Security Bulletin

Respondents to CyberRisk Alliance survey had favorable view of AI in cybersecurity.

Just like Russia's Doppelgänger effort, the goal is to spread misinformation about Ukraine and Western efforts to help Ukraine in its war with Russia.

Security pros warn retailers to monitor APIs for irregularities to guard against sudden price fluctuations or inventory control issues.

A stealthy JavaScript injection attack steals data from the checkout page of sites, either by creating a fake credit card form or extracting data directly from payment fields.

While failed login attempts are logged during the authentication phase, successful logins are only logged if the process advances to the authorization phase.

The lab, which was described as part of the "new AI arms race," will receive initial funding of around $10.3 million from the government, with additional contributions expected from private industry partners through a catalytic model.

Morgan Adamski, executive director of U.S. Cyber Command, revealed that these operations aim to secure strategic advantages by compromising systems essential for national functionality, such as energy, water, and IT infrastructure.

Between August and October, the detection of fraudulent e-commerce sites rose by 110%, with tens of thousands of these hosted on SHOPYY, a Chinese e-commerce platform exploited by cybercriminals.

The program seeks to incentivize high-impact security research while strengthening collaborations with external researchers.

Attackers could exploit the Data Virtualization Manager for z/OS flaw, tracked as CVE-2024-52899, to facilitate malicious JDBC URL parameter injections and run arbitrary code, while the Security SOAR prototype pollution issue, tracked as CVE-2024...