High-Severity Vulnerability Discovered in Vanna.AI Library Threatens Remote Code Execution Cybersecurity experts have recently uncovered a significant security vulnerability in the Vanna.AI library, which could allow attackers to achieve remote code execution via exploitative prompt injection methods. This flaw, identified as CVE-2024-5565 and rated with a CVSS score of 8.1,…
Major Disruption of Grandoreiro Malware Operatives in Brazil In a significant law enforcement operation in Brazil, authorities have arrested several individuals linked to the notorious Grandoreiro banking malware. The Federal Police of Brazil announced that they executed five temporary arrest warrants along with 13 search and seizure warrants across multiple…
A significant cybersecurity incident has come to light involving the United Nations Trust Fund to End Violence Against Women, which inadvertently exposed a database containing sensitive information. This unsecured database, readily accessible on the internet, housed more than 115,000 files related to organizations affiliated with or receiving funding from UN…
Endpoint Security, Hardware / Chip-level Security, Internet of Things Security Annual Conference and Hackathon Highlights Innovations in IoT Device Protection Athira Nair • October 22, 2024 Vulnerabilities in electric vehicle chargers are key topics of discussion at Hardware.io. (Image: Shutterstock) The increasing connectivity of devices has led to a parallel…
The Federal Bureau of Investigation (FBI) has been summoned to probe a significant cybersecurity incident involving HBO, which has allegedly suffered a data breach resulting in the exposure of sensitive information, including unreleased episodes of popular shows like Game of Thrones. Hackers are reported to have extracted approximately 1.5 terabytes…
A significant extortion campaign has emerged, targeting various organizations by exploiting publicly accessible environment variable files (commonly ending in .env) that contain sensitive credentials for cloud and social media applications. This alarming trend underscores the vulnerabilities in data security practices across industries. According to a report by Palo Alto Networks’…
Connecticut has reached a settlement with Guardian Analytics, a financial crime risk management firm, following a significant data breach that affected one of its clients, Webster Bank. The breach, which occurred between November 2022 and January 2023, compromised the personal information of over 157,000 residents in Connecticut. This sensitive data…
Security Vulnerabilities in Emerson Rosemount Gas Chromatographs Exposed Recent findings have revealed multiple security vulnerabilities in Emerson Rosemount gas chromatographs, specifically the GC370XA, GC700XA, and GC1500XA models. These vulnerabilities could potentially be exploited by malicious actors to gain unauthorized access to sensitive information, disrupt services leading to denial-of-service (DoS) conditions,…
Recently reported zero-day vulnerabilities in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been actively exploited to deploy a Rust-based payload known as KrustyLoader. This malicious software component is specifically designed to install the open-source Sliver adversary simulation tool, which has gained traction among threat actors. The security…
