Tue.Jun 11, 2024

article thumbnail

LLMs Acting Deceptively

Schneier on Security

New research: “ Deception abilities emerged in large language models “: Abstract: Large language models (LLMs) are currently at the forefront of intertwining AI systems with human communication and everyday life. Thus, aligning them with human values is of great importance. However, given the steady increase in reasoning abilities, future LLMs are under suspicion of becoming able to deceive human operators and utilizing this ability to bypass monitoring efforts.

article thumbnail

Patch Tuesday, June 2024 “Recall” Edition

Krebs on Security

Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows users. The software giant also responded to a torrent of negative feedback on a new feature of Redmond’s flagship operating system that constantly takes screenshots of whatever users are doing on their computers, saying the feature would no longer be enabled by default.

Internet 254
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Downtime Costs World’s Largest Companies $400 Billion a Year, According to Splunk Report

Tech Republic Security

Direct revenue loss is the biggest drain from downtime, but other hidden costs include diminished shareholder value, stagnant productivity and reputational damage.

article thumbnail

Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability

The Hacker News

Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month.

143
143
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

How to Use 1Password: A Guide for Beginners

Tech Republic Security

Learn how to use 1Password to securely store and manage your passwords. This step-by-step guide will help you get started.

Passwords 157
article thumbnail

Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale

The Hacker News

Cybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting Domain Name System (DNS) on a global scale since at least June 2023. The adversary, according to Infoblox security researchers Dr. Renée Burton and Dave Mitchell, operates from the China Education and Research Network (CERNET), a project funded by the Chinese government.

DNS 143

More Trending

article thumbnail

Apple Integrates OpenAI's ChatGPT into Siri for iOS, iPadOS, and macOS

The Hacker News

Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced security architecture ever deployed for cloud AI compute at scale.

article thumbnail

Arm zero-day in Mali GPU Drivers actively exploited in the wild

Security Affairs

Semiconductor and software design company Arm warns of an actively exploited zero-day vulnerability in Mali GPU Kernel Driver. Arm is warning of an actively exploited zero-day vulnerability, tracked as CVE-2024-4610, in Mali GPU Kernel Driver. The vulnerability is a use-after-free issue issue that impacts Bifrost GPU Kernel Driver (all versions from r34p0 to r40p0) and Valhall GPU Kernel Driver (all versions from r34p0 to r40p0). “A local non-privileged user can make improper GPU memory pr

Hacking 139
article thumbnail

When things go wrong: A digital sharing warning for couples

Malwarebytes

“When things go wrong” is a troubling prospect for most couples to face, but the internet—and the way that romantic partners engage both with and across it—could require that this worst-case scenario become more of a best practice. In new research that Malwarebytes will release this month, romantic partners revealed that the degree to which they share passwords, locations, and devices with one another can invite mild annoyances—like having an ex mooch off a shared Netflix account—serious invasio

article thumbnail

Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. Patch it now!

Security Affairs

A proof-of-concept (PoC) exploit code for a Veeam Backup Enterprise Manager authentication bypass flaw CVE-2024-29849 is publicly available. Researcher Sina Kheirkha analyzed the Veeam Backup Enterprise Manager authentication bypass flaw CVE-2024-29849 and a proof of concept exploit for this issue. The flaw CVE-2024-29849 is a critical vulnerability (CVSS score: 9.8) in Veeam Backup Enterprise Manager that could allow attackers to bypass authentication.

Backups 138
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Is Your Business Under Attack From AI?

IT Security Guru

Artificial Intelligence (AI) is highly innovative but also poses significant risks to all organisations, as shown by the recent high profile hacks at Ticketmaster, Santander and the NHS. This article will delve into how AI can be manipulated by cyber attackers for scams, particularly ones that affect businesses. The latest threats from AI you should be concerned about The NCSC recognised that AI will play as a contributing factor to how cyber-attacks operate, and said ‘AI provides capability upl

article thumbnail

Top 10 Critical Pentest Findings 2024: What You Need to Know

The Hacker News

One of the most effective ways for information technology (IT) professionals to uncover a company’s weaknesses before the bad guys do is penetration testing.

article thumbnail

Just Published: PCI DSS v4.0.1

PCI perspectives

To address stakeholder feedback and questions received since PCI DSS v4.0 was published in March 2022, the PCI Security Standards Council (PCI SSC) has published a limited revision to the standard, PCI DSS v4.0.1. It includes corrections to formatting and typographical errors and clarifies the focus and intent of some of the requirements and guidance.

134
134
article thumbnail

China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics

The Hacker News

Cybersecurity researchers have uncovered an updated version of malware called ValleyRAT that's being distributed as part of a new campaign. "In the latest version, ValleyRAT introduced new commands, such as capturing screenshots, process filtering, forced shutdown, and clearing Windows event logs," Zscaler ThreatLabz researchers Muhammed Irfan V A and Manisha Ramcharan Prajapati said.

Malware 134
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Strategies to Manage and Reduce Alert Fatigue in SOCs

IT Security Guru

The cybersecurity sector is stretched thinner than ever. Budgets are low, attack rates are high, and staff are stressed. A study from 2022 found that one-third of cybersecurity professionals said they were considering leaving their role in the next two years due to stress and burnout. Alert fatigue significantly contributes to staff burnout at Security Operations Centers (SOC).

