Fri.Nov 08, 2024

article thumbnail

AI Industry is Trying to Subvert the Definition of “Open Source AI”

Schneier on Security

The Open Source Initiative has published (news article here ) its definition of “open source AI,” and it’s terrible. It allows for secret training data and mechanisms. It allows for development to be done in secret. Since for a neural network, the training data is the source code—it’s how the model gets programmed—the definition makes no sense.

article thumbnail

Weekly Update 425

Troy Hunt

This was a much longer than usual update, largely due to the amount of time spent discussing the Earth 2 incident. As I said in the video (many times!), the amount of attention this has garnered from both Earth 2 users and the company itself is incommensurate with the impact of the incident itself. It's a nothing-burger. Email addresses and usernames, that's it, and of course, their association with the service, which may lead to some very targeted spam or phishing attempts.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

CVE-2024-10470 (CVSS 9.8) in Popular WordPress Theme Exposes Thousands of Sites

Penetration Testing

A critical vulnerability, tagged as CVE-2024-10470, has been identified in WPLMS, a WordPress premium theme widely used for online course management. Security researcher István Márton at Wordfence reported that this... The post CVE-2024-10470 (CVSS 9.8) in Popular WordPress Theme Exposes Thousands of Sites appeared first on Cybersecurity News.

article thumbnail

Top Vulnerability Management Tools: Reviews & Comparisons 2024

Tech Republic Security

Discover the best vulnerability management tools of 2024. Compare top solutions, explore features and benefits, and find expert reviews to guide your choice.

128
128
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns

The Hacker News

Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potential remote code execution vulnerability. "Palo Alto Networks is aware of a claim of a remote code execution vulnerability via the PAN-OS management interface," the company said.

117
117
article thumbnail

The CISO Evolution: From Tactical Defender to Strategic Business Partner

Security Boulevard

The chief information security officer (CISO) role has changed dramatically from just a few short years ago. Once confined to technical security, CISOs have emerged as key strategic partners in the C-suite. The post The CISO Evolution: From Tactical Defender to Strategic Business Partner appeared first on Security Boulevard.

CISO 119

More Trending

article thumbnail

Windows 11 editions explained: Versions, SKUs, and Home vs. Pro

Zero Day

When you buy a new PC, you typically have a choice of only two Windows editions. But other specialized editions are available, and you might stumble across one of them if you look in the right places. Here's what you need to know.

111
111
article thumbnail

Malicious NPM Packages Target Roblox Users with Data-Stealing Malware

The Hacker News

A new campaign has targeted the npm package repository with malicious JavaScript libraries that are designed to infect Roblox users with open-source stealer malware such as Skuld and Blank-Grabber.

Malware 107
article thumbnail

Steps Organizations Can Take to Improve Cyber Resilience

Security Boulevard

Cyber resilience is all about how well an organization can withstand attacks and operate successfully, even while navigating cybersecurity incidents. The post Steps Organizations Can Take to Improve Cyber Resilience appeared first on Security Boulevard.

article thumbnail

Texas oilfield supplier Newpark Resources suffered a ransomware attack

Security Affairs

Texas oilfield supplier Newpark Resources suffered a ransomware attack that disrupted its information systems and business applications. Texas oilfield supplier Newpark Resources revealed that a ransomware attack on October 29 disrupted access to some of its information systems and business applications. The company immediately activated its cybersecurity response plan and launched an investigation into the incident with the help of external experts. “On October 29, 2024, the Company detec

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

IcePeony and Transparent Tribe Target Indian Entities with Cloud-Based Tools

The Hacker News

High-profile entities in India have become the target of malicious campaigns orchestrated by the Pakistan-based Transparent Tribe threat actor and a previously unknown China-nexus cyber espionage group dubbed IcePeony.

Malware 97
article thumbnail

iPhones in a law enforcement forensics lab mysteriously rebooted losing their After First Unlock (AFU) state

Security Affairs

Law enforcement warns that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them harder to unlock, reported 404 Media. Law enforcement warns that securely stored iPhones awaiting forensic examination are mysteriously rebooting, making them much harder to unlock, per a document obtained by 404 Media. 404 Media obtained the document from a mobile forensics source and verified it with another source.

Media 112
article thumbnail

Tips to Master Cybersecurity AI Prompt Engineering

Security Boulevard

The post Tips to Master Cybersecurity AI Prompt Engineering appeared first on AI-enhanced Security Automation. The post Tips to Master Cybersecurity AI Prompt Engineering appeared first on Security Boulevard.

article thumbnail

Bitcoin Fog Founder Sentenced to 12 Years for Cryptocurrency Money Laundering

The Hacker News

The 36-year-old founder of the Bitcoin Fog cryptocurrency mixer has been sentenced to 12 years and six months in prison for facilitating money laundering activities between 2011 and 2021. Roman Sterlingov, a dual Russian-Swedish national, pleaded guilty to charges of money laundering and operating an unlicensed money-transmitting business earlier this March.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

MacBook Pro vs. MacBook Air: How to decide which Apple laptop is best for you

Zero Day

Are you considering a new MacBook but unsure about all the differences between the Pro and Air models? Here's how to determine which device is the best fit for you.

98
article thumbnail

Life on a crooked RedLine: Analyzing the infamous infostealer’s backend

We Live Security

Following the takedown of RedLine Stealer by international authorities, ESET researchers are publicly releasing their research into the infostealer’s backend modules

93
article thumbnail

Palo Alto Networks warns of potential RCE in PAN-OS management interface

Security Affairs

Palo Alto Networks warns customers to restrict access to their next-generation firewalls because of a potential RCE flaw in the PAN-OS management interface. Palo Alto Networks warns customers to limit access to their next-gen firewall management interface due to a potential remote code execution vulnerability in PAN-OS. The cybersecurity company has no further details on the vulnerability and said has yet to detect active exploitation. “Palo Alto Networks is aware of a claim of a remote co

Firewall 107
article thumbnail

How to manage Bluesky, Mastodon, and Threads all from one free app

Zero Day

Openvibe simplifies social media management with unified timelines, cross-posting, and customizable feeds for easier navigation of the digital landscape. Here's why you should try it.

Media 128
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

The vCISO Academy: Transforming MSPs and MSSPs into Cybersecurity Powerhouses

The Hacker News

We’ve all heard a million times: growing demand for robust cybersecurity in the face of rising cyber threats is undeniable. Globally small and medium-sized businesses (SMBs) are increasingly targeted by cyberattacks but often lack the resources for full-time Chief Information Security Officers (CISOs).

CISO 90
article thumbnail

TikTok ordered to close Canada offices following “national security review”

Malwarebytes

The Government of Canada ordered the TikTok Technology Canada Inc. to close its offices in the country following a national security review. This decision was made in accordance with the Investment Canada Act, which allows for the review of foreign investments that may be injurious to Canada’s national security. Canada’s Minister of Innovation, Science and Industry stated: “As a result of a multi-step national security review process, which involves rigorous scrutiny by Canada’s national securit

Media 87
article thumbnail

Webinar: Learn How Storytelling Can Make Cybersecurity Training Fun and Effective

The Hacker News

Let’s face it—traditional security training can feel as thrilling as reading the fine print on a software update. It’s routine, predictable, and, let’s be honest, often forgotten the moment it's over. Now, imagine cybersecurity training that’s as unforgettable as your favorite show. Remember how "Hamilton" made history come alive, or how "The Office" taught us CPR (Staying Alive beat, anyone?)?

article thumbnail

One of the best display laptops I've tested isn't a MacBook Pro or Dell XPS

Zero Day

Samsung's Galaxy Book5 Pro 360 is a convertible laptop that excels in supporting creative endeavors thanks to its speedy 3K touchscreen and top-notch hardware.

99
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

QSC: A multi-plugin framework used by CloudComputating group in cyberespionage campaigns

SecureList

Introduction In 2021, we began to investigate an attack on the telecom industry in South Asia. During the investigation, we discovered QSC: a multi-plugin malware framework that loads and runs plugins (modules) in memory. The framework includes a Loader, a Core module, a Network module, a Command Shell module and a File Manager module. It is dropped either as a standalone executable or as a payload file along with a loader DLL.

article thumbnail

Google's new AI tool could be your new favorite learning aid - and it's free

Zero Day

Part AI chatbot, part search engine, Google's experimental 'Learn About' tool is personalized to your learning needs. How to try it.

article thumbnail

Hello again, FakeBat: popular loader returns after months-long hiatus

Malwarebytes

The web browser, and search engines in particular, continue to be a popular entry point to deliver malware to users. While we noted a decrease in loaders distributed via malvertising for the past 3 months, today’s example is a reminder that threat actors can quickly switch back to tried and tested methods. After months of absence, Fakebat (AKA Eugenloader, PaykLoader) showed up on our radar again via a malicious Google ad for the productivity application Notion.

Malware 78
article thumbnail

How to use AirPods Pro 2 as hearing aids - and protect your hearing with them, too

Zero Day

The latest AirPods Pro come with several features to help care for your hearing. Here's how to use them.

110
110
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

Threat Actors Hijack Windows Systems Using the New SteelFox Malware

Heimadal Security

A new malware named ‘SteelFox’ is actively used by threat actors to mine cryptocurrency and steal credit card data. The malware leverages the BYOVD (Bring Your Own Vulnerable Device) technique to obtain SYSTEM privileged on Windows machines. SteelFox is distributed through forums and torrent trackers as a crack tool that activates legitimate versions of various […] The post Threat Actors Hijack Windows Systems Using the New SteelFox Malware appeared first on Heimdal Security Blog.

Malware 77
article thumbnail

Cash App user have a few days left to claim up to a $2,500 settlement payout

Zero Day

If you experienced losses from Cash App's data breaches, you can get some money back as part of a $15 million class action settlement - if you act fast. Here's how.

article thumbnail

Google To Make MFA Mandatory for Google Cloud in 2025

Heimadal Security

Google has recently announced that it plans to implement mandatory multi-factor authentication (MFA) on all Cloud accounts by the end of 2025. Google argues that MFA strengthens security without sacrificing a smooth and convenient online experience. It is reported that 70% of Google users enabled this feature already and security consultants urge the remaining 30% […] The post Google To Make MFA Mandatory for Google Cloud in 2025 appeared first on Heimdal Security Blog.

article thumbnail

One of the best laptops I've tested for work and play isn't made by Apple or Dell

Zero Day

Samsung's Galaxy Book5 Pro 360 is a convertible laptop that excels in supporting creative endeavors thanks to its speedy 3K touchscreen and top-notch hardware.

85
article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.