Lohrman on Security
SEPTEMBER 17, 2023
Tech leaders gathered in Washington, D.C., this past week for public and private meetings with Congress on the future of AI in the U.S. What happened, and what’s next?
Schneier on Security
SEPTEMBER 20, 2023
In April, Cybersecurity Ventures reported on extreme cybersecurity job shortage: Global cybersecurity job vacancies grew by 350 percent, from one million openings in 2013 to 3.5 million in 2021, according to Cybersecurity Ventures. The number of unfilled jobs leveled off in 2022, and remains at 3.5 million in 2023, with more than 750,000 of those positions in the U.S.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
SEPTEMBER 22, 2023
The password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by their latest security improvements. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass.
Troy Hunt
SEPTEMBER 17, 2023
It's another week of travels, this time from our "second home", Oslo. That's off the back of 4 days in the Netherlands and starting tomorrow, another 4 in Prague. But today, the 17th of September, is extra special 😊 1 year today ❤️ pic.twitter.com/vsRChdDshn — Troy Hunt (@troyhunt) September 17, 2023 We'll be going out and celebrating accordingly as soon as I get this post published so I'll be brief: enjoy this week's video!
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Anton on Security
SEPTEMBER 21, 2023
This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. This post is our second installment in the “Threats into Detections — The DNA of Detection Engineering” series, where we explore the challenges of detection engineering in more detail — and where threat intelligence plays (and where some hope appears … but you need to wait for Part 3 for this!
Schneier on Security
SEPTEMBER 18, 2023
Remember last November, when hackers broke into the network for LastPass—a password database—and stole password vaults with both encrypted and plaintext data for over 25 million users? Well, they’re now using that data break into crypto wallets and drain them: $35 million and counting, all going into a single wallet. That’s a really profitable hack.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Tech Republic Security
SEPTEMBER 18, 2023
The Microsoft leak, which stemmed from AI researchers sharing open-source training data on GitHub, has been mitigated.
The Last Watchdog
SEPTEMBER 21, 2023
Ransomware is a significant threat to businesses worldwide. There are many gangs that work together to orchestrate increasingly damaging attacks. However, some of these groups follow codes of conduct that prevent them from purposefully targeting hospitals. Related: How Putin has weaponized ransomware In mid-March 2020, representatives from the cybersecurity website BleepingComputer contacted numerous ransomware gangs to ask if they’d continue targeting hospitals during the unprecedented COVID-19
Schneier on Security
SEPTEMBER 19, 2023
There are no reliable ways to distinguish text written by a human from text written by an large language model. OpenAI writes : Do AI detectors work? In short, no. While some (including OpenAI) have released tools that purport to detect AI-generated content, none of these have proven to reliably distinguish between AI-generated and human-generated content.
The Hacker News
SEPTEMBER 19, 2023
Microsoft on Monday said it took steps to correct a glaring security gaffe that led to the exposure of 38 terabytes of private data. The leak was discovered on the company's AI GitHub repository and is said to have been inadvertently made public when publishing a bucket of open-source training data, Wiz said.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Tech Republic Security
SEPTEMBER 21, 2023
Australian retailers are rolling out mass surveillance solutions to combat shoplifting, but a poor regulatory environment could mean high risks associated with data security and privacy.
The Last Watchdog
SEPTEMBER 20, 2023
Creating ever smarter security software to defend embattled company networks pretty much sums up the cybersecurity industry. Related: The security role of semiconductors Cutting against the grain, Flexxon , a Singapore-based supplier of NAND memory drives and storage devices, arrived at Black Hat USA 2023 calling for a distinctive hardware approach to repelling cyber attacks.
Schneier on Security
SEPTEMBER 21, 2023
Jake Appelbaum’s PhD thesis contains several new revelations from the classified NSA documents provided to journalists by Edward Snowden. Nothing major, but a few more tidbits. Kind of amazing that that all happened ten years ago. At this point, those documents are more historical than anything else. And it’s unclear who has those archives anymore.
The Hacker News
SEPTEMBER 21, 2023
Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Tech Republic Security
SEPTEMBER 22, 2023
On Thursday Cisco agreed to buy Splunk in a $28 billion deal intended to address AI-enabled security and observability issues.
Bleeping Computer
SEPTEMBER 21, 2023
Apple released emergency security updates to patch three new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 16 zero-days patched this year. [.
We Live Security
SEPTEMBER 22, 2023
ESET researchers have discovered Deadglyph, a sophisticated backdoor used by the infamous Stealth Falcon group for espionage in the Middle East
The Hacker News
SEPTEMBER 22, 2023
The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Tech Republic Security
SEPTEMBER 20, 2023
At CrowdStrike Fal.Con 2023, CrowdStrike announced a new Falcon Raptor release with generative-AI capabilities and the acquisition of Bionic.
Security Affairs
SEPTEMBER 21, 2023
Apple released emergency security updates to address three new actively exploited zero-day vulnerabilities. Apple released emergency security updates to address three new zero-day vulnerabilities (CVE-2023-41993, CVE-2023-41991, CVE-2023-41992) that have been exploited in attacks in the wild. The three flaws were discovered by Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group.
Trend Micro
SEPTEMBER 19, 2023
Crafted packets from cellular devices such as mobile phones can exploit faulty state machines in the 5G core to attack cellular infrastructure. Smart devices that critical industries such as defense, utilities, and the medical sectors use for their daily operations depend on the speed, efficiency, and productivity brought by 5G. This entry describes CVE-2021-45462 as a potential use case to deploy a denial-of-service (DoS) attack to private 5G networks.
The Hacker News
SEPTEMBER 20, 2023
Encrypted messaging app Signal has announced an update to the Signal Protocol to add support for quantum resistance by upgrading the Extended Triple Diffie-Hellman (X3DH) specification to Post-Quantum Extended Diffie-Hellman (PQXDH).
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
SEPTEMBER 18, 2023
Businesses should plan for the development of AI regulation in the US, but knowing what it will look like is still a challenge.
Security Affairs
SEPTEMBER 20, 2023
Researchers discovered multiple vulnerabilities in the Nagios XI network and IT infrastructure monitoring and management solution. Researchers discovered four vulnerabilities (CVE-2023-40931, CVE-2023-40932, CVE-2023-40933, CVE-2023-40934) in the Nagios XI network and IT infrastructure monitoring solution that could lead to information disclosure and privilege escalation.
Malwarebytes
SEPTEMBER 17, 2023
The recent attack on MGM Resorts generated lots of speculation with regard to what the cause was. Some folks claimed the culprit was ransomware. Well, confirmation is now forthcoming as an affiliate of the BlackCat/ALPHV ransomware group is said to be the one responsible for the attack and subsequent outage. The statement is quite long, takes a few digs at MGM Resorts, and seeks to correct what the group feels to be inaccurate statements made by security vendors and others with regard to the att
The Hacker News
SEPTEMBER 20, 2023
A malicious actor released a fake proof-of-concept (PoC) exploit for a recently disclosed WinRAR vulnerability on GitHub with an aim to infect users who downloaded the code with Venom RAT malware.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Tech Republic Security
SEPTEMBER 18, 2023
The agency’s roadmap outlines a plan for prioritizing where open source software makes infrastructure potentially vulnerable.
Security Affairs
SEPTEMBER 18, 2023
The head of Germany’s foreign intelligence service warns of state-sponsored attacks aimed at liquefied natural gas (LNG) terminals in the country. Bruno Kahl, the President of the Bundesnachrichtendienst intelligence service since 2016, warned of state-sponsored attacks aimed at liquefied natural gas (LNG) terminals in the country. After the Russian invasion of Ukraine, the German government has chartered three new LNG terminals to reach independence from on gas pipelined from Moscow.
Trend Micro
SEPTEMBER 17, 2023
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior and SOCKS implementation.
The Hacker News
SEPTEMBER 16, 2023
The Irish Data Protection Commission (DPC) slapped TikTok with a €345 million (about $368 million) fine for violating the European Union's General Data Protection Regulation (GDPR) in relation to its handling of children's data.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
258 
Let's personalize your content