Schneier on Security
JULY 28, 2023
Interesting research: “ (Ab)using Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs “: Abstract: We demonstrate how images and sounds can be used for indirect prompt and instruction injection in multi-modal LLMs. An attacker generates an adversarial perturbation corresponding to the prompt and blends it into an image or audio recording.
Troy Hunt
JULY 28, 2023
IoT, breaches and largely business as usual so I'll skip that in the intro to this post and jump straight to the end: the impending HIBP domain search changes. As I say in the vid, I really value people's feedback on this so if nothing else, please skip through to 48:15, listen to that section and let me know what you think. By the time I do next week's vid my hope is that all the coding work is done and I'm a couple of days out from shipping it, so now is your time to provid
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JULY 28, 2023
The forum's goal is to establish "guardrails" to mitigate the risk of AI. Learn about the group's four core objectives, as well as the criteria for membership.
Bleeping Computer
JULY 28, 2023
Microsoft Edge web browser has been displaying security warnings after Twitter changed its name to 'X'. It's got to do with a security feature dubbed 'Progressive Web App Icon change', designed to keep users safe during app icon or name changes. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
JULY 28, 2023
The free NordVPN Meshnet helps you create your own VPN tunnel to securely and directly connect different devices. Learn more about Meshnet and how to set it up in this guide.
Security Boulevard
JULY 28, 2023
C’mon Cupertino: “Unknown Tracker Detected,” your phone screams. What now? The post Android Foils AirTag Stalkers and Thieves — While Apple Does Nothing appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Hacker News
JULY 28, 2023
A legitimate Windows search feature is being exploited by unknown malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT.
Security Boulevard
JULY 28, 2023
US Senator Ron Wyden (D-OR) is asking government enforcement agencies to hold Microsoft responsible for the hack by a Chinese-linked threat group that reportedly led to hundreds of thousands of emails from top US officials being stolen and was caused by the IT giant’s “negligent cybersecurity practices.” In a sharply worded letter this week to. The post Senator Wyden: Microsoft is Responsible for China-Linked Group’s Hack appeared first on Security Boulevard.
Bleeping Computer
JULY 28, 2023
CISA says new malware known as Submarine was used to backdoor Barracuda ESG (Email Security Gateway) appliances on federal agencies' networks by exploiting a now-patched zero-day bug. [.
Security Boulevard
JULY 28, 2023
Threat actors are using bogus advertisements for IT tools on sites like Google and Microsoft’s Bing in hopes of luring tech users to inadvertently download malware that kicks off an attack that eventually leads to ransomware like BlackCat. The hackers use the Nitrogen malware to get initial access into corporate networks, leading to a second. The post Nitrogen Campaign Starts with Fake Ads, Ends with Ransomware appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
JULY 28, 2023
Crypto-payments service provider CoinsPaid suffered a cyber attack that resulted in the theft of $37,200,000 worth of cryptocurrency. CoinsPaid, a crypto-payment service provider, fell victim to a cyber attack, leading to the theft of $37,200,000 worth of cryptocurrency. The company attributes the cyber heist to the North Korea-linked APT Lazarus , which is also responsible for the attacks against Axie Infinity (USD 625M), Horizon Bridge (USD 100M), Atomic Wallet (USD 100M) and Alphapo (USD 23M)
Security Boulevard
JULY 28, 2023
In an increasingly digitalized world, the significance of cybersecurity cannot be overstated. Cyber threats continue to evolve, posing immense challenges to organizations of all sizes. To stay ahead of these threats, professionals and businesses need to arm themselves with knowledge, skills, and innovative solutions. STRONGER, a fully free and virtual cybersecurity conference , aims to gather the cyber community together for an event that fosters collaboration, delivers top-of-mind industry insi
IT Security Guru
JULY 28, 2023
Hybrid work models and broadly adopted cloud technology disperse operations extensively; data is moved, stored, and accessed from highly distributed locations. Within such a disseminated environment, cybersecurity hygiene concerns businesses and organisations, especially nowadays, where highly skilled cybercriminals become more active, and their attacks are predicted to intensify further and increase the cost at a 15% annual rate.
Security Boulevard
JULY 28, 2023
Data center infrastructure management (DCIM) is the process of monitoring, managing and optimizing the physical and logical components of a data center, such as servers, storage, network, power, cooling and security. DCIM software helps data center operators to improve efficiency, reduce costs, enhance performance and ensure availability of their IT services.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
JULY 28, 2023
Russia-linked BlueBravo has been spotted targeting diplomatic entities in Eastern Europe with the GraphicalProton Backdoor. The Russia-linked threat-state actor BlueBravo (aka APT29 , Cloaked Ursa, and Midnight Blizzard, Nobelium ) has been observed targeting diplomatic entities throughout Eastern Europe. The group was observed conducting a spear-phishing campaign with the end goal of infecting recipients with a new backdoor called GraphicalProton.
The Hacker News
JULY 28, 2023
As part of Checkmarx's mission to help organizations develop and deploy secure software, the Security Research team started looking at the security posture of major car manufacturers. Porsche has a well-established Vulnerability Reporting Policy (Disclosure Policy)[1], it was considered in scope for our research, so we decided to start there, and see what we could find.
Security Affairs
JULY 28, 2023
The issue of how to prevent insider threats without infringing on employee privacy is one that has been a hot topic of debate in recent years. Because insider threats are uniquely challenging to detect and identify, different methods are needed than traditional detection based on signatures or other known threat triggers. Tools that are designed to detect insider threats are more effective, but also bring up questions related to the level of monitoring necessary and employees’ right to a certain
Bleeping Computer
JULY 28, 2023
Two new Android malware families named 'CherryBlos' and 'FakeTrade' were discovered on Google Play, aiming to steal cryptocurrency credentials and funds or conduct scams. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
The Hacker News
JULY 28, 2023
The threat actors linked to the malware loader known as IcedID have made updates to the BackConnect (BC) module that's used for post-compromise activity on hacked systems, new findings from Team Cymru reveal.
Malwarebytes
JULY 28, 2023
Earlier this month, a group of hackers was spotted using a set of malicious tools—that originally gained popularity with online video game cheaters—to hide their Windows-based malware from being detected. Sounds unique, right? Frustratingly, it isn't, as the specific security loophole that was abused by the hackers has been around for years, and Microsoft's response, or lack thereof, is actually a telling illustration of the competing security environments within Windows and macOS.
The Hacker News
JULY 28, 2023
Apple has announced plans to require developers to submit reasons to use certain APIs in their apps starting later this year with the release of iOS 17, iPadOS 17, macOS Sonoma, tvOS 17, and watchOS 10 to prevent their abuse for data collection. "This will help ensure that apps only use these APIs for their intended purpose," the company said in a statement.
Malwarebytes
JULY 28, 2023
Two weeks ago, we urged readers to apply a workaround for an actively exploited vulnerability in Zimbra Collaboration Suite (ZCS) email servers. Zimbra has released ZCS 10.0.2 that fixes two security issues, including the known bug that could lead to exposure of internal JSP and XML files. Zimbra is an open source webmail application used for messaging and collaboration.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
JULY 28, 2023
Ivanti has disclosed yet another security flaw impacting Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core, that it said has been weaponized as part of an exploit chain by malicious actors in the wild. The new vulnerability, tracked as CVE-2023-35081 (CVSS score: 7.8), impacts supported versions 11.10, 11.9, and 11.8, as well as those that are currently end-of-life (EoL).
Bleeping Computer
JULY 28, 2023
Starting this fall, Apple has announced that developers will be required to provide a reason for using certain APIs that can collect information from their apps' users. [.
The Hacker News
JULY 28, 2023
Increasing cyber threats and attacks have made protecting organizational data a paramount concern for businesses of all sizes. A group of experts have recognized the pressing need for comprehensive browser security solutions and collaborated to develop "The Definitive Browser Security RFP Template.
Heimadal Security
JULY 28, 2023
Picture this scenario: you’re browsing the internet, going about your business, when suddenly a malicious website pops up out of nowhere. Your heart races as you realize that your sensitive data and personal information may be at risk. You scramble to find a solution to protect yourself and your company from these cyber threats. Enter […] The post DNS Protection: A Must-Have Defense Against Cyber Attacks appeared first on Heimdal Security Blog.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Dark Reading
JULY 28, 2023
The more artificial intelligence builds out our digital personas, the easier it will become for bad actors to target us with more convincing attacks.
The Hacker News
JULY 28, 2023
An ongoing cyber attack campaign has set its sights on Korean-speaking individuals by employing U.S. Military-themed document lures to trick them into running malware on compromised systems. Cybersecurity firm Securonix is tracking the activity under the name STARK#MULE.
Bleeping Computer
JULY 28, 2023
The Hawaiʻi Community College has admitted that it paid a ransom to ransomware actors to prevent the leaking of stolen data of approximately 28,000 people. [.
The Hacker News
JULY 28, 2023
The Russian nation-state actor known as BlueBravo has been observed targeting diplomatic entities throughout Eastern Europe with the goal of delivering a new backdoor called GraphicalProton, exemplifying the continuous evolution of the threat.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
201 
Let's personalize your content