February, 2023

article thumbnail

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group.

Hacking 293
article thumbnail

ChatGPT Is Ingesting Corporate Secrets

Schneier on Security

Interesting : According to internal Slack messages that were leaked to Insider , an Amazon lawyer told workers that they had “already seen instances” of text generated by ChatGPT that “closely” resembled internal company data. This issue seems to have come to a head recently because Amazon staffers and other tech workers throughout the industry have begun using ChatGPT as a “ coding assistant ” of sorts to help them write or improve strings of code, the report

362
362
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Quantum Computers: What Is Q-Day? And What’s the Solution?

Lohrman on Security

Quantum computers hold the promise of amazing advances in numerous fields. So why are cybersecurity experts so worried about Q-Day? What must be done now to prepare?

article thumbnail

Down the Cloudflare / Stripe / OWASP Rabbit Hole: A Tale of 6 Rabbits Deep ? ? ? ? ? ?

Troy Hunt

I found myself going down a previously unexplored rabbit hole recently, or more specifically, what I thought was "a" rabbit hole but in actual fact was an ever-expanding series of them that led me to what I refer to in the title of this post as "6 rabbits deep" It's a tale of firewalls, APIs and sifting through layers and layers of different services to sniff out the root cause of something that seemed very benign, but actually turned out to be highly impactful.

Firewall 332
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

IBM: Most ransomware blocked last year, but cyberattacks are moving faster

Tech Republic Security

A new study from IBM Security suggests cyberattackers are taking side routes that are less visible, and they are getting much faster at infiltrating perimeters. The post IBM: Most ransomware blocked last year, but cyberattacks are moving faster appeared first on TechRepublic.

article thumbnail

How to Create a GDPR Data Protection Policy

Security Boulevard

In this blog, we will discuss what GDPR compliance entails and provide tips on how to create an effective GDPR data protection policy. The post How to Create a GDPR Data Protection Policy appeared first on Scytale. The post How to Create a GDPR Data Protection Policy appeared first on Security Boulevard.

Risk 145

More Trending

article thumbnail

Putting Undetectable Backdoors in Machine Learning Models

Schneier on Security

This is really interesting research from a few months ago: Abstract: Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. Delegation of learning has clear benefits, and at the same time raises serious concerns of trust. This work studies possible abuses of power by untrusted learners.We show how a malicious learner can plant an undetectable backdoor into a classifier.

344
344
article thumbnail

From Progress to Bans: How Close Are Human Microchip Implants?

Lohrman on Security

A lot has happened in the past 12 months regarding human microchip implants. Here’s your roundup of recent developments.

299
299
article thumbnail

Pwned Passwords Adds NTLM Support to the Firehose

Troy Hunt

I think I've pretty much captured it all in the title of this post but as of about a day ago, Pwned Passwords now has full parity between the SHA-1 hashes that have been there since day 1 and NTLM hashes. We always had both as a downloadable corpus but as of just over a year ago with the introduction of the FBI data feed , we stopped maintaining downloadable behemoths of data.

Passwords 286
article thumbnail

Cryptocurrency users in the US hit by ransomware and Clipper malware

Tech Republic Security

Learn how to protect your business and staff from the MortalKombat ransomware and Laplas Clipper malware. The post Cryptocurrency users in the US hit by ransomware and Clipper malware appeared first on TechRepublic.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

‘See No Evil’ — Mozilla SLAMS Google’s App Privacy Labels

Security Boulevard

Google doesn’t want you to know what your Android apps do with your data. That seems to be the conclusion from a Mozilla study into the Play Store. The post ‘See No Evil’ — Mozilla SLAMS Google’s App Privacy Labels appeared first on Security Boulevard.

article thumbnail

Hackers blamed after Russian radio stations play warnings of missile strikes and air raids

Graham Cluley

Russian media has blamed hackers after commercial radio stations in the country broadcast bogus warnings about air raids and missile strikes, telling listeners to head to shelters.

Media 143
article thumbnail

Cyberwar Lessons from the War in Ukraine

Schneier on Security

The Aspen Institute has published a good analysis of the successes, failures, and absences of cyberattacks as part of the current war in Ukraine: “ The Cyber Defense Assistance Imperative ­ Lessons from Ukraine.” Its conclusion: Cyber defense assistance in Ukraine is working. The Ukrainian government and Ukrainian critical infrastructure organizations have better defended themselves and achieved higher levels of resiliency due to the efforts of CDAC and many others.

article thumbnail

Brave browser to block “open in app” prompts, pool-party attacks

Bleeping Computer

Brave Software, the developer of the privacy-focused web browser, has announced some plants for the upcoming version 1.49 that will block everyday browsing annoyances like "open in app" prompts and add better protections against pool-party attacks, [.

Software 144
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack

Trend Micro

We discovered a new backdoor which we have attributed to the advanced persistent threat actor known as Earth Kitsune, which we have covered before. Since 2019, Earth Kitsune has been distributing variants of self-developed backdoors to targets, primarily individuals who are interested in North Korea.

141
141
article thumbnail

How IT jobs and recruiting on the dark web might trick you

Tech Republic Security

A new Kaspersky report sheds light on why some tech pros look for jobs on the dark web and how to spot suspicious and likely illegal positions from recruiters in that environment. The post How IT jobs and recruiting on the dark web might trick you appeared first on TechRepublic.

article thumbnail

Surprise! US DoD Server Had no Password — 3TB of Sensitive Data Leaked

Security Boulevard

Sensitive military data found on unprotected Microsoft Azure server. Defense Department email store left insecure for at least 11 days. The post Surprise! US DoD Server Had no Password — 3TB of Sensitive Data Leaked appeared first on Security Boulevard.

Passwords 144
article thumbnail

Fake ChatGPT apps spread Windows and Android malware

Graham Cluley

Malicious hackers are taking advantage of people searching the internet for free access to ChatGPT in order to direct them to malware and phishing sites. Read more in my article on the Hot for Security blog.

Malware 142
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

AIs as Computer Hackers

Schneier on Security

Hacker “Capture the Flag” has been a mainstay at hacker gatherings since the mid-1990s. It’s like the outdoor game, but played on computer networks. Teams of hackers defend their own computers while attacking other teams’. It’s a controlled setting for what computer hackers do in real life: finding and fixing vulnerabilities in their own systems and exploiting them in others’ It’s the software vulnerability lifecycle.

article thumbnail

Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide

Bleeping Computer

Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy ransomware. [.

article thumbnail

Vulnerability Reward Program: 2022 Year in Review

Google Security

Posted by Sarah Jacobus, Vulnerability Rewards Team It has been another incredible year for the Vulnerability Reward Programs (VRPs) at Google! Working with security researchers throughout 2022, we have been able to identify and fix over 2,900 security issues and continue to make our products more secure for our users around the world. We are thrilled to see significant year over year growth for our VRPs, and have had yet another record breaking year for our programs!

article thumbnail

New cybersecurity data reveals persistent social engineering vulnerabilities

Tech Republic Security

Ransomware was down last year, though LockBit led threat actors and employees opened a third of the toxic emails in the last six months of 2022. The post New cybersecurity data reveals persistent social engineering vulnerabilities appeared first on TechRepublic.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Innovation at the Expense of Cybersecurity? No More!

Security Boulevard

Earlier this month, Jen Easterly and Eric Goldstein of the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security signaled a major shift in the federal government’s approach to cybersecurity risk and responsibility. In their Foreign Affairs article Stop Passing the Buck on Cybersecurity, Easterly and Goldstein make a strong case for.

article thumbnail

IoC detection experiments with ChatGPT

SecureList

ChatGPT is a groundbreaking chatbot powered by the neural network-based language model text-davinci-003 and trained on a large dataset of text from the Internet. It is capable of generating human-like text in a wide range of styles and formats. ChatGPT can be fine-tuned for specific tasks, such as answering questions, summarizing text, and even solving cybersecurity-related problems, such as generating incident reports or interpreting decompiled code.

Malware 142
article thumbnail

The Rise of Security Service Edge (SSE): A Game-changer for the Modern Workforce

CyberSecurity Insiders

The pandemic shook businesses to its core, forcing users to trade in their office chairs for home desks. The result? Users, devices, and data scattered across the world. And for those in the networking and security fields, this shift brought major challenges. The traditional castle and moat access approach was no longer enough, and even the most reliable security tools became obsolete.

DDOS 141
article thumbnail

Beware rogue 2FA apps in App Store and Google Play – don’t get hacked!

Naked Security

Even in Apple's and Google's "walled gardens", there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.

Hacking 144
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Cybersecurity in wartime: how Ukraine's infosec community is coping

CSO Magazine

Whenever shells rain down on Ukraine, Yuriy Gatupov's colleagues put a '+' sign in a chat room. Then, the pluses are counted. "We check if everybody is alive," he says. Gatupov, the owner of two cybersecurity companies, says it is vital to stay connected during a time of war. With Russia now controlling around 18% of Ukraine's territory including Donbas and Crimea, tech workers face formidable challenges.

InfoSec 137
article thumbnail

Pen testing report: IT budgets should focus on entire security stack

Tech Republic Security

With nearly 90% of companies reporting cyberattacks, pen testing budgets are on the rise, with cloud infrastructure and services a key focus area, according to a new report. The post Pen testing report: IT budgets should focus on entire security stack appeared first on TechRepublic.

article thumbnail

Amazing Fast Crypto for IoT — US NIST Fingers ASCON

Security Boulevard

Implementing modern cryptography standards on tiny IoT devices is hard. They’re underpowered, need to sip battery charge and something like AES is often overkill. The post Amazing Fast Crypto for IoT — US NIST Fingers ASCON appeared first on Security Boulevard.

IoT 144
article thumbnail

Dish Network goes offline after likely cyberattack, employees cut off

Bleeping Computer

American TV giant and satellite broadcast provider, Dish Network has mysteriously gone offline with its websites and apps ceasing to function over the past 24 hours. [.

140
140
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.