Nvidia today announced that a digital lab playground for its latest security offering is now available, letting users try out an AI-powered system designed to monitor individual user accounts for potentially hazardous behavior.

The idea, according to the company, is to leverage the large amounts of data that many organizations compile anyway about login and data access events on their systems, and use that to train an AI that watches for user accounts to diverge from their usual patterns. The system moves security teams from a scenario in which they have to comb through potentially millions of events a week to identify a problem to a small handful of “high risk” events identified by the system.

To read this article in full, please click here

Read More

Users of on-premises deployments of Zoho ManageEngine products should make sure they have patches applied for a critical remote code execution vulnerability that attackers have now started exploiting in the wild. Technical details about the flaw along with a proof-of-concept exploit was released late last week, which will allow more attackers to add this exploit to their arsenal.

“The vulnerability is easy to exploit and a good candidate for attackers to ‘spray and pray’ across the Internet,” researchers with penetration testing firm Horizon3.ai said in a blog post. “This vulnerability allows for remote code execution as NT AUTHORITYSYSTEM, essentially giving an attacker complete control over the system. If a user determines they have been compromised, additional investigation is required to determine any damage an attacker has done.”

To read this article in full, please click here

Read More

Imagine you’re an immigrant, who has fled your home country for the United States due to fear of being persecuted and tortured.

What you definitely do not want is the agency handling your asylum request being careless with your personal information – and potentially putting your life and that of loved ones at risk.

Read more in my article on the Hot for Security blog.

Read More

The Supreme Court of the United States (SCOTUS) has announced that its investigation to find the insider who leaked a draft opinion of the Dobbs v. Jackson Women’s Health Org. decision to media outlet Politico has come up empty.

In a nutshell, the court’s insider risk management program, designed to protect the information the justices handle on a daily basis, failed—and failed miserably. Frankly, based on the findings of the report, the court’s insider risk management program—if it existed—was anemic at best.

The investigation, detailed in a 23-page report released on January 19, indicates that the court’s methodology was judged to be thorough by Michael Chertoff of the Chertoff Group, who was asked to review the marshal of the court’s investigative results.

To read this article in full, please click here

Read More

Sliver is gaining popularity due to its modular capabilities and cross-platform support

Read More

Both issues reportedly affected only Samsung devices running Android 12 and below

Read More

Out of the 335 public recommendations issued since 2010, 190 still needed to be implemented

Read More