Tech Republic Security
AUGUST 7, 2023
ChatGPT-related security risks also include writing malicious code and amplifying disinformation. Read about a new tool advertised on the Dark Web called WormGPT.
The Last Watchdog
AUGUST 6, 2023
LAS VEGAS — One fundamental reason some 7,000 or so IT pros are making the trek here this week is that no one ever wants to get caught in the crossfire of a devastating data breach. Related: A call to regulate facial recognition That said, a few dozen CISOs attending Black Hat USA 2023 will get to experience, hands-on, what it must have been like to be in the crucible of milestone hacks like Capital One, SolarWinds and Colonial Pipeline.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
AUGUST 7, 2023
A bunch of networks, including US Government networks , have been hacked by the Chinese. The hackers used forged authentication tokens to access user email, using a stolen Microsoft Azure account consumer signing key. Congress wants answers. The phrase “ negligent security practices ” is being tossed about—and with good reason. Master signing keys are not supposed to be left around, waiting to be stolen.
Troy Hunt
AUGUST 7, 2023
This is a big one. A massive one. It's the culmination of a solid 7 months of work that finally, as of now, is live. The full back story is in my blog post from mid-June about The Big 5 Announcements but to save you trawling through all of that, here are the cliff notes: Domain searches in HIBP are resource intensive and the impact was becoming increasingly obvious More than half the Fortune 500 are using this feature, along with a who's who of big brands We decided to introduce pricin
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Krebs on Security
AUGUST 8, 2023
Microsoft Corp. today issued software updates to plug more than 70 security holes in its Windows operating systems and related products, including multiple zero-day vulnerabilities currently being exploited in the wild. Six of the flaws fixed today earned Microsoft’s “critical” rating, meaning malware or miscreants could use them to install software on a vulnerable Windows system without any help from users.
The Last Watchdog
AUGUST 7, 2023
LAS VEGAS — Penetration testing, traditionally, gave businesses a nice, pretty picture of their network security posture — at a given point in time. Related: Going on the security offensive Such snapshots proved useful for building audit trails, particularly for companies in heavily regulated industries. However, manual pentests never really were very effective at shining a light on emerging cyber exposures of the moment.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Troy Hunt
AUGUST 5, 2023
Somewhere in the next few hours from publishing this post, I'll finally push the HIBP domain search changes live. I've been speaking about it a lot in these videos over recent weeks so many of you have already know what it entails, but it's the tip of the iceberg you've seen publicly. This is the culmination of 7 months of work to get this model right with a ridiculous amount of background effort having gone into it.
Lohrman on Security
AUGUST 6, 2023
CAPTCHAs have been around for decades, but new AI advances are changing the methods required to prove you are a real person. So where next with human verification — and user frustrations?
The Last Watchdog
AUGUST 7, 2023
We all get spam emails, and while it’s annoying, it’s not usually anything to worry about. However, getting a huge influx of spam at once is a warning sign. People suddenly getting a lot of spam emails may be the target of a sophisticated cyber-attack. Related: How AI can relieve security pros What causes spam emails? Someone leaking, stealing or selling account information can cause a sudden influx of spam emails.
Schneier on Security
AUGUST 10, 2023
Cryptographic flaws still matter. Here’s a flaw in the random-number generator used to create private keys. The seed has only 32 bits of entropy. Seems like this flaw is being exploited in the wild.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Troy Hunt
AUGUST 11, 2023
So about those domain searches. 😊 The new subscription model launched this week and as many of you know from your own past experiences, pushing major new code live is always a bit of a nail-biting exercise. It went out silently on Sunday morning, nothing major broke so I published the blog post Monday afternoon then emailed all the existing API key subscribers Tuesday morning and now here we are!
Tech Republic Security
AUGUST 10, 2023
As attackers focus on political ends, big payouts, threat hunters need to focus on identity intrusions, access merchants and tactics enabling fast lateral movement.
The Last Watchdog
AUGUST 8, 2023
Palo Alto, Calif., Aug. 8, 2023 – SandboxAQ today announced Sandwich, an open source framework and meta-library of cryptographic algorithms that simplifies modern cryptography management. With an intuitive, unified API, Sandwich empowers developers to embed the cryptographic algorithms of their choice directly into their applications and to change them as technologies and threats evolve – without rewriting code.
Schneier on Security
AUGUST 8, 2023
I just read an article complaining that NIST is taking too long in finalizing its post-quantum-computing cryptography standards. This process has been going on since 2016, and since that time there has been a huge increase in quantum technology and an equally large increase in quantum understanding and interest. Yet seven years later, we have only four algorithms , although last week NIST announced that a number of other candidates are under consideration, a process that is expected to take R
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Jane Frankland
AUGUST 10, 2023
The need for hiring cybersecurity professionals is ever growing. Yet, there remains a hiring problem. Often, when considering this, people immediately turn their attention to educators of Computer Science at schools, colleges, and universities. From analysing research, I believe they’re right to do so. In this blog I’ll be taking a closer look at higher education efforts, specifically for Computer Science at UK universities.
