Security Bulletin
30 Sep 2024
Biztonsági szemle
Elaborate Deepfake Operation Takes a Meeting With US Senator
The threat actors managed to gain access to Sen. Ben Cardin (D-Md.) by posing as a Ukrainian official, before quickly being outed.
30 Sep 2024
Biztonsági szemle
Treat Your Enterprise Data Like a Digital Nomad
By combining agility with compliance, and security with accessibility, businesses will treat their data as a well-prepared traveler, ready for any adventure.
30 Sep 2024
Biztonsági szemle
California AI safety legislation vetoed
While the legislation has been opposed by Google and OpenAI due to additional burdens, such disapproval from Newsom has been regarded by bill sponsor Sen. Scott Wiener to be a step back in AI regulations.
30 Sep 2024
Biztonsági szemle
Nearly $70K stolen by WalletConnect-spoofing crypto drainer
Check Point Research researchers discovered that installation of the fake WalletConnect app triggers a wallet connection request and the stealthy activation of the MS Drainer toolkit, which then conducts token and NFT scanning and exfiltration...
30 Sep 2024
Biztonsági szemle
About $102M fine imposed against Meta over plaintext Facebook password storage
Passwords should never be kept in plaintext due to potential exploitation, according to Irish DPC Deputy Commissioner Graham Doyle. Meanwhile, Meta noted the prompt remediation of the security issue.
30 Sep 2024
Biztonsági szemle
Critical NVIDIA Container Toolkit bug has widespread impact
All NVIDIA Container Toolkit versions up to 1.16.1 and GPU Operator instances up to version 24.6.1 are impacted by the flaw, which stems from the absence of secure containerized GPU isolation from the host that exposes sensitive host file system and...
30 Sep 2024
Biztonsági szemle
DCRat malware spread with HTML smuggling
Attacks involved the distribution of malicious Russian-language HTML files impersonating TrueConf and VK Messenger apps, which when opened stealthily downloads a password-protected ZIP file with a nested RarSFX archive that launches DCRat.
30 Sep 2024
Biztonsági szemle
US moves against Iranians allegedly behind Trump campaign breach
Bounties of up to $10 million have also been introduced by the U.S. State Department for any information about the hackers — who were noted by a joint federal statement to have shared stolen Trump campaign materials with individuals previously linked...
30 Sep 2024
Biztonsági szemle
Active Directory attack guidance issued by Five Eyes
With Microsoft AD being mostly targeted via Kerberoasting, AS-REP roasting, and password spraying attacks, as well as Microsoft Entra Connect, GPP password, MachineAccountQuota, and certificate service compromise, organizations should leverage...
30 Sep 2024
Biztonsági szemle
Shadow AI, Data Exposure Plague Workplace Chatbot Use
Productivity has a downside: A shocking number of employees share sensitive or proprietary data with the generational AI platforms they use, without letting their bosses know.
30 Sep 2024
Biztonsági szemle
Why citizens and campaigns need to improve AI literacy in this very political year
Disinformation spread by deepfakes are rampant in this election cycle – and that’s why the industry needs to help foster AI literacy.
28 Sep 2024
Biztonsági szemle
Gemini for Workspace susceptible to indirect prompt injection, researchers say
Gmail emails, Google Slides and Google Drive files could be used to manipulate the LLM.