UEFI Secure Boot: Not so secure
ESET researchers uncover a vulnerability in a UEFI application that could enable attackers to deploy malicious bootkits on unpatched systems
PlushDaemon compromises supply chain of Korean VPN service
ESET researchers have discovered a supply-chain attack against a VPN provider in South Korea by a new China-aligned APT group we have named PlushDaemon
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344
The story of a signed UEFI application allowing a UEFI Secure Boot bypass
RSA Conference 2023 – How AI will infiltrate the world
As all things (wrongly called) AI take the world’s biggest security event by storm, we round up of some of their most-touted use cases and applications The post RSA Conference 2023 – How AI will infiltrate the world appeared first on WeLiveSecurity [#item_link]
Evasive Panda APT group delivers malware via updates for popular Chinese software
ESET Research uncovers a campaign by the APT group known as Evasive Panda targeting an international NGO in China with malware delivered through updates of popular Chinese software The post Evasive Panda APT group delivers malware via updates for popular Chinese software appeared first on WeLiveSecurity [#item_link]
Did you mistakenly sell your network access? – Week in security with Tony Anscombe
Many routers that are offered for resale contain sensitive corporate information and allow third-party connections to corporate networks The post Did you mistakenly sell your network access? – Week in security with Tony Anscombe appeared first on WeLiveSecurity [#item_link]
Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack
Similarities with newly discovered Linux malware used in Operation DreamJob corroborate the theory that the infamous North Korea-aligned group is behind the 3CX supply-chain attack The post Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack appeared first on WeLiveSecurity [#item_link]
What was hot at RSA Conference 2023? – Week in security with Tony Anscombe
The importance of understanding – and prioritizing – the privacy and security implications of large language models like ChatGPT cannot be overstated The post What was hot at RSA Conference 2023? – Week in security with Tony Anscombe appeared first on WeLiveSecurity [#item_link]
Microsoft could offer private ChatGPT to businesses for “10 times” the normal cost
Enlarge (credit: Drew Angerer | Getty Images) Microsoft is planning to offer a privacy-focused version of the ChatGPT chatbot to banks, health care providers, and other large organizations concerned about data leaks and regulatory compliance, according to a report from The Information. The product, which could be announced “later this quarter,” would run ChatGPT on
NYPD urges citizens to buy AirTags to fight surge in car thefts
Enlarge / NYC Mayor Eric Adams holding an AirTag. (credit: NYC Mayor’s Office/YouTube) The New York Police Department (NYPD) and New York City’s self-proclaimed computer geek of a mayor are urging resident car owners to equip their vehicles with an Apple AirTag. During a press conference on Sunday, Mayor Eric Adams announced the distribution of