Schneier on Security
SEPTEMBER 19, 2023
There are no reliable ways to distinguish text written by a human from text written by an large language model. OpenAI writes : Do AI detectors work? In short, no. While some (including OpenAI) have released tools that purport to detect AI-generated content, none of these have proven to reliably distinguish between AI-generated and human-generated content.
The Hacker News
SEPTEMBER 19, 2023
Microsoft on Monday said it took steps to correct a glaring security gaffe that led to the exposure of 38 terabytes of private data. The leak was discovered on the company's AI GitHub repository and is said to have been inadvertently made public when publishing a bucket of open-source training data, Wiz said.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Affairs
SEPTEMBER 19, 2023
Trend Micro addressed a zero-day code execution vulnerability (CVE-2023-41179) in Apex One that has been actively exploited in the wild. Trend Micro has released security updates to patch an actively exploited zero-day vulnerability, tracked as CVE-2023-41179, impacting endpoint security products, including Apex One, Apex One SaaS, and Worry-Free Business Security products.
Tech Republic Security
SEPTEMBER 19, 2023
Learn how to create and use a Docker secret from a file for secure storage of sensitive data with this step-by-step tutorial.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Malwarebytes
SEPTEMBER 19, 2023
The German police in cooperation with the US Secret Service have executed search warrants against suspected members of the DoppelPaymer ransomware group in Germany and Ukraine. In March of 2023, we reported how the German Regional Police and the Ukrainian National Police, with support from Europol, the Dutch Police, and the United States Federal Bureau of Investigations (FBI), apprehended two suspects and seized computer equipment.
Tech Republic Security
SEPTEMBER 19, 2023
Learn how to create and use a Docker secret from a file for secure storage of sensitive data with this step-by-step tutorial.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
SEPTEMBER 19, 2023
Organizations must frequently work with third parties to repair laptops, desktops, tablets, smartphones, servers and other IT equipment. This policy from TechRepublic Premium ensures that the organization maintains regulatory and best business practice security compliance while tracking systems when they are being repaired. From the policy: If IT equipment must be returned to the manufacturer.
Dark Reading
SEPTEMBER 19, 2023
MGM and Caesars are putting new SEC incident disclosure regulations to a real-world test in the aftermath of twin cyberattacks on the casinos, as class-action lawsuits loom.
Security Affairs
SEPTEMBER 19, 2023
ShroudedSnooper threat actors are targeting telecommunication service providers in the Middle East with a backdoor called HTTPSnoop. Cisco Talos researchers recently discovered a new stealthy implant dubbed HTTPSnoop that was employed in attacks against telecommunications providers in the Middle East. The HTTPSnoop backdoor supports novel techniques to interface with Windows HTTP kernel drivers and devices to listen to incoming requests for specific HTTP(S) URLs.
Dark Reading
SEPTEMBER 19, 2023
"SprySOCKS" melds features from multiple previously known badware and adds to the threat actor's growing malware arsenal, Trend Micro says.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
SEPTEMBER 19, 2023
The cyber attack that hit the cleaning products manufacturer Clorox in August is still affecting the supply of the products to customers. The Clorox Company is a multinational consumer goods company that specializes in the production and marketing of various household and professional cleaning, health, and personal care products. The cleaning product giant announced in mid-August it was the victim of a cybersecurity incident that forced it to take some systems offline “The Clorox Company has ide
Dark Reading
SEPTEMBER 19, 2023
Everyone's favorite pandemic-era brand is experiencing store shortages in the wake of a cyberattack that impacted its global production lines — and there's no timeline for normal operations to resume.
WIRED Threat Level
SEPTEMBER 19, 2023
Security researchers found USB-based Sogu espionage malware spreading within African operations of European and US firms.
Security Affairs
SEPTEMBER 19, 2023
China-linked threat actor Earth Lusca used a new Linux malware dubbed SprySOCKS in a recent cyber espionage campaign. Researchers from Trend Micro, while monitoring the activity of the China-linked threat actor Earth Lusca , discovered an encrypted file hosted on a server under the control of the group. Additional analysis led to the discovery of a previously unknown Linux backdoor tracked as SprySOCKS.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
The Hacker News
SEPTEMBER 19, 2023
New research has found that close to 12,000 internet-exposed Juniper firewall devices are vulnerable to a recently disclosed remote code execution flaw. VulnCheck, which discovered a new exploit for CVE-2023-36845, said it could be exploited by an "unauthenticated and remote attacker to execute arbitrary code on Juniper firewalls without creating a file on the system.
