Wed.Mar 29, 2023

article thumbnail

The Security Vulnerabilities of Message Interoperability

Schneier on Security

Jenny Blessing and Ross Anderson have evaluated the security of systems designed to allow the various Internet messaging platforms to interoperate with each other: The Digital Markets Act ruled that users on different platforms should be able to exchange messages with each other. This opens up a real Pandora’s box. How will the networks manage keys, authenticate users, and moderate content?

article thumbnail

Nexus Android malware targets 450 financial applications

Tech Republic Security

Learn how to protect your organization and users from this Android banking trojan. The post Nexus Android malware targets 450 financial applications appeared first on TechRepublic.

Malware 198
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Hackers compromise 3CX desktop app in a supply chain attack

Bleeping Computer

A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack. [.

Internet 145
article thumbnail

Skyhawk Security Taps Chat GPT to Augment Threat Detection

Security Boulevard

Skyhawk Security today revealed it is employing ChatGPT to add generative artificial intelligence (AI) capabilities to its cloud threat detection and response (CDR) platform at no extra charge. Skyhawk Security CEO Chen Burshan said in addition to providing textual explanations of the evolution of a security incident discovered by the company’s platform, ChatGPT also makes.

article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

QNAP warns customers to patch Linux Sudo flaw in NAS devices

Bleeping Computer

Taiwanese hardware vendor QNAP warns customers to secure their Linux-powered network-attached storage (NAS) devices against a high-severity Sudo privilege escalation vulnerability. [.

142
142
article thumbnail

How Good Smile, a Major Toy Company, Kept 4chan Online

WIRED Threat Level

Documents obtained by WIRED confirm that Good Smile, which licenses toy production for Disney, was an investor in the controversial image board.

Media 145

More Trending

article thumbnail

Pig butchering scams: The anatomy of a fast?growing threat

We Live Security

How fraudsters groom their marks and move in for the kill using tricks from the playbooks of romance and investment scammers The post Pig butchering scams: The anatomy of a fast‑growing threat appeared first on WeLiveSecurity

Scams 126
article thumbnail

Experts call for pause on AI training citing risks to humanity

Bleeping Computer

AI professors and developers have co-signed an open letter to artificial intelligence labs, calling them to pause the development and training of AI systems more powerful than GPT-4 for at least six months. [.

article thumbnail

Trojanized TOR Browser Installers Spreading Crypto-Stealing Clipper Malware

The Hacker News

Trojanized installers for the TOR anonymity browser are being used to target users in Russia and Eastern Europe with clipper malware designed to siphon cryptocurrencies since September 2022. "Clipboard injectors [.

Malware 123
article thumbnail

SafeMoon ‘burn’ bug abused to drain $8.9 million from liquidity pool

Bleeping Computer

The SafeMoon token liquidity pool lost $8.9 million after a hacker exploited a newly created 'burn' smart contract function that artificially inflated the price, allowing the actors to sell SafeMoon at a much higher price. [.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

AI-fueled search gives more power to the bad guys

CSO Magazine

Concerns about the reach of ChatGPT and how easier it may get for bad actors to find sensitive information have increased following Microsoft’s announcement of the integration of ChatGPT into Bing and the latest update of the technology, GPT-4. Within a month of the integration, Bing had crossed the 100 million daily user threshold. Meanwhile, GPT-4 improved the AI which now has better reasoning skills, is more accurate and has the ability to see images.

article thumbnail

Deep Dive into Royal Ransomware

Quick Heal Antivirus

The rise of ransomware and malware variants has been a growing concern for individuals and organizations alike. With. The post Deep Dive into Royal Ransomware appeared first on Quick Heal Blog.

article thumbnail

5 cyber threats retailers are facing — and how they’re fighting back

CSO Magazine

There are many reasons retailers are juicy targets for hackers. They earn and handle tremendous amounts of money, store millions of customer credit card numbers, and have frontline staff who may lack cybersecurity training. To save money, some retailers use older equipment that isn’t adequately updated, secured, or monitored to deal with cyberattacks.

Retail 117
article thumbnail

Leveraging Generative AI for Cybersecurity: Introducing Flare’s AI Powered Assistant

Security Boulevard

The world is changing with generative AI. And your threat intelligence platform is too. We’re thrilled to announce the launch of Flare’s AI Powered Assistant! Security operations and threat intelligence teams can now instantly create informed, summarized, and translated reports from the clear and dark web, regardless of the language and technical jargon.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Steam will drop support for Windows 7 and 8 in January 2024

Bleeping Computer

Valve announced that its Steam online game platform will officially drop support for the Windows 7, Windows 8, and Windows 8.1 platforms starting January 1st, 2024. [.

article thumbnail

Elon Musk says AI Machines could launch their own Cyber Attacks

CyberSecurity Insiders

As the fear of AI machines grips most technologists, Tesla’s chief’s latest words are playing the role of a catalyst to intensify the buzz. Speaking during a conference at SpaceX’s Starbase Facility, Elon Musk expressed fears that robots might launch cyberattacks on themselves in the near future, potentially causing deep trouble for humans if we do not stop their advances now.

article thumbnail

Phishing Emails Up a Whopping 569% in 2022

Dark Reading

Credential phishing emails are the clear favorite of threat actors, with a 478% spike last year, new research shows.

