Schneier on Security

JANUARY 18, 2023

Launched just weeks ago, ChatGPT is already threatening to upend how we draft everyday communications like emails , college essays and myriad other forms of writing. Created by the company OpenAI, ChatGPT is a chatbot that can automatically respond to written prompts in a manner that is sometimes eerily close to human. But for all the consternation over the potential for humans to be replaced by machines in formats like poetry and sitcom scripts, a far greater threat looms: artificial intelligen

Artificial Intelligence 350

Artificial Intelligence Media Government Advertising 350

Tech Republic Security

JANUARY 18, 2023

The volume of cloud-based malware tripled in 2022 over the prior year, says Netskope, with 30% of the malicious downloads coming from Microsoft OneDrive. The post Rise of cloud-delivered malware poses key security challenges appeared first on TechRepublic.

Malware 211

Malware Cybersecurity 211

Cisco Security

JANUARY 18, 2023

When the Internet Engineering Task Force (IETF) announced the TLS 1.3 standard in RFC 8446 in August 2018, plenty of tools and utilities were already supporting it (even as early as the year prior, some web browsers had implemented it as their default standard, only having to roll it back due to compatibility issues. Needless to say, the rollout was not perfect).

Encryption 145

Encryption Engineering Technology Firewall 145

Tech Republic Security

JANUARY 18, 2023

This report shows cybercriminals need only a couple days to access your full corporate network and exfiltrate its data. Read on to learn more. The post Threat attackers can own your data in just two days appeared first on TechRepublic.

Cybercrime 183

Cybercrime Malware Cybersecurity 183

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Dark Reading

JANUARY 18, 2023

The powerful AI bot can produce malware without malicious code, making it tough to mitigate.

Malware 143

Malware 143

Tech Republic Security

JANUARY 18, 2023

All company communication needs may vary but certain standard template messages can come in handy for IT staff to keep employees up to date on “need to know” informational bulletins. These bulletins may be one-off or regularly scheduled communications to help raise awareness about your technology processes, accepted procedures and best practices or to explain.

Technology 166

Technology 166

Tech Republic Security

JANUARY 18, 2023

With a CyberTraining 365 Online Academy: Lifetime Subscription, you’ll learn to create and maintain effective, up-to-date security measures. The post Get lifetime access to award-winning cybersecurity training for just $80 appeared first on TechRepublic.

Cybersecurity 153

Cybersecurity 153

CyberSecurity Insiders

JANUARY 18, 2023

Many of you get confused with terms cybersecurity and Information Security and think that both these words are same and synonymous. However, in reality, both these terms are different and confused with one another. Cybersecurity is one of the significant business function that focuses on protecting IT infrastructure such as data, applications, communication infrastructure and network.

Information Security 136

Information Security Cybersecurity DDOS Data breaches 136

Bleeping Computer

JANUARY 18, 2023

Email marketing firm MailChimp suffered another breach after hackers accessed an internal customer support and account administration tool, allowing the threat actors to access the data of 133 customers. [.].

Hacking 135

Hacking Marketing Accountability 135

CyberSecurity Insiders

JANUARY 18, 2023

CloudSEK has developed a new app called BeVigil that can help search malicious apps downloaded on a mobile phone and collect data on what permissions and data they were accessing and processing. All these days, smart phone users were downloading apps available on the app store and were using it, knowing nothing about their genuineness in their operations and trust.

Engineering 132

Engineering Artificial Intelligence Mobile Internet 132

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

The Hacker News

JANUARY 18, 2023

Popular email marketing and newsletter service Mailchimp has disclosed yet another security breach that enabled threat actors to access an internal support and account admin tool to obtain information about 133 customers.

Social Engineering 125

Social Engineering Marketing Engineering Accountability 125

Dark Reading

JANUARY 18, 2023

Layoffs intended to cut costs, help company shift its focus on cybersecurity services, Sophos says.

Cybersecurity 119

Cybersecurity 119

CyberSecurity Insiders

JANUARY 18, 2023

Microsoft, in association with Fortinet and other partners, is working on mapping cyber crime activities and attain responses to cyber threats on public and private entities. The program was developed in the year 2019 and after a long pause, the service of crafting the service was resumed at the end of last year. The mapping will be called as Cybercrime Atlas and arrangements are being made to host it at the World Economic Forum(WEF) in the next 18-20 months.

Cybercrime 114

Cybercrime Cyber threats Cyber Attacks Government 114

Security Boulevard

JANUARY 18, 2023

Reading Time: 6 minutes “Cloud keeps growing, and it is capturing an ever-larger share of information technology spending,” remarked Lee Sustar from Forrester Inc. “Big banks and other companies aren’t simply migrating existing data and software from private data centers to the cloud. Increasingly, they are looking to cloud companies for unique tools and capabilities, especially when it comes […].

Banking 111

Banking Technology Software CISO 111

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

WIRED Threat Level

JANUARY 18, 2023

Animal rights activists have captured the first hidden-camera video from inside a carbon dioxide “stunning chamber” in a US meatpacking plant.

110

110

Security Boulevard

JANUARY 18, 2023

The post GitHub Copilot’s ML ‘Code Brushes’: Ready for a Bob Ross ‘happy little accident’? appeared first on Security Boulevard.