Dark Reading
SEPTEMBER 19, 2023
Pakistani threat group Transparent Tribe targets military and diplomatic personnel in India and Pakistan with romance-themed lures in the latest spyware campaign.
The Hacker News
SEPTEMBER 19, 2023
Cybersecurity company Trend Micro has released patches and hotfixes to address a critical security flaw in Apex One and Worry-Free Business Security solutions for Windows that has been actively exploited in real-world attacks. Tracked as CVE-2023-41179 (CVSS score: 9.1), it relates to a third-party antivirus uninstaller module that's bundled along with the software.
Dark Reading
SEPTEMBER 19, 2023
The threat cluster hasn't been seen before, but its custom Windows server backdoors have researchers intrigued thanks to their extremely effective stealth mechanisms.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
The Hacker News
SEPTEMBER 19, 2023
XWorm is a relatively new representative of the remote access trojan cohort that has already earned its spot among the most persistent threats across the globe. Since 2022, when it was first observed by researchers, it has undergone a number of major updates that have significantly enhanced its functionality and solidified its staying power. The analyst team at ANY.
Graham Cluley
SEPTEMBER 19, 2023
Graham Cluley Security News is sponsored this week by the folks at Expel. Thanks to the great team there for their support! Every quarter, the Expel security operations centre (SOC) publishes its Quarterly Threat Report (QTR) to distill all the trends, notable new behaviours, and unusual attacks it saw in the previous quarter. By sharing … Continue reading "The Expel Quarterly Threat Report distills the threats and trends the Expel SOC saw in Q2.
The Hacker News
SEPTEMBER 19, 2023
The China-linked threat actor known as Earth Lusca has been observed targeting government entities using a never-before-seen Linux backdoor called SprySOCKS. Earth Lusca was first documented by Trend Micro in January 2022, detailing the adversary's attacks against public and private sector entities across Asia, Australia, Europe, North America.
Dark Reading
SEPTEMBER 19, 2023
The critical vulnerability involves uninstalling third-party security products and has been used in cyberattacks.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
SEPTEMBER 19, 2023
Telecommunication service providers in the Middle East are the target of a new intrusion set dubbed ShroudedSnooper that employs a stealthy backdoor called HTTPSnoop.
Dark Reading
SEPTEMBER 19, 2023
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
Heimadal Security
SEPTEMBER 19, 2023
Microsoft researchers leaked 38TB of sensitive data to a public GitHub repository while training open-source AI learning models. The Microsoft data leakage occurred starting July 2020 and white hat hackers only discovered and reported it on June 22nd, 2023. Consequently, Microsoft issued an advisory claiming that: No customer data was exposed, and no other Microsoft […] The post Improper Usage of SAS Token Leads to Massive Microsoft Data Leakage appeared first on Heimdal Security Blog.
GlobalSign
SEPTEMBER 19, 2023
This blog will cover the key concepts and components of PKI, as well as the benefits, applications and best practices of PKI Management.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
SecureBlitz
SEPTEMBER 19, 2023
Here are 8 tips for First-Time CBD Users. So, you've decided to dive into the world of CBD? Brilliant! But wait a minute. Before you start buying those online, let's ensure you're well-equipped with all the essential knowledge. Here's our handy guide for those who are just beginning their journey with this wonderful herbal marvel. […] The post 8 Tips for First-Time CBD Users: Dosage, Formats, and More appeared first on SecureBlitz Cybersecurity.
The Hacker News
SEPTEMBER 19, 2023
As the adoption of generative AI tools, like ChatGPT, continues to surge, so does the risk of data exposure. According to Gartner’s "Emerging Tech: Top 4 Security Risks of GenAI" report, privacy and data security is one of the four major emerging risks within generative AI.
SecureBlitz
SEPTEMBER 19, 2023
In this post, we will show you online security tips for remote workers. In recent years, the global workforce has witnessed a significant shift towards remote work. While the initial motivation for this transition was the pandemic, remote work has become a long-term reality for many professionals. As remote work continues to evolve, ensuring online […] The post 20 Online Security Tips For Remote Workers appeared first on SecureBlitz Cybersecurity.
Dark Reading
SEPTEMBER 19, 2023
To protect their own and their customers' data, organizations are exploring different approaches to guard against unwanted effects of using AI.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
264 
Let's personalize your content