Schneier on Security

JUNE 7, 2024

This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security. The fifty or so attendees include psychologists, economists, computer security researchers, criminologists, sociologists, political scientists, designers, lawyers, philosophers, anthropologists, geo

Cybersecurity 244

Cybersecurity 244

Tech Republic Security

JUNE 7, 2024

Anthropic opened a window into the ‘black box’ where ‘features’ steer a large language model’s output. OpenAI dug into the same concept two weeks later with a deep dive into sparse autoencoders.

Artificial Intelligence 191

Artificial Intelligence Big data Cybersecurity 191

Schneier on Security

JUNE 7, 2024

The US Justice Department has dismantled an enormous botnet: According to an indictment unsealed on May 24, from 2014 through July 2022, Wang and others are alleged to have created and disseminated malware to compromise and amass a network of millions of residential Windows computers worldwide. These devices were associated with more than 19 million unique IP addresses, including 613,841 IP addresses located in the United States.

Government 219

Government Malware Cybercrime 219

WIRED Threat Level

JUNE 7, 2024

After weeks of withering criticism and exposed security flaws, Microsoft has vastly scaled back its ambitions for Recall, its AI-enabled silent recording feature, and added new privacy features.

Hacking 142

Hacking 142

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

Cyber Attacks

Bleeping Computer

JUNE 7, 2024

Following massive customer pushback after it announced the new AI-powered Recall for Copilot+ PCs last month, Microsoft says it will update the feature to be more secure and require customers to opt in to enable it. [.

135

135

Penetration Testing

JUNE 7, 2024

A critical vulnerability (CVE-2024-5480) has been discovered in PyTorch’s distributed RPC (Remote Procedure Call) framework, exposing machine learning models and sensitive data to potential remote code execution (RCE) attacks. This flaw, identified by security... The post CVE-2024-5480 (CVSS 10): Critical RCE Vulnerability in PyTorch Distributed RPC Framework appeared first on Cybersecurity News.

Cybersecurity 126

Cybersecurity Artificial Intelligence 126

The Hacker News

JUNE 7, 2024

The U.S. Federal Bureau of Investigation (FBI) has disclosed that it's in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost. "We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.

Ransomware 123

Ransomware Internet Internet 123

Bleeping Computer

JUNE 7, 2024

Apple will reportedly unveil a standalone password manager named 'Passwords' as part of iOS 18, iPadOS 18, and macOS 15 during the upcoming Apple Worldwide Developers Conference. [.

Password Management 124

Password Management Passwords 124

Malwarebytes

JUNE 7, 2024

Google announced that it will reduce the amount of personal data it is storing by automatically deleting old data from “Timeline”—the feature that, previously named “Location History,” tracks user routes and trips based on a phone’s location, allowing people to revisit all the places they’ve been in the past. In an email, Google told users that they will have until December 1, 2024 to save all travels to their mobile devices before the company starts deleting old da

Accountability 124

Accountability Surveillance VPN Mobile 124

Bleeping Computer

JUNE 7, 2024

Frontier Communications is warning 750,000 customers that their information was exposed in a data breach after an April cyberattack claimed by the RansomHub ransomware operation. [.

Data breaches 123

Data breaches Ransomware 123

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Hacker News

JUNE 7, 2024

Cybersecurity researchers have disclosed that the LightSpy spyware allegedly targeting Apple iOS users is in fact a previously undocumented macOS variant of the implant.

Spyware 126

Spyware Surveillance Malware Cybersecurity 126

Security Boulevard

JUNE 7, 2024

Stress? What stress? 43% of IT professionals report that their organization had experienced a security breach that caused downtime and cost $1-10 million. The post CDW Survey Surfaces Cybersecurity Tool Sprawl Challenges appeared first on Security Boulevard.

Cybersecurity 118

Cybersecurity 118

Security Affairs

JUNE 7, 2024

SolarWinds addressed multiple vulnerabilities in Serv-U and the SolarWinds Platform, including a bug reported by a pentester working with NATO. SolarWinds announced security patches to address multiple high-severity vulnerabilities in Serv-U and the SolarWinds Platform. The vulnerabilities affect Platform 2024.1 SR 1 and previous versions. One of the vulnerabilities addressed by the company, tracked as CVE-2024-28996, was reported by a penetration tester working with NATO.

Hacking 115

Hacking Information Security 115

The Hacker News

JUNE 7, 2024

Microsoft on Friday said it will disable its much-criticized artificial intelligence (AI)-powered Recall feature by default and make it an opt-in.

Artificial Intelligence 123

Artificial Intelligence 123

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

IT Security Guru

JUNE 7, 2024

In the current era, proactive cybersecurity steps are essential to upholding a strong cybersecurity stance. A vital investment worth considering is a vulnerability management platform, also known as an exposure management platform, which can enhance preventive cybersecurity measures for businesses of various scales. Below, we will delve into five ways a vulnerability management platform can enhance the cybersecurity defense of your digital environment.

Cybersecurity 110

Cybersecurity CISO Passwords Backups 110

The Hacker News

JUNE 7, 2024

Google is urging third-party Android app developers to incorporate generative artificial intelligence (GenAI) features in a responsible manner. The new guidance from the search and advertising giant is an effort to combat problematic content, including sexual content and hate speech, created through such tools.

Artificial Intelligence 110

Artificial Intelligence Advertising 110

Cisco Security

JUNE 7, 2024

Read how Cisco Security Cloud Control prioritizes consolidation of tools and simplification of security policy without compromising your defense. Read how Cisco Security Cloud Control prioritizes consolidation of tools and simplification of security policy without compromising your defense.

109

109

Security Affairs

JUNE 7, 2024

Chinese shopping platform Pandabuy previously paid a ransom demand to an extortion group that extorted the company again this week. The story of the attack against the Chinese shopping platform Pandabuy demonstrates that paying a ransom to an extortion group is risky to the victims. BleepingComputer first reported that Pandabuy had previously paid a ransom to an extortion group to prevent stolen data from being published, but the same threat actor extorted the company again this week.

Data breaches 107

Data breaches Cybercrime Hacking Information Security 107

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

IT Security Guru

JUNE 7, 2024

Cross-Site Scripting (XSS) is a sneaky security flaw that lets attackers inject malicious code into seemingly harmless websites. In this article, let’s dive deep into the world of XSS, exploring its different forms, the kind of damage it can cause, and how to spot it. What Is Cross-Site Scripting? Imagine a hacker sneaking hidden code onto a trusted website.

Identity Theft 106

Identity Theft Penetration Testing Accountability Risk 106

Digital Guardian

JUNE 7, 2024

While this past week brought good and bad news in the world of ransomware, agencies and lawmakers are fighting to keep up with evolving cybercrime trends. Catch up on these stories and more in this week's Friday Five.

Cybercrime 105

Cybercrime Ransomware 105

Bleeping Computer

JUNE 7, 2024

LastPass says its almost 12-hour outage yesterday was caused by a bad update to its Google Chrome extension. [.

131

131

Security Affairs

JUNE 7, 2024

Akamai observed a Chinese-speaking group exploiting two flaws, tracked as CVE-2018-20062 and CVE-2019-9082, in ThinkPHP applications. Akamai researchers observed a Chinese threat actor exploiting two old remote code execution vulnerabilities, tracked as CVE-2018-20062 and CVE-2019-9082 , in ThinkPHP. The campaign seems to have been active since at least October 2023, it initially targeted a limited number of customers/organizations but recently became widespread.

Passwords 104

Passwords Hacking Information Security 104

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

JUNE 7, 2024

2023 was a year of unprecedented cyberattacks. Ransomware crippled businesses, DDoS attacks disrupted critical services, and data breaches exposed millions of sensitive records. The cost of these attacks? Astronomical. The damage to reputations? Irreparable. But here's the shocking truth: many of these attacks could have been prevented with basic cyber hygiene.

DDOS 102

DDOS Data breaches Ransomware 102

Graham Cluley

JUNE 7, 2024

A 16-year-old youth has been arrested in France on suspicion of having run a malware-for-rent business. The unnamed Frenchman, who goes by online handles including "ChatNoir" and "Casquette", is said to be a key member of the Epsilon hacking group, which has in the recent past stolen millions of records from hackd firms. Read more in my article on the Hot for Security blog.

Hacking 102

Hacking Malware Data breaches 102

The Hacker News

JUNE 7, 2024

Traditional SCAs Are Broken: Did You Know You Are Missing Critical Pieces? Application Security professionals face enormous challenges securing their software supply chains, racing against time to beat the attacker to the mark. Software Composition Analysis (SCA) tools have become a basic instrument in the application security arsenal in the last 7 years.

Software 97

Software 97

Bleeping Computer

JUNE 7, 2024

British auction house Christie's is notifying individuals whose data was stolen by the RansomHub ransomware gang in a recent network breach.

Data breaches 103

Data breaches Ransomware 103

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Boulevard

JUNE 7, 2024

Spy warez: Assistant director of the FBI’s Cyber Division Bryan Vorndran (pictured) might have the key to unscramble your files. The post LockBit Victim? Ask FBI for Your Ransomware Key appeared first on Security Boulevard.

Ransomware 88

Ransomware Social Engineering Data privacy CISO 88

Bleeping Computer

JUNE 7, 2024

Frontier Communications is warning 750,000 customers that their information was exposed in a data breach after an April cyberattack claimed by the RansomHub ransomware operation. [.

Data breaches 93

Data breaches Ransomware 93

Penetration Testing

JUNE 7, 2024

A recent investigation by eSentire’s Threat Response Unit (TRU) has unveiled a sophisticated attack campaign utilizing counterfeit KMSPico activators to deliver the notorious Vidar Stealer malware. This discovery serves as a stark reminder of... The post Beware of Fake KMSPico Activators: A Gateway for Vidar Stealer Malware appeared first on Cybersecurity News.

Malware 88

Malware Cybersecurity 88

The Hacker News

JUNE 7, 2024

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync.

Malware 84

Malware Cyber Attacks 84

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity