Lohrman on Security

JANUARY 29, 2023

ChatGPT is an AI-powered chatbot created by OpenAI. So what are the opportunities and risks with using this technology across different domains?

Cybersecurity 349

Cybersecurity Technology Risk 349

Schneier on Security

FEBRUARY 2, 2023

Hacker “Capture the Flag” has been a mainstay at hacker gatherings since the mid-1990s. It’s like the outdoor game, but played on computer networks. Teams of hackers defend their own computers while attacking other teams’. It’s a controlled setting for what computer hackers do in real life: finding and fixing vulnerabilities in their own systems and exploiting them in others’ It’s the software vulnerability lifecycle.

Artificial Intelligence 299

Artificial Intelligence Technology Software Hacking 299

Troy Hunt

FEBRUARY 2, 2023

Getting everything out nice and early today so we can get out there in hit the wake park in the balmy "well over 30C" weather (the radio is talking about "severe heatwave weather" as I write this). But hey, we're surrounded by water and a beer delivery is due today so no crisis 😎 There's also a heap more data breach news and I'll be putting that connected BBQ to use for the first time today, stay tuned for epic pics on all of the above over the coming hours

Data breaches 209

Data breaches Accountability 209

Tech Republic Security

FEBRUARY 1, 2023

Change Your Password Day — an annual reminder of just how bad passwords really are. The post The headache of changing passwords appeared first on TechRepublic.

Passwords 192

Passwords Password Management Authentication 192

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Bleeping Computer

FEBRUARY 3, 2023

Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy ransomware. [.

Ransomware 142

Ransomware 142

Schneier on Security

JANUARY 31, 2023

Chainalysis reports that worldwide ransomware payments were down in 2022. Ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million the year before. As always, we have to caveat these findings by noting that the true totals are much higher, as there are cryptocurrency addresses controlled by ransomware attackers that have yet to be identified on the blockchain and incorporated into our data.

Ransomware 285

Ransomware Cryptocurrency Cybercrime 285

Tech Republic Security

JANUARY 31, 2023

Foundry’s study found the role has been significantly elevated because of the economy, and CIOs are recognized as strategic business partners by their LOB peers. The post CIOs hold greater organizational leadership status appeared first on TechRepublic.

159

159

Bleeping Computer

FEBRUARY 1, 2023

Google Fi, Google's U.S.-only telecommunications and mobile internet service, has informed customers that personal data was exposed by a data breach at one of its primary network providers, with some customers warned that it allowed SIM swapping attacks. [.

Data breaches 135

Data breaches Telecommunications Mobile Internet 135

Schneier on Security

FEBRUARY 1, 2023

This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, and ChangeItN0w!—were weak enough to be cracked using standard methods, a recently published security audit of the agency found. […] The results weren’t encouraging.

Passwords 265

Passwords Accountability Authentication Government 265

Security Boulevard

JANUARY 30, 2023

Security and compliance risks are ranked as among the top barriers to achieving value from investments moving to the cloud as organizations grapple with what they consider an “urgent priority,” according to a recent report from Accenture. The global survey of 800 business and IT leaders revealed security continues to be one of the top. The post Security, Compliance Risks Complicate Cloud Migration Efforts appeared first on Security Boulevard.

Cloud Migration 136

Cloud Migration Risk Government Cybersecurity 136

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

FEBRUARY 1, 2023

A new business email attack threat actor is using a stealth tactic to avoid giveaways of typical social engineering attacks. Learn the best defense for protecting your company. The post New cybersecurity BEC attack mimics vendors appeared first on TechRepublic.

Social Engineering 158

Social Engineering Cybersecurity Engineering 158

We Live Security

FEBRUARY 2, 2023

“Can I tell a legitimate survey apart from a fake one?” is the single most important question you need to answer for yourself before taking any surveys online The post Is that survey real or fake?

Scams 133

Scams 133

Schneier on Security

FEBRUARY 3, 2023

Interesting research: “ Facial Misrecognition Systems: Simple Weight Manipulations Force DNNs to Err Only on Specific Persons “: Abstract: In this paper we describe how to plant novel types of backdoors in any facial recognition model based on the popular architecture of deep Siamese neural networks, by mathematically changing a small fraction of its weights (i.e., without using any additional training or optimization).

Architecture 225

Architecture 225

CSO Magazine

JANUARY 30, 2023

The security poverty line broadly defines a divide between the organizations that have the means and resources to achieve and maintain mature security postures to protect data, and those that do not. It was first coined by cybersecurity expert Wendy Nather in 2011, and the concept is just as relevant today as it was then (if not more so). It has widely become the benchmark for acceptable cybersecurity, often associated with factors such as company size, sector and disposable income, but also kno

Cybersecurity 133

Cybersecurity 133

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

FEBRUARY 2, 2023

A new study by Salesforce’s MuleSoft suggests more isn’t necessarily better if an organization’s applications are not playing well together. Unfortunately, more than 70% remain disconnected from one another and the core business. The post Study: Companies have upwards of 1,000 apps but only a third are integrated appeared first on TechRepublic.

