Wed.Jul 19, 2023

article thumbnail

MY TAKE: As network perimeters shift and ecosystems blend, the role of MSSPs solidifies

The Last Watchdog

Deepening interoperability of AI-infused systems – in our buildings, transportation grids, communications systems and medical equipment — portend amazing breakthroughs for humankind. Related: The coming of optical infrastructure But first businesses must come to grips with the quickening convergence of their internal and external computing resources.

CISO 244
article thumbnail

Practice Your Security Prompting Skills

Schneier on Security

Gandalf is an interactive LLM game where the goal is to get the chatbot to reveal its password. There are eight levels of difficulty, as the chatbot gets increasingly restrictive instructions as to how it will answer. It’s a great teaching tool. I am stuck on Level 7. Feel free to give hints and discuss strategy in the comments below. I probably won’t look at them until I’ve cracked the last level.

Passwords 236
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Get a Lifetime of Powerful VPN Protection for Your Business Data for Just $70

Tech Republic Security

Make all of your computers and devices safer regardless of operating system with this VPN Unlimited: Lifetime Subscription for just $69.99.

VPN 148
article thumbnail

Child identity theft: how do I keep my kids’ personal data safe?

We Live Security

Why is kids’ personal information in high demand, how do criminals steal it, and what can parents do to help prevent child identity theft? The post Child identity theft: how do I keep my kids’ personal data safe?

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

5 Deepfake Scams That Threaten Enterprises

Tech Republic Security

Forrester shines a light on the synthetic attacks that can cause organizations considerable headaches.

Scams 113
article thumbnail

Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability

SecureList

On March 14, 2023, Microsoft published a blogpost describing an Outlook Client Elevation of Privilege Vulnerability (CVSS: 9.8 CRITICAL). The publication generated a lot of activity among white, grey and black hat researchers, as well as lots of publications and tweets about the vulnerability and its exploitation. Below, we will highlight the key points and then focus on the initial use of this vulnerability by attackers before it became public.

LifeWorks

More Trending

article thumbnail

Accidental VirusTotal upload is a valuable reminder to double check what you share

Malwarebytes

A document accidentally uploaded to Google’s VirusTotal service has resulted in the potential exposure of defence and intelligence agency names and email addresses. The service, used to scan files for signs of potential malicious activity, is used by security professionals and folks just interested in the files making their way to their systems.

Risk 98
article thumbnail

PCI-DSS 4.0 is Here. What Does it Mean for Online Retailers?

Security Boulevard

PCI-DSS 4.0 was released in early 2022 with a two-year transition period to allow organizations time to learn about and implement it. Are you ready for the transition? The post PCI-DSS 4.0 is Here. What Does it Mean for Online Retailers? appeared first on Security Boulevard.

Retail 98
article thumbnail

Citrix warns of actively exploited zero-day in ADC and Gateway

Security Affairs

Citrix is warning customers of an actively exploited critical vulnerability in NetScaler Application Delivery Controller (ADC) and Gateway. Citrix is warning customers of a critical vulnerability, tracked as CVE-2023-3519 (CVSS score: 9.8), in NetScaler Application Delivery Controller (ADC) and Gateway that is being actively exploited in the wild.

VPN 98
article thumbnail

Exploring the Dark Side: OSINT Tools and Techniques for Unmasking Dark Web Operations

The Hacker News

On April 5, 2023, the FBI and Dutch National Police announced the takedown of Genesis Market, one of the largest dark web marketplaces. The operation, dubbed "Operation Cookie Monster," resulted in the arrest of 119 people and the seizure of over $1M in cryptocurrency. You can read the FBI's warrant here for details specific to this case.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Zero-Day Alert! Critical Flaw in Citrix ADC and Gateway Exploited in the Wild

Heimadal Security

Citrix urged customers to patch NetScaler ADC and Gateway products after discovering a critical-severity zero-day vulnerability. The flaw was dubbed CVE-2023-3519, ranked 9.8 on the CVSS, and was observed exploited in the wild. The company released updated versions of the affected products and alerted its customers to patch immediately. What`s at Risk Researchers announced that […] The post Zero-Day Alert!

Risk 98
article thumbnail

US Gov adds surveillance firms Cytrox and Intellexa to Entity List for trafficking in cyber exploits

Security Affairs

The U.S. government added surveillance technology vendors Cytrox and Intellexa to an economic blocklist for trafficking in cyber exploits. The Commerce Department’s Bureau of Industry and Security (BIS) added surveillance technology vendors Intellexa and Cytrox to the Entity List for trafficking in cyber exploits used to gain access to information systems.

article thumbnail

Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnarav – #251 – Enabler Team

Security Boulevard

via the respected Software Engineering expertise of Mikkel Noe-Nygaard as well as the lauded Software Engineering and Enterprise Agile Coaching talent of Luxshan Ratnara v at Comic Agilé ! Permalink The post Comic Agilé – Mikkel Noe-Nygaard, Luxshan Ratnarav – #251 – Enabler Team appeared first on Security Boulevard.

article thumbnail

Top API Security Tools 2023

eSecurity Planet

APIs (application programming interfaces) allow applications to communicate with each other, a critically important function in the digital age. Their importance also makes them an attractive target for cyber criminals — according to Akamai, API and application attacks tripled last year. API security tools help protect the integrity of APIs and keep them safe from common attack vectors like local file inclusion (LFI), cross-site scripting ( XSS ) and SQL injection (SQLi).

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Biden Admin. Adds ‘Mercenary Spyware’ Firms to Ban List

Security Boulevard

European cousins Intellexa and Cytrox essentially banned by Commerce Dept. — Predator/ALIEN not welcome in U.S. The post Biden Admin. Adds ‘Mercenary Spyware’ Firms to Ban List appeared first on Security Boulevard.

Spyware 98
article thumbnail

U.S. to Launch Cybersecurity Certification for Consumer IoT Devices

SecureWorld News

The White House and U.S. Federal Communications Commission (FCC) have unveiled a new cybersecurity certification and labeling program aimed at enhancing the security of connected devices. With the increasing prevalence of internet-connected devices and the rising concerns over cyber threats, this initiative seeks to provide American consumers with an easier way to evaluate the security of these devices.

IoT 98
article thumbnail

CISA and NSA Issue New Guidance to Strengthen 5G Network Slicing Against Threats

The Hacker News

U.S. cybersecurity and intelligence agencies have released a set of recommendations to address security concerns with 5G standalone network slicing and harden them against possible threats.

article thumbnail

Attacker ID’ed After Infecting Own Computer With Malware

Security Boulevard

A threat actor that goes by the name of “La_Citrix” inadvertently infected his own computer. Cyberthreat research firm sent his information on to law enforcement. The post Attacker ID’ed After Infecting Own Computer With Malware appeared first on Security Boulevard.

Malware 98
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Amazon in-van delivery driver footage makes its way online

Malwarebytes

Footage from technology used to monitor Amazon delivery drivers is leaking onto the internet. AI-enabled equipment which keeps an eye on the drivers’ speed, location, and other activities is part of the growing trend of workplace surveillance. In theory where drivers are concerned it could flag a lack of seat belt, or running red lights. In practice the drivers aren’t too keen and insist that the companies using this tech can trust them without having a camera in their face all day l

article thumbnail

How to Manage Your Attack Surface?

The Hacker News

Attack surfaces are growing faster than security teams can keep up. To stay ahead, you need to know what's exposed and where attackers are most likely to strike. With cloud migration dramatically increasing the number of internal and external targets, prioritizing threats and managing your attack surface from an attacker's perspective has never been more important.

article thumbnail

Employment Scammers Targeting University Students Amidst Layoffs

SecureWorld News

As the job market faces a wave of layoffs, threat actors have seized the opportunity to exploit vulnerable job hunters with employment scams. According to research and analysis by cybersecurity firm Proofpoint , employment scams have escalated, targeting university students in North America. These scams employ deceptive tactics, preying on students' aspirations for job opportunities in the healthcare, biosciences, and biotechnology sectors, among others.

Scams 98
article thumbnail

Chinese APT41 Hackers Target Mobile Devices with New WyrmSpy and DragonEgg Spyware

The Hacker News

The prolific China-linked nation-state actor known as APT41 has been linked to two previously undocumented strains of Android spyware called WyrmSpy and DragonEgg.

Spyware 98
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

‘::ffff’ only…Tips for identifying unusual network activity

Security Boulevard

Every now and then, a security team uncovers something only the Internet Engineering Task Force (IETF) can fully explain. During a review of network activity, our team noted unusual outbound web traffic from our network. Our investigation took us from checking a simple IPv6 address to researching the IETF’s Request for Comments. What we found along the way demonstrates why monitoring for anomalous IP addresses is important for every organization.

article thumbnail

Howl at the Moon with Wolf Gold Slot: An Animal-Themed Adventure on Dunder Casino

SecureBlitz

Are you ready to unleash your wild side and embark on an exhilarating animal-themed adventure? Look no further than the captivating Wolf Gold slot game available on Dunder Casino. With its stunning graphics, immersive gameplay, and the chance to win big, Wolf Gold is a howling success among online casino enthusiasts. In this article, we’ll […] The post Howl at the Moon with Wolf Gold Slot: An Animal-Themed Adventure on Dunder Casino appeared first on SecureBlitz Cybersecurity.

article thumbnail

An ‘Alarming Escalation’ of Sophistication in DDoS Attacks, Cloudflare Says

Security Boulevard

Distributed DDoS attacks are becoming increasingly sophisticated and complex, making an already-expanding threat landscape even more challenging. The post An ‘Alarming Escalation’ of Sophistication in DDoS Attacks, Cloudflare Says appeared first on Security Boulevard.

DDOS 98
article thumbnail

Why Your Business Needs an EU-US Data Privacy Framework Verification

TrustArc

Is a EU-US Data Privacy Framework verification right for your business? Obtaining a certification enables your business to transfer personal data from the EU to the US. The post Why Your Business Needs an EU-US Data Privacy Framework Verification appeared first on TrustArc Privacy Blog.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

PingSafe Emerges to Launch CNAPP That Simulates Cyberattacks

Security Boulevard

PingSafe today emerged from stealth to launch a cloud-native application protection platform (CNAPP) based on an engine that both detects vulnerabilities that cybercriminals might potentially exploit and enables cybersecurity teams to simulate cyberattacks. Fresh from raising $3.3 million in seed funding, PingSafe CEO Anand Prakash said the Offensive Security Engine provides cybersecurity teams with the.

article thumbnail

Google fixes "Bad.Build" Cloud Build flaw, researchers say it's not enough

Malwarebytes

Researchers at Orca Security have found a design flaw in the Google Cloud Build service. Attackers would have been able to gain Privilege Escalation resulting in unauthorized access to code repositories in Google’s Artifact Registry. The researchers dubbed the vulnerability Bad.Build and say it could have far reaching consequences comparable to supply chain attacks like those caused by exploitation of flaws in 3CX , MOVEit , and SolarWinds.

article thumbnail

Cequence Security’s Unified API Protection Solution Wins Three 2023 Globee® Awards

Security Boulevard

We are proud to share that our Unified API Protection platform has been honored as a gold winner in the 18th Annual 2023 Globee® Awards for Information Technology in Application Programming Interfaces (API) Management, Full Life Cycle API Management, and IT Solutions for Retail categories. These esteemed global awards celebrate outstanding achievements in information technology […] The post Cequence Security’s Unified API Protection Solution Wins Three 2023 Globee<sup>®</sup> Awa

Retail 98
article thumbnail

Microsoft expands access to cloud logging data for free after Exchange hacks

Bleeping Computer

Microsoft is expanding access to additional cloud logging data for customers worldwide at no additional cost, allowing easier detection of breached networks and accounts. [.

Hacking 97
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!