Wed.Sep 11, 2024

article thumbnail

Evaluating the Effectiveness of Reward Modeling of Generative AI Systems

Schneier on Security

New research evaluating the effectiveness of reward modeling during Reinforcement Learning from Human Feedback (RLHF): “ SEAL: Systematic Error Analysis for Value ALignment.” The paper introduces quantitative metrics for evaluating the effectiveness of modeling and aligning human values: Abstract : Reinforcement Learning from Human Feedback (RLHF) aims to align language models (LMs) with human values by training reward models (RMs) on binary preferences and using these RMs to fine-tu

article thumbnail

Cybersecurity Hiring: How to Overcome Talent Shortages and Skills Gaps

Tech Republic Security

According to the ISC2, 90% of organizations face cybersecurity skills shortages. Plus, the gap between roles to fill and available talent widened.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

News alert: Criminal IP partners with IPLocation.io to deliver new tech to mitigate IP address evasion

The Last Watchdog

Torrance, Calif., Sept. 11, 2024, CyberNewsWire — Criminal IP , a distinguished leader in Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, announced that it has successfully integrated its IP address-related risk detection data with IPLocation.io, one of the most visited IP analysis and lookup tools on the internet. Through the integration, IPLocation.io , a prominent IP address geolocation tracker platform with a substantial user base, now offers more detailed insights

article thumbnail

Adobe Patch Tuesday security updates fixed multiple critical issues in the company’s products

Security Affairs

Adobe addressed tens of vulnerabilities, including critical issues that could allow attackers to execute arbitrary code on Windows and macOS. Adobe Patch Tuesday security updates addressed multiple vulnerabilities in its products, including critical flaws that could allow attackers to execute arbitrary code on Windows and macOS systems. The most severe vulnerabilities are two critical memory corruption flaws in Acrobat and PDF Reader, tracked as CVE-2024-41869 (CVSS score of 7.8) and CVE-2024-45

Hacking 143
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Apple Intelligence Promises Better AI Privacy. Here’s How It Actually Works

WIRED Threat Level

Private Cloud Compute is an entirely new kind of infrastructure that, Apple’s Craig Federighi tells WIRED, allows your personal data to be “hermetically sealed inside of a privacy bubble.

141
141
article thumbnail

Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware

The Hacker News

Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments. "The new samples were tracked to GitHub projects that have been linked to previous, targeted attacks in which developers are lured using fake job interviews," ReversingLabs researcher Karlo Zanki said.

Malware 139

More Trending

article thumbnail

Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances

The Hacker News

The operators of the mysterious Quad7 botnet are actively evolving by compromising several brands of SOHO routers and VPN appliances by leveraging a combination of both known and unknown security flaws. Targets include devices from TP-LINK, Zyxel, Asus, Axentra, D-Link, and NETGEAR, according to a new report by French cybersecurity company Sekoia.

VPN 138
article thumbnail

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM)

Security Affairs

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM) that can let attackers achieve remote code execution on the core server Ivanti Endpoint Management (EPM) software is a comprehensive solution designed to help organizations manage and secure their endpoint devices across various platforms, including Windows, macOS, Chrome OS, and IoT systems.

Software 136
article thumbnail

WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers

The Hacker News

WordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes to activate two-factor authentication (2FA) mandatorily. The enforcement is expected to come into effect starting October 1, 2024.

article thumbnail

Microsoft Patch Tuesday security updates for September 2024 addressed four actively exploited zero-days

Security Affairs

Microsoft Patch Tuesday security updates for September 2024 addressed 79 flaws, including four actively exploited zero-day flaws. Microsoft Patch Tuesday security updates for September 2024 addressed 79 vulnerabilities in Windows and Windows Components; Office and Office Components; Azure; Dynamics Business Central; SQL Server; Windows Hyper-V; Mark of the Web (MOTW); and the Remote Desktop Licensing Service.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Protecting Against RCE Attacks Abusing WhatsUp Gold Vulnerabilities

Trend Micro

In this blog entry, we provide an analysis of the recent remote code execution attacks related to Progress Software’s WhatsUp Gold that possibly abused the vulnerabilities CVE-2024-6670 and CVE-2024-6671.

134
134
article thumbnail

Singapore Police Arrest Six Hackers Linked to Global Cybercrime Syndicate

The Hacker News

The Singapore Police Force (SPF) has announced the arrest of five Chinese nationals and one Singaporean man for their alleged involvement in illicit cyber activities in the country. The development comes after a group of about 160 law enforcement officials conducted a series of raids on September 9, 2024, simultaneously at several locations.

article thumbnail

Highline Public Schools school district suspended its activities following a cyberattack

Security Affairs

Highline Public Schools, a school district in Washington state, remains closed following a cyberattack that occurred two days ago. Two days ago Highline Public Schools (HPS), a school district in Washington state, suffered a cyber attack that caused a significant disruption of its activities. Highline Public Schools (HPS) is a public school district in King County, headquartered in Burien, Washington, it serves more than 18,000 students.

article thumbnail

DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe

The Hacker News

A "simplified Chinese-speaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and Europe with the end goal of performing search engine optimization (SEO) rank manipulation. The black hat SEO cluster has been codenamed DragonRank by Cisco Talos, with victimology footprint scattered across Thailand, India, Korea, Belgium, the Netherlands, and China.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

SpecterOps Extends Reach of BloodHound Tool for Mapping Microsoft AD Attacks

Security Boulevard

SpecterOps has added the ability to track attack paths across instances of Microsoft Azure Directory (AD) running in both on-premises and on the Microsoft Azure cloud service. The post SpecterOps Extends Reach of BloodHound Tool for Mapping Microsoft AD Attacks appeared first on Security Boulevard.

article thumbnail

Why Is It So Challenging to Go Passwordless?

The Hacker News

Imagine a world where you never have to remember another password. Seems like a dream come true for both end users and IT teams, right? But as the old saying goes, "If it sounds too good to be true, it probably is." If your organization is like many, you may be contemplating a move to passwordless authentication.

article thumbnail

Microsoft Fixes Four 0-Days — One Exploited for SIX YEARS

Security Boulevard

Week B: Bugs begone! This month Redmond fixes 79 security flaws in Windows and other products The post Microsoft Fixes Four 0-Days — One Exploited for SIX YEARS appeared first on Security Boulevard.

article thumbnail

6 common Geek Squad scams and how to defend against them

We Live Security

Learn about the main tactics used by scammers impersonating Best Buy’s tech support arm and how to avoid falling for their tricks.

Scams 119
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

6 Questions to Answer Before Choosing an Identity Provider

Security Boulevard

Choosing the right identity provider is crucial, as it requires architectural changes that can make switching later difficult and costly. The post 6 Questions to Answer Before Choosing an Identity Provider appeared first on Security Boulevard.

article thumbnail

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM)

Security Affairs

Ivanti fixed a maximum severity flaw in its Endpoint Management software (EPM) that can let attackers achieve remote code execution on the core server Ivanti Endpoint Management (EPM) software is a comprehensive solution designed to help organizations manage and secure their endpoint devices across various platforms, including Windows, macOS, Chrome OS, and IoT systems.

Software 117
article thumbnail

The SBOM Survival Guide: Why SBOM Compliance is Set to Ignite IoT Security

Security Boulevard

Once SBOM and IAM provisioning knit seamlessly with policy-driven data encryption and AI-powered monitoring, they will have a far stronger security posture. The post The SBOM Survival Guide: Why SBOM Compliance is Set to Ignite IoT Security appeared first on Security Boulevard.

IoT 118
article thumbnail

CVE-2024-8522 (CVSS 10): LearnPress SQLi Flaw Leaves 90K+ WordPress Sites at Risk

Penetration Testing

A critical SQL injection vulnerability has been discovered in LearnPress, a popular WordPress plugin used to create and manage online courses. The flaw, tracked as CVE-2024-8522, carries a maximum CVSS... The post CVE-2024-8522 (CVSS 10): LearnPress SQLi Flaw Leaves 90K+ WordPress Sites at Risk appeared first on Cybersecurity News.

Risk 111
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

New Findings on the National Public Data Breach: Poor Security Measures and the Role of Infostealer Malware as a Possible Vector of Attack 

Security Boulevard

In recent months, the National Public Data (NPD) breach has been a topic of intense scrutiny, with cybersecurity experts like Brian Krebs highlighting the poor security practices that contributed to the breach’s magnitude. As we continue to analyze the aftermath, new findings have come to light that underscore the dangers posed by inadequate security measures … The post New Findings on the National Public Data Breach: Poor Security Measures and the Role of Infostealer Malware as a Possible Vecto

article thumbnail

GitLab Issues Critical Security Patch for CVE-2024-6678 (CVSS 9.9), Urges Immediate Update

Penetration Testing

In a recent security advisory, GitLab announced the release of critical security patches for its Community Edition (CE) and Enterprise Edition (EE). The patches address several vulnerabilities, including one classified... The post GitLab Issues Critical Security Patch for CVE-2024-6678 (CVSS 9.9), Urges Immediate Update appeared first on Cybersecurity News.

article thumbnail

News alert: Opus Security’s new ‘Advanced Multi-Layered Prioritization Engine’ elevates VM

The Last Watchdog

Palo Alto, Calif., Sept.11, 2024, CyberNewsWire — Opus Security , the leader in unified cloud-native remediation, today announced the launch of its Advanced Multi-Layered Prioritization Engine , designed to revolutionize how organizations manage, prioritize and remediate security vulnerabilities. Leveraging AI-driven intelligence, deep contextual data and automated decision-making capabilities, this innovative engine helps organizations prioritize the most critical vulnerabilities, enhanci

article thumbnail

Hacker pleads guilty after arriving on plane from Ukraine with a laptop crammed full of stolen credit card details

Graham Cluley

A man from New York City has admitted to computer hacking and associated crimes after being caught with a laptop containing hundreds of thousands of stolen payment card details. Read more in my article on the Hot for Security blog.

Hacking 99
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

This change to Android notifications might not be popular with everyone

Zero Day

Google might change how you access notifications and Quick Settings in a way that could be divisive.

98
article thumbnail

LNK Stomping (CVE-2024-38217): Microsoft Patches Years-Old Zero-Day Flaw

Penetration Testing

Microsoft’s September 2024 security update addresses a zero-day vulnerability affecting Smart App Control and SmartScreen. This vulnerability, dubbed “LNK stomping” (CVE-2024-38217), has been actively exploited by hackers since at least... The post LNK Stomping (CVE-2024-38217): Microsoft Patches Years-Old Zero-Day Flaw appeared first on Cybersecurity News.

article thumbnail

Apple Watch Series 10 vs. Apple Watch Series 9: Should you upgrade to the latest model?

Zero Day

The Apple Watch Series 10 has fresh features and a fresher design, but is it worth your money? Here's how it compares to last year's model.

98
article thumbnail

Lazarus Targets Developers with Sophisticated Coding Test Scam

SecureWorld News

In a concerning development for the cybersecurity community, researchers at ReversingLabs have uncovered a new campaign by the notorious North Korean hacking group, Lazarus. This campaign, an evolution of the previously identified "VMConnect" operation, specifically targets developers with fake coding tests, potentially compromising critical infrastructure and sensitive data across various sectors.

Scams 87
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.