Geek-Guy.com

Category: Global Security News

Google’s NotebookLM now lets you to talk to its AI podcast hosts

A few months ago, Google’s NotebookLM note-taking app debuted an Audio Overviews feature that generates a podcast with AI virtual hosts based on information you have shared with the app. Now, NotebookLM is rolling out the ability for users to interact with the AI podcast hosts. The idea behind Audio Overviews and the AI hosts…

Researchers expose a surge in hacker interest in SAP systems

A review of four years of threat intelligence data, presented Friday at Black Hat by Yvan Genuer, a senior security researcher at Onapsis, reports a spike in hacker interest in breaking into enterprise resource planning (ERP) systems from SAP in 2020 that was sustained until the end of 2023. The vast majority (87%) of the…

The federal crash-reporting rule Tesla opposes could be on the chopping block

The Trump transition team wants to end a federal rule requiring automakers to report crashes when advanced driver-assistance or autonomous driving technology is engaged, Reuters reports. Federal safety agencies would lose the ability to investigate and regulate the safety of vehicles with automated-driving systems should the rule — which went into effect in 2021 —…

Podcast Episode 21: Interview with the University of Richmond’s CTF Winning Team

What happens when passion, talent, and opportunity collide in the university’s tech scene? Meet David Nathanson and Daniel Garay, the freshmen duo who took the University of Richmond’s Capture the Flag (CTF) competition by storm. With David bringing his coding journey from Nicaragua and Daniel harnessing his self-taught skills in AI and machine learning, they……

Time of Reckoning – Reviewing My 2024 Cybersecurity Predictions

The brutal reality is that cybersecurity predictions are only as valuable as their accuracy.  As 2024 comes to a close, I revisit my forecasts to assess their utility in guiding meaningful decisions. Anyone can make predictions (and far too many do), but actually being correct is another matter altogether. It is commonplace for security companies…

Liquid AI just raised $250M to develop a more efficient type of AI model

Liquid AI, an AI startup co-founded by robotics luminary Daniela Rus, has raised $250 million in a Series A led by AMD. Per Bloomberg, the round values Liquid AI at over $2 billion. Liquid AI aims to build general-purpose AI systems powered by a relatively new type of AI model called a liquid neural network. Liquid…

Sam Altman and Jeff Bezos are the latest billionaires to donate $1M to Trump fund

OpenAI CEO Sam Altman and Jeff Bezos’ Amazon plan to donate $1 million each to President-elect Donald Trump’s inaugural fund, according to reports from Fox and the Wall Street Journal.  TechCrunch has confirmed Altman’s plans to personally commit the money, which is not coming directly from OpenAI.    The donations from the billionaires follow plans by…

Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

A security flaw has been disclosed in OpenWrt’s Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and…

Ultralytics Supply-Chain Attack

Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary: On December 4, a malicious version 8.3.41 of the popular AI library ultralytics ­—which has almost 60 million downloads—was published to the Python Package Index (PyPI) package repository. The package contained downloader code that was downloading the XMRig…

DEF CON 32 – Outlook Unleashing RCE Chaos CVE 2024 30103

Authors/Presenters: Michael Gorelik, Arnold Osipov Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink The post DEF CON 32 – Outlook Unleashing RCE Chaos CVE 2024 30103 appeared…

DEF CON 32 – Outlook Unleashing RCE Chaos CVE 2024 30103

Authors/Presenters: Michael Gorelik, Arnold Osipov Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink The post DEF CON 32 – Outlook Unleashing RCE Chaos CVE 2024 30103 appeared…

DEF CON 32 – Outlook Unleashing RCE Chaos CVE 2024 30103

Authors/Presenters: Michael Gorelik, Arnold Osipov Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink The post DEF CON 32 – Outlook Unleashing RCE Chaos CVE 2024 30103 appeared…

DoJ Indicts 14 North Koreans for $88M IT Worker Fraud Scheme Over Six Years

The U.S. Department of Justice (DoJ) has indicted 14 nationals belonging to the Democratic People’s Republic of Korea (DPRK or North Korea) for their alleged involvement in a long-running conspiracy to violate sanctions and commit wire fraud, money laundering, and identity theft by illegally seeking employment in U.S. companies and non-profit organizations. “The conspirators, who…

OpenAI blames its massive ChatGPT outage on a ‘new telemetry service’

OpenAI is blaming one of the longest outages in its history on a “new telemetry service” gone awry. On Wednesday, OpenAI’s AI-powered chatbot platform, ChatGPT; its video generator, Sora; and its developer-facing API experienced major disruptions starting at around 3 p.m. Pacific. OpenAI acknowledged the problem soon after — and began working on a fix.…

WatchGuard CISO on What MSPs Need to Know to Stay Secure in 2025

Security vendor WatchGuard has deep channel connections and years of expertise in network security, endpoint protection, and other specialties. WatchGuard Chief Information Security Officer Corey Nachreiner spoke with Channel Insider to discuss the emerging technology and impending threats MSPs must consider for themselves and their clients as the calendar turns to a new year. Supporting…

Cybersecurity Insights with Contrast CISO David Lindner | 12/13/24

Insight No. 1: Stop patching the CVE dumpster fire with Vulnrichment It’s time to integrate the crucial data — Common Vulnerability Scoring System (CVSS) scores and other crucial information  — from CISA’s Vulnrichment program directly into the NVD. Centralize, streamline, and then focus on what really matters: runtime analysis of your applications. Insight No. 2: Zero days don’t give…

Cybersecurity Insights with Contrast CISO David Lindner | 12/13/24

Insight No. 1: Stop patching the CVE dumpster fire with Vulnrichment It’s time to integrate the crucial data — Common Vulnerability Scoring System (CVSS) scores and other crucial information  — from CISA’s Vulnrichment program directly into the NVD. Centralize, streamline, and then focus on what really matters: runtime analysis of your applications. Insight No. 2: Zero days don’t give…

Cybersecurity Insights with Contrast CISO David Lindner | 12/13/24

Insight No. 1: Stop patching the CVE dumpster fire with Vulnrichment It’s time to integrate the crucial data — Common Vulnerability Scoring System (CVSS) scores and other crucial information  — from CISA’s Vulnrichment program directly into the NVD. Centralize, streamline, and then focus on what really matters: runtime analysis of your applications. Insight No. 2: Zero days don’t give…

Controversial EU ad campaign on X broke bloc’s own privacy rules

The European Union’s executive body is facing an embarrassing privacy scandal after it was confirmed on Friday that a Commission ad campaign on X (formerly Twitter) breached the EU’s own data protection rules. The finding, by the EU’s oversight body the European Data Protection Supervisor (EDPS), relates to a microtargeted ad campaign that the Commission…

API Security is Not a Problem You Can Solve at the Edge

In today’s interconnected digital ecosystems, traditional security mechanisms like Web Application Firewalls (WAFs), API gateways, and Content Delivery Networks (CDNs) act as enforcement points. Think of them as bouncers at the entrance of a high-profile nightclub—they decide who gets in and who doesn’t. However, relying solely on these edge solutions to secure APIs is like…

API Security is Not a Problem You Can Solve at the Edge

In today’s interconnected digital ecosystems, traditional security mechanisms like Web Application Firewalls (WAFs), API gateways, and Content Delivery Networks (CDNs) act as enforcement points. Think of them as bouncers at the entrance of a high-profile nightclub—they decide who gets in and who doesn’t. However, relying solely on these edge solutions to secure APIs is like…

API Security is Not a Problem You Can Solve at the Edge

In today’s interconnected digital ecosystems, traditional security mechanisms like Web Application Firewalls (WAFs), API gateways, and Content Delivery Networks (CDNs) act as enforcement points. Think of them as bouncers at the entrance of a high-profile nightclub—they decide who gets in and who doesn’t. However, relying solely on these edge solutions to secure APIs is like…

How to Create Microsoft Copilot Use Cases for Clients

Organizations of all sizes are continuously looking to AI and machine learning to automate processes and enhance efficiency. The big players in the AI space are creating all-encompassing AI tools to meet the needs of enterprises and create value for their customers. One of those tools is Microsoft’s Copilot solution, which can be used for…

Thoughtworks Signs Strategic Collaboration Agreement with AWS to Accelerate Generative AI Adoption and Address Industry Challenges in Asia Pacific

Thoughtworks, a global technology consultancy that integrates strategy, design and engineering, today announced it has signed a strategic collaboration agreement (SCA) with Amazon Web Services (AWS) to help enterprises across Asia Pacific develop generative artificial intelligence (GenAI) solutions that drive operational efficiencies. This will help Thoughtworks’ clients in industries across automotive, energy, financial services, healthcare,…

Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms

Iran-affiliated threat actors have been linked to a new custom malware that’s geared toward IoT and operational technology (OT) environments in Israel and the United States. The malware has been codenamed IOCONTROL by OT cybersecurity company Claroty, highlighting its ability to attack IoT and supervisory control and data acquisition (SCADA) devices such as IP cameras,…

WhatsApp lets you select specific people within a group to start a group call without disturbing anyone

WhatsApp announced that it had added new video calling features just before the holidays, including participant selection for group video calls, better resolution, and a revamped call tab on the desktop. This is another step from Meta in making WhatsApp a viable option for both personal and work calls instead of using Google Meet or…

New Linux Rootkit PUMAKIT Uses Advanced Stealth Techniques to Evade Detection

Cybersecurity researchers have uncovered a new Linux rootkit called PUMAKIT that comes with capabilities to escalate privileges, hide files and directories, and conceal itself from system tools, while simultaneously evading detection. “PUMAKIT is a sophisticated loadable kernel module (LKM) rootkit that employs advanced stealth mechanisms to hide its presence and maintain communication with

How to turn around a toxic cybersecurity culture

A toxic cybersecurity culture affects team turnover, productivity, and morale. Worse yet, it places enterprise systems and data at risk. In a toxic cybersecurity culture, everybody believes that cybersecurity is somebody else’s job, says Keri Pearlson, executive director for Cybersecurity at MIT Sloan (CAMS), a research consortium focusing on cybersecurity leadership and governance issues. “They…

As AI-fueled disinformation explodes, here comes the startup counterattack

With disinformation on the rise, especially given the explosion of AI, companies are just as vulnerable to its effects as individuals. Refute is a London-based startup that detects and responds to disinformation on behalf of these commercial entities. It’s now raised a £2.3 million ($2.9 million) pre-seed round led by UK investors Playfair and Episode 1.…

Texas AG is investigating Character.AI, other platforms over child safety concerns

Texas Attorney General Ken Paxton on Thursday launched an investigation into Character.AI and 14 other technology platforms over child privacy and safety concerns. The investigation will assess whether Character.AI — and other platforms that are popular with young people, including Reddit, Instagram and Discord — conform to Texas’ child privacy and safety laws. The investigation…

FBI Busts Rydox Marketplace with 7,600 PII Sales, Cryptocurrency Worth $225K Seized

The U.S. Department of Justice (DoJ) on Thursday announced the shutdown of an illicit marketplace called Rydox (“rydox.ru” and “rydox[.]cc”) for selling stolen personal information, access devices, and other tools for conducting cybercrime and fraud. In tandem, three Kosovo nationals and administrators of the service, Ardit Kutleshi, Jetmir Kutleshi, and Shpend Sokoli, have been arrested.…

Snowflake Will Make MFA Mandatory Next Year

Data warehousing firm Snowflake, which saw a lot of user accounts get hacked due to poor security hygiene, is making MFA mandatory for all user accounts by November 2025. The post Snowflake Will Make MFA Mandatory Next Year appeared first on Security Boulevard.

10 wichtige Security-Eigenschaften: So setzen Sie die Kraft Ihres IT-Sicherheitstechnik-Teams frei

Lesen Sie, worauf es bei der Zusammenarbeit zwischen Ihrem IT-Security- und Engineering-Team ankommt. Foto: Lipik Stock Media – shutterstock.com Security-Teams bestehen in erster Linie aus Mitarbeitern, die für den Betrieb und die Einhaltung von Vorschriften und Richtlinien zuständig sind. IT-Sicherheitstechnik-Teams, neudeutsch Security-Engineering-Teams, hingegen sind Konstrukteure. Sie entwickeln Dienste, automatisieren Prozesse und optimieren Bereitstellungen, um das…

Microsoft debuts Phi-4, a new generative AI model, in research preview

Microsoft has announced the newest addition to its Phi family of generative AI models. Called Phi-4, the model is improved in several areas over its predecessors, Microsoft claims — in particular math problem solving. That’s partly the result of improved training data quality. Phi-4 is available in very limited access as of Thursday night: only…

Fleet Space raises $100M to scale satellite-enabled mineral prospecting tech

Late-stage deals in space have been on the decline this year, but one notable exception is Fleet Space Technologies’ $100 million Series D.  The Adelaide, Australia-based startup raised the new funding to accelerate the development of ExoSphere, a platform to enable real-time mineral prospecting from space. The company currently has two satellites in low Earth…

What Is an Application Vulnerability? 8 Common Types

Every application is susceptible to attacks, but web applications are more vulnerable than others. They interact with more networks and users—and every interaction is a risk. Any flaws or errors can lead to serious problems like unauthorized access, stolen data, and service disruptions. Whether you run a small team or manage a large organization, staying…

Understanding the Role of AI in Cybersecurity

Artificial intelligence (AI) is reshaping the cybersecurity landscape—both potential attacks and impactful protections. Understanding how AI can be used in cybersecurity can help you build more efficient and adaptive defenses capable of handling these rapidly evolving threats. The post Understanding the Role of AI in Cybersecurity appeared first on Security Boulevard.

What’s a Zero-Day Vulnerability? Prevent Exploits and Attacks

Zero-day vulnerabilities are serious threats. They’re completely unknown to both the vendor and the user. That gives attackers a significant advantage, allowing them to attack systems before patches are available. The post What’s a Zero-Day Vulnerability? Prevent Exploits and Attacks appeared first on Security Boulevard.

SonicWall Partners with CrowdStrike to Protect SMBs with New MDR Offering

Recently, SonicWall announced that it would be partnering with CrowdStrike to deliver a new Managed Detection and Response (MDR) offering to bring enterprise-grade security to small- and medium-sized businesses (SMBs). SonicWall and CrowdStrike bring together services and products SonicWall’s trusted Managed Security Services (MSS) combines with CrowdStrike’s Endpoint Detection and Response (EDR) capabilities from the…

Tesla’s loss is Zoox’s gain

Zoox co-founder and CTO Jesse Levinson told the crowd at TechCrunch Disrupt 2024 that he didn’t think Tesla would launch a robotaxi ride-hailing service in California (or anywhere else) next year, despite what Elon Musk had claimed. The “fundamental issue is they don’t have technology that works,” he said at the time. But it seems that…

Nearly half of US teens are online almost constantly, Pew study finds

Nearly half of teens in the U.S. are online almost constantly, and the platform they’re using the most is YouTube, a new study from the Pew Research Center has found. The center reports that 46% of teens say they’re online “almost constantly,” and 90% of teens it surveyed said they use the Google-owned video platform,…

Attackers exploit zero-day RCE flaw in Cleo managed file transfer

Security researchers have warned about in-the-wild attacks that exploit a remote code execution vulnerability in managed file transfer (MFT) solutions developed by enterprise software vendor Cleo Communications.The impacted products include the latest versions of Cleo LexiCom, Cleo VLTrader and Cleo Harmony, with experts advising to temporarily disconnect these systems from the internet until a patch…

Cybercriminal marketplace Rydox seized in international law enforcement operation

The Justice Department announced Thursday that it had participated in a coordinated effort to seize and dismantle Rydox, an online marketplace for stolen personal information and cybercrime tools. The operation led to the arrest of three individuals alleged to be the site’s administrators. Rydox has been linked to over 7,600 illicit sales and generated substantial…

ChatGPT: Everything you need to know about the AI-powered chatbot

ChatGPT, OpenAI’s text-generating AI chatbot, has taken the world by storm since its launch in November 2022. What started as a tool to supercharge productivity through writing essays and code with short text prompts has evolved into a behemoth with 300 million weekly active users. 2024 has been a big year for OpenAI, from its…

Court indicts 14 North Korean IT workers tied to $88 million in illicit gains

A federal court has indicted 14 more North Korean IT workers as part of an ongoing U.S. government campaign to crack down on Pyongyang’s use of tech professionals to swindle American companies and nonprofits. The Justice Department said the 14 indicted workers generated at least $88 million throughout a conspiracy that stretched over approximately six…

Holding Back Salt Typhoon + Other Chinese APT CVEs

Over the past several years, US Federal Agencies and private sector companies have observed China-based threat actors targeting network and telecommunication critical infrastructure. A wave of recent reports have disclosed that these attacks have succeeded in compromising government and industry targets to a far greater extent than previously thought. As a result, CISA has issued…

WordPress Appliance - Powered by TurnKey Linux