Schneier on Security

JANUARY 17, 2024

Interesting research: “ Do Users Write More Insecure Code with AI Assistants? “: Abstract: We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that participants who had access to an AI assistant based on OpenAI’s codex-davinci-002 model wrote significantly less secure code than those without access.

Artificial Intelligence 324

Artificial Intelligence 324

Troy Hunt

JANUARY 17, 2024

It feels like not a week goes by without someone sending me yet another credential stuffing list. It's usually something to the effect of "hey, have you seen the Spotify breach", to which I politely reply with a link to my old No, Spotify Wasn't Hacked blog post (it's just the output of a small set of credentials successfully tested against their service), and we all move on.

Passwords 352

Passwords Password Management Hacking Accountability 352

Joseph Steinberg

JANUARY 18, 2024

Over the past year I have experimented to see how various retailers handle personal information that they collect from customers, especially when such information is collected as part of a purchase made by the customer in what appears, at first glance, to be some “amazing deal.” As I have warned for decades, just as they are in the physical world, “too good to be true” prices found online are often scams; one should be especially careful when dealing with retailers who advertise such prices but

Data collection 284

Data collection Retail Scams Artificial Intelligence 284

Krebs on Security

JANUARY 17, 2024

The rapper and social media personality Punchmade Dev is perhaps best known for his flashy videos singing the praises of a cybercrime lifestyle. With memorable hits such as “Internet Swiping” and “Million Dollar Criminal” earning millions of views, Punchmade has leveraged his considerable following to peddle tutorials on how to commit financial crimes online.

Cybercrime 288

Cybercrime Media Banking Accountability 288

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

JANUARY 19, 2024

Okay, so this is weird. Zelle has been using my name, and my voice, in audio podcast ads—without my permission. At least, I think it is without my permission. It’s possible that I gave some sort of blanket permission when speaking at an event. It’s not likely, but it is possible. I wrote to Zelle about it. Or, at least, I wrote to a company called Early Warning that owns Zelle about it.

Marketing 289

Marketing 289

Tech Republic Security

JANUARY 18, 2024

The Androxgh0st malware botnet is used for victim identification and exploitation in targeted networks, as well as credentials collection. Read the FBI/CISA's tips for protecting against this malware threat.

Malware 183

Malware Cybersecurity 183

Krebs on Security

JANUARY 19, 2024

A Canadian man who says he's been falsely charged with orchestrating a complex e-commerce scam is seeking to clear his name.

Scams 281

Scams 281

Schneier on Security

JANUARY 19, 2024

This is a fascinating story. Last spring, a friend of a friend visited my office and invited me to Langley to speak to Invisible Ink, the CIA’s creative writing group. I asked Vivian (not her real name) what she wanted me to talk about. She said that the topic of the talk was entirely up to me. I asked what level the writers in the group were.

278

278

Tech Republic Security

JANUARY 19, 2024

IT spending in Australia is forecast to increase significantly in 2024. This means that IT pros who spend time on skills development will be able to instead focus on growth in their career.

Big data 171

Big data 171

Joseph Steinberg

JANUARY 18, 2024

Securing Success: The Crucial Role of a Cybersecurity Specialist in a Growing Business Human society is increasingly dependent on computer systems and the data housed and utilized within IT (information technology) infrastructure. While technological advances have, in some ways, allowed humans to enjoy an unprecedented quality of life, they also create significant risks.

Cybersecurity 268

Cybersecurity Computers and Electronics Cyber Risk Risk 268

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Penetration Testing

JANUARY 14, 2024

Pandora This is a red team tool that assists in gathering credentials from different password managers. They are separated into three categories, Windows 10 desktop applications, browsers, and browser plugins. This may work on... The post pandora: A red team tool to extract credentials from password managers appeared first on Penetration Testing.

Password Management 145

Password Management Passwords Penetration Testing 145

Schneier on Security

JANUARY 18, 2024

After 175 million failed password guesses, a judge rules that the Canadian police must return a suspect’s phone. [Judge] Carter said the investigation can continue without the phones, and he noted that Ottawa police have made a formal request to obtain more data from Google. “This strikes me as a potentially more fruitful avenue of investigation than using brute force to enter the phones,” he said.

Passwords 265

Passwords 265

Tech Republic Security

JANUARY 18, 2024

Security researchers from Trail of Bits identified a GPU memory vulnerability they called LeftoverLocals. Some affected GPU vendors have issued fixes.

Artificial Intelligence 174

Artificial Intelligence 174

WIRED Threat Level

JANUARY 17, 2024

Once, drug dealers and money launderers saw cryptocurrency as perfectly untraceable. Then a grad student named Sarah Meiklejohn proved them all wrong—and set the stage for a decade-long crackdown.

