Fri.Jun 07, 2024

article thumbnail

Security and Human Behavior (SHB) 2024

Schneier on Security

This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security. The fifty or so attendees include psychologists, economists, computer security researchers, criminologists, sociologists, political scientists, designers, lawyers, philosophers, anthropologists, geo

article thumbnail

OpenAI, Anthropic Research Reveals More About How LLMs Affect Security and Bias

Tech Republic Security

Anthropic opened a window into the ‘black box’ where ‘features’ steer a large language model’s output. OpenAI dug into the same concept two weeks later with a deep dive into sparse autoencoders.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Justice Department Took Down the 911 S5 Botnet

Schneier on Security

The US Justice Department has dismantled an enormous botnet: According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide. These devices were associated with more than 19 million unique IP addresses, including 613,841 IP addresses located in the United States.

article thumbnail

Microsoft Will Switch Off Recall by Default After Security Backlash

WIRED Threat Level

After weeks of withering criticism and exposed security flaws, Microsoft has vastly scaled back its ambitions for Recall, its AI-enabled silent recording feature, and added new privacy features.

Hacking 145
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

LightSpy Spyware's macOS Variant Found with Advanced Surveillance Capabilities

The Hacker News

Cybersecurity researchers have disclosed that the LightSpy spyware allegedly targeting Apple iOS users is in fact a previously undocumented macOS variant of the implant.

Spyware 144
article thumbnail

Google will start deleting location history

Malwarebytes

Google announced that it will reduce the amount of personal data it is storing by automatically deleting old data from “Timeline”—the feature that, previously named “Location History,” tracks user routes and trips based on a phone’s location, allowing people to revisit all the places they’ve been in the past. In an email, Google told users that they will have until December 1, 2024 to save all travels to their mobile devices before the company starts deleting old da

More Trending

article thumbnail

Chinese threat actor exploits old ThinkPHP flaws since October 2023

Security Affairs

Akamai observed a Chinese-speaking group exploiting two flaws, tracked as CVE-2018-20062 and CVE-2019-9082, in ThinkPHP applications. Akamai researchers observed a Chinese threat actor exploiting two old remote code execution vulnerabilities, tracked as CVE-2018-20062 and CVE-2019-9082 , in ThinkPHP. The campaign seems to have been active since at least October 2023, it initially targeted a limited number of customers/organizations but recently became widespread.

Passwords 141
article thumbnail

FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims

The Hacker News

The U.S. Federal Bureau of Investigation (FBI) has disclosed that it's in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost. "We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.

article thumbnail

SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform

Security Affairs

SolarWinds addressed multiple vulnerabilities in Serv-U and the SolarWinds Platform, including a bug reported by a pentester working with NATO. SolarWinds announced security patches to address multiple high-severity vulnerabilities in Serv-U and the SolarWinds Platform. The vulnerabilities affect Platform 2024.1 SR 1 and previous versions. One of the vulnerabilities addressed by the company, tracked as CVE-2024-28996, was reported by a penetration tester working with NATO.

Hacking 139
article thumbnail

The AI Debate: Google's Guidelines, Meta's GDPR Dispute, Microsoft's Recall Backlash

The Hacker News

Google is urging third-party Android app developers to incorporate generative artificial intelligence (GenAI) features in a responsible manner. The new guidance from the search and advertising giant is an effort to combat problematic content, including sexual content and hate speech, created through such tools.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Pandabuy was extorted twice by the same threat actor

Security Affairs

Chinese shopping platform Pandabuy previously paid a ransom demand to an extortion group that extorted the company again this week. The story of the attack against the Chinese shopping platform Pandabuy demonstrates that paying a ransom to an extortion group is risky to the victims. BleepingComputer first reported that Pandabuy had previously paid a ransom to an extortion group to prevent stolen data from being published, but the same threat actor extorted the company again this week.

article thumbnail

5 Ways to Strengthen the Weak Link in Cybersecurity

IT Security Guru

In the current era, proactive cybersecurity steps are essential to upholding a strong cybersecurity stance. A vital investment worth considering is a vulnerability management platform, also known as an exposure management platform, which can enhance preventive cybersecurity measures for businesses of various scales. Below, we will delve into five ways a vulnerability management platform can enhance the cybersecurity defense of your digital environment.

article thumbnail

Ultimate Cyber Hygiene Guide: Learn How to Simplify Your Security Efforts

The Hacker News

2023 was a year of unprecedented cyberattacks. Ransomware crippled businesses, DDoS attacks disrupted critical services, and data breaches exposed millions of sensitive records. The cost of these attacks? Astronomical. The damage to reputations? Irreparable. But here's the shocking truth: many of these attacks could have been prevented with basic cyber hygiene.

DDOS 132
article thumbnail

Microsoft makes Windows Recall opt-in, secures data with Windows Hello

Bleeping Computer

Following massive customer pushback after it announced the new AI-powered Recall for Copilot+ PCs last month, Microsoft says it will update the feature to be more secure and require customers to opt in to enable it. [.

