Thu.Apr 06, 2023

article thumbnail

Research on AI in Adversarial Settings

Schneier on Security

New research: “ Achilles Heels for AGI/ASI via Decision Theoretic Adversaries “: As progress in AI continues to advance, it is important to know how advanced systems will make choices and in what ways they may fail. Machines can already outsmart humans in some domains, and understanding how to safely build ones which may have capabilities at or above the human level is of particular concern.

article thumbnail

Weekly Update 342

Troy Hunt

Next time I post a poll about something as simple as "when is next Friday", I don't expect I'll get as much interest. Of course "next time" will be whatever poll follows the last one, not the poll that falls after that one! But more seriously, I cannot think of a better example of ambiguous language that's open to interpretation and so easily avoided (hello MM-DD people!

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

DDoS attacks rise as pro-Russia groups attack Finland, Israel

Tech Republic Security

Two Russia-associated groups hit Israel and Finland with DDoS attacks, this week. Cybersecurity experts say the actions represent a marked increase in exploits and a harbinger of cyberattacks to come. The post DDoS attacks rise as pro-Russia groups attack Finland, Israel appeared first on TechRepublic.

DDOS 210
article thumbnail

Twitter 'Shadow Ban' Bug Gets Official CVE

Dark Reading

A flaw in Twitter code allows bot abuse to trick the algorithm into suppressing certain accounts.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Microsoft Takes Legal Action to Disrupt Cybercriminals' Illegal Use of Cobalt Strike Tool

The Hacker News

Microsoft said it teamed up with Fortra and Health Information Sharing and Analysis Center (Health-ISAC) to tackle the abuse of Cobalt Strike by cybercriminals to distribute malware, including ransomware. To that end, the tech giant's Digital Crimes Unit (DCU) revealed that it secured a court order in the U.S.

article thumbnail

Own a Nexx “smart” alarm or garage door opener? Get rid of it, or regret it

Graham Cluley

Hacker can remotely open or close garage doors, seize control of alarms, and switch on (or switch off) customers' "smart" plugs due to vulnerabilities in Nexx products.

IoT 125

LifeWorks

More Trending

article thumbnail

Telegram now the go-to place for selling phishing tools and services

Bleeping Computer

Telegram has become the working ground for the creators of phishing bots and kits looking to market their products to a larger audience or to recruit unpaid helpers. [.

Phishing 124
article thumbnail

S3 Ep129: When spyware arrives from someone you trust

Naked Security

Scanning tools, supply-chain malware, Wi-Fi hacking, and why there should be TWO World Backup Days. listen now!

Spyware 122
article thumbnail

Tesla staff sharing in-car customer images

CyberSecurity Insiders

Do you own a Tesla electric vehicle? If yes, then this news piece could be of interest to you. According to research conducted by Reuters, private recordings of individual Tesla car customers are being shared by former employees via chat rooms and other resources. The circulated clips include a child being hit by a car, a couple having an intimate experience in the cabin, a Tesla customer washing her vehicle almost unclothed, and some private conversations taking place before the car when the ve

article thumbnail

Why the Largest Cybersecurity Gap is the Application Environment

Security Boulevard

In today’s world, where almost everything is connected to the internet, cybersecurity is a top priority for businesses and individuals alike. Cyber threats are becoming more sophisticated, more coordinated, and more intelligent, and the need for effective security measures and lateral movement protection has become more urgent. One of the biggest gaps in cybersecurity is.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Money Message ransomware gang claims MSI breach, demands $4 million

Bleeping Computer

Taiwanese PC parts maker MSI (Micro-Star International) has been listed on the extortion portal of a new ransomware gang known as "Money Message," which claims to have stolen source code from the company's network. [.

article thumbnail

Influence of data breaches on Merger and Acquisition deals

CyberSecurity Insiders

Data breaches have become increasingly common in recent years, and they can have a significant impact on merger and acquisition (M&A) deals. In this article, we will explore the influence of data breaches on M&A deals and the steps that companies can take to minimize their risks. Information breaches can have a severe impact on M&A deals because they can compromise the confidentiality, integrity, and availability of sensitive data.

article thumbnail

CREST publishes guide for enhancing cyber resilience in developing countries

CSO Magazine

International information security accreditation and certification body CREST has published a new guide to fostering financial sector cyber resilience in developing countries. The nonprofit’s Resilience in Developing Countries paper forms part of its work in encouraging greater cyber readiness and resilience in emerging nations to help protect key industries from cyberattacks.

article thumbnail

How CISOs Can Influence API Security Change

Security Boulevard

Security incidents can cost a chief information security officer (CISO) their job. For example, cybersecurity breaches at Capital One, Uber, Equifax and plenty of others have led to the firing or forced resignation of the companies’ respective CISOs. Whether all these removals were fair is up for debate, but regardless, there’s a growing incentive for.

CISO 111
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Default static key in ThingsBoard IoT platform can give attackers admin access

CSO Magazine

Developers of ThingsBoard, an open-source platform for managing IoT devices that's used in various industry sectors, have fixed a vulnerability that could allow attackers to escalate their privileges on a server and send requests with administrative privileges. The vulnerability, tracked as CVE-2023-26462, was discovered and privately reported by researchers from IBM Security X-Force.