Cryptocurrency 144

Cryptocurrency 144

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Penetration Testing

JANUARY 16, 2024

A new threat looms large for users of Confluence Data Center and Confluence Server, marked by the alarming designation CVE-2023-22527. This vulnerability, with a CVSS score of 10, signifies the highest level of severity... The post CVE-2023-22527 (CVSS 10): Critical RCE Flaw in Confluence Data Center and Server appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing 145

Schneier on Security

JANUARY 15, 2024

New research demonstrates voice cloning, in multiple languages, using samples ranging from one to twelve seconds. Research paper.

284

284

Tech Republic Security

JANUARY 16, 2024

Small and midsize businesses are increasingly being targeted by cybercriminals — but they often lack the resources and expertise to develop comprehensive security policies to help defend against threats. This set of policies from TechRepublic Premium will help your company establish guidelines and procedures to reduce the risks. The pack comprises seven documents: IT Staff.

Risk 152

Risk 152

Bleeping Computer

JANUARY 18, 2024

Ransomware actors are again using TeamViewer to gain initial access to organization endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder. [.

Ransomware 142

Ransomware 142

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Malwarebytes

JANUARY 17, 2024

The San Francisco Chronicle tells a story about a family that almost got scammed when they heard their son’s voice telling them he’d been in a car accident and hurt a pregnant woman. Sadly, this is becoming more common. Scammers want to spread panic among their victims, and to do this, they feign an emergency situation. That may be a car accident, unexpected hospitalization, or any other scenarios which instantly cause concern and cause victims to act quickly.

Scams 143

Scams Artificial Intelligence Identity Theft Social Engineering 143

Schneier on Security

JANUARY 14, 2024

This is a current list of where and when I am scheduled to speak: I’m speaking at the International PolCampaigns Expo (IPE24) in Cape Town, South Africa, January 25-26, 2024. The list is maintained on this page.

238

238

Tech Republic Security

JANUARY 19, 2024

Protect your business from both tech and human error with EaseUS Data Recovery Wizard, now just $46 for life for a limited time this January.

157

157

Security Affairs

JANUARY 15, 2024

Researchers from Bishop Fox found over 178,000 SonicWall next-generation firewalls (NGFW) publicly exploitable. SonicWall next-generation firewall (NGFW) series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities, tracked as CVE-2022-22274 and CVE-2023-0656 , that could potentially lead to remote code execution. Despite a proof-of-concept exploit for the flaw CVE-2023-0656 was publicly released, the vendor is not aware of attack in the wild exploiting the vulner

Firewall 143

Firewall Hacking Firmware Internet 143

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Graham Cluley

JANUARY 15, 2024

A WordPress plugin used on over 300,000 websites has been found to contain vulnerabilities that could allow hackers to seize control. Security researchers at Wordfence found two critical flaws in the POST SMTP Mailer plugin. Read more in my article on the Tripwire State of Security blog.

134

134

Schneier on Security

JANUARY 16, 2024

Over at Wired, Andy Greenberg has an excellent story about the creators of the 2016 Mirai botnet.

275

275

Tech Republic Security

JANUARY 16, 2024

Data in transit means data is at risk if the proper precautions aren’t followed. Data stored inside a securely monitored environment is much less likely to fall into the wrong hands than data exchanged between people and systems. With this in mind, it is essential for company personnel to adhere to firm and clear guidelines.

Risk 138

Risk Software Mobile 138

Security Affairs

JANUARY 17, 2024

Researchers devised a “lightweight method,” called iShutdown, to determine whether Apple iOS devices have been infected with spyware. Cybersecurity researchers from Kaspersky have identified a “lightweight method,” called iShutdown, to identify the presence of spyware on Apple iOS devices. The method allow to discover stealthy and poweful surveillance software like NSO Group ‘s Pegasus , Intellexa ‘s Predator , QuaDream ‘s Reign.

Spyware 140

Spyware Mobile Malware Surveillance 140

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Bleeping Computer

JANUARY 18, 2024

Multiple Atlassian Jira products are experiencing an ongoing outage as of this morning. Users of Jira Work management, Jira Software, Jira Service Management and Jira Product Discovery are facing connection issues. [.

Software 133

Software Technology 133

Malwarebytes

JANUARY 19, 2024

Users of Chrome Canary have noticed some slight changes in the wording that Google uses for Incognito mode. Chrome Canary is mainly intended for use by developers. It’s updated nearly daily with new features, and because it can be used alongside versions of the “normal” Chrome browser (known collectively as Chrome’s “Stable channel”), it can serve for testing and development purposes.

Data collection 135

Data collection VPN Risk 135

Tech Republic Security

JANUARY 18, 2024

Security researchers from Trail of Bits identified a GPU memory vulnerability they called LeftoverLocals. Some affected GPU vendors have issued fixes.

Artificial Intelligence 149

Artificial Intelligence 149

We Live Security

JANUARY 16, 2024

By eliminating these mistakes and blind spots, your organization can take massive strides towards optimizing its use of cloud without exposing itself to cyber-risk

Cyber Risk 138

Cyber Risk Risk 138

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity