Tue.May 23, 2023

article thumbnail

Credible Handwriting Machine

Schneier on Security

In case you don’t have enough to worry about, someone has built a credible handwriting machine: This is still a work in progress, but the project seeks to solve one of the biggest problems with other homework machines, such as this one that I covered a few months ago after it blew up on social media. The problem with most homework machines is that they’re too perfect.

Media 236
article thumbnail

EY survey: Tech leaders to invest in AI, 5G, cybersecurity, big data, metaverse

Tech Republic Security

Generative AI is of particular interest to leaders for the benefits of cost savings, efficiency and effectiveness. The post EY survey: Tech leaders to invest in AI, 5G, cybersecurity, big data, metaverse appeared first on TechRepublic.

Big data 214
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

RSAC Fireside Chat: The need to stop mobile apps from exposing API keys, user credentials in runtime

The Last Watchdog

As digital transformation accelerates, Application Programming Interfaces (APIs) have become integral to software development – especially when it comes to adding cool new functionalities to our go-to mobile apps. Related: Collateral damage of T-Mobile hack Yet, APIs have also exponentially increased the attack vectors available to malicious hackers – and the software community has not focused on slowing the widening of this security gap.

Mobile 200
article thumbnail

Dell’s Project Helix heralds a move toward specifically trained generative AI

Tech Republic Security

On-premises artificial intelligence and specifically trained generative AI are now enterprise trends. Leaders from Dell and NVIDIA and analysts from Forrester Research weigh in. The post Dell’s Project Helix heralds a move toward specifically trained generative AI appeared first on TechRepublic.

article thumbnail

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

Speaker: Speakers:

They say a defense can be measured by its weakest link. In your cybersecurity posture, what––or who––is the weakest link? And how can you make them stronger? This webinar will equip you with the resources to search for quality training, implement it, and improve the cyber-behaviors of your workforce. By the end of the hour, you will feel empowered to improve the aspects of your security posture you control the least – the situational awareness and decision-making of your workforce.

article thumbnail

3 Steps to Prevent a Case of Compromised Credentials

Duo's Security Blog

Oh no! Your passwords are on the internet. Talks of passkeys, passphrases, and even password less all point in one direction: eroding faith in the previously trusty password tucked under your keyboard. Passwords are a weak point in modern-day secure authentication practices, with Verizon highlighting that almost 50% of breaches start with compromised credentials.

article thumbnail

Microsoft Dataverse: Going from Excel to new AI-powered tools

Tech Republic Security

Improvements in the data store for Microsoft's low-code platform aim to help businesses build on their data. Learn more about Microsoft Dataverse. The post Microsoft Dataverse: Going from Excel to new AI-powered tools appeared first on TechRepublic.

More Trending

article thumbnail

Android app breaking bad: From legitimate screen recording to file exfiltration within a year

We Live Security

ESET researchers discover AhRat – a new Android RAT based on AhMyth – that exfiltrates files and records audio The post Android app breaking bad: From legitimate screen recording to file exfiltration within a year appeared first on WeLiveSecurity

126
126
article thumbnail

Most Organizations Expect Ransomware Attack Within a Year

CyberSecurity Insiders

BullWall , global leaders in ransomware containment, and researchers with Cybersecurity Insiders, today published the Cybersecurity Insiders 2023 Ransomware Report. Based on a survey of 435 cybersecurity professionals, the findings identified gaps, misunderstandings and obstacles in organizational security posture, attack prevention and ransomware remediation.

article thumbnail

The Security Maturity Improvement Imperative

Security Boulevard

To enhance corporate protection against the aggressive stream of cyberattacks impacting organizations today, it is imperative to actively manage, monitor and cover systems, software and data with well-tuned security toolsets. According to Ponemon, 83% of organizations studied have experienced more than one data breach, and just 17% said this was their first data breach.

