technologysecurity2.285 min read
"Warning: XZ Utils Backdoor Threatens Linux Security"
1 year ago•Source: The Hacker News
Technologysecurity News
The latest technologysecurity stories, summarized by AI
Featured Technologysecurity Stories
View original source
2.875 min•1 year ago
"Vulnerabilities in Google's Gemini AI Expose It to Cyber Threats"
Google's Gemini large language model (LLM) is found to be susceptible to security threats that could lead to the disclosure of system prompts, generation of harmful content, and indirect injection attacks. The vulnerabilities impact consumers using Gemini Advanced with Google Workspace and companies using the LLM API. These findings highlight the need for testing models for prompt attacks, training data extraction, model manipulation, adversarial examples, data poisoning, and exfiltration, emphasizing the importance of continuously improving safeguards against adversarial behaviors.
More Top Stories
2
"Unveiling China's International Hacking Operation: The I-Soon Document Leak"
USA TODAY•1 year ago
3
"Fortinet Issues Urgent Warning on Active Exploitation of Critical SSL VPN Flaws"
The Hacker News•1 year ago
More Technologysecurity Stories
"Critical Root Access Flaw Discovered in Glibc Library on Major Linux Distros"
Originally Published 1 year ago — by The Hacker News
A new security flaw in the GNU C library (glibc) allows local attackers to gain root access on Linux machines, impacting major distributions like Debian, Ubuntu, and Fedora. The vulnerability, tracked as CVE-2023-6246, is a heap-based buffer overflow in the __vsyslog_internal() function and was accidentally introduced in glibc 2.37. Further analysis also revealed two more flaws in the same function and a bug in the qsort() function, affecting all glibc versions released since 1992. This comes after a previous high-severity flaw in glibc was detailed by Qualys, emphasizing the critical need for strict security measures in software development.
"Outlook Vulnerability Exposes NTLM Passwords, Researchers Find"
Originally Published 1 year ago — by The Hacker News
A security flaw in Microsoft Outlook, tracked as CVE-2023-35636, could allow threat actors to access NT LAN Manager (NTLM) v2 hashed passwords when opening a specially crafted file, potentially through email or web-based attack scenarios. The vulnerability, now patched, was discovered by Varonis security researcher Dolev Taler and could lead to NTLM hashes being leaked. Microsoft has announced plans to discontinue NTLM in Windows 11 in favor of Kerberos for improved security.
Microsoft Ditches NTLM for Kerberos, Free Windows 10 Upgrades Over
Originally Published 2 years ago — by The Hacker News
Microsoft plans to phase out the NT LAN Manager (NTLM) authentication protocol in Windows 11 and focus on strengthening the Kerberos authentication protocol for improved security. New features in Windows 11 include Initial and Pass Through Authentication Using Kerberos (IAKerb) and a local Key Distribution Center (KDC) for Kerberos. NTLM, introduced in the 1990s, has been supplanted by Kerberos since Windows 2000 but continues to be used as a fallback mechanism. NTLM has inherent security weaknesses and is vulnerable to relay attacks, prompting Microsoft to encourage the use of Kerberos instead.