Thu.Apr 25, 2024

article thumbnail

The Rise of Large-Language-Model Optimization

Schneier on Security

The web has become so interwoven with everyday life that it is easy to forget what an extraordinary accomplishment and treasure it is. In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection. But all of this is coming to an end. The advent of AI threatens to destroy the complex online ecosystem that allows writers, artists, and other creators to reach human audiences.

article thumbnail

OpenAI’s GPT-4 Can Autonomously Exploit 87% of One-Day Vulnerabilities, Study Finds

Tech Republic Security

Researchers from the University of Illinois Urbana-Champaign found that OpenAI’s GPT-4 is able to exploit 87% of a list of vulnerabilities when provided with their NIST descriptions.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Google fixed critical Chrome vulnerability CVE-2024-4058

Security Affairs

Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics layer engine. Google addressed four vulnerabilities in the Chrome web browser, including a critical vulnerability tracked as CVE-2024-4058. The vulnerability CVE-2024-4058 is a Type Confusion issue that resides in the ANGLE graphics layer engine.

article thumbnail

Shared responsibility

Javvad Malik

I was taking a walk the other day and saw this pathway which is shared by two houses. The house on the right got their pressure washer and cleaned their half of the path. Part of me secretly admires the pettiness of this move. But the truth is that it is one path and just using one half is not practical. If it needs repair at any point, it’s a joint responsibility, you can’t just fix your bit and expect things to be fine… a bit like using the cloud or outsourcing work to a thir

113
113
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-38028 Microsoft Windows Print Spooler Privilege Escalation vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Cisa added the flaw to the KEV catalog after Microsoft reported that the Russia-linked APT28 group (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ” used a previously u

Education 140
article thumbnail

Ring agrees to pay $5.6 million after cameras were used to spy on customers

Malwarebytes

Amazon’s Ring has settled with the Federal Trade Commission (FTC) over charges that the company allowed employees and contractors to access customers’ private videos , and failed to implement security protections which enabled hackers to take control of customers’ accounts, cameras, and videos. The FTC is now sending refunds totaling more than $5.6 million to US consumers as a result of the settlement.

More Trending

article thumbnail

WP Automatic WordPress plugin hit by millions of SQL injection attacks

Bleeping Computer

Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access. [.

article thumbnail

CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-20353 Cisco ASA and FTD Denial of Service Vulnerability CVE-2024-20359 Cisco ASA and FTD Privilege Escalation Vulnerability CVE-2024-4040 CrushFTP VFS Sandbox Escape Vulnerability Cisco Talos this week warned that the nati

VPN 133
article thumbnail

New Brokewell malware takes over Android devices, steals data

Bleeping Computer

Security researchers have discovered a new Android banking trojan they named Brokewell that can capture every event on the device, from touches and information displayed to text input and the applications the user launches. [.

Malware 133
article thumbnail

DOJ arrested the founders of crypto mixer Samourai for facilitating $2 Billion in illegal transactions

Security Affairs

The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer Samourai. The U.S. Department of Justice (DoJ) has arrested two co-founders of the cryptocurrency mixer Samourai and seized the service. The allegations include claims of facilitating over $2 billion in illicit transactions and laundering more than $100 million in criminal proceeds.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

N.A. Developers Optimistic About Generative AI and Code Security

Security Boulevard

Developers in North America are more likely than their counterparts in other regions to see generative AI as a tool that can improve the security of the code they’re writing, according to a report by market research firm Evans Data Corp. The company’s most recent Global Development Survey found that 37.6% of programmers from North. The post N.A. Developers Optimistic About Generative AI and Code Security appeared first on Security Boulevard.

Marketing 130
article thumbnail

Researchers sinkhole PlugX malware server with 2.5 million unique IPs

Bleeping Computer

Researchers have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2.5 million connections from unique IP addresses. [.

Malware 122
article thumbnail

AI Adoption Prompts Security Advisory from NSA

Security Boulevard

The warning underscores the importance of a collaborative approach to AI security involving stakeholders across different domains, including data science and infrastructure. The post AI Adoption Prompts Security Advisory from NSA appeared first on Security Boulevard.

Risk 123
article thumbnail

“Junk gun” ransomware: the cheap new threat to small businesses

Graham Cluley

A wave of cheap, crude, amateurish ransomware has been spotted on the dark web - and although it may not make as many headlines as LockBit, Rhysida, and BlackSuit, it still presents a serious threat to organizations. Read more in my article on the Tripwire State of Security blog.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Alert: “Brokewell” Malware – New Threat Targets Bank Users with Remote Device Takeover

Penetration Testing

ThreatFabric has unveiled a sophisticated new Android malware strain named “Brokewell.” This potent threat combines extensive data theft capabilities with remote device control, allowing attackers to hijack infected phones for fraudulent financial transactions. The... The post Alert: “Brokewell” Malware – New Threat Targets Bank Users with Remote Device Takeover appeared first on Penetration Testing.

