Tag Archive for: FirstEver

Vehere Takes the Lead With Tracking Its First-ever Zero-day Vulnerability and Subsequent Responsible Disclosure

/in


SAN FRANCISCO, May 30, 2023–(BUSINESS WIRE)–Vehere’s research wing, Dawn Treader, has announced its recent discovery of a zero-day vulnerability, marking a significant achievement for the cyber network intelligence organization. This is the first time Vehere has made such a discovery, showcasing the efficiency and capability of the research team. The identification of this vulnerability is a major milestone for the organization, and demonstrates their commitment to staying at the forefront of the ever-evolving cybersecurity landscape.

The vulnerability, identified through fuzzing, was a heap buffer overflow in MagickCore/quantum-import.c and affects ImageMagick versions 7.1.1-6. It allows attackers to exploit a crafted file and trigger an out-of-bound read error, resulting in an application crash and denial-of-service. The vulnerability was responsibly disclosed to ImageMagick, which promptly released a patch addressing the issue by ensuring proper memory allocation. RedHat has released an advisory to warn users about this vulnerability, assigning it a CVSS score of 5.5 and a CVE ID of CVE-2023-2157.

Read Dawn Treader’s exclusive blog post and discover further details about this zero-day vulnerability:
https://vehere.com/threat-severity-high/breaking-down-the-imagemagick-cve-2023-2157-vulnerability-dawn-treaders-findings/

Speaking on this impactful discovery, Vehere’s co-founder Praveen Jaiswal said, “Vehere’s successful identification and ethical disclosure of the vulnerability highlight our commitment to proactively identify and address potential threats. We are extremely proud that we are one of the few Indian companies to identify a zero-day vulnerability, and it serves as a testament to the expertise and dedication of our research team, Dawn Treader.”

Vehere is a revolutionary cybersecurity company that is boldly merging the realms of national security and enterprise security through a single, powerful platform. With a strong global presence and unparalleled expertise in cyber network intelligence, Vehere is radically changing the way organizations and governments protect themselves from cyber threats. Established in 2006, Vehere is a global corporation with offices in San…

Source…

Rajnath Singh to launch first-ever AI exhibition, to showcase 75 new AI-enabled defence products

/in


Defence Minister Rajnath Singh will launch India’s first-ever ‘Artificial Intelligence in Defence’ (AIDef) symposium and exhibition organised by the Department of Defence Production, Ministry of Defence on Monday, July 11 at Vigyan Bhawan in Delhi. The Artificial Intelligence in Defence (AIDef) symposium will feature an exhibition to showcase the cutting-edge AI-enabled solutions developed by the services, research organisations, Industry and start-ups and innovators and the launch of AI products for the market.

The Defence Secretary Ajay Kumar on Friday shared that it will be a major event with the intent to promote ‘Aatmanirbharta‘ initiative in Defence sector, where 75 newly-developed AI products and technologies, having applications in defence, will be launched, as part of the celebrations marking 75 years of Independence ‘Azadi Ka Amrit Mahotsav’. “Nature of modern warfare is changing and AI will play a significant role in warfare. These products are tested and soon to be deployed in the safety and security of the nation,” Kumar said.

Additionally, Kumar said that the products are in the domains of automation, unmanned, robotics systems, cyber security, human behaviour analysis, intelligent monitoring system, logistics and supply chain management, speech, voice analysis and Command, Control, Communication, Computer and Intelligence, Surveillance and Reconnaissance (C4ISR) systems and operational data analytics. “Besides the 75 products being launched, another 100 are in various stages of development,” he added. Two top defence exporters one each from the public and private sector will be felicitated during the event.

Additional Secretary Sanjay Jaju said that defence exports have crossed the highest ever figure of 13,000 crore in Financial Year 2021-22, with 70 per cent contribution coming from…

Source…

HackNotice Introduces the First-Ever Free Combined Security and Threat Awareness Service

/in


Fremont, CA: HackNotice launched world’s first security and threat awareness combination service available to both new and current users. Individuals may expand their understanding of appropriate cyber hygiene practices by taking the additional security awareness training course. The course includes 50 instructional videos, a cybersecurity exam, and accreditation

The new program is a wonderful addition for clients of HackNotice Teams, HackNotice’s security and threat awareness service, who are eager to boost their enterprise’s security programs. Quick, on-the-spot courses are ideal for engaging employees and business divisions inside an organization. Clients may also view dynamic statistics to see user and organizational progress and opportunities for development.

Hacknotice is the first company-wide security awareness software that makes staff more careful when using the internet. Users monitor, review, and respond quickly to real-world cyber-threats. The Hacknotice platform focuses on bridging the gap between the security staff and other workers through real-time warnings, round-the-clock monitoring, recovery advice, and extra education.

Cybersecurity training gets primarily provided to corporation personnel, with rigorous, week-long seminars and lectures typically costing hundreds of thousands of dollars. On the other hand, having strong security awareness is essential for any individual. The newly published self-paced course assures that everyone who has access to the internet may learn proper cyber practices.

HackNotice’s new course provides focused modules tailored to a user’s risk profile. “What makes the combined service great is that our threat modeling and security awareness course work together. When someone faces a large amount of personal information exposure, we recommend more phishing training. When someone has several passwords stolen, we have them focus on our password training. Now, users can receive the critical training that they need instantly, tailored to their specific risks,” said Steve Thomas, CEO and Co-Founder of HackNotice.

 

Source…

District council declares Germany’s first-ever ‘cyber-catastrophe’

/in


BERLIN: A district council in eastern Germany has declared a disaster after its computer systems were paralysed by a hacker attack in what the federal cybersecurity watchdog confirmed was the country’s first-ever “cyber-catastrophe”.

Hackers knocked out the IT operations of the municipality of Anhalt-Bitterfeld, in the state of Saxony-Anhalt, on Tuesday (Jul 6), a spokesperson confirmed to Reuters on Saturday.

“We are almost completely paralysed,” the spokesperson said, adding its offices would probably remain offline next week and giving no indication of when services would resume.

The municipality declined comment on the identity of the attacker or whether they had made a ransom demand, citing a police investigation. Security sources say German local governments often run outdated and poorly maintained software systems that could be wide open to cyberattack.

The rural district of Anhalt-Bitterfeld, with a population of 157,000, is for the time being unable to pay out welfare benefits. Its consequent catastrophe declaration is a formal step that allows it to call for federal help.

The cyberattack is the latest in a series of incidents targeting public infrastructure, including the recent takedown of the US Colonial Pipeline, while extortionists have also targeted widely used IT applications with ransomware attacks.

Germany’s BSI cybersecurity agency said it had sent a crisis team to Anhalt-Bitterfeld. A spokesperson said that, although other local authorities had been the victim of cyberattacks, none had declared a catastrophe as a result.

Source…