Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Fortify AI Training Datasets From Malicious Poisoning

Just like you should check the quality of the ingredients before you make a meal, it's critical to ensure the integrity of AI training data.

DARKReading
Open in Source
#google#microsoft#intel#auth
Russian APT28 Exploiting Windows Vulnerability with GooseEgg Tool

By Waqas Update Windows Now or Get Hacked: Microsoft Warns of Actively Exploited Vulnerability! This is a post from HackRead.com Read the original post: Russian APT28 Exploiting Windows Vulnerability with GooseEgg Tool

Popular Keyboard Apps Leak User Data: Billion Potentially Exposed

By Waqas Popular keyboard apps leak user data! Citizen Lab reports 8 out of 9 Android IMEs expose keystrokes. Change yours & protect passwords! This is a post from HackRead.com Read the original post: Popular Keyboard Apps Leak User Data: Billion Potentially Exposed

FortiNet FortiClient EMS 7.2.2 / 7.0.10 SQL Injection / Remote Code Execution

A remote SQL injection vulnerability exists in FortiNet FortiClient EMS (Endpoint Management Server) versions 7.2.0 through 7.2.2 and 7.0.1 through 7.0.10. FortiClient EMS serves as an endpoint management solution tailored for enterprises, offering a centralized platform for overseeing enrolled endpoints. The SQL injection vulnerability is due to user controller strings which can be sent directly into database queries. FcmDaemon.exe is the main service responsible for communicating with enrolled clients. By default it listens on port 8013 and communicates with FCTDas.exe which is responsible for translating requests and sending them to the database. In the message header of a specific request sent between the two services, the FCTUID parameter is vulnerable to SQL injection. It can be used to enable the xp_cmdshell which can then be used to obtain unauthenticated remote code execution in the context of NT AUTHORITY\SYSTEM. Upgrading to either 7.2.3, 7.0.11 or above is recommended by Fo...

Lessons for CISOs From OWASP's LLM Top 10

It's time to start regulating LLMs to ensure they're accurately trained and ready to handle business deals that could affect the bottom line.

US Gov Slaps Visa Restrictions on Spyware Honchos

The State Department can now deny entrance to the US for individuals accused of profiting from spyware-related human rights abuses, and their immediate family members.

GitHub Comments Abused to Spread Malware in Fake Microsoft Repositories

By Deeba Ahmed Hackers are exploiting GitHub comments to spread malware disguised as Microsoft software downloads tricking users into downloading malware. This is a post from HackRead.com Read the original post: GitHub Comments Abused to Spread Malware in Fake Microsoft Repositories

Russia's Fancy Bear Pummels Windows Print Spooler Bug

The infamous Russian threat actor has created a custom tool called GooseEgg to exploit CVE-2022-38028 in cyber-espionage attacks against targets in Ukraine, Western Europe, and North America.

Teetering on the Edge: VPNs, Firewalls' Nonexistent Telemetry Lures APTs

State-sponsored groups are targeting critical vulnerabilities in virtual private network (VPN) gateways, firewall appliances, and other edge devices to make life difficult for incident responders, who rarely have visibility into the devices.