Mon.Mar 13, 2023

article thumbnail

Artificial Intelligence in Cybersecurity: Boon or Bane? – A Free Webinar With Joseph Steinberg, Author of Cybersecurity For Dummies

Joseph Steinberg

As pretty much every professional knows, the cyber-threat landscape is constantly and rapidly evolving as hackers discover new techniques to breach organizations. While the introduction of artificial intelligence (AI) is certainly delivering many benefits to mankind, including in the realm of cybersecurity, it has also created all sorts of new risks as evildoers seek to harness AI for their illicit and harmful purposes.

article thumbnail

GUEST ESSAY: Could CISOs be on the verge of disproving the ‘security-as-a-cost-center’ fallacy?

The Last Watchdog

This year has kicked off with a string of high-profile layoffs — particularly in high tech — prompting organizations across all sectors to both consider costs and plan for yet another uncertain 12 or more months. Related: Attack surface management takes center stage. So how will this affect chief information security officers (CISOs) and security programs?

CISO 203
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How internet-facing webcams could put your organization at risk

Tech Republic Security

By exploiting webcams and other IoT devices, hackers can spy on private and professional conversations, potentially giving them access to sensitive information, says BitSight. The post How internet-facing webcams could put your organization at risk appeared first on TechRepublic.

Internet 174
article thumbnail

6 reasons why your anti-phishing strategy isn’t working

CSO Magazine

Phishing attempts are typically like fishing in a barrel — given enough time, a bad actor is 100% likely to reel in a victim. Once they recognize organizations as habitually vulnerable, they will continue to target them and the barrel-fishing cycle goes on and on. “Bad actors are highly motivated and funded with the sole attempt to be successful at attracting only one victim,” says Johanna Baum, CEO and founder of Strategic Security Solutions Consulting.

Phishing 131
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

New Hiatus malware campaign targets routers

Tech Republic Security

A new malware dubbed HiatusRAT infects routers to spy on its targets, mostly in Europe and in the U.S. Learn which router models are primarily targeted and how to protect from this security threat. The post New Hiatus malware campaign targets routers appeared first on TechRepublic.

Malware 158
article thumbnail

5 signs you’ve fallen for a scam – and what to do next

We Live Security

Here’s how to know you have fallen victim to a scam – and what to do in order to undo or mitigate the damage.

Scams 117

LifeWorks

More Trending

article thumbnail

What to Do If Your Phone Is Lost or Stolen

Identity IQ

What to Do If Your Phone Is Lost or Stolen IdentityIQ Losing your phone can feel like the end of the world. One minute it’s in your pocket, and the next you can’t find it anywhere! Whether it was dropped somewhere, taken by someone, or completely disappeared into thin air, you’re now in a whirlwind of worry and frustration. No doubt you are concerned about the cost of replacing an expensive smartphone.

article thumbnail

Fake ChatGPT browser extension is hijacking Facebook Business accounts

ZoneAlarm

A fake ChatGPT extension named “Quick access to ChatGPT” has been found to hijack Facebook business accounts. The extension injects malicious code into the Facebook pages of targeted businesses, allowing attackers to gain unauthorized access to the accounts and take over their management functions. This has led to multiple businesses reporting similar incidents of unauthorized … The post Fake ChatGPT browser extension is hijacking Facebook Business accounts appeared first on Zo

article thumbnail

Coffee with the Council Podcast: Help Elect the Council’s Next Board of Advisors

PCI perspectives

Hello and welcome to Coffee with the Council. I’m Alicia Malone, Senior Manager of Public Relations at the PCI Security Standards Council. This month, we begin the election phase of the Council’s new Board of Advisors for the 2023 to 2025 term.

101
101
article thumbnail

Clop ransomware is victimizing GoAnywhere MFT customers

Malwarebytes

According to information gathered by BleepingComputer , the Clop ransomware group has claimed responsibility for the ransomware attacks that are tied to a vulnerability in the Fortra GoAnywhere MFT secure file-sharing solution. As we reported on February 8, Fortra released an emergency patch (7.1.2) for an actively exploited zero-day vulnerability found in the GoAnywhere MFT administrator console.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Large-scale Cyber Attack Hijacks East Asian Websites for Adult Content Redirects

The Hacker News

A widespread malicious cyber operation has hijacked thousands of websites aimed at East Asian audiences to redirect visitors to adult-themed content since early September 2022.

article thumbnail

Ransomware Attacks Have Entered a ‘Heinous’ New Phase

WIRED Threat Level

With victims refusing to pay, cybercriminal gangs are now releasing stolen photos of cancer patients and sensitive student records.

article thumbnail

AI-Created YouTube Videos Spread Around Malware

Dark Reading

AI-generated videos pose as tutorials on how to get cracked versions of Photoshop, Premiere Pro, and more.

Malware 99
article thumbnail

Warning: AI-generated YouTube Video Tutorials Spreading Infostealer Malware

The Hacker News

Threat actors have been increasingly observed using AI-generated YouTube Videos to spread a variety of stealer malware such as Raccoon, RedLine, and Vidar.

Malware 99
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Golang-Based Botnet GoBruteforcer targets web servers

Security Affairs

A recently discovered Golang-based botnet, dubbed GoBruteforcer, is targeting web servers running FTP, MySQL, phpMyAdmin, and Postgres services Researchers from Palo Alto Networks Unit 42 recently discovered a Golang-based botnet, tracked as GoBruteforcer, which is targeting web servers running FTP, MySQL, phpMyAdmin, and Postgres services. In order to compromise a target system, the samples require special conditions on it, such as the use of specific arguments and targeted services already bei

article thumbnail

Kali Linux 2023.1 introduces 'Purple' distro for defensive security

Bleeping Computer

​Offensive Security has released ​Kali Linux 2023.1, the first version of 2023 and the project's 10th anniversary, with a new distro called 'Kali Purple,' aimed at Blue and Purple teamers for defensive security. [.

98
article thumbnail

Fake ChatGPT Chrome Extension Hijacking Facebook Accounts for Malicious Advertising

The Hacker News

A fake ChatGPT-branded Chrome browser extension has been found to come with capabilities to hijack Facebook accounts and create rogue admin accounts, highlighting one of the different methods cyber criminals are using to distribute malware.

article thumbnail

Actors of Badness Exploit NCAA March Madness

SecureWorld News

March Madness. It's NCAA basketball tournament time, and that means lots of lost hours of work as folks call in sick to watch games or huddle around the office TVs to see their favorite collegiate teams try to work their way to the Sweet 16, Final Four, and hopefully national title. The official tipoff started yesterday with Selection Sunday and the beginning of the Round of 64 this week.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

"Just awful" experiment points suicidal teens at chatbot

Malwarebytes

After getting in hot water for using an AI chatbot to provide mental health counseling , non-profit startup Koko has now been criticized for experimenting with young adults at risk of harming themselves. Worse, the young adults were unaware they were test subjects. Motherboard reports the experiment took place between August and September 2022. At-risk subjects, aged 18 to 25, were directed to a chatbot after posting "crisis-related" keywords like "depression" and "sewer-slide" on Discord, Faceb

Risk 98
article thumbnail

CISA adds Plex Media Server bug, exploited in LastPass attack, to Known Exploited Vulnerabilities Catalog

Security Affairs

US CISA added remote code execution vulnerability in Plex Media Server to its Known Exploited Vulnerabilities Catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a remote code execution (RCE) vulnerability in the Plex Media Server, tracked as CVE-2020-5741 (CVSS score: 7.2), to its Known Exploited Vulnerabilities Catalog.

Media 98
article thumbnail

Hackers steal $197 million in crypto in Euler Finance attack

Bleeping Computer

Lending protocol Euler Finance was hit by a cryptocurrency flash loan attack on Sunday, with the threat actor stealing $197 million in multiple digital assets. [.

article thumbnail

Dark Pink APT targets Govt entities in South Asia

Security Affairs

Researchers reported that Dark Pink APT employed a malware dubbed KamiKakaBot against Southeast Asian targets. In February 2023, EclecticIQ researchers spotted multiple KamiKakaBot malware samples that were employed by the Dark Pink APT group (aka Saaiwc) in attacks against government entities in Southeast Asia countries. The activity of the group was first detailed by Group-IB in January 2023, the group used custom malware such as KamiKakaBot and TelePowerBot.

Malware 98
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Why You Need to Emphasize Cloud Security

Security Boulevard

In today’s digital age, businesses of all sizes rely heavily on cloud technology to store, process and access their critical data and applications. While cloud computing offers numerous benefits, it also poses significant security challenges that can jeopardize the confidentiality, integrity and availability of sensitive information. Cyberattacks are becoming more frequent and sophisticated, and businesses.

article thumbnail

Air-Gapped Computers Vulnerable to Data Stealing Through Internal Speakers

Heimadal Security

South Korean researchers presented a new covert channel attack named CASPER. It uses internal speakers to leak data from air-gapped PCs to nearby smartphones at a rate of 20 bits per second. Until now, similar attacks used external speakers. But network-isolated systems, commonly used in highly secretive organizations, do not usually have external speakers.

article thumbnail

NordVPN makes its Meshnet private tunnel free for everyone

Bleeping Computer

NordVPN's Meshnet private tunnel feature for Windows, macOS, and Linux is now free for everyone, even users who do not have a subscription to NordVPN. [.

article thumbnail

3 key insights from the Entrust Cybersecurity Institute’s “Future of Identity” Report

Security Boulevard

We surveyed 1,450 consumers globally to understand how they feel about emerging identity topics —. The post 3 key insights from the Entrust Cybersecurity Institute’s “Future of Identity” Report appeared first on Entrust Blog. The post 3 key insights from the Entrust Cybersecurity Institute’s “Future of Identity” Report appeared first on Security Boulevard.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Fake Job Proposals Used to Deploy Malware – Security Researchers Targeted

Heimadal Security

North Korean based threat actors are believed to be actively seeking security researchers and media outlets with fake job proposals aimed at U.S. and European victims. Three different families of malware are deployed into the target’s environment, and social engineering techniques are used to convince their targets to engage in a WhatsApp conversation.

Malware 97
article thumbnail

Fortinet FortiOS Flaw Exploited in Targeted Cyberattacks on Government Entities

The Hacker News

Government entities and large organizations have been targeted by an unknown threat actor by exploiting a security flaw in Fortinet FortiOS software to result in data loss and OS and file corruption.

article thumbnail

Let’s Stop Talking About the ‘Largest’ DDoS Attack

Security Boulevard

There have been a slew of DDoS attacks recently that are serious, but to focus on the size of the latest attack is the wrong thing to do. What we need to focus on are the impacts of these attacks. Would the CFO consider the site being down for less than an hour to be. The post Let’s Stop Talking About the ‘Largest’ DDoS Attack appeared first on Security Boulevard.

DDOS 97
article thumbnail

BrandPost: Propaganda in the digital age: How cyber influence operations erode trust

CSO Magazine

By Microsoft Security Across the domestic and international stage, nation-state actors are increasingly using sophisticated influence operations to distribute propaganda and impact public opinion. These campaigns leverage various methods and technologies to erode trust, increase polarization, and threaten democratic processes. The result is a 900% year-over-year increase in the proliferation of deepfakes since 2019.

Media 96
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!