Mon.Jun 05, 2023

article thumbnail

The Software-Defined Car

Schneier on Security

Developers are starting to talk about the software-defined car. For decades, features have accumulated like cruft in new vehicles: a box here to control the antilock brakes, a module there to run the cruise control radar, and so on. Now engineers and designers are rationalizing the way they go about building new models, taking advantage of much more powerful hardware to consolidate all those discrete functions into a small number of domain controllers.

Software 247
article thumbnail

Chrome Extensions Warning — Millions of Users Infected

Security Boulevard

Malware Déjà Vu: Perhaps as many as 87 million victims—maybe more. The post Chrome Extensions Warning — Millions of Users Infected appeared first on Security Boulevard.

Malware 145
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: Using generative AI to support — not replace — overworked cybersecurity pros

The Last Watchdog

As the threat of cybercrime grows with each passing year, cybersecurity must begin utilizing artificial intelligence tools to better combat digital threats. Related: Leveraging human sensors Although AI has become a powerful weapon, there’s concern it might be too effective compared to human cybersecurity professionals — leading to layoffs and replacements.

article thumbnail

Safeguarding Your Privacy Online: Essential Tips and Best Practices

CyberSecurity Insiders

In an increasingly connected world, where our lives revolve around the internet, safeguarding our privacy online has become paramount. From social media platforms to online shopping and banking, we share a wealth of personal information that can be vulnerable to misuse or exploitation. However, by adopting a few simple yet effective practices, you can significantly enhance your online privacy.

Passwords 126
article thumbnail

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

Speaker: Speakers:

They say a defense can be measured by its weakest link. In your cybersecurity posture, what––or who––is the weakest link? And how can you make them stronger? This webinar will equip you with the resources to search for quality training, implement it, and improve the cyber-behaviors of your workforce. By the end of the hour, you will feel empowered to improve the aspects of your security posture you control the least – the situational awareness and decision-making of your workforce.

article thumbnail

CISOs, IT lack confidence in executives’ cyber-defense knowledge

CSO Magazine

IT security teams lack confidence in their executives’ ability to prevent attacks on their personal hardware, systems, and network. This is according to a study sponsored by BlackCloak, a provider of digital privacy protection for high-profile executives, Ponemon Institute surveyed 553 US IT and IT security practitioners. Asked to rate from 1 to 10 how confident they were in CEOs and executives’ abilities to know how to recognize a phishing email, only 28% of respondents were confident.

CISO 125
article thumbnail

Zellis Cybersecurity Incident causes BA and Boots employee info data breach

CyberSecurity Insiders

Hackers somehow managed to exploit a vulnerability in Moveit file transfer software and ac-cessed information from the servers of Zellis, a payroll service provider in Britain. Unfortu-nately, British Airways (BA) and Boots are two among the list of companies that were impact-ed by the security incident. MOVEit produced by Progress Software is taking all precautions to mitigate the risks associat-ed with the incident and has informed the staff of Zellis on how to neutralize the effects of the cy

More Trending

article thumbnail

AI news trending on Google

CyberSecurity Insiders

To those interested in known news bits on the technology of Artificial Intelligence, here some fuel for thought. According to a report published in New York Post, a woman located in the same city has married a virtual man generated to the Artificial Intelligence. The woman named Rosanna Ramos, mother of two children, married a man named Eren Kartal, a person she met through an online dating app.

article thumbnail

Red Sift Taps GPT-4 to Better Identify Cybersecurity Threats

Security Boulevard

Red Sift today announced it is employing the GPT-4 generative artificial intelligence (AI) platform via a Relevance Detection capability to better determine whether a suspicious online entity should be monitored. Previously, Red Sift was applying machine learning algorithms to analyze domain name system (DNS) platforms, secure socket layer (SSL) certificates and the WHOIS database in.

article thumbnail

Clop ransomware claims responsibility for MOVEit extortion attacks

Bleeping Computer

The Clop ransomware gang has told BleepingComputer they are behind the MOVEit Transfer data-theft attacks, where a zero-day vulnerability was exploited to breach multiple companies' servers and steal data. [.

article thumbnail

Hackers exploit Gmail Blue checkmark impacting 1.8 billion Google users

CyberSecurity Insiders

Attention all business Gmail account holders, it is crucial to stay informed about the following news story. Security experts have issued a warning regarding the exploitation of the Gmail Blue Check Mark feature by scammers. These individuals are utilizing the mark to create counterfeit email addresses resembling those of well-known brands. Their goal is to deceive users into providing personal credentials and making fraudulent payments.

