Wed.May 08, 2024

article thumbnail

Combatting Deepfakes in Australia: Content Credentials is the Start

Tech Republic Security

The production of deepfakes is accelerating at more than 1,500% in Australia, forcing organisations to create and adopt standards like Content Credentials.

article thumbnail

Lessons Learned from Developing Secure AI Workflows at Google

Elie

This talk discuss through concrete examples how to use the Google Security AI Framework (SAIF) to protect AI systems and workflows

149
149
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Top FBI Official Urges Agents to Use Warrantless Wiretaps on US Soil

WIRED Threat Level

An internal email from FBI deputy director Paul Abbate, obtained by WIRED, tells employees to search for “US persons” in a controversial spy program's database that investigators have repeatedly misused.

145
145
article thumbnail

CVE-2024-24787 (CVSS 9.8): Go Vulnerability Could Lead to Code Execution

Penetration Testing

The Go programming language, known for its simplicity and efficiency in software development, has recently issued a crucial security advisory addressing two severe vulnerabilities. These flaws, identified in the Go environment, could potentially allow... The post CVE-2024-24787 (CVSS 9.8): Go Vulnerability Could Lead to Code Execution appeared first on Penetration Testing.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data

The Hacker News

Researchers have discovered two novel attack methods targeting high-performance Intel CPUs that could be exploited to stage a key recovery attack against the Advanced Encryption Standard (AES) algorithm.

article thumbnail

A (Strange) Interview the Russian-Military-Linked Hackers Targeting US Water Utilities

WIRED Threat Level

Despite Cyber Army of Russia’s claims of swaying US “minds and hearts,” experts say the cyber sabotage group appears to be hyping its hacking for a domestic audience.

Hacking 142

More Trending

article thumbnail

UK Ministry of Defense disclosed a third-party data breach exposing military personnel data 

Security Affairs

The UK Ministry of Defense disclosed a data breach at a third-party payroll system that exposed data of armed forces personnel and veterans. The UK Ministry of Defense disclosed a data breach impacting a third-party payroll system that exposed data of approximately 272,000 armed forces personnel and veterans. The Ministry of Defence revealed that a malign actor gained access to part of the Armed Forces payment network, which is an external system completely separate to MOD’s core network.

article thumbnail

Critical F5 Central Manager Vulnerabilities Allow Enable Full Device Takeover

The Hacker News

Two security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seize control of the devices and create hidden rogue administrator accounts for persistence.

article thumbnail

New TunnelVision technique can bypass the VPN encapsulation

Security Affairs

TunnelVision is a new VPN bypass technique that enables threat actors to spy on users’ traffic bypassing the VPN encapsulation. Leviathan Security researchers recently identified a novel attack technique, dubbed TunnelVision, to bypass VPN encapsulation. A threat actor can use this technique to force a target user’s traffic off their VPN tunnel using built-in features of DHCP (Dynamic Host Configuration Protocol).

VPN 139
article thumbnail

State of ransomware in 2024

SecureList

Ransomware attacks continue to be one of the biggest contemporary cybersecurity threats, affecting organizations and individuals alike on a global scale. From high-profile breaches in healthcare and industrial sectors – compromising huge volumes of sensitive data or halting production entirely – to attacks on small businesses that have become relatively easy targets, ransomware actors are expanding their sphere of influence.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Desperate Taylor Swift fans defrauded by ticket scams

Malwarebytes

Ticket scams are very common and apparently hard to stop. When there are not nearly enough tickets for some concerts to accommodate all the fans that desperately want to be there, it makes for ideal hunting grounds for scammers. With a ticket scam, you pay for a ticket and you either don’t receive anything or what you get doesn’t get you into the venue.

Scams 134
article thumbnail

Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606

Security Affairs

A critical Remote Code Execution vulnerability in the Tinyproxy service potentially impacted 50,000 Internet-Exposing hosts. Researchers from Cisco Talos reported a use-after-free vulnerability in the HTTP Connection Headers parsing of Tinyproxy 1.11.1 and Tinyproxy 1.10.0. The issue is tracked as CVE-2023-49606 and received a CVSS score of 9.8. The exploitation of the issue can potentially lead to remote code execution. “A specially crafted HTTP header can trigger reuse of previously free

Internet 132
article thumbnail

Microsoft: April Windows Server updates also cause crashes, reboots

Bleeping Computer

Microsoft has confirmed that last month's Windows Server security updates may also cause domain controller reboots after the Local Security Authority Subsystem Service (LSASS) process crashes. [.

132
132
article thumbnail

TikTok Ban — ByteDance Sues US to Kill Bill

Security Boulevard

PAFACA SueTok: U.S. Courts “likely” to rule whether new law is constitutional—or even practical. The post TikTok Ban — ByteDance Sues US to Kill Bill appeared first on Security Boulevard.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

LockBit gang claimed responsibility for the attack on City of Wichita

Security Affairs

The LockBit ransomware group has added the City of Wichita to its Tor leak site and threatened to publish stolen data. Last week, the City of Wichita, Kansas, was the victim of a ransomware attack and shut down its network to contain the threat. Wichita is the most populous city in the U.S. state of Kansas and the county seat of Sedgwick County. As of the 2020 census, the population of the city was 397,532.

article thumbnail

News alert: Security Risk Advisors offers free workshop to help select optimal OT security tools

The Last Watchdog

Philadelphia, Pa., May 8, 2024, CyberNewsWire — Security Risk Advisors (SRA) announces the launch of their OT/XIoT Detection Selection Workshop, a complimentary offering designed to assist organizations in selecting the most suitable operational technology (OT) and Extended Internet of Things (XIoT) security tools for their unique environments.

