Schneier on Security

JUNE 7, 2024

This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security. The fifty or so attendees include psychologists, economists, computer security researchers, criminologists, sociologists, political scientists, designers, lawyers, philosophers, anthropologists, geo

Cybersecurity 257

Cybersecurity 257

Tech Republic Security

JUNE 7, 2024

Anthropic opened a window into the ‘black box’ where ‘features’ steer a large language model’s output. OpenAI dug into the same concept two weeks later with a deep dive into sparse autoencoders.

Artificial Intelligence 181

Artificial Intelligence Big data Cybersecurity 181

Schneier on Security

JUNE 7, 2024

The US Justice Department has dismantled an enormous botnet: According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide. These devices were associated with more than 19 million unique IP addresses, including 613,841 IP addresses located in the United States.

Government 231

Government Malware Cybercrime 231

WIRED Threat Level

JUNE 7, 2024

After weeks of withering criticism and exposed security flaws, Microsoft has vastly scaled back its ambitions for Recall, its AI-enabled silent recording feature, and added new privacy features.

Hacking 143

Hacking 143

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Bleeping Computer

JUNE 7, 2024

Following massive customer pushback after it announced the new AI-powered Recall for Copilot+ PCs last month, Microsoft says it will update the feature to be more secure and require customers to opt in to enable it. [.

131

131

Security Affairs

JUNE 7, 2024

SolarWinds addressed multiple vulnerabilities in Serv-U and the SolarWinds Platform, including a bug reported by a pentester working with NATO. SolarWinds announced security patches to address multiple high-severity vulnerabilities in Serv-U and the SolarWinds Platform. The vulnerabilities affect Platform 2024.1 SR 1 and previous versions. One of the vulnerabilities addressed by the company, tracked as CVE-2024-28996, was reported by a penetration tester working with NATO.

Hacking 134

Hacking Information Security 134

IT Security Guru

JUNE 7, 2024

In the current era, proactive cybersecurity steps are essential to upholding a strong cybersecurity stance. A vital investment worth considering is a vulnerability management platform, also known as an exposure management platform, which can enhance preventive cybersecurity measures for businesses of various scales. Below, we will delve into five ways a vulnerability management platform can enhance the cybersecurity defense of your digital environment.

Cybersecurity 123

Cybersecurity CISO Passwords Backups 123

The Hacker News

JUNE 7, 2024

The U.S. Federal Bureau of Investigation (FBI) has disclosed that it's in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost. "We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.

Ransomware 126

Ransomware Internet Internet 126

Security Affairs

JUNE 7, 2024

Chinese shopping platform Pandabuy previously paid a ransom demand to an extortion group that extorted the company again this week. The story of the attack against the Chinese shopping platform Pandabuy demonstrates that paying a ransom to an extortion group is risky to the victims. BleepingComputer first reported that Pandabuy had previously paid a ransom to an extortion group to prevent stolen data from being published, but the same threat actor extorted the company again this week.

Data breaches 131

Data breaches Cybercrime Hacking Information Security 131

Penetration Testing

JUNE 7, 2024

A critical vulnerability (CVE-2024-5480) has been discovered in PyTorch’s distributed RPC (Remote Procedure Call) framework, exposing machine learning models and sensitive data to potential remote code execution (RCE) attacks. This flaw, identified by security... The post CVE-2024-5480 (CVSS 10): Critical RCE Vulnerability in PyTorch Distributed RPC Framework appeared first on Cybersecurity News.

Cybersecurity 129

Cybersecurity Artificial Intelligence 129

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

JUNE 7, 2024

Stress? What stress? 43% of IT professionals report that their organization had experienced a security breach that caused downtime and cost $1-10 million. The post CDW Survey Surfaces Cybersecurity Tool Sprawl Challenges appeared first on Security Boulevard.

Cybersecurity 119

Cybersecurity 119

Security Affairs

JUNE 7, 2024

Akamai observed a Chinese-speaking group exploiting two flaws, tracked as CVE-2018-20062 and CVE-2019-9082, in ThinkPHP applications. Akamai researchers observed a Chinese threat actor exploiting two old remote code execution vulnerabilities, tracked as CVE-2018-20062 and CVE-2019-9082 , in ThinkPHP. The campaign seems to have been active since at least October 2023, it initially targeted a limited number of customers/organizations but recently became widespread.

Passwords 136

Passwords Hacking Information Security 136

IT Security Guru

JUNE 7, 2024

When it comes to data security, you might think of firewalls, encryption, or vulnerability scanning. However, many businesses overlook the role of physical security in safeguarding their card data. However, there are numerous methods for data thieves to gain access that don’t even require a computer. Enhancing your physical security can prevent hackers and social engineers from obtaining the information they need to access and steal card data.

