Wed.Nov 01, 2023

article thumbnail

Artificial Intelligence: The Biggest Dangers Aren’t The Ones We Are Discussing (Part 1)

Joseph Steinberg

While many people seem to be discussing the dangers of Artificial Intelligence (AI) – many of these discussions seem to focus on, what I believe, are the wrong issues. I began my formal work with AI while a graduate student at NYU in the mid-1990s; the world of AI has obviously advanced quite a bit since that time period, but, many of the fundamental issues that those of us in the field began recognizing almost 3 decades ago not only remain un-addressed, but continue to pose increasingly l

article thumbnail

Amazon Web Services Launches Independent European Cloud as Calls for Data Sovereignty Grow

Tech Republic Security

The AWS Sovereign Cloud will be physically and logically separate from other AWS clouds and has been designed to comply with Europe's stringent data laws.

Big data 169
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Frameworks for DE-Friendly CTI (Part 5)

Anton on Security

This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. In this blog (#5 in the series), we will build a quick “framework-lite” for making CTI to DE flows better. Detection Engineering is Painful — and It Shouldn’t Be (Part 1) Detection Engineering and SOC Scalability Challenges (Part 2) Build for Detection Engineering, and Alerting Will Improve (Part 3) Focus Threat Intel Capabilities at Detection Engineering (

article thumbnail

Australian CEOs Struggling to Face Cyber Risk Realities

Tech Republic Security

Research has found 91% of CEOs view IT security as a technical function that's the CIO or CISO's problem, meaning IT leaders have more work to do to engage senior executives and boards.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Thales Wins Big in 2023

Thales Cloud Protection & Licensing

Thales Wins Big in 2023 madhav Thu, 11/02/2023 - 05:09 Here at Thales, we are incredibly proud of what we do. Protecting our customers from cybersecurity threats brings us immense satisfaction, and being recognized for our efforts is both humbling and validating. 2023 has been a particularly good year for us; keep reading for a run-through of our most recent successes.

Marketing 143
article thumbnail

Boeing Confirms Cyberattack, System Compromise

Dark Reading

The aerospace giant said it's alerting customers that its parts and distribution systems have been impacted by cyberattack.

142
142

More Trending

article thumbnail

Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748

Security Affairs

Experts warn that threat actors started exploiting the critical flaw CVE-2023-46747 in F5 BIG-IP installs less than five days after PoC exploit disclosure. F5 this week warned customers about a critical security vulnerability, tracked as CVE-2023-46747 (CVSS 9.8), that impacts BIG-IP and could result in unauthenticated remote code execution. The vulnerability resides in the configuration utility component, it was reported by Michael Weber and Thomas Hendrickson of Praetorian on October 4, 2023

article thumbnail

FIRST Announces CVSS 4.0 - New Vulnerability Scoring System

The Hacker News

The Forum of Incident Response and Security Teams (FIRST) has officially announced CVSS v4.0, the next generation of the Common Vulnerability Scoring System standard, more than eight years after the release of CVSS v3.0 in June 2015. "This latest version of CVSS 4.0 seeks to provide the highest fidelity of vulnerability assessment for both industry and the public," FIRST said in a statement.

131
131
article thumbnail

British Library suffers major outage due to cyberattack

Security Affairs

Last weekend, the British Library suffered a cyberattack that caused a major IT outage, impacting many of its services. The British Library is facing a major outage that impacts the website and many of its services following a cyber attack that took place on October 28. The British Library is the national library of the United Kingdom and one of the world’s largest libraries.

article thumbnail

Orca Security Taps Amazon for Generative AI Expertise

Security Boulevard

Orca Security is adding LLMs hosted on the AWS cloud to those from Microsoft and OpenAI to provide additional generative AI capabilities to cybersecurity teams. The post Orca Security Taps Amazon for Generative AI Expertise appeared first on Security Boulevard.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

CISA adds two F5 BIG-IP flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

US CISA added two vulnerabilities, tracked as CVE-2023-46747 and CVE-2023-46748, in BIG-IP to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerabilities CVE-2023-46747 and CVE-2023-46748 in BIG-IP to its Known Exploited Vulnerabilities catalog. CISA has the two new vulnerabilities to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation.

article thumbnail

New CVSS 4.0 vulnerability severity rating standard released

Bleeping Computer

The Forum of Incident Response and Security Teams (FIRST) has officially released CVSS v4.0, the next generation of its Common Vulnerability Scoring System standard, eight years after CVSS v3.0, the previous major version. [.

127
127
article thumbnail

Researchers Expose Prolific Puma's Underground Link Shortening Service

The Hacker News

A threat actor known as Prolific Puma has been maintaining a low profile and operating an underground link shortening service that's offered to other threat actors for at least over the past four years.

119
119
article thumbnail

3 Ways to Close the Cybersecurity Skills Gap — Now

Dark Reading

The future of the cybersecurity workforce will rely less on long-led legacy education models and more on skills-now training.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

HelloKitty Ransomware Group Exploiting Apache ActiveMQ Vulnerability

The Hacker News

Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote code execution.

article thumbnail

Smashing Security podcast #346: How hackers are breaching Booking.com, and the untrustworthy reviews

Graham Cluley

Workers wonder if their colleagues are actually AI, and we take a deeper look into the curious scams going on via Booking.com. All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Scams 112
article thumbnail

Turla Updates Kazuar Backdoor with Advanced Anti-Analysis to Evade Detection

The Hacker News

The Russia-linked hacking crew known as Turla has been observed using an updated version of a known second-stage backdoor referred to as Kazuar. The new findings come from Palo Alto Networks Unit 42, which is tracking the adversary under its constellation-themed moniker Pensive Ursa.

Hacking 113
article thumbnail

Mozi malware botnet goes dark after mysterious use of kill-switch

Bleeping Computer

Mozi malware botnet activity faded away in August after a mysterious unknown party sent a payload on September 27, 2023, that triggered a kill switch to deactivate all bots. [.

Malware 109
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Iranian Cyber Espionage Group Targets Financial and Government Sectors in Middle East

The Hacker News

A threat actor affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been observed waging a sophisticated cyber espionage campaign targeting financial, government, military, and telecommunications sectors in the Middle East for at least a year.

article thumbnail

Microsoft: Windows Copilot makes desktop icons jump between displays

Bleeping Computer

Microsoft says a new known issue is causing desktop icons to behave erratically on systems with multiple displays when using the Windows Copilot AI-powered digital assistant. [.

108
108
article thumbnail

SolarWinds and its CISO accused of misleading investors before major cyberattack

Malwarebytes

The Securities and Exchange Commission (SEC) has announced charges against software company SolarWinds Corporation and its chief information security officer (CISO), Timothy G. Brown, for “fraud and internal control failures relating to allegedly known cybersecurity risks and vulnerabilities.” In 2020, SolarWinds announced it had been hacked and that its compromised software channel was used to push out malicious updates onto 18,000 of its Orion platform customers.

CISO 104
article thumbnail

Meta faces EU ban on Facebook, Instagram targeted advertising

Bleeping Computer

The European Data Protection Board has extended the temporary ban on targeted advertising on Facebook and Instagram, imposed by the Norwegian Data Protection Authority (DPA) in July. [.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

The New Era of Social Media Looks as Bad for Privacy as the Last One

WIRED Threat Level

The slow-motion implosion of Elon Musk’s X has given rise to a slew of competitors, where privacy invasions that ran rampant over the past decade still largely persist.

Media 102
article thumbnail

Hands on Review: LayerX's Enterprise Browser Security Extension

The Hacker News

The browser has become the main work interface in modern enterprises. It’s where employees create and interact with data, and how they access organizational and external SaaS and web apps. As a result, the browser is extensively targeted by adversaries. They seek to steal the data it stores and use it for malicious access to organizational SaaS apps or the hosting machine.

102
102
article thumbnail

Atlassian Customers Should Patch Latest Critical Vuln Immediately

Dark Reading

Atlassian CISO warns Confluence Data Center and Server customers they're vulnerable to "significant data loss" if all on-premises versions aren't patched.

CISO 102
article thumbnail

News alert: AdviserCyber launches to help ‘RIAs’ meet SEC’s cybersecurity infrastructure rules

The Last Watchdog

Phoenix, Ariz. — Nov. 1, 2023 — AdviserCyber , a cybersecurity service provider for Registered Investment Advisers (RIAs) with $500M to $3B Assets Under Management (AUM) who must comply with the Securities and Exchange Commission (SEC) cybersecurity requirements, announced its formal launch today. In the last year alone, advisers and wealth managers in financial sectors have witnessed an 80% increase in cyber threats and intrusion activity, with investment advisers being particularly vulner

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

It's Cheap to Exploit Software — and That's a Major Security Problem

Dark Reading

The solution? Follow in the footsteps of companies that have raised the cost of exploitation.

article thumbnail

3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online

Bleeping Computer

Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution (RCE) vulnerability. [.

article thumbnail

Global AI Cybersecurity Agreement Signed At Turing's Bletchley Park

Dark Reading

Dozens of countries commit to collaborate on artificial intelligence cybersecurity, fittingly at the British home of the WWII codebreakers.

article thumbnail

Lockbit Targeted Boeing with Ransomware. Data Breach Under Investigation

Heimadal Security

On October 27th, Lockbit claimed to have breached Boeing and threatened to leak a massive amount of sensitive data. Three days later, the threat group removed the aircraft company`s name from the victim list. At first, hackers posted a message on their data leak site that said: Sensitive data was exfiltrated and ready to be […] The post Lockbit Targeted Boeing with Ransomware.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.