Phishing 137
article thumbnail

ChatGPT Injection: a new type of API Abuse attack may steal your OpenAI API credits

Security Boulevard

ChatGPT is spreading like wildfire all over the internet, being used in everything from casual tools to cybersecurity and even industrial applications. It’s so popular, I wouldn’t be shocked if it starts running a nuclear power plant soon (if it isn’t already)! Using OpenAI’s ChatGPT-3.5, ChatGPT-4, and earlier models like Davinci costs a few cents [.

Internet 108
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Latin American companies, governments need more focus on cybersecurity

CSO Magazine

For the first time, over a dozen cybersecurity companies have come together to produce an agnostic study titled LATAM CISO Report 2023: Insights from Industry Leaders. More than 200 CISOs in the Americas region, in addition to the Inter-American Development Bank (IDB), Latin American Federation of Banks (FELABAN), and the World Economic Forum (WEF), contributed to the report.

article thumbnail

Developing Story: Information on Attacks Involving 3CX Desktop App

Trend Micro

In late March 2023, security researchers revealed that threat actors were actively abusing a popular business communication software from 3CX.

Software 121
article thumbnail

North Korean threat actor APT43 pivots back to strategic cyberespionage

CSO Magazine

When it comes to threat actors working for the North Korean government, most people have heard of the Lazarus group (APT38). It was responsible for the 2014 attack against Sony Pictures, the 2016 cyber heist of funds belonging to the central bank of Bangladesh, and the 2017 WannaCry ransomware worm. However, another team that security researchers call APT43, Kimsuky, or Thallium has been carrying out cyberespionage and cybercrime operations at the behest of the North Korean government since at l

article thumbnail

Tips and Tricks to Transform Your Cybersecurity Board Report

Security Boulevard

Simply being “cyber aware” is an unviable option for board members as the impact of cybersecurity expands beyond IT systems. An unnoticed security gap or dated risk assessment are minor mistakes that can lead to cyber breaches that could render the company obsolete. Considering the serious risks associated with poor cybersecurity, boards are becoming more involved in cyber risk management and recognize that it is not just an IT issue but a concern that impacts the entire organization's success.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Microsoft Defender mistakenly tagging URLs as malicious

Bleeping Computer

Microsoft Defender is mistakenly flagging legitimate links as malicious, with some customers having already received dozens of alert emails since the issues began over five hours ago. [.

104
104
article thumbnail

Seven Types of Customer Authentication Methods

Security Boulevard

Customer identity and access management (CIAM) is a major cybersecurity component of any company that maintains customer accounts. Online fraud and authentication attack attempts have grown significantly in the past several years, with attackers increasingly turning their attention to customers rather than companies. This can be seen, for example, in the finance industry, where attacks against customers now outnumber those on institutions or their employees by 4:1.

article thumbnail

Analysis: Hackers Exploit Zero-Day to Siphon $1.5 Million From Bitcoin ATMs

CyberSecurity Insiders

Anxiety about the security of hot wallets grows as General Bytes customers are hit by a zero-day flaw in the company’s Bitcoin ATMs. By John E. Dunn It’s fair to say that crypto has an image problem. What it didn’t need was a Bitcoin ATM (BATM) hack to generate even more bad publicity. Unfortunately, that’s exactly what happened on March 17-18, according to General Bytes, one of the best-known makers of BATMs on the market.

article thumbnail

We’ve Been Using Email Since 1971—It’s Time We Make it Secure

Security Boulevard

An estimated 333 billion emails were sent and received daily worldwide in 2022. Email is one of the most important communication tools used today. It’s also a powerful, accessible, effective and low-cost tool for cybercriminals to use. As attacks continue to evolve, harnessing AI and advanced social engineering techniques for increasingly sophisticated, stealthy attacks, many.

article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

Command-and-Control Servers Explained. Techniques and DNS Security Risks

Heimadal Security

A command-and-control server (C&C) is a computer that threat actors use to send instructions to compromised systems. Their goal is to direct infected devices into performing further malicious activities on the host or network. Hackers can use C&C or C2 servers to create botnets and launch DDoS attacks, steal, delete, and/or encrypt data. Basically, a […] The post Command-and-Control Servers Explained.

DNS 104
article thumbnail

Will you entrust cybersecurity to AI as per Microsoft

CyberSecurity Insiders

OpenAI-developed conversational AI ChatGPT is hitting the news headlines almost daily, and as it is now a part of Microsoft, the software giant is also getting a lot of credit for devising such a tool that can do anything and everything…well, almost! Microsoft, which is busy integrating the services of the chatbot into its software products such as Bing, made an announcement that it intends for the world to entrust cybersecurity to artificial intelligence technology, as its capabilities ar

article thumbnail

Mélofée: Researchers Uncover New Linux Malware Linked to Chinese APT Groups

The Hacker News

An unknown Chinese state-sponsored hacking group has been linked to a novel piece of malware aimed at Linux servers. French cybersecurity firm ExaTrack, which found three samples of the previously documented malicious software that date back to early 2022, dubbed it Mélofée.

Malware 100
article thumbnail

Patch Now: Cybercriminals Set Sights on Critical IBM File Transfer Bug

Dark Reading

A vulnerability with a 9.8 CVSS rating in IBM's widely deployed Aspera Faspex offering is being actively exploited to compromise enterprises.

113
113
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?