[[{“value”:”
Law enforcement in 50 countries partner to take down ransomware, banking malware, and phishing threats.
The post 31 People Arrested in Global Cybercrime Crackdown appeared first on SecurityWeek.
“}]] Read More
SecurityWeek RSS Feed
The all in one place for non-profit security aid.
[[{“value”:”
Law enforcement in 50 countries partner to take down ransomware, banking malware, and phishing threats.
The post 31 People Arrested in Global Cybercrime Crackdown appeared first on SecurityWeek.
“}]] Read More
SecurityWeek RSS Feed
Police Warn Hundreds of Online Merchants of Skimmer Infections
Law enforcement authorities in 17 countries discovered more than 400 online merchants infected with skimmers.
The post Police Warn Hundreds of Online Merchants of Skimmer Infections appeared first on SecurityWeek.
SecurityWeek RSS Feed
Palo Alto Warns of Critical Flaw That Let Attackers Takeover Firewalls
Palo Alto Networks, a leading cybersecurity company, has issued an urgent warning to its customers about critical vulnerabilities in its Expedition solution that could allow attackers to hijack PAN-OS firewalls.
Palo Alto urges users to patch these security flaws immediately, as public exploit code is already available.
The vulnerabilities were found in Palo Alto Networks’ Expedition solution, which migrates configurations from other vendors’ firewalls.
These flaws can be exploited to access sensitive data, including user credentials, potentially leading to a complete takeover of firewall admin accounts.
The most severe vulnerability, CVE-2024-9463, has a CVSS score of 9.9 out of 10, indicating its critical nature.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
This flaw allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in the disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
Other significant vulnerabilities include:
CVE-2024-9464 (CVSS 9.3): An authenticated command injection vulnerability.
CVE-2024-9465 (CVSS 9.2): An unauthenticated SQL injection vulnerability.
CVE-2024-9466 (CVSS 8.2): A cleartext storage of sensitive information vulnerability.
CVE-2024-9467 (CVSS 7.0): A reflected cross-site scripting (XSS) vulnerability.
Security researcher Zach Hanley from Horizon3.ai, who discovered four of these vulnerabilities, has published a root cause analysis and a proof-of-concept exploit.
The exploit chains the CVE-2024-5910 admin reset flaw with the CVE-2024-9464 command injection vulnerability to gain unauthenticated arbitrary command execution on vulnerable Expedition servers.
Palo Alto Networks has released fixes for all listed issues in Expedition version 1.2.96 and later. The company strongly recommends that all Expedition usernames, passwords, and API keys be rotated after upgrading to the fixed version.
Additionally, all firewall usernames, passwords, and API keys processed by Expedition should be rotated after updating.
For administrators who cannot immediately deploy the security updates, Palo Alto Networks advises restricting Expedition network access to authorized users, hosts, or networks.
As of now, Palo Alto Networks states that there is no evidence of these security flaws being exploited in attacks. However, given the availability of public exploit code, the risk of exploitation is significant.
Organizations using Palo Alto Networks’ Expedition solution should take immediate action to mitigate these vulnerabilities and protect their network infrastructure from potential attacks.
Strategies to Protect Websites & APIs from Malware Attack => Free Webinar
The post Palo Alto Warns of Critical Flaw That Let Attackers Takeover Firewalls appeared first on Cyber Security News.
Swalwell for Congress Campaign Partners with Wolfsbane.ai to Protect Against AI-Generated Cloning
[[{“value”:”
Today, Congressman Eric Swalwell, CA-14, announced that he has partnered with Wolfsbane.ai to help prevent his 2024 election campaign content from being used to create AI clones and deepfakes.
Wolfsbane.ai will use its patent-pending technology to encode Rep. Swalwell’s campaign videos and audio with a countermeasure that makes creating AI clones with that content difficult.
Rep. Swalwell is the first political figure to use Wolfsbane.ai and take an active step to ensure that his campaign content is not used to create clones and fakes that can be used for misinformation. “Ensuring the integrity of our democratic process is of paramount importance,” said Swalwell.
“Embracing cutting-edge tools such as Wolfsbane.ai to prevent deepfakes is not just an option; it’s a necessity in safeguarding elections against fraud and misinformation.”
Rep. Swalwell is ranking member of the Cybersecurity and Infrastructure Protection Congressional Subcommittee where he has stressed the dangers of AI-generated deepfakes in spreading election misinformation. Rep.
Swalwell is not merely talking about preventing deepfakes, he is taking active steps to ensure that his own voice and likeness are protected using the latest technology advancements. “AI is a potent technology,” said Swalwell.
“If used irresponsibly, it can hijack the likeness and voice of public figures to undermine their credibility and spread disinformation. Wolfsbane.ai will mitigate the risks of this happening to me.”
One of the advancements in the fight against AI deepfakes is Wolfsbane.ai. Wolfsbane.ai is a recently launched service offered by Play Cubed: A company founded by content protection pioneers Randy Saaf and Octavio Herrera as well as Fazri Zubair and Noah Edelman.
Wolfsbane.ai allows customers to protect their content, voice, IP and identity from unauthorized AI cloning and deepfakes. Before publishing any content, Wolfsbane.ai customers can use a simple interface to upload and quickly process it; once done that content is protected by the Wolfsbane countermeasure and the user can publish their content with peace-of-mind.
Wolfsbane.ai’s patent-pending encoding technology offers a robust defense, designed to effectively combat a wide spectrum of AI cloning tools.
Wolfsbane.ai is being used by music artists, entertainment companies, content creators, and individuals but the company is very focused on working with campaigns as well as government officials.
“We are proud to be working with Rep. Swalwell’s campaign” said Play Cubed CEO Randy Saaf. “We think our technology can be an effective tool in the fight against AI fakes during this important election year.”
Elected in 2012 to Congress, representing the East Bay in Northern California, Eric Swalwell served eight years on the House Intelligence Committee where he was the chairman and ranking member overseeing the CIA.
On the Intelligence Committee, Eric helped lead the House Investigation into Russia’s interference in the 2016 election, and later, the first and second impeachments of Donald Trump.
As a member of the House Democrats’ leadership team, Eric was on the House Floor on January 6. A week after the attack, Eric was appointed as a House Impeachment Manager for the former president’s Senate trial.
Eric currently serves on the House Judiciary and Homeland Security Committees. He is also Chairman Emeritus and founder of Future Forum, a group of young Democratic members focused on issues and opportunities for millennial Americans.
Eric is also founder and co-chair of the bipartisan Critical Materials Caucus, and Personalized Medicine Caucus. Every day Eric strives to make sure if you work hard it adds up to doing better for yourself and dreaming bigger for your family.
Play Cubed provides AI Content Protection services via its patent-pending technology Wolfsbane.ai.
Play Cubed is founded by Randy Saaf, Octavio Herrera, Fazri Zubair, and Noah Edelman. Our team has been together for over 8 years, with Randy and Octavio having worked together for over 20 years. Randy and Octavio are proven entrepreneurs with two successful exits valuing nearly $400M.
Randy and Octavio are content protection pioneers, having co-founded P2P anti-piracy provider MediaDefender in 2000. MediaDefender was used by every major music label and movie studio and was acquired by ARTISTDirect in 2005.
The Play Cubed team also has a successful history of developing enabling technologies used by top companies such as Major League Baseball, NBA, CBS, ESPN, Mattel, Universal Music, Sony Music, Lionsgate, and many more.
Cofounder
Octavio Herrera
Play Cubed
contact@playcubed.io
The post Swalwell for Congress Campaign Partners with Wolfsbane.ai to Protect Against AI-Generated Cloning appeared first on Cyber Security News.
“}]] Read More
Cyber Security News