Morphisec researchers have identified a critical Microsoft Outlook vulnerability, CVE-2024-30103, and detail its technical impact and recommended actions.
CVE-2024-29824 Ivanti EPM SQL Injection Remote Code Execution Vulnerability. This blog details the internals of a SQLi RCE vulnerability.
Key Takeaways In October 2023, we observed an intrusion that began with a spam campaign, distributing a forked IcedID loader. The threat actor used Impacket’s wmiexec and RDP to install Scree…
A user on the online forum 4chan has leaked a massive 270GB of data belonging to The New York Times. This leak includes the source code for the
Detect and mitigate CVE-2024-4577, a critical remote code execution vulnerability in PHP CGI. Organizations are advised to patch urgently.
Veeam Backup Enterprise Manager Authentication Bypass
Russia, which hasn’t been invited to the summit, has repeatedly called it “meaningless and harmful.” Swiss officials did not provide more details about the reported cyberattacks.
A campaign targeting Snowflake customer database instances with the intent of data theft and extortion.
As a result of the cyberattack “hospitals cannot currently match patients’ blood at the same frequency as usual,” announced NHS Blood and Transplant.
The security firm said the attacks targeting Snowflake customers is "ongoing," suggesting the number of affected companies may rise.
And publicly reviewable server code means experts can "verify this privacy promise."
Secure and private AI processing in the cloud poses a formidable new challenge. To support advanced features of Apple Intelligence with larger foundation models, we created Private Cloud Compute (PCC), a groundbreaking cloud intelligence system designed specifically for private AI processing. Built with custom Apple silicon and a hardened operating system, Private Cloud Compute extends the industry-leading security and privacy of Apple devices into the cloud, making sure that personal user data sent to PCC isn’t accessible to anyone other than the user — not even to Apple. We believe Private Cloud Compute is the most advanced security architecture ever deployed for cloud AI compute at scale.
Si la Russie ne participera pas à la conférence sur la paix en Ukraine du Bürgenstock, l'Office fédéral de la cybersécurité met en garde contre d'éventuelles actions perturbatrices de sa part. Première responsable de la transmission d'informations, la SSR est sur le qui-vive.
A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to
Sonatype's automated malware detection systems identified a malicious PyPI package called crytic-compilers, connected to Russia-linked Lumma Windows stealer, and named very closely after a well-known legitimate Python library that is used by cryptocurrency developers.
FortiGuard Labs has recently identified a sophisticated cyberattack involving an Excel file embedded with a VBA macro designed to deploy a DLL file. Learn more.
Microsoft's education-focused flavor of its cloud productivity suite, Microsoft 365 Education, is facing investigation in the European Union. Privacy
A ransomware attack affecting pathology and diagnostic services provider Synnovis has impacted healthcare services at multiple major NHS hospitals in London.
Today, we are investing in the next generation of GenAI security with the 0Day Investigative Network (0Din) by Mozilla, a bug bounty program for large language models (LLMs) and other deep learning technologies. 0Din expands the scope to identify and fix GenAI security by delving beyond the application layer with a focus on emerging classes of vulnerabilities and weaknesses in these new generations of models.
In this analysis, Morphisec Threat Labs details the latest Sticky Werewolf cyber threat group campaign targeting the aviation industry.
