Tue.Dec 19, 2023

article thumbnail

OpenAI Is Not Training on Your Dropbox Documents—Today

Schneier on Security

There’s a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents. Here’s CNBC. Here’s Boing Boing. Some articles are more nuanced , but there’s still a lot of confusion. It seems not to be true. Dropbox isn’t sharing all of your documents with OpenAI. But here’s the problem: we don’t trust OpenAI.

article thumbnail

BlackCat Ransomware Raises Ante After FBI Disruption

Krebs on Security

The U.S. Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world’s second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang’s darknet website, and released a decryption tool that hundreds of victim companies can use to recover systems. Meanwhile, BlackCat responded by briefly “unseizing” its darknet site with a message promising 90 percent commissions for affiliates who con

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

What Australia’s Digital ID Means to How Citizens Interact With Businesses Online

Tech Republic Security

Australia is about to get a national online ID system — the Digital ID — which promises to improve the security and privacy of data online. However, concerns among Australians persist.

Big data 161
article thumbnail

5 Major Cybersecurity Trends to Know for 2024

eSecurity Planet

As 2023 draws to an end and cybersecurity budgeting is nearly complete, it helps to consider the year’s events and try to predict next year’s trends. After receiving input from industry experts and doing my own analysis of the year’s driving forces, I identified five major cybersecurity trends. We each need to consider how these trends may affect our organizations and allocate our budgets and resources accordingly: AI will turbo-charge cybersecurity and cyberthreats: Artificial intelligence (AI

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

12 Essential Steps Mac Users Need To Take At Year End

Tech Republic Security

As the year comes to a close, Mac users should take these steps to ensure their device's security, performance and organization.

article thumbnail

FBI disrupts Blackcat ransomware operation, creates decryption tool

Bleeping Computer

The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys. [.

More Trending

article thumbnail

Comcast’s Xfinity customer data exposed after CitrixBleed attack

Security Affairs

Comcast’s Xfinity discloses a data breach after a cyber attack hit the company by exploiting the CitrixBleed vulnerability. Comcast’s Xfinity is notifying its customers about the compromise of their data in a cyberattack that involved the exploitation of the CitrixBleed flaw. CitrixBleed is a critical vulnerability, tracked as CVE-2023-4966 , in Citrix NetScaler ADC (Application Delivery Controller) software.

article thumbnail

10 Cybersecurity Trends That Emerged in 2023

Security Boulevard

Our digital world never stands still. How we do business and interact with each other is evolving at a breakneck pace. We saw during the pandemic that digital transformation of all kinds can happen faster than we ever thought possible. It’s a thrilling time to work in cybersecurity, but new technology and unprecedented opportunities also present us with extraordinary challenges.

article thumbnail

FBI claims to have dismantled AlphV/Blackcat ransomware operation, but the group denies it

Security Affairs

The Federal Bureau of Investigation (FBI) announced the seizure of the Tor leak site of the AlphV/Blackcat ransomware group. The FBI seized the Tor leak site of the AlphV/Blackcat ransomware group and replaced the home page with the announcement of the seizure. BlackCat/ALPHV ransomware gang has been active since November 2021, the list of its victims is long and includes industrial explosives manufacturer SOLAR INDUSTRIES INDIA , the US defense contractor NJVC , gas pipeline Creos Luxembourg S.

article thumbnail

AI Coding Tools: How to Address Security Issues

Security Boulevard

Even though organizations are using AI-based coding, about the benefits and security fears of AI-based software development. The post AI Coding Tools: How to Address Security Issues appeared first on Security Boulevard.

Software 119
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Mr. Cooper leaks personal data of 14 million loan and mortgage customers

Malwarebytes

A major mortgage and loan company based in Dallas, working under the name Mr. Cooper Group Inc. has released more information on a recent breach. In a data breach notification , the company didn’t say what type of cyberattack caused the compromise of customer data, calling it a rather non-descriptive “External system breach (hacking).” For those unfamiliar with the name, Mr.

article thumbnail

Play Ransomware Has Hit 300 Entities Worldwide: FBI

Security Boulevard

The Play ransomware group, which was behind such high-profile attacks as those on the city of Oakland, California, and Dallas County, Texas, is behind at least 300 similar cyber-incidents since June 2022, according to government cybersecurity agencies in the United States and Australia. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, joined.

article thumbnail

IaaS Security: Top 8 Issues & Prevention Best Practices

eSecurity Planet

Infrastructure as a service security is a concept that assures the safety of organizations’ data, applications, and networks in the cloud. Understanding the risks, advantages, and best practices connected with IaaS security is becoming increasingly important as enterprises shift their infrastructure to the cloud. By exploring the top eight issues and preventative measures, as well as shedding light on the security benefits of IaaS, you can better secure your cloud security infrastructure.

article thumbnail

BMW dealer at risk of takeover by cybercriminals

Security Affairs

By neglecting to set a password, a BMW dealer in India has jeopardized the entire network of car dealerships in the country and put its clients at risk. The Cybernews research team has discovered that the Bengaluru branch of BMW Kun Exclusive, a BMW dealership in India, has exposed sensitive data to the public. The data leak could have resulted in unauthorized access to sensitive clients’ and business data or even a full takeover of the BMW outlet’s internal systems by threat actors.

Risk 120
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Are We Ready to Give Up on Security Awareness Training?

The Hacker News

Some of you have already started budgeting for 2024 and allocating funds to security areas within your organization. It is safe to say that employee security awareness training is one of the expenditure items, too. However, its effectiveness is an open question with people still engaging in insecure behaviors at the workplace.

article thumbnail

Smishing Triad: Cybercriminals Impersonate UAE Federal Authority for Identity and Citizenship on the Peak of Holidays Season

Security Affairs

Smishing Triad: Researchers warn crooks impersonating UAE Federal Authority for Identity and citizenship ahead of the Holiday Season Resecurity, Inc. (USA) has identified a new fraudulent campaign by the Smishing Triad gang in which they are impersonating the United Arab Emirates Federal Authority for Identity and Citizenship. This campaign involves malicious SMS/iMessage texts that pretend to be on behalf of the General Directorate of Residency and Foreigners Affairs, targeting digital identity

article thumbnail

CMMC Enclaves: What they are. How they help compliance.

Security Boulevard

As CMMC Final Rule approaches, one of the most common concerns defense contractors have is the cost of achieving compliance. CMMC will step up enforcement of the 110 NIST 800-171 controls, making compliance a prerequisite for continued work with the Department of Defense (DoD). In order to achieve certification, defense contractors will need to budget […] The post <span style="color:#f05f2a;">CMMC Enclaves:</span> What they are.<br/> How they help compliance. appeared fir

109
109
article thumbnail

Sharing stories on the CyberTuesday podcast

Graham Cluley

Simon Whittaker, CEO of Vertical Structure, invited me onto the "CyberTuesday" show to share some stories and opinions from the world of cybersecurity. I couldn't resist also breaking into my Jason Statham impression at one point.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Microsoft confirms Windows 11 Wi-Fi issues, asks for user feedback

Bleeping Computer

Microsoft has confirmed that some Windows 11 devices experience Wi-Fi connectivity issues after installing recent cumulative updates. [.

125
125
article thumbnail

Invest vs. Optimize: Industry Leaders Weigh in on Simplifying Security Tech Stacks 

NetSpi Executives

It’s a question older than the internet—do we optimize our existing tech stack or invest in new technology? The debate is as fresh today as ever, especially with the saturation of solutions promising to simplify security stacks. NetSPI Partners bring a fresh perspective to the lofty goal of simplifying detection and response outcomes by weighing in on the long-term effects of complexity, discussing when to optimize versus invest in technology, and explaining how automation can ease workflows and

CISO 105
article thumbnail

The Shift-Left Approach: The Evolution of Security in DevOps

GlobalSign

DevOps teams are facing new challenges to securing their environments. Let’s explore how shift-left practices can address them.

122
122
article thumbnail

New Web injections campaign steals banking data from 50,000 people

Bleeping Computer

A new malware campaign that emerged in March 2023 used JavaScript web injections to try to steal the banking data of over 50,000 users of 40 banks in North America, South America, Europe, and Japan. [.

Banking 104
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

FBI Takes Down BlackCat Ransomware, Releases Free Decryption Tool

The Hacker News

The U.S. Justice Department (DoJ) has officially announced the disruption of the BlackCat ransomware operation and released a decryption tool that victims can use to regain access to files locked by the malware. Court documents show that the U.S.

article thumbnail

The Top 10 CompTIA Community Videos of 2023

CompTIA on Cybersecurity

CompTIA has produced an abundance of YouTube content and we’ve rallied our top 10 videos of the year. Here are the Top 10 videos from the CompTIA Connect YouTube channel for 2023.

102
102
article thumbnail

Interpol operation arrests 3,500 cybercriminals, seizes $300 million

Bleeping Computer

An international law enforcement operation codenamed 'Operation HAECHI IV' has led to the arrest of 3,500 suspects of various lower-tier cybercrimes and seized $300 million in illicit proceeds. [.

article thumbnail

Behind the Scenes of Matveev's Ransomware Empire: Tactics and Team

The Hacker News

Cybersecurity researchers have shed light on the inner workings of the ransomware operation led by Mikhail Pavlovich Matveev, a Russian national who was indicted by the U.S. government earlier this year for his alleged role in launching thousands of attacks across the world.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

Everything You Need to Know About Microsoft DLP

Digital Guardian

Microsoft DLP, part of the larger Purview offering, can be a part of your organization's defensive strategy and complemented by Digital Guardian's enhanced offering.

102
102
article thumbnail

Apache Struts (CVE-2023-50164) RCE Vulnerability Affects some Cisco Products

Penetration Testing

In light of a severe vulnerability discovered in Apache Struts, Cisco Systems has elucidated the impact on its products. The culprit, a path traversal vulnerability identified as CVE-2023-50164, has sent ripples through the cyber... The post Apache Struts (CVE-2023-50164) RCE Vulnerability Affects some Cisco Products appeared first on Penetration Testing.

article thumbnail

ESET Threat Report H2 2023

We Live Security

The H2 2023 issue of ESET Threat Report reviews the key trends and developments that shaped the threat landscape from June to Novembery 2023.

article thumbnail

CVE-2023-43826: Integer Overflow in Apache Guacamole Opens Door to RCE

Penetration Testing

A vulnerability has recently been identified in Apache Guacamole, an HTML5 web application that provides access to desktop environments using remote desktop protocols (such as VNC or RDP). Guacamole is also the project that... The post CVE-2023-43826: Integer Overflow in Apache Guacamole Opens Door to RCE appeared first on Penetration Testing.

article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.