148

148

Security Boulevard

JANUARY 30, 2023

There is no debate that the software supply chain is filled with action. It’s the front lines of the security world these days. If you have a shadow of a doubt, search the history of SolarWinds, Codecov , or CircleCI for examples of how attackers use the supply chain as a gateway of compromise. The post 6 misconceptions about Software Bills of Materials appeared first on Security Boulevard.

Software 133

Software 133

Dark Reading

FEBRUARY 1, 2023

Killnet is building its profile, inspiring jewelry sales and rap anthems. But the impact of its DDoS attacks, like the ones that targeted 14 major US hospitals this week, remain largely questionable.

DDOS 131

DDOS 131

CyberSecurity Insiders

JANUARY 30, 2023

By Sebastian Goodwin, CISO, Nutanix IT budgets and revenue growth areas are top of mind at the beginning of every calendar year, even more so with the current state of the world economy. IT departments and data teams are looking at the best ways to prioritize, maintain and build security measures – while being cost effective. It’s a tricky balance to strike but an important one as security cannot be overlooked.

Data breaches 131

Data breaches Wireless Cybersecurity Risk 131

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

FEBRUARY 2, 2023

A new version of the Prilex POS malware has found a novel way to steal your credit card information. The post Prilex POS malware evolves to block contactless transactions appeared first on TechRepublic.

Malware 146

Malware Phishing 146

Security Boulevard

JANUARY 30, 2023

One of the most imminent and pressing threats to organizations presently is harvest now, decrypt later (HNDL) attacks. According to a recent poll, half of responding professionals at organizations considering quantum computing benefits believe that their organizations are at risk for HNDL attacks. During an HNDL attack, threat actors will “harvest” encrypted data from unsuspecting.

Encryption 132

Encryption Risk Security Awareness Government 132

Trend Micro

FEBRUARY 1, 2023

We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers.

Malware 125

Malware Accountability Mobile 125

SecureList

JANUARY 30, 2023

The dark web is a collective name for a variety of websites and marketplaces that bring together individuals willing to engage in illicit or shady activities. Dark web forums contain ads for selling and buying stolen data, offers to code malware and hack websites, posts seeking like-minded individuals to participate in attacks on companies, and many more.

Cybercrime 129

Cybercrime Marketing Encryption Risk 129

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

JANUARY 31, 2023

IT pros typically have access to company servers, network devices and data so they can perform their jobs. However, that access entails risk, including exposure of confidential information and interruption in essential business services. This policy from TechRepublic Premium offers guidelines for governing access to critical systems and confidential data.

Business Services 144

Business Services Government Risk 144

Security Boulevard

JANUARY 31, 2023

Two researchers report vulnerability in KeePass. But lead developer Dominik Reichl says it’s not a problem—and refuses to fix the flaw. The post Another Password Manager Leak Bug: But KeePass Denies CVE appeared first on Security Boulevard.

Password Management 131

Password Management Passwords Social Engineering Engineering 131

Cisco Security

FEBRUARY 2, 2023

Be impeccable with your words. It’s the first of the Four Agreements – a set of universal life principles outlined in the bestselling book by Don Miguel Ruiz. ‘Being impeccable with your words’ is my favorite, and it’s no surprise. As a product marketer, I spend most of my daily existence casting about for the perfect word to use in web copy, a webinar, or video script.

Marketing 143

Marketing Authentication CISO Architecture 143

CSO Magazine

FEBRUARY 2, 2023

State-sponsored threat groups increasingly use ransomware-like attacks as cover to hide more insidious activities. Russian advanced persistent threat (APT) group Sandworm used ransomware programs to destroy data multiple times over the past six months while North Korea's Lazarus group used infrastructure previously associated with a ransomware group for intelligence gathering campaigns.

Ransomware 122

Ransomware Risk 122

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Tech Republic Security

JANUARY 30, 2023

With Azure AD and FIDO security keys, you can make MFA more secure and avoid having to provision certificates on everyone’s phones. The post Unphishable mobile MFA through hardware keys appeared first on TechRepublic.

Mobile 137

Mobile 137

Security Boulevard

JANUARY 30, 2023

New and Noteworthy: ChatGPT Makes Waves Inside and Outside of the Tech Industry Since it was made publicly available in December, ChatGPT has prompted all sorts of reactions from both inside and outside technology circles. Microsoft, which previously invested $1B into ChatGPT creator company OpenAI, indicated it will invest another $10 billion into the company and that it would incorporate AI into all of Microsoft’s tools. ( 1 ) Cybercriminals also seem to see the potential in ChatGPT; some sec

Malware 126

Malware Ransomware Advertising Technology 126

Bleeping Computer

FEBRUARY 2, 2023

An ongoing Google ads malvertising campaign is spreading malware installers that leverage KoiVM virtualization technology to evade detection when installing the Formbook data stealer. [.

Antivirus 122

Antivirus Malware Technology 122

CSO Magazine

FEBRUARY 2, 2023

VMware published patches last week for four vulnerabilities in its vRealize Log Insight product that, if combined, could allow attackers to take over the log collection and analytics platform. This week, a proof-of-concept exploit chain has been released by security researchers, along with detailed explanations for each vulnerability, meaning in-the-wild attacks could soon follow.

Penetration Testing 122

Penetration Testing 122

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity