Fri.Nov 08, 2024

article thumbnail

AI Industry is Trying to Subvert the Definition of “Open Source AI”

Schneier on Security

The Open Source Initiative has published (news article here ) its definition of “open source AI,” and it’s terrible. It allows for secret training data and mechanisms. It allows for development to be done in secret. Since for a neural network, the training data is the source code—it’s how the model gets programmed—the definition makes no sense.

article thumbnail

Weekly Update 425

Troy Hunt

This was a much longer than usual update, largely due to the amount of time spent discussing the Earth 2 incident. As I said in the video (many times!), the amount of attention this has garnered from both Earth 2 users and the company itself is incommensurate with the impact of the incident itself. It's a nothing-burger. Email addresses and usernames, that's it, and of course, their association with the service, which may lead to some very targeted spam or phishing attempts.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Top Vulnerability Management Tools: Reviews & Comparisons 2024

Tech Republic Security

Discover the best vulnerability management tools of 2024. Compare top solutions, explore features and benefits, and find expert reviews to guide your choice.

162
162
article thumbnail

Palo Alto Networks warns of potential RCE in PAN-OS management interface

Security Affairs

Palo Alto Networks warns customers to restrict access to their next-generation firewalls because of a potential RCE flaw in the PAN-OS management interface. Palo Alto Networks warns customers to limit access to their next-gen firewall management interface due to a potential remote code execution vulnerability in PAN-OS. The cybersecurity company has no further details on the vulnerability and said has yet to detect active exploitation. “Palo Alto Networks is aware of a claim of a remote co

Firewall 123
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

CVE-2024-10470 (CVSS 9.8) in Popular WordPress Theme Exposes Thousands of Sites

Penetration Testing

A critical vulnerability, tagged as CVE-2024-10470, has been identified in WPLMS, a WordPress premium theme widely used for online course management. Security researcher István Márton at Wordfence reported that this... The post CVE-2024-10470 (CVSS 9.8) in Popular WordPress Theme Exposes Thousands of Sites appeared first on Cybersecurity News.

article thumbnail

iPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock (AFU) state

Security Affairs

Law enforcement warns that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them harder to unlock, reported 404 Media. Law enforcement warns that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them much harder to unlock, per a document obtained by 404 Media. 404 Media obtained the document from a mobile forensics source and verified it with another source.

Media 127

More Trending

article thumbnail

Texas oilfield supplier Newpark Resources suffered a ransomware attack

Security Affairs

Texas oilfield supplier Newpark Resources suffered a ransomware attack that disrupted its information systems and business applications. Texas oilfield supplier Newpark Resources revealed that a ransomware attack on October 29 disrupted access to some of its information systems and business applications. The company immediately activated its cybersecurity response plan and launched an investigation into the incident with the help of external experts. “On October 29, 2024, the Company detec

article thumbnail

Malicious NPM Packages Target Roblox Users with Data-Stealing Malware

The Hacker News

A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and Blank-Grabber.

Malware 140
article thumbnail

Life on a crooked RedLine: Analyzing the infamous infostealer’s backend

We Live Security

Following the takedown of RedLine Stealer by international authorities, ESET researchers are publicly releasing their research into the infostealer’s backend modules

137
137
article thumbnail

Bitcoin Fog Founder Sentenced to 12 Years for Cryptocurrency Money Laundering

The Hacker News

The 36-year-old founder of the Bitcoin Fog cryptocurrency mixer has been sentenced to 12 years and six months in prison for facilitating money laundering activities between 2011 and 2021. Roman Sterlingov, a dual Russian-Swedish national, pleaded guilty to charges of money laundering and operating an unlicensed money-transmitting business earlier this March.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

The CISO Evolution: From Tactical Defender to Strategic Business Partner

Security Boulevard

The chief information security officer (CISO) role has changed dramatically from just a few short years ago. Once confined to technical security, CISOs have emerged as key strategic partners in the C-suite. The post The CISO Evolution: From Tactical Defender to Strategic Business Partner appeared first on Security Boulevard.

CISO 122
article thumbnail

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

The Hacker News

The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware.

Malware 137
article thumbnail

Hello again, FakeBat: popular loader returns after months-long hiatus

Malwarebytes

The web browser, and search engines in particular, continue to be a popular entry point to deliver malware to users. While we noted a decrease in loaders distributed via malvertising for the past 3 months, today’s example is a reminder that threat actors can quickly switch back to tried and tested methods. After months of absence, Fakebat (AKA Eugenloader, PaykLoader) showed up on our radar again via a malicious Google ad for the productivity application Notion.

Malware 125
article thumbnail

IcePeony and Transparent Tribe Target Indian Entities with Cloud-Based Tools

The Hacker News

High-profile entities in India have become the target of malicious campaigns orchestrated by the Pakistan-based Transparent Tribe threat actor and a previously unknown China-nexus cyber espionage group dubbed IcePeony.

Malware 126
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

TikTok ordered to close Canada offices following “national security review”

Malwarebytes

The Government of Canada ordered the TikTok Technology Canada Inc. to close its offices in the country following a national security review. This decision was made in accordance with the Investment Canada Act, which allows for the review of foreign investments that may be injurious to Canada’s national security. Canada’s Minister of Innovation, Science and Industry stated: “As a result of a multi-step national security review process, which involves rigorous scrutiny by Canada’s national securit

Media 137
article thumbnail

Steps Organizations Can Take to Improve Cyber Resilience

Security Boulevard

Cyber resilience is all about how well an organization can withstand attacks and operate successfully, even while navigating cybersecurity incidents. The post Steps Organizations Can Take to Improve Cyber Resilience appeared first on Security Boulevard.

article thumbnail

Webinar: Learn How Storytelling Can Make Cybersecurity Training Fun and Effective

The Hacker News

Let’s face it—traditional security training can feel as thrilling as reading the fine print on a software update. It’s routine, predictable, and, let’s be honest, often forgotten the moment it's over. Now, imagine cybersecurity training that’s as unforgettable as your favorite show. Remember how "Hamilton" made history come alive, or how "The Office" taught us CPR (Staying Alive beat, anyone?)?

article thumbnail

Tips to Master Cybersecurity AI Prompt Engineering

Security Boulevard

The post Tips to Master Cybersecurity AI Prompt Engineering appeared first on AI-enhanced Security Automation. The post Tips to Master Cybersecurity AI Prompt Engineering appeared first on Security Boulevard.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

The vCISO Academy: Transforming MSPs and MSSPs into Cybersecurity Powerhouses

The Hacker News

We’ve all heard a million times: growing demand for robust cybersecurity in the face of rising cyber threats is undeniable. Globally small and medium-sized businesses (SMBs) are increasingly targeted by cyberattacks but often lack the resources for full-time Chief Information Security Officers (CISOs).

CISO 118
article thumbnail

Windows 11 editions explained: Versions, SKUs, and Home vs. Pro

Zero Day

When you buy a new PC, you typically have a choice of only two Windows editions. But other specialized editions are available, and you might stumble across one of them if you look in the right places. Here's what you need to know.

111
111
article thumbnail

Palo Alto Networks warns of potential RCE in PAN-OS management interface

Security Affairs

Palo Alto Networks warns customers to restrict access to their next-generation firewalls because of a potential RCE flaw in the PAN-OS management interface. Palo Alto Networks warns customers to limit access to their next-gen firewall management interface due to a potential remote code execution vulnerability in PAN-OS. The cybersecurity company has no further details on the vulnerability and said has yet to detect active exploitation. “Palo Alto Networks is aware of a claim of a remote co

Firewall 104
article thumbnail

How to use AirPods Pro 2 as hearing aids - and protect your hearing with them, too

Zero Day

The latest AirPods Pro come with several features to help care for your hearing. Here's how to use them.

111
111
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Google To Make MFA Mandatory for Google Cloud in 2025

Heimadal Security

Google has recently announced that it plans to implement mandatory multi-factor authentication (MFA) on all Cloud accounts by the end of 2025. Google argues that MFA strengthens security without sacrificing a smooth and convenient online experience. It is reported that 70% of Google users enabled this feature already and security consultants urge the remaining 30% […] The post Google To Make MFA Mandatory for Google Cloud in 2025 appeared first on Heimdal Security Blog.

article thumbnail

How to manage Bluesky, Mastodon, and Threads all from one free app

Zero Day

Openvibe simplifies social media management with unified timelines, cross-posting, and customizable feeds for easier navigation of the digital landscape. Here's why you should try it.

Media 107
article thumbnail

Clearing the Clutter: Simplifying Security Operations with Tool Consolidation

Security Boulevard

The post Clearing the Clutter: Simplifying Security Operations with Tool Consolidation appeared first on Votiro. The post Clearing the Clutter: Simplifying Security Operations with Tool Consolidation appeared first on Security Boulevard.

85
article thumbnail

Google's new AI tool could be your new favorite learning aid - and it's free

Zero Day

Part AI chatbot, part search engine, Google's experimental 'Learn About' tool is personalized to your learning needs. How to try it.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Threat Actors Hijack Windows Systems Using the New SteelFox Malware

Heimadal Security

A new malware named ‘SteelFox’ is actively used by threat actors to mine cryptocurrency and steal credit card data. The malware leverages the BYOVD (Bring Your Own Vulnerable Device) technique to obtain SYSTEM privileged on Windows machines. SteelFox is distributed through forums and torrent trackers as a crack tool that activates legitimate versions of various […] The post Threat Actors Hijack Windows Systems Using the New SteelFox Malware appeared first on Heimdal Security Blog.

Malware 77
article thumbnail

These 4 AI tools boost my productivity at work - and most are free

Zero Day

I've tested a lot of AI tools for work. These are the four I use almost daily to get more done - faster.

104
104
article thumbnail

AI Industry is Trying to Subvert the Definition of “Open Source AI”

Security Boulevard

The Open Source Initiative has published (news article here ) its definition of “open source AI,” and it’s terrible. It allows for secret training data and mechanisms. It allows for development to be done in secret. Since for a neural network, the training data is the source code—it’s how the model gets programmed—the definition makes no sense. And it’s confusing; most “open source” AI models—like LLAMA—are open source in name only.

article thumbnail

Ready to ditch Google Drive? Here are the 5 best alternatives to check out

Zero Day

Which storage alternative is right for you? These five do a great job of filling the void if you leave Google's service.

104
104
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.