Fri.Jan 26, 2024

article thumbnail

Chatbots and Human Conversation

Schneier on Security

For most of history, communicating with a computer has not been like communicating with a person. In their earliest years, computers required carefully constructed instructions, delivered through punch cards; then came a command-line interface, followed by menus and options and text boxes. If you wanted results, you needed to learn the computer’s language.

article thumbnail

Cyberbezpiecze?stwo dla bystrzaków: Best-Selling “Cybersecurity For Dummies” Book Now Available In Polish

Joseph Steinberg

The Polish version of the second edition of Cybersecurity For Dummies , Joseph Steinberg’s best-selling introductory-level book about cybersecurity, is now available. Like its first edition counterparts published in several languages, the new Polish-language Second Edition, Cyberbezpiecze ństwo dla bystrzaków w 2 , is written for general audiences, and can help people of all backgrounds stay cyber-secure, regardless of readers’ technical skillsets.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Police Arrest Teen Said to Be Linked to Hundreds of Swatting Attacks

WIRED Threat Level

A California teenager who allegedly used the handle Torswats to carry out a nationwide swatting campaign is being extradited to Florida to face felony charges, WIRED has learned.

145
145
article thumbnail

Watch out, experts warn of a critical flaw in Jenkins

Security Affairs

Jenkins maintainers addressed several security vulnerabilities, including a critical remote code execution (RCE) flaw. Jenkins is the most popular open source automation server, it is maintained by CloudBees and the Jenkins community. The automation server supports developers build, test and deploy their applications, it has hundreds of thousands of active installations worldwide with more than 1 million users.

Hacking 144
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

The Pentagon Tried to Hide That It Bought Americans' Data Without a Warrant

WIRED Threat Level

US spy agencies purchased Americans' phone location data and internet metadata without a warrant but only admitted it after a US senator blocked the appointment of a new NSA director.

Internet 144
article thumbnail

Pwn2Own Automotive 2024 Day 2 – Tesla hacked again

Security Affairs

Researchers hacked the Tesla infotainment system and found 24 zero-days on day 2 of Pwn2Own Automotive 2024 hacking competition. White hat hackers from the Synacktiv Team ( @Synacktiv ) compromised the Tesla infotainment system on the second day of the Pwn2Own Automotive 2024 hacking competition. The bug hunters chained two vulnerabilities to hack the Tesla infotainment system, they earned $100,000 and 10 Master of Pwn Points.

Hacking 141

More Trending

article thumbnail

A TrickBot malware developer sentenced to 64 months in prison

Security Affairs

The Russian national malware developer Vladimir Dunaev was sentenced to more than 5 years in prison for his role in the TrickBot operation. The Russian national Vladimir Dunaev (40) has been sentenced in the US to 64 months in prison for his role in the development and distribution of the TrickBot malware. Vladimir Dunaev was extradited to the U.S. in October 2021.

Malware 139
article thumbnail

Microsoft Teams outage causes connection issues, message delays

Bleeping Computer

Microsoft is investigating an ongoing and widespread outage impacting the users of its Teams communication platform and causing connectivity issues, login problems, and message delays. [.

139
139
article thumbnail

QR Code Scammers are Changing Tactics to Evade Detection

Security Boulevard

Check Point researchers last year saw a 587% increase between August and September of phishing attacks enticing unsuspecting targets to click on QR codes that then redirect them to malicious pages used for harvesting credentials. The cybersecurity firm’s report was one of several last year that talked about a rapid rise in such QR code-focused. The post QR Code Scammers are Changing Tactics to Evade Detection appeared first on Security Boulevard.

Phishing 124
article thumbnail

Ukraine: Hack wiped 2 petabytes of data from Russian research center

Bleeping Computer

The Main Intelligence Directorate of Ukraine's Ministry of Defense claims that pro-Ukrainian hacktivists breached the Russian Center for Space Hydrometeorology, aka "planeta" (планета), and wiped 2 petabytes of data. [.

Hacking 135
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Web Vulnerability Submissions Exploded in 2023

Security Boulevard

There was an alarming surge of user-submitted web vulnerability submissions in 2023—with a 30% increase compared to 2022—as open-scoped bug bounty programs evolved. The post Web Vulnerability Submissions Exploded in 2023 appeared first on Security Boulevard.

Mobile 123
article thumbnail

Microsoft reveals how hackers breached its Exchange Online accounts

Bleeping Computer

Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. [.

article thumbnail

New Ransomware Reporting Requirements Kick in as Victims Increasingly Avoid Paying

Security Boulevard

A lower percentage of ransomware victims are paying, as new regulations begin to elicit more and more public disclosure of ransomware incidents. The post New Ransomware Reporting Requirements Kick in as Victims Increasingly Avoid Paying appeared first on Security Boulevard.

article thumbnail

Microsoft releases first Windows Server 2025 preview build

Bleeping Computer

Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. [.

124
124
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Cybersecurity Insights with Contrast CISO David Lindner | 1/26/24

Security Boulevard

Insight #1 Spray and pray: That’s the modus operandi behind the latest successful attack against Microsoft, which resulted in compromise of the company’s email systems. The attackers reportedly got in through an old testing environment, which seemingly had no multi-factor authentication (MFA) stopping them. Lesson learned: Just because it’s not a production system doesn't mean it can't be used as an avenue to get into your production systems.

CISO 112
article thumbnail

Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice

Bleeping Computer

The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26. [.

Hacking 111
article thumbnail

AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks

The Hacker News

Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called AllaKore RAT. The BlackBerry Research and Intelligence Team attributed the activity to an unknown Latin American-based financially motivated threat actor. The campaign has been active since at least 2021.

Malware 109
article thumbnail

Ring curtails law enforcement’s access to footage

Malwarebytes

US law enforcement will no longer be able to request footage through the Neighbors app produced by Ring video doorbells and surveillance cameras. Until now Ring’s Request for Assistance (RFA) function allowed law enforcement to ask for and obtain user footage, but this function will be retired. Along with other changes, Ring announced on its blog how public safety agencies like fire and police departments can still use the Neighbors app to share helpful safety tips, updates, and community events

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Malicious Ads on Google Target Chinese Users with Fake Messaging Apps

The Hacker News

Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising campaign.

article thumbnail

Cybersecurity Standards vs Procedures vs Controls vs Policies

Security Boulevard

Cybersecurity is a vast and complex field, and it’s made more complicated as technology – both infrastructure and in terms of cyberattacks – grows more and more sophisticated. Any large and complex industry grows terminology and jargon like leaves on a tree, and cybersecurity is no different. There are dozens, if not hundreds, of specialized […] The post Cybersecurity Standards vs Procedures vs Controls vs Policies appeared first on Security Boulevard.

article thumbnail

Perfecting the Defense-in-Depth Strategy with Automation

The Hacker News

Medieval castles stood as impregnable fortresses for centuries, thanks to their meticulous design. Fast forward to the digital age, and this medieval wisdom still echoes in cybersecurity.

article thumbnail

Removing Passwords, Without Compromising Security

Duo's Security Blog

In today’s complex IT landscape, one of the biggest problems faced by a Chief Information Security Officer (CISO) and their IT security team are forgotten and stolen passwords. On average, employees lose 11 hours per year resetting passwords and an average company spends ~$5M per year on setting and resetting passwords. And this is just the cost of resetting passwords.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Breaking Down CVE-2024-23897: PoC Code Surfaces Just After Jenkins Advisory

Penetration Testing

The technical details and proof-of-concept (PoC) code targeting a critical CVE-2024-23897 vulnerability in Jenkins was published one day after the vendor’s advisory came out. Jenkins, the open-source automation server that has become indispensable for... The post Breaking Down CVE-2024-23897: PoC Code Surfaces Just After Jenkins Advisory appeared first on Penetration Testing.

article thumbnail

Cyber security and AI: Should machines be included in your training program?

Security Boulevard

The post Cyber security and AI: Should machines be included in your training program? appeared first on Click Armor. The post Cyber security and AI: Should machines be included in your training program? appeared first on Security Boulevard.

article thumbnail

Microsoft introduces flighting for Windows Server insiders

Bleeping Computer

Microsoft has launched flighting for Windows Server systems enrolled in its Windows Insider open software testing program. [.

article thumbnail

Why We Need to Cultivate a Confidential Computing Ecosystem

Security Boulevard

The development of privacy-enhancing technologies (PETs) can resolve the tension between data privacy and utility. The post Why We Need to Cultivate a Confidential Computing Ecosystem appeared first on Security Boulevard.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Role of Wazuh in building a robust cybersecurity architecture

Bleeping Computer

Leveraging open source solutions and tools to build a cybersecurity architecture offers organizations several benefits. Learn more from Wazuh about the benefits of open source solutions. [.

article thumbnail

How to Troubleshoot Antivirus Problems: A Comprehensive Guide

SecureBlitz

Learn how to troubleshoot antivirus problems in this comprehensive guide. ‍Antivirus software plays a crucial role in protecting our computers from malware, viruses, and other online threats. However, there may be instances where you encounter issues with your antivirus program, such as it not turning on or failing to detect threats. In this comprehensive guide, […] The post How to Troubleshoot Antivirus Problems: A Comprehensive Guide appeared first on SecureBlitz Cybersecurity.

article thumbnail

DockerExploit: Docker Remote API Scanner and Exploit

Penetration Testing

Docker Remote API Scanner and Exploit This repository contains a Docker Remote API Scanner and Exploit tool designed for educational and research purposes. It enables users to perform security assessments and experiments related to... The post DockerExploit: Docker Remote API Scanner and Exploit appeared first on Penetration Testing.

article thumbnail

Zero-day Confluence RCE Vulnerability Blocked by Contrast Runtime Security | CVE-2023-22527 | Contrast Security

Security Boulevard

If your organization is running an older version of Atlassian Confluence Server that’s affected by CVE-2023-22527 — the critical remote-code execution (RCE) zero day discovered recently — you either The post Zero-day Confluence RCE Vulnerability Blocked by Contrast Runtime Security | CVE-2023-22527 | Contrast Security appeared first on Security Boulevard.

69
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.