Schneier on Security

MAY 25, 2023

Interesting essay on the poisoning of LLMs—ChatGPT in particular: Given that we’ve known about model poisoning for years, and given the strong incentives the black-hat SEO crowd has to manipulate results, it’s entirely possible that bad actors have been poisoning ChatGPT for months. We don’t know because OpenAI doesn’t talk about their processes, how they validate the prompts they use for training, how they vet their training data set, or how they fine-tune ChatGPT.

Artificial Intelligence 281

Artificial Intelligence Hacking 281

Tech Republic Security

MAY 25, 2023

Microsoft published specifics on the Volt Typhoon state-aligned China actor. Experts say raising awareness of threats is critical. The post Microsoft warns of Volt Typhoon, latest salvo in global cyberwar appeared first on TechRepublic.

Ransomware 193

Ransomware Malware Cybersecurity 193

The Last Watchdog

MAY 25, 2023

The inadequacy of siloed security solutions is well-documented. Related: Taking a security-first path The good news is that next-gen security platforms designed to unify on-prem and cloud threat detection and remediation are, indeed, coalescing. At RSA Conference 2023 I visited with Elias Terman , CMO, and Sudarsan Kannan , Director of Product Management, from Uptycs , a Walthan, Mass.

Threat Detection 178

Threat Detection Internet Internet Technology 178

Tech Republic Security

MAY 25, 2023

The GDPR, in effect for five years on May 25, has influenced the U.S. data privacy laws and is likely to exert itself when AI creates a new set of privacy challenges. The post Experts laud GDPR at five year milestone appeared first on TechRepublic.

Data privacy 179

Data privacy Big data 179

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

Banking

Trend Micro

MAY 25, 2023

This is an analysis of Bandit Stealer, a new Go-based information-stealing malware capable of evading detection as it targets multiple browsers and cryptocurrency wallets.

Malware 129

Malware Cryptocurrency Cyber threats 129

Tech Republic Security

MAY 25, 2023

Score nearly 70% off this essential cybersecurity certification bundle. The post Launch your cybersecurity career with this ethical hacking bundle appeared first on TechRepublic.

Hacking 157

Hacking Cybersecurity 157

The Hacker News

MAY 25, 2023

A stealthy China-based group managed to establish a persistent foothold into critical infrastructure organizations in the U.S. and Guam without being detected, Microsoft and the "Five Eyes" nations said on Wednesday. The tech giant's threat intelligence team is tracking the activity, which includes post-compromise credential access and network system discovery, under the name Volt Typhoon.

124

124

Bleeping Computer

MAY 25, 2023

Attackers are now using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts to steal Microsoft credentials in targeted phishing attacks designed to evade detection by email security gateways. [.

Phishing 121

Phishing Encryption Accountability 121

Tech Republic Security

MAY 25, 2023

At its Sphere23 event in Finland, security company WithSecure unveiled offerings focused on collaboration, business goals and outcomes. The post WithSecure launches ‘outcome-based’ security at Sphere23 conference appeared first on TechRepublic.

Cybersecurity 108

Cybersecurity 108

Dark Reading

MAY 25, 2023

Ukraine's head of cybersecurity Victor Zhora says the world needs "efficient legal instruments to confront cyber terrorism.

Cybersecurity 144

Cybersecurity 144

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

Risk

The Hacker News

MAY 25, 2023

A new strain of malicious software that's engineered to penetrate and disrupt critical systems in industrial environments has been unearthed. Google-owned threat intelligence firm Mandiant dubbed the malware COSMICENERGY, adding it was uploaded to a public malware scanning utility in December 2021 by a submitter in Russia. There is no evidence that it has been put to use in the wild.

Malware 109

Malware Engineering Software 109

Dark Reading

MAY 25, 2023

Russian code that could tamper with industrial machines and toggle RTUs on and off was floating around VirusTotal for years before being noticed. It raises new questions about the state of OT security.

Malware 118

Malware 118

CyberSecurity Insiders

MAY 25, 2023

NVIDIA’s market value is set to soar to an impressive $1 trillion by the end of this year, driven by the rising demand for processors in the Artificial Intelligence (AI) technology sector. With sales reaching a record-breaking $11 billion and a remarkable premarket trading value surge of 29% in recent months, NVIDIA owes its success to the immense demand for silicon wafers in the computing market, particularly in the realm of machine learning.

Artificial Intelligence 107

Artificial Intelligence Marketing Cybersecurity Technology 107

Dark Reading

MAY 25, 2023

Researchers could access sensitive data and steal secrets by exploiting a vulnerability in GCP's security layer, eventually running rampant in the environment.

123

123

Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC

Communication is a core component of a resilient organization's risk management framework. However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. Storytelling is the ability to express ideas and convey messages to others, including stakeholders. When done effectively, it can help interpret complex risk environments for leaders and inform their decision-making.

Risk

Bleeping Computer

MAY 25, 2023

D-Link has fixed two critical-severity vulnerabilities in its D-View 8 network management suite that could allow remote attackers to bypass authentication and execute arbitrary code. [.

Software 105

Software Authentication 105

Dark Reading

MAY 25, 2023

The infamous North Korean APT group is using Log4Shell, the 3CX supply chain attack, and other known vectors to breach Microsoft Web servers.

126

126

Bleeping Computer

MAY 25, 2023

Zyxel is warning customers of two critical-severity vulnerabilities in several of its firewall and VPN products that attackers could leverage without authentication. [.

VPN 107

VPN Firewall Authentication 107

Dark Reading

MAY 25, 2023

Perception Point's 2023 Annual Report: Cybersecurity Trends & Insights' analyzes the most prevalent cyberattack trends amidst today's complex threat landscape, identifying an overall increase of 87% in the total number of attacks over the course of last year.

Phishing 106

Phishing Cybersecurity 106

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

Risk

The Hacker News

MAY 25, 2023

A new botnet called Dark Frost has been observed launching distributed denial-of-service (DDoS) attacks against the gaming industry. "The Dark Frost botnet, modeled after Gafgyt, QBot, Mirai, and other malware strains, has expanded to encompass hundreds of compromised devices," Akamai security researcher Allen West said in a new technical analysis shared with The Hacker News.

DDOS 102

DDOS Malware 102

CSO Magazine

MAY 25, 2023

Inactive and non-maintained accounts pose significant security risks to users and businesses, with cybercriminals adept at using information stolen from forgotten or otherwise non-upheld accounts to exploit active accounts. That’s according to Okta’s first Customer Identity Trends Report which surveyed more than 20,000 consumers in 14 countries about their online experiences and attitudes towards digital security and identity.

Accountability 104

Accountability Risk Passwords 104

The Hacker News

MAY 25, 2023

Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company's Email Security Gateway (ESG) appliances. The zero-day is being tracked as CVE-2023-2868 and has been described as a remote code injection vulnerability affecting versions 5.1.3.001 through 9.2.0.006.

Network Security 102

Network Security 102

CyberSecurity Insiders

MAY 25, 2023

The impact of AI technology on our lives is a complex and multifaceted topic. It has the potential to bring both positive and negative changes, depending on how it is developed, implemented, and regulated. Here are some key considerations: Positive Impacts Increased Efficiency and Productivity: AI has the potential to automate repetitive tasks, allowing humans to focus on more complex and creative endeavors.

Technology 99

Technology Cybersecurity Healthcare Risk 99

Speaker: Ryan McInerny, CAMS, FRM, MSBA - Principal, Product Strategy

Cryptocurrency and non-fungible tokens (NFTs) - what are they and why should you care? With 20% of Americans owning cryptocurrencies, speaking "fluent crypto" in the financial sector ensures you are prepared to discuss growth and risk management strategies when the topic arises. Join this exclusive webinar with Ryan McInerny to learn: Cryptocurrency asset market trends How to manage risk and compliance to serve customers safely Best practices for identifying crypto transactions and companies Rev

Cryptocurrency

The Hacker News

MAY 25, 2023

Zyxel has released software updates to address two critical security flaws affecting select firewall and VPN products that could be abused by remote attackers to achieve code execution. Both the flaws – CVE-2023-33009 and CVE-2023-33010 – are buffer overflow vulnerabilities and are rated 9.8 out of 10 on the CVSS scoring system.

VPN 101

VPN Firewall Software 101

We Live Security

MAY 25, 2023

ESET researchers reveal details about a prevalent cryptor, operating as a cryptor-as-a-service used by tens of malware families The post Shedding light on AceCryptor and its operation appeared first on WeLiveSecurity

Malware 101

Malware 101

CyberSecurity Insiders

MAY 25, 2023

ChatGPT, the AI-based chatbot developed by Microsoft, can answer anything and everything. However, can you imagine that chatbot assistance is also being used to create malware and its various mutations? Threat Intelligence company ‘WithSecure’ has discovered this activity and raised a red alert immediately. Tim West, the head of WestSecure, believes that the creation of malware through artificial intelligence will increase challenges for defenders.

Malware 99

Malware Artificial Intelligence Cybersecurity Software 99

Lenny Zeltser

MAY 25, 2023

Despite years of public shaming by security professionals , some SaaS vendors only offer Single Sign-On (SSO) in high-end "enterprise" product tiers. By withholding this capability from smaller organizations, they put customers' security at risk. Moreover, they base a pricing strategy on a weak signal and miss an opportunity to lower their own security risk.

Passwords 99

Passwords Authentication Risk Accountability 99

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.

Ransomware

Dark Reading

MAY 25, 2023

in the wake of the ex-Uber CISO verdict, CISOs ask for clearer rules and less uncertainty in managing disclosures, amid jail-time fears.

CISO 114

CISO 114

CSO Magazine

MAY 25, 2023

Cybersecurity professionals who need to track the latest vulnerability exploits now have a new tool designed to make their job easier, with the launch today of VulnCheck XDB, a database of exploits and proof of concepts hosted on Git repositories. The tool, from cyberthreat intelligence provider VulnCheck, is aimed at helping vulnerability researchers and security teams prioritize vulnerabilities based on the availability and criticality of new exploits that have been made public.

Cybersecurity 101

Cybersecurity Engineering 101

Security Boulevard

MAY 25, 2023

The United States and South Korea have crafted a “Strategic Cybersecurity Cooperation Framework.” The framework is part of recent bilateral accords intended to signal mutual adversaries and reaffirm the “ironclad commitment to what has become a global alliance focused on deepening defense and security ties.” North Korea’s cyberthreat shenanigans are one area of concern, as.

Cybersecurity 98

Cybersecurity Risk Government 98

Bleeping Computer

MAY 25, 2023

Microsoft says some 32-bit applications are being impacted by recurring failures when saving and copying files across multiple Windows versions (especially when copying to network shares). [.

98

98

Speaker: Alex Jiménez, Managing Principal, Financial Service Consulting for EPAM

Global economic conditions are soft at best. From a budget standpoint, US banks are feeling the pinch. Many US banks are bracing for increased defaults and lower demand for mortgages and other loans as interest rates have increased. The largest banks have increased reserves to protect against deteriorating economic conditions. Should banks delay their digital transformation investments and focus on cost reductions?

Digital transformation