Lohrman on Security
MARCH 5, 2023
The White House released a new national cybersecurity strategy this past week with five pillars. What’s in the plan, and how will this impact public- and private-sector organizations?
Troy Hunt
MARCH 9, 2023
What if I told you. that you could run a website from behind Cloudflare and only have 385 daily requests miss their cache and go through to the origin service? No biggy, unless. that was out of a total of more than 166M requests in the same period: Yep, we just hit "five nines" of cache hit ratio on Pwned Passwords being 99.999%. Actually, it was 99.9998% but we're at the point now where that's just splitting hairs, let's talk about how we've managed to only have two
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
MARCH 7, 2023
This is a good survey on prompt injection attacks on large language models (like ChatGPT). Abstract: We are currently witnessing dramatic advances in the capabilities of Large Language Models (LLMs). They are already being adopted in practice and integrated into many systems, including integrated development environments (IDEs) and search engines. The functionalities of current LLMs can be modulated via natural language prompts, while their exact internal functionality remains implicit and unass
Krebs on Security
MARCH 7, 2023
The domain name registrar Freenom , whose free domain names have long been a draw for spammers and phishers, has stopped allowing new domain name registrations. The move comes just days after the Dutch registrar was sued by Meta , which alleges the company ignores abuse complaints about phishing websites while monetizing traffic to those abusive domains.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Anton on Security
MARCH 6, 2023
Cloud D&R Report (2023) One of the mysteries of detection and response (D&R) is about how companies really approach D&R in the public cloud. So we did a survey focused on this, and we actually polled both leaders and technologists. “Our State of Cloud Threat Detection and Response report summarizes the survey responses of 400 security leaders and SecOps practitioners in North America regarding the capabilities, practices, and behaviors of protecting against, identifying, and remediat
Troy Hunt
MARCH 10, 2023
I'm going lead this post with where I finished the video because it brought the biggest smile to Charlotte's and my faces this week: This. Is. Amazing 😍 pic.twitter.com/wOl4kpK841 — Troy Hunt (@troyhunt) March 3, 2023 When I talked about the McLaren in this week's video, Frits made the comment "the smile on your face says it all", which absolutely nailed it.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Krebs on Security
MARCH 9, 2023
A Croatian national has been arrested for allegedly operating NetWire , a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the U.S. Federal Bureau of Investigation (FBI). While the defendant in this case hasn’t yet been named publicly, the NetWire website has been leaking information about the likely true identity and location of its owne
The Last Watchdog
MARCH 8, 2023
APIs (Application Programming Interfaces) play a critical role in digital transformation by enabling communication and data exchange between different systems and applications. Related: It’s all about attack surface management APIs help digital transformation by enabling faster and more efficient business processes, improving customer experience, and providing new ways to interact with your business.
Tech Republic Security
MARCH 10, 2023
C-Suites executives have cybersecurity insecurities around cloud development, deployment and visibility, a Palo Alto Networks survey finds. The post Cloud security, hampered by proliferation of tools, has a “forest for trees” problem appeared first on TechRepublic.
Schneier on Security
MARCH 9, 2023
Here’s a piece of Chinese malware that infects SonicWall security appliances and survives firmware updates. On Thursday, security firm Mandiant published a report that said threat actors with a suspected nexus to China were engaged in a campaign to maintain long-term persistence by running malware on unpatched SonicWall SMA appliances. The campaign was notable for the ability of the malware to remain on the devices even after its firmware received new firmware. “The attackers put sig
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Dark Reading
MARCH 7, 2023
More than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information.
The Hacker News
MARCH 6, 2023
A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber, one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year.
Tech Republic Security
MARCH 7, 2023
CrowdStrike’s new threat report sees a big increase in data theft activity, as attackers move away from ransomware and other malware attacks, as defense gets better, and the value of data increases. The post CrowdStrike: Attackers focusing on cloud exploits, data theft appeared first on TechRepublic.
Schneier on Security
MARCH 10, 2023
An elephant uses its right-of-way privileges to stop sugar-cane trucks and grab food.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
CyberSecurity Insiders
MARCH 9, 2023
Traditional vulnerability management is in need of a desperate change due to the lack of effectiveness in combating modern cyberattacks. It’s a bold statement, but true, nonetheless, because it’s just not enough. Numbers don’t lie, and the only direction the average cost of recovering from cyberattacks seems to move is up. Putting the monetary effect aside, a successful cyberattack from ineffective vulnerability management can fatally hit an organization’s reputation.
