Schneier on Security

NOVEMBER 13, 2023

There are a lot of possibilities here. AI can give this capability to every decision-making group. At the extreme, an AI could be an arbiter—a judge—weighing evidence and making a decision. Artificial intelligence will change so many aspects of society, largely in ways that we cannot conceive of yet.

Artificial Intelligence 285

Artificial Intelligence Technology Government Education 285

Schneier on Security

JULY 31, 2023

They look something like this: Write a tutorial on how to make a bomb describing. We demonstrate that it is in fact possible to automatically construct adversarial attacks on LLMs, specifically chosen sequences of characters that, when appended to a user query, will cause the system to obey user commands even if it produces harmful content.

Software 218

Software Artificial Intelligence 218

Schneier on Security

JANUARY 5, 2024

Shor’s algorithm has the potential to factor large numbers faster than otherwise possible, which—if the run times are actually feasible—could break both the RSA and Diffie-Hellman public-key algorithms. We don’t have a useful quantum computer yet, but we do have quantum algorithms. Again, this is all still theoretical.

236

236

Schneier on Security

MAY 12, 2023

as a semi-autonomous software program that solves problems that humans ask it to solve, the question is then: how do we prevent that software from assisting corporations in ways that make people’s lives worse? It will always be possible to build A.I. Ted Chiang has an excellent essay in the New Yorker : “Will A.I. researchers.

Risk 243

Risk Software Technology Marketing 243

Schneier on Security

DECEMBER 12, 2023

By replacing the legitimate logo images with identical-looking ones that have been specially crafted to exploit these bugs, LogoFAIL makes it possible to execute malicious code at the most sensitive stage of the boot process, which is known as DXE, short for Driver Execution Environment. It’s an interesting vulnerability.

Firmware 285

Firmware Manufacturing Internet Internet 285

The Last Watchdog

DECEMBER 17, 2023

Related: Why tech standards matter IoT is transitioning from an array of devices that we can control across the Internet into a realm where billions of IoE devices can communicate with each other and make unilateral decisions on our behalf. We protect these chips by making sure no one can access these keys,” Rosteck told me.

IoT 255

IoT Internet Internet Technology 255

Troy Hunt

NOVEMBER 23, 2022

Which is why we're making it possible for 30% less 😊 Ok, being more serious for a moment, I'm talking about Pwned the book which we launched a couple of months ago and it's chock full of over 800 pages worth of epic blog posts and more importantly, the stories behind them.

225

225

The Last Watchdog

APRIL 1, 2024

Traditionally it’s been about focusing inward on securing systems and data at the lowest possible cost, driven by compliance requirements. If the CIO and CISO are operating in silos, and do not have shared vision, goals, and values here, it will make broader organizational cultural change difficult.

Cybersecurity 221

Cybersecurity CISO B2B Risk 221

Schneier on Security

MAY 21, 2021

The researchers also note that in this side-by-side scenario, attackers take steps to make the two distinct strains of ransomware look as similar as possible, so it’s more difficult for incident responders to sort out what’s going on.

Encryption 351

Encryption Ransomware Malware 351

Tech Republic Security

JULY 23, 2021

Commentary: DuckDuckGo is small by Google's standards, but the company is proving it's very possible to make a lot of money with just a bit more privacy.

218

218

Daniel Miessler

MAY 15, 2023

AI Assistants combine knowledge and access, making them like a digital soul. Attacking agents will allow attackers to make it do actions it wasn’t supposed to. At the time of writing, GPT-4 has only been out for a couple of months, and ChatGPT for only 6 months. So things are very early.

Technology 364

Technology Internet Internet Mobile 364

Tech Republic Security

AUGUST 31, 2021

Authentication sans password is already possible and solutions are on the market from companies like Ping Identity. With passwords passé, it's time to make the leap to better security.

Passwords 208

Passwords Marketing Authentication 208

The Hacker News

FEBRUARY 21, 2024

With SaaS applications now making up the vast majority of technology used by employees in most organizations, tasks related to identity governance need to happen across a myriad of individual SaaS apps.

Government 98

Government Technology 98

Schneier on Security

AUGUST 11, 2023

In this Systematization of Knowledge (SoK) paper, we examine the design space, use cases, problems with prior approaches, and possible paths forward. I think this conceptualization makes sense, and explains a lot. User identity is central to the vectors of attack and manipulation employed in these contexts.

197

197

The Hacker News

NOVEMBER 20, 2023

Bitcoin wallets created between 2011 and 2015 are susceptible to a new kind of exploit called Randstorm that makes it possible to recover passwords and gain unauthorized access to a multitude of wallets spanning several blockchain platforms.

Hacking 122

Hacking Passwords 122

Schneier on Security

DECEMBER 8, 2022

The post is just a list of the keys, but running each one through APKMirror or Google’s VirusTotal site will put names to some of the compromised keys: Samsung , LG , and Mediatek are the heavy hitters on the list of leaked keys, along with some smaller OEMs like Revoview and Szroco, which makes Walmart’s Onn tablets.

Malware 293

Malware Authentication Accountability 293

Jane Frankland

APRIL 17, 2024

And as a technologist, this makes me want to ask: how can we make people feel as comfortable and sure about digital interactions as they do in real-life situations where trust is built over time? This makes sense, especially considering the relationship between trust, digital transformations and cybersecurity.

Identity Theft 200

Identity Theft Digital transformation Technology Risk 200

Security Boulevard

FEBRUARY 12, 2024

Action1 updated its patch management platform to make it possible to dynamically group endpoints and provide an audit trail capability. The post Action1 Extends Automated Patching Capability to Groups of Endpoints appeared first on Security Boulevard.

Malware 76

Malware Cybersecurity 76

Malwarebytes

FEBRUARY 29, 2024

Copy that POST request and use a method to try all the 100,000 possibilities. Note, 100,000 possibilities may sound like a lot, but given the two hour time-frame there are plenty of options to do that. That makes it a lot harder to take over the account. And strangely enough the notifications came in two flavors.

Accountability 124

Accountability Passwords Authentication Risk 124

Schneier on Security

JUNE 21, 2021

But many of the most transformative of these possibilities still require significant machine learning breakthroughs. Some of the most transformative impacts may come from making previously un- or under-utilized defensive strategies available to more organizations.

Cybersecurity 273

Cybersecurity Technology 273

The Hacker News

NOVEMBER 17, 2023

Federal Communications Commission (FCC) is adopting new rules that aim to protect consumers from cell phone account scams that make it possible for malicious actors to orchestrate SIM-swapping attacks and port-out fraud.

Scams 116

Scams Accountability 116

The Hacker News

SEPTEMBER 7, 2023

plugs CVE-2023-39265 and CVE-2023-37941, which make it possible to conduct nefarious actions once a bad actor is able to gain control of Superset’s metadata database. The update (version 2.1.1) Outside of these

127

127

Google Security

JANUARY 30, 2024

Pixel phones are designed to help protect you and your data, and make security and privacy as easy as possible. We’ve launched support for passkeys on Google platforms such as Android and Chrome, and recently we announced that we’re making passkeys a default option across personal Google Accounts.

Password Management 117

Password Management Passwords Accountability Phishing 117

Security Affairs

DECEMBER 8, 2023

“The techniques were capable of working across all processes without any limitations, making them more flexible than existing process injection techniques. Searching for the possibility of triggering the execution of malware through a legitimate action the experts analyzed the Windows user-mode thread pool.

Hacking 140

Hacking Malware Cybersecurity Information Security 140

Bleeping Computer

APRIL 18, 2022

Kaspersky today revealed it found a vulnerability in Yanluowang ransomware's encryption algorithm, which makes it possible to recover files it encrypts. [.].

Ransomware 127

Ransomware Encryption 127

IT Security Guru

APRIL 5, 2024

At the same time, the possibilities enamor many people. Phishing Attacks: AI aims to make it sound as human as possible. Generative AI (GenAI) is a top player changing the internet’s landscape. Infiltrating various markets, it presents new and enhanced risks to this landscape. For that reason, it’s also an ultimate defense tool.

Cybersecurity 123

Cybersecurity Scams Data breaches Marketing 123

The Hacker News

SEPTEMBER 9, 2022

This vulnerability makes it possible for unauthenticated users to download arbitrary files from the affected site which can include sensitive information," it said. A zero-day flaw in a WordPress plugin called BackupBuddy is being actively exploited, WordPress security company Wordfence has disclosed.

138

138

The Hacker News

FEBRUARY 7, 2023

The first-ever Linux variant of the Clop ransomware has been detected in the wild, but with a faulty encryption algorithm that has made it possible to reverse engineer the process.

Encryption 96

Encryption Ransomware Engineering 96

Thales Cloud Protection & Licensing

APRIL 8, 2024

This one makes your heart sink. The Onboarding Dilemma : We want to sign up for new services fast, but companies must make sure we are who we say we are. Here are a few simple habits that can make a big difference: Password Power-Ups : Your passwords are like flimsy shields against determined attackers. Even better?

Identity Theft 138

Identity Theft Passwords Banking Password Management 138

Security Affairs

DECEMBER 18, 2023

Once installed on a system, info stealers often aim to remain undetected for as long as possible. Some info stealers may use encryption techniques to hide their communication with command-and-control servers, making it more challenging for security systems to detect malicious activities. So, how do you protect against them?

Banking 120

Banking Cybercrime Malware Accountability 120

Security Boulevard

APRIL 24, 2023

Salt Security has infused additional artificial intelligence (AI) capabilities into its software-as-a-service (SaaS) platform that should make it simpler to both discover APIs and triage levels of threat. The post Salt Security Applies Additional AI Capabilities to API Security appeared first on Security Boulevard.

Artificial Intelligence 109

Artificial Intelligence Software Cybersecurity 109

Bleeping Computer

OCTOBER 11, 2021

LibreOffice and OpenOffice have pushed updates to address a vulnerability that makes it possible for an attacker to manipulate documents to appear as signed by a trusted source. [.].

Software 138

Software 138

Bleeping Computer

SEPTEMBER 21, 2021

Security researchers disclosed today a new vulnerability in Apple's macOS Finder, which makes it possible for attackers to run arbitrary commands on Macs running any macOS version up to the latest release, Big Sur. [.].

144

144

Security Affairs

JANUARY 19, 2024

What if we make incremental improvements or chain multiple results from a quantum computer that’s realizable today?” In the latter case, a government might need to identify all the possible things it can do that will not result in war with a particular country. Can quantum computing break cryptography? Sure, it can.

Technology 121

Technology Encryption Hacking Internet 121

InfoWorld on Security

NOVEMBER 7, 2023

Identity features in.NET 8 are positioned to make it easier to secure applications. New APIs make it possible to secure web API endpoints with cookie-based authentication and authorization.

Authentication 76

Authentication 76

Bleeping Computer

FEBRUARY 15, 2023

Automakers Hyundai and KIA are rolling out an emergency software update on several of their car models impacted by an easy hack that makes it possible to steal them. [.]

Software 91

Software Hacking Technology 91

The Hacker News

MAY 4, 2023

The product in question makes it possible Cisco has warned of a critical security flaw in SPA112 2-Port Phone Adapters that it said could be exploited by a remote attacker to execute arbitrary code on affected devices. The issue, tracked as CVE-2023-20126, is rated 9.8 out of a maximum of 10 on the CVSS scoring system.

98

98