Risk 130
article thumbnail

Tackling Cyber Threats: Is AI Cybersecurity Our Only Hope?

Jane Frankland

Could artificial intelligence (AI) be the key to outsmarting cyber threats in an increasingly connected world? Is it our only hope for survival?These are questions I’ve been asking myself recently as AI and cybercrime have become hot topics in the tech industry, and for world leaders. On one hand, AI has been hailed as a game-changing technology with the potential to transform industries and improve our daily lives.

article thumbnail

A SaaS Security Challenge: Getting Permissions All in One Place 

The Hacker News

Permissions in SaaS platforms like Salesforce, Workday, and Microsoft 365 are remarkably precise. They spell out exactly which users have access to which data sets. The terminology differs between apps, but each user’s base permission is determined by their role, while additional permissions may be granted based on tasks or projects they are involved with.

129
129
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Ransomware Attacks are Up, but Profits are Down: Chainalysis

Security Boulevard

In the ever-evolving world of ransomware, it’s getting easier for threat groups to launch attacks – as evidence by the growing number of incidents – but more difficult to make a profit. Organizations’ cyber-defenses are getting more resilient, decryptors that enable victims to regain control of their data, and law enforcement crackdowns on high-profile cybercrime.

article thumbnail

Massive webshop fraud ring steals credit cards from 850,000 people

Bleeping Computer

A massive network of 75,000 fake online shops called 'BogusBazaar' tricked over 850,000 people in the US and Europe into making purchases, allowing the criminals to steal credit card information and attempt to process an estimated $50 million in fake orders. [.

118
118
article thumbnail

Build Strong Information Security Policy: Template & Examples

Security Boulevard

Every organization needs to have security measures and policies in place to safeguard its data. One of the best and most important measures you can take to protect your data (and that of your customers) is simply to have a robust information security policy. Of course, that idea sounds simple enough. In practice, however, it’s. The post Build Strong Information Security Policy: Template & Examples appeared first on Hyperproof.

article thumbnail

New BIG-IP Next Central Manager bugs allow device takeover

Bleeping Computer

F5 has fixed two high-severity BIG-IP Next Central Manager vulnerabilities, which can be exploited to gain admin control and create rogue accounts on any managed assets. [.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Secure Firewall & Multicloud Defense: Secure Connectivity With Simplified Policy Across Clouds

Cisco Security

Learn how Cisco is bringing on-prem and cloud security together into a unified platform to marry the power of Cisco Secure Firewall and Multicloud Defense. Learn how Cisco is bringing on-prem and cloud security together into a unified platform to marry the power of Cisco Secure Firewall and Multicloud Defense.

Firewall 109
article thumbnail

FBI warns of gift card fraud ring targeting retail companies

Bleeping Computer

The FBI warned retail companies in the United States that a financially motivated hacking group has been targeting employees in their gift card departments in phishing attacks since at least January 2024. [.

Retail 110
article thumbnail

Data Classification Policy

Tech Republic Security

In many ways, data has become the primary currency of modern organizations. It doesn’t matter whether you are a large business enterprise, SMB, government or non-profit, the collection, management, protection and analysis of data is a determining factor in your overall success. This policy, written by Mark W. Kaelin for TechRepublic Premium, establishes an enterprise-wide.

article thumbnail

Smashing Security podcast #371: Unmasking LockBitsupp, company extortion, and a Tinder fraudster

Graham Cluley

The kingpin of the LockBit ransomware is named and sanctioned, a cybersecurity consultant is charged with a $1.5 million extortion, and a romance fraudster defrauded women he met on Tinder of £80,000. All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by “Ransomware Sommelier” Allan Liska.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Zscaler takes "test environment" offline after rumors of a breach

Bleeping Computer

Zscaler says that they discovered an exposed "test environment" that was taken offline for analysis after rumors circulated that a threat actor was selling access to the company's systems. [.

91
article thumbnail

Heimdal Welcomes Jesper Frederiksen as Its New Chief Executive Officer

Heimadal Security

Official Press Release Copenhagen, Denmark – May 8th, 2024 — Heimdal®, a global leader in cybersecurity solutions, is excited to announce the appointment of Jesper Frederiksen as its new Chief Executive Officer. Bringing a wealth of experience from the SaaS and cloud security sectors, Frederiksen is renowned for his expertise in scaling IT technology organizations and enhancing […] The post Heimdal Welcomes Jesper Frederiksen as Its New Chief Executive Officer appeared first on Heimdal Sec

article thumbnail

Stack Overflow suspends user for editing posts in OpenAI protest

Bleeping Computer

OpenAI and Stack Overflow recently teamed up to improve AI models. OpenAI will have access to Stack Overflow's API and feedback from developers. In return, OpenAI will link to Stack Overflow's content in ChatGPT. [.

article thumbnail

How Tech Can Help you Obtain a Building Passport: Net-Zero Building Certification Guide

IT Security Guru

Net-Zero Building Certification is a credential that identifies structures which have attained parity between the amount of energy they use and how much renewable energy they produce in twelve months’ time. This guide will outline step by step what you need to know about obtaining and maintaining your own net-zero building certification. Analyze Your Building’s Energy Performance To get a certification for net-zero building, it is important that you evaluate how your building uses energy

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.