The Last Watchdog

JULY 24, 2023

Accessing vital information to complete day-to-day tasks at our jobs still requires using a password-based system at most companies. Related: Satya Nadella calls for facial recognition regulations Historically, this relationship has been effective from both the user experience and host perspectives; passwords unlocked a world of possibilities, acted as an effective security measure, and were simple to remember.

Authentication 245

Authentication Passwords Phishing Social Engineering 245

Schneier on Security

JULY 26, 2023

Seems that there is a deliberate backdoor in the twenty-year-old TErrestrial Trunked RAdio (TETRA) standard used by police forces around the world. The European Telecommunications Standards Institute (ETSI), an organization that standardizes technologies across the industry, first created TETRA in 1995. Since then, TETRA has been used in products, including radios, sold by Motorola, Airbus, and more.

Telecommunications 235

Telecommunications Encryption Technology Software 235

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online.

Malware 208

Malware VPN Internet Internet 208

Tech Republic Security

JULY 25, 2023

Want a custom security dashboard to bring together data from multiple places? Microsoft Power BI can do that and help you spot what's changing.

Big data 198

Big data Software 198

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Last Watchdog

JULY 27, 2023

Paris, France, July 27, 2023 – CrowdSec , the pioneering open source and collaborative cybersecurity company, today released its Q2 2023 Majority Report , a comprehensive community-driven data report fueled by the collective efforts of its thousands of users. Key takeaways from the report include the rise of IPv6 as well as the role of VPN in cybercriminal activities.

VPN 246

VPN Data collection Cybersecurity Threat Detection 246

Schneier on Security

JULY 27, 2023

World of Warcraft players wrote about a fictional game element, “Glorbo,” on a subreddit for the game, trying to entice an AI bot to write an article about it. It worked : And it…worked. Zleague auto-published a post titled “World of Warcraft Players Excited For Glorbo’s Introduction.” […] That is…all essentially nonsense.

Social Engineering 214

Social Engineering Artificial Intelligence Engineering 214

Tech Republic Security

JULY 28, 2023

The forum's goal is to establish "guardrails" to mitigate the risk of AI. Learn about the group's four core objectives, as well as the criteria for membership.

Risk 144

Risk Artificial Intelligence Cybersecurity 144

Security Boulevard

JULY 28, 2023

C’mon Cupertino: “Unknown Tracker Detected,” your phone screams. What now? The post Android Foils AirTag Stalkers and Thieves — While Apple Does Nothing appeared first on Security Boulevard.

Social Engineering 98

Social Engineering IoT Engineering Security Awareness 98

Schneier on Security

JULY 24, 2023

Supposedly Google is starting a pilot program of disabling Internet connectivity from employee computers: The company will disable internet access on the select desktops, with the exception of internal web-based tools and Google-owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated in materials.

Internet 214

Internet Internet 214

The Hacker News

JULY 28, 2023

A legitimate Windows search feature is being exploited by unknown malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT.

98

98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

JULY 28, 2023

The free NordVPN Meshnet helps you create your own VPN tunnel to securely and directly connect different devices. Learn more about Meshnet and how to set it up in this guide.

VPN 133

VPN Cybersecurity Network Security 133

Security Boulevard

JULY 27, 2023

Welcome to the latest edition of The Week in Security , which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond. This week: a North Korean APT group targets developers via GitHub. Also: This Barbie is a cybercriminal. The post The Week in Security: North Korean APT targets developers, this Barbie is a cybercriminal appeared first on Security Boulevard.

Cybersecurity 98

Cybersecurity Software 98

Schneier on Security

JULY 28, 2023

Interesting research: “ (Ab)using Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs “: Abstract: We demonstrate how images and sounds can be used for indirect prompt and instruction injection in multi-modal LLMs. An attacker generates an adversarial perturbation corresponding to the prompt and blends it into an image or audio recording.

Artificial Intelligence 212

Artificial Intelligence 212

The Hacker News

JULY 27, 2023

Cybersecurity researchers have disclosed two high-severity security flaws in the Ubuntu kernel that could pave the way for local privilege escalation attacks. Cloud security firm Wiz, in a report shared with The Hacker News, said the easy-to-exploit shortcomings have the potential to impact 40% of Ubuntu users.

Cybersecurity 98

Cybersecurity 98

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JULY 25, 2023

If you're new to cyber security or trying to improve your knowledge, Cyber Security Specialist Workshop Live Sessions provides 32 weeks of essential training for under $500.

Cybersecurity 130

Cybersecurity 130

eSecurity Planet

JULY 27, 2023

Cybersecurity startups had been pretty resilient despite the downturn in venture capital funding, but that run has ended in recent months. Venture investments in cybersecurity startups in the second quarter plunged 63% to $1.6 billion , according to data from Crunchbase. Funding was down 40% sequentially from the first quarter, and was the lowest since the fourth quarter of 2019.

Cybersecurity 98

Cybersecurity Marketing Artificial Intelligence Technology 98

Schneier on Security

JULY 25, 2023

The details are scant—the article is based on a “heavily redacted” contract—but the New York subway authority is using an “AI system” to detect people who don’t pay the subway fare. Joana Flores, an MTA spokesperson, said the AI system doesn’t flag fare evaders to New York police, but she declined to comment on whether that policy could change.

Artificial Intelligence 192

Artificial Intelligence 192

The Hacker News

JULY 26, 2023

A new malware family called Realst has become the latest to target Apple macOS systems, with a third of the samples already designed to infect macOS 14 Sonoma, the upcoming major release of the operating system.

Cryptocurrency 98

Cryptocurrency Passwords Malware 98

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JULY 24, 2023

In this How to Make Tech Work tutorial, Jack Wallen shows how to add another layer of security to your Linux machines with just two files.

Network Security 146

Network Security 146

Security Boulevard

JULY 27, 2023

Fraud is a pervasive threat to any organization’s viability and sustainability, with fraudsters continually seeking innovative ways to deceive and steal from businesses. To protect themselves and their customers, it’s critical for businesses today to have a comprehensive fraud risk management plan that identifies, assesses, and mitigates risks associated with nefarious cyber activities.

Risk 98

Risk 98

Bleeping Computer

JULY 26, 2023

Two Linux vulnerabilities introduced recently into the Ubuntu kernel create the potential for unprivileged local users to gain elevated privileges on a massive number of devices. [.

98

98

Malwarebytes

JULY 25, 2023

Stalkerware-type app Spyhide is coded so badly that it’s possible to gain access to the back-end databases and retrieve data about everyone that has the app on their device. And it's not a small number. Hacktivist maia arson crimew told TechCrunch she'd found 60,000 compromised Android devices, dating back to 2016. Spyhide, like many other stalkerware-type apps “silently and continually uploads the phone’s contacts, messages, photos, call logs and recordings, and granular locat

Surveillance 98

Surveillance Mobile Marketing Government 98

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

JULY 24, 2023

Derek Hanson, Yubico’s VP of standards and alliances and an industry expert on passkeys, discusses why device-bound-to-shareable passkeys are critical.

137

137

Security Boulevard

JULY 26, 2023

We will kill WEI: A thinly veiled attempt to track you and make more ad money. The post ALERT: Google Wants to DRM your OS for ‘Web Environment Integrity’ appeared first on Security Boulevard.

IoT 98

IoT Security Awareness Mobile Risk 98

eSecurity Planet

JULY 25, 2023

Incident Response is a systematic method for addressing and managing security incidents in organizations, focused on minimizing and investigating the impact of events and restoring normal operations. When an incident is spotted, typically by an alert or observation, response teams swing into action to address any damage and prevent it from spreading.

Software 98

Software Data breaches DDOS Ransomware 98

The Hacker News

JULY 24, 2023

Details have emerged about a now-patched flaw in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. "This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH's forwarded ssh-agent," Saeed Abbasi, manager of vulnerability research at Qualys, said in an analysis last week.

98

98

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

JULY 28, 2023

Security experts from HackerOne and beyond weigh in on malicious prompt engineering and other attacks that could strike through LLMs.

Artificial Intelligence 147

Artificial Intelligence Cyber threats Hacking Engineering 147

Security Boulevard

JULY 25, 2023

Less than two weeks after WormGPT hit the scene as threat actors’ alternative to the wildly popular ChatGPT generative AI chatbot, a similar tool called FraudGPT is making the rounds on the dark web. FraudGPT offers cybercriminals more effective ways to launch phishing attacks and create malicious code. FraudGPT has been circulating on Telegram Channels.

Phishing 98

Phishing Cybersecurity 98

WIRED Threat Level

JULY 24, 2023

A secret encryption cipher baked into radio systems used by critical infrastructure workers, police, and others around the world is finally seeing sunlight. Researchers say it isn’t pretty.

Encryption 98

Encryption Hacking 98

Bleeping Computer

JULY 26, 2023

Microsoft has released the July 2023 optional cumulative update for Windows 11, version 22H2, with fixes for 27 issues, including ones affecting VPN performance and display or audio devices. [.

VPN 98

VPN 98

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity