Daniel Miessler
MAY 15, 2023
Introduction Purpose Components Attacks Discussion Summary Introduction This resource is a first thrust at a framework for thinking about how to attack AI systems. At the time of writing, GPT-4 has only been out for a couple of months, and ChatGPT for only 6 months. So things are very early. There has been, of course, much content on attacking pre-ChatGPT AI systems, namely how to attack machine learning implementations.
Schneier on Security
MAY 15, 2023
Micro-Star International—aka MSI—had its UEFI signing key stolen last month. This raises the possibility that the leaked key could push out updates that would infect a computer’s most nether regions without triggering a warning. To make matters worse, Matrosov said, MSI doesn’t have an automated patching process the way Dell, HP, and many larger hardware makers do.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
MAY 15, 2023
In an increasingly interconnected world, the evolution of the automotive industry presents an exciting yet daunting prospect. Related: Privacy rules for vehicles As vehicles continue to offer modern features such as app-to-car connectivity, remote control access, and driver assistance software, a huge risk lurks in the shadows. The physical safety of things like airbags, rearview mirrors, and brakes is well accounted for; yet cybersecurity auto safety concerns are rising to the fore.
Tech Republic Security
MAY 15, 2023
A new report from Proofpoint provides global insight into CISOs' challenges, expectations and priorities for 2023. The post Survey: Most CISOs feel their business is at risk for cyberattack appeared first on TechRepublic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Anton on Security
MAY 15, 2023
Great blog posts are sometimes hard to find (especially on Medium ), so I decided to do a periodic list blog with my favorite posts of the past quarter or so. Here is the next one. The posts below are ranked by lifetime views. This covers both Anton on Security and my posts from Google Cloud blog , and our Cloud Security Podcast too ( subscribe ). Top 5 most popular posts of all times (these ended up being the same as last quarter, and the quarter before) : “Security Correlation Then and Now: A
Tech Republic Security
MAY 15, 2023
Artificial intelligence art service Midjourney and Shutterstock will identify their computer-generated images in Google Search. The post Google combats AI misinformation with Search labels, adds dark web security upgrades appeared first on TechRepublic.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
CSO Magazine
MAY 15, 2023
Companies with cyber insurance are more likely to get hit by ransomware, more likely to be attacked multiple times, and more likely to pay ransoms, according to a recent survey of IT decision makers. Back in 2019, fewer than 20% of enterprises suffered repeat ransomware attacks, while during the pandemic, the percentage rose to around 30%. And it didn’t stop with the pandemic, with 38% of organizations surveyed in 2022 reporting two or more successful ransomware attacks, those that attackers wer
Bleeping Computer
MAY 15, 2023
Pharmacy services provider PharMerica has disclosed a massive data breach impacting over 5.8 million patients, exposing their medical data to hackers. [.
CSO Magazine
MAY 15, 2023
Threat actors have started exploiting a recently disclosed vulnerability in WordPress, within 24 hours of the proof-of-concept (PoC) exploit being published by the company, according to a blog by Akamai. The high-severity vulnerability, CVE-2023-30777 that affects the WordPress Advanced Custom Fields plugin, was identified by a Patchstack researcher on May 2.
Security Boulevard
MAY 15, 2023
The rapid increase of the Internet of Things (IoT) technology has transformed the world in many ways. From home automation to industrial control systems, IoT has become an integral part of our daily lives. However, as with any new technology, there are significant cybersecurity concerns that come with it. In this blog post, we will […] The post The Battle Against IoT Cyber Threats appeared first on PeoplActive.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
CSO Magazine
MAY 15, 2023
It can seem like cybercriminals are running rampant across the world's digital infrastructure, launching ransomware attacks, scams, and outright thefts with impunity. Over the last year, however, US and global authorities seized $112 million from cryptocurrency investment scams, disrupted the Hive ransomware group, broke up online illegal drug marketplaces, and sanctioned crypto money launderers, among other operations to crack down on internet-enabled crimes.
Bleeping Computer
MAY 15, 2023
A new APT hacking group dubbed Lancefly uses a custom 'Merdoor' backdoor malware to target government, aviation, and telecommunication organizations in South and Southeast Asia. [.
Security Boulevard
MAY 15, 2023
Cybersecurity threats have been increasing at an alarming rate, and organizations must continuously adapt to address these threats. The convergence of Information Technology (IT) and Operational Technology (OT) has created new challenges for cybersecurity. IT systems deal with data, communication, and networking, while OT systems control physical processes, such as manufacturing, transportation, and energy production. […] The post The Importance of Understanding the Unique Challenges of IT &
CSO Magazine
MAY 15, 2023
Endpoint-based web and cloud security provider Dope Security has launched a new instant secure socket layer ( SSL ) error resolution feature on its secure web gateway (SWG) offering, Dope.swg. The new feature is added to simplify SSL inspection conducted by Dope’s SWG and helps admins bypass SSL errors generated as a result of the inspection. “Dope’s main differentiation is its ‘fly-direct’ architecture — rather than re-route all of your Internet traffic to a data center for security checks, we
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Bleeping Computer
MAY 15, 2023
Meta is now rolling out 'Chat Lock,' a new WhatsApp privacy feature allowing users to block others from accessing their most personal conversations. [.
Quick Heal Antivirus
MAY 15, 2023
If you’re still pondering over these questions, here’s the scoop: yes, you definitely need an antivirus, and we. The post What is Anti-Virus Software? And Do I really need it ? appeared first on Quick Heal Blog.
Security Boulevard
MAY 15, 2023
In an increasingly interconnected world, the evolution of the automotive industry presents an exciting yet daunting prospect. Related: Privacy rules for vehicles As vehicles continue to offer modern features such as app-to-car connectivity, remote control access, and driver assistance software, … (more…) The post SHARED INTEL: From airbags to malware: vehicle cyber safety arises in the age of connected cars appeared first on Security Boulevard.
CSO Magazine
MAY 15, 2023
Researchers warn of a new ransomware threat dubbed RA Group that also engages in data theft and extortion and has been hitting organizations since late April. The group's ransomware program is built from the leaked source code of a different threat called Babuk. "Like other ransomware actors, RA Group also operates a data leak site in which they threaten to publish the data exfiltrated from victims who fail to contact them within a specified time or do not meet their ransom demands," researchers
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
MAY 15, 2023
A New Jersey court recently ruled that an insurer was not relieved from its obligation to pay for Merck’s losses after a Russian NotPetya cyberattack. The insurer claimed its ‘Act of War’ exclusion applied to the company’s cyberinsurance policy; the court disagreed. The rise of cyberattacks has led to a significant increase in the demand.
CyberSecurity Insiders
MAY 15, 2023
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. The digital landscape is always changing to keep up with a constantly evolving world, and bad actors are also adapting. For every new development in the digital world, cybercriminals are looking to take advantage of weaknesses, so it is important that those concerned with the security of their organization’s
Security Boulevard
MAY 15, 2023
Detecting ransomware activity has become increasingly difficult because adversaries are constantly evolving their tools, tactics and techniques. For example, threat actors are using new programming languages like Rust to help avoid detection by security software and exfiltrating data (instead of encrypting it) so they can threaten organizations that use backups.
eSecurity Planet
MAY 15, 2023
Gone are the days when you could get away with doing nothing to prepare for DDoS attacks. With the cost of DDoS attacks falling and their frequency and sophistication growing, even organizations that think their profile is too low to worry about DDoS can still become victims. Even organizations that think they’re protected against DDoS attacks may be more at risk than they think.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
The Hacker News
MAY 15, 2023
A new ransomware-as-service (RaaS) operation called MichaelKors has become the latest file-encrypting malware to target Linux and VMware ESXi systems as of April 2023. The development points to cybercriminal actors increasingly setting their eyes on the ESXi, cybersecurity firm CrowdStrike said in a report shared with The Hacker News.
CSO Magazine
MAY 15, 2023
The UK National Cyber Security Centre (NCSC) and the UK’s data protection regulator the Information Commissioner’s Office (ICO) have published a rare joint article dispelling several myths about cyberattack reporting to tackle the problem of unreported data breaches. The pair argued that, while businesses may be tempted to hide data breaches to avoid negative scrutiny, cybercriminals enjoy greater success when attacks are not reported.
Bleeping Computer
MAY 15, 2023
A new ransomware group named 'RA Group' is targeting pharmaceutical, insurance, wealth management, and manufacturing firms in the United States and South Korea. [.
CyberSecurity Insiders
MAY 15, 2023
A new ransomware group dubbed RA Group has been hitting the news headlines for the past two weeks. The group is targeting organizations operating in the United States and South Korea. Currently, it appears that the attackers are primarily focusing on companies in manufacturing, wealth management, insurance, and pharmaceuticals sectors. They employ double extortion attacks and leak details through a newly developed website accessible only through the dark web.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Malwarebytes
MAY 15, 2023
Some important changes are heading to Windows which should make the operating system quite a bit more secure than it is now. At the end of April, Microsoft’s VP of OS Security and Enterprise referenced upcoming changes to Windows involving the programming language Rust. Rust matches the performance of languages like C and C++ while being easier to debug and maintain, and—most importantly—memory safe.
Security Boulevard
MAY 15, 2023
The internet is a vast digital landscape that can extend beyond the public facing part many see each day. Typically, the public facing portion of the internet that is seen today is called the clear or surface web. Aside from the clear web, there are facets of the internet that are visible but not indexed by […] The post Deep Web Intelligence: The Complete 2023 Guide appeared first on Flare | Cyber Threat Intel | Digital Risk Protection.
Malwarebytes
MAY 15, 2023
There are many good reasons to use a Virtual Private Network ( VPN ), even if you are just casually scrolling. Privacy is a right that is yours to value and defend, and if you want to increase your online privacy then a VPN is one of the possible solutions. A VPN works like this: When you’re connected to the internet, all of your activity is logged and associated with your Internet Protocol (IP) address.
The Hacker News
MAY 15, 2023
Several security vulnerabilities have been disclosed in cloud management platforms associated with three industrial cellular router vendors that could expose operational technology (OT) networks to external attacks. The findings were presented by Israeli industrial cybersecurity firm OTORIO at the Black Hat Asia 2023 conference last week.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
364 
Let's personalize your content