Antivirus 134
article thumbnail

Microsoft Patch Tuesday security updates for June 2024 fixed only one critical issue

Security Affairs

Microsoft Patch Tuesday security updates for June 2024 addressed 49 vulnerabilities, only one of them is a publicly disclosed zero-day flaw. Microsoft Patch Tuesday security updates for June 2024 addressed 49 vulnerabilities in Windows and Windows Components; Office and Office Components; Azure; Dynamics Business Central; and Visual Studio. Eight of these bugs were reported through the ZDI program.

DNS 131
article thumbnail

Finance Phantom Review – A Crypto Trading Robot that Can Be Your Guardian Too

IT Security Guru

Entering the world of crypto trading is easy, but if you have plans to stay there on a long-term basis then you have to acknowledge all the ups and downs of it. This constant fluctuation won’t stop but what you can do to manage it? To your knowledge, this fluctuation can also make it extremely difficult for you to make a wise decision at the right time.

article thumbnail

RSAC Fireside Chat: Ontinue ups the ‘MXDR’ ante — by emphasizing wider automation, collaboration

The Last Watchdog

Companies that need to protect assets spread across hybrid cloud infrastructure face a huge challenge trying to mix and match disparate security tools. Related: Cyber help for hire Why not seek help from a specialist? At RSAC 2024 , I visited with Geoff Haydon , CEO, and Alex Berger , Head of Product Marketing, at Ontinue , a new player in the nascent Managed Extended Detection and Response ( MXDR ) space.

Antivirus 130
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

How Cynet Makes MSPs Rich & Their Clients Secure

The Hacker News

Managed service providers (MSPs) are on the front lines of soaring demand for cybersecurity services as cyberattacks increase in volume and sophistication. Cynet has emerged as the security vendor of choice for MSPs to capitalize on existing relationships with SMB clients and profitably expand their client base.

article thumbnail

The role of unstructured data and Large Language Models in securing data

IT Security Guru

Advancements in Artificial Intelligence (AI) and Machine Learning (ML) have lowered the barrier of entry for non-security users to independently develop and manage their own data products, which when decentralised to enable separate cross domain data analysis is known as ‘data mesh’. As enterprises are typically built on both structured and unstructured data, if the models these users add unstructured data to aren’t trained and governed properly, the users risk compromising desired outcom

article thumbnail

QR code SQL injection and other vulnerabilities in a popular biometric terminal

SecureList

Biometric scanners offer a unique way to resolve the conflict between security and usability. They help to identify a person by their unique biological characteristics – a fairly reliable process that does not require the user to exert any extra effort. Yet, biometric scanners, as any other tech, have their weaknesses. This article touches on biometric scanner security from the red team’s perspective and uses the example of a popular hybrid terminal model to demonstrate approaches to scann

Firmware 126
article thumbnail

Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs

Bleeping Computer

Today is Microsoft's June 2024 Patch Tuesday, which includes security updates for 51 flaws, eighteen remote code execution flaws, and one publicly disclosed zero-day vulnerability. [.

126
126
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Patch Tuesday Update – June 2024

Security Boulevard

The post Patch Tuesday Update - June 2024 appeared first on Digital Defense. The post Patch Tuesday Update – June 2024 appeared first on Security Boulevard.

111
111
article thumbnail

Pure Storage confirms data breach after Snowflake account hack

Bleeping Computer

Pure Storage, a leading provider of cloud storage systems and services, confirmed on Monday that attackers breached its Snowflake workspace and gained access to what the company describes as telemetry information [.

article thumbnail

Asset Discovery: A Must Have for Understanding Your Complete Attack Surface

Security Boulevard

Asset Discovery: A Must Have for Understanding Your Complete Attack Surface Asset Discovery, a.k.a. You Can’t Manage What You Can’t See Why Speed is Important to Asset Discovery In Summary Get a Demo Asset Discovery: A Must Have for Understanding Your Complete Attack Surface Justin Stouder, FireMon’s Asset Manager GM, met with a large financial services company a few years back, talking with the company’s CISO about their asset inventory.

CISO 105
article thumbnail

City of Cleveland shuts down IT systems after cyberattack

Bleeping Computer

The City of Cleveland, Ohio, is currently dealing with a cyberattack that has forced it to take citizen-facing services offline, including the public offices and facilities at Erieview and the City Hall. [.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Google makes life hard for ad blockers by changes in Chrome

Malwarebytes

Despite protests, Google is rolling out changes in the Chrome browser that make it harder for ad blockers to do their job. Starting last Monday, June 3, 2024, Chrome Beta, Dev, and Canary channels will see the effects of the implementation of the new extension platform Manifest V3. The gradual disabling of V2 extensions will later follow for all Chrome users.

Phishing 103
article thumbnail

New Windows Server KB5039227 and KB5039217 updates fix LSASS crashes

Bleeping Computer

Microsoft has released the Windows Server 2022 KB5039227 and Windows Server 2019 KB5039217 cumulative updates with security fixes and fixes for a variety of bugs. [.

108
108
article thumbnail

Forrester Names Cisco a Leader in OT Security

Cisco Security

Securing industrial networks is top of mind. Cisco’s comprehensive OT security solution and unified IT/OT security platform is a Leader according to Forrester. Learn what makes Cisco stand apart in this market. Securing industrial networks is top of mind. Cisco’s comprehensive OT security solution and unified IT/OT security platform is a Leader according to Forrester.

Marketing 102
article thumbnail

New Warmcookie Windows backdoor pushed via fake job offers

Bleeping Computer

A never-before-seen Windows malware named 'Warmcookie' is distributed through fake job offer phishing campaigns to breach corporate networks.

Phishing 104
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.