article thumbnail

Avos Ransomware takes control of emergency systems in Bluefield University

CyberSecurity Insiders

It is customary for the ransomware spreading hackers to take control of the systems and encrypt them until a ransom is paid. In double extortion cases, the hackers steal data and then encrypt the database. And if the victim fails to pay the ransom on time, they sell the siphoned data on the dark web for monetary gains. But in addition to this practice, those spreading Avos ransomware made a bold move by hijack-ing a university’s emergency communication systems and sending a SMS alert to students

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

IT employee impersonates ransomware gang to extort employer

Bleeping Computer

A 28-year-old United Kingdom man from Fleetwood, Hertfordshire, has been convicted of unauthorized computer access with criminal intent and blackmailing his employer. [.

article thumbnail

How to Track Ransomware Attacks: A Comprehensive Guide

CyberSecurity Insiders

Ransomware attacks have become a growing concern in recent years, with cybercriminals targeting individuals, businesses, and even government organizations. The ability to track these attacks is crucial for mitigating their impact and ensuring appropriate response measures are taken. In this article, we will explore various strategies and techniques to effectively track ransomware attacks, enabling organizations to enhance their cybersecurity defenses and minimize the potential damage caused by s

article thumbnail

Malvertising via brand impersonation is back again

Malwarebytes

Web search is about to embark on a new journey thanks to artificial intelligence technology that online giants such as Microsoft and Google are experimenting with. Yet, there is a problem when it comes to malicious ads displayed by search engines that AI likely won't be able to fix. In recent months, numerous incidents have shown that malvertising is on the rise again and affecting the user experience and trust in their favorite search engine.

article thumbnail

Ransomware news trending on Google

CyberSecurity Insiders

A Russian government affiliated ransomware spreading group has targeted the Indian Insurance Information Bureau (IIB) and encrypted the entire database and their demand is that they victim needs to pay $250,000 in bitcoins in exchange of a decryption key. The IIB of India issued a statement that around 30 servers were compromised in the incident and the extend of damage is yet to be calculated.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

LogRhythm vs Splunk: Top SIEM Solutions Compared

eSecurity Planet

If you’re in the market for a security information and event management (SIEM) solution, both LogRhythm and Splunk have a lot to offer, with strong support from customers and industry analysts. Both solutions appear in eSecurity Planet ’s list of top SIEM products , and SIEM buyers often compare the two. What follows is a closer look at key features of each product, with an examination of their strengths and weaknesses.

article thumbnail

Dell Launches Project Fort Zero Service to Accelerate Zero-Trust IT Shift

Security Boulevard

Dell Technologies today launched a Project Fort Zero cybersecurity services initiative that promises to make it simpler for organizations to transition to zero-trust IT environments. The initiative is based on a reference architecture defined by the U.S. Department of Defense (DoD). Announced at the Dell Technologies World conference, Dell will formally define this architecture in.

article thumbnail

IAM-Driven Biometrics: The Security Issues with Biometric Identity and Access Management

Heimadal Security

The increase of cybersecurity incidents brings along a higher demand for enhanced security protections. Thus, in the attempt of preventing unauthorized third parties from accessing their accounts and sensitive data, companies are increasingly turning to biometric authentication. Contemporary Identity and Access Management (IAM) technologies have moved beyond basic login methods based on usernames and passwords. […] The post IAM-Driven Biometrics: The Security Issues with Biometric Identity

article thumbnail

SEC Cybersecurity Rules: How To Prepare For The Coming Changes Now

Security Boulevard

Cybersecurity risk management, strategy, governance and incident disclosure are a growing concern for investors and a top priority for the U.S. Securities and Exchange Commission (SEC). In 2022, publicly-traded companies were put on notice to prepare to adopt a new set of SEC Cybersecurity rules. These new rules place an unprecedented level of accountability, governance […] The post SEC Cybersecurity Rules: How To Prepare For The Coming Changes Now appeared first on Code42.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Suzuki motorcycle plant shut down by cyber attack

Graham Cluley

The Indian manufacturing plant responsible for manufacturing Suzuki motorcycles has been forced to shut down following a cyber attack, with the loss of an estimated 20,000 vehicles. Read more in my article on the Hot for Security blog.

article thumbnail

PyPI open-source code repository deals with manic malware maelstrom

Naked Security

Controlled outage used to keep malware marauders from gumming up the works. Learn what you can do to help in future.

Malware 120
article thumbnail

Three Biggest Issues Driving Cybersecurity

Security Boulevard

Cyberattacks have become one of the top concerns for technology executives and business owners. Cybercrime will cost companies $10.5 billion annually by 2025. The estimated cost of cybercrime in 2021 was $6.1 trillion, which is expected to grow 15% each year. Businesses are increasing their cybersecurity budgets to protect their assets. The number of online.

article thumbnail

The intersection of telehealth, AI, and Cybersecurity

CyberSecurity Insiders

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Artificial intelligence is the hottest topic in tech today. AI algorithms are capable of breaking down massive amounts of data in the blink of an eye and have the potential to help us all lead healthier, happier lives.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Update now! Apple issues patches for three actively used zero-days

Malwarebytes

Apple has rolled out security updates for Safari 16.5, watchOS 9.5, tvOS 16.5, iOS 16.5, iPadOS 16.5, iOS 15.7.6, iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Ventura 13.4, and macOS Monterey 12.6.6. Among the security updates were patches for three actively exploited zero-day vulnerabilities. All these actively exploited vulnerabilities are directly related to the WebKit browser engine.

article thumbnail

New Microsoft PowerToy lets you control 4 PCs with one mouse, keyboard

Bleeping Computer

Microsoft has updated PowerToys with two new tools that help control multiple Windows systems with the same keyboard/mouse and quickly preview various file types. [.

96
article thumbnail

Google to pay $40m for "deceptive and unfair" location tracking practices

Malwarebytes

Google is going to pay $39.9 million to Washington State to put to rest a lawsuit about its location tracking practices which has been in play since last year. Google was accused of “ misleading consumers ” by State Attorney General Bob Ferguson. From the AG press release: Attorney General Bob Ferguson today announced Google will pay $39.9 million to Washington state as a result of his office’s lawsuit over misleading location tracking practices.

article thumbnail

Think security first when switching from traditional Active Directory to Azure AD

CSO Magazine

What enforces your security boundary today? What will enforce it in the next few years? For many years, Microsoft Active Directory has been the backbone and foundation of network authentication, identity, and connection. But for many organizations moving to cloud applications or having a mixture of operating systems, the need for cloud-based network management is on the rise.

article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

The Royal Gang Is Developing Its Own Malware Loader

Heimadal Security

It has been reported that the Royal ransomware group is enhancing its arsenal with new malware. This group is said to have surfaced following the dismantling of the notorious Conti group. Several other Conti-related groups have been observed using commercial downloaders such as Emotet, QBot, and IcedID. This inspired the Royal ransomware actors to develop […] The post The Royal Gang Is Developing Its Own Malware Loader appeared first on Heimdal Security Blog.

Malware 88
article thumbnail

Google announced its Mobile VRP (vulnerability rewards program)

Security Affairs

Google introduced Mobile VRP (vulnerability rewards program), a new bug bounty program for reporting vulnerabilities in its mobile applications. Google announced a new bug bounty program, named Mobile VRP (vulnerability rewards program), that covers its mobile applications. Google’s Mobile VRP is a bug bounty program for reporting vulnerabilities in first-party Android applications developed or maintained by Google.

Mobile 87
article thumbnail

AI generated Pentagon explosion photograph goes viral on Twitter

Malwarebytes

Twitter’s recent changes to checkmark verification continue to cause chaos, this time in the realm of potentially dangerous misinformation. A checkmarked account claimed to show images of explosions close to important landmarks like the Pentagon. These images quickly went viral despite being AI generated and containing multiple overt errors for anyone looking at the supposed photographs.

article thumbnail

German arms manufacturer Rheinmetall suffered Black Basta ransomware attack

Security Affairs

The German automotive and arms manufacturer Rheinmetall announced it was victim of a Black Basta ransomware attack that took place last month. Rheinmetall is a German automotive and arms manufacturer that is listed on the Frankfurt stock exchange. The company this week announced it was victim of a ransomware attack conducted by the Black Basta ransomware group.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?