Schneier on Security
OCTOBER 1, 2024
This vulnerability hacks a feature that allows ChatGPT to have long-term memory, where it uses information from past conversations to inform future conversations with that same user. A researcher found that he could use that feature to plant “false memories” into that context window that could subvert the model. A month later, the researcher submitted a new disclosure statement.
Tech Republic Security
OCTOBER 1, 2024
A report from insurer QBE predicts that the world will experience 211 significant cyber attacks this year, marking a 105% increase over four years.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Elie
OCTOBER 2, 2024
This talk examine current real-world examples of AI-driven attacks and explore which defensive AI capabilities are available today.
Tech Republic Security
OCTOBER 1, 2024
Version 24H2 adds the sudo command and alerts users when an application accesses their physical location. Microsoft polished other security features, too.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Malwarebytes
OCTOBER 1, 2024
Ireland’s privacy watchdog Data Protection Commission (DPC) has fined Meta €91M ($101M) after the discovery in 2019 that Meta had stored 600 million Facebook and Instagram passwords in plaintext. The DPC ruled that Meta was in violation of GDPR on several occasions related to this breach. It determined that the company failed to “notify the DPC of a personal data breach concerning storage of user passwords in plaintext” without delay, and failed to “document personal data breaches concerning the
Schneier on Security
OCTOBER 2, 2024
Governor Newsom has vetoed the state’s AI safety bill. I have mixed feelings about the bill. There’s a lot to like about it, and I want governments to regulate in this space. But, for now, it’s all EU. (Related, the Council of Europe treaty on AI is ready for signature. It’ll be legally binding when signed, and it’s a big deal.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Troy Hunt
SEPTEMBER 28, 2024
It's not a green screen! It's just a weird a weird hotel room in Pittsburgh, but it did make for a cool backdrop for this week's video. We were there visiting our FBI friends after coming from Washington DC and a visit to CISA, the "America's Cyber Defence Agency" This week, I'm talking about those visits, some really cool new Cloudflare features, and our ongoing effort to push more and more of HIBP's data to Cloudflare's edges.
Tech Republic Security
OCTOBER 3, 2024
A third of U.K. teachers have not received cyber security training this year, and only two-thirds of those that did deemed it useful, according to a government poll.
Schneier on Security
OCTOBER 3, 2024
Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit. In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren’t likely to lead to mass infections that could install ransomware or espionage malware.
Penetration Testing
OCTOBER 2, 2024
A discovered zero-day vulnerability is putting Microsoft Office users at risk. Security researcher Metin Yunus Kandemir recently published the technical details and a proof-of-concept (PoC) exploit that reveals a critical... The post 0-Day Flaw CVE-2024-38200 in Microsoft Office Exposes NTLMv2 Hashes: PoC Exploit Released appeared first on Cybersecurity News.
Advertisement
Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.
Malwarebytes
OCTOBER 3, 2024
Like something out of Black Mirror, two students have demonstrated a way to use smart glasses and facial recognition technology to immediately reveal people’s names, phone numbers, and addresses. The Harvard students have dubbed the system I-XRAY and it works like this: When you look at someone’s face through the glasses—they used Ray-Ban Meta smart glasses—a connected Artificial Intelligence (AI) platform will look up that face on the internet and pull up all the information it can find about t
Tech Republic Security
OCTOBER 4, 2024
Check Point documented 5,000 spam emails coming from legitimate-looking domains as fake Microsoft application alerts. Real links complete the trap.
Security Boulevard
OCTOBER 4, 2024
Egyptian River Floods: Operational technology (OT) targeted in “world record” 3.8 Tb/s distributed denial of service (DDoS). The post Biggest Ever DDoS is Threat to OT Critical Infrastructure appeared first on Security Boulevard.
Penetration Testing
SEPTEMBER 30, 2024
A serious vulnerability, dubbed KartLANPwn (CVE-2024-45200), has been identified in the wildly popular Nintendo game Mario Kart 8 Deluxe, putting millions of players at risk of remote code execution (RCE)... The post KartLANPwn (CVE-2024-45200) Exploits Mario Kart 8 Deluxe LAN Play Feature for RCE appeared first on Cybersecurity News.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
The Hacker News
OCTOBER 4, 2024
Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user's passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads.
