Schneier on Security

MAY 8, 2023

At DEF CON this year, Anthropic, Google, Hugging Face, Microsoft, NVIDIA, OpenAI and Stability AI will all open up their models for attack. The DEF CON event will rely on an evaluation platform developed by Scale AI, a California company that produces training for AI applications. Participants will be given laptops to use to attack the models. Any bugs discovered will be disclosed using industry-standard responsible disclosure practices.

Hacking 227

Hacking Artificial Intelligence 227

The Last Watchdog

MAY 8, 2023

There is no doubt there is a constant and growing concern amongst CEO’s, and particularly CISO’s, concerning the hiring of the cybersecurity talent their organizations require to safeguard against cyberattacks. According to Cybersecurity Ventures, by 2025 there will exist a gap of over 3.5 million unfilled cybersecurity positions. Moreover, of the current worldwide workforce, surveys conducted by PwC have shown that there is only a 38 percent ‘availability of key skills ’, considering the new an

Cybersecurity 233

Cybersecurity InfoSec Cyber Attacks Media 233

Security Boulevard

MAY 8, 2023

Clock Ticking for U.S. Ban: FT’s Cristina Criddle claims ByteDance spied on her—because she wrote damaging stories about TikTok. The post Knives Out for TikTok as Journo Reveals her Spy Story appeared first on Security Boulevard.

Social Engineering 144

Social Engineering Spyware Security Awareness Engineering 144

Bleeping Computer

MAY 8, 2023

As QR codes continue to be heavily used by legitimate organizations—from Super Bowl advertisements to enforcing parking fees and fines, scammers have crept in to abuse the very technology for their nefarious purposes. A woman in Singapore reportedly lost $20,000 after using a QR code to fill out a "survey" at a bubble tea shop. [.

Advertising 141

Advertising Technology 141

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

MAY 8, 2023

Learn one of the most effective ways to secure your Mac’s data within seconds. The post How to secure your Mac’s data via Full Disk Access settings appeared first on TechRepublic.

Software 128

Software Mobile Cybersecurity 128

Bleeping Computer

MAY 8, 2023

Microsoft has started enforcing number matching in Microsoft Authenticator push notifications to fend off multi-factor authentication (MFA) fatigue attacks. [.

Authentication 143

Authentication 143

Bleeping Computer

MAY 8, 2023

Intel is investigating the leak of alleged private keys used by the Intel BootGuard security feature, potentially impacting its ability to block the installation of malicious UEFI firmware on MSI devices. [.

Firmware 135

Firmware 135

Security Boulevard

MAY 8, 2023

Not all cybersecurity breaches get reported. A new report from Bitdefender found that although IT leaders have an obligation to report attacks, over 42% of them have been told to keep quiet when a breach should have been reported. Shockingly, in the U.S., this number rises to 70.7%. IT leaders may have reasons to keep. The post 70% of US IT Leaders Told Not to Disclose Data Breaches appeared first on Security Boulevard.

Data breaches 125

Data breaches Cybersecurity CISO Security Awareness 125

Bleeping Computer

MAY 8, 2023

The U.S. Justice Department announced today the seizure of 13 more domains linked to DDoS-for-hire platforms, also known as 'booter' or 'stressor' services. [.

DDOS 135

DDOS 135

CSO Magazine

MAY 8, 2023

A cybercriminal group has been compromising enterprise networks for the past two months and has been deploying a new ransomware program that researchers dubbed CACTUS. In the attacks seen so far the attackers gained access by exploiting known vulnerabilities in VPN appliances, moved laterally to other systems, and deployed legitimate remote monitoring and management (RMM) tools to achieve persistence on the network.

Ransomware 121

Ransomware VPN Cyber threats Encryption 121

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CyberSecurity Insiders

MAY 8, 2023

Tesla CEO Elon Musk has predicted that computers and intelligent machines will eventually replace manual labor, resulting in humans losing their jobs to AI technology. While adopting automation and AI can boost productivity and economic growth, it will also result in job loss for millions who may need to switch occupations or upgrade their skills to make a living.

Artificial Intelligence 115

Artificial Intelligence Technology Retail Manufacturing 115

Security Boulevard

MAY 8, 2023

Our modern digital world has proven that the current way of managing identity in cyberspace needs to change. If your digital identity is compromised by your activity online, it’s a safe bet that it is already being controlled by conglomerates. With the push of a button or an automated algorithm, digital identities can be compromised. The post Decentralized Identity: Gaining Security and Trust for Digital Identities appeared first on Security Boulevard.

Security Awareness 113

Security Awareness Risk Government Cybersecurity 113

Quick Heal Antivirus

MAY 8, 2023

In the world of cybercrime, the tactics used by threat actors are constantly evolving, but upon close analysis. The post BEWARE: Fake Applications are Disguised as Legitimate Ones appeared first on Quick Heal Blog.

Cybercrime 112

Cybercrime Antivirus Banking 112

Security Boulevard

MAY 8, 2023

There is no doubt there is a constant and growing concern amongst CEO’s, and particularly CISO’s, concerning the hiring of the cybersecurity talent their organizations require to safeguard against cyberattacks. According to Cybersecurity Ventures, by 2025 there will exist a … (more…) The post GUEST ESSAY: How to close the skills gap by dipping into hidden pools of cybersecurity talent appeared first on Security Boulevard.

Cybersecurity 109

Cybersecurity Security Awareness 109

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CSO Magazine

MAY 8, 2023

Attackers love to find weak spots in our domains and networks. Too often, they can enter systems to lie in wait and launch attacks at a later time. A case in point is the infamous SolarWinds software attack , which infected up to nine US agencies and many organizations with backdoors into their infrastructure. Recent investigations show that the Department of Justice may have been aware of the potential for a breach months before it happened.

Software 106

Software 106

Bleeping Computer

MAY 8, 2023

Microsoft says Iranian state-backed hackers have joined the ongoing assault targeting vulnerable PaperCut MF/NG print management servers. [.

Hacking 117

Hacking 117

CyberSecurity Insiders

MAY 8, 2023

Dubai / May 1st 2023 / Cyberpress — Cybersecurity gets a new dedicated newswire. Cyberpress , a press release distribution platform for the cybersecurity industry, has opened its doors today. This newswire service provides an effective communications approach for cybersecurity companies, public relations agencies and marketing advisors, investment firms operating in the space and more.

Cybersecurity 101

Cybersecurity B2C B2B Marketing 101

Approachable Cyber Threats

MAY 8, 2023

Category News, Vulnerabilities Risk Level CISA orders federal agencies to patch exploited vulnerabilities affecting multiple Apple devices. In mid-April, the Cybersecurity and Infrastructure Agency (CISA) ordered federal agencies to patch two vulnerabilities actively being exploited on iOS, iPadOS, and macOS devices. The vulnerabilities were also added to CISA’s Known Exploited Vulnerabilities catalog as of April 10th.

Risk 98

Risk Cybersecurity Software 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

CyberSecurity Insiders

MAY 8, 2023

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. As technology advances, phishing attempts are becoming more sophisticated. It can be challenging for employees to recognize an email is malicious when it looks normal, so it’s up to their company to properly train workers in prevention and detection.

Phishing 99

Phishing Artificial Intelligence Data breaches Passwords 99

The Hacker News

MAY 8, 2023

Cybersecurity researchers have shed light on a new ransomware strain called CACTUS that has been found to leverage known flaws in VPN appliances to obtain initial access to targeted networks.

VPN 99

VPN Ransomware Accountability Cybersecurity 99

Security Boulevard

MAY 8, 2023

In today’s fast-paced and data-driven world, businesses are constantly striving to stay ahead of the competition, and thus, data-driven decision-making has become a critical tool. Read More The post Data-driven decision-making: How to use data analytics to drive business decisions appeared first on ISHIR | Software Development India. The post Data-driven decision-making: How to use data analytics to drive business decisions appeared first on Security Boulevard.

Software 98

Software 98

The Hacker News

MAY 8, 2023

The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company's private code signing keys on their dark website. "Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem," Alex Matrosov, founder and CEO of firmware security firm Binarly, said in a tweet over the weekend.

Data breaches 99

Data breaches Firmware Ransomware 99

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

MAY 8, 2023

Denise Ahrens, Andrea Jaime, Annia Rodriguez of Synopsys Software Integrity Group named to CRN’s 2023 Women of the Channel Awards list. The post CRN’s 2023 Women of the Channel Awards list appeared first on Security Boulevard.

Software 98

Software Network Security 98

CSO Magazine

MAY 8, 2023

Thanks to an inclusion in the omnibus spending package passed by Congress in December, the FDA has new authority to establish medical device security requirements for manufacturers. The Protecting and Transforming Cyber Healthcare (Patch) Act has been praised by healthcare organizations. The ability of cyber-attackers to access a healthcare provider's network environment through security gaps or vulnerabilities is increasing.

Healthcare 97

Healthcare Manufacturing Cyber Attacks Internet 97

Security Boulevard

MAY 8, 2023

CVE-2023-25828 vulnerability; history, mitigation analysis, and everything you need to know about the remote code execution (RCE) vulnerability in Pluck CMS. Summary CVE-2023-25828, tracked in the Black Duck KnowledgeBase™ as BDSA-2023-0370, is an authenticated remote code execution vulnerability in Pluck CMS. Pluck is a PHP-based content management system (CMS) used to set up and manage websites.

Authentication 96

Authentication Software Cybersecurity 96

Security Affairs

MAY 8, 2023

Ukraine’s CERT-UA warns of an ongoing phishing campaign aimed at distributing the SmokeLoader malware in the form of a polyglot file. CERT-UA warns of an ongoing phishing campaign that is distributing the SmokeLoader malware in the form of a polyglot file. Threat actors are using emails sent from compromised accounts with the subject “bill/payment” with an attachment in the form of a ZIP archive.

Malware 96

Malware Phishing VPN Accountability 96

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Heimadal Security

MAY 8, 2023

Even the most inexperienced computer user knows about the dangers that lurk on the Internet – one slip of the click can turn your machine into a (very) expensive paperweight. The only way to stay safe while doing some online surfing is to buy or try out a cybersecurity product: antivirus, antimalware, email security suits, […] The post Cyber Threat Hunting Techniques & Methodologies appeared first on Heimdal Security Blog.

Cyber threats 94

Cyber threats Antivirus Internet Internet 94

Malwarebytes

MAY 8, 2023

On April 7, 2023 MSI (Micro-Star International) released a statement confirming a cyberattack on part of its information systems. While the statement does not reveal a lot of tangible information, this snippet is important: “MSI urges users to obtain firmware/BIOS updates only from its official website, and not to use files from sources other than the official website.” As we mentioned in our May ransomware review , Taiwanese PC parts maker MSI fell victim to ransomware gang Money Me

Firmware 93

Firmware Ransomware Backups Malware 93

SecureWorld News

MAY 8, 2023

Google recently announced the latest addition to its Career Certificates program: an entry-level cybersecurity certificate. The six-month course is designed to teach learners how to identify common risks, threats, and vulnerabilities, as well as the techniques to mitigate them. Google's cybersecurity experts will teach the course, which aims to prepare learners for entry-level jobs in cybersecurity with no prior experience required.

Cybersecurity 92

Cybersecurity CISO Risk Government 92

Thales Cloud Protection & Licensing

MAY 8, 2023

Thales 2023 Data Threat Report: Sovereignty, Transformation, and Global Challenges madhav Tue, 05/09/2023 - 05:30 Despite the economic and geopolitical instability in 2022, enterprises continued to invest in their operations and digital transformation. Organizations balanced security and privacy risks with opportunities opened by new technologies and business models.

Threat Reports 87

Threat Reports Digital transformation Data breaches Encryption 87

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.