Lohrman on Security

JANUARY 29, 2023

ChatGPT is an AI-powered chatbot created by OpenAI. So what are the opportunities and risks with using this technology across different domains?

Cybersecurity 349

Cybersecurity Technology Risk 349

Schneier on Security

JANUARY 3, 2023

A group of Chinese researchers have just published a paper claiming that they can—although they have not yet done so—break 2048-bit RSA. This is something to take seriously. It might not be correct, but it’s not obviously wrong. We have long known from Shor’s algorithm that factoring with a quantum computer is easy. But it takes a big quantum computer, on the orders of millions of qbits, to factor anything resembling the key sizes we use today.

Encryption 363

Encryption Government Information Security 363

Joseph Steinberg

JANUARY 4, 2023

Zero Trust is a term that is often misunderstood and misused, which is why I wrote an article not long ago entitled Zero Trust: What These Overused Cybersecurity Buzz Words Actually Mean – And Do Not Mean. But, even those who have a decent grasp on the meaning of Zero Trust seem to frequently confuse the term with Zero Trust Network Architecture (ZTNA).

Architecture 361

Architecture Artificial Intelligence Encryption Cybersecurity 361

Krebs on Security

JANUARY 9, 2023

Identity thieves have been exploiting a glaring security weakness in the website of Experian , one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s website allowed anyone to bypass these questions and go straight to the consumer’s report.

Identity Theft 350

Identity Theft Accountability Authentication Web Fraud 350

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Troy Hunt

JANUARY 19, 2023

It's fascinating to see how creative people can get with breached data. Of course there's all the nasty stuff (phishing, identity theft, spam), but there are also some amazingly positive uses for data illegally taken from someone else's system. When I first built Have I Been Pwned (HIBP), my mantra was to "do good things after bad things happen" And arguably, it has, largely by enabling individuals and organisations to learn of their own personal exposure in breaches.

Data breaches 348

Data breaches Risk Identity Theft Accountability 348

Tech Republic Security

JANUARY 24, 2023

The criminals took advantage of an API to grab personal details such as customer names, billing addresses, email addresses, phone numbers, dates of birth, and T-Mobile account numbers. The post How hackers stole the personal data of 37 million T-Mobile customers appeared first on TechRepublic.

Mobile 215

Mobile Accountability Data breaches Phishing 215

Schneier on Security

JANUARY 17, 2023

No details , though: According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts “unofficial propaganda and photographs related to ISIS” multiple times on May 14, 2019. In virtue of being a dark web site—­that is, one hosted on the Tor anonymity network—­it should have been difficult for the site owner’s or a third party to determine the real IP address of any of the site’s visitors.

Surveillance 350

Surveillance Media Hacking 350

Joseph Steinberg

JANUARY 2, 2023

“May the present year’s curses end as it ends, and may the upcoming year’s blessings begin as it begins.”. This ancient aphorism from the Talmud is one of my favorite pieces of advice regarding the start of a new year. While many people interpret the saying as a wish or a prayer – and it certainly can be understood as expressing hope for a better future – I understand it also to be a call to action.

Artificial Intelligence 312

Artificial Intelligence Accountability Cybersecurity 312

Krebs on Security

JANUARY 19, 2023

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts. Image: customink.com In a filing today with the U.S.

Mobile 325

Mobile Accountability Data breaches Identity Theft 325

We Live Security

JANUARY 27, 2023

Sandworm continues to conduct attacks against carefully chosen targets in the war-torn country The post SwiftSlicer: New destructive wiper malware strikes Ukraine appeared first on WeLiveSecurity

Malware 145

Malware 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

JANUARY 27, 2023

Working with international law enforcement, the FBI said it has seized control of the servers the Hive group uses to communicate with members. The post FBI takes down Hive ransomware group appeared first on TechRepublic.

Ransomware 208

Ransomware 208

Security Boulevard

JANUARY 27, 2023

Law enforcement agencies from several countries got together and took down the site. They also worked to decrypt victims’ data. The post ‘Hive’ Russian Ransomware Gang Shut Down by FBI, DoJ, Europol, Bundeskriminalamt, et al appeared first on Security Boulevard.

Ransomware 145

Ransomware Social Engineering Engineering Security Awareness 145

Schneier on Security

JANUARY 27, 2023

Early in his career, Kevin Mitnick successfully hacked California law. He told me the story when he heard about my new book , which he partially recounts his 2012 book, Ghost in the Wires. The setup is that he just discovered that there’s warrant for his arrest by the California Youth Authority, and he’s trying to figure out if there’s any way out of it.

Hacking 327

Hacking Engineering 327

Quick Heal Antivirus

JANUARY 25, 2023

As cyber threats continue to evolve and become more sophisticated, it’s crucial for security researchers and professionals. The post AsyncRAT Analysis with ChatGPT appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.

Cyber threats 145

Cyber threats Cybercrime Ransomware Malware 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Krebs on Security

JANUARY 25, 2023

On Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer’s full credit report — armed with nothing more than a person’s name, address, date of birth, and Social Security number. Experian fixed the glitch, but remained silent about the incident for a month.

Cybercrime 318

Cybercrime Web Fraud Data breaches 318

Bleeping Computer

JANUARY 13, 2023

Microsoft has addressed a false positive triggered by a buggy Microsoft Defender ASR rule that would delete application shortcuts from the desktop, the Start menu, and the taskbar and, in some cases, render existing shortcuts unusable as they couldn't be used to launch the linked apps. [.].

145

145

Tech Republic Security

JANUARY 19, 2023

The cybersecurity implications of ChatGPT are vast, especially for email exploits, but putting up guardrails, flagging elements of phishing emails that it doesn’t touch and using it to train itself could help boost defense. The post As a cybersecurity blade, ChatGPT can cut both ways appeared first on TechRepublic.

Cybersecurity 205

Cybersecurity Phishing 205

Security Boulevard

JANUARY 13, 2023

Linanto’s popular web hosting control panel, CWP, has a nasty flaw. It’s easily exploitable—in fact, it’s being exploited RIGHT NOW. The post Yikes, Control Web Panel has Critical RCE — Patch NOW appeared first on Security Boulevard.

Security Awareness 145

Security Awareness Cybersecurity Network Security 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Schneier on Security

JANUARY 20, 2023

From an article about Zheng Xiaoqing, an American convicted of spying for China: According to a Department of Justice (DOJ) indictment, the US citizen hid confidential files stolen from his employers in the binary code of a digital photograph of a sunset, which Mr Zheng then mailed to himself.

324

324

eSecurity Planet

JANUARY 5, 2023

After a year that saw massive ransomware attacks and open cyber warfare, the biggest question in cybersecurity for 2023 will likely be how much of those attack techniques get commoditized and weaponized. “In 2022, governments fought wars online, businesses were affected by multiple ransomware gangs, and regular users’ data was constantly on hackers’ radars,” said NordVPN CTO Marijus Briedis. 2023, he predicted, “will not be any easier when it comes to keeping users’

Ransomware 145

Ransomware CISO Software Cybercrime 145

We Live Security

JANUARY 10, 2023

ESET researchers identified an active StrongPity campaign distributing a trojanized version of the Android Telegram app, presented as the Shagle app – a video-chat service that has no app version. The post StrongPity espionage campaign targeting Android users appeared first on WeLiveSecurity.

144

144

Bleeping Computer

JANUARY 14, 2023

Brave Browser version 1.47 was released yesterday, adding the Snowflake extension in the software's settings, enabling users to turn their devices into proxies that help users in censored countries connect to Tor. [.].

Software 145

Software 145

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

JANUARY 4, 2023

A nightly build version of a machine-learning framework dependency has been compromised. The package ran malicious code on affected systems and stole data from unsuspecting users. The post Machine-Learning Python package compromised in supply chain attack appeared first on TechRepublic.

205

205

Security Boulevard

JANUARY 20, 2023

The Un-carrier is In-secure, it seems. Un-believable. In-credibly in-competent. CEO Mike Sievert (pictured) might become un-CEO. The post T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks appeared first on Security Boulevard.

Data breaches 145

Data breaches Mobile Security Awareness Risk 145

Schneier on Security

JANUARY 9, 2023

The two people who shut down four Washington power stations in December were arrested. This is the interesting part: Investigators identified Greenwood and Crahan almost immediately after the attacks took place by using cell phone data that allegedly showed both men in the vicinity of all four substations, according to court documents. Nowadays, it seems like an obvious thing to do—although the search is probably unconstitutional.

Surveillance 306

Surveillance Internet Internet Risk 306

eSecurity Planet

JANUARY 20, 2023

CyberArk researchers are warning that OpenAI’s popular new AI tool ChatGPT can be used to create polymorphic malware. “[ChatGPT]’s impressive features offer fast and intuitive code examples, which are incredibly beneficial for anyone in the software business,” CyberArk researchers Eran Shimony and Omer Tsarfati wrote this week in a blog post that was itself apparently written by AI. “However, we find that its ability to write sophisticated malware that holds no mali

Malware 143

Malware CISO Cybersecurity Technology 143

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

CyberSecurity Insiders

JANUARY 16, 2023

First, is the news that the Indian government has launched its own Mobile Operating systems that have capabilities to take on international rivals like iOS and Android. Within the next few weeks, the government of the sub-continent is preparing to release an indigenous mobile operating system that has the potential to offer a health competition to American technology giants and will be safe to use in the current cyber threat landscape.

Cyber Attacks 143

Cyber Attacks Mobile Government Password Management 143

Bleeping Computer

JANUARY 4, 2023

A data leak described as containing email addresses for over 200 million Twitter users has been published on a popular hacker forum for about $2. BleepingComputer has confirmed the validity of many of the email addresses listed in the leak. [.].

Technology 145

Technology 145

Tech Republic Security

JANUARY 10, 2023

Only 25% of the organizations surveyed by Delinea were hit by ransomware attacks in 2022, but fewer companies are taking proactive steps to prevent such attacks. The post Ransomware attacks are decreasing, but companies remain vulnerable appeared first on TechRepublic.

Ransomware 204

Ransomware 204

Security Boulevard

JANUARY 27, 2023

The Federal Trade Commission (FTC) chair, Lina M. Khan, recently announced the commission’s intent to adjust a rule that would prohibit non-compete agreements by workers or independent contractors. Their rationale? Unfair competition—which, therefore, falls under the purview of the FTC. This could have a huge impact on the cybersecurity and IT industries, and open up.

Cybersecurity 144

Cybersecurity Risk Government 144

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software