Biztonsági szemle
2025. február 10.
Biztonsági szemle
DOGE to be sued by more than a dozen of states over payment system access
Trump "does not have the power to give away our private information to anyone he chooses, and he cannot cut federal payments approved by Congress," said the coalition of 14 states attorneys, which includes attorneys general from California, New York...
2025. február 10.
Biztonsági szemle
Over 882K impacted by Hospital Sisters Health System breach
Attackers who breached HSHS' systems from Aug. 16 to Aug. 27, 2023, were able to exfiltrate varying types of data from individuals, including a combination of names, birthdates, addresses, Social Security numbers, driver's license numbers, medical...
2025. február 10.
Biztonsági szemle
HPE employees alerted of Midnight Blizzard hack
Infiltration of internal HPE email boxes within the Office 365 environment through a compromised account in May 2023 enabled Midnight Blizzard hackers to access mailbox data from its workers in the cybersecurity, business, and go-to-market teams...
2025. február 10.
Biztonsági szemle
Hugging Face compromised with malicious AI models
Both malicious packages resembling proof-of-concept models were not identified by Hugging Face's Picklescan security tool due to differences in compression format with PyTorch, as well as a security issue that prevented the proper scanning of Pickle...
2025. február 10.
Biztonsági szemle
Analyst Burnout Is an Advanced Persistent Threat
For too long, we've treated our analysts as mere cogs in a machine, expecting them to conform to the limitations of our tools and processes. It's time to revolutionize security operations.
2025. február 7.
Biztonsági szemle
Ransomware attackers turn to workers for data breach access
Ransomware operators are pitching victims to infect additional machines on their company network.
2025. február 7.
Biztonsági szemle
AI Cheese, CISA, Scaryware, Kimsuky Returns, Backups, Encryption, Jason Wood... - SWN #449
2025. február 7.
Biztonsági szemle
CISA warns Trimble Cityworks customers of actively exploited RCE flaw
Immediately patching is recommended due to the risk of RCE on Microsoft IIS web servers in critical infrastructure sectors.
2025. február 7.
Biztonsági szemle
LLM Hijackers Quickly Incorporate DeepSeek API Keys
The secret use of other people's generative AI platforms, wherein hijackers gain unauthorized access to an LLM while someone else foots the bill, is getting quicker and stealthier by the month.
2025. február 7.
Biztonsági szemle
SolarWinds to Go Private for $4.4B
Five years after a Russian APT infiltrated a software update to gain access to thousands of SolarWinds customers, the board has voted unanimously to sell at a top valuation and plans for uninterrupted operations.
2025. február 7.
Biztonsági szemle
Microsoft: Thousands of Public ASP.NET Keys Allow Web Server RCE
Developers are pulling in publicly available ASP.NET keys into their environments, without realizing that cyberattackers can use them for clandestine code injection.
2025. február 7.
Biztonsági szemle
3,000 exposed ASP.NET keys could perform code injection attacks
Microsoft worries the leaked keys could be pushed into development code without modification, leaving it open to security issues.