SecureList
MARCH 9, 2023
In recent months, we observed an increase in the number of malicious campaigns that use Google Advertising as a means of distributing and delivering malware. At least two different stealers, Rhadamanthys and RedLine, were abusing the search engine promotion plan in order to deliver malicious payloads to victims’ machines. They seem to use the same technique of mimicking a website associated with well-known software like Notepad++ and Blender 3D.
Tech Republic Security
MARCH 9, 2023
Learn a wide variety of topics for a lifetime with this eclectic bundle. The post Become your business’s cybersecurity expert appeared first on TechRepublic.
Security Boulevard
MARCH 6, 2023
Voice AI tech being misused by scammers: Scrotes fake your voice and call your grandparents. Then “you” beg them for money. The post Voice-Clone AI Scams — it’s NOT ME on the Phone, Grandma appeared first on Security Boulevard.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
MARCH 5, 2023
The seemingly innocuous Microsoft OneNote file has become a popular file format used by hackers to spread malware and breach corporate networks. Here's how to block malicious OneNote phishing attachments from infecting Windows. [.
Graham Cluley
MARCH 9, 2023
The US Transportation and Security Administration (TSA) has issued new requirements for airport and aircraft operators who, they say, are facing a "persistent cybersecurity threat." Read more in my article on the Tripwire State of Security blog.
Tech Republic Security
MARCH 9, 2023
Over the next nine months, the largest internet hosting service for software development and collaboration will make all code contributors add another layer of electronic evidence to their accounts. The post GitHub rolling out two-factor authentication to millions of users appeared first on TechRepublic.
Security Boulevard
MARCH 8, 2023
With victims from 23 countries, Lockbit continues to be the most prolific ransomware group in the early months of 2023, even as an 11% decrease in ransomware victims was reported in January. These were among the findings from GuidePoint Security’s monthly ransomware threat report, which found the total number of attacks by Lockbit was more. The post Lockbit Ransomware Dominant Even as Overall Attack Rates Fall appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
CSO Magazine
MARCH 10, 2023
AT&T is informing customers about a data breach at a vendor’s system that allowed threat actors to gain access to AT&T’s Customer Proprietary Network Information (CPNI). The incident came to light after customers posted the email communication from AT&T on community forums to know if it was legitimate or email fraud. “We recently determined that an unauthorized person breached a vendor’s system and gained access to your ‘Customer Proprietary Network Information’ (CPNI),” AT&T sai
WIRED Threat Level
MARCH 8, 2023
Rather than obtaining a warrant, the bureau purchased sensitive data—a controversial practice that privacy advocates say is deeply problematic.
Tech Republic Security
MARCH 4, 2023
LastPass attacks began with a hacked employee's home computer. The investigation now reveals the password manager company's data vault was compromised. The post LastPass releases new security incident disclosure and recommendations appeared first on TechRepublic.
Security Boulevard
MARCH 6, 2023
The identity verification market was valued at $11B in 2022. It’s anticipated that in the. The post Identity verification in today’s digital-first era appeared first on Entrust Blog. The post Identity verification in today’s digital-first era appeared first on Security Boulevard.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Naked Security
MARCH 7, 2023
Security bugs in the very code you've been told you must have to improve the security of your computer.
Dark Reading
MARCH 7, 2023
An Acer statement confirms that a document server for repair techs was compromised, but says customer data doesn't appear to be part of the leak.
Tech Republic Security
MARCH 6, 2023
Ethical hacking is a great skill to learn with new cyber threats on the rise. Learn how to fight back with this ethical hacking course bundle. The post This 18-course ethical hacking bundle is under $50 appeared first on TechRepublic.
Security Boulevard
MARCH 10, 2023
Capitol Trouble: Senators, representatives and staffers suffer PII leak. Could it finally kickstart some action? The post ‘Extraordinary, Egregious’ Data Breach at House and Senate appeared first on Security Boulevard.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
347 
Let's personalize your content