Schneier on Security
APRIL 26, 2023
There’s good reason to fear that A.I. systems like ChatGPT and GPT4 will harm democracy. Public debate may be overwhelmed by industrial quantities of autogenerated argument. People might fall down political rabbit holes, taken in by superficially convincing b t, or obsessed by folies à deux relationships with machine personalities that don’t really exist.
Tech Republic Security
APRIL 26, 2023
IBM said the new cybersecurity platform is a unified interface that streamlines analyst response across the full attack lifecycle and includes AI and automation capabilities shown to speed alert triage by 55%. The post IBM launches QRadar Security Suite for accelerated threat detection and response appeared first on TechRepublic.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
We Live Security
APRIL 26, 2023
ESET Research uncovers a campaign by the APT group known as Evasive Panda targeting an international NGO in China with malware delivered through updates of popular Chinese software The post Evasive Panda APT group delivers malware via updates for popular Chinese software appeared first on WeLiveSecurity
Tech Republic Security
APRIL 26, 2023
This recent survey reveals the top 10 companies seeking cybersecurity professionals; the list includes Deloitte, VMware and IBM. The post Find high-paying cybersecurity and IT support jobs in these U.S. cities appeared first on TechRepublic.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Naked Security
APRIL 26, 2023
You waited 13 years for this feature in Google Authenticator. Now researchers are advising you to wait a while longer, just in case.
The Hacker News
APRIL 26, 2023
The advanced persistent threat (APT) group referred to as Evasive Panda has been observed targeting an international non-governmental organization (NGO) in Mainland China with malware delivered via update channels of legitimate applications like Tencent QQ.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
CyberSecurity Insiders
APRIL 26, 2023
By Tanya Freedland , VP of Human Resources and Talent Acquisition, Identiv Currently there are 1 million cybersecurity workers in the U.S. , yet there are still upwards of 700,000 positions in the field that need to be filled immediately. As the number of job openings in cybersecurity continues to multiply, cyber attacks are growing at an exponential rate, putting the infrastructure of the entire world at risk.
Security Boulevard
APRIL 26, 2023
Software-defined WAN (SD-WAN) is a type of networking technology that allows companies to connect their networks over a wide area using software-defined networking (SDN) principles. SD-WAN uses software to abstract the underlying network hardware and protocols, enabling companies to easily and dynamically control the way that data is transmitted over their wide area network (WAN).
Heimadal Security
APRIL 26, 2023
Alaska Railroad Corporation reported a data breach incident that occurred in December 2022 and they discovered it on March 18th, 2023. According to ARCC, a third party gained unauthorized access to the internal network system. Further on, threat actors accessed and exfiltrated sensitive data of vendors, current and former employees, and their dependents.
Bleeping Computer
APRIL 26, 2023
Hackers are deploying new Linux malware variants in cyberespionage attacks, such as a new PingPull variant and a previously undocumented backdoor tracked as 'Sword2033.' [.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Boulevard
APRIL 26, 2023
There just aren’t enough cyber security professionals out there to meet the demand for their skills. The estimated personnel shortfall […] The post Which ‘Soft Skills’ Are Important When Hiring Your Cyber Security Team? appeared first on Security Boulevard.
CSO Magazine
APRIL 26, 2023
By now, most of the industry has realized we’re seeing a shift from the legacy perimeter-based security model to an identity-centric approach to cybersecurity. If defenders haven’t realized this, malicious actors certainly have, with 80% of web application attacks utilizing stolen credentials and 40% of breaches that don’t involve insider threats and user error involving stolen credentials, according to sources such as the 2022 Verizon Data Breach Investigation Report.
The Hacker News
APRIL 26, 2023
The browser serves as the primary interface between the on-premises environment, the cloud, and the web in the modern enterprise. Therefore, the browser is also exposed to multiple types of cyber threats and operational risks. In light of this significant challenge, how are CISOs responding?
CSO Magazine
APRIL 26, 2023
A cyberespionage group believed to be associated with the Iranian government has been infecting Microsoft Exchange Servers with a new malware implant dubbed BellaCiao that acts as a dropper for additional payloads. The malware uses DNS queries to receive commands from attackers encoded into IP addresses. According to researchers from Bitdefender , the attackers appear to customize their attacks for each particular victim including the malware binary, which contains hardcoded information such as
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
We Live Security
APRIL 26, 2023
As all things (wrongly called) AI take the world’s biggest security event by storm, we round up of some of their most-touted use cases and applications The post RSA Conference 2023 – How AI will infiltrate the world appeared first on WeLiveSecurity
Heimadal Security
APRIL 26, 2023
Researchers discovered a new kind of side-channel attack that affects several versions of Intel CPUs and enables data exfiltration. Attackers could leak the data through the EFLAGS register. The discovery was made by researchers at Tsinghua University, the University of Maryland, and a computer lab run by the Chinese Ministry of Education. How Is the […] The post New Type of Side-Channel Attack Impacts Intel CPUs and Allows Data Leakage appeared first on Heimdal Security Blog.
Dark Reading
APRIL 26, 2023
Researchers find that the encryption of a user's 2FA secrets are stripped after transportation to the cloud.
Security Boulevard
APRIL 26, 2023
At the RSA Conference 2023 event, Uptycs today revealed it has extended the reach of its cloud-native application protection platform (CNAPP) to include the ability to collect log data from DevOps workflows to surface suspicious behavior. Sudarsan Kannan, director of product management for Uptycs, said the company’s namesake CNAPP can now analyze log data to.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
The Hacker News
APRIL 26, 2023
The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution. The vulnerability, tracked as CVE-2023-27524 (CVSS score: 8.9), impacts versions up to and including 2.0.
CSO Magazine
APRIL 26, 2023
Iranian state-sponsored threat actor, Educated Manticore, has been observed deploying an updated version of Windows backdoor PowerLess to target Israel for phishing attacks, according to a new report by Check Point. Researchers have also linked Educated Maticore hackers to APT Phosphorus, which operates in the Middle East and North America.
CyberSecurity Insiders
APRIL 26, 2023
F-Secure has made an official announcement that it is going to acquire the mobile security business of Lookout, and the deal might be completed by June of this year. Although the financial terms are yet to be disclosed on an official note, unconfirmed sources state that the deal is to be valued at $224 million, all in cash. Lookout, which established itself in business in 2009, offers Mobile Endpoint Security solutions with millions of users and hundreds of millions in funding.
The Hacker News
APRIL 26, 2023
VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution. The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Bleeping Computer
APRIL 26, 2023
Microsoft is rolling out Phone Link for iOS to all Windows 11 and iPhone users, with the rollout expected to complete by mid-May. [.
The Hacker News
APRIL 26, 2023
The prolific Iranian nation-state group known as Charming Kitten is actively targeting multiple victims in the U.S., Europe, the Middle East and India with a novel malware dubbed BellaCiao, adding to its ever-expanding list of custom tools.
WIRED Threat Level
APRIL 26, 2023
The legislation would insert the government into online platforms' age-verification efforts—a move that makes some US lawmakers queasy.
Bleeping Computer
APRIL 26, 2023
Microsoft has fixed a known issue triggering Windows Security warnings that Local Security Authority (LSA) Protection is off by removing the feature's UI from settings. [.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Malwarebytes
APRIL 26, 2023
Research by computer scientists associated with the Université du Québec in Canada has found that ChatGPT, OpenAI's popular chatbot, is prone to generating insecure code. " How Secure is Code Generated by ChatGPT? " is the work of Raphaël Khoury, Anderson Avila, Jacob Brunelle, and Baba Mamadou Camara. The paper concludes that ChatGPT generates code that isn't robust, despite claiming awareness of its vulnerabilities.
Security Affairs
APRIL 26, 2023
China-linked threat actor tracked as Alloy Taurus is using a Linux variant of the PingPull backdoor and a new tool dubbed Sword2033. Researchers from Palo Alto Networks Unit 42 recently observed the China-linked Alloy Taurus group (aka GALLIUM , Softcell ) targeting Linux systems with a new variant of PingPull backdoor. While investigating the activity of the group, the researchers also identified a previously undocumented backdoor used by the threat actor and tracked as Sword2033.
The Hacker News
APRIL 26, 2023
The Chinese nation-state group dubbed Alloy Taurus is using a Linux variant of a backdoor called PingPull as well as a new undocumented tool codenamed Sword2033. That's according to findings from Palo Alto Networks Unit 42, which discovered recent malicious cyber activity carried out by the group targeting South Africa and Nepal.
Security Affairs
APRIL 26, 2023
German government warns that technology to regulate power consumption in Huawei network appliances could be used for sabotage purposes. In March, the interior ministry announced it was conducting an audit on the network appliance from Chinese telecoms giants Huawei and ZTE. German lawmakers were briefed on the probe by the German Interior Ministry, the federal intelligence service, and the German cybersecurity agency in a classified hearing at the Bundestag’s digital committee in early A
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
304 
Let's personalize your content