A high-severity security flaw has been disclosed in Meta's Llama large language model (LLM) framework that, if successfully exploited, could allow an attacker to execute arbitrary code on the llama-stack inference server. The vulnerability, tracked as CVE-2024-50050, has been assigned a CVSS score of 6.3 out of 10.0. Supply chain security firm Snyk, on the other hand, has … [Read more...] about Meta’s Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks
Security
Over 100 Security Flaws Found in LTE and 5G Network Implementations
Jan 24, 2025Ravie LakshmananTelecom Security / Vulnerability A group of academics has disclosed details of over 100 security vulnerabilities impacting LTE and 5G implementations that could be exploited by an attacker to disrupt access to service and even gain a foothold into the cellular core network. The 119 vulnerabilities, assigned 97 unique CVE identifiers, span seven LTE … [Read more...] about Over 100 Security Flaws Found in LTE and 5G Network Implementations
2025 State of SaaS Backup and Recovery Report
The modern workplace has undergone a seismic transformation over recent years, with hybrid work becoming the norm and businesses rapidly adopting cloud-based Software-as-a-Service (SaaS) applications to facilitate it. SaaS applications like Microsoft 365 and Google Workspace have now become the backbone of business operations, enabling seamless collaboration and productivity. … [Read more...] about 2025 State of SaaS Backup and Recovery Report
Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits
Jan 23, 2025Ravie LakshmananFirmware Security / Vulnerability An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices' firmware as well as misconfigured security features. "These weren't obscure, corner-case vulnerabilities," security vendor Eclypsium said in a report shared with The Hacker … [Read more...] about Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits
Researchers Explore Contrastive Learning for Malware Detection
CrowdStrike research shows that contrastive learning improves supervised machine learning results for PE (Portable Executable) malwareApplying self-supervised learning to PE files enhances the effectiveness of machine learning in cybersecurity, which is crucial to address the evolving threat landscapeCrowdStrike researchers engineered a novel loss function to optimize … [Read more...] about Researchers Explore Contrastive Learning for Malware Detection
Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review
Jan 22, 2025Ravie LakshmananCybersecurity / National Security The new Trump administration has terminated all memberships of advisory committees that report to the Department of Homeland Security (DHS). "In alignment with the Department of Homeland Security's (DHS) commitment to eliminating the misuse of resources and ensuring that DHS activities prioritize our national … [Read more...] about Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review
Simplifying Zero Trust Security for the Modern Workplace
Organizations face an evolving array of cyber threats these days. As attackers have become more sophisticated, it is important to adopt a comprehensive security strategy that includes a layered approach and increased protection for the modern workplace. That includes the home office, branch, campus, coffee shop, or anywhere in between. Cisco’s Enhanced User Protection … [Read more...] about Simplifying Zero Trust Security for the Modern Workplace
Leveraging CrowdStrike Falcon Next-Gen SIEM Against Attacks Targeting Okta
Detecting MFA Fatigue The following rule looks for instances where multiple MFA push notifications are sent to a given user and identifies scenarios where multiple failed push notifications are sent and a successful push notification followed. Note that when a push notification is sent, it’s also transmitted to each registered device, which may result in a slightly skewed … [Read more...] about Leveraging CrowdStrike Falcon Next-Gen SIEM Against Attacks Targeting Okta
Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers
Jan 21, 2025Ravie LakshmananBotnet / Vulnerability Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed Murdoc Botnet. The ongoing activity "demonstrates enhanced capabilities, exploiting vulnerabilities to compromise devices and … [Read more...] about Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers
Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
Jan 20, 2025Ravie LakshmananNetwork Security / Vulnerability New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks. "Internet hosts that accept tunneling packets without verifying the sender's identity can be hijacked to perform anonymous attacks and provide access to their networks," … [Read more...] about Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers