Tag: Risk
-
Alerts: Citrix Releases Security Updates for NetScaler and Citrix Session Recording
Source URL: https://www.cisa.gov/news-events/alerts/2024/11/12/citrix-releases-security-updates-netscaler-and-citrix-session-recording Source: Alerts Title: Citrix Releases Security Updates for NetScaler and Citrix Session Recording Feedly Summary: Citrix released security updates to address multiple vulnerabilities in NetScaler ADC, NetScaler Gateway, and Citrix Session Recording. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users…
-
The Register: HTTP your way into Citrix’s Virtual Apps and Desktops with fresh exploit code
Source URL: https://www.theregister.com/2024/11/12/http_citrix_vuln/ Source: The Register Title: HTTP your way into Citrix’s Virtual Apps and Desktops with fresh exploit code Feedly Summary: ‘Once again, we’ve lost a little more faith in the internet,’ researcher says Researchers are publicizing a proof of concept (PoC) exploit for what they’re calling an unauthenticated remote code execution (RCE) vulnerability…
-
Alerts: CISA, FBI, NSA, and International Partners Release Joint Advisory on 2023 Top Routinely Exploited Vulnerabilities
Source URL: https://www.cisa.gov/news-events/alerts/2024/11/12/cisa-fbi-nsa-and-international-partners-release-joint-advisory-2023-top-routinely-exploited Source: Alerts Title: CISA, FBI, NSA, and International Partners Release Joint Advisory on 2023 Top Routinely Exploited Vulnerabilities Feedly Summary: Today, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and international partners released joint Cybersecurity Advisory, 2023 Top Routinely Exploited Vulnerabilities. This advisory…
-
Alerts: CISA Releases Five Industrial Control Systems Advisories
Source URL: https://www.cisa.gov/news-events/alerts/2024/11/12/cisa-releases-five-industrial-control-systems-advisories Source: Alerts Title: CISA Releases Five Industrial Control Systems Advisories Feedly Summary: CISA released five Industrial Control Systems (ICS) advisories on November 12, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-317-01 Subnet Solutions PowerSYSTEM Center ICSA-24-317-02 Hitachi Energy TRO600 ICSA-24-317-03 Rockwell Automation FactoryTalk View…
-
CSA: ConfusedPilot: Novel Attack on RAG-based AI Systems
Source URL: https://cloudsecurityalliance.org/articles/confusedpilot-ut-austin-symmetry-systems-uncover-novel-attack-on-rag-based-ai-systems Source: CSA Title: ConfusedPilot: Novel Attack on RAG-based AI Systems Feedly Summary: AI Summary and Description: Yes **Summary:** The text discusses a newly discovered attack method called ConfusedPilot, which targets Retrieval Augmented Generation (RAG) based AI systems like Microsoft 365 Copilot. This attack enables malicious actors to influence AI outputs by manipulating…
-
Schneier on Security: Criminals Exploiting FBI Emergency Data Requests
Source URL: https://www.schneier.com/blog/archives/2024/11/criminals-exploiting-fbi-emergency-data-requests.html Source: Schneier on Security Title: Criminals Exploiting FBI Emergency Data Requests Feedly Summary: I’ve been writing about the problem with lawful-access backdoors in encryption for decades now: that as soon as you create a mechanism for law enforcement to bypass encryption, the bad guys will use it too. Turns out the same…
-
AlgorithmWatch: Civil society statement on meaningful transparency of risk assessments under the Digital Services Act
Source URL: https://algorithmwatch.org/en/civil-society-statement-on-meaningful-transparency-of-risk-assessments-under-the-digital-services-act/ Source: AlgorithmWatch Title: Civil society statement on meaningful transparency of risk assessments under the Digital Services Act Feedly Summary: This joint statement is also available as PDF-File. Meaningful transparency of risk assessments and audits enables external stakeholders, including civil society organisations, researchers, journalists, and people impacted by systemic risks, to scrutinise the…
-
Slashdot: D-Link Won’t Fix Critical Flaw Affecting 60,000 Older NAS Devices
Source URL: https://it.slashdot.org/story/24/11/11/2158210/d-link-wont-fix-critical-flaw-affecting-60000-older-nas-devices?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: D-Link Won’t Fix Critical Flaw Affecting 60,000 Older NAS Devices Feedly Summary: AI Summary and Description: Yes Summary: D-Link has announced no patch for a critical command injection vulnerability affecting over 60,000 NAS devices, urging users to either retire or isolate the devices. This situation emphasizes significant risks for…