Schneier on Security
OCTOBER 1, 2024
This vulnerability hacks a feature that allows ChatGPT to have long-term memory, where it uses information from past conversations to inform future conversations with that same user. A researcher found that he could use that feature to plant “false memories” into that context window that could subvert the model. A month later, the researcher submitted a new disclosure statement.
Tech Republic Security
OCTOBER 1, 2024
Version 24H2 adds the sudo command and alerts users when an application accesses their physical location. Microsoft polished other security features, too.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
OCTOBER 1, 2024
Pittsburgh, PA, Oct. 1, 2024 — ForAllSecure , the world’s most advanced application security testing company, today announced it is changing its corporate name to Mayhem Security (“Mayhem”), signaling a new era of growth and opportunity aligned with its award-winning Mayhem Application Security platform. Founded by a team of researchers from Carnegie Mellon, the company’s focus has evolved from research, development, and education to a product company centered arou
Tech Republic Security
OCTOBER 1, 2024
A report from insurer QBE predicts that the world will experience 211 significant cyber attacks this year, marking a 105% increase over four years.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Malwarebytes
OCTOBER 1, 2024
Ireland’s privacy watchdog Data Protection Commission (DPC) has fined Meta €91M ($101M) after the discovery in 2019 that Meta had stored 600 million Facebook and Instagram passwords in plaintext. The DPC ruled that Meta was in violation of GDPR on several occasions related to this breach. It determined that the company failed to “notify the DPC of a personal data breach concerning storage of user passwords in plaintext” without delay, and failed to “document personal data breaches concerning the
Tech Republic Security
OCTOBER 1, 2024
If you’re curious about how to create a secure password, read our in-depth guide covering password security and best practices.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Affairs
OCTOBER 1, 2024
North Korea-linked APT Kimsuky has been linked to a cyberattack on Diehl Defence, a German manufacturer of advanced military systems. North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the production of advanced military systems. Diehl Defence GmbH & Co. KG is a German weapon manufacturer headquartered in Ăśberlingen.
Security Boulevard
OCTOBER 1, 2024
Security operations platform provider Exabeam announced its first product release since acquiring LogRhythm earlier this year, a provider of self-hosted and cloud-native SIEM platforms, log management, network monitoring and behavior and security analytics products. The post Exabeam Brings AI Security Operations to On-Premises, Cloud Native and Hybrid Environments appeared first on Security Boulevard.
Security Affairs
OCTOBER 1, 2024
AFP suffered a cyberattack affecting its IT systems and content delivery for partners, the incident impacted some client services. Agence France-Presse (AFP) reported a cyberattack on Friday that impacted its IT systems and content delivery for partners. The media agency confirmed that the global news coverage remains unaffected, however some client services were impacted.
Zero Day
OCTOBER 1, 2024
Regular measurement is one way to accurately gauge your level of hypertension. Wrist-based blood pressure monitoring remains elusive, but YHE offers a method that appears better than the rest.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Security Affairs
OCTOBER 1, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link DIR-820 Router, DrayTek Multiple Vigor Router, Motion Spell GPAC, SAP Commerce Cloud bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS, ImageMagick and Linux Kernel vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.
eSecurity Planet
OCTOBER 1, 2024
This week was relatively quiet regarding new vulnerabilities, but we’re seeing a few issues, like flaws in WhatsApp Gold and NVIDIA. Additionally, researchers published a report on a Kia dealer portal vulnerability that’s since been fixed but affected millions of vehicles. The flaw could have allowed RCE on vehicles, including unlocking the car, tracking its travel patterns, and causing it to honk.
Penetration Testing
OCTOBER 1, 2024
Zimbra, one of the most widely used email and collaboration platforms globally, has recently been identified as vulnerable to a critical security flaw that could allow attackers to take full... The post PoC Exploit Releases for Zimbra RCE Flaw CVE-2024-45519: Mass Exploitation Detected appeared first on Cybersecurity News.
The Hacker News
OCTOBER 1, 2024
Cybersecurity researchers are warning about active exploitation attempts targeting a newly disclosed security flaw in Synacor's Zimbra Collaboration. Enterprise security firm Proofpoint said it began observing the activity starting September 28, 2024.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
OCTOBER 1, 2024
Data collection, whether innocuous machine measurements or sensitive and regulated private information, plays a primary role in practically every business that uses the internet and IT infrastructure for business operations. Keeping that collected data safe and away from unauthorized users and criminal intruders is the job of the cybersecurity engineer.
Webroot
OCTOBER 1, 2024
As October rolls around, it’s time to focus on cybersecurity. After all, it’s Cybersecurity Awareness Month —a perfect reminder to check in on the safety of your identity. If you’ve ever had your identity stolen or know someone who has, you understand how serious the problem is. From text scams to stolen passwords, criminals are finding new ways to steal personal information.
The Hacker News
OCTOBER 1, 2024
A new set of malicious packages has been unearthed in the Python Package Index (PyPI) repository that masqueraded as cryptocurrency wallet recovery and management services, only to siphon sensitive data and facilitate the theft of valuable digital assets.
SecureWorld News
OCTOBER 1, 2024
When we're talking security, we often overlook a basic fact of human beings: the best protection strategies won't work if no one is paying attention. Too many cybersecurity training programs are designed with lots of focus on the factual content of the training, but with minimal effort to engage people. Boring training is ineffective, so we need to fundamentally rethink our approach to awareness.
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
The Hacker News
OCTOBER 1, 2024
The threat actors behind the Rhadamanthys information stealer have added new advanced features to the malware, including using artificial intelligence (AI) for optical character recognition (OCR) as part of what's called "Seed Phrase Image Recognition.
SecureWorld News
OCTOBER 1, 2024
On Sun day, California Governor Gavin Newsom vetoed Senate Bill 1047, a bill that aimed to implement the most extensive AI regulations in the United States. The bill, seen as a model for national AI legislation, sought to establish sweeping oversight over the booming artificial intelligence industry in California. The veto sparked mixed reactions. AI advocates and tech companies welcomed the move, citing concerns that strict regulations could stifle innovation and competitiveness in California's
Zero Day
OCTOBER 1, 2024
Hurricane Helene's devastation highlights a need for more people to have easier access to satellite messaging. Here are your options right now.
Cisco Security
OCTOBER 1, 2024
Passwords are a problem and it’s hard to make a good one. So what can you do? Make them long, make them random, and maybe use a password manager. Passwords are a problem and it’s hard to make a good one. So what can you do? Make them long, make them random, and maybe use a password manager.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Approachable Cyber Threats
OCTOBER 1, 2024
Category Awareness, Compliance, FedRAMP Risk Level The FedRAMP JAB is gone. What are the next steps, and what does it mean for you? The Federal Risk and Authorization Management Program (FedRAMP) has been a cornerstone for ensuring the security of cloud services used by federal agencies. Recently, significant changes to the program - specifically the sunset of the Joint Authorization Board (JAB) - have sparked discussions across the cloud computing landscape.
Security Affairs
OCTOBER 1, 2024
US healthcare provider UMC Health System had to divert patients due to a network outage caused by a ransomware attack. On September 27, 2024, US healthcare provider UMC Health System announced an investigation into an IT outage across its network. UMC diverted patients for several days after taking IT systems offline following a ransomware attack. “However, out of an abundance of caution, we will continue to temporarily divert incoming emergency and non-emergency patients via ambulance to
Heimadal Security
OCTOBER 1, 2024
Most people today have at least some experience with patching. If you own a smartphone, you will be familiar with Android or iOS updates. Same goes with the apps on your phone. Whether you use banking, travel or social media apps, you’ll occasionally get notifications pushing you to update these tools. While patching is common, […] The post Why Is IT Forcing You to Patch Your Software?
Zero Day
OCTOBER 1, 2024
The Enduro 2 was the battery champ a couple of years ago. The Enduro 3 now takes the title while launching for $200 less than its predecessor.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Webroot
OCTOBER 1, 2024
October is the month for pumpkin spice and all things spooky. But protecting your personal information online doesn’t need to be scary. For more than 20 years now, October has also been recognized as Cybersecurity Awareness Month. In our digitally connected world, apps and online accounts can make our lives much more convenient. Sadly, they can also make our personal data more vulnerable to cyber threats.
SecureList
OCTOBER 1, 2024
Key Group, or keygroup777, is a financially motivated ransomware group primarily targeting Russian users. The group is known for negotiating with victims on Telegram and using the Chaos ransomware builder. The first public report on Key Group’s activity was released in 2023 by BI.ZONE, a cybersecurity solutions vendor: the attackers drew attention when they left an ideological note during an attack on a Russian user, in which they did not demand money.
We Live Security
OCTOBER 1, 2024
Having a recovery option built into the OS for all third-party software would be more efficient than relying on each software vendor to develop their own solution.
Zero Day
OCTOBER 1, 2024
If you care about your phone privacy, consider tweaking these settings to prevent Android from targeting you with ads. Here's how.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Expert insights. Personalized for you.
243 
Let's personalize your content