IoT 112
article thumbnail

Neosec at RSA Cybersecurity Conference 2023

Security Boulevard

Neosec is headed to RSA! This year we are excited to continue to grow Stronger Together , collaborating with our peers in the cybersecurity space. When it comes to discovering and preventing hidden API abuse, place your trust in Neosec’s API Detection and Response solution. Here’s some ways you can connect with at the 2023 RSA cybersecurity conference: The post Neosec at RSA Cybersecurity Conference 2023 appeared first on Security Boulevard.

article thumbnail

Cyber threat intelligence programs: Still crazy after all these years

CSO Magazine

When I asked CISOs about their cyber threat intelligence (CTI) programs about five years ago, I got two distinct responses. Large, well-resourced enterprises were investing their threat intelligence programs with the goal of better operationalizing it for tactical, operational, and strategic purposes. Smaller, resource-constrained and SMB organizations often recognized the value of threat intelligence, but didn’t have the staff, skills, or budgets for investment.

article thumbnail

Don’t Trust the Security of the Software Supply Chain

Security Boulevard

Now more than ever, organizations are relying on the supply chain for basic business operations. According to Charlie Jones, director of product management with ReversingLabs, there are two reasons for this: The global trend of digitalization and the rapid move to remote work during the pandemic. What those trends did was increase the reliance enterprise.

Software 111
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Cleaning up your social media and passwords: What to trash and what to treasure

We Live Security

Give your social media presence a good spring scrubbing, audit your passwords and other easy ways to bring order to your digital chaos The post Cleaning up your social media and passwords: What to trash and what to treasure appeared first on WeLiveSecurity

Media 108
article thumbnail

Risky Business: Creating a People-First Cybersecurity Business

Security Boulevard

The world of professional security services is often portrayed as one lone cyber-warrior, wearing a hoodie, in a basement, head down, frantically typing away to beat the hacker to the jump. But really, information security is a team sport. The post Risky Business: Creating a People-First Cybersecurity Business appeared first on Security Boulevard.

article thumbnail

Steer clear of tax scams – Week in security with Tony Anscombe

We Live Security

In a rush to file your taxes? Watch out for cybercriminals preying on stressed taxpayers as Tax Day looms large on the horizon.

Scams 108
article thumbnail

2022 Cybersecurity Annual Earnings Recap (Part 2)

Security Boulevard

Part 2 of a series analyzing annual earnings announcements, including Qualys, Rapid7, and Tenable. The post 2022 Cybersecurity Annual Earnings Recap (Part 2) appeared first on Security Boulevard.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

What Is Scareware and How to Prevent It?

Heimadal Security

Are you one of those people who get easily scared by pop-up ads and warning messages on your computer? If so, then beware! You might be falling for a common cybercrime tactic known as scareware. Scareware is a type of malware that relies on a social engineering tactic: it tricks users into believing their system […] The post What Is Scareware and How to Prevent It?

article thumbnail

Supply Chain Attacks and Critical Infrastructure: How CISA Helps Secure a Nation's Crown Jewels

The Hacker News

Critical infrastructure attacks are a preferred target for cyber criminals. Here's why and what's being done to protect them. What is Critical Infrastructure and Why is It Attacked? Critical infrastructure is the physical and digital assets, systems and networks that are vital to national security, the economy, public health, or safety. It can be government- or privately-owned.

article thumbnail

Microsoft: Windows 10 21H2 is reaching end of service in June

Bleeping Computer

Microsoft reminded customers today that multiple editions of Windows 10, version 21H2, will reach the end-of-service (EOS) in two months, on June 13, 2023. [.

98
article thumbnail

Phishers migrate to Telegram

Security Affairs

Experts warn that Telegram is becoming a privileged platform for phishers that use it to automate their activities and for providing various services. Kaspersky researchers have published an analysis of phishers’ Telegram channels used to promote their services and products. The experts pointed out that crooks engaged in phishing activities have started to rely on the popular instant messaging platform more in recent months.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

New tool allows you to opt out of Facebook's targeted advertising

Malwarebytes

After Meta (Facebook and Instagram) switched the legal basis for targeting advertising from automatic consent to opt-out, privacy watchdog noyb has built a tool for users to opt out of targeted advertising and various other claims made by Meta in an easy and legally sound way. After losing several cases where privacy-focused organizations claimed that Meta was in violation of GDPR regulations, Meta changed the legal basis to process certain first party data in Europe from “Contractual Nece

article thumbnail

Uber Data Exposed After Law Firm's Breach

SecureWorld News

Uber has suffered yet another data breach after a third-party law firm's servers were attacked. The law firm, Genova Burns, which provides legal counsel to Uber, has notified an unknown number of its drivers that sensitive data has been exposed and stolen due to a cyberattack. The ongoing investigation suspects that the hackers accessed Genova Burns' systems through a phishing attack and that confidential information belonging to drivers, such as their Social Security and tax identification numb

article thumbnail

Visitors of tax return e-file service may have downloaded malware

Malwarebytes

The IRS-authorized electronic filing service for tax returns, eFile.com, has been caught serving a couple of malicious JavaScript (JS) files these past few weeks, according to several security researchers and corroborated by BleepingComputer. Note this security incident only concerns eFile.com, not the IRS' e-file infrastructure and other similar-sounding domains.

article thumbnail

OCR Labs exposes its systems, jeopardizing major banking clients

Security Affairs

A digital identification tool provided by OCR Labs to major banks and government agencies leaked sensitive credentials, putting clients at severe risk. London-based OCR Labs is a major provider of digital ID verification tools. Its services are used by companies and financial institutions including BMW, Vodafone, the Australian government, Westpac, ANZ, HSBC, and Virgin Money.

Banking 98
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!