Tech Republic Security
AUGUST 7, 2023
ChatGPT-related security risks also include writing malicious code and amplifying disinformation. Read about a new tool advertised on the Dark Web called WormGPT.
The Last Watchdog
AUGUST 6, 2023
LAS VEGAS — One fundamental reason some 7,000 or so IT pros are making the trek here this week is that no one ever wants to get caught in the crossfire of a devastating data breach. Related: A call to regulate facial recognition That said, a few dozen CISOs attending Black Hat USA 2023 will get to experience, hands-on, what it must have been like to be in the crucible of milestone hacks like Capital One, SolarWinds and Colonial Pipeline.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
AUGUST 7, 2023
A bunch of networks, including US Government networks , have been hacked by the Chinese. The hackers used forged authentication tokens to access user email, using a stolen Microsoft Azure account consumer signing key. Congress wants answers. The phrase “ negligent security practices ” is being tossed about—and with good reason. Master signing keys are not supposed to be left around, waiting to be stolen.
Troy Hunt
AUGUST 7, 2023
This is a big one. A massive one. It's the culmination of a solid 7 months of work that finally, as of now, is live. The full back story is in my blog post from mid-June about The Big 5 Announcements but to save you trawling through all of that, here are the cliff notes: Domain searches in HIBP are resource intensive and the impact was becoming increasingly obvious More than half the Fortune 500 are using this feature, along with a who's who of big brands We decided to introduce pricin
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Krebs on Security
AUGUST 8, 2023
Microsoft Corp. today issued software updates to plug more than 70 security holes in its Windows operating systems and related products, including multiple zero-day vulnerabilities currently being exploited in the wild. Six of the flaws fixed today earned Microsoft’s “critical” rating, meaning malware or miscreants could use them to install software on a vulnerable Windows system without any help from users.
Tech Republic Security
AUGUST 8, 2023
The ACCC has given the green light for cross-banking collaboration to address scams. Here’s how IT pros in Australia can and should address the current regulatory environment.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
eSecurity Planet
AUGUST 11, 2023
Large, sprawling organizations often struggle to apply consistent security policies outside of their network to remote workers accessing cloud-hosted resources, branch offices, and edge computing. Secure access service edge (SASE) provides an integrated service solution to secure large virtual networks that encompasses users and resources no matter where they are or how they access each other.
Bleeping Computer
AUGUST 5, 2023
A team of researchers from British universities has trained a deep learning model that can steal data from keyboard keystrokes recorded using a microphone with an accuracy of 95%.
Tech Republic Security
AUGUST 10, 2023
As attackers focus on political ends, big payouts, threat hunters need to focus on identity intrusions, access merchants and tactics enabling fast lateral movement.
Schneier on Security
AUGUST 10, 2023
Cryptographic flaws still matter. Here’s a flaw in the random-number generator used to create private keys. The seed has only 32 bits of entropy. Seems like this flaw is being exploited in the wild.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Dark Reading
AUGUST 9, 2023
A newly patched flaw in Windows Defender allows attackers to hijack the signature-update process to sneak in malware, delete benign files, and inflict mayhem on target systems.
The Hacker News
AUGUST 11, 2023
Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116. "Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115," Devon O'Brien said in a post published Thursday. Kyber was chosen by the U.S.
Tech Republic Security
AUGUST 11, 2023
Learn technical details about this newly disclosed security vulnerability, as well as mitigation recommendations from the Google researcher who discovered it.
Schneier on Security
AUGUST 8, 2023
I just read an article complaining that NIST is taking too long in finalizing its post-quantum-computing cryptography standards. This process has been going on since 2016, and since that time there has been a huge increase in quantum technology and an equally large increase in quantum understanding and interest. Yet seven years later, we have only four algorithms , although last week NIST announced that a number of other candidates are under consideration, a process that is expected to take R
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Malwarebytes
AUGUST 11, 2023
Changes in the terms of service (TOS) of the Zoom video-conferencing software have caused some turmoil. Since the pandemic, Zoom (Video Conferencing) has become a household name. Zoom came up as the big winner in the video conferencing struggle that enabled us to work from home. Now that things are more or less returning to a new normal, this has also had an impact on their success.
