Sat.Jul 22, 2023 - Fri.Jul 28, 2023

article thumbnail

GUEST ESSAY: Why it’s high time for us to rely primarily on passwordless authentication

The Last Watchdog

Accessing vital information to complete day-to-day tasks at our jobs still requires using a password-based system at most companies. Related: Satya Nadella calls for facial recognition regulations Historically, this relationship has been effective from both the user experience and host perspectives; passwords unlocked a world of possibilities, acted as an effective security measure, and were simple to remember.

article thumbnail

Backdoor in TETRA Police Radios

Schneier on Security

Seems that there is a deliberate backdoor in the twenty-year-old TErrestrial Trunked RAdio (TETRA) standard used by police forces around the world. The European Telecommunications Standards Institute (ETSI), an organization that standardizes technologies across the industry, first created TETRA in 1995. Since then, TETRA has been used in products, including radios, sold by Motorola, Airbus, and more.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Who and What is Behind the Malware Proxy Service SocksEscort?

Krebs on Security

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online.

Malware 211
article thumbnail

How to Create a Custom Security & Threat Dashboard in Power BI

Tech Republic Security

Want a custom security dashboard to bring together data from multiple places? Microsoft Power BI can do that and help you spot what's changing.

Big data 205
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

News Alert: CrowdSec report highlights the rise of IPv6 in cyber criminal activities

The Last Watchdog

Paris, France, July 27, 2023 – CrowdSec , the pioneering open source and collaborative cybersecurity company, today released its Q2 2023 Majority Report , a comprehensive community-driven data report fueled by the collective efforts of its thousands of users. Key takeaways from the report include the rise of IPv6 as well as the role of VPN in cybercriminal activities.

VPN 246
article thumbnail

Fooling an AI Article Writer

Schneier on Security

World of Warcraft players wrote about a fictional game element, “Glorbo,” on a subreddit for the game, trying to entice an AI bot to write an article about it. It worked : And it…worked. Zleague auto-published a post titled “World of Warcraft Players Excited For Glorbo’s Introduction.” […] That is…all essentially nonsense.

More Trending

article thumbnail

Maine CISO on the State's Six-Month Generative AI 'Pause'

Lohrman on Security

Maine paused the use of ChatGPT and other generative AI apps for six months beginning in June. After hearing wide-ranging reactions, I decided to ask Nathan Willigar, the state CISO, about the move.

CISO 150
article thumbnail

News Alert: QBE North America launches new cyber insurance program with Converge

The Last Watchdog

New York, NY, July 27, 2023 – QBE North America today announced the launch of a cyber insurance program with new MGA, Converge, acting as program administrator. The program will be broken down into two separate distribution structures, each with a distinct revenue focus and cyber security data access formation. •ConvergeElements™ offers primary and excess cyber coverage through select agents and brokers for companies with up to $100 million in revenue.

article thumbnail

Google Reportedly Disconnecting Employees from the Internet

Schneier on Security

Supposedly Google is starting a pilot program of disabling Internet connectivity from employee computers: The company will disable internet access on the select desktops, with the exception of internal web-based tools and Google-owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated in materials.

Internet 222
article thumbnail

HackerOne: How Artificial Intelligence Is Changing Cyber Threats and Ethical Hacking

Tech Republic Security

Security experts from HackerOne and beyond weigh in on malicious prompt engineering and other attacks that could strike through LLMs.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Twitter's rebranding to 'X' triggers Microsoft Edge security alert

Bleeping Computer

Microsoft Edge web browser has been displaying security warnings after Twitter changed its name to 'X'. It's got to do with a security feature dubbed 'Progressive Web App Icon change', designed to keep users safe during app icon or name changes. [.

98
article thumbnail

News Alert: Protect AI raises $35M in Series A financing to secure AI, ML software supply chain

The Last Watchdog

Seattle, Wash., July 26, 2023 — Protect AI , the artificial intelligence (AI) and machine learning (ML) security company, today announced it has closed a $35M Series A round of funding. The round was led by Evolution Equity Partners with participation from Salesforce Ventures and existing investors Acrew Capital, boldstart ventures, Knollwood Capital and Pelion Ventures.

Software 188
article thumbnail

Indirect Instruction Injection in Multi-Modal LLMs

Schneier on Security

Interesting research: “ (Ab)using Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs “: Abstract: We demonstrate how images and sounds can be used for indirect prompt and instruction injection in multi-modal LLMs. An attacker generates an adversarial perturbation corresponding to the prompt and blends it into an image or audio recording.

article thumbnail

How to Easily Block IP Addresses From Accessing a Desktop or Server

Tech Republic Security

In this How to Make Tech Work tutorial, Jack Wallen shows how to add another layer of security to your Linux machines with just two files.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Hackers Abusing Windows Search Feature to Install Remote Access Trojans

The Hacker News

A legitimate Windows search feature is being exploited by unknown malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT.

98
article thumbnail

News Alert: Perception Point reports rates of ‘BEC,’ phishing attacks climb in the first half of 2023

The Last Watchdog

Tel Aviv, Israel, July 27, 2023 — Perception Point , a leading provider of advanced threat prevention across digital communication channels, today published a new report analyzing global cyberattack trends in H1 2023 amidst the paradigm shift brought about by advances in generative AI (GenAI) capabilities. In its H1 2023 Report: Cybersecurity Trends & Insights , Perception Point reported an overall increase in social engineering attacks, including a 20% growth in the prevalence of

Phishing 186
article thumbnail

New York Using AI to Detect Subway Fare Evasion

Schneier on Security

The details are scant—the article is based on a “heavily redacted” contract—but the New York subway authority is using an “AI system” to detect people who don’t pay the subway fare. Joana Flores, an MTA spokesperson, said the AI system doesn’t flag fare evaders to New York police, but she declined to comment on whether that policy could change.

article thumbnail

OpenAI, Microsoft, Google, Anthropic Launch Frontier Model Forum to Promote Safe AI

Tech Republic Security

The forum's goal is to establish "guardrails" to mitigate the risk of AI. Learn about the group's four core objectives, as well as the criteria for membership.

Risk 147
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Russian APT BlueBravo targets diplomatic entities with GraphicalProton backdoor

Security Affairs

Russia-linked BlueBravo has been spotted targeting diplomatic entities in Eastern Europe with the GraphicalProton Backdoor. The Russia-linked threat-state actor BlueBravo (aka APT29 , Cloaked Ursa, and Midnight Blizzard, Nobelium ) has been observed targeting diplomatic entities throughout Eastern Europe. The group was observed conducting a spear-phishing campaign with the end goal of infecting recipients with a new backdoor called GraphicalProton.

article thumbnail

Android Foils AirTag Stalkers and Thieves — While Apple Does Nothing

Security Boulevard

C’mon Cupertino: “Unknown Tracker Detected,” your phone screams. What now? The post Android Foils AirTag Stalkers and Thieves — While Apple Does Nothing appeared first on Security Boulevard.

article thumbnail

GameOver(lay): Two Severe Linux Vulnerabilities Impact 40% of Ubuntu Users

The Hacker News

Cybersecurity researchers have disclosed two high-severity security flaws in the Ubuntu kernel that could pave the way for local privilege escalation attacks. Cloud security firm Wiz, in a report shared with The Hacker News, said the easy-to-exploit shortcomings have the potential to impact 40% of Ubuntu users.

article thumbnail

OpenAI, Google and More Agree to White House List of Eight AI Safety Assurances

Tech Republic Security

Assurances include watermarking, reporting about capabilities and risks, investing in safeguards to prevent bias and more.

Risk 145
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

CoinsPaid blames North Korea-linked APT Lazarus for theft of $37M worth of cryptocurrency

Security Affairs

Crypto-payments service provider CoinsPaid suffered a cyber attack that resulted in the theft of $37,200,000 worth of cryptocurrency. CoinsPaid, a crypto-payment service provider, fell victim to a cyber attack, leading to the theft of $37,200,000 worth of cryptocurrency. The company attributes the cyber heist to the North Korea-linked APT Lazarus , which is also responsible for the attacks against Axie Infinity (USD 625M), Horizon Bridge (USD 100M), Atomic Wallet (USD 100M) and Alphapo (USD 23M)

article thumbnail

The Week in Security: North Korean APT targets developers, this Barbie is a cybercriminal

Security Boulevard

Welcome to the latest edition of The Week in Security , which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond. This week: a North Korean APT group targets developers via GitHub. Also: This Barbie is a cybercriminal. The post The Week in Security: North Korean APT targets developers, this Barbie is a cybercriminal appeared first on Security Boulevard.

article thumbnail

A Data Exfiltration Attack Scenario: The Porsche Experience

The Hacker News

As part of Checkmarx's mission to help organizations develop and deploy secure software, the Security Research team started looking at the security posture of major car manufacturers. Porsche has a well-established Vulnerability Reporting Policy (Disclosure Policy)[1], it was considered in scope for our research, so we decided to start there, and see what we could find.

article thumbnail

IBM Report: Average Cost of a Data Breach Rises to $4.45 Million

Tech Republic Security

IBM provides insight on the rise in the average cost of data breaches as well as some tips for how to prevent and mitigate them.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

DepositFiles exposed config file, jeopardizing user security

Security Affairs

DepositFiles, a popular web hosting service, left its environment configuration file accessible, revealing a trove of highly sensitive credentials. The recent tsunami of Cl0p-driven ransomware attacks via the MOVEit Transfer exploit is a painful reminder of the general idea behind the pessimistic “the cloud is just someone else’s computer” analogy. DepositFiles, a service boasting that it’s the “perfect place to keep your precious files in safety and share them,” does not alleviate these concern

article thumbnail

Protecting Your Business Against BEC: Benefits and Implementation

GlobalSign

Let’s explore the mechanisms of BEC and how to protect your business and the innovative use of artificial intelligence (AI) to enhance security.

article thumbnail

Major Security Flaw Discovered in Metabase BI Software – Urgent Update Required

The Hacker News

Users of Metabase, a popular business intelligence and data visualization software package, are being advised to update to the latest version following the discovery of an "extremely severe" flaw that could result in pre-authenticated remote code execution on affected installations. Tracked as CVE-2023-38646, the issue impacts open-source editions prior to 0.46.6.

article thumbnail

Hardware-bound passkeys are still ultimate in security: Yubico VP

Tech Republic Security

Derek Hanson, Yubico’s VP of standards and alliances and an industry expert on passkeys, discusses why device-bound-to-shareable passkeys are critical.

144
144
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!