Data breaches 119

Data breaches Backups Social Engineering Encryption 119

Malwarebytes

JUNE 7, 2024

Google announced that it will reduce the amount of personal data it is storing by automatically deleting old data from “Timeline”—the feature that, previously named “Location History,” tracks user routes and trips based on a phone’s location, allowing people to revisit all the places they’ve been in the past. In an email, Google told users that they will have until December 1, 2024 to save all travels to their mobile devices before the company starts deleting old da

Accountability 119

Accountability Surveillance VPN Mobile 119

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

IT Security Guru

JUNE 7, 2024

Cross-Site Scripting (XSS) is a sneaky security flaw that lets attackers inject malicious code into seemingly harmless websites. In this article, let’s dive deep into the world of XSS, exploring its different forms, the kind of damage it can cause, and how to spot it. What Is Cross-Site Scripting? Imagine a hacker sneaking hidden code onto a trusted website.

Identity Theft 118

Identity Theft Penetration Testing Accountability Risk 118

Bleeping Computer

JUNE 7, 2024

A new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide. [.

114

114

The Hacker News

JUNE 7, 2024

Microsoft on Friday said it will disable its much-criticized artificial intelligence (AI)-powered Recall feature by default and make it an opt-in.

Artificial Intelligence 126

Artificial Intelligence 126

Bleeping Computer

JUNE 7, 2024

Apple will reportedly unveil a standalone password manager named 'Passwords' as part of iOS 18, iPadOS 18, and macOS 15 during the upcoming Apple Worldwide Developers Conference. [.

Password Management 112

Password Management Passwords 112

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

The Hacker News

JUNE 7, 2024

Google is urging third-party Android app developers to incorporate generative artificial intelligence (GenAI) features in a responsible manner. The new guidance from the search and advertising giant is an effort to combat problematic content, including sexual content and hate speech, created through such tools.

Artificial Intelligence 113

Artificial Intelligence Advertising 113

SecureWorld News

JUNE 7, 2024

The escalating sophistication and frequency of cyberattacks have ignited a global cyber arms race, as nations vie for dominance in this digital battlefield. Central to this escalating arms race are cyber arms, the digital tools and weapons employed in cyber warfare. These arms encompass a wide array of malicious software, including viruses, worms, ransomware, and zero-day exploits, designed to infiltrate, disrupt, or destroy computer systems and networks.

Technology 109

Technology Education Artificial Intelligence Identity Theft 109

Digital Guardian

JUNE 7, 2024

While this past week brought good and bad news in the world of ransomware, agencies and lawmakers are fighting to keep up with evolving cybercrime trends. Catch up on these stories and more in this week's Friday Five.

Cybercrime 105

Cybercrime Ransomware 105

Cisco Security

JUNE 7, 2024

Read how Cisco Security Cloud Control prioritizes consolidation of tools and simplification of security policy without compromising your defense. Read how Cisco Security Cloud Control prioritizes consolidation of tools and simplification of security policy without compromising your defense.

116

116

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Bleeping Computer

JUNE 7, 2024

Frontier Communications is warning 750,000 customers that their information was exposed in a data breach after an April cyberattack claimed by the RansomHub ransomware operation. [.

Data breaches 103

Data breaches Ransomware 103

The Hacker News

JUNE 7, 2024

2023 was a year of unprecedented cyberattacks. Ransomware crippled businesses, DDoS attacks disrupted critical services, and data breaches exposed millions of sensitive records. The cost of these attacks? Astronomical. The damage to reputations? Irreparable. But here's the shocking truth: many of these attacks could have been prevented with basic cyber hygiene.

DDOS 104

DDOS Data breaches Ransomware 104

Bleeping Computer

JUNE 7, 2024

LastPass says its almost 12-hour outage yesterday was caused by a bad update to its Google Chrome extension. [.

126

126

The Hacker News

JUNE 7, 2024

Traditional SCAs Are Broken: Did You Know You Are Missing Critical Pieces? Application Security professionals face enormous challenges securing their software supply chains, racing against time to beat the attacker to the mark. Software Composition Analysis (SCA) tools have become a basic instrument in the application security arsenal in the last 7 years.

Software 99

Software 99

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Security Boulevard

JUNE 7, 2024

Spy warez: Assistant director of the FBI’s Cyber Division Bryan Vorndran (pictured) might have the key to unscramble your files. The post LockBit Victim? Ask FBI for Your Ransomware Key appeared first on Security Boulevard.

Ransomware 88

Ransomware Social Engineering Data privacy CISO 88

Security Affairs

JUNE 7, 2024

Ukraine CERT-UA warned of cyber attacks targeting defense forces with SPECTR malware as part of a cyber espionage campaign dubbed SickSync. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of cyber espionage campaign targeting defense forces in the country. The Ukrainian CERT attributes the attack to the threat actor UAC-0020 which employed a malware called SPECTR as part of the campaign tracked as SickSync.

Malware 85

Malware Cyber threats Cyber Attacks Software 85

Security Boulevard

JUNE 7, 2024

Cybersecurity in the aviation industry is not just about protecting data; it’s about safeguarding lives. A single cyberattack can have catastrophic consequences, disrupting air travel, compromising safety, and causing significant economic damage. This article aims to provide a comprehensive guide to OT cybersecurity in the aviation industry. Whether you’re a cybersecurity professional, a stakeholder in the aviation industry, or simply interested in the intersection of technology and aviation, t

Cybersecurity 80

Cybersecurity Cyber threats Technology Ransomware 80

The Hacker News

JUNE 7, 2024

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync.

Malware 86

Malware Cyber Attacks 86

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government