Schneier on Security
AUGUST 7, 2023
A bunch of networks, including US Government networks , have been hacked by the Chinese. The hackers used forged authentication tokens to access user email, using a stolen Microsoft Azure account consumer signing key. Congress wants answers. The phrase “ negligent security practices ” is being tossed about—and with good reason. Master signing keys are not supposed to be left around, waiting to be stolen.
The Last Watchdog
AUGUST 7, 2023
LAS VEGAS — Penetration testing, traditionally, gave businesses a nice, pretty picture of their network security posture — at a given point in time. Related: Going on the security offensive Such snapshots proved useful for building audit trails, particularly for companies in heavily regulated industries. However, manual pentests never really were very effective at shining a light on emerging cyber exposures of the moment.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
AUGUST 7, 2023
ChatGPT-related security risks also include writing malicious code and amplifying disinformation. Read about a new tool advertised on the Dark Web called WormGPT.
The Last Watchdog
AUGUST 7, 2023
We all get spam emails, and while it’s annoying, it’s not usually anything to worry about. However, getting a huge influx of spam at once is a warning sign. People suddenly getting a lot of spam emails may be the target of a sophisticated cyber-attack. Related: How AI can relieve security pros What causes spam emails? Someone leaking, stealing or selling account information can cause a sudden influx of spam emails.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
AUGUST 7, 2023
Encryption is vital for securing data, whether in transit or stored on devices. It can provide peace of mind that communications will not be intercepted and that sensitive information stored on devices can’t be exfiltrated in the event of loss or theft. This policy from TechRepublic Premium provides guidelines for adopting encryption technologies for organizational.
The Last Watchdog
AUGUST 7, 2023
San Jose, Calif., Aug. 7, 2023 – GhangorCloud, a leading provider of Deep AI-based information security and data privacy compliance enforcement solutions, is pleased to announce it has been selected upon nomination by the US Department of Commerce, as one of three cybersecurity vendors selected to demonstrate advanced capabilities at the 2023 G20 Summit in India, August 17-19.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Hacker News
AUGUST 7, 2023
A group of academics has devised a "deep learning-based acoustic side-channel attack" that can be used to classify laptop keystrokes that are recorded using a nearby phone with 95% accuracy.
Veracode Security
AUGUST 7, 2023
Veracode recently released Static Analysis support for Dart 3 and Flutter 3.10. This makes it possible for developers to leverage the power of Dart and Flutter and deliver more secure mobile applications by finding and resolving security flaws earlier in the development lifecycle when they are fastest and least expensive to fix. The release also expanded Veracode’s extensive support covering over 100 languages and frameworks, and we thought it presented a good opportunity to dive into the topic
Malwarebytes
AUGUST 7, 2023
The European Data Protection Board is expected to fine TikTok for violating the privacy of young children within the next four weeks. The European Data Protection Board said a binding decision has been reached over TikTok's processing of children’s data, after the ByteDance-owned app submitted legal objections to an earlier ruling in Ireland, the home of the company’s European headquarters.
Security Affairs
AUGUST 7, 2023
Zoom changed its terms of service requiring users to allow AI to train on all their data without giving them an opt-out option. Zoom updated its terms of service and informed users that it will train its artificial intelligence models using some of its data. The update will be effective as of July 27, and accepting the ToS users will give Zoom the right to utilize some aspects of customer data for training its AI models.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
AUGUST 7, 2023
The Google Play store was infiltrated by 43 Android applications with 2.5 million installs that secretly displayed advertisements while a phone's screen was off, running down a device's battery. [.
Security Affairs
AUGUST 7, 2023
Experts found 43 Android apps in Google Play with 2.5 million installs that displayed advertisements while a phone’s screen was off. Recently, researchers from McAfee’s Mobile Research Team discovered 43 Android apps in Google Play with 2.5 million installs that loaded advertisements while a phone’s screen was off. The experts pointed out that this behavior violates Google Play Developer policy , in impacts the advertisers who pay for Ads that will be never displayed to the users, a
The Hacker News
AUGUST 7, 2023
Vulnerable Redis services have been targeted by a "new, improved, dangerous" variant of a malware called SkidMap that's engineered to target a wide range of Linux distributions. "The malicious nature of this malware is to adapt to the system on which it is executed," Trustwave security researcher Radoslaw Zdonczyk said in an analysis published last week.
Security Affairs
AUGUST 7, 2023
The FBI is warning about cyber criminals masquerading as NFT developers to steal cryptocurrency and other digital assets. The U.S. Federal Bureau of Investigation (FBI) is warning about cyber criminals posing as legitimate NFT developers in fraud schemes designed to target active users within the NFT community. The end goal is to steal cryptocurrency and other digital assets from the users.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
The Hacker News
AUGUST 7, 2023
In today's interconnected world, evolving security solutions to meet growing demand is more critical than ever. Collaboration across multiple solutions for intelligence gathering and information sharing is indispensable. The idea of multiple-source intelligence gathering stems from the concept that threats are rarely isolated.
Security Affairs
AUGUST 7, 2023
Two North Korea-linked APT groups compromised the infrastructure of the major Russian missile engineering firm NPO Mashinostroyeniya. Cybersecurity firm SentinelOne linked the compromise of the major Russian missile engineering firm NPO Mashinostroyeniya to two different North Korea-linked APT groups. NPO Mashinostroyeniya (JSC MIC Mashinostroyenia, NPO Mash) is a leading Russian manufacturer of missiles and military spacecraft.
WIRED Threat Level
AUGUST 7, 2023
Cybercriminals are touting large language models that could help them with phishing or creating malware. But the AI chatbots could just be their own kind of scam.
Bleeping Computer
AUGUST 7, 2023
Hackers are increasingly abusing the legitimate Cloudflare Tunnels feature to create stealthy HTTPS connections from compromised devices, bypass firewalls, and maintain long-term persistence. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
WIRED Threat Level
AUGUST 7, 2023
Since 2018, a dedicated team within Microsoft has attacked machine learning systems to make them safer. But with the public release of new generative AI tools, the field is already evolving.
Bleeping Computer
AUGUST 7, 2023
With the introduction of Windows 11 23H2, Microsoft has modernized File Explorer on Windows 11, bringing a fresher look and feel to the system's integral file management tool. [.
WIRED Threat Level
AUGUST 7, 2023
Soon after Russian troops invaded Ukraine in February 2022, sensors in the Chernobyl Exclusion Zone reported radiation spikes. A researcher now believes he’s found evidence the data was manipulated.
SecureWorld News
AUGUST 7, 2023
This is Part 1 of a three-part series tackling the topic of generative AI tools. This first installment is "Safeguarding Ethical Development in ChatGPT and Other LLMs through a Comprehensive Approach: Integrating Security, Psychological Considerations, and Governance." In the realm of generative AI tools, such as Language Learning Models (LLMs), it is essential to take a comprehensive approach toward the development and deployment.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
AUGUST 7, 2023
The U.S. Federal Bureau of Investigation (FBI) is warning about cyber crooks masquerading as legitimate non-fungible token (NFT) developers to steal cryptocurrency and other digital assets from unsuspecting users.
SecureWorld News
AUGUST 7, 2023
Zoom Video Communications, Inc. recently updated its terms of service to permit training AI on user content without an opt-out option. Some legal experts, privacy advocates, and cybersecurity professionals are calling the new terms "excessive" and say it blurs the lines of what should be allowed in terms of consent, data privacy, and personal rights.
Dark Reading
AUGUST 7, 2023
Accenture's Cyber Threat Intelligence unit has observed a tenfold rise in Dark Web threat actors targeting macOS since 2019, and the trend is poised to continue.
SecureBlitz
AUGUST 7, 2023
Hit It Rich! Casino Slots, where dreams of striking it rich can become a reality. Developed by Zynga, Hit It Rich! is a popular casino game that offers a wide array of slot machines with captivating themes and exciting gameplay. In this blog, we will explore the rich rewards and enticing features that make this […] The post Hitting the Jackpot: A Look at the Rich Rewards of Hit It Rich!
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
AUGUST 7, 2023
A new malware campaign has been observed making use of malicious OpenBullet configuration files to target inexperienced cyber criminals with the goal of delivering a remote access trojan (RAT) capable of stealing sensitive information.
Dark Reading
AUGUST 7, 2023
Threat actors such as the operators of the Cl0p ransomware family increasingly exploit unknown and day-one vulnerabilities in their attacks.
The Hacker News
AUGUST 7, 2023
Two different North Korean nation-state actors have been linked to a cyber intrusion against the major Russian missile engineering company NPO Mashinostroyeniya.
Malwarebytes
AUGUST 7, 2023
Robocallers are in the news after the FCC issued a $300 million forfeiture to a persistent offender and shut down their operation. A robocall network makes use of automated software diallers to spam out large numbers of cold calls to unsuspecting recipients. These calls promise much but give very little. Anyone taking the bait stands a good chance of losing control of their personal data or suffering from all manner of dubious payments leaving their bank account.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
232 
Let's personalize your content