Sat.Jan 20, 2024 - Fri.Jan 26, 2024

article thumbnail

Cybersecurity Challenges at the World Economic Forum

Lohrman on Security

The 54th Annual Meeting of The World Economic Forum took place in Davos, Switzerland, this past week, and cybersecurity and AI were again top topics. Here are some highlights.

article thumbnail

Poisoning AI Models

Schneier on Security

New research into poisoning AI models : The researchers first trained the AI models using supervised learning and then used additional “safety training” methods, including more supervised learning, reinforcement learning, and adversarial training. After this, they checked if the AI still had hidden behaviors. They found that with specific prompts, the AI could still generate exploitable code, even though it seemed safe and reliable during its training.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Using Google Search to Find Software Can Be Risky

Krebs on Security

Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. The malicious ads, which appear above organic search results and often precede links to legitimate sources of the same software, can make searching for software on Google a dicey affair.

Software 291
article thumbnail

Weekly Update 383

Troy Hunt

They're an odd thing, credential lists. Whether they're from a stealer as in this week's Naz.API incident, or just aggregated from multiple data breaches (which is also in Naz.API), I inevitably get some backlash after loading them: "this doesn't tell me anything useful, why are you loading this?!" The answer is easy: because that's what the vast majority of people want me to do: If I have a MASSIVE spam list full of personal data being sold to spammers, should I

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Microsoft Says State-Sponsored Attackers Accessed Senior Leaders’ Emails

Tech Republic Security

The Midnight Blizzard gang appears to have been looking for information about itself. See how organizations can protect their accounts from password spray attacks.

Passwords 171
article thumbnail

Chatbots and Human Conversation

Schneier on Security

For most of history, communicating with a computer has not been like communicating with a person. In their earliest years, computers required carefully constructed instructions, delivered through punch cards; then came a command-line interface, followed by menus and options and text boxes. If you wanted results, you needed to learn the computer’s language.

More Trending

article thumbnail

“The mother of all breaches”: 26 billion records found online

Malwarebytes

Security researchers have discovered billions of exposed records online, calling it the “mother of all breaches” However, the dataset doesn’t seem to be from one single data breach, but more a compilation of multiple breaches. These sets are often created by data enrichment companies. Data enrichment is the process of combining first party data from internal sources with disparate data from other internal systems or third party data from external sources.

article thumbnail

National Cyber Security Centre Study: Generative AI May Increase Global Ransomware Threat

Tech Republic Security

See the National Cyber Security Centre's predictions for generative AI for cyber attack and defense through 2025.

article thumbnail

Side Channels Are Common

Schneier on Security

Really interesting research: “ Lend Me Your Ear: Passive Remote Physical Side Channels on PCs.” Abstract: We show that built-in sensors in commodity PCs, such as microphones, inadvertently capture electromagnetic side-channel leakage from ongoing computation. Moreover, this information is often conveyed by supposedly-benign channels such as audio recordings and common Voice-over-IP applications, even after lossy compression.

272
272
article thumbnail

Cops Used DNA to Predict a Suspect’s Face—and Tried to Run Facial Recognition on It

WIRED Threat Level

Leaked records reveal what appears to be the first known instance of a police department attempting to use facial recognition on a face generated from crime-scene DNA. It likely won’t be the last.

145
145
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

5379 GitLab servers vulnerable to zero-click account takeover attacks

Security Affairs

Thousands of GitLab servers are vulnerable to zero-click account takeover attacks exploiting the flaw CVE-2023-7028. GitLab has recently released security updates to address two critical vulnerabilities impacting both the Community and Enterprise Edition. The most critical vulnerability, tracked as CVE-2023-7028 (CVSS score 10), is an account takeover via Password Reset.

article thumbnail

Australian Organisations Struggling to Resolve Tensions Between Personalisation, Privacy

Tech Republic Security

Australian organisations are so focused on preventing data breaches that they’re unaware that the concern of most of their customers has more to do with privacy.

article thumbnail

AI Bots on X (Twitter)

Schneier on Security

You can find them by searching for OpenAI chatbot warning messages, like: “I’m sorry, I cannot provide a response as it goes against OpenAI’s use case policy.” I hadn’t thought about this before: identifying bots by searching for distinctive bot phrases.

article thumbnail

Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver?