The Hacker News
AUGUST 11, 2023
A high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain or protocol filtering methods implemented with a blocklist, ultimately resulting in arbitrary file reads and command execution.
Tech Republic Security
AUGUST 10, 2023
Discover the challenges that AI will bring to the cybersecurity industry and the opportunities and future implications of cybersecurity in an AI-dominated world.
Schneier on Security
AUGUST 9, 2023
Researchers have trained a ML model to detect keystrokes by sound with 95% accuracy. “A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards” Abstract: With recent developments in deep learning, the ubiquity of microphones and the rise in online services via personal devices, acoustic side channel attacks present a greater threat to keyboards than ever.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
eSecurity Planet
AUGUST 10, 2023
Cloud security posture management (CSPM) discovers and manages infrastructure and configuration risks across cloud environments. As most cloud security failures are due to customer error, CSPM’s ability to find and fix those errors has made it a critical cloud security tool. CSPM ensures cloud computing security and compliance by incorporating risk management capabilities to discover, analyze, and manage infrastructure and configuration risks across cloud environments and infrastructure.
The Hacker News
AUGUST 8, 2023
Microsoft has patched a total of 74 flaws in its software as part of the company's Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month. This comprises six Critical and 67 Important security vulnerabilities.
Tech Republic Security
AUGUST 11, 2023
Looking for an alternative to Google Authenticator? Here's our comprehensive list covering the top competitors and alternatives to help you find your best fit.
Bleeping Computer
AUGUST 8, 2023
Today is Microsoft's August 2023 Patch Tuesday, with security updates for 87 flaws, including two actively exploited and twenty-three remote code execution vulnerabilities. [.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
eSecurity Planet
AUGUST 9, 2023
Microsoft’s Patch Tuesday for August 2023 addresses 74 vulnerabilities, six of them critical. The company also issued two advisories, one of them addressing a Microsoft Office flaw that was disclosed but unpatched in last month’s update. The six critical vulnerabilities discussed in the release note are as follows: CVE-2023-29328 and CVE-2023-29330 , a pair of remote code execution flaws in Microsoft Teams with a CVSS score of 8.8 CVE-2023-35385 , CVE-2023-36910 , and CVE-2023-36911
The Hacker News
AUGUST 8, 2023
Introduced in 1999, Microsoft Active Directory is the default identity and access management service in Windows networks, responsible for assigning and enforcing security policies for all network endpoints. With it, users can access various resources across networks.
Tech Republic Security
AUGUST 9, 2023
Your computer network is under constant attack. The hard reality is that one of those cyberattacks will succeed, and you had better be prepared. This quick glossary from TechRepublic Premium explains the terminology used by security experts as they attempt to reduce the damage caused by a successful attack. From the glossary: EVIDENCE COLLECTION POLICY.
Malwarebytes
AUGUST 11, 2023
Google will have to appear in court after a judge denied their request for summary judgment in a lawsuit filed by users alleging the company illegally invaded the privacy of millions of people. Lawsuits against big tech over privacy issues are not much of a surprise these days, unfortunate as that may be. What makes this case stand out is that Google allegedly misled Chrome users by implying that they could browse privately by using the Incognito mode.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
eSecurity Planet
AUGUST 9, 2023
Managed service providers, also known as MSPs, offer organizations of all sizes a way to gain fractional expertise and capabilities unrelated to their core activities without the need for a huge upfront investment. Information technology (IT) MSPs typically provide the easiest path to better cybersecurity because they focus completely on the effective implementation of basic IT infrastructure.
The Hacker News
AUGUST 7, 2023
A group of academics has devised a "deep learning-based acoustic side-channel attack" that can be used to classify laptop keystrokes that are recorded using a nearby phone with 95% accuracy.
Tech Republic Security
AUGUST 11, 2023
Dependency confusion is becoming a serious cybersecurity threat. Learn which organizations are at risk and how to protect systems against these attacks.
IT Security Guru
AUGUST 10, 2023
The Open Web Application Security Project (OWASP), a non-profit foundation devoted to web application security, recently released the 2023 OWASP API Security Top 10 list. The list aims to raise awareness about the most common API security risks plaguing organisations and how to defend against them. The 2023 list provides an update to the original list, published in 2019.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Expert insights. Personalized for you.
140 
Let's personalize your content