Fri.Jun 07, 2024

article thumbnail

Security and Human Behavior (SHB) 2024

Schneier on Security

This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security. The fifty or so attendees include psychologists, economists, computer security researchers, criminologists, sociologists, political scientists, designers, lawyers, philosophers, anthropologists, geo

article thumbnail

OpenAI, Anthropic Research Reveals More About How LLMs Affect Security and Bias

Tech Republic Security

Anthropic opened a window into the ‘black box’ where ‘features’ steer a large language model’s output. OpenAI dug into the same concept two weeks later with a deep dive into sparse autoencoders.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Justice Department Took Down the 911 S5 Botnet

Schneier on Security

The US Justice Department has dismantled an enormous botnet: According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide. These devices were associated with more than 19 million unique IP addresses, including 613,841 IP addresses located in the United States.

article thumbnail

Microsoft Will Switch Off Recall by Default After Security Backlash

WIRED Threat Level

After weeks of withering criticism and exposed security flaws, Microsoft has vastly scaled back its ambitions for Recall, its AI-enabled silent recording feature, and added new privacy features.

Hacking 137
article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

Microsoft makes Windows Recall opt-in, secures data with Windows Hello

Bleeping Computer

Following massive customer pushback after it announced the new AI-powered Recall for Copilot+ PCs last month, Microsoft says it will update the feature to be more secure and require customers to opt in to enable it. [.

135
135
article thumbnail

CVE-2024-5480 (CVSS 10): Critical RCE Vulnerability in PyTorch Distributed RPC Framework

Penetration Testing

A critical vulnerability (CVE-2024-5480) has been discovered in PyTorch’s distributed RPC (Remote Procedure Call) framework, exposing machine learning models and sensitive data to potential remote code execution (RCE) attacks. This flaw, identified by security... The post CVE-2024-5480 (CVSS 10): Critical RCE Vulnerability in PyTorch Distributed RPC Framework appeared first on Cybersecurity News.

More Trending

article thumbnail

SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform

Security Affairs

SolarWinds addressed multiple vulnerabilities in Serv-U and the SolarWinds Platform, including a bug reported by a pentester working with NATO. SolarWinds announced security patches to address multiple high-severity vulnerabilities in Serv-U and the SolarWinds Platform. The vulnerabilities affect Platform 2024.1 SR 1 and previous versions. One of the vulnerabilities addressed by the company, tracked as CVE-2024-28996, was reported by a penetration tester working with NATO.

Hacking 120
article thumbnail

Apple to unveil new 'Passwords' password manager app for iPhones, Macs

Bleeping Computer

Apple will reportedly unveil a standalone password manager named 'Passwords' as part of iOS 18, iPadOS 18, and macOS 15 during the upcoming Apple Worldwide Developers Conference. [.

article thumbnail

FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims

The Hacker News

The U.S. Federal Bureau of Investigation (FBI) has disclosed that it's in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost. "We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.

article thumbnail

Frontier warns 750,000 of a data breach after extortion threats

Bleeping Computer

Frontier Communications is warning 750,000 customers that their information was exposed in a data breach after an April cyberattack claimed by the RansomHub ransomware operation. [.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

CDW Survey Surfaces Cybersecurity Tool Sprawl Challenges

Security Boulevard

Stress? What stress? 43% of IT professionals report that their organization had experienced a security breach that caused downtime and cost $1-10 million. The post CDW Survey Surfaces Cybersecurity Tool Sprawl Challenges appeared first on Security Boulevard.

article thumbnail

5 Ways to Strengthen the Weak Link in Cybersecurity

IT Security Guru

In the current era, proactive cybersecurity steps are essential to upholding a strong cybersecurity stance. A vital investment worth considering is a vulnerability management platform, also known as an exposure management platform, which can enhance preventive cybersecurity measures for businesses of various scales. Below, we will delve into five ways a vulnerability management platform can enhance the cybersecurity defense of your digital environment.

article thumbnail

Google will start deleting location history

Malwarebytes

Google announced that it will reduce the amount of personal data it is storing by automatically deleting old data from “Timeline”—the feature that, previously named “Location History,” tracks user routes and trips based on a phone’s location, allowing people to revisit all the places they’ve been in the past. In an email, Google told users that they will have until December 1, 2024 to save all travels to their mobile devices before the company starts deleting old da

article thumbnail

Everything You Need to Know About Cross-Site Scripting 

IT Security Guru

Cross-Site Scripting (XSS) is a sneaky security flaw that lets attackers inject malicious code into seemingly harmless websites. In this article, let’s dive deep into the world of XSS, exploring its different forms, the kind of damage it can cause, and how to spot it. What Is Cross-Site Scripting? Imagine a hacker sneaking hidden code onto a trusted website.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

LightSpy Spyware's macOS Variant Found with Advanced Surveillance Capabilities

The Hacker News

Cybersecurity researchers have disclosed that the LightSpy spyware allegedly targeting Apple iOS users is in fact a previously undocumented macOS variant of the implant.

Spyware 115
article thumbnail

Pandabuy was extorted twice by the same threat actor

Security Affairs

Chinese shopping platform Pandabuy previously paid a ransom demand to an extortion group that extorted the company again this week. The story of the attack against the Chinese shopping platform Pandabuy demonstrates that paying a ransom to an extortion group is risky to the victims. BleepingComputer first reported that Pandabuy had previously paid a ransom to an extortion group to prevent stolen data from being published, but the same threat actor extorted the company again this week.

article thumbnail

Microsoft Revamps Controversial AI-Powered Recall Feature Amid Privacy Concerns

The Hacker News

Microsoft on Friday said it will disable its much-criticized artificial intelligence (AI)-powered Recall feature by default and make it an opt-in.

article thumbnail

Chinese threat actor exploits old ThinkPHP flaws since October 2023

Security Affairs

Akamai observed a Chinese-speaking group exploiting two flaws, tracked as CVE-2018-20062 and CVE-2019-9082, in ThinkPHP applications. Akamai researchers observed a Chinese threat actor exploiting two old remote code execution vulnerabilities, tracked as CVE-2018-20062 and CVE-2019-9082 , in ThinkPHP. The campaign seems to have been active since at least October 2023, it initially targeted a limited number of customers/organizations but recently became widespread.

Passwords 109
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

The AI Debate: Google's Guidelines, Meta's GDPR Dispute, Microsoft's Recall Backlash

The Hacker News

Google is urging third-party Android app developers to incorporate generative artificial intelligence (GenAI) features in a responsible manner. The new guidance from the search and advertising giant is an effort to combat problematic content, including sexual content and hate speech, created through such tools.

article thumbnail

Friday Five: AI in Cybercrime, the Ongoing Battle Against Ransomware, & More

Digital Guardian

While this past week brought good and bad news in the world of ransomware, agencies and lawmakers are fighting to keep up with evolving cybercrime trends. Catch up on these stories and more in this week's Friday Five.

article thumbnail

LastPass says 12-hour outage caused by bad Chrome extension update

Bleeping Computer

LastPass says its almost 12-hour outage yesterday was caused by a bad update to its Google Chrome extension. [.

131
131
article thumbnail

Security, the cloud, and AI: building powerful outcomes while simplifying your experience

Cisco Security

Read how Cisco Security Cloud Control prioritizes consolidation of tools and simplification of security policy without compromising your defense. Read how Cisco Security Cloud Control prioritizes consolidation of tools and simplification of security policy without compromising your defense.

105
105
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Christie's starts notifying clients of RansomHub data breach

Bleeping Computer

British auction house Christie's is notifying individuals whose data was stolen by the RansomHub ransomware gang in a recent network breach.

article thumbnail

Ultimate Cyber Hygiene Guide: Learn How to Simplify Your Security Efforts

The Hacker News

2023 was a year of unprecedented cyberattacks. Ransomware crippled businesses, DDoS attacks disrupted critical services, and data breaches exposed millions of sensitive records. The cost of these attacks? Astronomical. The damage to reputations? Irreparable. But here's the shocking truth: many of these attacks could have been prevented with basic cyber hygiene.

DDOS 98
article thumbnail

16-year-old arrested in France in connection with high-profile Epsilon hacking group attacks

Graham Cluley

A 16-year-old youth has been arrested in France on suspicion of having run a malware-for-rent business. The unnamed Frenchman, who goes by online handles including "ChatNoir" and "Casquette", is said to be a key member of the Epsilon hacking group, which has in the recent past stolen millions of records from hackd firms. Read more in my article on the Hot for Security blog.

Hacking 98
article thumbnail

Frontier warns 750,000 of a data breach after extortion threats

Bleeping Computer

Frontier Communications is warning 750,000 customers that their information was exposed in a data breach after an April cyberattack claimed by the RansomHub ransomware operation. [.

article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

Cyber Landscape is Evolving - So Should Your SCA

The Hacker News

Traditional SCAs Are Broken: Did You Know You Are Missing Critical Pieces? Application Security professionals face enormous challenges securing their software supply chains, racing against time to beat the attacker to the mark. Software Composition Analysis (SCA) tools have become a basic instrument in the application security arsenal in the last 7 years.

article thumbnail

LockBit Victim? Ask FBI for Your Ransomware Key

Security Boulevard

Spy warez: Assistant director of the FBI’s Cyber Division Bryan Vorndran (pictured) might have the key to unscramble your files. The post LockBit Victim? Ask FBI for Your Ransomware Key appeared first on Security Boulevard.

article thumbnail

Beware of Fake KMSPico Activators: A Gateway for Vidar Stealer Malware

Penetration Testing

A recent investigation by eSentire’s Threat Response Unit (TRU) has unveiled a sophisticated attack campaign utilizing counterfeit KMSPico activators to deliver the notorious Vidar Stealer malware. This discovery serves as a stark reminder of... The post Beware of Fake KMSPico Activators: A Gateway for Vidar Stealer Malware appeared first on Cybersecurity News.

Malware 87
article thumbnail

SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign

The Hacker News

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync.

Malware 81
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?