July 2024

Meta’s AI safety system defeated by the space bar

'Ignore previous instructions' thwarts Prompt-Guard model if you just add some good ol' ASCII code 32 Meta's machine-learning model for detecting prompt injection attacks – special prompts to make neural networks behave inappropriately – is itself vulnerable to, you guessed it, prompt injection attacks.…

Intruders at HealthEquity rifled through storage, stole 4.3M people’s data

No mention of malware or ransomware – somewhat of a rarity these days HealthEquity, a US fintech firm for the healthcare sector, admits that a "data security event" it discovered at the end of June hit the data of a substantial 4.3 million individuals. Stolen details include addresses,…

Google apologizes for breaking password manager for millions of Windows users with iffy Chrome update

Happy Sysadmin Day Google celebrated Sysadmin Day last week by apologizing for breaking its password manager for millions of Windows users – just as many Windows admins were still hard at work mitigating the impact of the faulty CrowdStrike update.…

Microsoft admits 8.5M CrowdStruck machines estimate was lowballed

Promises to discourage use of kernel mode by AV – so they don't crash the world again Microsoft has admitted that its estimate of 8.5 million machines crashed by CrowdStrike's faulty software update was almost certainly too low, and vowed to reduce infosec vendors' reliance on kernel-mode drivers…

China ponders creating a national ‘cyberspace ID’

Because clearly it's better for Beijing to know who you are than for every ISP and social service to keep its own records Beijing may soon issue "cyberspace IDs" to its citizens, after floating a proposal for the scheme last Friday.…

CrowdStrike meets Murphy’s Law: Anything that can go wrong will

And boy, did last Friday's Windows fiasco ever prove that yet again Opinion  CrowdStrike's recent Windows debacle will surely earn a prominent place in the annals of epic tech failures. On July 19, the cybersecurity giant accomplished what legions of hackers could only dream of – bringing millions…

Progress discloses second critical flaw in Telerik Report Server in as many months

These are the kinds of bugs APTs thrive on, just ask the Feds Progress Software's latest security advisory warns customers about the second critical vulnerability targeting its Telerik Report Server in as many months.…

North Korean chap charged for attacks on US hospitals, military, NASA – and even China

Microsoft, Mandiant, weigh in with info about methods used by Andariel gang alleged to have made many, many, heists The US Department of Justice on Thursday charged a North Korean national over a series of ransomware attacks on stateside hospitals and healthcare providers, US defense companies, NASA, and…

Malware crew Stargazers Goblin used 3,000 GitHub accounts to make bank

May even have targeted other malware gangs, and infosec researchers Infosec researchers have discovered a network of over three thousand malicious GitHub accounts used to spread malware, targeting groups including gamers, malware researchers, and even other threat actors who themselves seek to spread malware.…

CrowdStrike update blunder may cost world billions – and insurance ain’t covering it all

We offer this formula instead: RND(100.0)*(10^9) The cost of CrowdStrike's apocalyptic Falcon update that brought down millions of Windows computers last week may be in the billions of dollars, and insurance isn't covering most of that.…

Copyright © 2024 Lugapel