Recent developments in the realm of artificial intelligence have brought to light a serious vulnerability affecting encrypted communications. Dubbed ‘Whisper Leak,’ this sophisticated side-channel attack, disclosed by Microsoft researchers, has the potential to glean sensitive information from encrypted traffic directed at large language models (LLMs). As outlined in a recent…
Qualcomm has issued security updates responding to nearly two dozen vulnerabilities affecting both proprietary and open-source components. Among these, a particularly severe flaw has been identified, which is reportedly under active exploitation in the field. This high-severity vulnerability, designated as CVE-2024-43047 with a CVSS score of 7.8, has been characterized…
A recent malware campaign has been uncovered, targeting South Korean organizations, specifically attributed to the North Korean hacking group Andariel. This development highlights the ongoing evolution of tactics employed by state-sponsored actors, particularly within the Lazarus Group, which has been consistently adapting its methodologies to enhance operational effectiveness. Kaspersky, a…
In the evolving landscape of cybersecurity, the demand for improved threat visibility has never been more pressing. Many businesses grapple with the lengthy dwell times and the challenges in promptly identifying and containing data breaches. According to IBM’s Cost of a Data Breach Report from 2021, organizations typically require an…
The State of Operational Technology Security: A Sector Lagging Behind As cyber defenders focus on securing operational technology (OT) and industrial control systems (ICS), a significant challenge emerges: the scarcity of actionable data. Unlike their IT counterparts, OT operators often lack comprehensive logging capabilities, which hampers incident response efforts. According…
A recent report from Cycode underscores the burgeoning challenges surrounding AI integration in enterprise software development. According to their findings, businesses face a profound “Shadow AI” crisis, where the rapid uptake of AI technologies has eclipsed the capacity of security teams to effectively manage the associated risks. The State of…
Microsoft has announced the release of security updates addressing 118 vulnerabilities in its software suite, two of which have been identified as actively exploited vulnerabilities in the wild. Among these vulnerabilities, three have been classified as Critical, while 113 are rated Important, and two are deemed Moderate. Notably, this Patch…
Recent investigations by Russian cybersecurity firm Kaspersky have unveiled that a hacking group suspected of having links to Iran has been exploiting instant messaging and VPN applications like Telegram and Psiphon since at least 2015. These tools are being utilized to deploy a Windows remote access trojan (RAT), which can…
In the wake of the accelerated shift to remote work and the expansive adoption of cloud services, organizations are witnessing a significant growth in their attack surfaces. This expansion has resulted in a corresponding increase in security blind spots within their networks, posing a substantial risk to their cybersecurity frameworks.…
