Sat.Jun 01, 2024 - Fri.Jun 07, 2024

article thumbnail

Breaking a Password Manager

Schneier on Security

Interesting story of breaking the security of the RoboForm password manager in order to recover a cryptocurrency wallet password. Grand and Bruno spent months reverse engineering the version of the RoboForm program that they thought Michael had used in 2013 and found that the pseudo-random number generator used to generate passwords in that version­and subsequent versions until 2015­did indeed have a significant flaw that made the random number generator not so random.

article thumbnail

RSAC Fireside Chat: Seclore advances ‘EDRM’ by aligning granular controls onto sensitive data

The Last Watchdog

Digital rights management ( DRM ) has come a long way since Hollywood first recognized in the 1990s that it needed to rigorously protect digital music and movies. By the mid-2000s a branch called enterprise digital rights management ( EDRM ) cropped up to similarly protect sensitive business information. Today, businesses amass vast amounts of business-critical data – at a pace that’s quickening as GenAI takes hold.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Weekly Update 402

Troy Hunt

What a week! It was Ticketmaster that consumed the bulk of my time this week with the media getting themselves into a bit of a frenzy over a data breach that at the time of recording, still hadn't even been confirmed. But as predicted in the video, confirmation came late on a Friday arvo and since that time we've learned a lot more about just how bad the situation is.

article thumbnail

Navigating Email: From Spam Wars to Trusted Relationships

Lohrman on Security

Some call it spam. Others call it marketing. Recipients want it to stop, while senders are looking to perfect their “art.” But both sides agree on one thing: Email communication is still broken in 2024.

Marketing 237
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

AI Will Increase the Quantity—and Quality—of Phishing Scams

Schneier on Security

A piece I coauthored with Fredrik Heiding and Arun Vishwanath in the Harvard Business Review : Summary. Gen AI tools are rapidly making these emails more advanced, harder to spot, and significantly more dangerous. Recent research showed that 60% of participants fell victim to artificial intelligence (AI)-automated phishing, which is comparable to the success rates of non-AI-phishing messages created by human experts.

Phishing 321
article thumbnail

Some Generative AI Company Employees Pen Letter Wanting ‘Right to Warn’ About Risks

Tech Republic Security

Both the promise and the risk of "human-level" AI has always been part of OpenAI’s makeup. What should business leaders take away from this letter?

Risk 202

More Trending

article thumbnail

My thoughts and experiences at Infosec EU 2024

Javvad Malik

Another year another Infosec EU. So, how did it go down? I must admit, I grumble whenever I have to attend an event at the soulless warehouse that is ExCel, located in what can only be described as the appendix of London. However, it is a nice ride on the motorbike to get there, and parking is free (for motorbikes, not cars, but other bikers don’t like it if you park too close ).

InfoSec 162
article thumbnail

Seeing Like a Data Structure

Schneier on Security

Technology was once simply a tool—and a small one at that—used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We don’t live in that world anymore. Not only has technology become entangled with the structure of society, but we also can no longer see the world around us without it.

article thumbnail

5 Reasons Why You Should Use a Password Manager

Tech Republic Security

Here are 5 reasons why you should consider using a password manager to protect your data and improve password management.

article thumbnail

RSAC Fireside Chat: Bedrock Security introduces advanced approach to “commoditize” data discovery

The Last Watchdog

Business data today gets scattered far and wide across distributed infrastructure. Just knowing where to look – or even how to look – much less enforcing security policies, has become next to impossible for many organizations. At RSAC 2024 , I visited with Pranava Adduri , co-founder and CEO of Bedrock Security which has just rolled out its AI Reasoning (AIR) Engine to help solve this problem in a bold new way.

Big data 162
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Microsoft Will Switch Off Recall by Default After Security Backlash

WIRED Threat Level

After weeks of withering criticism and exposed security flaws, Microsoft has vastly scaled back its ambitions for Recall, its AI-enabled silent recording feature, and added new privacy features.

Hacking 145
article thumbnail

Espionage with a Drone

Schneier on Security

The US is using a World War II law that bans aircraft photography of military installations to charge someone with doing the same thing with a drone.

294
294
article thumbnail

OpenAI, Anthropic Research Reveals More About How LLMs Affect Security and Bias

Tech Republic Security

Anthropic opened a window into the ‘black box’ where ‘features’ steer a large language model’s output. OpenAI dug into the same concept two weeks later with a deep dive into sparse autoencoders.

article thumbnail

RSAC Fireside Chat: NightVision shines a light on software vulnerabilities, speeds up remediation

The Last Watchdog

When Log4J came to light in 2021, Kinnaird McQuade , then a security engineer at Square , drew the assignment of testing endpoints at some 5,000 users of the popular mobile payments service. Related: The big lesson from Log4J “It took us eight hours to run the scan and I was sweating it because these were all small family businesses that depended on Square, and if any of them got popped, it would be real people that were affected,” McQuade told me.

Software 147
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

This Hacker Tool Extracts All the Data Collected by Windows’ New Recall AI

WIRED Threat Level

Windows Recall takes a screenshot every five seconds. Cybersecurity researchers say the system is simple to abuse—and one ethical hacker has already built a tool to show how easy it really is.

article thumbnail

Security and Human Behavior (SHB) 2024

Schneier on Security

This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security. The fifty or so attendees include psychologists, economists, computer security researchers, criminologists, sociologists, political scientists, designers, lawyers, philosophers, anthropologists, geo

article thumbnail

Are Password Managers Safe to Use? (Benefits, Risks & Best Practices)

Tech Republic Security

Are password managers safe to use? Find out if they are really secure and discover the benefits and risks of using password managers.

article thumbnail

CVE-2024-34331: Parallels Desktop Vulnerability Gives Root to Hackers, PoC Published

Penetration Testing

Security researcher Mykola Grymalyuk published the technical details and a proof-of-concept (PoC) exploit code for a vulnerability (CVE-2024-34331) in Parallels Desktop for Mac, a popular virtualization software. The flaw could allow attackers to escalate... The post CVE-2024-34331: Parallels Desktop Vulnerability Gives Root to Hackers, PoC Published appeared first on Penetration Testing.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Experts found information of European politicians on the dark web

Security Affairs

Personal information of hundreds of British and EU politicians is available on dark web marketplaces. According to research conducted by Proton and Constella Intelligence, the email addresses and other sensitive information of 918 British MPs, European Parliament members, and French deputies and senators are available in the dark web marketplaces. 40% of 2,280 official government email addresses from the British, European, and French Parliaments were exposed, including passwords, birth dates, an

Passwords 145
article thumbnail

The Justice Department Took Down the 911 S5 Botnet

Schneier on Security

The US Justice Department has dismantled an enormous botnet: According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide. These devices were associated with more than 19 million unique IP addresses, including 613,841 IP addresses located in the United States.

article thumbnail

Cisco Live 2024: New Unified Observability Experience Packages Cisco & Splunk Insight Tools

Tech Republic Security

The observability suite is the first major overhaul for Splunk products since the Cisco acquisition. Plus, Mistral AI makes a deal with Cisco’s incubator.

Big data 182
article thumbnail

Microsoft's Recall Feature Is Even More Hackable Than You Thought

WIRED Threat Level

A new discovery that the AI-enabled feature's historical data can be accessed even by hackers without administrator privileges only contributes to the growing sense that the feature is a “dumpster fire.

Hacking 143
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Cisco addressed Webex flaws used to compromise German government meetings

Security Affairs

Cisco addressed vulnerabilities that were exploited to compromise the Webex meetings of the German government. In early May, German media outlet Zeit Online revealed that threat actors exploited vulnerabilities in the German government’s implementation of the Cisco Webex software to access internal meetings. In March, the German authorities admitted the hack by Russia-linked actors of a military meeting where participants discussed giving military support to Ukraine. “In early May 2024, Ci

article thumbnail

Kaspersky releases free tool that scans Linux for known threats

Bleeping Computer

Kaspersky has released a new virus removal tool named KVRT for the Linux platform, allowing users to scan their systems and remove malware and other known threats for free. [.

Malware 144
article thumbnail

6 Best VPNs for the UK in 2024

Tech Republic Security

What are the top VPNs in the U.K.? Here are the best U.K. VPNs users should be looking at and the key features they should consider during VPN selection.

VPN 179
article thumbnail

Ticketmaster confirms customer data breach

Malwarebytes

Live Nation Entertainment has confirmed what everyone has been speculating on for the last week : Ticketmaster has suffered a data breach. In a filing with the SEC , Live Nation said on May 20th it identified “unauthorized activity within a third-party cloud database environment containing Company data (primarily from its Ticketmaster L.L.C. subsidiary)” and launched an investigation.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

The Snowflake Attack May Be Turning Into One of the Largest Data Breaches Ever

WIRED Threat Level

The number of alleged hacks targeting the customers of cloud storage firm Snowflake appears to be snowballing into one of the biggest data breaches of all time.

article thumbnail

APT28 targets key networks in Europe with HeadLace malware

Security Affairs

Russia-linked APT28 used the HeadLace malware and credential-harvesting web pages in attacks against networks across Europe. Researchers at Insikt Group observed Russian GRU’s unit APT28 targeting networks across Europe with information-stealer Headlace and credential-harvesting web pages. The experts observed the APT deploying Headlace in three distinct phases from April to December 2023, respectively, using phishing, compromised internet services, and living off the land binaries.

Malware 141
article thumbnail

1Password Review: Features, Pricing & Security

Tech Republic Security

1Password’s top-tier security and sleek user interface make it a solid password manager to try this year. Read our hands-on 1Password review to learn more.

article thumbnail

CVE-2024-32850 (CVSS 9.8): Critical Flaw in SkyBridge Routers Exposes Thousands to Cyberattacks

Penetration Testing

A high-severity security flaw has been discovered in multiple models of Seiko Solutions’ SkyBridge routers, potentially leaving thousands of businesses and individuals vulnerable to cyberattacks. The vulnerability, assigned CVE-2024-32850 with a CVSS score of... The post CVE-2024-32850 (CVSS 9.8): Critical Flaw in SkyBridge Routers Exposes Thousands to Cyberattacks appeared first on Penetration Testing.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!