Schneier on Security
JUNE 2, 2023
In February, Meta released its large language model: LLaMA. Unlike OpenAI and its ChatGPT, Meta didn’t just give the world a chat window to play with. Instead, it released the code into the open-source community, and shortly thereafter the model itself was leaked. Researchers and programmers immediately started modifying it, improving it, and getting it to do things no one else anticipated.
Troy Hunt
JUNE 2, 2023
And so ends a long period of back-to-back weeks of conferences and talks. It's funny how these things seem to cluster together at times and whilst the last 6 or 8 weeks (I honestly lose track!) have been chaotic, I've now got a few weeks of much less pressure which will give me time to finally push out some HIBP stuff that's been in the wings for ages.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
JUNE 2, 2023
Identity management company 1Password is spinning up a pair of new features that constitute a major shift away from passwords and toward their low-friction replacement: passkeys. The post 1Password enables passkeys — a new option from passwords appeared first on TechRepublic.
Bleeping Computer
JUNE 2, 2023
Microsoft says SMB signing (aka security signatures) will be required by default for all connections to defend against NTLM relay attacks, starting with today's Windows build (Enterprise edition) rolling out to Insiders in the Canary Channel. [.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Tech Republic Security
JUNE 2, 2023
Not only do you get access to over 90 courses, but also career mentoring, skills evaluation, training on real cyber security projects, and much more. The post Develop valuable cyber security skills over a lifetime for only $70 appeared first on TechRepublic.
Bleeping Computer
JUNE 2, 2023
Google has removed from the Chrome Web Store 32 malicious extensions that could alter search results and push spam or unwanted ads. Collectively, they come with a download count of 75 million. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
JUNE 2, 2023
After introducing a string of AI-powered assistants for its products, Microsoft has now announced that it will soon end support for the Windows standalone Cortana app. [.
CyberSecurity Insiders
JUNE 2, 2023
By Matt Morris, Global Managing Director of 1898 & Co. Two years have passed since the notorious Colonial Pipeline hack, an incident that plunged the nation into a state of emergency, causing fuel disruptions in airlines and commercial sectors, and triggering panic-buying among consumers leading to a sharp rise in gas prices. In May 2021, the hack infiltrated critical systems of the pipeline, resulting in its shutdown for several days.
Anton on Security
JUNE 2, 2023
Using Cloud Securely — The Config Doom Question First, “Use Cloud Securely? What Does This Even Mean?!” and “How to Solve the Mystery of Cloud Defense in Depth?” (and “Where Does Shared Responsibility Model for Security Breaks in the Real World?” too) would make for good “recommended reading” here. Use Cloud Securely? What Does This Even Mean?! At this point, it is clear that most discussions on using cloud securely or secure use of cloud computing include the dreaded configuration question — or
Dark Reading
JUNE 2, 2023
Russia's FSB intelligence agency says the zero-click attacks range far beyond Kaspersky, and it has blamed them on the United States' NSA. Those allegations are thus far uncorroborated.
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
CyberSecurity Insiders
JUNE 2, 2023
By Jayakumar (Jay) Kurup, Global Sales Engineering Director at Morphisec Securing operational technology (OT) creates unique challenges. Zero tolerance of downtime in factories, ports, banks, treatment plants, and other OT environments means that standard security practices like patch management or deploying protective solutions onto endpoints can be almost impossible to uphold.
SecureList
JUNE 2, 2023
In our initial blogpost about “Operation Triangulation”, we published a comprehensive guide on how to manually check iOS device backups for possible indicators of compromise using MVT. This process takes time and requires manual search for several types of indicators. To automate this process, we developed a dedicated utility to scan the backups and run all the checks.
Tech Republic Security
JUNE 2, 2023
Application instance lock, Azure Virtual Network Manager and Network Watcher troubleshooting: tools for making the applications you run on Azure more secure. The post Improve your app security on Azure appeared first on TechRepublic.
Dark Reading
JUNE 2, 2023
A recent campaign tricks victims into visiting credential harvesting sites by hiding malicious URLs behind photos advertising deals from trusted brands.
Speaker: William Hord, Senior VP of Risk & Professional Services
Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?
CyberSecurity Insiders
JUNE 2, 2023
To all those who are concerned about Netflix’s decision to ban password sharing in almost 100 countries, here’s a solution that appears to work for now. A new VPN called Meshnet allows multiple users to connect from the same IP address, using a technique known as ‘Tunneling.’ Moving forward, the popular OTT platform will no longer tolerate password sharing as it significantly impacts its revenue.
Dark Reading
JUNE 2, 2023
The Python Package Index will require developers to better secure their accounts as cyberattacks ramp up, but protecting the software supply chain will take more than that.
Bleeping Computer
JUNE 2, 2023
State-sponsored North Korean hacker group Kimsuky (a.ka. APT43) has been impersonating journalists and academics for spear-phishing campaigns to collect intelligence from think tanks, research centers, academic institutions, and various media organizations. [.
Security Boulevard
JUNE 2, 2023
In February 2018, Oxford Biomedica, a large biological research company in Oxford, UK, was hit by a ransomware attack. The hackers were demanding more than £300,000 in ransom. Oxford invoked its incident response plan and called in its team. One member of Oxford’s internal incident response team, Ashley Liles, had a brilliant idea—he was going. The post A New Ransomware Scam: Fraud by the Incident Responders appeared first on Security Boulevard.
Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster
So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.
CSO Magazine
JUNE 2, 2023
The Russian federal security agency, the FSB, has put out a security alert claiming that US intelligence services are behind an attack campaign that exploits vulnerabilities in iOS and compromised thousands of iPhones devices in Russia, including those of foreign diplomats. In a separate report, Russian antivirus vendor Kaspersky Lab said that several dozen of its senior employees and upper management were targeted as part of the operation, although unlike the FSB, the company did not attribute
Security Boulevard
JUNE 2, 2023
The rollout of 5G networks has been surprisingly slow. As a concept, it was introduced in 2016, but it only became globally available in 2019. Four years later, the number of people with 5G-enabled devices is still small in most countries. It’s uncertain if the reason behind the sluggish adoption is affordability, the lack of. The post 5G and Cybersecurity Risks in 2023 appeared first on Security Boulevard.
Dark Reading
JUNE 2, 2023
Integrating a subject rights request tool with security and compliance solutions can help identify potential data conflicts more efficiently and with greater accuracy.
Security Boulevard
JUNE 2, 2023
The energy industry is increasingly targeted by malicious actors and threat groups through activity on the dark web, according to a report from Searchlight Cyber, which detailed numerous instances of threat actors selling initial access to energy organizations around the world. These include targets in the U.S., Canada, United Kingdom, France, Italy and Indonesia on popular dark.
Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC
Communication is a core component of a resilient organization's risk management framework. However, risk communication involves more than just reporting information and populating dashboards, and we may be limiting our skillset. Storytelling is the ability to express ideas and convey messages to others, including stakeholders. When done effectively, it can help interpret complex risk environments for leaders and inform their decision-making.
Dark Reading
JUNE 2, 2023
Disgruntled users are pursuing offers for "full Netflix access" at steeply discounted rates.
Security Boulevard
JUNE 2, 2023
In today’s world of software development, cybersecurity is more than a luxury; it's a necessity. Cyber threats aren’t only growing in frequency, complexity, and sophistication, they’re targeting developer environments and the software supply chain. The need for robust, secure software development frameworks is more critical than ever. However, not all organizations know how to secure their frameworks.
CSO Magazine
JUNE 2, 2023
Progress Software has discovered a vulnerability in its file transfer software MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment, the company said in a security advisory. “A SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database,” the company said in the post, adding that depending on the database engine bei
Security Boulevard
JUNE 2, 2023
Discover why identity security awareness is crucial in today's digital landscape. Learn how to protect yourself and your business from cyber threats. Read more now. The post Why is Identity Security Awareness Becoming the Need of the Hour? appeared first on Security Boulevard.
Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP
Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.
The Hacker News
JUNE 2, 2023
The Chinese nation-stage group known as Camaro Dragon has been linked to yet another backdoor that's designed to meet its intelligence-gathering goals. Israeli cybersecurity firm Check Point, which dubbed the Go-based malware TinyNote, said it functions as a first-stage payload capable of "basic machine enumeration and command execution via PowerShell or Goroutines.
Security Boulevard
JUNE 2, 2023
The second anniversary of the Colonial Pipeline ransomware attack has come and gone, and while many lessons have been learned and assimilated, there’s still more we can do. Security Boulevard reached out to some experts in the industry to see how far we’ve come and where work still needs to be done. For those in. The post Two Years After Colonial Pipeline, What Have We Learned?
Dark Reading
JUNE 2, 2023
SMS campaigns targeting members of the public in the United Arab Emirates have been detected.
Security Boulevard
JUNE 2, 2023
Insight #1 "AI scams are on the rise. It’s time for extra diligence when interacting with anything claiming to be AI." Insight #2 "FEDRAMP released rev 5 this week. Those of you with a FEDRAMP ATO have 1 year to comply with the new version." Insight #3 " A recent report shows 92% of orgs experienced an API security incident last year. I would guess the other 8% did but never detected it.
Speaker: Ryan McInerny, CAMS, FRM, MSBA - Principal, Product Strategy
Cryptocurrency and non-fungible tokens (NFTs) - what are they and why should you care? With 20% of Americans owning cryptocurrencies, speaking "fluent crypto" in the financial sector ensures you are prepared to discuss growth and risk management strategies when the topic arises. Join this exclusive webinar with Ryan McInerny to learn: Cryptocurrency asset market trends How to manage risk and compliance to serve customers safely Best practices for identifying crypto transactions and companies Rev
Expert insights. Personalized for you.
246 
Let's personalize your content