Schneier on Security

MARCH 7, 2023

This is a good survey on prompt injection attacks on large language models (like ChatGPT). Abstract: We are currently witnessing dramatic advances in the capabilities of Large Language Models (LLMs). They are already being adopted in practice and integrated into many systems, including integrated development environments (IDEs) and search engines. The functionalities of current LLMs can be modulated via natural language prompts, while their exact internal functionality remains implicit and unass

Engineering 243

Engineering 243

Krebs on Security

MARCH 7, 2023

The domain name registrar Freenom , whose free domain names have long been a draw for spammers and phishers, has stopped allowing new domain name registrations. The move comes just days after the Dutch registrar was sued by Meta , which alleges the company ignores abuse complaints about phishing websites while monetizing traffic to those abusive domains.

Phishing 238

Phishing Media Internet Internet 238

Tech Republic Security

MARCH 7, 2023

CrowdStrike’s new threat report sees a big increase in data theft activity, as attackers move away from ransomware and other malware attacks, as defense gets better, and the value of data increases. The post CrowdStrike: Attackers focusing on cloud exploits, data theft appeared first on TechRepublic.

Threat Reports 165

Threat Reports Ransomware Malware Cybersecurity 165

Dark Reading

MARCH 7, 2023

More than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information.

144

144

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

MARCH 7, 2023

The Emotet malware operation is again spamming malicious emails as of Tuesday morning after a three-month break, rebuilding its network and infecting devices worldwide. [.

Malware 133

Malware 133

Security Boulevard

MARCH 7, 2023

The sudden mainstreaming of chatbots and generative AI like ChatGPT has a lot of people worried. They believe this is the AI technology that will replace them. Fortunately, that’s not actually the case. The more likely scenario is that humans will partner with AI to create a hybrid model of job roles. And this is. The post Hybrid Systems: AI and Humans Need Each Other for Effective Cybersecurity appeared first on Security Boulevard.

Cybersecurity 131

Cybersecurity Technology Mobile Malware 131

Security Boulevard

MARCH 7, 2023

Online password managers are meant to help users keep track of the long and complex. The post What the LastPass Hack Says About Modern Cybersecurity appeared first on Axiad. The post What the LastPass Hack Says About Modern Cybersecurity appeared first on Security Boulevard.

Hacking 126

Hacking Cybersecurity Password Management Passwords 126

We Live Security

MARCH 7, 2023

ESET researchers analyze a cyberespionage campaign that distributes CapraRAT backdoors through trojanized and supposedly secure Android messaging apps – but also exfiltrates sensitive information The post Love scam or espionage?

Scams 131

Scams 131

Dark Reading

MARCH 7, 2023

An Acer statement confirms that a document server for repair techs was compromised, but says customer data doesn't appear to be part of the leak.

131

131

Tech Republic Security

MARCH 7, 2023

The Security Incident Response Policy, from TechRepublic Premium, describes the organization’s process for minimizing and mitigating the results of an information technology security-related incident. From the policy: Whenever a user of an organization-provided computer, device, system, network application, cloud service or platform experiences a suspected technology-related security incident, the individual must immediately notify the IT.

Technology 104

Technology 104

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

MARCH 7, 2023

New Threats Emerging The introduction of ChatGPT last year marked the first time neural network code synthesis was made freely available to the masses. This powerful and versatile tool can be used for everything from answering simple questions to instantly composing written works to developing original software programs, including malware — the latter of which introduces the potential for a dangerous new breed of cyber threats.

Malware 113

Malware Artificial Intelligence Social Engineering Architecture 113

Bleeping Computer

MARCH 7, 2023

Taiwanese computer giant Acer confirmed that it suffered a data breach after threat actors hacked a server hosting private documents used by repair technicians. [.

Hacking 115

Hacking Data breaches 115

CSO Magazine

MARCH 7, 2023

Security leaders are embracing zero trust, with the vast majority of organizations either implementing or planning to adopt the strategy. The 2022 State of Zero-Trust Security report found that 97% of those surveyed either have or plan to have a zero-trust initiative in place within 18 months. In fact, the percentage of organizations with zero trust already in place more than doubled in just one year, jumping from 24% in 2021 to 55% in the 2022 survey issued by identity and access management tec

Technology 110

Technology 110

CyberSecurity Insiders

MARCH 7, 2023

It’s obvious that all of us would love to have access to the social media accounts of our loved ones in the event of their death. As this allows to know the life of the bereaved and how they spent or what they desired before misfortune struck them. However, many do not know on whom to contact or what to follow in order to extract the login details of the online account that was used by the loved ones.

Accountability 106

Accountability Banking Media Government 106

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

CSO Magazine

MARCH 7, 2023

Akamai on Tuesday launched Akamai Hunt, a visibility tool that uses the infrastructure of microsegmentation platform Guardicore to allow customers to identify and remediate threats and risks in their cloud environments. Akamai acquired Guardicore in October 2022 for about $600 million. Akamai Hunt combines Akamai’s historic data with Guardicore’s network segmentation and visualization capabilities to help identify and eliminate threats.

Risk 105

Risk 105

CyberSecurity Insiders

MARCH 7, 2023

As soon as Tesla Chief Elon Musk took over the reins of Twitter in the October 2022, many users who weren’t happy with his takeover jumped to Mastodon, a Germany-based social media platform. The aversion was such that the user account based on the Germany social networking service increased from just 50,000 to 5,00,000 in a span of just 10 days. Now, information is out that someone appears to have launched a Distributed Denial of Service Attack (DDoS) on Mastodon.

DDOS 104

DDOS Marketing Accountability Media 104

Bleeping Computer

MARCH 7, 2023

Microsoft says the Excel spreadsheet software is now blocking untrusted XLL add-ins by default in Microsoft 365 tenants worldwide. [.

Software 120

Software 120

CSO Magazine

MARCH 7, 2023

Edge computing is fast becoming an essential part of our future technology capabilities. According to a recent report, the global edge computing market is expected to grow at a compound annual growth rate of 38.9% from 2022 to 2030, reaching nearly $156 billion by 2030. Everything from autonomous vehicles to medical technologies to smarter Internet of Things (IoT) devices and applications to intelligent manufacturing facilities relies on the low latency, high reliability, and scalability of edge

Manufacturing 99

Manufacturing IoT Marketing Technology 99

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Naked Security

MARCH 7, 2023

Security bugs in the very code you've been told you must have to improve the security of your computer.

Risk 131

Risk 131

Bleeping Computer

MARCH 7, 2023

Google has released March 2023 security updates for Android, fixing a total of 60 flaws, and among them, two critical-severity remote code execution (RCE) vulnerabilities impacting Android Systems running versions 11, 12, and 13. [.

Mobile 99

Mobile 99

Dark Reading

MARCH 7, 2023

Attackers use phishing emails that appear to come from reputable organizations, dropping the payload using public cloud servers and an old Windows UAC bypass technique.

Spyware 101

Spyware Phishing 101

ZoneAlarm

MARCH 7, 2023

On March 6, 2023, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued a joint warning to critical infrastructure groups worldwide regarding the dangers of Royal Ransomware. This state-sponsored hacking group has recently targeted high-profile healthcare organizations, including those in the United States, and has a particular interest in … The post FBI and CISA issue joint warning on Royal Ransomware appeared first on ZoneAlarm S

Ransomware 98

Ransomware Healthcare Hacking Cybersecurity 98

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Dark Reading

MARCH 7, 2023

Flaw in Toyota's C360 customer relationship management tool exposed personal data of unknown number of customers in Mexico, a disclosure says.

110

110

Security Affairs

MARCH 7, 2023

Security researcher released a proof-of-concept exploit code for a critical flaw, tracked as CVE-2023-21716, in Microsoft Word. Security researcher Joshua Drake released a proof-of-concept for a critical vulnerability, tracked as CVE-2023-21716 (CVSS score 9.8 out of 10), in Microsoft Word. The vulnerability can be exploited by a remote attacker to execute arbitrary code on a system running the vulnerable software.

Hacking 97

Hacking Software Information Security 97

Security Boulevard

MARCH 7, 2023

Akamai Technologies today extended the reach of its microsegmentation platform by adding support for an agentless approach to secure internet-of-things (IoT) and operational technology (OT) devices. In addition, the company is launching an Akamai Hunt security service that leverages the Akamai Guardicore Segmentation platform to surface cybersecurity threats.

IoT 96

IoT Technology Internet Internet 96

Security Affairs

MARCH 7, 2023

The LastPass data breach was caused by the failure to update Plex on the home computer of one of the company updates. The security breach suffered by LastPass was caused by the failure to update Plex on the home computer of one of its engineers. Recently, the password management software firm disclosed a “second attack,” a threat actor used data stolen from the August security breach and combined it with information available from a third-party data breach.

Software 97

Software Hacking Data breaches Media 97

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

CSO Magazine

MARCH 7, 2023

By Microsoft Security Distributed denial-of-service (DDoS) attacks represent a significant threat for enterprise businesses. They start when an individual device (bot) or network of devices (botnet) is infected with malware. From there, the bot or botnet will flood websites or services with high volumes of traffic in an attack that can last anywhere from hours to days.

DDOS 96

DDOS Malware 96

Bleeping Computer

MARCH 7, 2023

Nvidia has released a display driver hotfix to address recently reported high CPU usage and blue screen issues on Windows 10 and Windows 11 systems. [.

Technology 102

Technology 102

CSO Magazine

MARCH 7, 2023

Over the past year, a group of attackers has targeted Facebook business account owners by spreading information stealing malware through malicious Google ads or fake Facebook profiles. The infection chain uses DLL sideloading via legitimate apps, as well as self-contained executable files written in various programming languages such as Rust, Python, and PHP.

Accountability 95

Accountability Manufacturing Government Malware 95

The Hacker News

MARCH 7, 2023

Cybersecurity researchers have discovered a new information stealer dubbed SYS01stealer targeting critical government infrastructure employees, manufacturing companies, and other sectors. "The threat actors behind the campaign are targeting Facebook business accounts by using Google ads and fake Facebook profiles that promote things like games, adult content, and cracked software, etc.

Manufacturing 93

Manufacturing Government Accountability Software 93

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.