Schneier on Security
OCTOBER 1, 2024
This vulnerability hacks a feature that allows ChatGPT to have long-term memory, where it uses information from past conversations to inform future conversations with that same user. A researcher found that he could use that feature to plant “false memories” into that context window that could subvert the model. A month later, the researcher submitted a new disclosure statement.
Tech Republic Security
OCTOBER 1, 2024
A report from insurer QBE predicts that the world will experience 211 significant cyber attacks this year, marking a 105% increase over four years.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Elie
OCTOBER 2, 2024
This talk examine current real-world examples of AI-driven attacks and explore which defensive AI capabilities are available today.
Tech Republic Security
OCTOBER 1, 2024
Version 24H2 adds the sudo command and alerts users when an application accesses their physical location. Microsoft polished other security features, too.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Malwarebytes
OCTOBER 1, 2024
Ireland’s privacy watchdog Data Protection Commission (DPC) has fined Meta €91M ($101M) after the discovery in 2019 that Meta had stored 600 million Facebook and Instagram passwords in plaintext. The DPC ruled that Meta was in violation of GDPR on several occasions related to this breach. It determined that the company failed to “notify the DPC of a personal data breach concerning storage of user passwords in plaintext” without delay, and failed to “document personal data breaches concerning the
Schneier on Security
OCTOBER 2, 2024
Governor Newsom has vetoed the state’s AI safety bill. I have mixed feelings about the bill. There’s a lot to like about it, and I want governments to regulate in this space. But, for now, it’s all EU. (Related, the Council of Europe treaty on AI is ready for signature. It’ll be legally binding when signed, and it’s a big deal.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Last Watchdog
OCTOBER 3, 2024
Singapore, Oct. 3, 2024, CyberNewswire — At DEF CON 32, the SquareX research team delivered a hard-hitting presentation titled Sneaky Extensions: The MV3 Escape Artists where they shared their findings on how malicious browser extensions are bypassing Google’s latest standard for building chrome extensions: Manifest V3 (MV3)’s security features, putting millions of users and businesses at risk.
Troy Hunt
SEPTEMBER 28, 2024
It's not a green screen! It's just a weird a weird hotel room in Pittsburgh, but it did make for a cool backdrop for this week's video. We were there visiting our FBI friends after coming from Washington DC and a visit to CISA, the "America's Cyber Defence Agency" This week, I'm talking about those visits, some really cool new Cloudflare features, and our ongoing effort to push more and more of HIBP's data to Cloudflare's edges.
Schneier on Security
OCTOBER 3, 2024
Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit. In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren’t likely to lead to mass infections that could install ransomware or espionage malware.
Tech Republic Security
OCTOBER 4, 2024
Check Point documented 5,000 spam emails coming from legitimate-looking domains as fake Microsoft application alerts. Real links complete the trap.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Lohrman on Security
SEPTEMBER 29, 2024
As we head toward 2025, are the duties and goals of a chief information security officer achievable? Are CISOs set up for failure? Should position descriptions be changed? Let’s explore.
SecureList
OCTOBER 4, 2024
While trying to deliver malware on victims’ devices and stay on them as long as they can, sometimes attackers are using quite unusual techniques. In a recent campaign starting in 2022, unknown malicious actors have been trying to mine cryptocurrency on victims’ devices without user consent; they’ve used large amounts of resources for distribution, but what’s more, used multiple unusual vectors for defense evasion and persistence.
Penetration Testing
OCTOBER 2, 2024
A discovered zero-day vulnerability is putting Microsoft Office users at risk. Security researcher Metin Yunus Kandemir recently published the technical details and a proof-of-concept (PoC) exploit that reveals a critical... The post 0-Day Flaw CVE-2024-38200 in Microsoft Office Exposes NTLMv2 Hashes: PoC Exploit Released appeared first on Cybersecurity News.
Tech Republic Security
OCTOBER 3, 2024
A third of U.K. teachers have not received cyber security training this year, and only two-thirds of those that did deemed it useful, according to a government poll.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
We Live Security
OCTOBER 2, 2024
ESET Research details the tools and activities of a new China-aligned threat actor, CeranaKeeper, focusing on massive data exfiltration in Southeast Asia
The Hacker News
OCTOBER 4, 2024
Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user's passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads.
Penetration Testing
SEPTEMBER 30, 2024
A serious vulnerability, dubbed KartLANPwn (CVE-2024-45200), has been identified in the wildly popular Nintendo game Mario Kart 8 Deluxe, putting millions of players at risk of remote code execution (RCE)... The post KartLANPwn (CVE-2024-45200) Exploits Mario Kart 8 Deluxe LAN Play Feature for RCE appeared first on Cybersecurity News.
Tech Republic Security
OCTOBER 2, 2024
Need to share a Wi-Fi password with a friend or coworker? Learn how to share a Wi-Fi password on iPhones, iPads, Macs, Androids, and Windows computers.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
SEPTEMBER 29, 2024
Israel allegedly hacked Beirut airport ‘s control tower, warning an Iranian plane not to land, forcing it to return to Tehran. The Israeli cyber army on Saturday hacked into the control tower of Beirut Airport, the Rafic Hariri International Airport. The IDF breached the communication network of the control tower and threatened an Iranian civilian plane attempting to land, reported the MiddleEastMonitor website.
The Hacker News
SEPTEMBER 29, 2024
The Irish Data Protection Commission (DPC) has fined Meta €91 million ($101.56 million) as part of a probe into a security lapse in March 2019, when the company disclosed that it had mistakenly stored users' passwords in plaintext in its systems.
Penetration Testing
SEPTEMBER 29, 2024
A critical vulnerability has been discovered in the popular GiveWP donation plugin for WordPress, potentially allowing unauthenticated attackers to take complete control of affected websites. The flaw, tracked as CVE-2024-8353... The post CVE-2024-8353 (CVSS 10): Critical GiveWP Flaw, 100k WordPress Sites at Risk appeared first on Cybersecurity News.
Tech Republic Security
OCTOBER 1, 2024
If you’re curious about how to create a secure password, read our in-depth guide covering password security and best practices.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Malwarebytes
OCTOBER 3, 2024
Like something out of Black Mirror, two students have demonstrated a way to use smart glasses and facial recognition technology to immediately reveal people’s names, phone numbers, and addresses. The Harvard students have dubbed the system I-XRAY and it works like this: When you look at someone’s face through the glasses—they used Ray-Ban Meta smart glasses—a connected Artificial Intelligence (AI) platform will look up that face on the internet and pull up all the information it can find about t
The Hacker News
OCTOBER 4, 2024
Cloudflare has disclosed that it mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds.
Penetration Testing
SEPTEMBER 29, 2024
In a significant development for the cybersecurity community, researchers have published technical details and a proof-of-concept (PoC) exploit for a newly identified vulnerability in the Linux kernel, designated as CVE-2024-26808.... The post CVE-2024-26808: PoC Exploit Shows Local Privilege Escalation Risk in Linux appeared first on Cybersecurity News.
Tech Republic Security
OCTOBER 4, 2024
Learn how to execute the fundamentals, harden your defenses, and protect your business's network security with no high-tech software.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
OCTOBER 2, 2024
Multiple flaws in DrayTek residential and enterprise routers can be exploited to fully compromise vulnerable devices. Forescout researchers discovered 14 new vulnerabilities in DrayTek routers, two of which have been rated as critical. Of the 14 security flaws nine are rated high, and three are rated medium in severity. The flaws impact residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices.
The Hacker News
SEPTEMBER 30, 2024
Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as: 147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft). Attacks on session cookies now happen in the same order of magnitude as password-based attacks (Google).
Penetration Testing
SEPTEMBER 29, 2024
The PHP project has recently released a security advisory, addressing several vulnerabilities affecting various versions of PHP. These vulnerabilities range from potential log tampering to arbitrary file inclusion and data... The post Multiple Vulnerabilities Discovered in PHP, Prompting Urgent Security Updates appeared first on Cybersecurity News.
Tech Republic Security
SEPTEMBER 30, 2024
Prompt injection and data leakage are among the top threats posed by LLMs, but they can be mitigated using existing security logging technologies.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
278 
Let's personalize your content