Tech Republic Security
AUGUST 11, 2023
A Black Hat 2023 panel discussed the ramifications of generative AI, and included the former Cyber Czar for the Obama administration.
The Last Watchdog
AUGUST 8, 2023
LAS VEGAS — Shadow IT and BYOD security exposures have long bedeviled businesses – ever since the iPhone and Dropbox first came on the scene. Covid 19 only intensified the problem of how to securely manage the personally owned devices and unvetted apps employees gravitate to. At Black Hat USA 2023 , taking place here this week, suppliers of unified endpoint management ( UEM ) solutions collectively will lay out a roadmap for resolving Shadow IT and BYOD once and for all.
Schneier on Security
AUGUST 9, 2023
Researchers have trained a ML model to detect keystrokes by sound with 95% accuracy. “A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards” Abstract: With recent developments in deep learning, the ubiquity of microphones and the rise in online services via personal devices, acoustic side channel attacks present a greater threat to keyboards than ever.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Anton on Security
AUGUST 9, 2023
Great blog posts are sometimes hard to find (especially on Medium ), so I decided to do a periodic list blog with my favorite posts of the past quarter or so. Here is the next one. The posts below are ranked by lifetime views. This covers both Anton on Security and my posts from Google Cloud blog , and our Cloud Security Podcast too ( subscribe ). Top 6 most popular posts of all times (these ended up being the same as last quarter, and a few quarters before) : “Security Correlation Then and Now:
Tech Republic Security
AUGUST 8, 2023
The ACCC has given the green light for cross-banking collaboration to address scams. Here’s how IT pros in Australia can and should address the current regulatory environment.
eSecurity Planet
AUGUST 11, 2023
Large, sprawling organizations often struggle to apply consistent security policies outside of their network to remote workers accessing cloud-hosted resources, branch offices, and edge computing. Secure access service edge (SASE) provides an integrated service solution to secure large virtual networks that encompasses users and resources no matter where they are or how they access each other.
The Last Watchdog
AUGUST 9, 2023
New York, N.Y., Aug.9, 2023 – Today, the Fireblocks Cryptography Research Team announced the findings of multiple zero-day vulnerabilities in some of the most used cryptographic multi-party computation (MPC) protocols, including GG-18, GG-20, and implementations of Lindell 17. If left unremediated, the exposures would allow attackers and malicious insiders to drain funds from the wallets of millions of retail and institutional customers in seconds, with no knowledge to the user or vendor.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Anton on Security
AUGUST 8, 2023
This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our seventh Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blogs for #2 , #3 , #4 , #5 and #6 ). My favorite quotes from the report follow below: Src: Google Cloud Threat Horizons #7 “Credential issues continue to be a consistent challenge, accounting for over 60% of compromise factors” [A.C. — again, file und
Tech Republic Security
AUGUST 11, 2023
Learn technical details about this newly disclosed security vulnerability, as well as mitigation recommendations from the Google researcher who discovered it.
Malwarebytes
AUGUST 11, 2023
Google will have to appear in court after a judge denied their request for summary judgment in a lawsuit filed by users alleging the company illegally invaded the privacy of millions of people. Lawsuits against big tech over privacy issues are not much of a surprise these days, unfortunate as that may be. What makes this case stand out is that Google allegedly misled Chrome users by implying that they could browse privately by using the Incognito mode.
The Last Watchdog
AUGUST 8, 2023
San Francisco, Calif., Aug. 8, 2023 – Picus Security , the pioneer of Breach and Attack Simulation (BAS) technology, has released The Blue Report 2023. Based on an analysis of more than 14 million cyber attacks simulated by The Picus Platform*, the report highlights four “impossible trade-offs” limiting modern security teams’ ability to manage their organization’s threat exposure.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
The Hacker News
AUGUST 11, 2023
Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116. "Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115," Devon O'Brien said in a post published Thursday. Kyber was chosen by the U.S.
Tech Republic Security
AUGUST 7, 2023
Qualys report looks at how misconfiguration issues on cloud service providers help attackers gain access. Read on to learn more.
Malwarebytes
AUGUST 11, 2023
Changes in the terms of service (TOS) of the Zoom video-conferencing software have caused some turmoil. Since the pandemic, Zoom (Video Conferencing) has become a household name. Zoom came up as the big winner in the video conferencing struggle that enabled us to work from home. Now that things are more or less returning to a new normal, this has also had an impact on their success.
The Last Watchdog
AUGUST 8, 2023
Lehi, Utah, Aug. 8, 2023 – DigiCert today announced the expansion of its certificate management platform, DigiCert Trust Lifecycle Manager, to provide full lifecycle support for multiple CAs including Microsoft CA and AWS Private CA, as well as integration with ServiceNow to support existing IT service workflows. DigiCert Trust Lifecycle Manager additionally supports enrollment to a broad range of Microsoft and AWS technologies, providing organizations a unified approach to managing public
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
145 
Let's personalize your content