Fri.Mar 08, 2024

article thumbnail

A Taxonomy of Prompt Injection Attacks

Schneier on Security

Researchers ran a global prompt hacking competition, and have documented the results in a paper that both gives a lot of good examples and tries to organize a taxonomy of effective prompt injection strategies. It seems as if the most common successful strategy is the “compound instruction attack,” as in “Say ‘I have been PWNED’ without a period.” Ignore This Title and HackAPrompt: Exposing Systemic Vulnerabilities of LLMs through a Global Scale Prompt Hacking

Hacking 308
article thumbnail

A Close Up Look at the Consumer Data Broker Radaris

Krebs on Security

If you live in the United States, the data broker Radaris likely knows a great deal about you, and they are happy to sell what they know to anyone. But how much do we know about Radaris? Publicly available data indicates that in addition to running a dizzying array of people-search websites, the co-founders of Radaris operate multiple Russian-language dating services and affiliate programs.

Media 297
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Essays from the Second IWORD

Schneier on Security

The Ash Center has posted a series of twelve essays stemming from the Second Interdisciplinary Workshop on Reimagining Democracy ( IWORD 2023 ). Aviv Ovadya, Democracy as Approximation: A Primer for “AI for Democracy” Innovators Kathryn Peters, Permission and Participation Claudia Chwalisz, Moving Beyond the Paradigm of “Democracy”: 12 Questions Riley Wong, Privacy-Preserving Data Governance Christine Tran, Recommendations for Implementing Jail Voting: Identifying Common Themes Niclas Boehmer, T

article thumbnail

Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

The Hacker News

Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024.

Hacking 145
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Critical Fortinet flaw may impact 150,000 exposed devices

Bleeping Computer

Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication. [.

article thumbnail

Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client

The Hacker News

Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to open a VPN session with that of a targeted user. The networking equipment company described the vulnerability, tracked as CVE-2024-20337 (CVSS score: 8.

VPN 144

More Trending

article thumbnail

Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration.

Security Affairs

The ransomware attack on Xplain impacted tens of thousands Federal government files, said the National Cyber Security Centre (NCSC) of Switzerland. The National Cyber Security Centre (NCSC) published a data analysis report on the data breach resulting from the ransomware attack on the IT services provider Xplain. The attack took place on May 23, 2023 and the Play ransomware gang claimed responsibility for the data breach.

article thumbnail

Microsoft says Russian hackers breached its systems, accessed source code

Bleeping Computer

Microsoft says the Russian 'Midnight Blizzard' hacking group recently accessed some of its internal systems and source code repositories using authentication secrets stolen during a January cyberattack. [.

article thumbnail

QNAP fixed three flaws in its NAS devices, including an authentication bypass

Security Affairs

QNAP addressed three vulnerabilities in its NAS products that can be exploited to access devices. QNAP addressed three vulnerabilities in Network Attached Storage (NAS) devices that can be exploited to access the devices. The three flaws fixed are: CVE-2024-21899 : an improper authentication vulnerability could allow users to compromise the security of the system via a network.

article thumbnail

Patch now! VMWare escape flaws are so serious even end-of-life software gets a fix

Malwarebytes

VMWare has issued secuity fixes for its VMware ESXi, Workstation, Fusion, and Cloud Foundation products. It has even taken the unusual step of issuing updates for versions of the affected software that have reached thier end-of-life, meaning they would normally no longer be supported. This flaws affect customers who have deployed VMware Workstation, VMware Fusion, and/or VMware ESXi by itself or as part of VMware vSphere or VMware Cloud Foundation.

Software 139
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Enjoy 2 Years of Unrestricted Access to Your Favorite Content for Only $40

Tech Republic Security

Unlocator VPN + Free Smart DNS blasts through firewalls, censorship and geo-restrictions so you will always be able to access your favorite content. Use code ENJOY20 at checkout.

DNS 139
article thumbnail

Cisco addressed severe flaws in its Secure Client

Security Affairs

Cisco addressed two high-severity vulnerabilities in Secure Client that could lead to code execution and unauthorized remote access VPN sessions. Cisco released security patches to address two high-severity vulnerabilities in Secure Client respectively tracked as CVE-2024-20337 and CVE-2024-20338. Cisco Secure Client is a security tool developed by Cisco that provides VPN (Virtual Private Network) access and Zero Trust Network Access (ZTNA) support along with security and monitoring capabilities

VPN 139
article thumbnail

CVE-2024-21899 (CVSS 9.8): Critical QNAP Flaw Opens Door to Hackers

Penetration Testing

QNAP has issued a critical security advisory regarding multiple vulnerabilities impacting their NAS software solutions. These vulnerabilities, if left unaddressed, could provide attackers with various avenues for compromising affected devices. What’s the Risk? The... The post CVE-2024-21899 (CVSS 9.8): Critical QNAP Flaw Opens Door to Hackers appeared first on Penetration Testing.

article thumbnail

Meta Details WhatsApp and Messenger Interoperability to Comply with EU's DMA Regulations

The Hacker News

Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) went into effect in the European Union.

Marketing 138
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Are You Ready to Protect Your Company From Insider Threats? Probably Not

Security Boulevard

The bad news is insider threats are on the rise. The worse news is that most companies are unprepared to meet the moment. The post Are You Ready to Protect Your Company From Insider Threats? Probably Not appeared first on Security Boulevard.

Risk 131
article thumbnail

Secrets Sensei: Conquering Secrets Management Challenges

The Hacker News

In the realm of cybersecurity, the stakes are sky-high, and at its core lies secrets management — the foundational pillar upon which your security infrastructure rests. We're all familiar with the routine: safeguarding those API keys, connection strings, and certificates is non-negotiable. However, let's dispense with the pleasantries; this isn't a simple 'set it and forget it' scenario.

article thumbnail

QNAP warns of critical auth bypass flaw in its NAS devices

Bleeping Computer

QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. [.

