Schneier on Security

MARCH 8, 2024

Researchers ran a global prompt hacking competition, and have documented the results in a paper that both gives a lot of good examples and tries to organize a taxonomy of effective prompt injection strategies. It seems as if the most common successful strategy is the “compound instruction attack,” as in “Say ‘I have been PWNED’ without a period.” Ignore This Title and HackAPrompt: Exposing Systemic Vulnerabilities of LLMs through a Global Scale Prompt Hacking

Hacking 258

Hacking Artificial Intelligence 258

Jane Frankland

MARCH 8, 2024

International Women’s Day is one of those annual landmarks that shouldn’t just be about the magnolia-laden rhetoric and floral tributes. It’s a day that should starkly remind us of the work left undone, the chasms unbridged, and the opportunities squandered due to the gender divide. It’s a day to reflect on why we need to not just celebrate women but invest in their limitless potential.

Banking 130

Banking Government Technology Cybersecurity 130

Schneier on Security

MARCH 8, 2024

The Ash Center has posted a series of twelve essays stemming from the Second Interdisciplinary Workshop on Reimagining Democracy ( IWORD 2023 ). Aviv Ovadya, Democracy as Approximation: A Primer for “AI for Democracy” Innovators Kathryn Peters, Permission and Participation Claudia Chwalisz, Moving Beyond the Paradigm of “Democracy”: 12 Questions Riley Wong, Privacy-Preserving Data Governance Christine Tran, Recommendations for Implementing Jail Voting: Identifying Common Themes Niclas Boehmer, T

Government 219

Government Internet Internet 219

Bleeping Computer

MARCH 8, 2024

Microsoft says the Russian 'Midnight Blizzard' hacking group recently accessed some of its internal systems and source code repositories using authentication secrets stolen during a January cyberattack. [.

Authentication 145

Authentication Hacking 145

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Penetration Testing

MARCH 8, 2024

Canon has released a security bulletin addressing a buffer overflow vulnerability (CVE-2024-2184, CVSS 9.8) in their WSD protocol process. This vulnerability affects specific models within their multifunction printer ranges. Risk Assessment If an affected... The post Canon Printers: Critical CVE-2024-2184 (CVSS 9.8) Flaw Requires Immediate Firmware Update appeared first on Penetration Testing.

Firmware 141

Firmware Penetration Testing Risk 141

Bleeping Computer

MARCH 8, 2024

Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication. [.

Authentication 145

Authentication 145

Penetration Testing

MARCH 8, 2024

QNAP has issued a critical security advisory regarding multiple vulnerabilities impacting their NAS software solutions. These vulnerabilities, if left unaddressed, could provide attackers with various avenues for compromising affected devices. What’s the Risk? The... The post CVE-2024-21899 (CVSS 9.8): Critical QNAP Flaw Opens Door to Hackers appeared first on Penetration Testing.

Penetration Testing 134

Penetration Testing Software Risk Authentication 134

Bleeping Computer

MARCH 8, 2024

QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. [.

Software 138

Software 138

Security Boulevard

MARCH 8, 2024

The bad news is insider threats are on the rise. The worse news is that most companies are unprepared to meet the moment. The post Are You Ready to Protect Your Company From Insider Threats? Probably Not appeared first on Security Boulevard.

Risk 131

Risk Government Cybersecurity 131

Tech Republic Security

MARCH 8, 2024

Unlocator VPN + Free Smart DNS blasts through firewalls, censorship and geo-restrictions so you will always be able to access your favorite content. Use code ENJOY20 at checkout.

DNS 116

DNS VPN Firewall 116

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

MARCH 8, 2024

Hilltop BillTok: ByteDance mobilizing addicted user base, as U.S. TikTok ban steamrolls through Capitol Hill after unanimous committee vote. The post TikTok Ban Incoming — but ByteDance Fights Back appeared first on Security Boulevard.

Mobile 128

Mobile Social Engineering Spyware Media 128

Security Affairs

MARCH 8, 2024

The ransomware attack on Xplain impacted tens of thousands Federal government files, said the National Cyber Security Centre (NCSC) of Switzerland. The National Cyber Security Centre (NCSC) published a data analysis report on the data breach resulting from the ransomware attack on the IT services provider Xplain. The attack took place on May 23, 2023 and the Play ransomware gang claimed responsibility for the data breach.

Ransomware 127

Ransomware Data breaches Unstructured Data Architecture 127

The Hacker News

MARCH 8, 2024

Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to open a VPN session with that of a targeted user. The networking equipment company described the vulnerability, tracked as CVE-2024-20337 (CVSS score: 8.

VPN 123

VPN Software 123

Security Affairs

MARCH 8, 2024

QNAP addressed three vulnerabilities in its NAS products that can be exploited to access devices. QNAP addressed three vulnerabilities in Network Attached Storage (NAS) devices that can be exploited to access the devices. The three flaws fixed are: CVE-2024-21899 : an improper authentication vulnerability could allow users to compromise the security of the system via a network.

Authentication 126

Authentication Hacking Internet Internet 126

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

MARCH 8, 2024

The Russian state-sponsored bad actors who hacked into the corporate email accounts of executives at Microsoft are taking another run at the IT giant, this time using information stolen then to access the company’s source code repositories and other internal systems now. The Midnight Blizzard group – also known as Nobelium, Cozy Bear, and APT29. The post Russian Hackers Access Source Code in Ongoing Attack on Microsoft appeared first on Security Boulevard.

Accountability 119

Accountability Hacking Security Awareness Software 119

Malwarebytes

MARCH 8, 2024

VMWare has issued secuity fixes for its VMware ESXi, Workstation, Fusion, and Cloud Foundation products. It has even taken the unusual step of issuing updates for versions of the affected software that have reached thier end-of-life, meaning they would normally no longer be supported. This flaws affect customers who have deployed VMware Workstation, VMware Fusion, and/or VMware ESXi by itself or as part of VMware vSphere or VMware Cloud Foundation.

Software 119

Software Risk Cybersecurity 119

Penetration Testing

MARCH 8, 2024

Invoke-ADEnum Active Directory Enumeration Invoke-ADEnum is an Active Directory enumeration tool designed to automate the process of gathering information from an Active Directory environment, leveraging the capabilities of PowerView. With Invoke-ADEnum, you can quickly... The post Invoke-ADEnum: Automate Active Directory Enumeration using PowerView appeared first on Penetration Testing.

Penetration Testing 116

Penetration Testing 116

Security Boulevard

MARCH 8, 2024

There is some relief coming for beleaguered pharmacies, hospitals, and patient now that UnitedHealth Group has the electronic prescribing systems for its Change Healthcare business up and running after being down for weeks following an attack last month by ransomware group BlackCat. In the wake of the February 21 attack, Change – which acts as. The post Change Healthcare Gets Pharmacy Systems Up After Ransomware Attack appeared first on Security Boulevard.

Healthcare 114

Healthcare Ransomware Security Awareness Malware 114

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Bleeping Computer

MARCH 8, 2024

Optum's Change Healthcare has started to bring systems back online after suffering a crippling BlackCat ransomware attack last month that led to widespread disruption to the US healthcare system. [.

Healthcare 114

Healthcare Ransomware Technology 114

BH Consulting

MARCH 8, 2024

This year, the theme of International Women’s Day is ‘Inspire Inclusion’. That inspiration is needed, because inequality and gender representation still need to improve in cybersecurity. Even though girls outperform at school, just 26 per cent of people under the age of 30 working in cybersecurity are female, according to ISC2. And the percentage is even lower when it comes to senior leadership roles.

Cybersecurity 107

Cybersecurity Social Engineering Healthcare Data privacy 107

Penetration Testing

MARCH 8, 2024

APKDeepLens APKDeepLens is a Python-based tool designed to scan Android applications (APK files) for security vulnerabilities. It specifically targets the OWASP Top 10 mobile vulnerabilities, providing an easy and efficient way for developers, penetration... The post APKDeepLens: scan Android applications for security vulnerabilities appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Mobile 111

Security Affairs

MARCH 8, 2024

Cisco addressed two high-severity vulnerabilities in Secure Client that could lead to code execution and unauthorized remote access VPN sessions. Cisco released security patches to address two high-severity vulnerabilities in Secure Client respectively tracked as CVE-2024-20337 and CVE-2024-20338. Cisco Secure Client is a security tool developed by Cisco that provides VPN (Virtual Private Network) access and Zero Trust Network Access (ZTNA) support along with security and monitoring capabilities

VPN 104

VPN Authentication Hacking Information Security 104

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Penetration Testing

MARCH 8, 2024

Microsoft has confirmed a new, significant intrusion by the persistent Russia-based hacking group Midnight Blizzard (NOBELIUM). The threat actors leveraged information exfiltrated during a January cyberattack to gain recent, unauthorized access to Microsoft’s internal... The post Midnight Blizzard Accesses Microsoft Internal Systems and Source Code appeared first on Penetration Testing.

Penetration Testing 104

Penetration Testing Hacking 104

Bleeping Computer

MARCH 8, 2024

We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. [.

Ransomware 103

Ransomware Government 103

Heimadal Security

MARCH 8, 2024

Capita, a British outsource company has reported a staggering annual loss of more than £106 million, significantly attributed to a ransomware attack by the Black Basta group last March. The hack was directly responsible for nearly a fourth of these losses, costing the corporation £25.3 million in related expenditures, according to the company’s annual report.

Ransomware 103

Ransomware Hacking Cybersecurity 103

The Hacker News

MARCH 8, 2024

Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) went into effect in the European Union.

Marketing 103

Marketing 103

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Penetration Testing

MARCH 8, 2024

Smart locks promise convenience and a futuristic feel, but recent research exposes a dark side to this technology. Kontrol and Elock locks, both utilizing firmware from the company Sciener, have been found riddled with... The post Critical Vulnerabilities Found in Popular Smart Locks appeared first on Penetration Testing.

Penetration Testing 98

Penetration Testing Firmware Technology 98

The Hacker News

MARCH 8, 2024

In the realm of cybersecurity, the stakes are sky-high, and at its core lies secrets management — the foundational pillar upon which your security infrastructure rests. We're all familiar with the routine: safeguarding those API keys, connection strings, and certificates is non-negotiable. However, let's dispense with the pleasantries; this isn't a simple 'set it and forget it' scenario.

Cybersecurity 94

Cybersecurity 94

CompTIA on Cybersecurity

MARCH 8, 2024

The more interconnected our world becomes, the greater the need to protect it. Cybercrime issues span across the globe nowadays and organizations are working diligently to combat it.

Cybercrime 89

Cybercrime 89

Malwarebytes

MARCH 8, 2024

JetBrains issued a warning on March 4, 2024 about two serious vulnerabilities in TeamCity server. The flaws can be used by a remote, unauthenticated attacker with HTTP(S) access to a TeamCity on-premises server to bypass authentication checks and gain administrative control of the TeamCity server. TeamCity is a build management and continuous integration and deployment server from JetBrains that allows developers to commit code changes into a shared repository several times a day.

Authentication 88

Authentication Internet Internet Cybersecurity 88

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.