Schneier on Security

MARCH 13, 2024

The arms race continues, as burglars are learning how to use jammers to disable Wi-Fi security cameras.

Internet 351

Internet Internet 351

Krebs on Security

MARCH 14, 2024

The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.

Data privacy 335

Data privacy 335

Troy Hunt

MARCH 12, 2024

Over the last 6 years, we've been very happy to welcome dozens of national governments to have unhindered access to their domains in Have I Been Pwned , free from cost and manual verification barriers. Today, we're happy to welcome Liechtenstein's National Cyber Security Unit who now have full access to their government domains. We provide this support to governments to help those tasked with protecting their national interests understand more about the threats posed by data breac

Government 263

Government InfoSec Data breaches 263

Lohrman on Security

MARCH 10, 2024

Many global cyber teams are analyzing cyber defense gaps now that the NIST Cybersecurity Framework 2.0 has been released. How will this guidance move the protection needle?

Cybersecurity 220

Cybersecurity 220

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Schneier on Security

MARCH 14, 2024

Kasmir Hill has the story : Modern cars are internet-enabled, allowing access to services like navigation, roadside assistance and car apps that drivers can connect to their vehicles to locate them or unlock them remotely. In recent years, automakers, including G.M., Honda, Kia and Hyundai, have started offering optional features in their connected-car apps that rate people’s driving.

Insurance 347

Insurance Internet Internet Surveillance 347

Krebs on Security

MARCH 11, 2024

Borrowing from the playbook of ransomware purveyors, the darknet narcotics bazaar Incognito Market has begun extorting all of its vendors and buyers, threatening to publish cryptocurrency transaction and chat records of users who refuse to pay a fee ranging from $100 to $20,000. The bold mass extortion attempt comes just days after Incognito Market administrators reportedly pulled an “exit scam” that left users unable to withdraw millions of dollars worth of funds from the platform.

Marketing 321

Marketing Scams Cryptocurrency Cybercrime 321

Tech Republic Security

MARCH 15, 2024

What’s the best VPN to use when traveling? Our in-depth guide helps you understand what to look for in a VPN and find the best solution for your needs.

VPN 186

VPN 186

Schneier on Security

MARCH 12, 2024

Researchers have demonstrated that putting words in ASCII art can cause LLMs—GPT-3.5, GPT-4 , Gemini, Claude, and Llama2—to ignore their safety instructions. Research paper.

Artificial Intelligence 327

Artificial Intelligence Hacking 327

Jane Frankland

MARCH 12, 2024

In the tapestry of human interactions, the words ‘kind’ and ‘nice’ are often woven together so tightly that their distinct threads seem indistinguishable. On the surface, both suggest a pleasantness, a quality of being agreeable or gentle in nature. But is there more to it? Could these two seemingly synonymous words actually spell out different narratives in the screenplay of our lives?

Cyber Attacks 162

Cyber Attacks Authentication 162

Penetration Testing

MARCH 15, 2024

AttackGen AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident response scenarios based on user-selected threat... The post attackgen: A cybersecurity incident response testing tool appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing Cybersecurity 145

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

MARCH 15, 2024

Learn the key differences between multi-factor authentication (MFA) and two-factor authentication (2FA) and find out which one is best for your business needs.

Authentication 184

Authentication 184

Schneier on Security

MARCH 11, 2024

Initial results in using LLMs to unredact text based on the size of the individual-word redaction rectangles. This feels like something that a specialized ML system could be trained on.

320

320

The Hacker News

MARCH 15, 2024

Cybersecurity researchers have found that third-party plugins available for OpenAI ChatGPT could act as a new attack surface for threat actors looking to gain unauthorized access to sensitive data.

Accountability 145

Accountability Cybersecurity 145

WIRED Threat Level

MARCH 13, 2024

A global network of violent predators is hiding in plain sight, targeting children on major platforms, grooming them, and extorting them to commit horrific acts of abuse.

Internet 145

Internet Internet Media 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Tech Republic Security

MARCH 13, 2024

Microsoft’s AI chatbot and data aggregator is open for security business on April 1, with a new per-unit pricing model.

Artificial Intelligence 184

Artificial Intelligence Big data Threat Detection Software 184

Schneier on Security

MARCH 15, 2024

C++ guru Herb Sutter writes about how we can improve the programming language for better security. The immediate problem “is” that it’s Too Easy By Default™ to write security and safety vulnerabilities in C++ that would have been caught by stricter enforcement of known rules for type, bounds, initialization , and lifetime language safety.

