Threat actors have leveraged Ivanti Connect Secure and Policy Secure zero-day vulnerabilities, tracked as CVE-2023-46805 and CVE-2024-21887, to facilitate the deployment of the Mirai botnet, reports Security Affairs.
More sophisticated anti-analysis methods have been integrated into the updated version of the Hijack Loader malware loader, also known as IDAT Loader, to better circumvent security systems as it deploys various malicious payloads, The Hacker News reports.
Jason joins us to discuss the current enterprise landscape for defending against supply chain attacks, remediating firmware issues, and the current challenges with patch management.
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Fifty-seven percent of more than 90,000 internet-exposed hosts continue to run TinyProxy instances unpatched against the critical use-after-free vulnerability, tracked as CVE-2023-49606, which could be leveraged to facilitate remote code execution attacks via an unauthenticated HTTP request, reports The Hacker News.
We already have bug bounties for web apps so it was only a matter of time before we would have bounties for AI-related bugs. Keith Hoodlet shares his experience winning first place in the DOD's inaugural AI bias bounty program. He explains how his education in psychology helped fill in the lack of resources in testing an AI's bias. Then we discuss ...