Schneier on Security

MAY 25, 2023

Interesting essay on the poisoning of LLMs—ChatGPT in particular: Given that we’ve known about model poisoning for years, and given the strong incentives the black-hat SEO crowd has to manipulate results, it’s entirely possible that bad actors have been poisoning ChatGPT for months. We don’t know because OpenAI doesn’t talk about their processes, how they validate the prompts they use for training, how they vet their training data set, or how they fine-tune ChatGPT.

Artificial Intelligence 243

Artificial Intelligence Hacking 243

Tech Republic Security

MAY 25, 2023

The GDPR, in effect for five years on May 25, has influenced the U.S. data privacy laws and is likely to exert itself when AI creates a new set of privacy challenges. The post Experts laud GDPR at five year milestone appeared first on TechRepublic.

Data privacy 180

Data privacy Big data 180

We Live Security

MAY 25, 2023

ESET researchers reveal details about a prevalent cryptor, operating as a cryptor-as-a-service used by tens of malware families The post Shedding light on AceCryptor and its operation appeared first on WeLiveSecurity

Malware 129

Malware 129

Tech Republic Security

MAY 25, 2023

Microsoft published specifics on the Volt Typhoon state-aligned China actor. Experts say raising awareness of threats is critical. The post Microsoft warns of Volt Typhoon, latest salvo in global cyberwar appeared first on TechRepublic.

Ransomware 179

Ransomware Malware Cybersecurity 179

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

MAY 25, 2023

Attackers are now using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts to steal Microsoft credentials in targeted phishing attacks designed to evade detection by email security gateways. [.

Encryption 123

Encryption Phishing Accountability 123

Tech Republic Security

MAY 25, 2023

Score nearly 70% off this essential cybersecurity certification bundle. The post Launch your cybersecurity career with this ethical hacking bundle appeared first on TechRepublic.

Hacking 144

Hacking Cybersecurity 144

Tech Republic Security

MAY 25, 2023

At its Sphere23 event in Finland, security company WithSecure unveiled offerings focused on collaboration, business goals and outcomes. The post WithSecure launches ‘outcome-based’ security at Sphere23 conference appeared first on TechRepublic.

Cybersecurity 111

Cybersecurity 111

Trend Micro

MAY 25, 2023

This is an analysis of Bandit Stealer, a new Go-based information-stealing malware capable of evading detection as it targets multiple browsers and cryptocurrency wallets.

Cryptocurrency 121

Cryptocurrency Malware Cyber threats 121

CyberSecurity Insiders

MAY 25, 2023

NVIDIA’s market value is set to soar to an impressive $1 trillion by the end of this year, driven by the rising demand for processors in the Artificial Intelligence (AI) technology sector. With sales reaching a record-breaking $11 billion and a remarkable premarket trading value surge of 29% in recent months, NVIDIA owes its success to the immense demand for silicon wafers in the computing market, particularly in the realm of machine learning.

Marketing 110

Marketing Artificial Intelligence Technology Cybersecurity 110

Bleeping Computer

MAY 25, 2023

Zyxel is warning customers of two critical-severity vulnerabilities in several of its firewall and VPN products that attackers could leverage without authentication. [.

Firewall 111

Firewall VPN Authentication 111

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Dark Reading

MAY 25, 2023

Ukraine's head of cybersecurity Victor Zhora says the world needs "efficient legal instruments to confront cyber terrorism.

Cybersecurity 131

Cybersecurity 131

Bleeping Computer

MAY 25, 2023

D-Link has fixed two critical-severity vulnerabilities in its D-View 8 network management suite that could allow remote attackers to bypass authentication and execute arbitrary code. [.

Software 106

Software Authentication 106

CyberSecurity Insiders

MAY 25, 2023

The impact of AI technology on our lives is a complex and multifaceted topic. It has the potential to bring both positive and negative changes, depending on how it is developed, implemented, and regulated. Here are some key considerations: Positive Impacts Increased Efficiency and Productivity: AI has the potential to automate repetitive tasks, allowing humans to focus on more complex and creative endeavors.

Technology 101

Technology Healthcare Risk Cybersecurity 101

Tech Republic Security

MAY 25, 2023

Business email compromise (BEC) is the most significant cybersecurity threat to enterprise organizations, with $2.7 billion lost in 2022 alone. This type of email attack occurs when a cybercriminal uses social engineering to impersonate a trusted contact—typically an executive, co-worker, vendor, or partner—in an effort to steal money or valuable information.

CISO 96

CISO Social Engineering Engineering Cybersecurity 96

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CyberSecurity Insiders

MAY 25, 2023

ChatGPT, the AI-based chatbot developed by Microsoft, can answer anything and everything. However, can you imagine that chatbot assistance is also being used to create malware and its various mutations? Threat Intelligence company ‘WithSecure’ has discovered this activity and raised a red alert immediately. Tim West, the head of WestSecure, believes that the creation of malware through artificial intelligence will increase challenges for defenders.

Malware 100

Malware Artificial Intelligence Software Media 100

Security Boulevard

MAY 25, 2023

Microsoft Teams recently made it into a top 10 list of most-targeted applications—and that should be a warning to security teams whose organizations use it. The app is one of the “most targeted sign-in applications, with nearly 40% of targeted organizations having at least one unauthorized login attempt trying to gain access,” researchers at Proofpoint.

Security Awareness 98

Security Awareness Cybersecurity Network Security 98

Bleeping Computer

MAY 25, 2023

Microsoft says some 32-bit applications are being impacted by recurring failures when saving and copying files across multiple Windows versions (especially when copying to network shares). [.

98

98

Security Boulevard

MAY 25, 2023

The United States and South Korea have crafted a “Strategic Cybersecurity Cooperation Framework.” The framework is part of recent bilateral accords intended to signal mutual adversaries and reaffirm the “ironclad commitment to what has become a global alliance focused on deepening defense and security ties.” North Korea’s cyberthreat shenanigans are one area of concern, as.

Cybersecurity 98

Cybersecurity Risk Government 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

PCI perspectives

MAY 25, 2023

Welcome Jscrambler, a new Principal Participating Organization (PPO) at the PCI Security Standards Council! In this special spotlight edition of our PCI Perspectives Blog, Jscrambler's CTO and co-founder Pedro Fortuna introduces us to his company and how they are helping to shape the future of payment security.

eCommerce 98

eCommerce 98

Bleeping Computer

MAY 25, 2023

Microsoft has released a new Windows 11 dev build that adds a long-awaited feature allowing users to ensure that all windows are shown as individual items in the taskbar. [.

98

98

Security Affairs

MAY 25, 2023

Zyxel fixed two critical flaws in multiple firewall and VPN products that can lead to remote code execution or cause a DoS condition. Zyxel addressed two critical buffer overflow vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010 , that affect several of its firewall and VPN products. A remote, unauthenticated attacker can can trigger the flaws to cause a denial-of-service (DoS) condition and remote code execution on vulnerable devices.

Firewall 96

Firewall VPN Authentication Hacking 96

The Hacker News

MAY 25, 2023

A stealthy China-based group managed to establish a persistent foothold into critical infrastructure organizations in the U.S. and Guam without being detected, Microsoft and the "Five Eyes" nations said on Wednesday. The tech giant's threat intelligence team is tracking the activity, which includes post-compromise credential access and network system discovery, under the name Volt Typhoon.

97

97

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Security Affairs

MAY 25, 2023

D-Link fixed two critical flaws in its D-View 8 network management suite that could lead to authentication bypass and arbitrary code execution. D-Link has addressed two critical vulnerabilities (CVSS score: 9.8) in its D-View 8 network management suite that could be exploited by remote attackers to bypass authentication and execute arbitrary code. The D-View network management suite allows customers to monitor performance, configure devices, and manage the network in an efficient way.

Firmware 95

Firmware Authentication Software Hacking 95

Tech Republic Security

MAY 25, 2023

Since its initial identification in 2013, business email compromise (BEC) has been dominated by executive impersonation. But over the past few years, attackers have adjusted their strategies—opting to impersonate third party vendors and suppliers instead. In January 2022, the number of attacks impersonating third parties surpassed those impersonating internal employees for the first time.

90

90

The Hacker News

MAY 25, 2023

Email protection and network security services provider Barracuda is warning users about a zero-day flaw that it said has been exploited to breach the company's Email Security Gateway (ESG) appliances. The zero-day is being tracked as CVE-2023-2868 and has been described as a remote code injection vulnerability affecting versions 5.1.3.001 through 9.2.0.006.

Network Security 95

Network Security 95

Dark Reading

MAY 25, 2023

Russian code that could tamper with industrial machines and toggle RTUs on and off was floating around VirusTotal for years before being noticed. It raises new questions about the state of OT security.

Malware 93

Malware 93

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

MAY 25, 2023

ChatGPT, the famous artificial intelligence chatbot that allows users to converse with various personalities and topics, has connectivity issues worldwide. [.

Artificial Intelligence 99

Artificial Intelligence Technology Software 99

The Hacker News

MAY 25, 2023

A new strain of malicious software that's engineered to penetrate and disrupt critical systems in industrial environments has been unearthed. Google-owned threat intelligence firm Mandiant dubbed the malware COSMICENERGY, adding it was uploaded to a public malware scanning utility in December 2021 by a submitter in Russia. There is no evidence that it has been put to use in the wild.

Malware 94

Malware Engineering Software 94

CSO Magazine

MAY 25, 2023

Inactive and non-maintained accounts pose significant security risks to users and businesses, with cybercriminals adept at using information stolen from forgotten or otherwise non-upheld accounts to exploit active accounts. That’s according to Okta’s first Customer Identity Trends Report which surveyed more than 20,000 consumers in 14 countries about their online experiences and attitudes towards digital security and identity.

Accountability 91

Accountability Risk Passwords 91

Tech Republic Security

MAY 25, 2023

As organizations have migrated to cloud-based infrastructure and office platforms like Microsoft 365 and Google Workspace, they’ve seen clear benefits: easier collaboration, greater agility, and lower costs and maintenance related to infrastructure. But for most organizations, the challenge of determining how to keep data protected and employees safe from attacks in a cloud-based environment remains.

87

87

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.