Sun.Mar 26, 2023

article thumbnail

Challenges With AI: Artistry, Copyrights and Fake News

Lohrman on Security

The world is buzzing about the new AI applications that are rapidly changing the landscape at home and work. But what about copyright protections, artistry and even fake news as our AI journey accelerates?

310
310
article thumbnail

Emotet malware distributed as fake W-9 tax forms from the IRS

Bleeping Computer

A new Emotet phishing campaign is targeting U.S. taxpayers by impersonating W-9 tax forms allegedly sent by the Internal Revenue Service and companies you work with. [.

Malware 143
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Uniquely American Future of US Authoritarianism

WIRED Threat Level

The GOP-fueled far right differs from similar movements around the globe, thanks to the country’s politics, electoral system, and changing demographics.

145
145
article thumbnail

Artificial Intelligence vs Machine Learning: Understanding the Differences

CyberSecurity Insiders

Artificial intelligence (AI) and machine learning (ML) are two terms that are often used interchangeably, but they are not the same. As AI and ML are related, but they have distinct differences. In this article, we will explore the differences between AI and ML and provide examples of how they are used in the real world. What is Artificial Intelligence?

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Challenges With AI: Artistry, Copyrights and Fake News

Security Boulevard

The world is buzzing about the new AI applications that are rapidly changing the landscape at home and work. But what about copyright protections, artistry and even fake news as our AI journey accelerates? The post Challenges With AI: Artistry, Copyrights and Fake News appeared first on Security Boulevard.

118
118
article thumbnail

In Memoriam – Gordon Moore, who put the more in “Moore’s Law”

Naked Security

His prediction was called a "Law", though it was an exhortation to engineering excellence as much it was an estimate.

More Trending

article thumbnail

FBI: Business email compromise tactics used to defraud U.S. vendors

Bleeping Computer

The Federal Bureau of Investigation is warning companies in the U.S. of threat actors using tactics similar to business email compromise that allow less technical actors to steal various goods from vendors. [.

107
107
article thumbnail

Earth Preta’s Cyberespionage Campaign Hits Over 200

Trend Micro

We present a case study of the cyberespionage efforts by Earth Preta. This study on an active campaign delves into the structure, goals, and requirements of the organizations involved, and provides an opportunity to conduct wider intelligence analysis and insights in the development of effective countermeasures.

article thumbnail

Bogus Chat GPT extension takes over Facebook accounts

Malwarebytes

If you’re particularly intrigued by the current wave of interest in AI, take care. There’s some bad things lurking in search engine results waiting to compromise your Facebook account. A rogue Chrome extension deployed in a campaign targeting Facebook users is “hitting thousands a day” according to researchers who made this discovery.

article thumbnail

OpenAI: A Redis bug caused a recent ChatGPT data exposure incident

Security Affairs

OpenAI revealed that a Redis bug was the root cause of the recent exposure of users’ personal information and chat titles in ChatGPT service. On Friday, OpenAI revealed that the recent exposure of users’ personal information and chat titles in its chatbot service was caused by a bug in the Redis open-source library. On March 20, 2023, several ChatGPT users started reporting seeing conversation histories of other users appearing in their accounts.

Hacking 98
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

GitHub accidentally exposes RSA SSH key

Malwarebytes

Late last week, GitHub tweeted that it had replaced its RSA SSH "out of an abundance of caution," after accidentally exposing the key on a publicly accessible repository. How the accidental exposure managed to happen is unknown, but it means that anyone that happened to notice it and was able to copy the key could impersonate GitHub or eavesdrop on Git operations over SSH.

article thumbnail

Microsoft shares guidance for investigating attacks exploiting CVE-2023-23397

Security Affairs

Microsoft is warning of cyber attacks exploiting a recently patched Outlook vulnerability tracked as CVE-2023-23397 (CVSS score: 9.8). Microsoft published guidance for investigating attacks exploiting recently patched Outlook vulnerability tracked as CVE-2023-23397. The flaw is a Microsoft Outlook spoofing vulnerability that can lead to an authentication bypass.

article thumbnail

Ransomware gunning for transport sector's OT systems next

Malwarebytes

ENISA (the European Union Agency for Cybersecurity) has reason to believe that ransomware gangs will begin targeting transportation operational technology (OT) systems in the foreseeable future. This finding is further explored in the agency's 50-page report entitled ENISA Threat Landscape: Transport Sector. The transportation sector, which comprises the aviation, maritime, railway, and road industries, is a subgroup under the industrial sector, according to the Global Industry Classification St

article thumbnail

Security Affairs newsletter Round 412 by Pierluigi Paganini – International edition

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. NCA infiltrates the cybercriminal underground with fake DDoS-for-hire sites Pwn2Own Vancouver 2023 awarded $1,035,000 and a Tesla for 27 0-days CISA announced the Pre-Ransomware Notifications initiative China-linked hackers target telecommunica

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

ChatGPT users data leaked because of bug vulnerability

CyberSecurity Insiders

OpenAI-developed ChatGPT has hit the news headlines because user information has been leaked on the web by some threat actors who claim to have accessed and stolen data from the database of the OpenAI platform via a bug vulnerability. As a result, credit card details, the last 4 digits of credit card numbers, credit card expiration dates, first and last names, and emails of those using the conversational AI are available for others to see.

article thumbnail

A week in security (March 20 - 26)

Malwarebytes

Last week on Malwarebytes Labs: How to avoid potentially unwanted programs "ViLE" members posed as police officers and extorted victims Google reveals 18 chip vulnerabilities threatening mobile, wearables, vehicles A look at a Magecart skimmer using the Hunter obfuscator The NBA tells fans about data breach Malware creator who compromised 10,000 computers arrested Google Pixel: Cropped or edited images can be recovered New Kritec Magecart skimmer found on Magento stores Beware: Fake IRS tax emai

article thumbnail

Crypto Was Afraid to Show Its Face at SXSW 2023

WIRED Threat Level

Any mention of crypto was deliberately veiled at this year’s festival. And that strategy might catch on.

article thumbnail

Food giant Dole reveals more about ransomware attack

Malwarebytes

Fruit and vegetable producer Dole has confirmed attackers behind its February ransomware attack accessed employee data. The company hasn't revealed the number of staff impacted. In an annual report filed to the US Securities and Exchange Commission (SEC) last week, Dole said: "In February of 2023, we were the victim of a sophisticated ransomware attack involving unauthorized access to employee information.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Bank Account Verification: The Benefits of Using Bank Account Verification APIs

Security Boulevard

When a consumer opens a bank account, the bank goes through a procedure called bank account verification. It enables all required checks to be made on the account user and the source of their income, successfully stopping illegal activities like money laundering and the financing of terrorism. In this post, we’ll examine how to validate […] The post Bank Account Verification: The Benefits of Using Bank Account Verification APIs appeared first on Security Boulevard.

Banking 52
article thumbnail

They Posted Porn on Twitter. German Authorities Called the Cops

WIRED Threat Level

Regulators are using an AI system to scan websites and messaging apps to find pornography. Creators face fines and potential prison sentences.

84
article thumbnail

SEBI’s Regulations on E-Wallet KYC: What You Need to Know

Security Boulevard

Banks and fintech have been ordered by SEBI to ensure that investors complete transactions for mutual funds using e-wallets that comply with KYC requirements. The start date for this is May 1, 2023. The most recent SEBI circular suggested that all e-wallets fully comply with the RBI’s KYC requirements. In 2017, SEBI gave permission for […] The post SEBI’s Regulations on E-Wallet KYC: What You Need to Know appeared first on Security Boulevard.

Banking 52
article thumbnail

A Sub-Domain Takeover Story, Two Questions for Every WAF Provider | Sunil Agrawal (CISO, Glean)

Security Boulevard

Sunil Agrawal (CISO, Glean) shared his experience on the sub-domain takeover and how it led him to build foundationally secured SaaS products. The post A Sub-Domain Takeover Story, Two Questions for Every WAF Provider | Sunil Agrawal (CISO, Glean) appeared first on Indusface. The post A Sub-Domain Takeover Story, Two Questions for Every WAF Provider | Sunil Agrawal (CISO, Glean) appeared first on Security Boulevard.

CISO 52
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

USENIX Security ’22 – Hongbin Liu, Jinyuan Jia, Neil Zhenqiang Gong – ‘PoisonedEncoder: Poisoning The Unlabeled Pre-Training Data In Contrastive Learning’

Security Boulevard

Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Security ’22 Conference content on the organization’s’ YouTube channel. Permalink The post USENIX Security ’22 – Hongbin Liu, Jinyuan Jia, Neil Zhenqiang Gong – ‘PoisonedEncoder: Poisoning The Unlabeled Pre-Training Data In Contrastive Learning’ appeared first on Security Boulevard.

article thumbnail

? Lit + WebR + Observable Plot: Linking Lit’s Lightweight Web Components And WebR For Vanilla JS Reactivity & JS DataVis

Security Boulevard

See it live before reading! The previous post brought lit-webr, to introduce Lit and basic reactivity. Today, is more of the same, but we bring the OG Shiny demo plot into the modern age by using Observbable Plot to make the charts. We’re still pulling data from R, but we’re letting Plot do all the. Continue reading → The post ? Lit + WebR + Observable Plot: Linking Lit’s Lightweight Web Components And WebR For Vanilla JS Reactivity & JS DataVis appeared first on Security Boulevard.

40