Meta to pay $1.4 billion over unauthorized facial recognition image capture
Meta has settled a Texas lawsuit over gathering biometric data for Facebook’s “Tag Suggestions” feature without informed consent.
Read MoreComputer Security Articles
RSS Reader for Computer Security Articles
Apple fixes Siri vulnerabilities that could have allowed sensitive data theft from locked device. Update now!
Apple has released security updates that patch vulnerabilities in Siri and VoiceOver that could be used to access sensitive user data.
Read MoreDon’t Let Your Domain Name Become a “Sitting Duck”
Credit to Author: BrianKrebs| Date: Wed, 31 Jul 2024 12:06:45 +0000
More than a million domain names — including many registered by Fortune 100 firms and brand protection companies — are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars, new research finds.
Read MoreRansomware operators exploit ESXi hypervisor vulnerability for mass encryption
Credit to Author: Microsoft Threat Intelligence| Date: Mon, 29 Jul 2024 16:00:00 +0000
Microsoft Security researchers have observed a vulnerability used by various ransomware operators to get full administrative access to domain-joined ESXi hypervisors and encrypt the virtual machines running on them. The vulnerability involves creating a group called “ESX Admins” in Active Directory and adding an attacker-controlled user account to this group. This manipulation of the Active Directory group takes advantage of a privilege escalation vulnerability (CVE-2024-37085) in ESXi hypervisors that grants the added user full administrative access to the ESXi hypervisor. The vulnerability was fixed by VMware in their June release and ESXi administrators should install this security update.
The post Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption appeared first on Microsoft Security Blog.
Read MoreAI Pulse: Brazil Gets Bold with Meta, Interpol’s Red Flag & more
Credit to Author: AI Team| Date: Tue, 30 Jul 2024 00:00:00 +0000
The second edition of AI Pulse is all about AI regulation: what’s coming, why it matters, and what might happen without it. We look at Brazil’s hard não to Meta, how communities are pushing back against AI training data use, Interpol’s warnings about AI deepfakes, and more.
Read MoreA Senate Bill Would Radically Improve Voting Machine Security
Credit to Author: Eric Geller| Date: Tue, 30 Jul 2024 14:20:51 +0000
This year’s Intelligence Authorization Act would mandate penetration testing for federally certified voting machines and allow independent researchers to work on exposing vulnerabilities.
Read MoreThreat actor impersonates Google via fake ad for Authenticator
Only trust official sources they say, but what happens when a Google vetted ad is for a Google product?
Read MoreThe State of Ransomware in Healthcare 2024
Credit to Author: Sally Adam| Date: Tue, 30 Jul 2024 13:52:07 +0000
402 healthcare IT/cybersecurity leaders share their latest ransomware experiences, revealing fresh insights into the realities facing the healthcare sector today.
Read More