Sun.Mar 12, 2023

article thumbnail

Procurement Guide Offers Best Practices for Moving to Cloud

Lohrman on Security

The Center for Digital Government just released a new guide to help governments in their cloud journeys. Here’s why cybersecurity pros should pay close attention.

article thumbnail

Microsoft to release GPT-4 for AI-Generated Videos

CyberSecurity Insiders

All these days, the media was busy discussing the new AI-based conversational Chatbot ChatGPT. In the coming days, the discussions will shift a bit, towards a similar product named GPT-4, a Large Language Model (LLM) machine learning tool to generate videos, just with the prompt from the text. GPT-4 will be having the potential to answer some of the modalities existing in ChatGPT, such as slower responses to user queries and accurate video processing abilities.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Unveiling the Shadow AI: The Rise of AI Reliance in Cybersecurity

Security Boulevard

Artificial Intelligence (AI) has been touted as the future of cybersecurity, and rightly so. With the growing volume and sophistication of cyber threats, cyber analysts are finding it challenging to keep up. As a result, AI has become an integral part of cybersecurity operations, providing faster and more accurate threat analysis. However, the rise of […] The post Unveiling the Shadow AI: The Rise of AI Reliance in Cybersecurity appeared first on Cyborg Security.

article thumbnail

Emotet Returns, Now Adopts Binary Padding for Evasion

Trend Micro

Following a three-month hiatus, Emotet spam activities resumed in March 2023, when a botnet known as Epoch 4 began delivering malicious documents embedded in Zip files that were attached to the emails.

Malware 94
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Procurement Guide Offers Best Practices for Moving to Cloud

Security Boulevard

The Center for Digital Government just released a new guide to help governments in their cloud journeys. Here’s why cybersecurity pros should pay close attention. The post Procurement Guide Offers Best Practices for Moving to Cloud appeared first on Security Boulevard.

article thumbnail

The risk of pasting confidential company data into ChatGPT

Security Affairs

Experts warn that employees are providing sensitive corporate data to the popular artificial intelligence chatbot model ChatGPT. Researchers from Cyberhaven Labs analyzed the use of ChatGPT by 1.6 million workers at companies across industries. They reported that 5.6% of them have used it in the workplace and 4.9% have provided company data to the popular chatbot model since it launched.

Risk 97

More Trending

article thumbnail

CASPER attack steals data using air-gapped computer's internal speaker

Bleeping Computer

Researchers at the School of Cyber Security at Korea University, Seoul, have presented a new covert channel attack named CASPER can leak data from air-gapped computers to a nearby smartphone at a rate of 20bits/sec. [.

98
article thumbnail

A week in security (March 6 - 12)

Malwarebytes

Last week on Malwarebytes Labs: 8 cybersecurity tips to keep you safe when travelling National Cybersecurity Strategy Document: What you need to know Intel CPU vulnerabilities fixed. But should you update? Warning issued over Royal ransomware Play ransomware gang leaks City of Oakland data DoppelPaymer ransomware group disrupted DeepStreamer: Illegal movie streaming platforms hide lucrative ad fraud operation Ransomware review: March 2023 Update Android now!

article thumbnail

Hands on with Windows 11's new leaked File Explorer feature

Bleeping Computer

Microsoft is working on a new XAML-based gallery view for the Windows 11 File Explorer that allows you to browse your photos by date, as well as through a built-in search box. [.

article thumbnail

WhatsApp refuses to weaken encryption, would rather leave UK

Malwarebytes

WhatsApp will not comply with the UK's Online Safety Bill when it passes legislation as is. In fact, WhatsApp would rather cease serving UK users, which make up 2% of its global market, than weaken its end-to-end encryption (E2EE). Will Cathcart, head of WhatsApp at parent company Meta, made these claims in a briefing with the UK press on Thursday, March 9.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Cisco fixed CVE-2023-20049 DoS flaw affecting enterprise routers

Security Affairs

Cisco fixed a high-severity DoS vulnerability (CVE-2023-20049) in IOS XR software that impacts several enterprise routers. Cisco has released security updates to address a high-severity DoS vulnerability, tracked as CVE-2023-20049 (CVSS score of 8.6), in IOS XR software used by several enterprise-grade routers. The vulnerability resides in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 990

article thumbnail

KamiKakaBot Malware Used in Latest Dark Pink APT Attacks on Southeast Asian Targets

The Hacker News

The Dark Pink advanced persistent threat (APT) actor has been linked to a fresh set of attacks targeting government and military entities in Southeast Asian countries with a malware called KamiKakaBot.

Malware 96
article thumbnail

S4x23 Review Part 2: Evolving Energy Cybersecurity

Trend Micro

In this second report on S4x23 held last February, this article introduces the discussion on cyber security in the energy industry, which was one of the topics that attracted attention.

article thumbnail

Microsoft finally fixes Windows 11 slow file copy issues over SMB

Bleeping Computer

Microsoft has finally addressed a known issue causing significant performance hits when copying large files over SMB after installing the Windows 11 2022 update. [.

98
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Security Affairs newsletter Round 410 by Pierluigi Paganini

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. PlugX malware delivered by exploiting flaws in Chinese programs Prometei botnet evolves and infected +10,000 systems since November 2022 CISA adds VMware’s Cloud Foundation bug to Known Exploited Vulnerabilities Catalog Law enforcement seized th

article thumbnail

Staples-owned Essendant facing multi-day "outage," orders frozen

Bleeping Computer

Staples-owned Essendant, a wholesale distributor of stationary and office supplies, is experiencing a multi-day systems "outage" preventing customers and suppliers from placing and fulfilling online orders. [.

98
article thumbnail

Breast cancer photos published by ransomware gang

Malwarebytes

The Russia-linked ALPHV ransomware group, also known as BlackCat , has posted sensitive clinical photos of breast cancer patients—calling them "nude photos"—to extort money from the Lehigh Valley Health Network (LVHN). This has triggered a chorus of accusations from the cybersecurity community, with some labeling the group as " barbarians " and others saying the group is " exploiting and sexualizing breast cancer ".

article thumbnail

Educating girls on how to be their own cyber hero

Webroot

No matter how old you are, it is important to learn how to stay safe online! According to a study conducted by Learning Innovation , more than 93% of students have access to smartphones and laptops. Cyber threats show no sign of slowing down, which is why it is important to stay up to date on security best practices. That’s one of the many reasons why we are so passionate about partnering with the Girl Scouts of Greater Chicago and Northwest Indiana to help girls be more cyber aware.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Medusa ransomware gang picks up steam as it targets companies worldwide

Bleeping Computer

A ransomware operation known as Medusa has begun to pick up steam in 2023, targeting corporate victims worldwide with million-dollar ransom demands. [.

article thumbnail

Biden’s National Cybersecurity Strategy, BetterHelp’s FTC Fine, Chick-fil-A Data Breach

Security Boulevard

What you need to know about Biden’s new National Cybersecurity Strategy, which aims to provide a framework of what the current administration wants the US federal government, critical infrastructure organizations, and private companies to do to work together to improve national cybersecurity. BetterHelp, a direct-to-consumer mental health app, has been asked to pay $7.8m by […] The post Biden’s National Cybersecurity Strategy, BetterHelp’s FTC Fine, Chick-fil-A Data Breach appeared first on The

article thumbnail

Kali Linux 2023.1 Release (Kali Purple & Python Changes)

Kali Linux

Today we are releasing Kali 2023.1 (and on our 10th anniversary )! It will be ready for immediate download or updating by the time you have finished reading this post. Given its our 10th anniversary, we are delighted to announce there are a few special things lined up to help celebrate. Stay tuned for a blog post coming out for more information! Edit: Its out !

article thumbnail

Almost Bare Bones WebR Starter App

Security Boulevard

Let’s walk through how to set up a ~minimal HTML/JS/CS + WebR-powered “app” on a server you own. This will be vanilla JS (i.e. no React/Vue/npm/bundler) you can hack on at-will. TL;DR: You can find the source to the app and track changes to it over on GitHub if you want to jump right in. Continue reading → The post Almost Bare Bones WebR Starter App appeared first on Security Boulevard.

Hacking 52
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

BrandPost: Software risk is business risk—now is the time for C-Suite to act

CSO Magazine

It has been said that every business is a software business. But what does that mean? Becoming a software business entails both rewards and risks. The reward is a competitive edge; the risks are often misunderstood and poorly managed at the highest levels of leadership. In this interview, Jason Schmitt, general manager of Synopsys Software Integrity Group, explains what business and technology leaders must do to achieve successful business transformation and take control of the risks that are in

article thumbnail

Hyperview Appoints Digital Infrastructure Leader Bill Kleyman to Advisory Board

Security Boulevard

Award-winning data center, cloud, and digital infrastructure leader, Bill Kleyman is announced to Hyperview advisory board Vancouver, British Columbia – Mar. 14, 2023 – Hyperview, a leading cloud-based data center infrastructure management (DCIM) platform provider, today announced that it has named award-winning industry analyst, speaker and author, Bill Kleyman to its advisory board.

article thumbnail

BrandPost: Poor software quality can cost time and money, straightforward solutions are available

CSO Magazine

Most of the time, ROI is calculated on how much money you made on the money you spent. But it also applies to money you didn’t have to spend. As the old proverb puts it, “A penny saved is a penny earned.” And by that measure, there are hundreds of trillions of pennies going unearned, because organizations aren’t investing in improving their software.

article thumbnail

USENIX Security ’22 – Xiaochen Zou, Guoren Li, Weiteng Chen, Hang Zhang, Zhiyun Qian – ‘SyzScope: Revealing High-Risk Security Impacts Of Fuzzer-Exposed Bugs In Linux Kernel’

Security Boulevard

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Permalink The post USENIX Security ’22 – Xiaochen Zou, Guoren Li, Weiteng Chen, Hang Zhang, Zhiyun Qian – ‘SyzScope: Revealing High-Risk Security Impacts Of Fuzzer-Exposed Bugs In Linux Kernel’ appeared first on Security Boulevard.

Risk 52
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

BrandPost: Thinking of “hiring” an AI tool for your development needs? Ask these questions at the interview

CSO Magazine

Ever since ChatGPT was released in late 2022, the internet has been abuzz with equal parts doom and optimism. Love it or hate it, AI is coming to your development organization. Even if you don’t plan on developing an AI product or hiring an AI development bot to write code for you, it may still be integrated into the tooling and platforms used to build, test, and run your artisanal, handmade source code.

Risk 51
article thumbnail

Acronis states that only one customer’s account has been compromised. Much ado about nothing

Security Affairs

Acronis downplays the severity of the recent security breach explaining that only a single customer’s account was compromised. The CISO of Acronis downplayed a recent intrusion, revealing that only one customer was impacted. This week a threat actor, who goes online with the moniker “kernelware”, claimed the theft of data from technology firm Acronis and started leaking it on the cybercrime forum Breached Forums.

article thumbnail

BrandPost: Automation is the key component of DevSecOps collaboration and optimization

CSO Magazine

In the world of software development, speed and security are often viewed as natural enemies: Development teams, under pressure to move ever faster, complain of security measures creating “friction” that slows them down. But it doesn’t have to be that way. It’s possible to build high-quality software products, with security built-in, at the speed the market demands.