to target critical government infrastructure employees, manufacturing companies, and others.
Booking.com account takeover flaw shows possible pitfalls in OAuth implementations
Avoid these simple mistakes when setting up OAuth for third-party authentication to block unauthorised account access.
Malicious package flood on PyPI might be sign of new attacks to come
The PyPI package flood is just the latest in a string of attacks on public repositories with the intent to plant malicious code.
Microsoft tells Exchange admins to revert previously recommended antivirus exclusions
The antivirus exclusion might cause Exchange Server failures or prevent the detection of backdoors planted by attackers.
5 top threats from 2022 most likely to strike in 2023
Study and prepare for these five threats and you will be well on your way to protecting your network, assets, and employees.
PLC vulnerabilities can enable deep lateral movement inside OT networks
Researchers demonstrate how attackers can target PLCs to bypass authentication and perform remote code execution on industrial networks.
Flaws in industrial wireless IoT solutions can give attackers deep access into OT networks
Greater use of industrial cellular gateways and routers expose IIoT devices to attackers and increase the attack surface of OT networks.
Threat group targets over 1,000 companies with screenshotting and infostealing malware
Researchers warn that a new threat actor has been targeting over a thousand organisations since October with the goal of deploying credential-stealing malware.
Attackers can use ChatGPT to significantly enhance phishing and BEC scams
Researchers demonstrate how attackers can use the GPT-3 natural language model to launch more effective, harder-to-detect phishing and business email compromise campaigns.
Atlassian patches critical vulnerability in Jira software
Atlassian has issued fixed versions of the software and described a workaround to the flaw that could make access tokens available to attackers.
Brand Post
Five Reasons Why the Channel Is Turning To AI-Powered Observability
By Bharat Bedi, SolarWinds, Head of Sales, APJ
Sponsored By
