Sat.Dec 16, 2023 - Fri.Dec 22, 2023

article thumbnail

The Top 24 Security Predictions for 2024 (Part 1)

Lohrman on Security

Where next for cyber in 2024? Here’s your annual roundup of cybersecurity forecasts, top cyber trends and cybersecurity industry prediction reports as we head into calendar year 2024.

article thumbnail

Data Exfiltration Using Indirect Prompt Injection

Schneier on Security

Interesting attack on a LLM: In Writer, users can enter a ChatGPT-like session to edit or create their documents. In this chat session, the LLM can retrieve information from sources on the web to assist users in creation of their documents. We show that attackers can prepare websites that, when a user adds them as a source, manipulate the LLM into sending private information to the attacker or perform other malicious activities.

304
304
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

BlackCat Ransomware Raises Ante After FBI Disruption

Krebs on Security

The U.S. Federal Bureau of Investigation (FBI) disclosed today that it infiltrated the world’s second most prolific ransomware gang, a Russia-based criminal group known as ALPHV and BlackCat. The FBI said it seized the gang’s darknet website, and released a decryption tool that hundreds of victim companies can use to recover systems. Meanwhile, BlackCat responded by briefly “unseizing” its darknet site with a message promising 90 percent commissions for affiliates who con

article thumbnail

MY TAKE: How decentralizing IoT could help save the planet — by driving decarbonization

The Last Watchdog

The Internet of Things ( IoT ) is on the threshold of ascending to become the Internet of Everything ( IoE.) Related: Why tech standards matter IoT is transitioning from an array of devices that we can control across the Internet into a realm where billions of IoE devices can communicate with each other and make unilateral decisions on our behalf. This, of course, is the plot of endless dystopian books and movies that end with rogue machines in charge.

IoT 264
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

BlackCat Ransomware Site Seized in International Takedown Effort

Tech Republic Security

The ransomware group, which has distributed ransomware to more than 1,000 victims, reportedly recovered control of its website on Tuesday. Learn how to defend against ransomware.

article thumbnail

Police Get Medical Records without a Warrant

Schneier on Security

More unconstrained surveillance : Lawmakers noted the pharmacies’ policies for releasing medical records in a letter dated Tuesday to the Department of Health and Human Services (HHS) Secretary Xavier Becerra. The letter—signed by Sen. Ron Wyden (D-Ore.), Rep. Pramila Jayapal (D-Wash.), and Rep. Sara Jacobs (D-Calif.)—said their investigation pulled information from briefings with eight big prescription drug suppliers.

More Trending

article thumbnail

Akira ransomware gang claims the theft of sensitive data from Nissan Australia

Security Affairs

The Akira ransomware group announced it had breached the network of Nissan Australia, the Australian branch of the car maker giant. The Akira ransomware gang claimed to have breached Nissan Australia and to have stolen around 100GB of files from the carmaker giant. The company refused to pay the ransom and the ransomware gang threatened to leak the alleged stolen documents, including project data, clients’ and partners’ info, and NDAs. “We’ve obtained 100 GB of data of N

article thumbnail

Google Cloud’s Cybersecurity Predictions of 2024 and Look Back at 2023

Tech Republic Security

Generative AI can be used by attackers, but security professionals shouldn't lose sleep over it, according to a Google Cloud threat intelligence analyst. Find out why.

article thumbnail

OpenAI Is Not Training on Your Dropbox Documents—Today

Schneier on Security

There’s a rumor flying around the Internet that OpenAI is training foundation models on your Dropbox documents. Here’s CNBC. Here’s Boing Boing. Some articles are more nuanced , but there’s still a lot of confusion. It seems not to be true. Dropbox isn’t sharing all of your documents with OpenAI. But here’s the problem: we don’t trust OpenAI.

article thumbnail

Fake VPN Chrome extensions force-installed 1.5 million times

Bleeping Computer

Three malicious Chrome extensions posing as VPN (Virtual Private Networks) infected were downloaded 1.5 million times, acting as browser hijackers, cashback hack tools, and data stealers. [.

VPN 136
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

2024 Cybersecurity Industry Experts Predictions: Part 1

IT Security Guru

As 2023 draws to a close, it’s time for cybersecurity experts to gaze into their crystal balls and predict what the next year has set in store for the security industry. In the first part of our predictions round-up experts at My1Login, i-confidential, and OSP Cyber Academy reveal what they believe will be the biggest trends in the year ahead. Mike Newman, CEO of My1Login: Cloud migration will expand the attack surface “In the last year organisations have continued to transform by moving more of

article thumbnail

What Australia’s Digital ID Means to How Citizens Interact With Businesses Online

Tech Republic Security

Australia is about to get a national online ID system — the Digital ID — which promises to improve the security and privacy of data online. However, concerns among Australians persist.

Big data 161
article thumbnail

Cyberattack on Ukraine’s Kyivstar Seems to Be Russian Hacktivists

Schneier on Security

The Solntsepek group has taken credit for the attack. They’re linked to the Russian military, so it’s unclear whether the attack was government directed or freelance. This is one of the most significant cyberattacks since Russia invaded in February 2022.

article thumbnail

The ransomware attack on Westpole is disrupting digital services for Italian public administration

Security Affairs

An alleged Lockbit 3.0 ransomware attack on the Italian cloud service provider Westpole disrupted multiple services of local and government organizations and municipalities. A cyber attack hit on December 8, 2023 the Italian cloud service provider Westpole, which is specialized in digital services for public administration. The incident impacted a Westpole’s customer company named PA Digitale which offers its services to various local and government organizations that rely on its platform

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

FBI disrupts Blackcat ransomware operation, creates decryption tool

Bleeping Computer

The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys. [.

article thumbnail

Cyber Security Trends to Watch in Australia in 2024

Tech Republic Security

Ransomware attacks on infrastructure and mid-market businesses are tipped to rise, while the use of AI cyber tools will grow as IT customers seek more signal and less noise from vendors.

Marketing 158
article thumbnail

GCHQ Christmas Codebreaking Challenge

Schneier on Security

Looks like fun. Details here.

262
262
article thumbnail

MongoDB investigates a cyberattack, customer data exposed

Security Affairs

MongoDB on Saturday announced it is investigating a cyberattack that exposed customer account metadata and contact information. MongoDB on Saturday disclosed it is investigating a cyber attack against certain corporate systems. MongoDB is a US company that developed the popular open-source NoSQL database management system. The cyber attack was discovered on December 13, 2023, and led to the exposure of customer account metadata and contact information.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Mr. Cooper Hackers Stole ~15 Million Users’ Data

Security Boulevard

Another day, another huge leak: In October, they called it an “outage;” last month, it became a “cybersecurity incident;” now it’s a full-on PII leak. The post Mr. Cooper Hackers Stole ~15 Million Users’ Data appeared first on Security Boulevard.

article thumbnail

ESET Threat Report: ChatGPT Name Abuses, Lumma Stealer Malware Increases, Android SpinOk SDK Spyware’s Prevalence

Tech Republic Security

ESET's latest report highlights the abuse of the ChatGPT name, the rise of the Lumma Stealer malware and the Android SpinOk SDK spyware.

article thumbnail

Scammers Are Tricking Anti-Vaxxers Into Buying Bogus Medical Documents

WIRED Threat Level

On Telegram, scammers are impersonating doctors to sell fake Covid-19 vaccination certificates and other products, showing how criminals are taking advantage of conspiracy theories.

129
129
article thumbnail

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

Security Affairs

A supply chain attack against Crypto hardware wallet maker Ledger resulted in the theft of $600,000 in virtual assets. Threat actors pushed a malicious version of the “ @ledgerhq/connect-kit ” npm module developed by crypto hardware wallet maker Ledger, leading to the theft of more than $600,000 in virtual assets. Once the attack was discovered, the Crypto hardware wallet maker Ledger published a new version (version 1.1.8) of its npm module.

Phishing 141
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Xfinity discloses data breach after recent Citrix server hack

Bleeping Computer

Comcast Cable Communications, doing business as Xfinity, disclosed on Monday that attackers who breached one of its Citrix servers in October also stole customer-sensitive information from its systems. [.

article thumbnail

Third-Party Supply Chain Risk a Challenge for Cyber Security Professionals in Australia

Tech Republic Security

ASIC research shows 44% of Australian organisations are not managing third-party supply chain risk. Tesserent says it remains a key risk, and disruption could emerge from geopolitical tensions.

Risk 140
article thumbnail

10 Cybersecurity Trends That Emerged in 2023

Security Boulevard

Our digital world never stands still. How we do business and interact with each other is evolving at a breakneck pace. We saw during the pandemic that digital transformation of all kinds can happen faster than we ever thought possible. It’s a thrilling time to work in cybersecurity, but new technology and unprecedented opportunities also present us with extraordinary challenges.

article thumbnail

Info stealers and how to protect against them

Security Affairs

Info stealers, the type of malware with its purpose in the name, can cripple businesses and everyday users alike. So, how do you protect against them? Info stealers, also known as information stealers, are a type of malicious software (malware) designed to covertly collect sensitive and personal information from a victim’s computer or network.

Banking 134
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Update Chrome now! Emergency update patches zero-day

Malwarebytes

Google has released an emergency security update for Chrome that brings the browser’s Stable channel to version 120.0.6099.129 for Mac, Linux and to 120.0.6099.129/130 for Windows. This update includes one security fix for a vulnerability that was subject to an existing exploit. The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention.

Software 127
article thumbnail

12 Essential Steps Mac Users Need To Take At Year End

Tech Republic Security

As the year comes to a close, Mac users should take these steps to ensure their device's security, performance and organization.

article thumbnail

Microsoft: Storm-0539 Group Behind a Surge of Gift Card Scams

Security Boulevard

With the holiday season well underway, a threat group with a history of gift card scams is ramping up its efforts, according to Microsoft. The vendor’s Threat Intelligence unit wrote in a posting on X (formerly Twitter) that it has seen a “significant surge in activity associated with the threat actor Storm-0539, known to target. The post Microsoft: Storm-0539 Group Behind a Surge of Gift Card Scams appeared first on Security Boulevard.

Scams 126
article thumbnail

Google addressed a new actively exploited Chrome zero-day

Security Affairs

Google has released emergency updates to address a new actively exploited zero-day vulnerability in the Chrome browser. Google has released emergency updates to address a new zero-day vulnerability, tracked as CVE-2023-7024, in its web browser Chrome. The flaw has been addressed with the release of version 120.0.6099.129 for Mac,Linux and 120.0.6099.129/130 for Windows which will roll out over the coming days/weeks.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.