Geek-Guy.com

Category: Global Security News

DEF CON 32 – Iconv, Set The Charset To RCE Exploiting glibc To Hack The PHP Engine

Author/Presenter: Charles Fox Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink The post DEF CON 32 – Iconv, Set The Charset To RCE Exploiting glibc To Hack…

OpenAI brings its AI-powered web search tool to more ChatGPT users

ChatGPT Search, OpenAI’s AI-powered web search experience, is now live for all ChatGPT users — with several new features in tow. By default, ChatGPT will automatically determine which questions to route through ChatGPT Search, or users can tap a new “Search the web” icon in the ChatGPT interface. ChatGPT Search shows summarized answers from different…

PHP backdoor looks to be work of Chinese-linked APT group

Cybersecurity researchers at a China-based cybersecurity company have uncovered an advanced PHP backdoor that suggests a new asset in the arsenal of Chinese-linked Advanced Persistent Threat group Winnti. Researchers at QiAnXin’s XLab discovered the backdoor, which they titled Glutton, targeting China, the United States, Cambodia, Pakistan, and South Africa. After initially discovering the malware in…

Google experiments with a new image generator that remixes three images into one creation

Google Labs, Google’s experimental arm, is testing a new image generator called Whisk. This tool allows people to prompt with images instead of text, allowing them to remix a photo by altering the subject, scene, and style. Whisk uses Google’s image-generation model, Imagen 3, to combine three images: one for the subject, another for the…

YouTube creators can now allow third-party companies to train AI models on their content

Google says that it’ll soon begin to allow YouTube creators and rightsholders to let third-party companies including OpenAI, Apple, and Meta to use their videos to train AI models. “Over the next few days, creators and rights holders can choose to allow third-party companies to use their content to train AI models directly in Studio…

YouTube will now let creators opt out of third-party AI training

YouTube on Monday announced it will give creators more choice over how third parties can use their content to train their AI models. Starting today, creators and rights holders will be able to flag for YouTube if they’re permitting specific third-party AI companies to train models on the creator’s content. From a new setting within…

YouTube will now let creators opt into third-party AI training

YouTube on Monday announced it will give creators more choice over how third parties can use their content to train their AI models. Starting today, creators and rights holders will be able to flag for YouTube if they’re permitting specific third-party AI companies to train models on the creator’s content. From a new setting within…

Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #316 – Simplicity

via the respected Software Engineering expertise of Mikkel Noe-Nygaard and the lauded Software Engineering / Enterprise Agile Coaching work of Luxshan Ratnaravi at Comic Agilé! Permalink The post Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnaravi – #316 – Simplicity appeared first on Security Boulevard.

Meta updates its smart glasses with real-time AI video

Meta’s Ray-Ban Meta smart glasses are getting several new AI-powered upgrades, including the ability to have an ongoing conversation and translate between languages. Ray-Ban Meta owners in Meta’s early access program for the U.S. and Canada can now download firmware v11, which adds “live AI.” First unveiled this fall, live AI lets wearers continuously converse…

What is Instagram’s Threads app? All your questions answered

Twitter alternatives — new and old — have found audiences willing to try out a newer social networks since Elon Musk took over the company in 2022. Mastodon, Bluesky, Spill and T2 are some of the social media platforms people are among them. So is Meta’s Threads platform. What is Threads? How do you create…

Google DeepMind unveils a new video model to rival Sora

Google DeepMind, Google’s flagship AI research lab, wants to beat OpenAI at the video generation game — and it might just, at least for a little while. On Monday, DeepMind announced Veo 2, a next-gen video-generating AI and the successor to Veo, which powers a growing number of products across Google’s portfolio. Veo 2 can…

YouTube’s latest test lets creators post voice notes as comments

YouTube is experimenting with a new way to engage fans by giving creators the ability to post voice notes and reply to comments on their videos, the company announced on Monday. The ability to post voice notes is limited to certain creators in the U.S. for the time being. YouTube says they’ll only be able…

BlackBerry sells Cylance for $160M, a fraction of the $1.4B it paid in 2018

Arctic Wolf has acquired Cylance, BlackBerry’s beleaguered cybersecurity business, for $160 million — a significant write-down from the $1.4 billion BlackBerry paid to acquire the company in 2018. Under the terms of the deal, which is expected to close in BlackBerry’s fiscal Q4, BlackBerry will sell its Cylance assets to Arctic Wolf for $160 million…

