Schneier on Security

JANUARY 17, 2024

Interesting research: “ Do Users Write More Insecure Code with AI Assistants? “: Abstract: We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that participants who had access to an AI assistant based on OpenAI’s codex-davinci-002 model wrote significantly less secure code than those without access.

Artificial Intelligence 307

Artificial Intelligence 307

Joseph Steinberg

JANUARY 19, 2024

Several hours ago , I received a phone call; the caller ID displayed the accurate name and phone number of my local utility company. As our area has, at times, suffered from power disruptions during winter storms, and we had winter weather yesterday and are expecting more tomorrow, I answered the call to see if the utility was advising of some repair that could impact service.

Scams 230

Scams Artificial Intelligence Accountability Data breaches 230

Krebs on Security

JANUARY 19, 2024

A Canadian man who says he's been falsely charged with orchestrating a complex e-commerce scam is seeking to clear his name.

Scams 253

Scams 253

Troy Hunt

JANUARY 15, 2024

Geez it's nice to be back in Oslo! This city has such a special place in my heart for so many reasons, not least of which by virtue of being Charlotte's home town we have so many friends and family here. Add in NDC Security this week with so many more mutual connections, beautiful snowy weather, snowboarding, sledging and even curling, it's just an awesome time.

194

194

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

JANUARY 19, 2024

Okay, so this is weird. Zelle has been using my name, and my voice, in audio podcast ads—without my permission. At least, I think it is without my permission. It’s possible that I gave some sort of blanket permission when speaking at an event. It’s not likely, but it is possible. I wrote to Zelle about it. Or, at least, I wrote to a company called Early Warning that owns Zelle about it.

Marketing 270

Marketing 270

Tech Republic Security

JANUARY 18, 2024

The Androxgh0st malware botnet is used for victim identification and exploitation in targeted networks, as well as credentials collection. Read the FBI/CISA's tips for protecting against this malware threat.

Malware 169

Malware Cybersecurity 169

Penetration Testing

JANUARY 16, 2024

A new threat looms large for users of Confluence Data Center and Confluence Server, marked by the alarming designation CVE-2023-22527. This vulnerability, with a CVSS score of 10, signifies the highest level of severity... The post CVE-2023-22527 (CVSS 10): Critical RCE Flaw in Confluence Data Center and Server appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing 145

Schneier on Security

JANUARY 19, 2024

This is a fascinating story. Last spring, a friend of a friend visited my office and invited me to Langley to speak to Invisible Ink, the CIA’s creative writing group. I asked Vivian (not her real name) what she wanted me to talk about. She said that the topic of the talk was entirely up to me. I asked what level the writers in the group were.

259

259

Tech Republic Security

JANUARY 19, 2024

IT spending in Australia is forecast to increase significantly in 2024. This means that IT pros who spend time on skills development will be able to instead focus on growth in their career.

Big data 157

Big data 157

Malwarebytes

JANUARY 17, 2024

The San Francisco Chronicle tells a story about a family that almost got scammed when they heard their son’s voice telling them he’d been in a car accident and hurt a pregnant woman. Sadly, this is becoming more common. Scammers want to spread panic among their victims, and to do this, they feign an emergency situation. That may be a car accident, unexpected hospitalization, or any other scenarios which instantly cause concern and cause victims to act quickly.

Scams 143

Scams Artificial Intelligence Identity Theft Social Engineering 143

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Penetration Testing

JANUARY 14, 2024

Pandora This is a red team tool that assists in gathering credentials from different password managers. They are separated into three categories, Windows 10 desktop applications, browsers, and browser plugins. This may work on... The post pandora: A red team tool to extract credentials from password managers appeared first on Penetration Testing.

Password Management 145

Password Management Passwords Penetration Testing 145

Schneier on Security

JANUARY 18, 2024

After 175 million failed password guesses, a judge rules that the Canadian police must return a suspect’s phone. [Judge] Carter said the investigation can continue without the phones, and he noted that Ottawa police have made a formal request to obtain more data from Google. “This strikes me as a potentially more fruitful avenue of investigation than using brute force to enter the phones,” he said.

Passwords 246

Passwords 246

Tech Republic Security

JANUARY 18, 2024

Security researchers from Trail of Bits identified a GPU memory vulnerability they called LeftoverLocals. Some affected GPU vendors have issued fixes.

Artificial Intelligence 160

Artificial Intelligence 160

WIRED Threat Level

JANUARY 17, 2024

Once, drug dealers and money launderers saw cryptocurrency as perfectly untraceable. Then a grad student named Sarah Meiklejohn proved them all wrong—and set the stage for a decade-long crackdown.

Cryptocurrency 139

Cryptocurrency 139

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Malwarebytes

JANUARY 19, 2024

Users of Chrome Canary have noticed some slight changes in the wording that Google uses for Incognito mode. Chrome Canary is mainly intended for use by developers. It’s updated nearly daily with new features, and because it can be used alongside versions of the “normal” Chrome browser (known collectively as Chrome’s “Stable channel”), it can serve for testing and development purposes.

Data collection 137

Data collection VPN Risk 137

Schneier on Security

JANUARY 15, 2024

New research demonstrates voice cloning, in multiple languages, using samples ranging from one to twelve seconds. Research paper.

266

266

Tech Republic Security

JANUARY 16, 2024

Small and midsize businesses are increasingly being targeted by cybercriminals — but they often lack the resources and expertise to develop comprehensive security policies to help defend against threats. This set of policies from TechRepublic Premium will help your company establish guidelines and procedures to reduce the risks. The pack comprises seven documents: IT Staff.

Risk 142

Risk 142

Bleeping Computer

JANUARY 18, 2024

Multiple Atlassian Jira products are experiencing an ongoing outage as of this morning. Users of Jira Work management, Jira Software, Jira Service Management and Jira Product Discovery are facing connection issues. [.

Software 137

Software Technology 137

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

We Live Security

JANUARY 16, 2024

By eliminating these mistakes and blind spots, your organization can take massive strides towards optimizing its use of cloud without exposing itself to cyber-risk

Cyber Risk 142

Cyber Risk Risk 142

Schneier on Security

JANUARY 14, 2024

This is a current list of where and when I am scheduled to speak: I’m speaking at the International PolCampaigns Expo (IPE24) in Cape Town, South Africa, January 25-26, 2024. The list is maintained on this page.

222

222

Tech Republic Security

JANUARY 18, 2024

Security researchers from Trail of Bits identified a GPU memory vulnerability they called LeftoverLocals. Some affected GPU vendors have issued fixes.

Artificial Intelligence 141

Artificial Intelligence 141

Malwarebytes

JANUARY 16, 2024

Facebook scams are a constant nuisance and vary from like-farming to scams that can cost you some serious money. The latest one we found is a bit morbid. Recently, I’ve seen quite a few posts on my timeline that looked like this: Without going into details the post says: “I can’t believe he’s gone. I’ll miss him so much” In all the posts I’ve seen, one of my Facebook friends was tagged.

Scams 135

Scams Adware Accountability VPN 135

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

JANUARY 15, 2024

Adblock and Adblock Plus users report performance issues on YouTube, initially blamed on Google but later determined to be an issue in the popular ad-blocking extension. [.

Software 136

Software 136

Schneier on Security

JANUARY 16, 2024

Over at Wired, Andy Greenberg has an excellent story about the creators of the 2016 Mirai botnet.

258

258

Tech Republic Security

JANUARY 19, 2024

Protect your business from both tech and human error with EaseUS Data Recovery Wizard, now just $46 for life for a limited time this January.

145

145

Security Boulevard

JANUARY 18, 2024

Have I been pwned? Yes, you probably have. Stop reusing passwords, already. Here’s what else you should do. The post Massive ‘New’ Leaked Credentials List: Naz.API Pwns Troy appeared first on Security Boulevard.

Passwords 132

Passwords Social Engineering Data privacy Authentication 132

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Bleeping Computer

JANUARY 18, 2024

Appliances giant Haier reportedly issued a takedown notice to a software developer for creating Home Assistant integration plugins for the company's home appliances and releasing them on GitHub. [.

Software 133

Software 133

Malwarebytes

JANUARY 18, 2024

Google has released an update for Chrome which includes four security fixes, including one for a vulnerability that has reportedly already been exploited. The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong—such as an extension stopping you from updating the browser.

Engineering 131

Engineering Software Risk Cybersecurity 131

Tech Republic Security

JANUARY 16, 2024

Data in transit means data is at risk if the proper precautions aren’t followed. Data stored inside a securely monitored environment is much less likely to fall into the wrong hands than data exchanged between people and systems. With this in mind, it is essential for company personnel to adhere to firm and clear guidelines.

Risk 126

Risk Software Mobile 126

Security Boulevard

JANUARY 17, 2024

Salt Security added a posture governance engine to its API security platform that defines and enforces implementation standards. The post Salt Security Adds Governance Engine to API Security Platform appeared first on Security Boulevard.

Engineering 131

Engineering Government Risk Cybersecurity 131

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk