Schneier on Security
JANUARY 13, 2023
With the release of ChatGPT, I’ve read many random articles about this or that threat from the technology. This paper is a good survey of the field: what the threats are, how we might detect machine-generated text, directions for future research. It’s a solid grounding amongst all of the hype. Machine Generated Text: A Comprehensive Survey of Threat Models and Detection Methods.
Troy Hunt
JANUARY 13, 2023
Big week! So big, in fact, that I rushed into this week's update less prepared and made it a very casual one, which is just fine 😊 It's mostly password books and kitchen equipment this week, both topics which had far more engagement than I expected but made them all the more interesting. Next week I'll get back into the pattern of switching between last thing Friday and first thing Friday so it'll be my morning again on the 20th, see you then!
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Boulevard
JANUARY 13, 2023
Linanto’s popular web hosting control panel, CWP, has a nasty flaw. It’s easily exploitable—in fact, it’s being exploited RIGHT NOW. The post Yikes, Control Web Panel has Critical RCE — Patch NOW appeared first on Security Boulevard.
Bleeping Computer
JANUARY 13, 2023
Microsoft has addressed a false positive triggered by a buggy Microsoft Defender ASR rule that would delete application shortcuts from the desktop, the Start menu, and the taskbar and, in some cases, render existing shortcuts unusable as they couldn't be used to launch the linked apps. [.].
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
We Live Security
JANUARY 13, 2023
StrongPity's backdoor is fitted with various spying features and can record phone calls, collect texts, and gather call logs and contact lists. The post APT group trojanizes Telegram app – Week in security with Tony Anscombe appeared first on WeLiveSecurity.
Security Boulevard
JANUARY 13, 2023
Introduction The recent ManageEngine CVE-2022-47966 is a pre-authentication remote code execution vulnerability. Depending on the specific ManageEngine product, this vulnerability is exploitable if SAML single-sign-on is enabled or has ever been enabled. ManageEngine products are some of the most widely used across enterprises and perform business functions such as authentication, authorization, and identity management.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Hacker News
JANUARY 13, 2023
Tainted VPN installers are being used to deliver a piece of surveillanceware dubbed EyeSpy as part of a malware campaign that started in May 2022. It uses "components of SecondEye – a legitimate monitoring application – to spy on users of 20Speed VPN, an Iranian-based VPN service, via trojanized installers," Bitdefender said in an analysis.
CSO Magazine
JANUARY 13, 2023
The Royal ransomware group is believed to be actively exploiting a critical security flaw affecting Citrix systems, according to the cyber research team at cyber insurance provider At-Bay. Announced by Citrix on November 8, 2022, the vulnerability, identified as CVE-2022-27510 , allows for the potential bypass of authentication measures on two Citrix products: the Application Delivery Controller (ADC) and Gateway.
Security Boulevard
JANUARY 13, 2023
Robots have been infiltrating business and industry for decades, so it’s not surprising that AI and connected technologies like streaming video are now being enlisted to perform many of the security tasks currently handled by humans. The global security robots market “was valued at USD 27.32 billion in 2021 and is expected to surpass $116.44 billion.
Dark Reading
JANUARY 13, 2023
Rhadamanthys spreads through Google Ads that redirect to bogus download sites for popular workforce software — as well as through more typical malicious emails.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Boulevard
JANUARY 13, 2023
Security teams struggle to keep pace with data proliferation across their cloud environments. The cloud provides obvious business advantages, but the sheer volume of data moving to the cloud, the lack of visibility and the use of multiple cloud service providers all increase the threat surface exponentially. In this rush to the cloud, enterprises have.
Dark Reading
JANUARY 13, 2023
The bargain T95 Android TV device was delivered with preinstalled malware, adding to a trend of Droid devices coming out-of-the-box tainted.
Security Boulevard
JANUARY 13, 2023
Application security was frequently neglected during the software development process. Testing typically wasn’t done until the very end. Unfortunately, when vulnerabilities were found at that point, engineers were forced to start over and rebuild a huge amount of code. This is changing as more businesses use the DevOps development technique to produce better software more […].
Dark Reading
JANUARY 13, 2023
Password manager accounts may have, ironically, been compromised via simple credential stuffing, thanks to password reuse.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Bleeping Computer
JANUARY 13, 2023
Three popular WordPress plugins with tens of thousands of active installations are vulnerable to high-severity or critical SQL injection vulnerabilities, with proof-of-concept exploits now publicly available. [.].
CyberSecurity Insiders
JANUARY 13, 2023
Microsoft, the technology giant of America, has achieved a new milestone in Artificial Intelligence by introducing a voice mimicking AI tool dubbed ‘Vall-E’. The tool has enough potential to copy a voice within 3 seconds and can easily create an audio content by using the same voice. Thus, like deep fake technology, where a face can be pasted onto a subject’s face in a video, Vall-E can also imitate and interpret a human voice.
Bleeping Computer
JANUARY 13, 2023
Gen Digital, formerly Symantec Corporation and NortonLifeLock, is sending data breach notifications to customers, informing them that hackers have successfully breached Norton Password Manager accounts in credential-stuffing attacks. [.].
CSO Magazine
JANUARY 13, 2023
In December network security vendor Fortinet disclosed that a critical vulnerability in its FortiOS operating system was being exploited by attackers in the wild. This week, after additional analysis, the company released more details about a sophisticated malware implant that those attackers deployed through the flaw. Based on currently available information, the original zero-day attack was highly targeted to government-related entities.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
SecureWorld News
JANUARY 13, 2023
It shouldn't come as a surprise to many, but i llicit cryptocurrency transactions hit an all-time high in 2022, totaling $20.1 billion, according to a report by Chainalysis. Despite the massive downturn for crypto in 2022, illicit transaction volume rose for a second year in a row. Chainalysis notes that the $20.1 billion number is a "lower bound estimate," meaning the number is much higher in reality.
Zero Day
JANUARY 13, 2023
Your Twitter user data may now be out there too, including your phone number. Here's how to check and what you can do about it.
Heimadal Security
JANUARY 13, 2023
A cyberattack on Royal Mail, the UK’s largest mail delivery service, has been linked to LockBit ransomware. The Royal Mail announced yesterday that it has been experiencing severe disruption to international export services as a result of a cyber incident. Royal Mail did not provide details about the cyberattack but said it works with external […].
The Hacker News
JANUARY 13, 2023
Popular short-form video hosting service TikTok has been fined €5 million (about $5.4 million) by the French data protection watchdog for breaking cookie consent rules, making it the latest platform to face similar penalties after Amazon, Google, Meta, and Microsoft since 2020. "Users of 'tiktok[.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Heimadal Security
JANUARY 13, 2023
Last time, we got to know better what network segmentation means. We defined the concept, found out how it works, how to use it and what benefits its implementation can bring to your organization. You can check out the first article I wrote about network segmentation, but you’re probably here because you decided to give […]. The post Network Segmentation: Best Practices To Follow When Implementing appeared first on Heimdal Security Blog.
The Hacker News
JANUARY 13, 2023
Remote access trojans such as StrRAT and Ratty are being distributed as a combination of polyglot and malicious Java archive (JAR) files, once again highlighting how threat actors are continuously finding new ways to fly under the radar.
Security Affairs
JANUARY 13, 2023
Gen Digital, formerly Symantec Corporation and NortonLifeLock, warns that hackers breached Norton Password Manager accounts. Gen Digital, formerly Symantec Corporation and NortonLifeLock, informed its customers that threat actors have breached Norton Password Manager accounts in credential-stuffing attacks. The company detected an unusually large volume of failed logins to customer accounts on December 12, 2022, and launched an investigation to determine what has happened. “We quickly took
The Hacker News
JANUARY 13, 2023
Cisco has warned of two security vulnerabilities affecting end-of-life (EoL) Small Business RV016, RV042, RV042G, and RV082 routers that it said will not be fixed, even as it acknowledged the public availability of proof-of-concept (PoC) exploit.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
JANUARY 13, 2023
The cyberattack on Royal Mail, Britain’s postal service, is a ransomware attack that was linked to the LockBit ransomware operation. Royal Mail, the British multinational postal service and courier company, this week announced that a “cyber incident” has a severe impact on its operation. The incident only impacted Royal Mail’s international export services, the company said it is temporarily unable to despatch items to overseas destinations.
Heimadal Security
JANUARY 13, 2023
A system administrator discovered that the Android TV box bought from Amazon had pre-installed malware. According to him, the box was reaching out to a whole list of active malware addresses. Daniel Milisic is the person who found the malware and announced it on GitHub. He also wrote a script and instructions to assist users […]. The post T95 Android TV Box Delivered to Customer with Pre-Installed Malware appeared first on Heimdal Security Blog.
Malwarebytes
JANUARY 13, 2023
It's bad news for the US Department of the Interior—a Government watchdog’s security audit has revealed its passwords are simply not up to the job of warding off cracking attempts. The audit's wordy title was not kind: P@s$w0rds at the U.S. Department of the Interior: Easily Cracked Passwords, Lack of Multifactor Authentication, and Other Failures Put Critical DOI Systems at Risk.
Heimadal Security
JANUARY 13, 2023
Several crypto scams linked call centers that were functioning in multiple European countries were discovered and closed this week by Europol. Cybercriminals used these call centers to convince individuals to invest money in the “Pig Butchering” cryptocurrency scams. The cross-border investigation involved law enforcement from Bulgaria, Cyprus, Germany, and Serbia and started in June 2022. […].
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
335 
Let's personalize your content