Guarding against AI-powered threats requires a focus on cyber awareness

Threat actors will always find nefarious uses for new technologies, and AI is no exception. Attackers are primarily using AI to enhance the volume and velocity of their attacks. They’re also using the technology to make phishing communications more believable with perfect grammar and context-aware personalization. As cybercriminals harness new technologies to advance their operations,…

Snapchat introduces a unified monetization program for creators

Snapchat is introducing a revamped, unified monetization program for creators. The new program will reward creators for both content posted to Stories and Spotlight, its TikTok copycat. Previously, Snapchat monetized these two formats through separate programs. Under the new program, creators will earn revenue from ads displayed within eligible Stories and Spotlight posts. “With Spotlight…

Catching the ghost in the machine: Adapting threat detection to cloud speed

The rapid adoption of cloud technology has transformed how businesses operate, offering scalability, agility, and opportunities for innovation. However, this transformation has also introduced a profound challenge: the “ghost in the machine”—elusive and dynamic threats that exploit the complexity and scale of cloud environments to remain hidden, evading traditional detection methods and posing significant risks…

DeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA Pages

Cybersecurity researchers have shed light on a previously undocumented aspect associated with ClickFix-style attacks that hinge on taking advantage of a single ad network service as part of a malvertising-driven information stealer campaign dubbed DeceptionAds. “Entirely reliant on a single ad network for propagation, this campaign showcases the core mechanisms of malvertising — delivering over

UiPath positioned as the ‘Highest-Designated Leader’ in the Everest Group Intelligent Automation Platforms PEAK Matrix assessment 2024

The UiPath Platform is a trusted, scalable, and open platform that is driving agentic automation and enables businesses to unlock new levels of growth, efficiency, and innovation COMPANY NEWS: UiPath (NYSE: PATH), a leading enterprise automation and AI software company, today announced that it has been positioned the highest in the Leader category in the…

EU signs $11B deal for sovereign satellite constellation to rival Musk’s Starlink

The European Union is forging ahead with plans for a constellation of internet satellites to rival Elon Musk-owned Starlink, after signing a €10.6 billion ($11.1B) deal to launch nearly 300 satellites into low- and medium-Earth orbits by 2030. The bloc wants the space tech to boost its digital sovereignty by providing secure comms to governments.…

Prequel is building a community-driven approach to finding software bugs

Cybersecurity practitioners take a community-driven approach to solving problems. Security researchers share the vulnerabilities they find with the broader cybersecurity community, which allows companies to patch up their security holes before something catastrophic happens. Prequel is looking to bring that same approach to software. The startup is building a database of software failure patterns or…

OWASP Top 10 Risk & Mitigations for LLMs and Gen AI Apps 2025

The rapid advancement of AI, particularly in large language models (LLMs), has led to transformative capabilities in numerous industries. However, with great power comes significant security challenges. The OWASP Top… The post OWASP Top 10 Risk & Mitigations for LLMs and Gen AI Apps 2025 appeared first on Strobes Security. The post OWASP Top 10…

NoviSpy Spyware Installed on Journalist’s Phone After Unlocking It With Cellebrite Tool

A Serbian journalist had his phone first unlocked by a Cellebrite tool and subsequently compromised by a previously undocumented spyware codenamed NoviSpy, according to a new report published by Amnesty International. “NoviSpy allows for capturing sensitive personal data from a target’s phone after infection and provides the ability to turn on the phone’s microphone or…

Amazon refuses Microsoft 365 deployment because of lax cybersecurity

Amazon CISO CJ Moses has publicly shamed Microsoft security, halting his employer’s deployment of Microsoft 365 for a full year as the vendor tries to fix a long list of security problems that Amazon identified. Industry security executives were of two minds about the move. Some applauded Amazon, saying that the online retail giant —…

Vultr Teams with AMD, Broadcom, and Juniper to Advance AI with GPU Architecture

Cloud infrastructure company Vultr recently announced a four-way strategic collaboration with Juniper Networks, AMD, and Broadcom to team up on a new ecosystem to help foster the next phase of AI innovation with new GPU data center architecture. Additionally, Vultr will be expanding its Chicago cloud data center region at Centersquare’s Lisle, Illinois location. This…

Rhode Island suffers major cyberattack, exposing personal data of thousands

Rhode Island has suffered a severe cyberattack that has potentially exposed the personal data of hundreds of thousands of residents enrolled in state-run social services programs since 2016. Officials confirmed that RIBridges, the government system for programs like Medicaid and SNAP, was infiltrated by an international cybercriminal group. Governor Dan McKee confirmed that sensitive information…

Top Cybersecurity Trends to Watch Out For in 2025

As we approach 2025, the cybersecurity landscape is evolving rapidly, shaped by technological advancements, regulatory shifts, and emerging threats. To keep up, organizations must stay ahead of these developments. Below is an exhaustive list of key cybersecurity trends to watch out for in 2025. For cybersecurity leaders and organizations, staying ahead of cybersecurity industry trends…

Amnesty International exposes Serbian police’s use of spyware on journalists, activists

Serbian police and intelligence authorities have combined phone-cracking technology with spyware to eavesdrop on activists and journalists there, Amnesty International revealed in a report Monday, in what the human rights group says could be a disturbing preview of a future era of digital surveillance. Amnesty International’s 87-page document surveys the broader picture of digital spying…

SAP-Systeme geraten zunehmend ins Visier von Cyber-Angreifern

width=”5000″ height=”2813″ sizes=”(max-width: 5000px) 100vw, 5000px”>Angriffe auf SAP-Systeme versprechen Hackern fette Beute. Shutterstock Ein Rückblick auf Bedrohungsdaten aus den zurückliegenden vier Jahren macht deutlich, dass immer mehr Cyberkriminelle SAP-Systeme ins Visier nehmen. Das berichtete Yvan Genuer, leitender Sicherheitsforscher bei Onapsis auf der Black Hat Europe, die vom 9. bis 12. Dezember 2024 in London stattfand.…

UK’s internet watchdog finalizes first set of rules for Online Safety law

On Monday, the U.K.’s internet regulator, Ofcom, published the first set of final guidelines for online service providers subject to the Online Safety Act. This starts the clock ticking on the sprawling online harms law’s first compliance deadline, which the regulator expects to kick in in three months’ time. Ofcom has been under pressure to…

New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

Cybersecurity researchers are calling attention to a new kind of investment scam that leverages a combination of social media malvertising, company-branded posts, and artificial intelligence (AI) powered video testimonials featuring famous personalities, ultimately leading to financial and data loss. “The main goal of the fraudsters is to lead victims to phishing websites and forms that…

Tips for leveraging Robotic Process Automation (RPA) in your business

GUEST OPINION: In today’s fast-paced business environment, efficiency and accuracy are more important than ever. Robotic Process Automation (RPA) is a game-changer for many organizations, offering a way to streamline repetitive tasks and boost productivity. Imagine having software robots that handle mundane, rule-based processes, freeing up your team to focus on more strategic work. That’s…

Google names new India chief

Google has appointed Preeti Lobana to lead its India business, filling a key position that had been vacant since Sanjay Gupta’s promotion to Asia-Pacific president in July. Lobana, who was vice president of advertising technology at Google, takes over as the company pushes its AI products in India amid intensifying competition in the digital market.…

New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP

Cybersecurity researchers have discovered a new PHP-based backdoor called Glutton that has been put to use in cyber attacks targeting China, the United States, Cambodia, Pakistan, and South Africa. QiAnXin XLab, which discovered the malicious activity in late April 2024, attributed the previously unknown malware with moderate confidence to the prolific Chinese nation-state group tracked…

This stealthy African stablecoin startup already processed over $1B in cross-border payments

Juicyway, an African fintech that leverages stablecoin technology to power fast and cheap cross-border payments, is launching out of stealth after processing over $1 billion in transaction volume for thousands of African businesses over the last three years. The fintech claims to have processed over 25,000 transactions, generating $1.3 billion in total payment volume (TPV)…

Future of proposed US cybersecurity healthcare bills in doubt

Six months after Congressional hearings that promised action on the massive Change Healthcare ransomware attack and data theft, three pieces of proposed legislation to tighten cybersecurity requirements on healthcare providers are waiting to be dealt with. But Senators have left the proposals too late in the legislative calendar: Experts say the issue will likely only…

LW ROUNDTABLE: Lessons learned from the headline-grabbing cybersecurity incidents of 2024

It’s all too clear that the cybersecurity community, once more, is facing elevated challenges as well as opportunities. Part one of a four-part series The world’s reliance on interconnected digital infrastructure continues to deepen, even as the threats facing it … (more…) The post LW ROUNDTABLE: Lessons learned from the headline-grabbing cybersecurity incidents of 2024…

Ukrainian Minors Recruited for Cyber Ops and Reconnaissance in Russian Airstrikes

The Security Service of Ukraine (SBU or SSU) has exposed a novel espionage campaign suspected to be orchestrated by Russia’s Federal Security Service (FSB) that involves recruiting Ukrainian minors for criminal activities under the guise of “quest games.” Law enforcement officials said that it detained two FSB agent groups following a special operation in Kharkiv.…

BlackBerry’s Critical Communications: The Triple Shield Available to Safeguard Organizations and Governments

From major IT outages and cyberattacks crippling critical infrastructure, to extreme weather testing global resilience, organizations face a relentless barrage of security and communications challenges, with the potential to also impact human safety. Against this backdrop, BlackBerry has emerged as the market leader in innovative technologies that don’t just respond to and manage crises and…

The Hidden Risks of Mobile Calls and Messages: Why End-to-End Encryption is Just the Starting Line

The recent breaches of sovereign telecom networks in the United States, underscores how highly connected but fragmented public networks are increasingly vulnerable to sophisticated attacks.  Another rising concern is the blind trust organizations and individuals put into consumer-grade messaging apps such as WhatsApp to share government and commercially-sensitive information.  Some of the biggest risks concerning…

Cloud Access Security Broker – ein Kaufratgeber

Lesen Sie, worauf es bei der Wahl eines Cloud Access Security Broker ankommt – und welche Anbieter was genau zu bieten haben. Jack the sparow | shutterstock.com Ein Cloud Access Security Broker (CASB) sitzt zwischen Enterprise-Endpunkten und Cloud-Ressourcen und fungiert dabei als eine Art Monitoring-Gateway. Eine CASB-Lösung: gewährt Einblicke in Benutzeraktivitäten in der Cloud, setzt…

Navigating HIPAA Compliance When Using Tracking Technologies on Websites

Websites have become indispensable tools for healthcare organizations to connect with patients, streamline operations, and enhance service delivery. Modern websites are composed of components that “build” unique user experiences in real time.However, the use of tracking technologies on these websites presents unique challenges in complying with the Health Insurance Portability and Accountability Act of 1996…

Build Your Confidence in Secrets Sprawl Management

Can You Truly Be Confident in Your Approach to Secrets Management? Cybersecurity is a crucial element in today’s digital landscape, but how can organizations ensure they’re confidently managing their non-human identities and secrets? This is a question that many professionals have, regardless of their industry — be it finance, healthcare, travel, or a DevOps and…

Empower Your SOC Teams with Cloud-Native Security Solutions

Can Cloud-Native Security Be a Game-Changer for Your SOC Teams? In today’s complex digital landscape, organizations are increasingly challenged to protect their data while ensuring compliance with evolving cybersecurity regulations. From finance to healthcare, businesses are recognizing the need for a more comprehensive approach to securing machine identities, especially Non-Human Identities (NHIs). Could effective NHI…

Proactively Securing Machine Identities to Prevent Attacks

Why Should Proactive Security Management of Machine Identities Be a Priority? With the rise of digitalization across various sectors, organizations have ramped up their security measures to safeguard sensitive data. An area that often gets overlooked in this process, yet is crucial to robust data security, is the management of non-human identities (NHIs). These NHIs,…

Empower Your Security with Cloud Compliance Innovations

How Can We Empower Security with Cloud Compliance Innovations? As we continue to leverage cloud services for our businesses, one cannot ignore the escalating complexity of cybersecurity. Non-Human Identities (NHIs) and Secrets Security Management has emerged as a core player in empowering security in this dynamic environment. But what is an NHI? How do they…

The 2025 Lucid Air Pure is a luxe ride at $69,900 with room for tech tune-ups

The all-electric 2025 Lucid Air Pure is a dreamy, sexy car that’s no less luxurious for being the cheapest trim in Lucid’s Air lineup. I felt fancy and discerning driving around, but in an understated way – as if I were wearing designer sweatpants.  But does fancy equal value? I spent about 10 days driving…

DEF CON 32 – Fireside Chat – The Dark Tangent and National Cyber Director Harry Coker, Jr

Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink The post DEF CON 32 – Fireside Chat – The Dark Tangent and National Cyber Director Harry Coker, Jr…

WordPress Appliance - Powered by TurnKey Linux