Schneier on Security

JUNE 3, 2024

A piece I coauthored with Fredrik Heiding and Arun Vishwanath in the Harvard Business Review : Summary. Gen AI tools are rapidly making these emails more advanced, harder to spot, and significantly more dangerous. Recent research showed that 60% of participants fell victim to artificial intelligence (AI)-automated phishing, which is comparable to the success rates of non-AI-phishing messages created by human experts.

Phishing 304

Phishing Artificial Intelligence Scams 304

The Last Watchdog

JUNE 5, 2024

Digital rights management ( DRM ) has come a long way since Hollywood first recognized in the 1990s that it needed to rigorously protect digital music and movies. By the mid-2000s a branch called enterprise digital rights management ( EDRM ) cropped up to similarly protect sensitive business information. Today, businesses amass vast amounts of business-critical data – at a pace that’s quickening as GenAI takes hold.

Architecture 289

Architecture Marketing Internet Internet 289

Troy Hunt

JUNE 2, 2024

What a week! It was Ticketmaster that consumed the bulk of my time this week with the media getting themselves into a bit of a frenzy over a data breach that at the time of recording, still hadn't even been confirmed. But as predicted in the video, confirmation came late on a Friday arvo and since that time we've learned a lot more about just how bad the situation is.

Data breaches 229

Data breaches Media 229

Lohrman on Security

JUNE 2, 2024

Some call it spam. Others call it marketing. Recipients want it to stop, while senders are looking to perfect their “art.” But both sides agree on one thing: Email communication is still broken in 2024.

Marketing 229

Marketing 229

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

JUNE 4, 2024

Interesting story of breaking the security of the RoboForm password manager in order to recover a cryptocurrency wallet password. Grand and Bruno spent months reverse engineering the version of the RoboForm program that they thought Michael had used in 2013 and found that the pseudo-random number generator used to generate passwords in that version­and subsequent versions until 2015­did indeed have a significant flaw that made the random number generator not so random.

Password Management 301

Password Management Passwords Cryptocurrency Engineering 301

Tech Republic Security

JUNE 7, 2024

Anthropic opened a window into the ‘black box’ where ‘features’ steer a large language model’s output. OpenAI dug into the same concept two weeks later with a deep dive into sparse autoencoders.

Artificial Intelligence 181

Artificial Intelligence Big data Cybersecurity 181

WIRED Threat Level

JUNE 4, 2024

Windows Recall takes a screenshot every five seconds. Cybersecurity researchers say the system is simple to abuse—and one ethical hacker has already built a tool to show how easy it really is.

Data collection 145

Data collection Cybersecurity Hacking 145

Schneier on Security

JUNE 3, 2024

Technology was once simply a tool—and a small one at that—used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We don’t live in that world anymore. Not only has technology become entangled with the structure of society, but we also can no longer see the world around us without it.

Technology 276

Technology Government Engineering Internet 276

Tech Republic Security

JUNE 6, 2024

Both the promise and the risk of "human-level" AI has always been part of OpenAI’s makeup. What should business leaders take away from this letter?

Risk 197

Risk Artificial Intelligence Big data 197

Penetration Testing

JUNE 4, 2024

Security researcher Mykola Grymalyuk published the technical details and a proof-of-concept (PoC) exploit code for a vulnerability (CVE-2024-34331) in Parallels Desktop for Mac, a popular virtualization software. The flaw could allow attackers to escalate... The post CVE-2024-34331: Parallels Desktop Vulnerability Gives Root to Hackers, PoC Published appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing Software 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Elie

JUNE 5, 2024

This case-study explores the effectiveness of virtual reality (VR) for diversity, equity, and inclusion (DEI) training through the lens of a custom VR application developped to train Google employees.

138

138

Schneier on Security

JUNE 7, 2024

This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security. The fifty or so attendees include psychologists, economists, computer security researchers, criminologists, sociologists, political scientists, designers, lawyers, philosophers, anthropologists, geo

Cybersecurity 257

Cybersecurity 257

Tech Republic Security

JUNE 5, 2024

The observability suite is the first major overhaul for Splunk products since the Cisco acquisition. Plus, Mistral AI makes a deal with Cisco’s incubator.

Big data 169

Big data Artificial Intelligence Network Security 169

WIRED Threat Level

JUNE 7, 2024

After weeks of withering criticism and exposed security flaws, Microsoft has vastly scaled back its ambitions for Recall, its AI-enabled silent recording feature, and added new privacy features.

Hacking 143

Hacking 143

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

JUNE 1, 2024

Kaspersky has released a new virus removal tool named KVRT for the Linux platform, allowing users to scan their systems and remove malware and other known threats for free. [.

