Mon.Nov 13, 2023

article thumbnail

Ten Ways AI Will Change Democracy

Schneier on Security

Artificial intelligence will change so many aspects of society, largely in ways that we cannot conceive of yet. Democracy, and the systems of governance that surround it, will be no exception. In this short essay, I want to move beyond the “AI-generated disinformation” trope and speculate on some of the ways AI will change how democracy functions—in both large and small ways.

article thumbnail

Sandworm, a Russian Threat Actor, Disrupted Power in Ukraine Via Cyberattack

Tech Republic Security

Any company that is strategic could be targeted for the same kind of actions as this cyberattack. Follow these tips to mitigate your company’s risk to this cybersecurity threat.

Risk 175
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

North Korea-linked APT Sapphire Sleet targets IT job seekers with bogus skills assessment portals

Security Affairs

North Korea-linked APT group Sapphire Sleet set up bogus skills assessment portals in attacks aimed at IT job seekers. The North Korea-linked APT group Sapphire Sleet (aka APT38 , BlueNoroff , CageyChameleon , and CryptoCore ) is considered a sub-group of the popular Lazarus APT group. The APT group’s campaigns focus on cryptocurrency exchanges, venture capital firms, and banks.

article thumbnail

The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story

WIRED Threat Level

Netflix, Spotify, Twitter, PayPal, Slack. All down for millions of people. How a group of teen friends plunged into an underworld of cybercrime and broke the internet—then went to work for the FBI.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

CISA adds five vulnerabilities in Juniper devices to its Known Exploited Vulnerabilities catalog

Security Affairs

US CISA added four vulnerabilities (tracked as CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, and CVE-2023-36847) in Juniper devices to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added six new vulnerabilities to its Known Exploited Vulnerabilities catalog , five issues impacting Juniper Junos OS and one impacting the SysAid SysAid IT support software.

Firewall 139
article thumbnail

A Closer Look at ChatGPT's Role in Automated Malware Creation

Trend Micro

This blog entry explores the effectiveness of ChatGPT's safety measures, the potential for AI technologies to be misused by criminal actors, and the limitations of current AI models.

Malware 131

More Trending

article thumbnail

SEC Suit Ushers in New Era of Cyber Enforcement

Dark Reading

A federal push to enforce cybersecurity requirements is holding public companies and government contractors accountable as a matter of law and for national security.

article thumbnail

New Ransomware Group Emerges with Hive's Source Code and Infrastructure

The Hacker News

The threat actors behind a new ransomware group called Hunters International have acquired the source code and infrastructure from the now-dismantled Hive operation to kick-start its own efforts in the threat landscape.

article thumbnail

Capture The Flag: 5 websites to sharpen your hacking skills

We Live Security

Through engaging hacking challenges and competitions, CTFs offer an excellent opportunity to test and enhance your security and problem-solving skills

Hacking 125
article thumbnail

State of Maine data breach impacts 1.3 million people

Malwarebytes

The US State of Maine says it has suffered a data breach impacting around 1.3 million people. According to the census from July 2022, that’s more or less the the entire population of Maine. The State of Maine says it was compromised via a known vulnerability in secure transfer service MOVEit Transfer. This vulnerability is known to be used by the Cl0p ransomware gang.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Chip Buyers Sue Intel Over Downfall Vulnerability

Security Boulevard

Five chip buyers are accusing Intel of failing to address security flaws in its CPUs that it has known about for five years, making the computers either open to the Downfall vulnerability disclosed in August or low-performing after applying a patch. The five filed a class-action lawsuit last week against the giant chipmaker, also accusing. The post Chip Buyers Sue Intel Over Downfall Vulnerability appeared first on Security Boulevard.

Mobile 116
article thumbnail

Israel warns of BiBi wiper attacks targeting Linux and Windows

Bleeping Computer

Data-wiping attacks are becoming more frequent on Israeli computers as researchers discovered variants of the BiBi malware family that destroys data on both Linux and Windows systems. [.

Malware 115
article thumbnail

Scam or Mega Chatbot? Investigating the New AI Chatbot Called Abrax666

Security Boulevard

An in-depth investigation of a new AI chatbot called Abrax666 advertised on cybercrime forums reveals multiple red flags suggesting it’s likely a scam. With a negative review after communication, no seller deposit, exaggerated capabilities claimed, and zero evidence of satisfied customers, we judge that Abrax666 has no credibility as a real product.

Scams 115
article thumbnail

'Hunters International' Cyberattackers Take Over Hive Ransomware

Dark Reading

Hunters International appears to have acquired Hive ransomware from its original operators and may be seeking to cash in on the malware's reputation.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

FBI: Royal ransomware asked 350 victims to pay $275 million

Bleeping Computer

The FBI and CISA revealed in a joint advisory that the Royal ransomware gang has breached the networks of at least 350 organizations worldwide since September 2022. [.

article thumbnail

Ducktail Malware Targets the Fashion Industry

Dark Reading

Threat actors distributed an archive containing images of new products by major clothing companies, along with a malicious executable disguised with a PDF icon.

Malware 108
article thumbnail

CISA warns of actively exploited Juniper pre-auth RCE exploit chain

Bleeping Computer

CISA warned federal agencies today to secure Juniper devices on their networks by Friday against four vulnerabilities now used in remote code execution (RCE) attacks as part of a pre-auth exploit chain. [.

106
106
article thumbnail

What Is File Protection? How It Works & Different Types

Digital Guardian

When it comes to keeping sensitive information safe from intruders, file protection - safeguarding files from unauthorized access - is critical.

105
105
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Defending Financial Services Against Fraud in a Shifting Cyber Landscape

Thales Cloud Protection & Licensing

Defending Financial Services Against Fraud in a Shifting Cyber Landscape sparsh Tue, 11/14/2023 - 05:05 As we approach International Fraud Awareness Week during 12-18 November 2023, taking stock of the evolving threat landscape and the vulnerabilities that financial services organizations face is crucial. The security challenges faced by financial services organizations can never be understated.

article thumbnail

CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given a November 17, 2023, deadline for federal agencies and organizations to apply mitigations to secure against a number of security flaws in Juniper Junos OS that came to light in August.

article thumbnail

ChatGPT Experienced Service Outage Due to DDoS Attack

ZoneAlarm

OpenAI’s ChatGPT and associated APIs have faced significant service disruptions. This series of events, triggered by Distributed Denial-of-Service (DDoS) attacks, has raised critical questions about cybersecurity and the vulnerabilities of even the most sophisticated AI platforms. ChatGPT, a popular generative AI application, recently faced recurring outages impacting both its user interface and API services.

DDOS 101
article thumbnail

LockBit ransomware group assemble strike team to breach banks, law firms and governments.

DoublePulsar

A look inside how a ransomware group have been breaking into the world’s biggest organisations this November.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

ved-ebpf: Kernel Exploit and Rootkit Detection using eBPF

Penetration Testing

VED-eBPF: Kernel Exploit and Rootkit Detection using eBPF VED (Vault Exploit Defense)-eBPF leverages eBPF (extended Berkeley Packet Filter) to implement runtime kernel security monitoring and exploit detection for Linux systems. Introduction eBPF is an... The post ved-ebpf: Kernel Exploit and Rootkit Detection using eBPF appeared first on Penetration Testing.

article thumbnail

Australian Ports Resume Operation After Crippling Cyber Disruption

Dark Reading

Details of a major cyberattack against Australia's shipping industry remain few and far between, but the economic impact is clear.

96
article thumbnail

CVE-2023-5869: Unpatched PostgreSQL Servers at Risk of Arbitrary Code Execution Attacks

Penetration Testing

The PostgreSQL Global Development Group has released PostgreSQL 16.1, 15.5, 14.10, 13.13, 12.17, and 11.22, which include fixes for three security vulnerabilities. These vulnerabilities could have allowed attackers to take control of affected systems... The post CVE-2023-5869: Unpatched PostgreSQL Servers at Risk of Arbitrary Code Execution Attacks appeared first on Penetration Testing.

article thumbnail

SaaS Vendor Risk Assessment in 3 Steps

Dark Reading

SaaS applications are the new supply chain and, practically speaking, SaaS is the modern vendor. Here are three straightforward steps to manage this new vendor risk.

Risk 95
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

US Privacy Groups Urge Senate Not to Ram Through NSA Spying Powers

WIRED Threat Level

An effort to reauthorize a controversial US surveillance program by attaching it to a must-pass spending bill has civil liberties advocates calling foul.

article thumbnail

A Closer Look at State and Local Government Cybersecurity Priorities

Dark Reading

Complexity impedes the universal and consistent application of security policy, which is an obstacle to adequately securing government environments.

article thumbnail

Top 5 Marketing Tech SaaS Security Challenges

The Hacker News

Effective marketing operations today are driven by the use of Software-as-a-Service (SaaS) applications. Marketing apps such as Salesforce, Hubspot, Outreach, Asana, Monday, and Box empower marketing teams, agencies, freelancers, and subject matter experts to collaborate seamlessly on campaigns and marketing initiatives.

article thumbnail

Security Is a Process, Not a Tool

Dark Reading

Process failures are the root cause of most serious cybersecurity incidents. We need to treat security as a process issue, not try to solve it with a collection of tools.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.