Schneier on Security

JANUARY 17, 2024

Interesting research: “ Do Users Write More Insecure Code with AI Assistants? “: Abstract: We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that participants who had access to an AI assistant based on OpenAI’s codex-davinci-002 model wrote significantly less secure code than those without access.

Artificial Intelligence 297

Artificial Intelligence 297

Joseph Steinberg

JANUARY 19, 2024

Several hours ago , I received a phone call; the caller ID displayed the accurate name and phone number of my local utility company. As our area has, at times, suffered from power disruptions during winter storms, and we had winter weather yesterday and are expecting more tomorrow, I answered the call to see if the utility was advising of some repair that could impact service.

Scams 230

Scams Artificial Intelligence Accountability Data breaches 230

Krebs on Security

JANUARY 19, 2024

A Canadian man who says he's been falsely charged with orchestrating a complex e-commerce scam is seeking to clear his name.

Scams 252

Scams 252

Tech Republic Security

JANUARY 18, 2024

The Androxgh0st malware botnet is used for victim identification and exploitation in targeted networks, as well as credentials collection. Read the FBI/CISA's tips for protecting against this malware threat.

Malware 175

Malware Cybersecurity 175

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Schneier on Security

JANUARY 19, 2024

Okay, so this is weird. Zelle has been using my name, and my voice, in audio podcast ads—without my permission. At least, I think it is without my permission. It’s possible that I gave some sort of blanket permission when speaking at an event. It’s not likely, but it is possible. I wrote to Zelle about it. Or, at least, I wrote to a company called Early Warning that owns Zelle about it.

Marketing 260

Marketing 260

Bleeping Computer

JANUARY 18, 2024

Ransomware actors are again using TeamViewer to gain initial access to organization endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder. [.

Ransomware 145

Ransomware 145

Tech Republic Security

JANUARY 19, 2024

IT spending in Australia is forecast to increase significantly in 2024. This means that IT pros who spend time on skills development will be able to instead focus on growth in their career.

Big data 164

Big data 164

Schneier on Security

JANUARY 19, 2024

This is a fascinating story. Last spring, a friend of a friend visited my office and invited me to Langley to speak to Invisible Ink, the CIA’s creative writing group. I asked Vivian (not her real name) what she wanted me to talk about. She said that the topic of the talk was entirely up to me. I asked what level the writers in the group were.

250

250

Malwarebytes

JANUARY 17, 2024

The San Francisco Chronicle tells a story about a family that almost got scammed when they heard their son’s voice telling them he’d been in a car accident and hurt a pregnant woman. Sadly, this is becoming more common. Scammers want to spread panic among their victims, and to do this, they feign an emergency situation. That may be a car accident, unexpected hospitalization, or any other scenarios which instantly cause concern and cause victims to act quickly.

Scams 143

Scams Artificial Intelligence Identity Theft Social Engineering 143

Penetration Testing

JANUARY 14, 2024

Pandora This is a red team tool that assists in gathering credentials from different password managers. They are separated into three categories, Windows 10 desktop applications, browsers, and browser plugins. This may work on... The post pandora: A red team tool to extract credentials from password managers appeared first on Penetration Testing.

Password Management 145

Password Management Passwords Penetration Testing 145

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Tech Republic Security

JANUARY 18, 2024

Security researchers from Trail of Bits identified a GPU memory vulnerability they called LeftoverLocals. Some affected GPU vendors have issued fixes.

Artificial Intelligence 167

Artificial Intelligence 167

Schneier on Security

JANUARY 18, 2024

After 175 million failed password guesses, a judge rules that the Canadian police must return a suspect’s phone. [Judge] Carter said the investigation can continue without the phones, and he noted that Ottawa police have made a formal request to obtain more data from Google. “This strikes me as a potentially more fruitful avenue of investigation than using brute force to enter the phones,” he said.

Passwords 237

Passwords 237

Bleeping Computer

JANUARY 18, 2024

Multiple Atlassian Jira products are experiencing an ongoing outage as of this morning. Users of Jira Work management, Jira Software, Jira Service Management and Jira Product Discovery are facing connection issues. [.

Software 139

Software Technology 139

Malwarebytes

JANUARY 19, 2024

Users of Chrome Canary have noticed some slight changes in the wording that Google uses for Incognito mode. Chrome Canary is mainly intended for use by developers. It’s updated nearly daily with new features, and because it can be used alongside versions of the “normal” Chrome browser (known collectively as Chrome’s “Stable channel”), it can serve for testing and development purposes.

Data collection 137

Data collection VPN Risk 137

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

JANUARY 16, 2024

Small and midsize businesses are increasingly being targeted by cybercriminals — but they often lack the resources and expertise to develop comprehensive security policies to help defend against threats. This set of policies from TechRepublic Premium will help your company establish guidelines and procedures to reduce the risks. The pack comprises seven documents: IT Staff.

Risk 148

Risk 148

Schneier on Security

JANUARY 15, 2024

New research demonstrates voice cloning, in multiple languages, using samples ranging from one to twelve seconds. Research paper.

256

256

Bleeping Computer

JANUARY 15, 2024

Security researchers have found over 178,000 SonicWall next-generation firewalls (NGFW) with the management interface exposed online are vulnerable to denial-of-service (DoS) and potential remote code execution (RCE) attacks. [.

Firewall 136

Firewall 136

We Live Security

JANUARY 16, 2024

By eliminating these mistakes and blind spots, your organization can take massive strides towards optimizing its use of cloud without exposing itself to cyber-risk

Cyber Risk 143

Cyber Risk Risk 143

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Tech Republic Security

JANUARY 19, 2024

Protect your business from both tech and human error with EaseUS Data Recovery Wizard, now just $46 for life for a limited time this January.

151

151

Schneier on Security

JANUARY 14, 2024

This is a current list of where and when I am scheduled to speak: I’m speaking at the International PolCampaigns Expo (IPE24) in Cape Town, South Africa, January 25-26, 2024. The list is maintained on this page.

214

214

Bleeping Computer

JANUARY 17, 2024

Security researchers found that infections with high-profile spyware Pegasus, Reign, and Predator could be discovered on compromised Apple mobile devices by checking Shutdown.log, a system log file that stores reboot events. [.

Spyware 136

Spyware Mobile 136

WIRED Threat Level

JANUARY 17, 2024

Once, drug dealers and money launderers saw cryptocurrency as perfectly untraceable. Then a grad student named Sarah Meiklejohn proved them all wrong—and set the stage for a decade-long crackdown.

Cryptocurrency 137

Cryptocurrency 137

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Tech Republic Security

JANUARY 18, 2024

Security researchers from Trail of Bits identified a GPU memory vulnerability they called LeftoverLocals. Some affected GPU vendors have issued fixes.

Artificial Intelligence 146

Artificial Intelligence 146

Schneier on Security

JANUARY 16, 2024

Over at Wired, Andy Greenberg has an excellent story about the creators of the 2016 Mirai botnet.

249

249

Bleeping Computer

JANUARY 15, 2024

Adblock and Adblock Plus users report performance issues on YouTube, initially blamed on Google but later determined to be an issue in the popular ad-blocking extension. [.

Software 138

Software 138

Malwarebytes

JANUARY 16, 2024

Facebook scams are a constant nuisance and vary from like-farming to scams that can cost you some serious money. The latest one we found is a bit morbid. Recently, I’ve seen quite a few posts on my timeline that looked like this: Without going into details the post says: “I can’t believe he’s gone. I’ll miss him so much” In all the posts I’ve seen, one of my Facebook friends was tagged.

Scams 135

Scams Adware Accountability VPN 135

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

Tech Republic Security

JANUARY 16, 2024

Data in transit means data is at risk if the proper precautions aren’t followed. Data stored inside a securely monitored environment is much less likely to fall into the wrong hands than data exchanged between people and systems. With this in mind, it is essential for company personnel to adhere to firm and clear guidelines.

Risk 132

Risk Software Mobile 132

Security Affairs

JANUARY 15, 2024

Researchers from Bishop Fox found over 178,000 SonicWall next-generation firewalls (NGFW) publicly exploitable. SonicWall next-generation firewall (NGFW) series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities, tracked as CVE-2022-22274 and CVE-2023-0656 , that could potentially lead to remote code execution. Despite a proof-of-concept exploit for the flaw CVE-2023-0656 was publicly released, the vendor is not aware of attack in the wild exploiting the vulner

Firewall 135

Firewall Hacking Firmware Internet 135

Bleeping Computer

JANUARY 16, 2024

Citrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day vulnerabilities. [.

139

139

Security Boulevard

JANUARY 18, 2024

Have I been pwned? Yes, you probably have. Stop reusing passwords, already. Here’s what else you should do. The post Massive ‘New’ Leaked Credentials List: Naz.API Pwns Troy appeared first on Security Boulevard.

Passwords 132

Passwords Social Engineering Data privacy Authentication 132

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk