Tue.Oct 10, 2023

article thumbnail

Model Extraction Attack on Neural Networks

Schneier on Security

Adi Shamir et al. have a new model extraction attack on neural networks: Polynomial Time Cryptanalytic Extraction of Neural Network Models Abstract: Billions of dollars and countless GPU hours are currently spent on training Deep Neural Networks (DNNs) for a variety of tasks. Thus, it is essential to determine the difficulty of extracting all the parameters of such neural networks when given access to their black-box implementations.

304
304
article thumbnail

Patch Tuesday, October 2023 Edition

Krebs on Security

Microsoft today issued security updates for more than 100 newly-discovered vulnerabilities in its Windows operating system and related software, including four flaws that are already being exploited. In addition, Apple recently released emergency updates to quash a pair of zero-day bugs in iOS. Apple last week shipped emergency updates in iOS 17.0.3 and iPadOS 17.0.3 in response to active attacks.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Australia, New Zealand Enterprises Spend Big on Security — But Will It Be Enough?

Tech Republic Security

Australian and New Zealand businesses will increase spending on cybersecurity by double digits… but they might not be able to spend their way to safety.

article thumbnail

Unlocking Success: Safeguarding Your Business with Cloud-Based Solutions

Jane Frankland

We all know the feeling: ensuring that your business is secure and running efficiently can feel overwhelming. It’s a hard balancing act between protecting valuable data, increasing productivity, controlling costs – especially when technology often seems to be outpacing security measures. But with the range of cloud-based security solutions available today, there doesn’t have to be an underlying fear of losing sensitive information or assets – not with the right solution and partner.

Risk 147
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

HTTP/2 Rapid Reset Zero-Day Vulnerability Exploited to Launch Record DDoS Attacks

The Hacker News

Amazon Web Services (AWS), Cloudflare, and Google on Tuesday said they took steps to mitigate record-breaking distributed denial-of-service (DDoS) attacks that relied on a novel technique called HTTP/2 Rapid Reset. The layer 7 attacks were detected in late August 2023, the companies said in a coordinated disclosure.

DDOS 140
article thumbnail

Internet-Wide Zero-Day Bug Fuels Largest-Ever DDoS Event

Dark Reading

Ongoing Rapid Reset DDoS flood attacks exposed organizations need to patch CVE-2023-44487 immediately to head off crippling outages and business disruption.

DDOS 139

More Trending

article thumbnail

New One-Click Exploit Is a Supply Chain Risk for Linux OSes

Dark Reading

An overlooked library contains a vulnerability that could enable full remote takeover simply by clicking a link.

Risk 131
article thumbnail

Google Adopts Passkeys as Default Sign-in Method for All Users

The Hacker News

Google on Tuesday announced the ability for all users to set up passkeys by default, five months after it rolled out support for the FIDO Alliance-backed passwordless standard for Google Accounts on all platforms.

article thumbnail

GUEST ESSAY: How tech tricks used by Amazon, Netflix aid Ukraine in repelling Russia’s invasion

The Last Watchdog

As tragic as it is, we are in a space where video has become a crucial asset in wartime. Related: Apple tool used as warfare weapon Ukraine’s defense against Russian invaders has changed the role of video. Accessing video-based intelligence at the right time and place is a very effective method for gaining information about the constantly changing military landscape.

article thumbnail

A flaw in libcue library impacts GNOME Linux systems

Security Affairs

A vulnerability in the libcue library impacting GNOME Linux systems can be exploited to achieve remote code execution (RCE) on affected hosts. A threat actor can trigger a vulnerability, tracked as CVE-2023-43641 (CVSS score: 8.8), in the libcue library impacting GNOME Linux systems to achieve remote code execution (RCE) on affected hosts. libcue provides an API for parsing and extracting data from CUE sheets.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Cybersecurity Awareness Month 2023 Blog Series | Using Strong Passwords and a Password Manager

NSTIC

Today’s blog is the second one in our 2023 Cybersecurity Awareness Month series and examines different factors associated with using strong passwords and a password manager. We interviewed NIST’s Yee-Yin Choong and Meghan Anderson to get their unique thoughts and insights. This week’s Cybersecurity Awareness Month theme is ‘ using strong passwords and a password manager.

article thumbnail

Microsoft warns of incorrect BitLocker encryption errors

Bleeping Computer

Microsoft warned customers this week of incorrect BitLocker drive encryption errors being shown in some managed Windows environments. [.

article thumbnail

Hacktivists send fake nuclear attack warning via Israeli Red Alert app

Graham Cluley

Hackers have exploited a flaw in a widely-used app that warns of missile attacks against Israel to send a fake alert that a nuclear strike is imminent. Read more in my article on the Hot for Security blog.

119
119
article thumbnail

Microsoft Exchange gets ‘better’ patch to mitigate critical bug

Bleeping Computer

The Exchange Team asked admins to deploy a new and "better" patch for a critical Microsoft Exchange Server vulnerability initially addressed in August. [.

122
122
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Google Makes Passkeys Default, Stepping Up Its Push to Kill Passwords

WIRED Threat Level

Google is making passkeys, the emerging passwordless login technology, the default option for users as it moves to make passwords “obsolete.

Passwords 118
article thumbnail

Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug

Dark Reading

October's CVE update is here. Here's which security vulnerabilities to patch now to exorcise your Microsoft systems demons.

118
118
article thumbnail

Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability

The Hacker News

Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062 (aka DarkShadow or Oro0lxy). The tech giant's threat intelligence team said it observed in-the-wild abuse of the vulnerability since September 14, 2023.

117
117
article thumbnail

How Keyloggers Have Evolved From the Cold War to Today

Dark Reading

Keyloggers have been used for espionage since the days of the typewriter, but today's threats are easier to get and use than ever.

113
113
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

New Magecart Campaign Alters 404 Error Pages to Steal Shoppers' Credit Cards

The Hacker News

A sophisticated Magecart campaign has been observed manipulating websites' default 404 error page to conceal malicious code in what's been described as the latest evolution of the attacks. The activity, per Akamai, targets Magento and WooCommerce websites, with some of the victims belonging to large organizations in the food and retail industries.

Retail 117
article thumbnail

Automated Certificate Management Alleviates IT Stress While Boosting Security

GlobalSign

Discover how the power of automation can help IT teams manage their certificates, whilst reducing stress and improving security.

112
112
article thumbnail

Credit Card Lock vs. Credit Freeze: What’s the Difference?

Identity IQ

Credit Card Lock vs. Credit Freeze: What’s the Difference? IdentityIQ Credit card locks and credit freezes are security features that can be used to help protect you from fraud and identity theft. But even though they sound similar, they perform very different functions when keeping you safe. The key difference: credit card locks help protect your credit card from fraud , while credit freezes help protect your credit report from identity theft.

article thumbnail

North Korea's State-Sponsored APTs Organize & Align

Dark Reading

An unprecedented collaboration by various APTs within the DPKR makes them harder to track, setting the stage for aggressive, complex cyberattacks that demand strategic response efforts, Mandiant warns.

108
108
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Florida Circuit Court,Victim of a Ransomware Attack

Heimadal Security

The ALPHV ransomware group, also known as BlackCat, has claimed responsibility for a cyberattack that disrupted numerous state courts in Northwest Florida, specifically within the First Judicial Circuit, last week. Allegedly, the malicious actors were able to obtain sensitive personal information of employees and judges, including Social Security numbers and CVs.

article thumbnail

Old-School Attacks Are Still a Danger, Despite Newer Techniques

Dark Reading

The cold, hard truth? Cybercriminals are still perpetuating plenty of unsophisticated attacks for a simple reason: They work.

108
108
article thumbnail

Virus Bulletin PUA – a love letter

We Live Security

Late nights at the VB2023 conference featured intriguing interactions between security experts and the somewhat enigmatic world of grayware purveyors.

104
104
article thumbnail

A Frontline Report of Chinese Threat Actor Tactics and Techniques

Dark Reading

Threat intel experts see a reduced focus on desktop malware as threat groups prioritize passwords and tokens that let them access the same systems as remote workers.

Passwords 104
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Researchers Uncover Grayling APT's Ongoing Attack Campaign Across Industries

The Hacker News

A previously undocumented threat actor of unknown provenance has been linked to a number of attacks targeting organizations in the manufacturing, IT, and biomedical sectors in Taiwan. The Symantec Threat Hunter Team, part of Broadcom, attributed the attacks to an advanced persistent threat (APT) it tracks under the name Grayling.

article thumbnail

Mirai DDoS malware variant expands targets with 13 router exploits

Bleeping Computer

A Mirai-based DDoS (distributed denial of service) malware botnet tracked as IZ1H9 has added thirteen new payloads to target Linux-based routers and routers from D-Link, Zyxel, TP-Link, TOTOLINK, and others. [.

DDOS 101
article thumbnail

New Report: Child Sexual Abuse Content and Online Risks to Children on the Rise

The Hacker News

Certain online risks to children are on the rise, according to a recent report from Thorn, a technology nonprofit whose mission is to build technology to defend children from sexual abuse. Research shared in the Emerging Online Trends in Child Sexual Abuse 2023 report, indicates that minors are increasingly taking and sharing sexual images of themselves.

Risk 99
article thumbnail

Badbox Operation Targets Android Devices in Fraud Schemes

Dark Reading

Researchers believe that more than 70,000 Android devices may have been affected with preloaded Peachpit malware that was installed on the electronics before being sold at market.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.