Trend Micro

In this blog, we detail our investigation of the Kasseika ransomware and the indicators we found suggesting that the actors behind it have acquired access to the source code of the notorious BlackMatter ransomware.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

LockBit ransomware gang claims the attack on the sandwich chain Subway

Security Affairs

The LockBit ransomware gang claimed to have hacked Subway, the American multinational fast food restaurant franchise. Subway IP LLC is an American multinational fast-food restaurant franchise that specializes in submarine sandwiches (subs), wraps, salads, and drinks. The Lockbit ransomware group added Subway to the list of victims on its Tor data leak site and threatened to leak the stolen data on February 02, 2024 at 21:44:16 UTC.

article thumbnail

How to Prevent Phishing Attacks with Multi-Factor Authentication

Tech Republic Security

Learn how to protect yourself and your sensitive information from phishing attacks by implementing multi-factor authentication.

article thumbnail

Quantum Computing Skeptics

Schneier on Security

Interesting article. I am also skeptical that we are going to see useful quantum computers anytime soon. Since at least 2019, I have been saying that this is hard. And that we don’t know if it’s “land a person on the surface of the moon” hard, or “land a person on the surface of the sun” hard. They’re both hard, but very different.

264
264
article thumbnail

The great non-free-firmware transition

Kali Linux

TL;DR: Dear Kali user, when you have a moment, check your /etc/apt/sources.list , and add non-free-firmware if ever it’s missing. Programmatically speaking: kali@kali:~$ sudo sed -i 's/non-free$/non-free non-free-firmware/' /etc/apt/sources.list Long story now. As you might know already, Kali Linux is a Debian-based Linux distribution. As such, it inherits a number of things from Debian, and in particular, the structure of the package repository.

Firmware 126
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Black Basta gang claims the hack of the UK water utility Southern Water

Security Affairs

The Black Basta ransomware gang claimed to have hacked the UK water utility Southern Water, a major player in the UK water industry. Southern Water is a private utility company responsible for collecting and treating wastewater in Hampshire, the Isle of Wight, West Sussex, East Sussex and Kent, and for providing public water supply to approximately half of this area.

Hacking 142
article thumbnail

Top 6 LastPass Alternatives and Competitors for 2024

Tech Republic Security

Looking for LastPass alternatives? Check out our list of the top password managers that offer secure and convenient options for managing your passwords.

article thumbnail

CVE-2024-0402: GitLab Releases Urgent Security Patches for Critical Vulnerability

Penetration Testing

GitLab has addressed a critical severity vulnerability that could allow an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace. GitLab is a web-based DevOps platform that... The post CVE-2024-0402: GitLab Releases Urgent Security Patches for Critical Vulnerability appeared first on Penetration Testing.

article thumbnail

Tesla hacked, 24 zero-days demoed at Pwn2Own Automotive 2024

Bleeping Computer

Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits.

Hacking 139
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Mother of all breaches – a historic data leak reveals 26 billion records: check what’s exposed

Security Affairs

Cybersecurity researcher Bob Dyachenko and CyberNews researchers discovered the largest data leak ever discovered. The supermassive leak contains data from numerous previous breaches, comprising an astounding 12 terabytes of information, spanning over a mind-boggling 26 billion records. The leak is almost certainly the largest ever discovered. There are data leaks, and then there’s this.

article thumbnail

Malicious AdTech Spies on People as NatSec Targets

Security Boulevard

Targeted ads target targets: Patternz and Nuviad enable potentially hostile governments to track individuals by misusing ad bidding. The post Malicious AdTech Spies on People as NatSec Targets appeared first on Security Boulevard.

article thumbnail

AI is already being used by ransomware gangs, warns NCSC

Graham Cluley

In a newly published report, the UK's National Cyber Security Centre (NCSC) has warned that malicious attackers are already taking advantage of artificial intelligence and that the volume and impact of threats - including ransomware - will increase in the next two years. Read more in my article on the Tripwire State of Security blog.

article thumbnail

Microsoft Teams outage causes connection issues, message delays

Bleeping Computer

Microsoft is investigating an ongoing and widespread outage impacting the users of its Teams communication platform and causing connectivity issues, login problems, and message delays. [.

139
139
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Watch out, experts warn of a critical flaw in Jenkins

Security Affairs

Jenkins maintainers addressed several security vulnerabilities, including a critical remote code execution (RCE) flaw. Jenkins is the most popular open source automation server, it is maintained by CloudBees and the Jenkins community. The automation server supports developers build, test and deploy their applications, it has hundreds of thousands of active installations worldwide with more than 1 million users.

Hacking 142
article thumbnail

More Australian IT Leaders Could Be Looking to Replace Passwords With Passkeys in 2024

Tech Republic Security

The Australian government’s rollout of passkeys for its digital service portal myGov will build momentum for wider adoption; though, challenges like user education and tech fragmentation remain.

Passwords 127
article thumbnail

With hackers poisoning water systems, US agencies issue incident response guide to boost cybersecurity

Graham Cluley

US federal agencies have teamed up to release a cybersecurity best practice guidance for the water and wastewater sector (WWS). Read more in my article on the Tripwire State of Security blog.

article thumbnail

23andMe data breach: Hackers stole raw genotype data, health reports

Bleeping Computer

Genetic testing provider 23andMe confirmed that hackers stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27. [.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!