Schneier on Security

JUNE 11, 2024

New research: “ Deception abilities emerged in large language models “: Abstract: Large language models (LLMs) are currently at the forefront of intertwining AI systems with human communication and everyday life. Thus, aligning them with human values is of great importance. However, given the steady increase in reasoning abilities, future LLMs are under suspicion of becoming able to deceive human operators and utilizing this ability to bypass monitoring efforts.

Artificial Intelligence 294

Artificial Intelligence 294

Krebs on Security

JUNE 11, 2024

Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows users. The software giant also responded to a torrent of negative feedback on a new feature of Redmond’s flagship operating system that constantly takes screenshots of whatever users are doing on their computers, saying the feature would no longer be enabled by default.

Internet 238

Internet Internet Software Malware 238

The Last Watchdog

JUNE 11, 2024

Companies that need to protect assets spread across hybrid cloud infrastructure face a huge challenge trying to mix and match disparate security tools. Related: Cyber help for hire Why not seek help from a specialist? At RSAC 2024 , I visited with Geoff Haydon , CEO, and Alex Berger , Head of Product Marketing, at Ontinue , a new player in the nascent Managed Extended Detection and Response ( MXDR ) space.

Antivirus 130

Antivirus Threat Detection Firewall Marketing 130

Tech Republic Security

JUNE 11, 2024

Direct revenue loss is the biggest drain from downtime, but other hidden costs include diminished shareholder value, stagnant productivity and reputational damage.

Digital transformation 161

Digital transformation Phishing Software Malware 161

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Bleeping Computer

JUNE 11, 2024

The Dutch Military Intelligence and Security Service (MIVD) warned today that the impact of a Chinese cyber-espionage campaign unveiled earlier this year is "much larger than previously known." [.

141

141

PCI perspectives

JUNE 11, 2024

To address stakeholder feedback and questions received since PCI DSS v4.0 was published in March 2022, the PCI Security Standards Council (PCI SSC) has published a limited revision to the standard, PCI DSS v4.0.1. It includes corrections to formatting and typographical errors and clarifies the focus and intent of some of the requirements and guidance.

133

133

Tech Republic Security

JUNE 11, 2024

Learn how to use 1Password to securely store and manage your passwords. This step-by-step guide will help you get started.

Passwords 138

Passwords Password Management 138

IT Security Guru

JUNE 11, 2024

Artificial Intelligence (AI) is highly innovative but also poses significant risks to all organisations, as shown by the recent high profile hacks at Ticketmaster, Santander and the NHS. This article will delve into how AI can be manipulated by cyber attackers for scams, particularly ones that affect businesses. The latest threats from AI you should be concerned about The NCSC recognised that AI will play as a contributing factor to how cyber-attacks operate, and said ‘AI provides capability upl

Cyber Attacks 124

Cyber Attacks Scams Artificial Intelligence Social Engineering 124

The Hacker News

JUNE 11, 2024

Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month.

125

125

IT Security Guru

JUNE 11, 2024

The cybersecurity sector is stretched thinner than ever. Budgets are low, attack rates are high, and staff are stressed. A study from 2022 found that one-third of cybersecurity professionals said they were considering leaving their role in the next two years due to stress and burnout. Alert fatigue significantly contributes to staff burnout at Security Operations Centers (SOC).

Antivirus 122

Antivirus Firewall Technology Cyber threats 122

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Hacker News

JUNE 11, 2024

Cybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting Domain Name System (DNS) on a global scale since at least June 2023. The adversary, according to Infoblox security researchers Dr. Renée Burton and Dave Mitchell, operates from the China Education and Research Network (CERNET), a project funded by the Chinese government.

DNS 124

DNS Education Government Cybersecurity 124

Security Affairs

JUNE 11, 2024

Semiconductor and software design company Arm warns of an actively exploited zero-day vulnerability in Mali GPU Kernel Driver. Arm is warning of an actively exploited zero-day vulnerability, tracked as CVE-2024-4610, in Mali GPU Kernel Driver. The vulnerability is a use-after-free issue issue that impacts Bifrost GPU Kernel Driver (all versions from r34p0 to r40p0) and Valhall GPU Kernel Driver (all versions from r34p0 to r40p0). “A local non-privileged user can make improper GPU memory pr

Hacking 134

Hacking Software Information Security 134

IT Security Guru

JUNE 11, 2024

Entering the world of crypto trading is easy, but if you have plans to stay there on a long-term basis then you have to acknowledge all the ups and downs of it. This constant fluctuation won’t stop but what you can do to manage it? To your knowledge, this fluctuation can also make it extremely difficult for you to make a wise decision at the right time.

Accountability 118

Accountability Education Marketing Authentication 118

The Hacker News

JUNE 11, 2024

Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced security architecture ever deployed for cloud AI compute at scale.

Artificial Intelligence 119

Artificial Intelligence Architecture 119

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

IT Security Guru

JUNE 11, 2024

Advancements in Artificial Intelligence (AI) and Machine Learning (ML) have lowered the barrier of entry for non-security users to independently develop and manage their own data products, which when decentralised to enable separate cross domain data analysis is known as ‘data mesh’. As enterprises are typically built on both structured and unstructured data, if the models these users add unstructured data to aren’t trained and governed properly, the users risk compromising desired outcom

Unstructured Data 115

Unstructured Data Government Cloud Migration Artificial Intelligence 115

Bleeping Computer

JUNE 11, 2024

Pure Storage, a leading provider of cloud storage systems and services, confirmed on Monday that attackers breached its Snowflake workspace and gained access to what the company describes as telemetry information [.

Data breaches 115

Data breaches Accountability Hacking 115

Security Affairs

JUNE 11, 2024

Microsoft Patch Tuesday security updates for June 2024 addressed 49 vulnerabilities, only one of them is a publicly disclosed zero-day flaw. Microsoft Patch Tuesday security updates for June 2024 addressed 49 vulnerabilities in Windows and Windows Components; Office and Office Components; Azure; Dynamics Business Central; and Visual Studio. Eight of these bugs were reported through the ZDI program.

DNS 124

DNS Hacking Information Security 124

Bleeping Computer

JUNE 11, 2024

The City of Cleveland, Ohio, is currently dealing with a cyberattack that has forced it to take citizen-facing services offline, including the public offices and facilities at Erieview and the City Hall. [.

Government 109

Government 109

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Boulevard

JUNE 11, 2024

The post Patch Tuesday Update - June 2024 appeared first on Digital Defense. The post Patch Tuesday Update – June 2024 appeared first on Security Boulevard.

111

111

Security Affairs

JUNE 11, 2024

A proof-of-concept (PoC) exploit code for a Veeam Backup Enterprise Manager authentication bypass flaw CVE-2024-29849 is publicly available. Researcher Sina Kheirkha analyzed the Veeam Backup Enterprise Manager authentication bypass flaw CVE-2024-29849 and a proof of concept exploit for this issue. The flaw CVE-2024-29849 is a critical vulnerability (CVSS score: 9.8) in Veeam Backup Enterprise Manager that could allow attackers to bypass authentication.

Backups 127

Backups Authentication Software Hacking 127

Security Boulevard

JUNE 11, 2024

Asset Discovery: A Must Have for Understanding Your Complete Attack Surface Asset Discovery, a.k.a. You Can’t Manage What You Can’t See Why Speed is Important to Asset Discovery In Summary Get a Demo Asset Discovery: A Must Have for Understanding Your Complete Attack Surface Justin Stouder, FireMon’s Asset Manager GM, met with a large financial services company a few years back, talking with the company’s CISO about their asset inventory.

CISO 105

CISO IoT Financial Services Data breaches 105

The Hacker News

JUNE 11, 2024

Cybersecurity researchers have uncovered an updated version of malware called ValleyRAT that's being distributed as part of a new campaign. "In the latest version, ValleyRAT introduced new commands, such as capturing screenshots, process filtering, forced shutdown, and clearing Windows event logs," Zscaler ThreatLabz researchers Muhammed Irfan V A and Manisha Ramcharan Prajapati said.

Malware 108

Malware Cybersecurity 108

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Bleeping Computer

JUNE 11, 2024

Microsoft has released the Windows Server 2022 KB5039227 and Windows Server 2019 KB5039217 cumulative updates with security fixes and fixes for a variety of bugs. [.

108

108

Malwarebytes

JUNE 11, 2024

“When things go wrong” is a troubling prospect for most couples to face, but the internet—and the way that romantic partners engage both with and across it—could require that this worst-case scenario become more of a best practice. In new research that Malwarebytes will release this month, romantic partners revealed that the degree to which they share passwords, locations, and devices with one another can invite mild annoyances—like having an ex mooch off a shared Netflix account—serious invasio

Accountability 106

Accountability Risk Passwords Technology 106

Cisco Security

JUNE 11, 2024

Securing industrial networks is top of mind. Cisco’s comprehensive OT security solution and unified IT/OT security platform is a Leader according to Forrester. Learn what makes Cisco stand apart in this market. Securing industrial networks is top of mind. Cisco’s comprehensive OT security solution and unified IT/OT security platform is a Leader according to Forrester.

Marketing 109

Marketing Firewall IoT Engineering 109

The Hacker News

JUNE 11, 2024

One of the most effective ways for information technology (IT) professionals to uncover a company’s weaknesses before the bad guys do is penetration testing.

Penetration Testing 108

Penetration Testing Data breaches Technology 108

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

SecureList

JUNE 11, 2024

Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech, have their weaknesses. This article touches on biometric scanner security from the red team’s perspective and uses the example of a popular hybrid terminal model to demonstrate approaches to scann

Firmware 99

Firmware Authentication Passwords Risk 99

The Hacker News

JUNE 11, 2024

Managed service providers (MSPs) are on the front lines of soaring demand for cybersecurity services as cyberattacks increase in volume and sophistication. Cynet has emerged as the security vendor of choice for MSPs to capitalize on existing relationships with SMB clients and profitably expand their client base.

Cybersecurity 101

Cybersecurity 101

Bleeping Computer

JUNE 11, 2024

JetBrains warned customers to patch a critical vulnerability that impacts users of its IntelliJ integrated development environment (IDE) apps and exposes GitHub access tokens. [.

95

95

SecureWorld News

JUNE 11, 2024

You probably already know that ransomware is a type of malicious software that encrypts a victim's data, demanding a ransom to restore access. It's a problem that's getting worse all the time, and its impact on healthcare is particularly concerning. Aside from the inconvenience created for everyone present when hospital systems go offline, the question we need to ask is whether ransomware can actually kill sick people.

Ransomware 82

Ransomware Computers and Electronics Healthcare Wireless 82

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government