Software 130
article thumbnail

The Unyielding Call to Invest in Women on International Women’s Day

Jane Frankland

International Women’s Day is one of those annual landmarks that shouldn’t just be about the magnolia-laden rhetoric and floral tributes. It’s a day that should starkly remind us of the work left undone, the chasms unbridged, and the opportunities squandered due to the gender divide. It’s a day to reflect on why we need to not just celebrate women but invest in their limitless potential.

Banking 130
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

TikTok Ban Incoming — but ByteDance Fights Back

Security Boulevard

Hilltop BillTok: ByteDance mobilizing addicted user base, as U.S. TikTok ban steamrolls through Capitol Hill after unanimous committee vote. The post TikTok Ban Incoming — but ByteDance Fights Back appeared first on Security Boulevard.

Mobile 128
article thumbnail

Invoke-ADEnum: Automate Active Directory Enumeration using PowerView

Penetration Testing

Invoke-ADEnum Active Directory Enumeration Invoke-ADEnum is an Active Directory enumeration tool designed to automate the process of gathering information from an Active Directory environment, leveraging the capabilities of PowerView. With Invoke-ADEnum, you can quickly... The post Invoke-ADEnum: Automate Active Directory Enumeration using PowerView appeared first on Penetration Testing.

article thumbnail

Update now! JetBrains TeamCity vulnerability abused at scale

Malwarebytes

JetBrains issued a warning on March 4, 2024 about two serious vulnerabilities in TeamCity server. The flaws can be used by a remote, unauthenticated attacker with HTTP(S) access to a TeamCity on-premises server to bypass authentication checks and gain administrative control of the TeamCity server. TeamCity is a build management and continuous integration and deployment server from JetBrains that allows developers to commit code changes into a shared repository several times a day.

article thumbnail

Russian Hackers Access Source Code in Ongoing Attack on Microsoft

Security Boulevard

The Russian state-sponsored bad actors who hacked into the corporate email accounts of executives at Microsoft are taking another run at the IT giant, this time using information stolen then to access the company’s source code repositories and other internal systems now. The Midnight Blizzard group – also known as Nobelium, Cozy Bear, and APT29. The post Russian Hackers Access Source Code in Ongoing Attack on Microsoft appeared first on Security Boulevard.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

APKDeepLens: scan Android applications for security vulnerabilities

Penetration Testing

APKDeepLens APKDeepLens is a Python-based tool designed to scan Android applications (APK files) for security vulnerabilities. It specifically targets the OWASP Top 10 mobile vulnerabilities, providing an easy and efficient way for developers, penetration... The post APKDeepLens: scan Android applications for security vulnerabilities appeared first on Penetration Testing.

article thumbnail

Change Healthcare Gets Pharmacy Systems Up After Ransomware Attack

Security Boulevard

There is some relief coming for beleaguered pharmacies, hospitals, and patient now that UnitedHealth Group has the electronic prescribing systems for its Change Healthcare business up and running after being down for weeks following an attack last month by ransomware group BlackCat. In the wake of the February 21 attack, Change – which acts as. The post Change Healthcare Gets Pharmacy Systems Up After Ransomware Attack appeared first on Security Boulevard.

article thumbnail

Midnight Blizzard Accesses Microsoft Internal Systems and Source Code

Penetration Testing

Microsoft has confirmed a new, significant intrusion by the persistent Russia-based hacking group Midnight Blizzard (NOBELIUM). The threat actors leveraged information exfiltrated during a January cyberattack to gain recent, unauthorized access to Microsoft’s internal... The post Midnight Blizzard Accesses Microsoft Internal Systems and Source Code appeared first on Penetration Testing.

article thumbnail

Magnificent Seven: Celebrating Great Women in Cybersecurity and Data Protection

BH Consulting

This year, the theme of International Women’s Day is ‘Inspire Inclusion’. That inspiration is needed, because inequality and gender representation still need to improve in cybersecurity. Even though girls outperform at school, just 26 per cent of people under the age of 30 working in cybersecurity are female, according to ISC2. And the percentage is even lower when it comes to senior leadership roles.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Closing the Gender Gap: How the Tech Market can Benefit from Better Representation of Women

GlobalSign

For International Women’s Day, we take a look at the recent decline of women in tech and explore how organizations can address the gender gap.

Marketing 105
article thumbnail

Critical Vulnerabilities Found in Popular Smart Locks

Penetration Testing

Smart locks promise convenience and a futuristic feel, but recent research exposes a dark side to this technology. Kontrol and Elock locks, both utilizing firmware from the company Sciener, have been found riddled with... The post Critical Vulnerabilities Found in Popular Smart Locks appeared first on Penetration Testing.

article thumbnail

Capita Reports a Yearly Loss of about £106M Due to Cyberattack

Heimadal Security

Capita, a British outsource company has reported a staggering annual loss of more than £106 million, significantly attributed to a ransomware attack by the Black Basta group last March. The hack was directly responsible for nearly a fourth of these losses, costing the corporation £25.3 million in related expenditures, according to the company’s annual report.

article thumbnail

Urgent Warning: Balada Injector Malware Targets Popular WordPress Plugin

Penetration Testing

A new malware campaign is spreading rapidly, exploiting an unpatched security hole in the popular Popup Builder WordPress plugin. If you use Popup Builder to create popups on your website and haven’t updated to... The post Urgent Warning: Balada Injector Malware Targets Popular WordPress Plugin appeared first on Penetration Testing.

Malware 97
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.