Software 111

Software 111

Duo's Security Blog

JANUARY 18, 2023

Multi-Factor Authentication (MFA) is a security tool used by various organizations to protect user credentials, or the username and password. MFA has been recommended, or required, by governments and has grown in popularity as a measure to quickly add a layer of security, especially if credentials are compromised as part of a phishing attack. However, MFA has been in the news recently as attackers are finding new and creative ways to get around it.

Authentication 110

Authentication Phishing Threat Detection Mobile 110

Security Boulevard

JANUARY 18, 2023

With the creation and mass adoption of Chat-GPT, AI – inspired topics have been thrust to the forefront of everyday conversation. GPT (Generative Pre-training Transformer) is…. The post What does Chat-GPT Imply for Brand Impersonation? Q&A with Dr. Salvatore Stolfo appeared first on Security Boulevard.

Cybercrime 110

Cybercrime 110

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Dark Reading

JANUARY 18, 2023

People are working harder than ever, but they're not happy about it — and the insider threat is all too real.

Cybersecurity 108

Cybersecurity 108

Heimadal Security

JANUARY 18, 2023

Cyber researchers discovered last year that four of Microsoft Azure`s Services had security issues that made them vulnerable to server-side request forgery (SSRF) attacks. Two of the vulnerabilities did not request authentication, so threat actors had the opportunity to exploit them without even having an Azure account. As soon as researchers flagged Azure API Management, […].

Authentication 105

Authentication Accountability Cybersecurity 105

Dark Reading

JANUARY 18, 2023

Threat actors are diversifying across all aspects to attack critical infrastructure, muddying the threat landscape, and forcing industrial organizations to rethink their security.

Malware 108

Malware 108

Graham Cluley

JANUARY 18, 2023

Carole's in her sick bed, which leaves Graham in charge of the good ship "Smashing Security" as it navigates the choppy seas of credential stuffing and avoids the swirling waters of apps being sloppy with sensitive information. Find out more in this latest edition of the "Smashing Security" podcast, hosted by Graham Cluley with special guest BJ Mendelson.

Password Management 104

Password Management Data breaches Passwords 104

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Heimadal Security

JANUARY 18, 2023

As time passes, threat actors are getting sneakier in their efforts. Security researchers discovered that lately a lot of fake websites impersonating popular free and open-source software have started to pop up in the sponsored section on Google search results. Crypto Influencer Stripped of NFTs At least one well-known cryptocurrency user claims to have been […].

Software 103

Software Cryptocurrency Cybersecurity 103

SecureWorld News

JANUARY 18, 2023

The U.S. Department of Defense (DoD) is turning to the private sector to bolster its cyber defenses with the launch of the third iteration of its "Hack the Pentagon" bug bounty program. The program, first launched in 2016, aims to leverage the expertise of the private sector and commercial crowdsourcing best practices to enhance the information security of the DoD.

Hacking 102

Hacking Government Information Security Cybersecurity 102

The Hacker News

JANUARY 18, 2023

The threat actor known as BackdoorDiplomacy has been linked to a new wave of attacks targeting Iranian government entities between July and late December 2022.

Government 101

Government Malware 101

Bleeping Computer

JANUARY 18, 2023

Microsoft is investigating an issue causing the Windows taskbar and Start Menu to become unresponsive and triggering Outlook and Teams login problems. [.

99

99

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

JANUARY 18, 2023

Security vulnerabilities have been disclosed in Netcomm and TP-Link routers, some of which could be weaponized to achieve remote code execution. The flaws, tracked as CVE-2022-4873 and CVE-2022-4874, concern a case of stack-based buffer overflow and authentication bypass and impact Netcomm router models NF20MESH, NF20, and NL1902 running software versions earlier than R6B035.

Authentication 101

Authentication Software 101

Security Affairs

JANUARY 18, 2023

The maintainers of the Git source code version control system urge to update the software to fix two critical vulnerabilities. The maintainers of the Git source code version control system announced to have fixed a couple of critical vulnerabilities, tracked as CVE-2022-23521 and CVE-2022-41903 , in their software. The flaws were discovered as part of a security source code audit of the source code version control system sponsored by the OSTIF , which was performed by a team of security

Software 98

Software Hacking Information Security 98

The Hacker News

JANUARY 18, 2023

An ongoing campaign dubbed Earth Bogle is leveraging geopolitical-themed lures to deliver the NjRAT remote access trojan to victims across the Middle East and North Africa. "The threat actor uses public cloud storage services such as files[.]fm and failiem[.]lv to host malware, while compromised web servers distribute NjRAT," Trend Micro said in a report published Wednesday.

Phishing 99

Phishing Malware 99

Security Affairs

JANUARY 18, 2023

SSRF vulnerabilities in four Microsoft Azure services could be exploited to gain unauthorized access to cloud resources. Researchers at the security firm Orca discovered that four different Microsoft Azure services were vulnerable to server-side request forgery (SSRF) attacks. Threat actors could have exploited the flaws to gain unauthorized access to cloud resources.

Authentication 98

Authentication Hacking Accountability Risk 98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!