Schneier on Security

MARCH 22, 2023

OpenAI has disabled ChatGPT’s privacy history, almost certainly because they had a security flaw where users were seeing each others’ histories.

Cybersecurity 325

Cybersecurity 325

Krebs on Security

MARCH 20, 2023

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection. Here’s a primer on why you might want to do that, and how.

Mobile 307

Mobile Wireless Advertising Telecommunications 307

Tech Republic Security

MARCH 23, 2023

Microsoft has already seen millions of phishing emails sent every day by attackers using this phishing kit. Learn how to protect your business from this AitM campaign. The post Massive adversary-in-the-middle phishing campaign bypasses MFA and mimics Microsoft Office appeared first on TechRepublic.

Phishing 210

Phishing Authentication Cybersecurity 210

CyberSecurity Insiders

MARCH 22, 2023

Cybercriminals are smarter, faster, and more relentless in their attacks than in times past. Data breaches are a serious threat to organizations, but vulnerability management automation can help reduce the number of incidents businesses face each year. Managing vulnerabilities is difficult in an increasingly connected cyber environment. Companies have their own networks, networks connected to their supply chains, vendor access, remote workers, and other entry points, all creating security gaps.

Data breaches 139

Data breaches Cyber threats Government Risk 139

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

MARCH 24, 2023

In case you don’t have enough to worry about, people are hiding explosives —actual ones—in USB sticks: In the port city of Guayaquil, journalist Lenin Artieda of the Ecuavisa private TV station received an envelope containing a pen drive which exploded when he inserted it into a computer, his employer said. Artieda sustained slight injuries to one hand and his face, said police official Xavier Chango.

270

270

CSO Magazine

MARCH 20, 2023

The emergence of effective natural language processing tools such as ChatGPT means it's time to begin understanding how to harden against AI-enabled cyberattacks. The natural language generation capabilities of large language models (LLMs) are a natural fit for one of cybercrime’s most important attack vectors: phishing. Phishing relies on fooling people and the ability to generate effective language and other content at scale is a major tool in the hacker’s kit.

Phishing 136

Phishing 136

CyberSecurity Insiders

MARCH 19, 2023

After the release of ChatGPT in November 2022, the OpenAI CEO and the people behind the conversational chatbot launch say that they are equally scared of the negative consequences that the newly developed technology can fetch in the future. Sam Altman, the tech brain leading the company, now owned by Microsoft, spoke a few words about what the world was intending to say about the tech.

Artificial Intelligence 138

Artificial Intelligence Technology Cyber Attacks Internet 138

Schneier on Security

MARCH 23, 2023

A vulnerability in a popular data transfer tool has resulted in a mass ransomware attack : TechCrunch has learned of dozens of organizations that used the affected GoAnywhere file transfer software at the time of the ransomware attack, suggesting more victims are likely to come forward. However, while the number of victims of the mass-hack is widening, the known impact is murky at best.

Ransomware 231

Ransomware Hacking Software 231

Dark Reading

MARCH 24, 2023

In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest.

Hacking 145

Hacking Technology 145

Tech Republic Security

MARCH 20, 2023

Learn how this cryptocurrency campaign operates and its scope. Then, get tips on protecting vulnerable Kubernetes instances from this cybersecurity threat. The post First Dero cryptojacking campaign targets unprotected Kubernetes instances appeared first on TechRepublic.

Cryptocurrency 185

Cryptocurrency Cybersecurity Network Security 185

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

CSO Magazine

MARCH 23, 2023

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued advisories on 49 vulnerabilities in eight industrial control systems (ICS) this week, which are used across multiple critical infrastructure sectors. The vulnerabilities identified by CISA were tracked in products from ICS providers including Siemens, Hitachi, Rockwell, Delta Electronics, VISAM, and Keysight.

Cybersecurity 133

Cybersecurity 133

Schneier on Security

MARCH 21, 2023

The New York Times is reporting that a US citizen’s phone was hacked by the Predator spyware. A U.S. and Greek national who worked on Meta’s security and trust team while based in Greece was placed under a yearlong wiretap by the Greek national intelligence service and hacked with a powerful cyberespionage tool, according to documents obtained by The New York Times and officials with knowledge of the case.

Spyware 217

Spyware Hacking Government Technology 217

Dark Reading

MARCH 24, 2023

GitHub hastens to replace its RSA SSH host key after an exposure mishap threatens users with man-in-the-middle attacks and organization impersonation.

142

142

Tech Republic Security

MARCH 24, 2023

Addressing cybersecurity can be a challenge when the focus is on speed in software development and production life cycles. The post DevSecOps puts security in the software cycle appeared first on TechRepublic.

Software 183

Software Cybersecurity 183

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

CyberSecurity Insiders

MARCH 22, 2023

Is your organization doing enough to protect its environment from hackers? In 2021, U.S. companies lost nearly $7 billion to phishing scams, malware, malvertising, and other cybercrimes. Experts estimate that by 2025, such schemes will cost businesses worldwide more than $10.5 trillion annually. Given those figures, it’s clear that companies can’t afford to ignore the threat hackers pose to their bottom line.

Firewall 129

Firewall Mobile Authentication Internet 129

Security Boulevard

MARCH 23, 2023

It has been almost a year since Russia first invaded Ukraine, and the war has resulted in a massive rise in both physical and digital attacks. Since the invasion, Russian cyberattacks have skyrocketed and any country or business that has allied with Ukraine, or opposed the war, has become a target. As these attacks have. The post Using Deception to Learn About Russian Threat Actors appeared first on Security Boulevard.

Cybercrime 128

Cybercrime Cybersecurity 128

Heimadal Security

MARCH 21, 2023

On March 20th, Ferrari announced they were victims of a cyberattack that could result in customers` data leakage. Threat actors claimed to have breached some of the Ferrari IT systems and sent a ransom demand. Ferrari N.V. announces that Ferrari S.p.A., its wholly-owned Italian subsidiary, was recently contacted by a threat actor with a ransom […] The post Ferrari Announces Data Breach.

Data breaches 127

Data breaches Risk Cybersecurity 127

Tech Republic Security

MARCH 21, 2023

The harassment reported by Palo Alto Networks Unit 42 typically takes the form of phone calls and emails directed toward employees, C-suite executives and even customers. The post Ransomware gangs’ harassment of victims is increasing appeared first on TechRepublic.

Ransomware 161

Ransomware Cybersecurity 161

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

MARCH 20, 2023

Google’s dedicated team of cybersecurity researchers from ‘Project Zero’ have found a flaw in Samsung Exynos Modems that can give unauthorized data access to hackers, without the knowledge of users. And it’s discovered that the vulnerability allows a cyber criminal to compromise a smart phone at the Internet-to-baseband remote code execution level, giving access to sensitive data such as contacts, messages and even photos.

Cyber Attacks 127

Cyber Attacks Mobile Internet Internet 127

Naked Security

MARCH 22, 2023

Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem.

141

141

Bleeping Computer

MARCH 22, 2023

On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model 3. [.

Hacking 125

Hacking 125

Tech Republic Security

MARCH 20, 2023

A look at 4th quarter 2022, data suggests that new threat surfaces notwithstanding, low-code cybersecurity business email compromises including phishing, as well as MFA bombing are still the prevalent exploits favored by threat actors. The post BECs double in 2022, overtaking ransomware appeared first on TechRepublic.

Ransomware 158

Ransomware Phishing Cybersecurity 158

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Graham Cluley

MARCH 23, 2023

A new report from ENISA, the European Union Agency for Cybersecurity, looking at cyberattacks targeting the European transport network over a period of almost two years, has identified that ransomware has become the prominent threat. Read more in my article on the Tripwire State of Security blog.

Ransomware 126

Ransomware Cybersecurity Data breaches DDOS 126

Security Through Education

MARCH 22, 2023

What does a government scam, an IT support scam and a romance scam have in common? They all use psychology and social engineering skills to convince their victims to take an action that is detrimental to them. It’s easy to think “I know better” or “that will never happen to me.” The truth is, being human is enough for anyone to fall victim to a scammer’s tactics.

Scams 122

Scams Social Engineering Engineering Media 122

Bleeping Computer

MARCH 24, 2023

Consumer goods giant Procter & Gamble has confirmed a data breach affecting an undisclosed number of employees after its GoAnywhere MFT secure file-sharing platform was compromised in early February. [.

Data breaches 120

Data breaches 120

Tech Republic Security

MARCH 20, 2023

Learn about Microsoft's WordPress on Azure App Service, as well as an interesting alternative from WP Engine. The post Running WordPress on Azure for secure, fast and global content delivery appeared first on TechRepublic.

Engineering 152

Engineering 152

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

CSO Magazine

MARCH 23, 2023

Cybersecurity is a demanding profession that comes with significant stress and burnout — it presents a complex problem for many businesses, with constantly evolving threats, ambiguous issues, and no clear-cut solutions. Security professionals bear a great deal of responsibility and are subject to long hours of work and high pressure in an unpredictable and constantly shifting landscape.

Cybersecurity 120

Cybersecurity Risk 120

Security Boulevard

MARCH 24, 2023

Not so long ago, bots were considered a modern-day convenience. Understandably so, bots have the potential to make enterprises more efficient with customer service or help to improve an enterprise’s standing on popular search engines. However, with their growing sophistication and scale in recent times, bots and botnets have become a source of concern for […] The post How to Distinguish Bot vs.

Engineering 119

Engineering 119

Bleeping Computer

MARCH 23, 2023

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released a new open-source incident response tool that helps detect signs of malicious activity in Microsoft cloud environments. [.

Hacking 120

Hacking Cybersecurity 120

Tech Republic Security

MARCH 22, 2023

New report says far too many firms have too many IT assets they cannot see or aren’t using, with some Windows servers lacking endpoint protection and patch management. The post Report: Too many enterprises have shadow IT – unlocked doors with no cameras appeared first on TechRepublic.

Cybersecurity 142

Cybersecurity 142

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity