Schneier on Security

MARCH 7, 2023

This is a good survey on prompt injection attacks on large language models (like ChatGPT). Abstract: We are currently witnessing dramatic advances in the capabilities of Large Language Models (LLMs). They are already being adopted in practice and integrated into many systems, including integrated development environments (IDEs) and search engines. The functionalities of current LLMs can be modulated via natural language prompts, while their exact internal functionality remains implicit and unass

Engineering 335

Engineering 335

Krebs on Security

MARCH 7, 2023

The domain name registrar Freenom , whose free domain names have long been a draw for spammers and phishers, has stopped allowing new domain name registrations. The move comes just days after the Dutch registrar was sued by Meta , which alleges the company ignores abuse complaints about phishing websites while monetizing traffic to those abusive domains.

Phishing 304

Phishing Media Internet Internet 304

Tech Republic Security

MARCH 7, 2023

CrowdStrike’s new threat report sees a big increase in data theft activity, as attackers move away from ransomware and other malware attacks, as defense gets better, and the value of data increases. The post CrowdStrike: Attackers focusing on cloud exploits, data theft appeared first on TechRepublic.

Threat Reports 187

Threat Reports Ransomware Malware Cybersecurity 187

Dark Reading

MARCH 7, 2023

More than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information.

144

144

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Tech Republic Security

MARCH 7, 2023

The Security Incident Response Policy, from TechRepublic Premium, describes the organization’s process for minimizing and mitigating the results of an information technology security-related incident. From the policy: Whenever a user of an organization-provided computer, device, system, network application, cloud service or platform experiences a suspected technology-related security incident, the individual must immediately notify the IT.

Technology 144

Technology 144

Security Boulevard

MARCH 7, 2023

The sudden mainstreaming of chatbots and generative AI like ChatGPT has a lot of people worried. They believe this is the AI technology that will replace them. Fortunately, that’s not actually the case. The more likely scenario is that humans will partner with AI to create a hybrid model of job roles. And this is. The post Hybrid Systems: AI and Humans Need Each Other for Effective Cybersecurity appeared first on Security Boulevard.

Cybersecurity 132

Cybersecurity Technology Mobile Malware 132

Dark Reading

MARCH 7, 2023

An Acer statement confirms that a document server for repair techs was compromised, but says customer data doesn't appear to be part of the leak.

131

131

Security Boulevard

MARCH 7, 2023

Online password managers are meant to help users keep track of the long and complex. The post What the LastPass Hack Says About Modern Cybersecurity appeared first on Axiad. The post What the LastPass Hack Says About Modern Cybersecurity appeared first on Security Boulevard.

Hacking 128

Hacking Cybersecurity Password Management Passwords 128

We Live Security

MARCH 7, 2023

ESET researchers analyze a cyberespionage campaign that distributes CapraRAT backdoors through trojanized and supposedly secure Android messaging apps – but also exfiltrates sensitive information The post Love scam or espionage?

Scams 126

Scams 126

Bleeping Computer

MARCH 7, 2023

The Emotet malware operation is again spamming malicious emails as of Tuesday morning after a three-month break, rebuilding its network and infecting devices worldwide. [.

Malware 122

Malware 122

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

CSO Magazine

MARCH 7, 2023

What is extended detection and response (XDR)? There is a lot of confusion as to what XDR is, and some people are asking whether we simply ran out of letters for acronyms. Many are even thinking that XDR is a product or the evolution of endpoint detection and response (EDR), but that’s not necessarily the case either. Rather, we need to start thinking of XDR as a strategy, and not a product.

Firewall 115

Firewall Technology 115

Bleeping Computer

MARCH 7, 2023

The Sharp Panda cyber-espionage hacking group was observed targeting high-profile government entities in Vietnam, Thailand, and Indonesia, using a new version of the 'Soul' malware framework. [.

Malware 115

Malware Government Hacking 115

Dark Reading

MARCH 7, 2023

Flaw in Toyota's C360 customer relationship management tool exposed personal data of unknown number of customers in Mexico, a disclosure says.

110

110

CSO Magazine

MARCH 7, 2023

Security leaders are embracing zero trust, with the vast majority of organizations either implementing or planning to adopt the strategy. The 2022 State of Zero-Trust Security report found that 97% of those surveyed either have or plan to have a zero-trust initiative in place within 18 months. In fact, the percentage of organizations with zero trust already in place more than doubled in just one year, jumping from 24% in 2021 to 55% in the 2022 survey issued by identity and access management tec

Technology 110

Technology 110

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

IT Security Guru

MARCH 7, 2023

APIs are everywhere. They power the web applications that connect today’s digital world, and their use will only continue to grow as more organisations adopt digital transformation initiatives and shift towards cloud-based solutions. This API sprawl presents major security challenges for organisations. With these digital initiatives, cloud migration projects, and API-first application architectures, API development and usage has proliferated.

Cloud Migration 109

Cloud Migration Digital transformation Marketing Financial Services 109

Bleeping Computer

MARCH 7, 2023

Microsoft says the Excel spreadsheet software is now blocking untrusted XLL add-ins by default in Microsoft 365 tenants worldwide. [.

Software 108

Software 108

SecureBlitz

MARCH 7, 2023

Learn how to track Facebook messages in this post. Facebook Messenger Spy Apps are becoming increasingly popular as a way to monitor and protect children from potential risks associated with social media. These apps allow parents to keep an eye on their kids’ activities and conversations, while also providing them with the ability to take […] The post How To Track Facebook Messages With The Free Android Tracker appeared first on SecureBlitz Cybersecurity.

Media 105

Media Risk Cybersecurity 105

Bleeping Computer

MARCH 7, 2023

Taiwanese computer giant Acer confirmed that it suffered a data breach after threat actors hacked a server hosting private documents used by repair technicians. [.

Hacking 108

Hacking Data breaches 108

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

CSO Magazine

MARCH 7, 2023

Akamai on Tuesday launched Akamai Hunt, a visibility tool that uses the infrastructure of microsegmentation platform Guardicore to allow customers to identify and remediate threats and risks in their cloud environments. Akamai acquired Guardicore in October 2022 for about $600 million. Akamai Hunt combines Akamai’s historic data with Guardicore’s network segmentation and visualization capabilities to help identify and eliminate threats.

Risk 105

Risk 105

Heimadal Security

MARCH 7, 2023

Hospital Clinic de Barcelona, one of the main hospitals in the Spanish city, suffered a ransomware attack that crippled its computer system, causing 3,000 patient checkups and 150 non-urgent operations to be canceled. The incident occurred on Sunday, the 5th of March. All new urgent cases are currently transferred to other hospitals in the city, […] The post Hospital Clinic de Barcelona Suffered a Ransomware Attack appeared first on Heimdal Security Blog.

Ransomware 104

Ransomware Cybersecurity 104

CyberSecurity Insiders

MARCH 7, 2023

As soon as Tesla Chief Elon Musk took over the reins of Twitter in the October 2022, many users who weren’t happy with his takeover jumped to Mastodon, a Germany-based social media platform. The aversion was such that the user account based on the Germany social networking service increased from just 50,000 to 5,00,000 in a span of just 10 days. Now, information is out that someone appears to have launched a Distributed Denial of Service Attack (DDoS) on Mastodon.

DDOS 104

DDOS Marketing Accountability Media 104

The Hacker News

MARCH 7, 2023

Cybersecurity researchers have discovered a new information stealer dubbed SYS01stealer targeting critical government infrastructure employees, manufacturing companies, and other sectors. "The threat actors behind the campaign are targeting Facebook business accounts by using Google ads and fake Facebook profiles that promote things like games, adult content, and cracked software, etc.

Manufacturing 103

Manufacturing Government Accountability Software 103

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Bleeping Computer

MARCH 7, 2023

Nvidia has released a display driver hotfix to address recently reported high CPU usage and blue screen issues on Windows 10 and Windows 11 systems. [.

Technology 102

Technology 102

The Hacker News

MARCH 7, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is below - CVE-2022-35914 (CVSS score: 9.8) - Teclib GLPI Remote Code Execution Vulnerability CVE-2022-33891 (CVSS score: 8.

Cybersecurity 102

Cybersecurity 102

Dark Reading

MARCH 7, 2023

Attackers use phishing emails that appear to come from reputable organizations, dropping the payload using public cloud servers and an old Windows UAC bypass technique.

Spyware 101

Spyware Phishing 101

WIRED Threat Level

MARCH 7, 2023

Once praised for its generous social safety net, the country now collects troves of data on welfare claimants.

Surveillance 101

Surveillance 101

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

CSO Magazine

MARCH 7, 2023

Edge computing is fast becoming an essential part of our future technology capabilities. According to a recent report, the global edge computing market is expected to grow at a compound annual growth rate of 38.9% from 2022 to 2030, reaching nearly $156 billion by 2030. Everything from autonomous vehicles to medical technologies to smarter Internet of Things (IoT) devices and applications to intelligent manufacturing facilities relies on the low latency, high reliability, and scalability of edge

Manufacturing 99

Manufacturing IoT Marketing Technology 99

ZoneAlarm

MARCH 7, 2023

On March 6, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint warning to critical infrastructure groups worldwide regarding the dangers of Royal Ransomware. This state-sponsored hacking group has recently targeted high-profile healthcare organizations, including those in the United States, and has a particular interest in … The post FBI and CISA issue joint warning on Royal Ransomware appeared first on ZoneAlarm S

Ransomware 99

Ransomware Healthcare Hacking Cybersecurity 99

Security Affairs

MARCH 7, 2023

Researchers discovered a new info stealer dubbed SYS01 stealer targeting critical government infrastructure and manufacturing firms. Cybersecurity researchers from Morphisec discovered a new, advanced information stealer, dubbed SYS01 stealer, that since November 2022 was employed in attacks aimed at critical government infrastructure employees, manufacturing companies, and other sectors.

Government 98

Government Manufacturing Malware Social Engineering 98

Heimadal Security

MARCH 7, 2023

An ongoing campaign is targeting business routers using a new malware, the HiatusRAT router malware. The Hiatus campaign affects DrayTek Vigor router models 2960 and 3900. The hackers aim to steal data and transform the infected device into a covert proxy network. DrayTek Vigor are VPN routers largely used by small and medium-size companies. Details […] The post Find Out More About the New HiatusRAT Router Malware appeared first on Heimdal Security Blog.

Malware 98

Malware VPN Cybersecurity 98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!