Schneier on Security

MARCH 8, 2024

Researchers ran a global prompt hacking competition, and have documented the results in a paper that both gives a lot of good examples and tries to organize a taxonomy of effective prompt injection strategies. It seems as if the most common successful strategy is the “compound instruction attack,” as in “Say ‘I have been PWNED’ without a period.” Ignore This Title and HackAPrompt: Exposing Systemic Vulnerabilities of LLMs through a Global Scale Prompt Hacking

Hacking 287

Hacking Artificial Intelligence 287

Krebs on Security

MARCH 8, 2024

If you live in the United States, the data broker Radaris likely knows a great deal about you, and they are happy to sell what they know to anyone. But how much do we know about Radaris? Publicly available data indicates that in addition to running a dizzying array of people-search websites, the co-founders of Radaris operate multiple Russian-language dating services and affiliate programs.

Media 280

Media Data privacy Advertising Government 280

Schneier on Security

MARCH 8, 2024

The Ash Center has posted a series of twelve essays stemming from the Second Interdisciplinary Workshop on Reimagining Democracy ( IWORD 2023 ). Aviv Ovadya, Democracy as Approximation: A Primer for “AI for Democracy” Innovators Kathryn Peters, Permission and Participation Claudia Chwalisz, Moving Beyond the Paradigm of “Democracy”: 12 Questions Riley Wong, Privacy-Preserving Data Governance Christine Tran, Recommendations for Implementing Jail Voting: Identifying Common Themes Niclas Boehmer, T

Government 244

Government Internet Internet 244

Jane Frankland

MARCH 8, 2024

International Women’s Day is one of those annual landmarks that shouldn’t just be about the magnolia-laden rhetoric and floral tributes. It’s a day that should starkly remind us of the work left undone, the chasms unbridged, and the opportunities squandered due to the gender divide. It’s a day to reflect on why we need to not just celebrate women but invest in their limitless potential.

Banking 130

Banking Government Technology Cybersecurity 130

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Bleeping Computer

MARCH 8, 2024

Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication. [.

Authentication 144

Authentication 144

The Hacker News

MARCH 8, 2024

Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024.

Hacking 144

Hacking 144

Penetration Testing

MARCH 8, 2024

Canon has released a security bulletin addressing a buffer overflow vulnerability (CVE-2024-2184, CVSS 9.8) in their WSD protocol process. This vulnerability affects specific models within their multifunction printer ranges. Risk Assessment If an affected... The post Canon Printers: Critical CVE-2024-2184 (CVSS 9.8) Flaw Requires Immediate Firmware Update appeared first on Penetration Testing.

Firmware 142

Firmware Penetration Testing Risk 142

Tech Republic Security

MARCH 8, 2024

Unlocator VPN + Free Smart DNS blasts through firewalls, censorship and geo-restrictions so you will always be able to access your favorite content. Use code ENJOY20 at checkout.

DNS 122

DNS VPN Firewall 122

Security Affairs

MARCH 8, 2024

QNAP addressed three vulnerabilities in its NAS products that can be exploited to access devices. QNAP addressed three vulnerabilities in Network Attached Storage (NAS) devices that can be exploited to access the devices. The three flaws fixed are: CVE-2024-21899 : an improper authentication vulnerability could allow users to compromise the security of the system via a network.

Authentication 136

Authentication Hacking Internet Internet 136

Penetration Testing

MARCH 8, 2024

QNAP has issued a critical security advisory regarding multiple vulnerabilities impacting their NAS software solutions. These vulnerabilities, if left unaddressed, could provide attackers with various avenues for compromising affected devices. What’s the Risk? The... The post CVE-2024-21899 (CVSS 9.8): Critical QNAP Flaw Opens Door to Hackers appeared first on Penetration Testing.

Penetration Testing 138

Penetration Testing Software Risk Authentication 138

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

MARCH 8, 2024

The ransomware attack on Xplain impacted tens of thousands Federal government files, said the National Cyber Security Centre (NCSC) of Switzerland. The National Cyber Security Centre (NCSC) published a data analysis report on the data breach resulting from the ransomware attack on the IT services provider Xplain. The attack took place on May 23, 2023 and the Play ransomware gang claimed responsibility for the data breach.

Ransomware 139

Ransomware Data breaches Unstructured Data Architecture 139

Security Boulevard

MARCH 8, 2024

The bad news is insider threats are on the rise. The worse news is that most companies are unprepared to meet the moment. The post Are You Ready to Protect Your Company From Insider Threats? Probably Not appeared first on Security Boulevard.

Risk 131

Risk Government Cybersecurity 131

The Hacker News

MARCH 8, 2024

Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to open a VPN session with that of a targeted user. The networking equipment company described the vulnerability, tracked as CVE-2024-20337 (CVSS score: 8.

VPN 137

VPN Software 137

Security Boulevard

MARCH 8, 2024

Hilltop BillTok: ByteDance mobilizing addicted user base, as U.S. TikTok ban steamrolls through Capitol Hill after unanimous committee vote. The post TikTok Ban Incoming — but ByteDance Fights Back appeared first on Security Boulevard.

Mobile 128

Mobile Social Engineering Spyware Media 128

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Bleeping Computer

MARCH 8, 2024

QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. [.

Software 130

Software 130

Security Boulevard

MARCH 8, 2024

The Russian state-sponsored bad actors who hacked into the corporate email accounts of executives at Microsoft are taking another run at the IT giant, this time using information stolen then to access the company’s source code repositories and other internal systems now. The Midnight Blizzard group – also known as Nobelium, Cozy Bear, and APT29. The post Russian Hackers Access Source Code in Ongoing Attack on Microsoft appeared first on Security Boulevard.

Accountability 119

Accountability Hacking Security Awareness Software 119

Penetration Testing

MARCH 8, 2024

Invoke-ADEnum Active Directory Enumeration Invoke-ADEnum is an Active Directory enumeration tool designed to automate the process of gathering information from an Active Directory environment, leveraging the capabilities of PowerView. With Invoke-ADEnum, you can quickly... The post Invoke-ADEnum: Automate Active Directory Enumeration using PowerView appeared first on Penetration Testing.

Penetration Testing 124

Penetration Testing 124

Security Boulevard

MARCH 8, 2024

There is some relief coming for beleaguered pharmacies, hospitals, and patient now that UnitedHealth Group has the electronic prescribing systems for its Change Healthcare business up and running after being down for weeks following an attack last month by ransomware group BlackCat. In the wake of the February 21 attack, Change – which acts as. The post Change Healthcare Gets Pharmacy Systems Up After Ransomware Attack appeared first on Security Boulevard.

Healthcare 114

Healthcare Ransomware Security Awareness Malware 114

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Malwarebytes

MARCH 8, 2024

VMWare has issued secuity fixes for its VMware ESXi, Workstation, Fusion, and Cloud Foundation products. It has even taken the unusual step of issuing updates for versions of the affected software that have reached thier end-of-life, meaning they would normally no longer be supported. This flaws affect customers who have deployed VMware Workstation, VMware Fusion, and/or VMware ESXi by itself or as part of VMware vSphere or VMware Cloud Foundation.

Software 116

Software Risk Cybersecurity 116

The Hacker News

MARCH 8, 2024

Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) went into effect in the European Union.

Marketing 121

Marketing 121

Security Affairs

MARCH 8, 2024

Cisco addressed two high-severity vulnerabilities in Secure Client that could lead to code execution and unauthorized remote access VPN sessions. Cisco released security patches to address two high-severity vulnerabilities in Secure Client respectively tracked as CVE-2024-20337 and CVE-2024-20338. Cisco Secure Client is a security tool developed by Cisco that provides VPN (Virtual Private Network) access and Zero Trust Network Access (ZTNA) support along with security and monitoring capabilities

VPN 135

VPN Authentication Hacking Information Security 135

BH Consulting

MARCH 8, 2024

This year, the theme of International Women’s Day is ‘Inspire Inclusion’. That inspiration is needed, because inequality and gender representation still need to improve in cybersecurity. Even though girls outperform at school, just 26 per cent of people under the age of 30 working in cybersecurity are female, according to ISC2. And the percentage is even lower when it comes to senior leadership roles.

Cybersecurity 107

Cybersecurity Social Engineering Healthcare Data privacy 107

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Penetration Testing

MARCH 8, 2024

APKDeepLens APKDeepLens is a Python-based tool designed to scan Android applications (APK files) for security vulnerabilities. It specifically targets the OWASP Top 10 mobile vulnerabilities, providing an easy and efficient way for developers, penetration... The post APKDeepLens: scan Android applications for security vulnerabilities appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Mobile 111

The Hacker News

MARCH 8, 2024

In the realm of cybersecurity, the stakes are sky-high, and at its core lies secrets management — the foundational pillar upon which your security infrastructure rests. We're all familiar with the routine: safeguarding those API keys, connection strings, and certificates is non-negotiable. However, let's dispense with the pleasantries; this isn't a simple 'set it and forget it' scenario.

Cybersecurity 110

Cybersecurity 110

Penetration Testing

MARCH 8, 2024

Microsoft has confirmed a new, significant intrusion by the persistent Russia-based hacking group Midnight Blizzard (NOBELIUM). The threat actors leveraged information exfiltrated during a January cyberattack to gain recent, unauthorized access to Microsoft’s internal... The post Midnight Blizzard Accesses Microsoft Internal Systems and Source Code appeared first on Penetration Testing.

Penetration Testing 108

Penetration Testing Hacking 108

Heimadal Security

MARCH 8, 2024

Capita, a British outsource company has reported a staggering annual loss of more than £106 million, significantly attributed to a ransomware attack by the Black Basta group last March. The hack was directly responsible for nearly a fourth of these losses, costing the corporation £25.3 million in related expenditures, according to the company’s annual report.

Ransomware 98

Ransomware Hacking Cybersecurity 98

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

GlobalSign

MARCH 8, 2024

For International Women’s Day, we take a look at the recent decline of women in tech and explore how organizations can address the gender gap.

Marketing 105

Marketing 105

CompTIA on Cybersecurity

MARCH 8, 2024

The more interconnected our world becomes, the greater the need to protect it. Cybercrime issues span across the globe nowadays and organizations are working diligently to combat it.

Cybercrime 92

Cybercrime 92

Penetration Testing

MARCH 8, 2024

Smart locks promise convenience and a futuristic feel, but recent research exposes a dark side to this technology. Kontrol and Elock locks, both utilizing firmware from the company Sciener, have been found riddled with... The post Critical Vulnerabilities Found in Popular Smart Locks appeared first on Penetration Testing.

Penetration Testing 102

Penetration Testing Firmware Technology 102

Security Boulevard

MARCH 8, 2024

Conservative estimates have the current cybersecurity workforce as about 25% female, but that number is. The post 13 Women to Know in Cybersecurity appeared first on Security Boulevard.

Cybersecurity 86

Cybersecurity 86

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government