Banking 120
article thumbnail

Cyber Threats Linked to Iran-Israel Conflict

Digital Shadows

Explore how rising Iran-Israel tensions might escalate cyber threats, involving APT groups like APT34 & Predatory Sparrow, and how at-risk firms can defend.

article thumbnail

Understanding the Change Healthcare Breach and Its Impact on Security Compliance

Security Boulevard

Healthcare ransomware incidents are far too common, but none have wreaked as much havoc as the recent Change Healthcare attack. Rick Pollack, President and CEO of the American Hospital Association stated that “the Change Healthcare cyberattack is the most significant and consequential incident of its kind against the U.S. healthcare system in history.

article thumbnail

Skylab IGX IIoT Gateway Vulnerability (CVE-2024-4163): Root Access for Attackers

Penetration Testing

A significant vulnerability has been exposed in the widely-used Skylab IGX IIoT Gateway (CVE-2024-4163), allowing attackers to escalate their privileges and potentially take complete control of the affected devices. This flaw puts sensitive industrial... The post Skylab IGX IIoT Gateway Vulnerability (CVE-2024-4163): Root Access for Attackers appeared first on Penetration Testing.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures

The Hacker News

The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT.

Malware 125
article thumbnail

Cisco Zero-Day Exploit Code Goes Public: Patch Now or Face Total System Takeover

Penetration Testing

The release of public PoC exploit code targeting a maximum severity zero-day flaw in Cisco IOS XE (CVE-2023-20198) has dramatically amplified the risk landscape for countless organizations worldwide. Previously, only a few advanced attackers... The post Cisco Zero-Day Exploit Code Goes Public: Patch Now or Face Total System Takeover appeared first on Penetration Testing.

article thumbnail

RSAC 2024 Innovation Sandbox | The Future Frontline: Harmonic Security’s Data Protection in the AI Era

Security Boulevard

The RSA Conference 2024 will kick off on May 6. Known as the “Oscars of Cybersecurity,” the RSAC Innovation Sandbox has become a benchmark for innovation in the cybersecurity industry. Let’s focus on the new hotspots in cybersecurity and understand the new trends in security development. Today, let’s get to know Harmonic Security. Introduction of […] The post RSAC 2024 Innovation Sandbox | The Future Frontline: Harmonic Security’s Data Protection in the AI Era appeared first on NSFOCUS, Inc

article thumbnail

AI Powers a Phishing Frenzy – Zscaler Report Warns of Unprecedented Threat Wave

Penetration Testing

Recently, Zscaler ThreatLabz released its 2024 Phishing Report, revealing a disturbing evolution in phishing tactics fueled by generative AI technologies. This detailed analysis, based on over 2 billion phishing transactions in 2023, presents a... The post AI Powers a Phishing Frenzy – Zscaler Report Warns of Unprecedented Threat Wave appeared first on Penetration Testing.

Phishing 110
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

DOJ Arrests Founders of Crypto Mixer Samourai for $2 Billion in Illegal Transactions

The Hacker News

The U.S. Department of Justice (DoJ) on Wednesday announced the arrest of two co-founders of a cryptocurrency mixer called Samourai and seized the service for allegedly facilitating over $2 billion in illegal transactions and for laundering more than $100 million in criminal proceeds.

article thumbnail

Hackers Employ Advanced Fileless Attack to Implant AgentTesla Malware

Penetration Testing

SonicWall Capture Labs threat research team has recently uncovered sophisticated.NET managed code injection methods employed by the notorious AgentTesla malware, marking a significant advancement in malware delivery tactics. The detailed technical analysis provided... The post Hackers Employ Advanced Fileless Attack to Implant AgentTesla Malware appeared first on Penetration Testing.

Malware 109
article thumbnail

Women in Cybersecurity: ISC2 Survey Shows Pay Gap and Benefits of Inclusive Teams

Tech Republic Security

About 23% of security teams include women, ISC2 found in its Cybersecurity Workforce Study.

article thumbnail

Network Threats: A Step-by-Step Attack Demonstration

The Hacker News

Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Reddit down in major outage blocking access to web, mobile apps

Bleeping Computer

Reddit is investigating a major outage blocking users worldwide from accessing the social network's websites and mobile apps.

Mobile 117
article thumbnail

North Korean Hackers Intensify Cyberattacks on South's Arms Industry

SecureWorld News

North Korea's prolific state-sponsored hacking units are once again setting their sights on South Korea's defense and arms manufacturing sector. According to cybersecurity analysts, the notorious Lazarus Group, as well as other crews like Kimsuky and Andariel, have launched multiple cyberattacks over the past year targeting South Korean companies involved in military and weapons technology development.

article thumbnail

FBI warns against using unlicensed crypto transfer services

Bleeping Computer

The FBI has warned today that using unlicensed cryptocurrency transfer services can result in financial loss if these platforms are taken down by law enforcement. [.

article thumbnail

Gripped by Python: 5 reasons why Python is popular among cybersecurity professionals

We Live Security

Python’s versatility and short learning curve are just two factors that explain the language’s firm 'grip' on cybersecurity.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.