131
131
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

5 Tips for Improving Your Business Security

IT Security Guru

When it comes to data security, you might think of firewalls, encryption, or vulnerability scanning. However, many businesses overlook the role of physical security in safeguarding their card data. However, there are numerous methods for data thieves to gain access that don’t even require a computer. Enhancing your physical security can prevent hackers and social engineers from obtaining the information they need to access and steal card data.

article thumbnail

CVE-2024-5480 (CVSS 10): Critical RCE Vulnerability in PyTorch Distributed RPC Framework

Penetration Testing

A critical vulnerability (CVE-2024-5480) has been discovered in PyTorch’s distributed RPC (Remote Procedure Call) framework, exposing machine learning models and sensitive data to potential remote code execution (RCE) attacks. This flaw, identified by security... The post CVE-2024-5480 (CVSS 10): Critical RCE Vulnerability in PyTorch Distributed RPC Framework appeared first on Cybersecurity News.

article thumbnail

Everything You Need to Know About Cross-Site Scripting 

IT Security Guru

Cross-Site Scripting (XSS) is a sneaky security flaw that lets attackers inject malicious code into seemingly harmless websites. In this article, let’s dive deep into the world of XSS, exploring its different forms, the kind of damage it can cause, and how to spot it. What Is Cross-Site Scripting? Imagine a hacker sneaking hidden code onto a trusted website.

article thumbnail

Cyber Landscape is Evolving - So Should Your SCA

The Hacker News

Traditional SCAs Are Broken: Did You Know You Are Missing Critical Pieces? Application Security professionals face enormous challenges securing their software supply chains, racing against time to beat the attacker to the mark. Software Composition Analysis (SCA) tools have become a basic instrument in the application security arsenal in the last 7 years.

Software 128
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

LastPass says 12-hour outage caused by bad Chrome extension update

Bleeping Computer

LastPass says its almost 12-hour outage yesterday was caused by a bad update to its Google Chrome extension. [.

126
126
article thumbnail

CDW Survey Surfaces Cybersecurity Tool Sprawl Challenges

Security Boulevard

Stress? What stress? 43% of IT professionals report that their organization had experienced a security breach that caused downtime and cost $1-10 million. The post CDW Survey Surfaces Cybersecurity Tool Sprawl Challenges appeared first on Security Boulevard.

article thumbnail

PHP fixes critical RCE flaw impacting all versions for Windows

Bleeping Computer

A new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide. [.

114
114
article thumbnail

The Global Cyber Arms Race: Ensuring Competitive Advantage in National Defense

SecureWorld News

The escalating sophistication and frequency of cyberattacks have ignited a global cyber arms race, as nations vie for dominance in this digital battlefield. Central to this escalating arms race are cyber arms, the digital tools and weapons employed in cyber warfare. These arms encompass a wide array of malicious software, including viruses, worms, ransomware, and zero-day exploits, designed to infiltrate, disrupt, or destroy computer systems and networks.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Apple to unveil new 'Passwords' password manager app for iPhones, Macs

Bleeping Computer

Apple will reportedly unveil a standalone password manager named 'Passwords' as part of iOS 18, iPadOS 18, and macOS 15 during the upcoming Apple Worldwide Developers Conference. [.

article thumbnail

SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign

The Hacker News

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync.

Malware 106
article thumbnail

Friday Five: AI in Cybercrime, the Ongoing Battle Against Ransomware, & More

Digital Guardian

While this past week brought good and bad news in the world of ransomware, agencies and lawmakers are fighting to keep up with evolving cybercrime trends. Catch up on these stories and more in this week's Friday Five.

article thumbnail

Security, the cloud, and AI: building powerful outcomes while simplifying your experience

Cisco Security

Read how Cisco Security Cloud Control prioritizes consolidation of tools and simplification of security policy without compromising your defense. Read how Cisco Security Cloud Control prioritizes consolidation of tools and simplification of security policy without compromising your defense.

105
105
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Frontier warns 750,000 of a data breach after extortion threats

Bleeping Computer

Frontier Communications is warning 750,000 customers that their information was exposed in a data breach after an April cyberattack claimed by the RansomHub ransomware operation. [.

article thumbnail

Beware of Fake KMSPico Activators: A Gateway for Vidar Stealer Malware

Penetration Testing

A recent investigation by eSentire’s Threat Response Unit (TRU) has unveiled a sophisticated attack campaign utilizing counterfeit KMSPico activators to deliver the notorious Vidar Stealer malware. This discovery serves as a stark reminder of... The post Beware of Fake KMSPico Activators: A Gateway for Vidar Stealer Malware appeared first on Cybersecurity News.

Malware 92
article thumbnail

UAC-0020 threat actor used the SPECTR Malware to target Ukraine’s defense forces

Security Affairs

Ukraine CERT-UA warned of cyber attacks targeting defense forces with SPECTR malware as part of a cyber espionage campaign dubbed SickSync. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of cyber espionage campaign targeting defense forces in the country. The Ukrainian CERT attributes the attack to the threat actor UAC-0020 which employed a malware called SPECTR as part of the campaign tracked as SickSync.

Malware 90
article thumbnail

LockBit Victim? Ask FBI for Your Ransomware Key

Security Boulevard

Spy warez: Assistant director of the FBI’s Cyber Division Bryan Vorndran (pictured) might have the key to unscramble your files. The post LockBit Victim? Ask FBI for Your Ransomware Key appeared first on Security Boulevard.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.