Sat.Aug 12, 2023 - Fri.Aug 18, 2023

article thumbnail

Have You Factored Cybersecurity Infrastructure into Your Global Growth?

GlobalSign

As companies extend their operations globally, they must prioritise cybersecurity measures to support sustainable long-term growth. Read more.

article thumbnail

Black Hat insights: Generative AI begins seeping into the security platforms that will carry us forward

The Last Watchdog

LAS VEGAS – Just when we appeared to be on the verge of materially shrinking the attack surface, along comes an unpredictable, potentially explosive wild card: generative AI. Related: Can ‘CNAPP’ do it all? Unsurprisingly, generative AI was in the spotlight at Black Hat USA 2023 , which returned to its full pre-Covid grandeur here last week.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Zoom Can Spy on Your Calls and Use the Conversation to Train AI, But Says That It Won’t

Schneier on Security

This is why we need regulation: Zoom updated its Terms of Service in March, spelling out that the company reserves the right to train AI on user data with no mention of a way to opt out. On Monday, the company said in a blog post that there’s no need to worry about that. Zoom execs swear the company won’t actually train its AI on your video calls without permission, even though the Terms of Service still say it can.

article thumbnail

All New Have I Been Pwned Domain Search APIs and Splunk Integration

Troy Hunt

I've been teaching my 13-year old son Ari how to code since I first got him started on Scratch many years ago, and gradually progressed through to the current day where he's getting into Python in Visual Studio Code. As I was writing the new domain search API for Have I Been Pwned (HIBP) over the course of this year, I was trying to explain to him how powerful APIs are: Think of HIBP as one website that does pretty much one thing; you load it in your browser and search through data bre

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams.

Phishing 200
article thumbnail

GUEST ESSAY: A call to decentralize social identities — to curtail social media privacy abuses

The Last Watchdog

Social media giants have long held too much power over our digital identities. Related: Google, Facebook promote third-party snooping Today, no one is immune to these giants’ vicious cycle of collecting personal data, selling it to advertisers, and manipulating users with data metrics. By making people feel like mere products- this exploitative digital environment further encourages a bubble of distrust amongst social media users.

Media 188

More Trending

article thumbnail

How to Retrieve and Generate Google 2FA Backup Codes

Tech Republic Security

Learn how to retrieve and generate Google 2FA backup codes with this easy-to-follow, step-by-step tutorial.

Backups 180
article thumbnail

Diligere, Equity-Invest Are New Firms of U.K. Con Man

Krebs on Security

John Clifton Davies , a convicted fraudster estimated to have bilked dozens of technology startups out of more than $30 million through phony investment schemes, has a brand new pair of scam companies that are busy dashing startup dreams: A fake investment firm called Equity-Invest[.]ch , and Diligere[.]co.uk , a scam due diligence company that Equity-Invest insists all investment partners use.

Scams 171
article thumbnail

Highlights from the 16th Annual MS-ISAC Meeting

Lohrman on Security

The 2023 MS-ISAC and EI-ISAC meeting just wrapped up in Salt Lake City. Here’s a roundup of what happened and what’s next.

146
146
article thumbnail

China Hacked Japan’s Military Networks

Schneier on Security

The NSA discovered the intrusion in 2020—we don’t know how—and alerted the Japanese. The Washington Post has the story : The hackers had deep, persistent access and appeared to be after anything they could get their hands on—plans, capabilities, assessments of military shortcomings, according to three former senior U.S. officials, who were among a dozen current and former U.S. and Japanese officials interviewed, who spoke on the condition of anonymity because of the matte

Hacking 225
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

7 Ways to Access Safe Mode in Windows 10 (2023 Update)

Tech Republic Security

Learn seven different ways to boot a Windows 10 PC in Safe Mode to help troubleshoot issues using this comprehensive guide.

Software 157
article thumbnail

Who Else Wants to Enjoy a Cybersecurity Conference?

Jane Frankland

Every now and again I’m asked about conferences and whether they’re worth attending. My answer is always, yes so long as you plan carefully. Over the years I’ve attended hundreds of cybersecurity conferences all over the world, and participated as an attendee, speaker, chair, and advisor. All these roles have enabled me to gain an understanding of conferences through different lenses.

article thumbnail

New BlackCat Ransomware Variant Adopts Advanced Impacket and RemCom Tools

The Hacker News

Microsoft on Thursday disclosed that it found a new version of the BlackCat ransomware (aka ALPHV and Noberus) that embeds tools like Impacket and RemCom to facilitate lateral movement and remote code execution.

article thumbnail

Bots Are Better than Humans at Solving CAPTCHAs

Schneier on Security

Interesting research: “ An Empirical Study & Evaluation of Modern CAPTCHAs “: Abstract: For nearly two decades, CAPTCHAS have been widely used as a means of protection against bots. Throughout the years, as their use grew, techniques to defeat or bypass CAPTCHAS have continued to improve. Meanwhile, CAPTCHAS have also evolved in terms of sophistication and diversity, becoming increasingly difficult to solve for both bots (machines) and humans.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

DEF CON Generative AI Hacking Challenge Explored Cutting Edge of Security Vulnerabilities

Tech Republic Security

Data from the human vs. machine challenge could provide a framework for government and enterprise policies around generative AI.

Hacking 147
article thumbnail

WinRAR flaw lets hackers run programs when you open RAR archives

Bleeping Computer

A high-severity vulnerability has been fixed in WinRAR, the popular file archiver utility for Windows used by millions, that can execute commands on a computer simply by opening an archive. [.

article thumbnail

Thousands of Android Malware Apps Using Stealthy APK Compression to Evade Detection

The Hacker News

Threat actors are using Android Package (APK) files with unknown or unsupported compression methods to elude malware analysis. That's according to findings from Zimperium, which found 3,300 artifacts leveraging such compression algorithms in the wild. 71 of the identified samples can be loaded on the operating system without any problems.

Malware 98
article thumbnail

Detecting “Violations of Social Norms” in Text with AI

Schneier on Security

Researchers are trying to use AI to detect “social norms violations.” Feels a little sketchy right now, but this is the sort of thing that AIs will get better at. (Like all of these systems, anything but a very low false positive rate makes the detection useless in practice.) News article.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Massive EvilProxy Phishing Attack Campaign Bypasses 2FA, Targets Top-Level Executives

Tech Republic Security

This attack sent approximately 120,000 phishing emails to organizations worldwide with the goal to steal Microsoft 365 credentials.

Phishing 147
article thumbnail

WinRAR flaw enables remote code execution of arbitrary code

Security Affairs

A flaw impacting the file archiver utility for Windows WinRAR can allow the execution of commands on a computer by opening an archive. WinRAR is a popular file compression and archival utility for Windows operating systems. The utility is affected by a now-fixed high-severity vulnerability, tracked as CVE-2023-40477 (CVSS score 7.8), that can allow remote execution of arbitrary code on a computer by opening a crafted RAR archive.

Hacking 98
article thumbnail

Hotmail email delivery fails after Microsoft misconfigures DNS

Bleeping Computer

Hotmail users worldwide have problems sending emails, with messages flagged as spam or not delivered after Microsoft misconfigured the domain's DNS SPF record. [.

DNS 98
article thumbnail

Behind the Curtain of Open-Source Intelligence (OSINT)

Digital Shadows

Cyber-actors hide using "clean" resources. ReliaQuest shows tracking IoCs & detection helps security pros counteract disguised attacks. Enhancing OSINT is key.

98
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

At Black Hat, Splunk, AWS, IBM Security and Others Launch Open Source Cybersecurity Framework

Tech Republic Security

With security schema, Splunk and collaborators aim to transform alert telemetry from cacophony to chorus with one taxonomy across vendors and tools.

article thumbnail

#OpFukushima: Anonymous group protests against the plan to dump Fukushima RADIOACTIVE wastewater into Pacific

Security Affairs

#OpFukushima: The famous collective Anonymous has launched cyberattacks against Japan nuclear websites over Fukushima water plan. The hacker collective Anonymous has launched cyberattacks against nuclear power-linked groups in Japan as part of an operation called #OpFukushima. The campaign was launched to protest against the Government’s plan to release the treated radioactive water from the Fukushima nuclear plant into the sea.

article thumbnail

Attackers demand ransoms for stolen LinkedIn accounts

Malwarebytes

An ongoing campaign targeting LinkedIn accounts has led to victims losing control of their accounts, or being locked out following repeated login attempts. Whether the attackers are using brute force methods or credential stuffing isn't known, but because some victims are being being locked out following a great number of failed attempts, you might suspect brute force methods.

article thumbnail

The Vulnerability of Zero Trust: Lessons from the Storm 0558 Hack

The Hacker News

While IT security managers in companies and public administrations rely on the concept of Zero Trust, APTS (Advanced Persistent Threats) are putting its practical effectiveness to the test. Analysts, on the other hand, understand that Zero Trust can only be achieved with comprehensive insight into one's own network.

Hacking 98
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

31% of Organizations Using Generative AI Ask It To Write Code

Tech Republic Security

Code development, content creation and analytics are the top generative AI use cases. However, many enterprise users don't trust gen AI to be private.

article thumbnail

Massive phishing campaign targets users of the Zimbra Collaboration email server

Security Affairs

A massive social engineering campaign is targeting users of the Zimbra Collaboration email server to steal their login credentials. ESET researchers uncovered a mass-spreading phishing campaign targeting users of the Zimbra Collaboration email server since April 2023. Zimbra Collaboration is an open-core collaborative software platform. The campaign is still ongoing and is targeting a wide range of small and medium businesses and governmental entities.

article thumbnail

Patch now! Citrix Sharefile joins the list of actively exploited file sharing software

Malwarebytes

The Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability to its catalog of know exploited vulnerabilities , based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by September 6, 2023 to protect their networks against this active threat.

article thumbnail

NoFilter Attack: Sneaky Privilege Escalation Method Bypasses Windows Security

The Hacker News

A previously undetected attack method called NoFilter has been found to abuse the Windows Filtering Platform (WFP) to achieve privilege escalation in the Windows operating system.

98
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!