Lohrman on Security
SEPTEMBER 17, 2023
Tech leaders gathered in Washington, D.C., this past week for public and private meetings with Congress on the future of AI in the U.S. What happened, and what’s next?
Schneier on Security
SEPTEMBER 20, 2023
In April, Cybersecurity Ventures reported on extreme cybersecurity job shortage: Global cybersecurity job vacancies grew by 350 percent, from one million openings in 2013 to 3.5 million in 2021, according to Cybersecurity Ventures. The number of unfilled jobs leveled off in 2022, and remains at 3.5 million in 2023, with more than 750,000 of those positions in the U.S.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
SEPTEMBER 22, 2023
The password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by their latest security improvements. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass.
Troy Hunt
SEPTEMBER 22, 2023
Well that's it, Europe is done! I've spent the week in Prague with highlights including catching up with Josef Prusa, keynoting at Experts Live EU and taking a "beer spa" complete with our own endless supply of tap beer. Life is good 🍻 That’s it - we’ve peaked - life is all downhill from here 🤣 🍻 #BeerSpa pic.twitter.com/ezCpUC6XEK — Troy Hunt (@troyhunt) September 21, 2023 All that and more in this week's video, next week I&apo
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Anton on Security
SEPTEMBER 21, 2023
This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. This post is our second installment in the “Threats into Detections — The DNA of Detection Engineering” series, where we explore the challenges of detection engineering in more detail — and where threat intelligence plays (and where some hope appears … but you need to wait for Part 3 for this!
Schneier on Security
SEPTEMBER 18, 2023
Remember last November, when hackers broke into the network for LastPass—a password database—and stole password vaults with both encrypted and plaintext data for over 25 million users? Well, they’re now using that data break into crypto wallets and drain them: $35 million and counting, all going into a single wallet. That’s a really profitable hack.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Troy Hunt
SEPTEMBER 17, 2023
It's another week of travels, this time from our "second home", Oslo. That's off the back of 4 days in the Netherlands and starting tomorrow, another 4 in Prague. But today, the 17th of September, is extra special 😊 1 year today ❤️ pic.twitter.com/vsRChdDshn — Troy Hunt (@troyhunt) September 17, 2023 We'll be going out and celebrating accordingly as soon as I get this post published so I'll be brief: enjoy this week's video!
The Last Watchdog
SEPTEMBER 21, 2023
Ransomware is a significant threat to businesses worldwide. There are many gangs that work together to orchestrate increasingly damaging attacks. However, some of these groups follow codes of conduct that prevent them from purposefully targeting hospitals. Related: How Putin has weaponized ransomware In mid-March 2020, representatives from the cybersecurity website BleepingComputer contacted numerous ransomware gangs to ask if they’d continue targeting hospitals during the unprecedented COVID-19
Schneier on Security
SEPTEMBER 19, 2023
There are no reliable ways to distinguish text written by a human from text written by an large language model. OpenAI writes : Do AI detectors work? In short, no. While some (including OpenAI) have released tools that purport to detect AI-generated content, none of these have proven to reliably distinguish between AI-generated and human-generated content.
Tech Republic Security
SEPTEMBER 21, 2023
Australian retailers are rolling out mass surveillance solutions to combat shoplifting, but a poor regulatory environment could mean high risks associated with data security and privacy.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Bleeping Computer
SEPTEMBER 21, 2023
Apple released emergency security updates to patch three new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 16 zero-days patched this year. [.
The Last Watchdog
SEPTEMBER 20, 2023
Creating ever smarter security software to defend embattled company networks pretty much sums up the cybersecurity industry. Related: The security role of semiconductors Cutting against the grain, Flexxon , a Singapore-based supplier of NAND memory drives and storage devices, arrived at Black Hat USA 2023 calling for a distinctive hardware approach to repelling cyber attacks.
Schneier on Security
SEPTEMBER 21, 2023
Jake Appelbaum’s PhD thesis contains several new revelations from the classified NSA documents provided to journalists by Edward Snowden. Nothing major, but a few more tidbits. Kind of amazing that that all happened ten years ago. At this point, those documents are more historical than anything else. And it’s unclear who has those archives anymore.
Tech Republic Security
SEPTEMBER 18, 2023
The Microsoft leak, which stemmed from AI researchers sharing open-source training data on GitHub, has been mitigated.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
The Hacker News
SEPTEMBER 19, 2023
Microsoft on Monday said it took steps to correct a glaring security gaffe that led to the exposure of 38 terabytes of private data. The leak was discovered on the company's AI GitHub repository and is said to have been inadvertently made public when publishing a bucket of open-source training data, Wiz said.
Security Affairs
SEPTEMBER 21, 2023
Apple released emergency security updates to address three new actively exploited zero-day vulnerabilities. Apple released emergency security updates to address three new zero-day vulnerabilities (CVE-2023-41993, CVE-2023-41991, CVE-2023-41992) that have been exploited in attacks in the wild. The three flaws were discovered by Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group.
Trend Micro
SEPTEMBER 17, 2023
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior and SOCKS implementation.
Tech Republic Security
SEPTEMBER 21, 2023
The attestation service is designed to allow data in confidential computing environments to interact with AI safely, as well as provide policy enforcements and audits.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Hacker News
SEPTEMBER 21, 2023
Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16.
Security Affairs
SEPTEMBER 17, 2023
One of Thailand’s major digital financial platforms, CardX , recently disclosed a data leak that affected their customers. According to the statement published on the CardX official website on September 15th, the company experienced a cybersecurity incident that exposed personal information related to personal loan and cash card applications. This information includes the customer’s first and last name, address, telephone number, and email.
Bleeping Computer
SEPTEMBER 22, 2023
Security researchers discovered a multi-step information stealing campaign where hackers breach the systems of hotels, booking sites, and travel agencies and then use their access to go after financial data belonging to customers. [.
Tech Republic Security
SEPTEMBER 20, 2023
At CrowdStrike Fal.Con 2023, CrowdStrike announced a new Falcon Raptor release with generative-AI capabilities and the acquisition of Bionic.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
The Hacker News
SEPTEMBER 22, 2023
The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023.
Security Affairs
SEPTEMBER 18, 2023
Microsoft AI researchers accidentally exposed 38TB of sensitive data via a public GitHub repository since July 2020. Cybersecurity firm Wiz discovered that the Microsoft AI research division accidentally leaked 38TB of sensitive while publishing a bucket of open-source training data on GitHub. The exposed data exposed a disk backup of two employees’ workstations containing secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages. “The researchers shared their fi
Trend Micro
SEPTEMBER 21, 2023
We examine the campaigns of the cyberespionage group known as Turla over the years, with a special focus on the key MITRE techniques and the corresponding IDs associated with the threat actor group.
Tech Republic Security
SEPTEMBER 22, 2023
On Thursday Cisco agreed to buy Splunk in a $28 billion deal intended to address AI-enabled security and observability issues.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
The Hacker News
SEPTEMBER 20, 2023
Encrypted messaging app Signal has announced an update to the Signal Protocol to add support for quantum resistance by upgrading the Extended Triple Diffie-Hellman (X3DH) specification to Post-Quantum Extended Diffie-Hellman (PQXDH).
Security Affairs
SEPTEMBER 19, 2023
Trend Micro addressed a zero-day code execution vulnerability (CVE-2023-41179) in Apex One that has been actively exploited in the wild. Trend Micro has released security updates to patch an actively exploited zero-day vulnerability, tracked as CVE-2023-41179, impacting endpoint security products, including Apex One, Apex One SaaS, and Worry-Free Business Security products.
Malwarebytes
SEPTEMBER 20, 2023
If you've received a message from a company saying your data has been caught up in a breach, you might be unsure what to do next. We've put together some tips which should help you when the (more or less) inevitable happens. 1. Check the company’s advice Every breach is different, so check the company's official channels to find out what's happened and what data has been breached.
Tech Republic Security
SEPTEMBER 17, 2023
This Remote Access Checklist from TechRepublic Premium should be used to ensure all employees have the requisite items, accounts, access and instructions needed for remote work. It should be filled out by the IT department and signed off on by the employee and their supervisor/manager. This checklist can be customized to meet the needs of.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
237 
Let's personalize your content