Tech Republic Security
OCTOBER 2, 2024
Need to share a Wi-Fi password with a friend or coworker? Learn how to share a Wi-Fi password on iPhones, iPads, Macs, Androids, and Windows computers.
Security Boulevard
SEPTEMBER 30, 2024
Understand the overarching value of PAM, the use cases, the types of systems and how users will benefit from it, including proper contingency plans. The post The Path of Least Resistance to Privileged Access Management appeared first on Security Boulevard.
Penetration Testing
SEPTEMBER 29, 2024
A critical vulnerability has been discovered in the popular GiveWP donation plugin for WordPress, potentially allowing unauthenticated attackers to take complete control of affected websites. The flaw, tracked as CVE-2024-8353... The post CVE-2024-8353 (CVSS 10): Critical GiveWP Flaw, 100k WordPress Sites at Risk appeared first on Cybersecurity News.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Hacker News
SEPTEMBER 29, 2024
The Irish Data Protection Commission (DPC) has fined Meta €91 million ($101.56 million) as part of a probe into a security lapse in March 2019, when the company disclosed that it had mistakenly stored users' passwords in plaintext in its systems.
Tech Republic Security
SEPTEMBER 30, 2024
Prompt injection and data leakage are among the top threats posed by LLMs, but they can be mitigated using existing security logging technologies.
Security Boulevard
SEPTEMBER 30, 2024
Connected cars considered crud: Kia promises bug never exploited. But even 10-year-old cars were vulnerable. The post Kia’s Huge Security Hole: FIXED (Finally) appeared first on Security Boulevard.
Penetration Testing
SEPTEMBER 29, 2024
In a significant development for the cybersecurity community, researchers have published technical details and a proof-of-concept (PoC) exploit for a newly identified vulnerability in the Linux kernel, designated as CVE-2024-26808.... The post CVE-2024-26808: PoC Exploit Shows Local Privilege Escalation Risk in Linux appeared first on Cybersecurity News.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
The Hacker News
OCTOBER 4, 2024
Cloudflare has disclosed that it mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds.
Tech Republic Security
OCTOBER 4, 2024
Ghost calls are an annoying indicator of a potential security issue. Learn why they happen, when you should worry, and how to stop them.
Security Boulevard
OCTOBER 3, 2024
As organizations continue to adopt more SaaS applications, the need for comprehensive security solutions will only grow. The post SSPM: A Better Way to Secure SaaS Applications appeared first on Security Boulevard.
Penetration Testing
SEPTEMBER 29, 2024
The PHP project has recently released a security advisory, addressing several vulnerabilities affecting various versions of PHP. These vulnerabilities range from potential log tampering to arbitrary file inclusion and data... The post Multiple Vulnerabilities Discovered in PHP, Prompting Urgent Security Updates appeared first on Cybersecurity News.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
SecureList
OCTOBER 2, 2024
Introduction In the ever-evolving landscape of cybersecurity, logs, that is information collected from various sources like network devices, endpoints, and applications, plays a crucial role in identifying and responding to threats. By analyzing this data, organizations can detect anomalies, pinpoint malicious activity, and mitigate potential cyberattacks before they cause significant damage.
Tech Republic Security
OCTOBER 1, 2024
If you’re curious about how to create a secure password, read our in-depth guide covering password security and best practices.
Security Boulevard
OCTOBER 1, 2024
The U.S. and its Five Eyes alliance partners are warning enterprises techniques threat actors use to target Microsoft's Active Directory and ways that they can detect and mitigate such attacks. The post Five Eyes Agencies Put Focus on Active Directory Threats appeared first on Security Boulevard.
Penetration Testing
SEPTEMBER 30, 2024
A newly discovered critical vulnerability, CVE-2024-36435, has been uncovered in several Supermicro enterprise products, potentially exposing organizations to significant security risks. Discovered by Alexander Tereshkin from NVIDIA’s Offensive Security Research... The post Researcher Details RCE Flaw (CVE-2024-36435) in Supermicro BMC IPMI Firmware appeared first on Cybersecurity News.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
268 
Let's personalize your content