Schneier on Security

FEBRUARY 7, 2024

Interesting research: “ Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training “: Abstract: Humans are capable of strategically deceptive behavior: behaving helpfully in most situations, but then behaving very differently in order to pursue alternative objectives when given the opportunity. If an AI system learned such a deceptive strategy, could we detect it and remove it using current state-of-the-art safety training techniques?

303

303

Troy Hunt

FEBRUARY 4, 2024

Ever hear one of those stories where as it unravels, you lean in ever closer and mutter “No way! No way! NO WAY! ” This one, as far as infosec stories go, had me leaning and muttering like never before. Here goes: Last week, someone reached it to me with what they claimed was a Spoutible data breach obtained by exploiting an enumerable API.

Passwords 363

Passwords Accountability Backups Data breaches 363

Joseph Steinberg

FEBRUARY 4, 2024

Scammers stole over $25 million from a multinational business by utilizing cutting-edge real-time video deepfake technology to convince an employee in the firm’s accounts-payable department that the worker had properly validated a payment request previously sent to him via email. According to police in Hong Kong, the worker (whose identity police did not reveal) had received a request by email to issue a $200 Million Hong Kong Dollar payment (equivalent to approximately $25.6 Million USD at the

Artificial Intelligence 353

Artificial Intelligence Phishing Scams Accountability 353

Krebs on Security

FEBRUARY 9, 2024

Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product’s warranty status, service contracts and serial numbers. Juniper said it has since fixed the problem, and that the inadvertent data exposure stemmed from a recent upgrade to its support portal.

Artificial Intelligence 298

Artificial Intelligence Healthcare Accountability Banking 298

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

FEBRUARY 5, 2024

A deepfake video conference call—with everyone else on the call a fake— fooled a finance worker into sending $25M to the criminals’ account.

Accountability 308

Accountability 308

The Last Watchdog

FEBRUARY 5, 2024

Even in the cloud era, Microsoft Exchange Server remains a staple business communications tool across the globe. Related: The need for robust data recovery policies. One critical issue faced by organizations that rely on Exchange Server is the risk of a corrupt Exchange Server database cropping up. Fortunately, effective tools and wise best practices can help mitigate this this exposure enabling companies to indefinitely leverage Exchange Server as a productive, resilient and secure communicatio

Risk 264

Risk Backups Software Education 264

Krebs on Security

FEBRUARY 7, 2024

In 2021, the exclusive Russian cybercrime forum Mazafaka was hacked. The leaked user database shows one of the forum’s founders was an attorney who advised Russia’s top hackers on the legal risks of their work, and what to do if they got caught. A review of this user’s hacker identities shows that during his time on the forums he served as an officer in the special forces of the GRU , the foreign military intelligence agency of the Russian Federation.

Cybercrime 276

Cybercrime Accountability Identity Theft Hacking 276

Schneier on Security

FEBRUARY 9, 2024

The widely reported story last week that 1.5 million smart toothbrushes were hacked and used in a DDoS attack is false. Near as I can tell, a German reporter talking to someone at Fortinet got it wrong , and then everyone else ran with it without reading the German text. It was a hypothetical, which Fortinet eventually confirmed. Or maybe it was a stock-price hack.

DDOS 278

DDOS Hacking Internet Internet 278

Troy Hunt

FEBRUARY 8, 2024

Somehow, an hour and a half went by in the blink of an eye this week. The Spoutible incident just has so many interesting aspects to it: loads of data that should never be returned publicly, awesome response time to the disclosure, lacklustre transparency in their disclosure, some really fundamental misunderstands about hashing algorithms and a controversy-laden past if you read back over events of the last year.

Passwords 247

Passwords Cybersecurity 247

Tech Republic Security

FEBRUARY 6, 2024

There are a few differences between spear phishing and phishing that can help you identify and protect your organization from threats. Learn about these differences.

Phishing 205

Phishing Antivirus VPN Software 205

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Penetration Testing

FEBRUARY 5, 2024

Google, a titan in the digital realm, has once again demonstrated its commitment to user security with the release of its February 2024 security updates for Android. This latest security bulletin brings to the... The post CVE-2024-0031: Critical Android Remote Code Execution Vulnerability appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing 145

Schneier on Security

FEBRUARY 8, 2024

Over on Lawfare, Jim Dempsey published a really interesting proposal for software liability: “Standard for Software Liability: Focus on the Product for Liability, Focus on the Process for Safe Harbor.” Section 1 of this paper sets the stage by briefly describing the problem to be solved. Section 2 canvasses the different fields of law (warranty, negligence, products liability, and certification) that could provide a starting point for what would have to be legislative action establis

Software 275

Software Government Cybersecurity 275

Troy Hunt

FEBRUARY 4, 2024

I told ya so. Right from the beginning, it was pretty obvious what "MOAB" was probably going to be and sure enough, this tweet came true: Interesting find by @MayhemDayOne , wonder if it was from a shady breach search service (we’ve seen a bunch shut down over the years)? Either way, collecting and storing this data is now trivial so not a big surprise to see someone screw up their permissions and (re)leak it all.

Marketing 224

Marketing 224

Tech Republic Security

FEBRUARY 7, 2024

Threat hunting is essential for preventing bad actors. Learn effective techniques to identify and mitigate potential threats to your organization's security.

163

163

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Hacker News

FEBRUARY 9, 2024

Apple macOS users are the target of a new Rust-based backdoor that has been operating under the radar since November 2023. The backdoor, codenamed RustDoor by Bitdefender, has been found to impersonate an update for Microsoft Visual Studio and target both Intel and Arm architectures.

Architecture 144

Architecture 144

Schneier on Security

FEBRUARY 6, 2024

Via a FOIA request, we have documents from the NSA about their banning of Furby toys.

281

281

Malwarebytes

FEBRUARY 9, 2024

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and other authoring agencies have released a joint guidance about common living off the land (LOTL) techniques and common gaps in cyber defense capabilities. Living Off The Land (LOTL) is a covert cyberattack technique in which criminals carry out malicious activities using legitimate IT administration tools.

Software 144

Software Ransomware Backups Manufacturing 144

Tech Republic Security

FEBRUARY 6, 2024

Here are the top cyber threat hunting tools that can enhance your organization's cybersecurity defenses. Learn how their features compare.

Cyber threats 164

Cyber threats Cybersecurity 164

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Penetration Testing

FEBRUARY 4, 2024

Microsoft has released a security update for its browser, Microsoft Edge, addressing several vulnerabilities. Following the release of the foundational Chromium versions 121.0.6167.139 for Mac and Linux and 121.0.6167.139/140 for Windows, Microsoft unveiled version... The post Escaping the Sandbox: CVE-2024-21399 Microsoft Edge RCE Vulnerability appeared first on Penetration Testing.

Penetration Testing 144

Penetration Testing 144

The Hacker News

FEBRUARY 8, 2024

Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild. The vulnerability, CVE-2024-21762 (CVSS score: 9.6), allows for the execution of arbitrary code and commands.

VPN 144

VPN 144

Malwarebytes

FEBRUARY 8, 2024

Password Manager LastPass has warned about a fraudulent app called “LassPass Password Manager” which it found on the Apple App Store. The app closely mimics the branding and appearance of LastPass, right down to the interface. So, even if the name was a “happy accident” it seems clear that this was a purposeful attempt to trick users installing the fake app.

Identity Theft 144

Identity Theft Password Management Passwords Risk 144

Tech Republic Security

FEBRUARY 9, 2024

Learn about the differences between Bitwarden's Free and Premium versions and decide which one is the right fit for your password management needs.

Password Management 150

Password Management Passwords 150

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Boulevard

FEBRUARY 7, 2024

PR FAIL: Were 3 million toothbrushes hacked into a botnet? Or does a Fortinet spokeschild have egg on his face? The post ‘Total Bollocks’ — No, Your Toothbrush isn’t DDoS’ing appeared first on Security Boulevard.

Hacking 142

Hacking Social Engineering DDOS Internet 142

Bleeping Computer

FEBRUARY 7, 2024

A widely reported story that 3 million electric toothbrushes were hacked with malware to conduct distributed denial of service (DDoS) attacks is likely a hypothetical scenario instead of an actual attack. [.

DDOS 142

DDOS Malware Hacking 142

The Hacker News

FEBRUARY 9, 2024

Threat hunters have identified a new variant of Android malware called MoqHao that automatically executes on infected devices without requiring any user interaction. "Typical MoqHao requires users to install and launch the app to get their desired purpose, but this new variant requires no execution," McAfee Labs said in a report published this week.

Malware 141

Malware 141

Tech Republic Security

FEBRUARY 8, 2024

Trying to decide between LastPass Free and Premium? This comparison guide highlights the features and benefits of each plan to help you make an informed decision.

Password Management 137

Password Management Passwords 137

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Security Affairs

FEBRUARY 9, 2024

Black Basta ransomware gang claims the hack of the car maker Hyundai Motor Europe and the theft of three terabytes of their data. BleepingComputer reported that the Car maker Hyundai Motor Europe was breached by the Black Basta ransomware gang. The threat actors claim to have stolen three terabytes of data from the company. In January the company experienced IT issues, the outage was likely caused by the ransomware attack, but the company did not disclose it.

Hacking 143

Hacking Ransomware Data breaches Manufacturing 143

Bleeping Computer

FEBRUARY 7, 2024

A widely reported story that 3 million electric toothbrushes were hacked with malware to conduct distributed denial of service (DDoS) attacks is likely a hypothetical scenario instead of an actual attack. [.

DDOS 141

DDOS Malware Hacking 141

The Hacker News

FEBRUARY 7, 2024

Cisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited to perform arbitrary actions on affected devices. The first set from Cisco consists of three flaws – CVE-2024-20252 and CVE-2024-20254 (CVSS score: 9.6) and CVE-2024-20255 (CVSS score: 8.

143

143

Tech Republic Security

FEBRUARY 8, 2024

Find out the difference between Atlas VPN's free and premium options and choose the best plan for your online security and privacy needs.

VPN 147

VPN 147

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity