New Generative AI category added to Talos reputation services
Generative AI applies to any site “whose primary purpose is to use artificial intelligence models to generate output in the form of text, audio, video or images based on user-supplied prompts.”
Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges
Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read vulnerabilities that could lead to the exposure of sensitive contents of arbitrary memory in the application.
Apple and Google are taking steps to curb the abuse of location-tracking devices — but what about others?
Plus, SS7 vulnerabilities are being exploited and BreachForums is taken down again.
From trust to trickery: Brand impersonation over the email attack vector
Cisco recently developed and released a new feature to detect brand impersonation in emails when adversaries pretend to be a legitimate corporation.
Rounding up some of the major headlines from RSA
Here’s a rundown of some things you may have missed if you weren’t able to stay on top of the things coming out of the conference.
Talos releases new macOS open-source fuzzer
Compared to fuzzing for software vulnerabilities on Linux, where most of the code is open-source, targeting anything on macOS presents a few difficulties.
Only one critical vulnerability included in May’s Microsoft Patch Tuesday; One other zero-day in DWN Core
The lone critical security issue is CVE-2024-30044, a remote code execution vulnerability in SharePoint Server.
Talos joins CISA to counter cyber threats against non-profits, activists and other at-risk communities
Commercial spyware tools can threaten democratic values by enabling governments to conduct covert surveillance on citizens, undermining privacy rights and freedom of expression.
A new alert system from CISA seems to be effective — now we just need companies to sign up
Under a pilot program, CISA has sent out more than 2,000 alerts to registered organizations regarding the existence of any unpatched vulnerabilities in CISA’s KEV catalog.