Jailbreaking LLMs with ASCII Art
Schneier on Security
MARCH 12, 2024
Researchers have demonstrated that putting words in ASCII art can cause LLMs—GPT-3.5, GPT-4 , Gemini, Claude, and Llama2—to ignore their safety instructions. Research paper.
Tue.Mar 12, 2024
327 
Welcoming the Liechtenstein Government to Have I Been Pwned
Troy Hunt
MARCH 12, 2024
Over the last 6 years, we've been very happy to welcome dozens of national governments to have unhindered access to their domains in Have I Been Pwned , free from cost and manual verification barriers. Today, we're happy to welcome Liechtenstein's National Cyber Security Unit who now have full access to their government domains. We provide this support to governments to help those tasked with protecting their national interests understand more about the threats posed by data breac
Join 28,000+
Insiders
Sign Up for our Newsletter
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Beyond Pleasantries: Understanding Kindness vs. Niceness
Jane Frankland
MARCH 12, 2024
In the tapestry of human interactions, the words ‘kind’ and ‘nice’ are often woven together so tightly that their distinct threads seem indistinguishable. On the surface, both suggest a pleasantness, a quality of being agreeable or gentle in nature. But is there more to it? Could these two seemingly synonymous words actually spell out different narratives in the screenplay of our lives?
Information Security Policy
Tech Republic Security
MARCH 12, 2024
Information is the lifeblood of the business. Without it, employees can’t work, customers can’t interact with the business, bills can’t be paid and profits can’t be earned. Any given technological environment is useless if its main purpose for existence — the processing and sharing of information — is threatened or eliminated.
Prevent Data Breaches With Zero-Trust Enterprise Password Management
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws
The Hacker News
MARCH 12, 2024
Microsoft on Tuesday released its monthly security update, addressing 61 different security flaws spanning its software, including two critical issues impacting Windows Hyper-V that could lead to denial-of-service (DoS) and remote code execution. Of the 61 vulnerabilities, two are rated Critical, 58 are rated Important, and one is rated Low in severity.
VCURMS: New Java RATs Unleashed in Sophisticated Phishing Scheme
Penetration Testing
MARCH 12, 2024
A recently uncovered phishing campaign demonstrates a concerning level of sophistication in its efforts to infiltrate systems and deploy an array of powerful Remote Access Trojans (RATs). Security researchers at FortiGuard Labs have discovered... The post VCURMS: New Java RATs Unleashed in Sophisticated Phishing Scheme appeared first on Penetration Testing.
Sign up to get articles personalized to your interests!
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
More Trending
Equipment Reassignment Checklist
Tech Republic Security
MARCH 12, 2024
The reassignment of existing equipment takes place when employees leave the organization or receive new computers, mobile devices, printers and other assets. It is essential to follow strict guidelines for equipment reassignment so that company investments, data and privacy are protected. The following checklist, written by Scott Matteson for TechRepublic Premium, will help ensure that.
Tor’s new WebTunnel bridges mimic HTTPS traffic to evade censorship
Bleeping Computer
MARCH 12, 2024
The Tor Project officially introduced WebTunnel, a new bridge type specifically designed to help bypass censorship targeting the Tor network by hiding connections in plain sight. [.
Insurance scams via QR codes: how to recognise and defend yourself
Security Affairs
MARCH 12, 2024
Threat actors can abuse QR codes to carry out sophisticated scams, as reported by the Italian Postal Police in its recent alert. As is well known, QR codes are two-dimensional barcodes that can be read with a smartphone or other hand-held device. They are widely used to access information, services, or online payments quickly and conveniently. However, they can also hide scams, as denounced by the Italian Postal Police in its recent alert.
Top 10 web application vulnerabilities in 2021–2023
SecureList
MARCH 12, 2024
To help companies with navigating the world of web application vulnerabilities and securing their own web applications, the Open Web Application Security Project (OWASP) online community created the OWASP Top Ten. As we followed their rankings, we noticed that the way we ranked major vulnerabilities was different. Being curious, we decided to find out just how big the difference was.
Optimizing The Modern Developer Experience with Coder
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Microsoft Patch Tuesday security updates for March 2024 fixed 59 flaws
Security Affairs
MARCH 12, 2024
Microsoft Patch Tuesday security updates for March 2024 addressed 59 security vulnerabilities in its products, including RCE flaws. Microsoft released Patch Tuesday security updates for March 2023 that address 59 security vulnerabilities in its products. The IT giant addressed vulnerabilities in Microsoft Windows and Windows Components; Office and Office Components; Azure; NET Framework and Visual Studio; SQL Server; Windows Hyper-V; Skype; Microsoft Components for Android; and Microsoft Dynamic
Fortinet Issues Urgent Security Patches for Critical Vulnerabilities
Penetration Testing
MARCH 12, 2024
Fortinet, a leading cybersecurity firm, has released five security advisories addressing six major vulnerabilities affecting its popular FortiOS, FortiProxy, and FortiClientEMS products. These vulnerabilities have high severity ratings and require immediate attention from administrators... The post Fortinet Issues Urgent Security Patches for Critical Vulnerabilities appeared first on Penetration Testing.
FakeBat delivered via several active malvertising campaigns
Malwarebytes
MARCH 12, 2024
February was a particularly busy month for search-based malvertising with the number of incidents we documented almost doubling. We saw similar payloads being dropped but also a few new ones that were particularly good at evading detection. One malware family we have been tracking on this blog is FakeBat. It is very unique in that the threat actor uses MSIX installers packaged with heavily obfuscated PowerShell code.
First-ever South Korean national detained for espionage in Russia
Security Affairs
MARCH 12, 2024
Russian authorities have detained a South Korean national on cyber espionage charges, it is the first time for a Korean citizen. Russian authorities have arrested a South Korean citizen on charges of cyber espionage, marking the first instance involving a Korean national. “During the investigation of an espionage case, a South Korean citizen Baek Won-soon was identified and detained in Vladivostok, and put into custody under a court order.
The Tumultuous IT Landscape Is Making Hiring More Difficult
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Watch Out: These PyPI Python Packages Can Drain Your Crypto Wallets
The Hacker News
MARCH 12, 2024
Threat hunters have discovered a set of seven packages on the Python Package Index (PyPI) repository that are designed to steal BIP39 mnemonic phrases used for recovering private keys of a cryptocurrency wallet. The software supply chain attack campaign has been codenamed BIPClip by ReversingLabs.
CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign
Trend Micro
MARCH 12, 2024
In addition to our Water Hydra APT zero day analysis, the Zero Day Initiative (ZDI) observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412.
Over 12 million auth secrets and keys leaked on GitHub in 2023
Bleeping Computer
MARCH 12, 2024
GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. [.
CTEM 101 - Go Beyond Vulnerability Management with Continuous Threat Exposure Management
The Hacker News
MARCH 12, 2024
In a world of ever-expanding jargon, adding another FLA (Four-Letter Acronym) to your glossary might seem like the last thing you’d want to do.
The Cloud Development Environment Adoption Report
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Tweaks Stealer Targets Roblox Users Through YouTube and Discord
Security Boulevard
MARCH 12, 2024
IntroductionZscaler’s ThreatLabz recently discovered a new campaign distributing an infostealer called Tweaks (aka Tweaker) that targets Roblox users. Attackers are exploiting popular platforms, like YouTube and Discord, to distribute Tweaks to Roblox users, capitalizing on the ability of legitimate platforms to evade detection by web filter block lists that typically block known malicious servers.
Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs
Bleeping Computer
MARCH 12, 2024
Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws. [.
No More Patches: D-Link DIR-822 Vulnerable to Remote Takeovers (CVE-2024-25331)
Penetration Testing
MARCH 12, 2024
Security researchers Quynh Le and Eng De Sheng from Ensign InfoSecurity Labs have uncovered a major security flaw (CVE-2024-25331) in the popular D-Link DIR-822 router. This vulnerability leaves the door wide open for unauthenticated... The post No More Patches: D-Link DIR-822 Vulnerable to Remote Takeovers (CVE-2024-25331) appeared first on Penetration Testing.
Windows KB5035849 update failing to install with 0xd000034 errors
Bleeping Computer
MARCH 12, 2024
The KB5035849 cumulative update released during today's Patch Tuesday fails to install on Windows 10 and Windows Server systems with 0xd0000034 errors. [.
Bringing the Cybersecurity Imperative Into Focus
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Ransomware review: March 2024
Malwarebytes
MARCH 12, 2024
This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, “known attacks” are those where the victim did not pay a ransom. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher.
Broadcom Merging Carbon Black, Symantec to Create Security Unit
Security Boulevard
MARCH 12, 2024
Carbon Black’s uncertain future following the closing of Broadcom’s $69 billion acquisition of VMware in November is now settled, with the security software business merging with Symantec to form Broadcom’s new Enterprise Security Group. Broadcom will make “significant investments in both brands” and offer both Carbon Black and Symantec product portfolios through the new business.
SAP Security Patch Day: CVE-2024-22127 – Critical Vulnerability Demand Immediate Action
Penetration Testing
MARCH 12, 2024
Enterprise software leader SAP released a critical set of patches as part of its March 2024 Security Patch Day, addressing multiple severe vulnerabilities within its widely used product suite. Topping the list are three... The post SAP Security Patch Day: CVE-2024-22127 – Critical Vulnerability Demand Immediate Action appeared first on Penetration Testing.
Alert: FBI Warns Of BlackCat Ransomware Healthcare Attack
Security Boulevard
MARCH 12, 2024
In recent months, a concerning trend has emerged within the healthcare sector: the resurgence of BlackCat ransomware attacks. The BlackCat ransomware healthcare attack has prompted a joint advisory from the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS), warning healthcare organizations about […] The post Alert: FBI Warns Of BlackCat Ransomware Healthcare Attack appeared first on TuxCare.
Introducing CDEs to Your Enterprise
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
GhostRace (CVE-2024-2193): Processor Flaws Enable Kernel Attacks
Penetration Testing
MARCH 12, 2024
Researchers from Vrije Universiteit Amsterdam and IBM Research Europe have uncovered a new security vulnerability dubbed “GhostRace” (CVE-2024-2193) that exposes a critical flaw in the foundational elements of operating system security: synchronization primitives. This... The post GhostRace (CVE-2024-2193): Processor Flaws Enable Kernel Attacks appeared first on Penetration Testing.
Windows 10 KB5035845 update released with 9 new changes, fixes
Bleeping Computer
MARCH 12, 2024
Microsoft has released the KB5035845 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes nine new changes and fixes. [.
Election cybersecurity: Protecting the ballot box and building trust in election integrity
We Live Security
MARCH 12, 2024
What cyberthreats could wreak havoc on elections this year and how worried should we as voters be about the integrity of our voting systems?
CVE-2024-22039 (CVSS 10): Siemens Fire Protection Systems Vulnerable to Remote Attacks
Penetration Testing
MARCH 12, 2024
A serious security alert from Siemens ProductCERT reveals that multiple products within their widely used Sinteso EN and Cerberus PRO EN fire protection systems harbor critical vulnerabilities. These flaws could be exploited by attackers... The post CVE-2024-22039 (CVSS 10): Siemens Fire Protection Systems Vulnerable to Remote Attacks appeared first on Penetration Testing.
IT Leadership Agrees AI is Here, but Now What?
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Let's personalize your content