Sat.May 18, 2024 - Fri.May 24, 2024

article thumbnail

Have I Been Pwned Employee 1.0: Stefán Jökull Sigurðarson

Troy Hunt

We often do that in this industry, the whole "1.0" thing, but it seems apt here. I started Have I Been Pwned (HIBP) in 2013 as a pet project that scratched an itch, so I never really thought of myself as an "employee" Over time, it grew (and I tell you what, nobody is more surprised by that than me!) and over the last few years, my wife Charlotte got more and more involved.

Passwords 303
article thumbnail

RSAC Fireside Chat: IRONSCALES utilizes LLM, superior intel to stay a step ahead of Deep Fakes

The Last Watchdog

There was a lot of buzz at RSAC 2024 about how GenAI and Large Language Models (LLM) are getting leveraged — by both attackers and defenders. Related: Is your company moving too slow or too fast on GenAI? One promising example of the latter comes from messaging security vendor IRONSCALES. I had the chance to sit down with Eyal Benishti , IRONSCALES founder and CEO, to get a breakdown of how their new Generative Adversarial Network (GAN) technology utilizes a specialized LLM to reinforce an

Phishing 303
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Stark Industries Solutions: An Iron Hammer in the Cloud

Krebs on Security

The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government and commercial targets in Ukraine and Europe. An investigation into Stark Industries reveals it is being used as a global proxy network that conceals the true source of cyberattacks and disinformation c

DDOS 290
article thumbnail

On the Zero-Day Market

Schneier on Security

New paper: “ Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market “: Abstract: Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike and to do so more easily than when such work required tradecraft.

Marketing 280
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Newsweek Op-Ed: Oversight of the Management of Cybersecurity Risks: The Skill Corporate Boards Need, But, So Often, Do Not Have

Joseph Steinberg

Despite both a decades-long barrage of media reports of cyberattacks wreaking havoc on the public sector and private sector alike, and despite clear indications from the United States Securities and Exchange Commission (SEC) that corporate boards must be able to oversee the management of cyber-risk by their respective organizations, when to comes to actually delivering on their fiduciary duty as related to cybersecurity, today’s corporate boards often fail to perform as needed and as intended.

Risk 261
article thumbnail

RSAC Fireside Chat: Qwiet AI leverages graph-database technology to reduce AppSec noise

The Last Watchdog

AppSec has never been more challenging. By the same token, AppSec technology is advancing apace to help companies meet this challenge. Related: AppSec market trajectory At RSAC 2024 , I sat down with Bruce Snell , cybersecurity strategist at Qwiet.ai , to hear a break down about how Qwiet has infused it’s preZero platform, with graph-database capabilities to deliver SAST, SCA, container scanning and secrets detection in a single solution.

More Trending

article thumbnail

Personal AI Assistants and Privacy

Schneier on Security

Microsoft is trying to create a personal digital assistant: At a Build conference event on Monday, Microsoft revealed a new AI-powered feature called “Recall” for Copilot+ PCs that will allow Windows 11 users to search and retrieve their past activities on their PC. To make it work, Recall records everything users do on their PC, including activities in apps, communications in live meetings, and websites visited for research.

article thumbnail

AI's Energy Appetite: Challenges for Our Future Electricity Supply

Lohrman on Security

The dramatic growth in GenAI and AI adoption is bringing increased demand for energy to power data centers. Where is this heading? How can we navigate a sustainable energy future with exploding technology usage?

article thumbnail

AI Seoul Summit: 4 Key Takeaways on AI Safety Standards and Regulations

Tech Republic Security

Major breakthroughs were made in global nations’ AI safety commitments, AI safety institutes, research grants and AI risk thresholds at this month’s AI Seoul Summit.

Risk 160
article thumbnail

DNSBomb: New DDoS Attack Explodes DNS Traffic, Threatening Critical Internet Infrastructure

Penetration Testing

Researchers from Tsinghua University have unveiled a potent new method for launching distributed denial-of-service (DDoS) attacks, dubbed DNSBomb (CVE-2024-33655). This innovative attack weaponizes DNS (Domain Name System) traffic to overwhelm and disrupt online services,... The post DNSBomb: New DDoS Attack Explodes DNS Traffic, Threatening Critical Internet Infrastructure appeared first on Penetration Testing.

DNS 145
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Detecting Malicious Trackers

Schneier on Security

From Slashdot : Apple and Google have launched a new industry standard called “ Detecting Unwanted Location Trackers ” to combat the misuse of Bluetooth trackers for stalking. Starting Monday, iPhone and Android users will receive alerts when an unknown Bluetooth device is detected moving with them. The move comes after numerous cases of trackers like Apple’s AirTags being used for malicious purposes.

article thumbnail

Microsoft's new Windows 11 Recall is a privacy nightmare

Bleeping Computer

Microsoft's announcement of the new AI-powered Windows 11 Recall feature has sparked a lot of concern, with many thinking that it has created massive privacy risks and a new attack vector that threat actors can exploit to steal data. [.

Risk 144
article thumbnail

CISOs in Australia Urged to Take a Closer Look at Data Breach Risks

Tech Republic Security

A leading cyber lawyer in Australia has warned CISOs and other IT leaders their organisations and careers could be at stake if they do not understand data risk and data governance practices.

CISO 149
article thumbnail

CVE-2024-29849 (CVSS 9.8): Veeam’s Backup Nightmare, Full System Access Exposed

Penetration Testing

Veeam Software, a leading provider of backup and recovery solutions, has issued urgent security advisories regarding multiple critical vulnerabilities in its Veeam Backup Enterprise Manager (Enterprise Manager) component. These vulnerabilities could allow unauthorized access,... The post CVE-2024-29849 (CVSS 9.8): Veeam’s Backup Nightmare, Full System Access Exposed appeared first on Penetration Testing.

Backups 145
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

IBM Sells Cybersecurity Group

Schneier on Security

IBM is selling its QRadar product suite to Palo Alto Networks, for an undisclosed—but probably surprisingly small—sum. I have a personal connection to this. In 2016, IBM bought Resilient Systems, the startup I was a part of. It became part if IBM’s cybersecurity offerings, mostly and weirdly subservient to QRadar. That was what seemed to be the problem at IBM.

article thumbnail

Windows 11 Recall AI feature will record everything you do on your PC

Bleeping Computer

Microsoft has announced a new AI-powered feature for Windows 11 called 'Recall,' which records everything you do on your PC and lets you search through your historical activities. [.

article thumbnail

Microsoft Build 2024: Copilot AI Will Gain ‘Personal Assistant’ and Custom Agent Capabilities

Tech Republic Security

Other announcements included a Snapdragon Dev Kit for Windows, GitHub Copilot Extensions and the general availability of Azure AI Studio.

article thumbnail

Keylogger in Microsoft Exchange Server Breaches Government Agencies Worldwide

Penetration Testing

A recent report from Positive Technologies Expert Security Center (PT ESC) reveals a concerning security breach impacting Microsoft Exchange Servers. The incident response team discovered a sophisticated keylogger embedded in the main page of... The post Keylogger in Microsoft Exchange Server Breaches Government Agencies Worldwide appeared first on Penetration Testing.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Unredacting Pixelated Text

Schneier on Security

Experiments in unredacting text that has been pixelated.

271
271
article thumbnail

Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors

Security Affairs

The Blackbasta extortion group claims to have hacked Atlas, one of the largest national distributors of fuel in the United States. Atlas is one of the largest national fuel distributors to 49 continental US States with over 1 billion gallons per year. The Blackbasta extortion group added the company to the list of victims on its Tor leak site, as the researcher Dominic Alvieri reported.

Hacking 143
article thumbnail

Get a Lifetime of 1TB Cloud Storage for Only $80 With FolderFort

Tech Republic Security

Fast, affordable cloud storage isn’t always easy to find for businesses, but now you can have a massive amount with maximum security.

164
164
article thumbnail

Critical Git Vulnerability CVE-2024-32002: Researcher Unveils RCE Exploit with PoC

Penetration Testing

Security researcher Amal Murali recently published the technical details and proof-of-concept (PoC) for critical remote code execution (RCE) vulnerability in Git, tracked as CVE-2024-32002 (CVSS 9.1). This vulnerability could be exploited during the routine... The post Critical Git Vulnerability CVE-2024-32002: Researcher Unveils RCE Exploit with PoC appeared first on Penetration Testing.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Google Detects 4th Chrome Zero-Day in May Actively Under Attack - Update ASAP

The Hacker News

Google on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited in the wild. Assigned the CVE identifier CVE-2024-5274, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine.

article thumbnail

Black Basta Ascension Attack Redux — can Patients Die of Ransomware?

Security Boulevard

Inglorious Basta(rds): 16 days on, huge hospital system continues to be paralyzed by ransomware—and patient safety is at risk. The post Black Basta Ascension Attack Redux — can Patients Die of Ransomware? appeared first on Security Boulevard.

article thumbnail

Hiring Kit: GDPR Data Protection Compliance Officer

Tech Republic Security

The European Union’s General Data Protection Regulation requires every business enterprise and public authority that collects personal data from EU customers and clients to protect that data from unauthorized access. Finding ideal candidates for the GDPR data protection compliance officer position will require thorough vetting, and potential candidates may be difficult to find.

Big data 138
article thumbnail

CVE-2024-4985 (CVSS 10): Critical Authentication Bypass Flaw Found in GitHub Enterprise Server

Penetration Testing

GitHub, the world’s leading software development platform, has disclosed a critical security vulnerability (CVE-2024-4985) in its self-hosted GitHub Enterprise Server (GHES) product. The vulnerability, which carries a maximum severity rating of 10 on the... The post CVE-2024-4985 (CVSS 10): Critical Authentication Bypass Flaw Found in GitHub Enterprise Server appeared first on Penetration Testing.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Criminal record database of millions of Americans dumped online

Malwarebytes

A cybercriminal going by the names of EquationCorp and USDoD have released an enormous database containing the criminal records of millions of Americans. The database is said to contain 70 million rows of data. Post by USDoD on a breach forum The leaked database is said to include full names, dates of birth, known aliases, addresses, arrest and conviction dates, sentences, and much more.

Passwords 137
article thumbnail

Two students uncovered a flaw that allows to use laundry machines for free

Security Affairs

Two students discovered a security flaw in over a million internet-connected laundry machines that could allow laundry for free. CSC ServiceWorks is a company that provides laundry services and air vending solutions for multifamily housing, academic institutions, hospitality, and other commercial sectors. They manage and operate many internet-connected laundry machines and systems, offering services such as coin and card-operated laundry machines, mobile payment solutions, and maintenance suppor

Mobile 143
article thumbnail

IBM X-Force Report: Grandoreiro Malware Targets More Than 1,500 Banks in 60 Countries

Tech Republic Security

Find out how Grandoreiro banking trojan campaigns work and the countries targeted, as well as how to mitigate this malware threat.

Banking 155
article thumbnail

CVE-2024-20360: Cisco FMC Vulnerability Grants Hackers Root Access

Penetration Testing

Cisco, the global leader in networking solutions, has issued a security advisory regarding a vulnerability discovered in its Firepower Management Center (FMC) software. This flaw, identified as CVE-2024-20360, carries a CVSS score of 8.8,... The post CVE-2024-20360: Cisco FMC Vulnerability Grants Hackers Root Access appeared first on Penetration Testing.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.