Software 299

Software Cybersecurity 299

The Hacker News

MARCH 15, 2024

A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed GhostRace (CVE-2024-2193), it is a variation of the transient execution CPU vulnerability known as Spectre v1 (CVE-2017-5753). The approach combines speculative execution and race conditions.

Architecture 145

Architecture 145

NetSpi Technical

MARCH 11, 2024

In 2023 NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects. This blog will cover how we discovered CVE-2024-21378 and weaponized it by modifying Ruler , an Outlook penetration testing tool published by SensePost. Note, a pull request containing the proof-of-concept code is forthcoming to provide organizations with sufficient time to patch.

Authentication 145

Authentication Penetration Testing Technology Phishing 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

MARCH 13, 2024

Learn about open-source password managers, the benefits, and the potential drawbacks of using these tools for managing your passwords securely.

Password Management 173

Password Management Passwords 173

WIRED Threat Level

MARCH 11, 2024

Starting at the end of April, Airbnb will no longer allow hosts to have security cameras inside their rental properties, citing a commitment to prioritizing guest privacy.

145

145

The Hacker News

MARCH 15, 2024

Google on Thursday announced an enhanced version of Safe Browsing to provide real-time, privacy-preserving URL protection and safeguard users from visiting potentially malicious sites. “The Standard protection mode for Chrome on desktop and iOS will check sites against Google’s server-side list of known bad sites in real-time,” Google’s Jonathan Li and Jasika Bawa said.

145

145

Penetration Testing

MARCH 10, 2024

Today, Security researchers at The Shadowserver Foundation have sounded the alarm after discovering approximately 16,500 VMware ESXi instances exposed to a critical security flaw. The vulnerability, designated as CVE-2024-22252, could potentially allow attackers to... The post Thousands of VMware ESXi Instances Exposed to Critical CVE-2024-22252 Vulnerability appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

MARCH 15, 2024

Burnout and fatigue among cyber professionals are leading to flow-on consequences like more data breaches, employee apathy to cyber duties and turnover of cyber workforces during a skills crisis.

Data breaches 165

Data breaches Risk Cybersecurity 165

WIRED Threat Level

MARCH 11, 2024

The Pentagon says it’s not hiding aliens, but it stops notably short of saying what it is hiding. Here are the key questions that remain unanswered—some answers could be weirder than UFOs.

145

145

The Hacker News

MARCH 12, 2024

Microsoft on Tuesday released its monthly security update, addressing 61 different security flaws spanning its software, including two critical issues impacting Windows Hyper-V that could lead to denial-of-service (DoS) and remote code execution. Of the 61 vulnerabilities, two are rated Critical, 58 are rated Important, and one is rated Low in severity.

Software 145

Software 145

Security Affairs

MARCH 11, 2024

A series of “intense” cyberattacks hit multiple French government agencies, revealed the prime minister’s office. “Several “intense” cyberattacks targeted multiple French government agencies since Sunday night, as disclosed by the prime minister’s office.” The French minister’s office did not provide details about the attacks, however, the French agencies were likely hit with distributed denial-of-service (DDoS) attacks.

Government 145

Government DDOS Hacking Information Security 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Tech Republic Security

MARCH 14, 2024

This Complete 2024 CompTIA Certification Bundle is both a way for tech entrepreneurs to secure their own systems and a gateway to a career in cybersecurity.

Network Security 157

Network Security Cybersecurity Malware 157

Penetration Testing

MARCH 13, 2024

Security researchers have disclosed two vulnerabilities (CVE-2024-23672 and CVE-2024-24549) in popular Apache Tomcat web server software. Organizations relying on Tomcat must prioritize updates to mitigate denial of service (DoS) attacks exploiting these flaws. What’s... The post Apache Tomcat Vulnerabilities Exposed, Prompt Updates Required appeared first on Penetration Testing.

Penetration Testing 144

Penetration Testing Software 144

The Hacker News

MARCH 13, 2024

Google's Gemini large language model (LLM) is susceptible to security threats that could cause it to divulge system prompts, generate harmful content, and carry out indirect injection attacks. The findings come from HiddenLayer, which said the issues impact consumers using Gemini Advanced with Google Workspace as well as companies using the LLM API.

144

144

Security Affairs

MARCH 9, 2024

Researchers warn that the critical vulnerability CVE-2024-21762 in Fortinet FortiOS could potentially impact 150,000 exposed devices. In February, Fortinet warned that the critical remote code execution vulnerability CVE-2024-21762 (CVSS score 9.6) in FortiOS SSL VPN was actively exploited in attacks in the wild. The security firm did not provide details about the attacks exploiting this vulnerability.

Internet 145

Internet Internet VPN Engineering 145

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity