Sat.Jun 08, 2024 - Fri.Jun 14, 2024

article thumbnail

LLMs Acting Deceptively

Schneier on Security

New research: “ Deception abilities emerged in large language models “: Abstract: Large language models (LLMs) are currently at the forefront of intertwining AI systems with human communication and everyday life. Thus, aligning them with human values is of great importance. However, given the steady increase in reasoning abilities, future LLMs are under suspicion of becoming able to deceive human operators and utilizing this ability to bypass monitoring efforts.

article thumbnail

RSAC Fireside Chat: Jscrambler levels-up JavaScript security, slows GenAI-fueled privacy loss

The Last Watchdog

Could we be on the verge of Privacy Destruction 2.0, thanks to GenAI? Related: Next-level browser security That’s a question that spilled out of a thought-provoking conversation I had with Pedro Fortuna , co-founder and CTO of Jscrambler , at RSAC 2024. Jscrambler provides granular visibility and monitoring of JavaScript coding thus enabling companies to set and enforce security rules and privacy policies.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Patch Tuesday, June 2024 “Recall” Edition

Krebs on Security

Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows users. The software giant also responded to a torrent of negative feedback on a new feature of Redmond’s flagship operating system that constantly takes screenshots of whatever users are doing on their computers, saying the feature would no longer be enabled by default.

Internet 238
article thumbnail

The Evolving Cyber Landscape: Insights from 2024 Reports

Lohrman on Security

Over the past month, the Verizon Data Breach Investigation Report and the Watchguard Technologies Internet Security Report were released. Here are some highlights.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Exploiting Mistyped URLs

Schneier on Security

Interesting research: “ Hyperlink Hijacking: Exploiting Erroneous URL Links to Phantom Domains “: Abstract: Web users often follow hyperlinks hastily, expecting them to be correctly programmed. However, it is possible those links contain typos or other mistakes. By discovering active but erroneous hyperlinks, a malicious actor can spoof a website or service, impersonating the expected content and phishing private information.

Phishing 281
article thumbnail

Downtime Costs World’s Largest Companies $400 Billion a Year, According to Splunk Report

Tech Republic Security

Direct revenue loss is the biggest drain from downtime, but other hidden costs include diminished shareholder value, stagnant productivity and reputational damage.

More Trending

article thumbnail

Malicious VSCode extensions with millions of installs discovered

Bleeping Computer

A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs. [.

144
144
article thumbnail

AI and the Indian Election

Schneier on Security

As India concluded the world’s largest election on June 5, 2024, with over 640 million votes counted, observers could assess how the various parties and factions used artificial intelligence technologies—and what lessons that holds for the rest of the world. The campaigns made extensive use of AI, including deepfake impersonations of candidates, celebrities and dead politicians.

article thumbnail

Crowdstrike vs Trellix (2024): What Are The Main Differences?

Tech Republic Security

Endpoint detection and response software protects against a variety of threats and attacks. Learn about two of the most popular EDR options, CrowdStrike and Trellix, and how to protect your network.

Software 150
article thumbnail

Multiple Critical Vulnerabilities Discovered in Netgear WNR614 Router, No Patch Available

Penetration Testing

Redfox Security has uncovered a series of critical vulnerabilities in the popular Netgear WNR614 N300 router, exposing users to significant security risks. The vulnerabilities, ranging from authentication bypass to password policy circumvention and insecure... The post Multiple Critical Vulnerabilities Discovered in Netgear WNR614 Router, No Patch Available appeared first on Cybersecurity News.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Malicious VSCode extensions with millions of installs discovered

Bleeping Computer

A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs. [.

143
143
article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m appearing on a panel on Society and Democracy at ACM Collective Intelligence in Boston, Massachusetts. The conference runs from June 26 through 29, 2024, and my panel is at 9:00 AM on Friday, June 28. I’m speaking on “Reimagining Democracy in the Age of AI” at the Bozeman Library in Bozeman, Montana, USA, July 18, 2024.

258
258
article thumbnail

Mandiant Report: Snowflake Users Targeted for Data Theft and Extortion

Tech Republic Security

A threat actor exploited the Snowflake platform to target organizations for data theft and extortion using compromised credentials. Learn how to protect your business from this threat.

Big data 148
article thumbnail

Chinese Threats Aim for Government Sector 

Security Boulevard

The rise in U.S.-politics-themed scams indicates that adversarial nation states understand the significance of election years. The post Chinese Threats Aim for Government Sector appeared first on Security Boulevard.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Chinese hackers breached 20,000 FortiGate systems worldwide

Bleeping Computer

The Dutch Military Intelligence and Security Service (MIVD) warned today that the impact of a Chinese cyber-espionage campaign unveiled earlier this year is "much larger than previously known." [.

141
141
article thumbnail

Demo of AES GCM Misuse Problems

Schneier on Security

This is really neat demo of the security problems arising from reusing nonces with a symmetric cipher in GCM mode.

article thumbnail

UK Trails Behind Europe in Technical Skills Proficiency, Coursera Report Finds

Tech Republic Security

The U.K. is the 25th most technically proficient country in Europe, with Switzerland, Germany and the Netherlands taking the top three places.

article thumbnail

Noodle RAT: Reviewing the New Backdoor Used by Chinese-Speaking Groups

Trend Micro

This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Tile/Life360 Breach: ‘Millions’ of Users’ Data at Risk

Security Boulevard

Location tracking service leaks PII, because—incompetence? Seems almost TOO easy. The post Tile/Life360 Breach: ‘Millions’ of Users’ Data at Risk appeared first on Security Boulevard.

Risk 134
article thumbnail

New York Times source code stolen using exposed GitHub token

Bleeping Computer

Internal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company's GitHub repositories in January 2024, The Times confirmed to BleepingComputer. [.

135
135
article thumbnail

Apple iOS 18 Cheat Sheet: Release Date, RCS Integration and More

Tech Republic Security

Find out about Apple’s iOS 18 release date, key features including RCS integration and more, as well as how registered developers can install the beta.

article thumbnail

New PHP Vulnerability Exposes Windows Servers to Remote Code Execution

The Hacker News

Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances. The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP installed on the Windows operating system.

137
137
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Just Published: PCI DSS v4.0.1

PCI perspectives

To address stakeholder feedback and questions received since PCI DSS v4.0 was published in March 2022, the PCI Security Standards Council (PCI SSC) has published a limited revision to the standard, PCI DSS v4.0.1. It includes corrections to formatting and typographical errors and clarifies the focus and intent of some of the requirements and guidance.

133
133
article thumbnail

Will AI Take Over Cybersecurity Jobs?

Security Boulevard

The post Will AI Take Over Cybersecurity Jobs? appeared first on AI Enabled Security Automation. The post Will AI Take Over Cybersecurity Jobs? appeared first on Security Boulevard.

article thumbnail

6 Best VPNs for Australia in 2024

Tech Republic Security

What's the best VPN to use in Australia? Discover the pricing, features, pros and cons of our recommended VPNs for Australia.

VPN 155
article thumbnail

PHP addressed critical RCE flaw potentially impacting millions of servers

Security Affairs

A new PHP for Windows remote code execution (RCE) flaw affects version 5.x and earlier versions, potentially impacting millions of servers worldwide. Researchers at cybersecurity firm DEVCORE discovered a critical remote code execution (RCE) vulnerability , tracked as CVE-2024-4577, in the PHP programming language. An unauthenticated attacker can exploit the flaw to take full control of affected servers.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Update now! Google Pixel vulnerability is under active exploitation

Malwarebytes

Google has notified Pixel users about an actively exploited vulnerability in their phones’ firmware. Firmware is the code or program which is embedded into hardware devices. Simply put, it is the software layer between the hardware and the applications on the device. About the vulnerability, Google said there are indications it may be: “under limited, targeted exploitation.

Firmware 133
article thumbnail

A Deep Dive Into the Economics and Tactics of Modern Ransomware Threat Actors

Security Boulevard

The MGM Resorts breach is just one example demonstrating the crippling financial, legal and operational consequences of ransomware incidents. The post A Deep Dive Into the Economics and Tactics of Modern Ransomware Threat Actors appeared first on Security Boulevard.

article thumbnail

5 Tips for Making the Most Out of Your Next Business Trip

Tech Republic Security

From saving on flights and hotels to protecting your data when working online, these tips could save you money in the long run.

VPN 151
article thumbnail

Multiple flaws in Fortinet FortiOS fixed

Security Affairs

Fortinet released security updates to address multiple vulnerabilities in FortiOS, including a high-severity code execution security issue. Fortinet addressed multiple vulnerabilities in FortiOS and other products, including some code execution flaws. The company states that multiple stack-based buffer overflow vulnerabilities in the command line interpreter of FortiOS [CWE-121], collectively tracked as CVE-2024-23110 (CVSS score of 7.4), can be exploited by an authenticated attacker to achieve

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.