Sat.Jan 20, 2024 - Fri.Jan 26, 2024

article thumbnail

Cybersecurity Challenges at the World Economic Forum

Lohrman on Security

The 54th Annual Meeting of The World Economic Forum took place in Davos, Switzerland, this past week, and cybersecurity and AI were again top topics. Here are some highlights.

article thumbnail

Poisoning AI Models

Schneier on Security

New research into poisoning AI models : The researchers first trained the AI models using supervised learning and then used additional “safety training” methods, including more supervised learning, reinforcement learning, and adversarial training. After this, they checked if the AI still had hidden behaviors. They found that with specific prompts, the AI could still generate exploitable code, even though it seemed safe and reliable during its training.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Using Google Search to Find Software Can Be Risky

Krebs on Security

Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. The malicious ads, which appear above organic search results and often precede links to legitimate sources of the same software, can make searching for software on Google a dicey affair.

Software 301
article thumbnail

Weekly Update 383

Troy Hunt

They're an odd thing, credential lists. Whether they're from a stealer as in this week's Naz.API incident, or just aggregated from multiple data breaches (which is also in Naz.API), I inevitably get some backlash after loading them: "this doesn't tell me anything useful, why are you loading this?!" The answer is easy: because that's what the vast majority of people want me to do: If I have a MASSIVE spam list full of personal data being sold to spammers, should I

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

National Cyber Security Centre Study: Generative AI May Increase Global Ransomware Threat

Tech Republic Security

See the National Cyber Security Centre's predictions for generative AI for cyber attack and defense through 2025.

article thumbnail

Chatbots and Human Conversation

Schneier on Security

For most of history, communicating with a computer has not been like communicating with a person. In their earliest years, computers required carefully constructed instructions, delivered through punch cards; then came a command-line interface, followed by menus and options and text boxes. If you wanted results, you needed to learn the computer’s language.

More Trending

article thumbnail

Police Arrest Teen Said to Be Linked to Hundreds of Swatting Attacks

WIRED Threat Level

A California teenager who allegedly used the handle Torswats to carry out a nationwide swatting campaign is being extradited to Florida to face felony charges, WIRED has learned.

145
145
article thumbnail

How to Prevent Phishing Attacks with Multi-Factor Authentication

Tech Republic Security

Learn how to protect yourself and your sensitive information from phishing attacks by implementing multi-factor authentication.

article thumbnail

Side Channels Are Common

Schneier on Security

Really interesting research: “ Lend Me Your Ear: Passive Remote Physical Side Channels on PCs.” Abstract: We show that built-in sensors in commodity PCs, such as microphones, inadvertently capture electromagnetic side-channel leakage from ongoing computation. Moreover, this information is often conveyed by supposedly-benign channels such as audio recordings and common Voice-over-IP applications, even after lossy compression.

300
300
article thumbnail

Hacking et Cybersécurité Mégapoche pour les Nuls: New French Book on Hacking and CyberSecurity Now Available

Joseph Steinberg

Hacking et Cybersécurité Mégapoche pour les Nuls , a single-volume book containing French versions of the latest editions of both the best selling CyberSecurity for Dummies by Joseph Steinberg, and Hacking For Dummies by Kevin Beaver, is now available to the public. The new book, now available for purchase online worldwide and in stores throughout Europe, helps people stay cyber-safe regardless of their technical skill sets, and teaches readers how hackers attack systems.

Hacking 161
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

“The mother of all breaches”: 26 billion records found online

Malwarebytes

Security researchers have discovered billions of exposed records online, calling it the “mother of all breaches” However, the dataset doesn’t seem to be from one single data breach, but more a compilation of multiple breaches. These sets are often created by data enrichment companies. Data enrichment is the process of combining first party data from internal sources with disparate data from other internal systems or third party data from external sources.

article thumbnail

Microsoft Says State-Sponsored Attackers Accessed Senior Leaders’ Emails

Tech Republic Security

The Midnight Blizzard gang appears to have been looking for information about itself. See how organizations can protect their accounts from password spray attacks.

Passwords 194
article thumbnail

AI Bots on X (Twitter)

Schneier on Security

You can find them by searching for OpenAI chatbot warning messages, like: “I’m sorry, I cannot provide a response as it goes against OpenAI’s use case policy.” I hadn’t thought about this before: identifying bots by searching for distinctive bot phrases.

article thumbnail

HP CEO Says They Brick Printers That Use Third-Party Ink Because of … Hackers

WIRED Threat Level

The company says it wants to protect you from “viruses.” Experts are skeptical.

145
145
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver?

Trend Micro

In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.

article thumbnail

Cyber League: UK’s NCSC Calls on Industry Experts to Join its Fight Against Cyber Threats

Tech Republic Security

The NCSC wants volunteers from the U.K.’s public and private sectors to join its new cybersecurity community.

article thumbnail

Quantum Computing Skeptics

Schneier on Security

Interesting article. I am also skeptical that we are going to see useful quantum computers anytime soon. Since at least 2019, I have been saying that this is hard. And that we don’t know if it’s “land a person on the surface of the moon” hard, or “land a person on the surface of the sun” hard. They’re both hard, but very different.

291
291
article thumbnail

Cops Used DNA to Predict a Suspect’s Face—and Tried to Run Facial Recognition on It

WIRED Threat Level

Leaked records reveal what appears to be the first known instance of a police department attempting to use facial recognition on a face generated from crime-scene DNA. It likely won’t be the last.

145
145
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

5379 GitLab servers vulnerable to zero-click account takeover attacks

Security Affairs

Thousands of GitLab servers are vulnerable to zero-click account takeover attacks exploiting the flaw CVE-2023-7028. GitLab has recently released security updates to address two critical vulnerabilities impacting both the Community and Enterprise Edition. The most critical vulnerability, tracked as CVE-2023-7028 (CVSS score 10), is an account takeover via Password Reset.

article thumbnail

Australian Organisations Struggling to Resolve Tensions Between Personalisation, Privacy

Tech Republic Security

Australian organisations are so focused on preventing data breaches that they’re unaware that the concern of most of their customers has more to do with privacy.

article thumbnail

CVE-2024-0402: GitLab Releases Urgent Security Patches for Critical Vulnerability

Penetration Testing

GitLab has addressed a critical severity vulnerability that could allow an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace. GitLab is a web-based DevOps platform that... The post CVE-2024-0402: GitLab Releases Urgent Security Patches for Critical Vulnerability appeared first on Penetration Testing.

article thumbnail

How a Group of Israel-Linked Hackers Has Pushed the Limits of Cyberwar

WIRED Threat Level

From repeatedly crippling thousands of gas stations to setting a steel mill on fire, Predatory Sparrow’s offensive hacking has now targeted Iranians with some of history's most aggressive cyberattacks.

Hacking 144
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

LockBit ransomware gang claims the attack on the sandwich chain Subway

Security Affairs

The LockBit ransomware gang claimed to have hacked Subway, the American multinational fast food restaurant franchise. Subway IP LLC is an American multinational fast-food restaurant franchise that specializes in submarine sandwiches (subs), wraps, salads, and drinks. The Lockbit ransomware group added Subway to the list of victims on its Tor data leak site and threatened to leak the stolen data on February 02, 2024 at 21:44:16 UTC.

article thumbnail

Top 6 LastPass Alternatives and Competitors for 2024

Tech Republic Security

Looking for LastPass alternatives? Check out our list of the top password managers that offer secure and convenient options for managing your passwords.

article thumbnail

SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks

The Hacker News

Cybersecurity researchers have shed light on the command-and-control (C2) server of a known malware family called SystemBC. "SystemBC can be purchased on underground marketplaces and is supplied in an archive containing the implant, a command-and-control (C2) server, and a web administration portal written in PHP," Kroll said in an analysis published last week.

Malware 143
article thumbnail

Apple iOS 17.3: How to Turn on iPhone's New Stolen Device Protection

WIRED Threat Level

Apple’s iOS 17.3 introduces Stolen Device Protection to iPhones, which could stop phone thieves from taking over your accounts. Here’s how to enable it right now.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Watch out, experts warn of a critical flaw in Jenkins

Security Affairs

Jenkins maintainers addressed several security vulnerabilities, including a critical remote code execution (RCE) flaw. Jenkins is the most popular open source automation server, it is maintained by CloudBees and the Jenkins community. The automation server supports developers build, test and deploy their applications, it has hundreds of thousands of active installations worldwide with more than 1 million users.

Hacking 144
article thumbnail

More Australian IT Leaders Could Be Looking to Replace Passwords With Passkeys in 2024

Tech Republic Security

The Australian government’s rollout of passkeys for its digital service portal myGov will build momentum for wider adoption; though, challenges like user education and tech fragmentation remain.

Passwords 152
article thumbnail

Update now! Apple releases patch for zero-day vulnerability

Malwarebytes

Apple has released new security updates for several products, including a patch for a zero-day vulnerability that could impact iPhones, iPad, Macs, and Apple TVs. Apple says it’s aware of a report that the bug may have been exploited already. Further details about the nature of the vulnerability were not disclosed to give users enough time to install the updates.

article thumbnail

The Pentagon Tried to Hide That It Bought Americans' Data Without a Warrant

WIRED Threat Level

US spy agencies purchased Americans' phone location data and internet metadata without a warrant but only admitted it after a US senator blocked the appointment of a new NSA director.

Internet 144
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!