Schneier on Security
JULY 19, 2023
Gandalf is an interactive LLM game where the goal is to get the chatbot to reveal its password. There are eight levels of difficulty, as the chatbot gets increasingly restrictive instructions as to how it will answer. It’s a great teaching tool. I am stuck on Level 7. Feel free to give hints and discuss strategy in the comments below. I probably won’t look at them until I’ve cracked the last level.
Tech Republic Security
JULY 19, 2023
Make all of your computers and devices safer regardless of operating system with this VPN Unlimited: Lifetime Subscription for just $69.99.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
JULY 19, 2023
Cyber Police Department of the National Police of Ukraine dismantled another massive bot farm linked to more than 100 individuals after searches at almost two dozen locations. [.
Tech Republic Security
JULY 19, 2023
The research firm outlines when the average organization should expect a technology to deliver the benefits necessary to justify continued investment.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Boulevard
JULY 19, 2023
PCI-DSS 4.0 was released in early 2022 with a two-year transition period to allow organizations time to learn about and implement it. Are you ready for the transition? The post PCI-DSS 4.0 is Here. What Does it Mean for Online Retailers? appeared first on Security Boulevard.
We Live Security
JULY 19, 2023
Why is kids’ personal information in high demand, how do criminals steal it, and what can parents do to help prevent child identity theft? The post Child identity theft: how do I keep my kids’ personal data safe?
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
TrustArc
JULY 19, 2023
Is a EU-US Data Privacy Framework verification right for your business? Obtaining a certification enables your business to transfer personal data from the EU to the US. The post Why Your Business Needs an EU-US Data Privacy Framework Verification appeared first on TrustArc Privacy Blog.
Security Boulevard
JULY 19, 2023
European cousins Intellexa and Cytrox essentially banned by Commerce Dept. — Predator/ALIEN not welcome in U.S. The post Biden Admin. Adds ‘Mercenary Spyware’ Firms to Ban List appeared first on Security Boulevard.
Bleeping Computer
JULY 19, 2023
Microsoft is expanding access to additional cloud logging data for customers worldwide at no additional cost, allowing easier detection of breached networks and accounts. [.
Security Boulevard
JULY 19, 2023
A threat actor that goes by the name of “La_Citrix” inadvertently infected his own computer. Cyberthreat research firm sent his information on to law enforcement. The post Attacker ID’ed After Infecting Own Computer With Malware appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Malwarebytes
JULY 19, 2023
A document accidentally uploaded to Google’s VirusTotal service has resulted in the potential exposure of defence and intelligence agency names and email addresses. The service, used to scan files for signs of potential malicious activity, is used by security professionals and folks just interested in the files making their way to their systems.
Security Boulevard
JULY 19, 2023
Every now and then, a security team uncovers something only the Internet Engineering Task Force (IETF) can fully explain. During a review of network activity, our team noted unusual outbound web traffic from our network. Our investigation took us from checking a simple IPv6 address to researching the IETF’s Request for Comments. What we found along the way demonstrates why monitoring for anomalous IP addresses is important for every organization.
The Hacker News
JULY 19, 2023
On April 5, 2023, the FBI and Dutch National Police announced the takedown of Genesis Market, one of the largest dark web marketplaces. The operation, dubbed "Operation Cookie Monster," resulted in the arrest of 119 people and the seizure of over $1M in cryptocurrency. You can read the FBI's warrant here for details specific to this case.
Security Boulevard
JULY 19, 2023
Distributed DDoS attacks are becoming increasingly sophisticated and complex, making an already-expanding threat landscape even more challenging. The post An ‘Alarming Escalation’ of Sophistication in DDoS Attacks, Cloudflare Says appeared first on Security Boulevard.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
JULY 19, 2023
Citrix is warning customers of an actively exploited critical vulnerability in NetScaler Application Delivery Controller (ADC) and Gateway. Citrix is warning customers of a critical vulnerability, tracked as CVE-2023-3519 (CVSS score: 9.8), in NetScaler Application Delivery Controller (ADC) and Gateway that is being actively exploited in the wild.
Security Boulevard
JULY 19, 2023
PingSafe today emerged from stealth to launch a cloud-native application protection platform (CNAPP) based on an engine that both detects vulnerabilities that cybercriminals might potentially exploit and enables cybersecurity teams to simulate cyberattacks. Fresh from raising $3.3 million in seed funding, PingSafe CEO Anand Prakash said the Offensive Security Engine provides cybersecurity teams with the.
Heimadal Security
JULY 19, 2023
Citrix urged customers to patch NetScaler ADC and Gateway products after discovering a critical-severity zero-day vulnerability. The flaw was dubbed CVE-2023-3519, ranked 9.8 on the CVSS, and was observed exploited in the wild. The company released updated versions of the affected products and alerted its customers to patch immediately. What`s at Risk Researchers announced that […] The post Zero-Day Alert!
Security Boulevard
JULY 19, 2023
We are proud to share that our Unified API Protection platform has been honored as a gold winner in the 18th Annual 2023 Globee® Awards for Information Technology in Application Programming Interfaces (API) Management, Full Life Cycle API Management, and IT Solutions for Retail categories. These esteemed global awards celebrate outstanding achievements in information technology […] The post Cequence Security’s Unified API Protection Solution Wins Three 2023 Globee<sup>®</sup> Awa
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
JULY 19, 2023
Microsoft and the Ukraine CERT warn of new attacks by the Russian state-sponsored Turla hacking group, targeting the defense industry and Microsoft Exchange servers with a new 'DeliveryCheck' malware backdoor. [.
Security Boulevard
JULY 19, 2023
By Lord Jonathan Evans Former Director General of the British Security Service and Advisory Board Member, HolistiCyber As we pass the midpoint of a year awash with complex geopolitical and cybersecurity challenges, we should reflect on the current intersection of these realms and the implications for private organisations. In this article, I will explore the […] The post Assessing the Current State of Geopolitics and Cybersecurity appeared first on HolistiCyber.
Bleeping Computer
JULY 19, 2023
FBI warns of a surge in tech support scams targeting the elderly across the United States and urging victims to dispatch cash concealed within magazines or similar items through shipping firms. [.
Security Boulevard
JULY 19, 2023
Current LLM-based tech like ChatGPT can accurately classify malware risk in only 5% of cases—and they may never be able to recognize novel approaches used to create malware. The post ChatGPT Provides Limited Help Identifying Malware appeared first on Security Boulevard.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Malwarebytes
JULY 19, 2023
Footage from technology used to monitor Amazon delivery drivers is leaking onto the internet. AI-enabled equipment which keeps an eye on the drivers’ speed, location, and other activities is part of the growing trend of workplace surveillance. In theory where drivers are concerned it could flag a lack of seat belt, or running red lights. In practice the drivers aren’t too keen and insist that the companies using this tech can trust them without having a camera in their face all day l
Security Boulevard
JULY 19, 2023
Russia’s war strategy increasingly involves cybersecurity, with the country expected to ramp up attacks on critical infrastructure in Ukraine and countries that are members of NATO, according to Switzerland’s Federal Intelligence Service (FIS). “The war in Ukraine represents a threat with partially global implications for critical infrastructure.
Bleeping Computer
JULY 19, 2023
WhatsApp, the globally renowned messaging app, unexpectedly went offline today, leaving its vast user base unable to send or receive messages. [.
Security Boulevard
JULY 19, 2023
We all love a good deal, right? And what's better than free? Would you like to get the last version of Microsoft Office or Adobe Photoshop? And what about some games like Age of Empires IV or Sniper Elite 4? All for free! Well, in this case it comes with a hefty hidden price tag. We're talking about malware, and one sneaky culprit in particular: HotRat.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
JULY 19, 2023
U.S. cybersecurity and intelligence agencies have released a set of recommendations to address security concerns with 5G standalone network slicing and harden them against possible threats.
Security Boulevard
JULY 19, 2023
API security is a pressing concern for industries undergoing digital transformation, and none more so than financial services and insurance. To shed light on their unique challenges, Salt undertook and today released its first industry-specific report on API security: the 2023 “State of API Security for Financial Services and Insurance.” Given their early adoption of digitalization, we wanted to learn how API threats and vulnerabilities specifically impact these sectors and how they differ from
SecureList
JULY 19, 2023
On March 14, 2023, Microsoft published a blogpost describing an Outlook Client Elevation of Privilege Vulnerability (CVSS: 9.8 CRITICAL). The publication generated a lot of activity among white, grey and black hat researchers, as well as lots of publications and tweets about the vulnerability and its exploitation. Below, we will highlight the key points and then focus on the initial use of this vulnerability by attackers before it became public.
The Hacker News
JULY 19, 2023
Attack surfaces are growing faster than security teams can keep up. To stay ahead, you need to know what's exposed and where attackers are most likely to strike. With cloud migration dramatically increasing the number of internal and external targets, prioritizing threats and managing your attack surface from an attacker's perspective has never been more important.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
192 
Let's personalize your content