Malware 144

Malware Software 144

Schneier on Security

JUNE 6, 2024

The US is using a World War II law that bans aircraft photography of military installations to charge someone with doing the same thing with a drone.

269

269

Tech Republic Security

JUNE 4, 2024

What are the top VPNs in the U.K.? Here are the best U.K. VPNs users should be looking at and the key features they should consider during VPN selection.

VPN 166

VPN 166

WIRED Threat Level

JUNE 6, 2024

A new discovery that the AI-enabled feature's historical data can be accessed even by hackers without administrator privileges only contributes to the growing sense that the feature is a “dumpster fire.

Hacking 142

Hacking 142

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Malwarebytes

JUNE 1, 2024

Live Nation Entertainment has confirmed what everyone has been speculating on for the last week : Ticketmaster has suffered a data breach. In a filing with the SEC , Live Nation said on May 20th it identified “unauthorized activity within a third-party cloud database environment containing Company data (primarily from its Ticketmaster L.L.C. subsidiary)” and launched an investigation.

Data breaches 143

Data breaches Passwords Phishing Password Management 143

Schneier on Security

JUNE 7, 2024

The US Justice Department has dismantled an enormous botnet: According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide. These devices were associated with more than 19 million unique IP addresses, including 613,841 IP addresses located in the United States.

Government 231

Government Malware Cybercrime 231

Tech Republic Security

JUNE 6, 2024

1Password’s top-tier security and sleek user interface make it a solid password manager to try this year. Read our hands-on 1Password review to learn more.

Password Management 161

Password Management Passwords 161

Security Affairs

JUNE 3, 2024

Russia-linked APT28 used the HeadLace malware and credential-harvesting web pages in attacks against networks across Europe. Researchers at Insikt Group observed Russian GRU’s unit APT28 targeting networks across Europe with information-stealer Headlace and credential-harvesting web pages. The experts observed the APT deploying Headlace in three distinct phases from April to December 2023, respectively, using phishing, compromised internet services, and living off the land binaries.

Malware 141

Malware Phishing Surveillance Internet 141

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Malwarebytes

JUNE 6, 2024

Microsoft’s Recall feature has been criticized heavily by pretty much everyone since it was announced last month. Now, researchers have demonstrated the risks by creating a tool that can find, extract, and display everything Recall has stored on a device. For those unaware, Recall is a feature within what Microsoft is calling its “Copilot+ PCs,” a reference to the AI assistant and companion which the company released in late 2023.

Identity Theft 140

Identity Theft Risk Spyware Passwords 140

Bleeping Computer

JUNE 5, 2024

The FBI urges past victims of LockBit ransomware attacks to come forward after revealing that it has obtained over 7,000 LockBit decryption keys that they can use to recover encrypted data for free. [.

Ransomware 137

Ransomware Encryption 137

Tech Republic Security

JUNE 5, 2024

Are password managers safe to use? Find out if they are really secure and discover the benefits and risks of using password managers.

Password Management 175

Password Management Passwords Risk 175

WIRED Threat Level

JUNE 5, 2024

A WIRED investigation, based on more than 22 million flight coordinates, reveals the complicated truth about the first full-blown police drone program in the US—and why your city could be next.

138

138

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Penetration Testing

JUNE 2, 2024

A high-severity security flaw has been discovered in multiple models of Seiko Solutions’ SkyBridge routers, potentially leaving thousands of businesses and individuals vulnerable to cyberattacks. The vulnerability, assigned CVE-2024-32850 with a CVSS score of... The post CVE-2024-32850 (CVSS 9.8): Critical Flaw in SkyBridge Routers Exposes Thousands to Cyberattacks appeared first on Penetration Testing.

Penetration Testing 141

Penetration Testing 141

Security Boulevard

JUNE 3, 2024

Security experts have been frustrated because no one was managing the Common Vulnerabilities and Exposures security reports. Good news: The NIST has hired a company to manage the backlog. Bad news: The company has no experience with this kind of security work. The post The NIST Finally Hires a Contractor to Manage CVEs appeared first on Security Boulevard.

Software 136

Software Risk Government 136

Tech Republic Security

JUNE 3, 2024

Here are 5 reasons why you should consider using a password manager to protect your data and improve password management.

Password Management 184

Password Management Passwords 184

The Hacker News

JUNE 4, 2024

Popular video-sharing platform TikTok has acknowledged a security issue that has been exploited by threat actors to take control of high-profile accounts on the platform.

Accountability 137

Accountability Malware 137

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity