Schneier on Security

JUNE 3, 2024

A piece I coauthored with Fredrik Heiding and Arun Vishwanath in the Harvard Business Review : Summary. Gen AI tools are rapidly making these emails more advanced, harder to spot, and significantly more dangerous. Recent research showed that 60% of participants fell victim to artificial intelligence (AI)-automated phishing, which is comparable to the success rates of non-AI-phishing messages created by human experts.

Phishing 309

Phishing Artificial Intelligence Scams 309

The Last Watchdog

JUNE 5, 2024

Digital rights management ( DRM ) has come a long way since Hollywood first recognized in the 1990s that it needed to rigorously protect digital music and movies. By the mid-2000s a branch called enterprise digital rights management ( EDRM ) cropped up to similarly protect sensitive business information. Today, businesses amass vast amounts of business-critical data – at a pace that’s quickening as GenAI takes hold.

Architecture 289

Architecture Marketing Internet Internet 289

Troy Hunt

JUNE 2, 2024

What a week! It was Ticketmaster that consumed the bulk of my time this week with the media getting themselves into a bit of a frenzy over a data breach that at the time of recording, still hadn't even been confirmed. But as predicted in the video, confirmation came late on a Friday arvo and since that time we've learned a lot more about just how bad the situation is.

Data breaches 233

Data breaches Media 233

Lohrman on Security

JUNE 2, 2024

Some call it spam. Others call it marketing. Recipients want it to stop, while senders are looking to perfect their “art.” But both sides agree on one thing: Email communication is still broken in 2024.

Marketing 226

Marketing 226

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Schneier on Security

JUNE 4, 2024

Interesting story of breaking the security of the RoboForm password manager in order to recover a cryptocurrency wallet password. Grand and Bruno spent months reverse engineering the version of the RoboForm program that they thought Michael had used in 2013 and found that the pseudo-random number generator used to generate passwords in that version­and subsequent versions until 2015­did indeed have a significant flaw that made the random number generator not so random.

Password Management 305

Password Management Passwords Cryptocurrency Engineering 305

Tech Republic Security

JUNE 7, 2024

Anthropic opened a window into the ‘black box’ where ‘features’ steer a large language model’s output. OpenAI dug into the same concept two weeks later with a deep dive into sparse autoencoders.

Artificial Intelligence 186

Artificial Intelligence Big data Cybersecurity 186

Trend Micro

JUNE 5, 2024

We analyze a cryptojacking attack campaign exploiting exposed Docker remote API servers to deploy cryptocurrency miners, using Docker images from the open-source Commando project.

Cryptocurrency 144

Cryptocurrency Cyber threats Malware 144

Schneier on Security

JUNE 7, 2024

This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security. The fifty or so attendees include psychologists, economists, computer security researchers, criminologists, sociologists, political scientists, designers, lawyers, philosophers, anthropologists, geo

Cybersecurity 263

Cybersecurity 263

Tech Republic Security

JUNE 6, 2024

Both the promise and the risk of "human-level" AI has always been part of OpenAI’s makeup. What should business leaders take away from this letter?

Risk 200

Risk Artificial Intelligence Big data 200

Penetration Testing

JUNE 4, 2024

Security researcher Mykola Grymalyuk published the technical details and a proof-of-concept (PoC) exploit code for a vulnerability (CVE-2024-34331) in Parallels Desktop for Mac, a popular virtualization software. The flaw could allow attackers to escalate... The post CVE-2024-34331: Parallels Desktop Vulnerability Gives Root to Hackers, PoC Published appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing Software 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

WIRED Threat Level

JUNE 4, 2024

Windows Recall takes a screenshot every five seconds. Cybersecurity researchers say the system is simple to abuse—and one ethical hacker has already built a tool to show how easy it really is.

Data collection 145

Data collection Cybersecurity Hacking 145

Schneier on Security

JUNE 6, 2024

The US is using a World War II law that bans aircraft photography of military installations to charge someone with doing the same thing with a drone.

275

275

Tech Republic Security

JUNE 5, 2024

The observability suite is the first major overhaul for Splunk products since the Cisco acquisition. Plus, Mistral AI makes a deal with Cisco’s incubator.

Big data 171

Big data Artificial Intelligence Network Security 171

Elie

JUNE 5, 2024

This case-study explores the effectiveness of virtual reality (VR) for diversity, equity, and inclusion (DEI) training through the lens of a custom VR application developped to train Google employees.

138

138

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Bleeping Computer

JUNE 1, 2024

Kaspersky has released a new virus removal tool named KVRT for the Linux platform, allowing users to scan their systems and remove malware and other known threats for free. [.

Malware 144

Malware Software 144

Schneier on Security

JUNE 7, 2024

The US Justice Department has dismantled an enormous botnet: According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide. These devices were associated with more than 19 million unique IP addresses, including 613,841 IP addresses located in the United States.

Government 235

Government Malware Cybercrime 235

Tech Republic Security

JUNE 4, 2024

What are the top VPNs in the U.K.? Here are the best U.K. VPNs users should be looking at and the key features they should consider during VPN selection.

VPN 167

VPN 167

WIRED Threat Level

JUNE 6, 2024

A new discovery that the AI-enabled feature's historical data can be accessed even by hackers without administrator privileges only contributes to the growing sense that the feature is a “dumpster fire.

Hacking 143

Hacking 143

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Trend Micro

JUNE 4, 2024

In this blog entry, our researchers provide an analysis of TargetCompany ransomware’s Linux variant and how it targets VMware ESXi environments using new methods for payload delivery and execution.

Ransomware 141

Ransomware 141

Malwarebytes

JUNE 1, 2024

Live Nation Entertainment has confirmed what everyone has been speculating on for the last week : Ticketmaster has suffered a data breach. In a filing with the SEC , Live Nation said on May 20th it identified “unauthorized activity within a third-party cloud database environment containing Company data (primarily from its Ticketmaster L.L.C. subsidiary)” and launched an investigation.

Data breaches 142

Data breaches Passwords Phishing Password Management 142

Tech Republic Security

JUNE 6, 2024

1Password’s top-tier security and sleek user interface make it a solid password manager to try this year. Read our hands-on 1Password review to learn more.

Password Management 163

Password Management Passwords 163

WIRED Threat Level

JUNE 7, 2024

After weeks of withering criticism and exposed security flaws, Microsoft has vastly scaled back its ambitions for Recall, its AI-enabled silent recording feature, and added new privacy features.

Hacking 141

Hacking 141

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

Penetration Testing

JUNE 2, 2024

A high-severity security flaw has been discovered in multiple models of Seiko Solutions’ SkyBridge routers, potentially leaving thousands of businesses and individuals vulnerable to cyberattacks. The vulnerability, assigned CVE-2024-32850 with a CVSS score of... The post CVE-2024-32850 (CVSS 9.8): Critical Flaw in SkyBridge Routers Exposes Thousands to Cyberattacks appeared first on Penetration Testing.

Penetration Testing 139

Penetration Testing 139

Malwarebytes

JUNE 6, 2024

Microsoft’s Recall feature has been criticized heavily by pretty much everyone since it was announced last month. Now, researchers have demonstrated the risks by creating a tool that can find, extract, and display everything Recall has stored on a device. For those unaware, Recall is a feature within what Microsoft is calling its “Copilot+ PCs,” a reference to the AI assistant and companion which the company released in late 2023.

Identity Theft 139

Identity Theft Risk Spyware Passwords 139

Tech Republic Security

JUNE 5, 2024

Are password managers safe to use? Find out if they are really secure and discover the benefits and risks of using password managers.

Password Management 175

Password Management Passwords Risk 175

WIRED Threat Level

JUNE 5, 2024

A WIRED investigation, based on more than 22 million flight coordinates, reveals the complicated truth about the first full-blown police drone program in the US—and why your city could be next.

142

142

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

JUNE 5, 2024

The FBI urges past victims of LockBit ransomware attacks to come forward after revealing that it has obtained over 7,000 LockBit decryption keys that they can use to recover encrypted data for free. [.

Ransomware 137

Ransomware Encryption 137

Security Boulevard

JUNE 3, 2024

Security experts have been frustrated because no one was managing the Common Vulnerabilities and Exposures security reports. Good news: The NIST has hired a company to manage the backlog. Bad news: The company has no experience with this kind of security work. The post The NIST Finally Hires a Contractor to Manage CVEs appeared first on Security Boulevard.

Software 135

Software Risk Government 135

Tech Republic Security

JUNE 3, 2024

Here are 5 reasons why you should consider using a password manager to protect your data and improve password management.

Password Management 179

Password Management Passwords 179

The Hacker News

JUNE 4, 2024

Popular video-sharing platform TikTok has acknowledged a security issue that has been exploited by threat actors to take control of high-profile accounts on the platform.

Accountability 135

Accountability Malware 135

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity