Schneier on Security

APRIL 25, 2024

The web has become so interwoven with everyday life that it is easy to forget what an extraordinary accomplishment and treasure it is. In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection. But all of this is coming to an end. The advent of AI threatens to destroy the complex online ecosystem that allows writers, artists, and other creators to reach human audiences.

Engineering 342

Engineering Internet Internet Artificial Intelligence 342

Tech Republic Security

APRIL 25, 2024

Researchers from the University of Illinois Urbana-Champaign found that OpenAI’s GPT-4 is able to exploit 87% of a list of vulnerabilities when provided with their NIST descriptions.

Artificial Intelligence 198

Artificial Intelligence 198

Malwarebytes

APRIL 25, 2024

Amazon’s Ring has settled with the Federal Trade Commission (FTC) over charges that the company allowed employees and contractors to access customers’ private videos , and failed to implement security protections which enabled hackers to take control of customers’ accounts, cameras, and videos. The FTC is now sending refunds totaling more than $5.6 million to US consumers as a result of the settlement.

Accountability 139

Accountability Internet Internet Risk 139

Javvad Malik

APRIL 25, 2024

I was taking a walk the other day and saw this pathway which is shared by two houses. The house on the right got their pressure washer and cleaned their half of the path. Part of me secretly admires the pettiness of this move. But the truth is that it is one path and just using one half is not practical. If it needs repair at any point, it’s a joint responsibility, you can’t just fix your bit and expect things to be fine… a bit like using the cloud or outsourcing work to a thir

113

113

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

APRIL 25, 2024

U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-38028 Microsoft Windows Print Spooler Privilege Escalation vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Cisa added the flaw to the KEV catalog after Microsoft reported that the Russia-linked APT28 group (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ” used a previously u

Education 141

Education Government Hacking Risk 141

Bleeping Computer

APRIL 25, 2024

Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access. [.

Accountability 134

Accountability 134

Bleeping Computer

APRIL 25, 2024

Security researchers have discovered a new Android banking trojan they named Brokewell that can capture every event on the device, from touches and information displayed to text input and the applications the user launches. [.

Malware 133

Malware Banking Mobile 133

Security Affairs

APRIL 25, 2024

Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics layer engine. Google addressed four vulnerabilities in the Chrome web browser, including a critical vulnerability tracked as CVE-2024-4058. The vulnerability CVE-2024-4058 is a Type Confusion issue that resides in the ANGLE graphics layer engine.

Engineering 143

Engineering Hacking Information Security 143

Bleeping Computer

APRIL 25, 2024

Researchers have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2.5 million connections from unique IP addresses. [.

Malware 122

Malware 122

Security Affairs

APRIL 25, 2024

CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-20353 Cisco ASA and FTD Denial of Service Vulnerability CVE-2024-20359 Cisco ASA and FTD Privilege Escalation Vulnerability CVE-2024-4040 CrushFTP VFS Sandbox Escape Vulnerability Cisco Talos this week warned that the nati

VPN 134

VPN Software Firewall Authentication 134

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Boulevard

APRIL 25, 2024

The warning underscores the importance of a collaborative approach to AI security involving stakeholders across different domains, including data science and infrastructure. The post AI Adoption Prompts Security Advisory from NSA appeared first on Security Boulevard.

Risk 123

Risk Government 123

The Hacker News

APRIL 25, 2024

The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT.

Malware 129

Malware 129

Graham Cluley

APRIL 25, 2024

A wave of cheap, crude, amateurish ransomware has been spotted on the dark web - and although it may not make as many headlines as LockBit, Rhysida, and BlackSuit, it still presents a serious threat to organizations. Read more in my article on the Tripwire State of Security blog.

Small Business 120

Small Business Ransomware Malware 120

Security Affairs

APRIL 25, 2024

A ransomware attack on a Swedish logistics company Skanlog severely impacted the country’s liquor supply. Skanlog, a critical distributor for Systembolaget, the Swedish government-owned retail chain suffered a ransomware attack. Systembolaget has a monopoly on the sale of alcoholic beverages containing more than 3.5% alcohol by volume. It operates stores across Sweden and is responsible for the retail sale of wine, spirits, and strong beer.

Ransomware 136

Ransomware Retail Cyber Attacks Backups 136

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Penetration Testing

APRIL 25, 2024

ThreatFabric has unveiled a sophisticated new Android malware strain named “Brokewell.” This potent threat combines extensive data theft capabilities with remote device control, allowing attackers to hijack infected phones for fraudulent financial transactions. The... The post Alert: “Brokewell” Malware – New Threat Targets Bank Users with Remote Device Takeover appeared first on Penetration Testing.

Banking 127

Banking Penetration Testing Malware 127

Digital Shadows

APRIL 25, 2024

Explore how rising Iran-Israel tensions might escalate cyber threats, involving APT groups like APT34 & Predatory Sparrow, and how at-risk firms can defend.

Cyber threats 123

Cyber threats Risk 123

The Hacker News

APRIL 25, 2024

The U.S. Department of Justice (DoJ) on Wednesday announced the arrest of two co-founders of a cryptocurrency mixer called Samourai and seized the service for allegedly facilitating over $2 billion in illegal transactions and for laundering more than $100 million in criminal proceeds.

Cryptocurrency 119

Cryptocurrency 119

Tech Republic Security

APRIL 25, 2024

About 23% of security teams include women, ISC2 found in its Cybersecurity Workforce Study.

Cybersecurity 149

Cybersecurity 149

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

APRIL 25, 2024

Healthcare ransomware incidents are far too common, but none have wreaked as much havoc as the recent Change Healthcare attack. Rick Pollack, President and CEO of the American Hospital Association stated that “the Change Healthcare cyberattack is the most significant and consequential incident of its kind against the U.S. healthcare system in history.

Healthcare 116

Healthcare Ransomware Cybersecurity 116

Penetration Testing

APRIL 25, 2024

A significant vulnerability has been exposed in the widely-used Skylab IGX IIoT Gateway (CVE-2024-4163), allowing attackers to escalate their privileges and potentially take complete control of the affected devices. This flaw puts sensitive industrial... The post Skylab IGX IIoT Gateway Vulnerability (CVE-2024-4163): Root Access for Attackers appeared first on Penetration Testing.

Penetration Testing 125

Penetration Testing 125

The Hacker News

APRIL 25, 2024

Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy.

Technology 117

Technology 117

Penetration Testing

APRIL 25, 2024

The release of public PoC exploit code targeting a maximum severity zero-day flaw in Cisco IOS XE (CVE-2023-20198) has dramatically amplified the risk landscape for countless organizations worldwide. Previously, only a few advanced attackers... The post Cisco Zero-Day Exploit Code Goes Public: Patch Now or Face Total System Takeover appeared first on Penetration Testing.

Penetration Testing 119

Penetration Testing Risk 119

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Security Boulevard

APRIL 25, 2024

The RSA Conference 2024 will kick off on May 6. Known as the “Oscars of Cybersecurity,” the RSAC Innovation Sandbox has become a benchmark for innovation in the cybersecurity industry. Let’s focus on the new hotspots in cybersecurity and understand the new trends in security development. Today, let’s get to know Harmonic Security. Introduction of […] The post RSAC 2024 Innovation Sandbox | The Future Frontline: Harmonic Security’s Data Protection in the AI Era appeared first on NSFOCUS, Inc

Cyber Attacks 109

Cyber Attacks Cybersecurity 109

Penetration Testing

APRIL 25, 2024

Recently, Zscaler ThreatLabz released its 2024 Phishing Report, revealing a disturbing evolution in phishing tactics fueled by generative AI technologies. This detailed analysis, based on over 2 billion phishing transactions in 2023, presents a... The post AI Powers a Phishing Frenzy – Zscaler Report Warns of Unprecedented Threat Wave appeared first on Penetration Testing.

Phishing 117

Phishing Penetration Testing Technology 117

Security Affairs

APRIL 25, 2024

The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer Samourai. The U.S. Department of Justice (DoJ) has arrested two co-founders of the cryptocurrency mixer Samourai and seized the service. The allegations include claims of facilitating over $2 billion in illicit transactions and laundering more than $100 million in criminal proceeds.

Cryptocurrency 125

Cryptocurrency Marketing Mobile Hacking 125

Penetration Testing

APRIL 25, 2024

SonicWall Capture Labs threat research team has recently uncovered sophisticated.NET managed code injection methods employed by the notorious AgentTesla malware, marking a significant advancement in malware delivery tactics. The detailed technical analysis provided... The post Hackers Employ Advanced Fileless Attack to Implant AgentTesla Malware appeared first on Penetration Testing.

Malware 115

Malware Penetration Testing Spyware 115

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Bleeping Computer

APRIL 25, 2024

Reddit is investigating a major outage blocking users worldwide from accessing the social network's websites and mobile apps.

Mobile 117

Mobile Technology 117

SecureWorld News

APRIL 25, 2024

North Korea's prolific state-sponsored hacking units are once again setting their sights on South Korea's defense and arms manufacturing sector. According to cybersecurity analysts, the notorious Lazarus Group, as well as other crews like Kimsuky and Andariel, have launched multiple cyberattacks over the past year targeting South Korean companies involved in military and weapons technology development.

Manufacturing 98

Manufacturing Technology Cyber Risk Risk 98

Bleeping Computer

APRIL 25, 2024

The FBI has warned today that using unlicensed cryptocurrency transfer services can result in financial loss if these platforms are taken down by law enforcement. [.

Cryptocurrency 99

Cryptocurrency 99

We Live Security

APRIL 25, 2024

Python’s versatility and short learning curve are just two factors that explain the language’s firm 'grip' on cybersecurity.

Cybersecurity 112

Cybersecurity 112

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government