DDoS
Most of the internet exposed to HTTP/2 zero day, as hyperscalers report record DDoS attacks
"Any enterprise or individual that is serving an HTTP-based workload to the Internet may be at risk from this attack"
MGM
The MGM hack: A $100m hit
"The Company currently believes that its cybersecurity insurance will be sufficient to cover the financial impact to its business as a result of the operational disruption..."
Cybersecurity
The State Department is running 27,000 end-of-life systems but its CIO has been hamstrung...
Two new women in charge as CIO and CISO aim to stop the rot
open source
Bad Behaviour and Dirty Downloads: 2.1 billion OSS packages with known vulns downloaded this year.
Strikingly, only 11% of open source projects are ‘actively maintained'. Should you be worried? Well, probably, yes.
open source
Buffer overflow bug gives root on potentially millions of Linux boxes
Do you, or do you not, need to get your knickers in a twist? Well, that depends on your risk tolerance..
Cybersecurity
Progress Software blasts “irresponsible” POC disclosure for CVSS 10 bug amid attacks
A fair gripe, or shooting the messenger?
file transfer
File transfer software again under attack – CVSS 10 bug exploitable with a single HTTPS POST request
Some 2,900 exposed. It's Progress, but it's not progress...
AI
OpenAI faces novel jailbreak risks with GPT-4v image service
“Given the model’s imperfect but increased proficiency for such tasks, it could appear to be useful for certain dangerous tasks...such as synthesis of certain illicit chemicals”
Citi
Job of the Week: Head of Generative AI Security, Citi
"Ideate and leverage Gen AI to solve cybersecurity problems at scale for Citi..."
China
Threat group is installing a backdoor in compromised Cisco router firmware. NSA says get better kit
"The modified firmware uses a built-in SSH backdoor, allowing BlackTech actors to maintain access to the compromised router without their connections being logged"
cryptocurrencies
Researcher hit with a Grand Jury subpoena after feds confuse crypto crook investigation with crime
Sam Curry's work investigating a phishing website from his own IP address saw events escalate rapidly...
Big Interview
The Big Interview: Fidelity's DevOps boss Topo Pal on bad shifts left, "love letters", more.
"DevSecOps shouldn't mean that developers have to be security experts. They won't be, they can't be and it is a very bad idea to even have this expectation."