Sat.Oct 05, 2024 - Fri.Oct 11, 2024

article thumbnail

Australian Cybersecurity Professionals Confess To Growing Job Stress

Tech Republic Security

Australian cyber professionals are reporting more job stress, partly due to skills gaps and other growing industry challenges.

article thumbnail

20% of Generative AI ‘Jailbreak’ Attacks Succeed, With 90% Exposing Sensitive Data

Tech Republic Security

On average, it takes adversaries just 42 seconds and five interactions to execute a GenAI jailbreak, according to Pillar Security.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Deebot Robot Vacuums Are Using Photos and Audio to Train Their AI

Schneier on Security

An Australian news agency is reporting that robot vacuum cleaners from the Chinese company Deebot are surreptitiously taking photos and recording audio, and sending that data back to the vendor to train their AIs. Ecovacs’s privacy policy— available elsewhere in the app —allows for blanket collection of user data for research purposes, including: The 2D or 3D map of the user’s house generated by the device Voice recordings from the device’s microphone Photos or vide

article thumbnail

Firefox Zero-Day Under Attack: Update Your Browser Immediately

The Hacker News

Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug in the Animation timeline component.

144
144
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

News alert: SpyCloud accelerates supply chain risk analysis with new ‘IDLink’ correlation capability

The Last Watchdog

Austin, TX, Oct. 10th, 2024, CyberNewswire — SpyCloud, the leader in Identity Threat Protection, announced that its SaaS Investigations solution has been enhanced with identity analytics that illuminate the scope of digital identities and accelerate successful outcomes of complex investigations from days or hours to minutes. SpyCloud Investigations is a powerful cybercrime and identity threat investigation solution used by analysts and investigators to discover and act on threats by naviga

Risk 286
article thumbnail

Lamborghini Carjackers Lured by $243M Cyberheist

Krebs on Security

The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later — while out house-hunting in a brand new Lamborghini. Prosecutors say the couple was beaten and briefly kidnapped by six young men who traveled from Florida as part of a botched plan to hold the parents for ransom.

More Trending

article thumbnail

Weekly Update 420

Troy Hunt

Ok, the scenery here is amazing , but the real story is data breach victim notification. Charlotte and I wanted to do this one together today and chat about some of the things we'd been hearing from government and law enforcement on our travels, and the victim notification angle featured heavily. She reminded me of the trouble even the police have when reaching out to organisations about security issues, often being confronted by lawyers or other company representatives worried about legal

article thumbnail

Learning from the NASCIO Annual Conference 2024

Lohrman on Security

The National Association of State CIOs (NASCIO) held its annual conference in New Orleans, La., this past week. Here are some of the highlights, along with some thoughts about what the future holds for state CIOs.

194
194
article thumbnail

Patch Tuesday, October 2024 Edition

Krebs on Security

Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of products, and Apple has addressed a bug in its new macOS 15 “ Sequoia ” update that broke many cybersecurity tools.

article thumbnail

More on My AI and Democracy Book

Schneier on Security

In July, I wrote about my new book project on AI and democracy, to be published by MIT Press in fall 2025. My co-author and collaborator Nathan Sanders and I are hard at work writing. At this point, we would like feedback on titles. Here are four possibilities: Rewiring Democracy: How AI Will Transform our Politics, Government, and Citizenship The Thinking State: How AI Can Improve Democracy Better Run: How AI Can Make our Politics, Government, Citizenship More Efficient, Effective and Fair AI a

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Deloitte: Why Only a Quarter of Cybersecurity Professionals are Women

Tech Republic Security

Despite a huge talent shortage in the cybersecurity industry, women still feel discouraged from joining it due to concerns over their knowledge, its inclusivity, and the pay.

article thumbnail

JAXA Cyberattack: Hackers Breach Accounts of Top Officials, Exposing Sensitive Space and Defense Data

Penetration Testing

The Japan Aerospace Exploration Agency (JAXA) has become the target of a series of sophisticated cyberattacks, resulting in the hijacking of accounts belonging to high-ranking officials, including President Hiroshi Yamakawa... The post JAXA Cyberattack: Hackers Breach Accounts of Top Officials, Exposing Sensitive Space and Defense Data appeared first on Cybersecurity News.

article thumbnail

China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems

Security Affairs

China-linked APT group Salt Typhoon breached U.S. broadband providers, potentially accessing systems for lawful wiretapping and other data. China-linked APT group Salt Typhoon (also known as FamousSparrow and GhostEmperor ) breached U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, potentially accessing systems for lawful wiretapping and other data.

Hacking 144
article thumbnail

IronNet Has Shut Down

Schneier on Security

After retiring in 2014 from an uncharacteristically long tenure running the NSA (and US CyberCommand), Keith Alexander founded a cybersecurity company called IronNet. At the time, he claimed that it was based on IP he developed on his own time while still in the military. That always troubled me. Whatever ideas he had, they were developed on public time using public resources: he shouldn’t have been able to leave military service with them in his back pocket.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Fidelity Data Breach Exposes Data of Over 77,000 Customers

Tech Republic Security

An attacker snuck in by creating two new user accounts. Fidelity Investments assures customers their investments were not affected.

article thumbnail

Secure Your World with Phishing Resistant Passkeys

Thales Cloud Protection & Licensing

Secure Your World with Phishing Resistant Passkeys madhav Thu, 10/10/2024 - 05:12 As we celebrate Cybersecurity Awareness Month 2024 with the theme "Secure Our World," exploring innovative technologies is crucial to help us achieve this goal. One such advancement that's revolutionizing online security and user authentication is passkeys. Passkeys represent a significant leap forward in creating a safer digital landscape, aligning perfectly with the mission to secure our world.

Phishing 133
article thumbnail

Mozilla issued an urgent Firefox update to fix an actively exploited flaw

Security Affairs

Mozilla released an urgent Firefox update to fix a critical use-after-free vulnerability actively exploited in ongoing attacks. Mozilla released an emergency security update for its Firefox browser to address a critical use-after-free vulnerability, tracked as CVE-2024-9680, that is actively exploited in attacks. The vulnerability CVE-2024-9680 resides in Animation timelines.

Hacking 136
article thumbnail

Largest Recorded DDoS Attack is 3.8 Tbps

Schneier on Security

CLoudflare just blocked the current record DDoS attack: 3.8 terabits per second. (Lots of good information on the attack, and DDoS in general, at the link.) News article.

DDOS 190
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

The Internet Archive Breach: Over 31 Million User Accounts Exposed

Tech Republic Security

The Internet Archive, a non-profit digital library best known for its Wayback Machine, has disclosed a major data breach affecting over 31 million users.

Internet 161
article thumbnail

Passwordless Authentication without Secrets!

Thales Cloud Protection & Licensing

Passwordless Authentication without Secrets! divya Fri, 10/11/2024 - 08:54 As user expectations for secure and seamless access continue to grow, the 2024 Thales Consumer Digital Trust Index (DTI) research revealed that 65% of users feel frustrated with frequent password resets. This highlights an increasing demand for advanced authentication methods like passkeys and multi-factor authentication (MFA), which provide robust security for most use cases.

article thumbnail

Iran and China-linked actors used ChatGPT for preparing attacks

Security Affairs

OpenAI disrupted 20 cyber and influence operations in 2023, revealing Iran and China-linked actors used ChatGPT for planning ICS attacks. OpenAI announced the disruption of over 20 cyber and influence operations this year, involving Iranian and Chinese state-sponsored hackers. The company uncovered the activities of three threat actors abusing ChatGPT to launch cyberattacks.

Malware 135
article thumbnail

Auto-Identification Smart Glasses

Schneier on Security

Two students have created a demo of a smart-glasses app that performs automatic facial recognition and then information lookups. Kind of obvious, but the sort of creepy demo that gets attention. News article.

180
180
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Timeline: 15 Notable Cyberattacks and Data Breaches

Tech Republic Security

These 15 cyber attacks or data breaches impacted large swaths of users across the United States and changed what was possible in cybersecurity.

article thumbnail

Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against UAE and Gulf Regions

Trend Micro

Trend Micro's investigation into the recent activity of Earth Simnavaz provides new insights into the APT group’s evolving tactics and the immediate threat it poses to critical sectors in the UAE.

137
137
article thumbnail

U.S. CISA adds Windows and Qualcomm bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows and Qualcomm bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-43047 Qualcomm Multiple Chipsets Use-After-Free Vulnerability CVE-2024-43572 Microsoft Windows Management Console Remote Code Execution Vulnerability CVE-2024-43573 Microsoft Windows MSHTML Platf

article thumbnail

Indian Fishermen Are Catching Less Squid

Schneier on Security

Fishermen in Tamil Nadu are reporting smaller catches of squid. Blog moderation policy.

192
192
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Cybersecurity Awareness Lags as Global Workforce Engages in Risky AI Practices

Tech Republic Security

A recent report has revealed errant cybersecurity behaviours in Australia, including employees sharing company data with AI tools.

article thumbnail

Trend Micro Extends NVIDIA Cybersecurity Alliance to Detect Threats in Real Time

Security Boulevard

Trend Micro revealed today it will extend an alliance with NVIDIA to include a Morpheus platform that harnesses graphical processor units (GPUs) to apply artificial intelligence (AI) to security operations. The post Trend Micro Extends NVIDIA Cybersecurity Alliance to Detect Threats in Real Time appeared first on Security Boulevard.

article thumbnail

Kyiv’s hackers launched an unprecedented cyber attack on Russian state media VGTRK on Putin’s birthday

Security Affairs

Russian state media VGTRK faced a major cyberattack, which a Ukrainian source claimed was conducted by Kyiv’s hackers. A Ukrainian government source told Reuters that Kyiv’s hackers are behind the cyber attack that disrupted operations at the Russian state media company VGTRK on Putin’s birthday. The All-Russia State Television and Radio Broadcasting Company (VGTRK, Russian: ВГТРК) or Russian Television and Radio Broadcasting Company, also known as Russian Television and Radio,

Media 133
article thumbnail

FBI Creates Fake Cryptocurrency to Expose Widespread Crypto Market Manipulation

The Hacker News

The U.S. Department of Justice (DoJ) has announced arrests and charges against several individuals and entities in connection with allegedly manipulating digital asset markets as part of a widespread fraud operation. The law enforcement action – codenamed Operation Token Mirrors – is the result of the U.S.

Marketing 128
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!