Poisoned telemetry can turn AIOps into AI Oops, researchers show
Sysadmins, your job is safe Automating IT operations using AI may not be the best idea at the moment.… READ MORE HERE…
The Register
Russia’s RomCom among those exploiting a WinRAR 0-day in highly-targeted attacks
A few weeks earlier ‘zeroplayer’ advertised an $80K WinRAR 0-day exploit Russia-linked attackers found and exploited a high-severity WinRAR vulnerability before the maintainers of the Windows file archiver issued a fix.… READ MORE HERE…
Trend Micro offers weak workaround for already-exploited critical vuln in management console
PLUS: Crypto mixer founders plead guilty; Another French telco hacked; Meta fights WhatsApp scams; And more! Infosec In Brief A critical vulnerability in the on-prem version of Trend Micro’s Apex One endpoint security platform is under active exploitation, the company admitted last week, and there’s no patch available.… READ MORE HERE…
DEF CON hackers plug security holes in US water systems amid tsunami of threats
Five pilot deployments are just a drop in the bucket, so it’s time to turbo scale def con A DEF CON hacker walks into a small-town water facility…no, this is not the setup for a joke or a (super-geeky) odd-couple rom-com. It’s a true story that happened at five utilities across four states.… READ MORE HERE…
The inside story of the Telemessage saga, and how you can view the data
It turns out no one was clean on OPSEC DEF CON On Saturday at DEF CON, security boffin Micah Lee explained just how he hacked into TeleMessage, the supposedly secure messaging app used by White House officials, which in turn led to a massive database dump of their communications.… READ MORE HERE…
Chinese biz using AI to hit US politicians, influencers with propaganda
In misinformation, Russia might be the top dog but the Chinese are coming warns former NSA boss DEF CON A cache of documents uncovered by Vanderbilt University has revealed disturbing details about how a Chinese company is building up a database of US politicians and influencers with whom to share propaganda.… READ MORE HERE…
Star leaky app of the week: StarDict
Fun feature found in Debian 13: send your selected text to China – in plaintext As Trixie gets ready to début, a little-known app is hogging the limelight: StarDict, which sends whatever text you select, unencrypted, to servers in China.… READ MORE HERE…
Ex-White House cyber, counter-terrorism guru: Microsoft considers security an annoyance, not a necessity
Tells The Reg China’s ability to p0wn Redmond’s wares ‘gives me a political aneurysm’ Comment Roger Cressey served two US presidents as a senior cybersecurity and counter-terrorism advisor and currently worries he’ll experience a “political aneurysm” due to Microsoft’s many security messes.… READ MORE HERE…
Prohibition never works, but that didn’t stop the UK’s Online Safety Act
Will someone think of the deals politicians are making? Opinion You might think, since I write about tech all the time, my degrees are in computer science. Nope. I’m a bona fide, degreed historian, which is why I can say with confidence that the UK’s recently passed Online Safety Act is doomed to fail.… READ MORE HERE…
Microsoft, CISA warn yet another Exchange server bug can lead to ‘total domain compromise’
No reported in-the-wild exploits…yet Microsoft and the feds late Wednesday sounded the alarm on another high-severity bug in Exchange Server hybrid deployments that could allow attackers to escalate privileges from on-premises Exchange to the cloud.… READ MORE HERE…