Marketing 110
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

KeePass v2.54 fixes bug that leaked cleartext master password

Bleeping Computer

KeePass has released version 2.54, fixing the CVE-2023-3278 vulnerability that allows the extraction of the cleartext master password from the application's memory. [.

Passwords 115
article thumbnail

BBC staffers warned of payroll data breach. Other firms also affected by MOVEit vulnerability

Graham Cluley

Staff at the BBC have been warned that their personal data may now be in the hands of cybercriminals, following the exploitation of a vulnerability in a software tool used by the company that manages their payroll.

article thumbnail

Microsoft's Outlook.com is down again on mobile, web

Bleeping Computer

​Outlook is down again for the second time today, with users facing a frustrating 503 error message when trying to access their accounts. [.

Mobile 125
article thumbnail

5 AI threats keeping SOC teams up at night

Security Boulevard

The explosion in the use of OpenAI's ChatGPT and other large language models (LLMs) — along with a range of other artificial intelligence (AI) and machine learning (ML) systems — is ramping up the security cat-and-mouse game. The post 5 AI threats keeping SOC teams up at night appeared first on Security Boulevard.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

New tool scans iPhones for 'Triangulation' malware infection

Bleeping Computer

Cybersecurity firm Kaspersky has released a tool to detect if Apple iPhones and other iOS devices are infected with a new 'Triangulation' malware. [.

Malware 117
article thumbnail

When it Comes to Cybersecurity, Prepare, Protect, Deploy

Security Boulevard

Attackers covet your data and never stop coming for it. In 2021, ransomware cases grew by 92.7%. Are you protecting your data with the same passion and with adequate cybersecurity solutions? • In 2022, the Austrian Health insurer Medibank lost the data of four million customers at an estimated cost of $25-35 million to the. The post When it Comes to Cybersecurity, Prepare, Protect, Deploy appeared first on Security Boulevard.

article thumbnail

Atomic Wallet hack leads to at least $35M in stolen crypto assets

CSO Magazine

A cyberattack on crypto wallet Atomic Wallet has resulted in at least $35 million worth of crypto assets being stolen since June 2, according to ZachXBT, an independent on-chain investigator known for tracing stolen crypto funds and assisting with hacked projects. The five most significant losses account for $17 million. “Think it could surpass $50m.

Hacking 96
article thumbnail

FireTail Report Finds API Security Breaches are few but Lethal

Security Boulevard

An analysis of cybersecurity breaches in 2022 conducted by FireTail, a provider of a platform for securing application programming interfaces (APIs), found only 12 publicly recorded breaches involving APIs, with six more being disclosed thus far in 2023. However, the average mean size of API data breach exposure is over 10 million records per incident.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Clop ransomware gang exploits the MOVEit Transfer vulnerability to steal data

CSO Magazine

More information is coming to light after news last week that a critical vulnerability in a secure file transfer Web application called MOVEit Transfer was being exploited by hackers. Microsoft tied some of the attacks to a threat actor associated with the Clop ransomware gang. "Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer zero-day vulnerability to Lace Tempest, known for ransomware operations and running the Clop extortion site," Microsoft's Threat Intelligence

article thumbnail

Overview of Ransomware Solutions from Protection to Detection and Response

Security Boulevard

Ransomware remains a top threat in 2023 and the Verizon Data Breach Investigations Report (DBIR) 2022 states that over 25% of breaches were caused by ransomware. The post Overview of Ransomware Solutions from Protection to Detection and Response appeared first on Seceon. The post Overview of Ransomware Solutions from Protection to Detection and Response appeared first on Security Boulevard.

article thumbnail

Trusting AI not to lie: The cost of truth: Lock and Code S04E12

Malwarebytes

In May, a lawyer who was defending their client in a lawsuit against Columbia's biggest airline, Avianca, submitted a legal filing before a court in Manhattan, New York, that listed several previous cases as support for their main argument to continue the lawsuit. But when the court reviewed the lawyer's citations, it found something curious: Several were entirely fabricated.

article thumbnail

WIRED: Millions of PC Motherboards Were Sold With a Firmware Backdoor

Security Boulevard

Hidden code in hundreds of models of Gigabyte motherboards invisibly and insecurely downloads programs—a feature ripe for abuse, researchers say. Read More > The post WIRED: Millions of PC Motherboards Were Sold With a Firmware Backdoor appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise. The post WIRED: Millions of PC Motherboards Were Sold With a Firmware Backdoor appeared first on Security Boulevard.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

5 unusual cybersecurity tips that actually work

Malwarebytes

So, you’re on top of your software updates, you use a password manager, you’ve enabled two-factor authentication wherever you can, you’ve got BrowserGuard installed, and you’re running Malwarebytes Premium. If you're doing all of that you're already winning at security. But you want more, because you know that security is a journey and not a destination, and, let’s face it, you’re reading an article about five unusual cybersecurity tips: You’re hooked.

article thumbnail

Should You Trust Cybersecurity Certifications?

Security Boulevard

There’s a major discrepancy between the number of organizations that are investing in cybersecurity certification programs and the number that feel prepared for an attack, according to an Immersive Labs report. While almost all organizations encourage industry certifications, fewer than a third (32%) of the 570 senior security and risk leaders surveyed said they were.

article thumbnail

Governments worldwide grapple with regulation to rein in AI dangers

CSO Magazine

Ever since generative AI exploded into public consciousness with the launch of ChatGPT at the end of last year, calls to regulate the technology to stop it from causing undue harm have risen to fever pitch around the world. The stakes are high — just last week, technology leaders signed an open public letter saying that if government officials get it wrong, the consequence could be the extinction of the human race.

article thumbnail

Hate speech is driving advertisers away from Twitter

Graham Cluley

Twitter awarded "gold checkmark" to unofficial Disney Twitter account which posted racial slurs. Is it any wonder that Twitter's ad sales in the United Sales have plunged 59% in the past year?

article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

KeePass fixed the bug that allows the extraction of the cleartext master password

Security Affairs

KeePass addressed the CVE-2023-32784 bug that allows the extraction of the cleartext master password from the memory of the client. KeePass has addressed the CVE-2023-32784 vulnerability, which allowed the retrieval of the clear-text master password from the client’s memory. KeePass is a free and open-source software used to securely manage passwords.

article thumbnail

Gigabyte Slams Backdoor Shut With Attack-Killing BIOS Update

Dark Reading

A firmware update for hundreds of Gigabyte PC models gets rid of a backdoor capability that could be hijacked by cybercriminals, the company says.

article thumbnail

Microsoft blames Clop ransomware gang for ‘MOVEit Transfer’ attacks

Security Affairs

Microsoft attributes the recent campaign exploiting a zero-day in the MOVEit Transfer platform to the Clop ransomware gang. The Clop ransomware gang (aka Lace Tempest ) is credited by Microsoft for the recent campaign that exploits a zero-day vulnerability, tracked as CVE-2023-34362 , in the MOVEit Transfer platform. Microsoft is attributing attacks exploiting the CVE-2023-34362 MOVEit Transfer 0-day vulnerability to Lace Tempest, known for ransomware operations & running the Clop extortion

article thumbnail

Zyxel Firewalls Under Attack! Urgent Patching Required

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed two recently disclosed flaws in Zyxel firewalls to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?