Schneier on Security
NOVEMBER 13, 2023
Artificial intelligence will change so many aspects of society, largely in ways that we cannot conceive of yet. Democracy, and the systems of governance that surround it, will be no exception. In this short essay, I want to move beyond the “AI-generated disinformation” trope and speculate on some of the ways AI will change how democracy functions—in both large and small ways.
Tech Republic Security
NOVEMBER 13, 2023
Any company that is strategic could be targeted for the same kind of actions as this cyberattack. Follow these tips to mitigate your company’s risk to this cybersecurity threat.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
NOVEMBER 13, 2023
Netflix, Spotify, Twitter, PayPal, Slack. All down for millions of people. How a group of teen friends plunged into an underworld of cybercrime and broke the internet—then went to work for the FBI.
Security Affairs
NOVEMBER 13, 2023
North Korea-linked APT group Sapphire Sleet set up bogus skills assessment portals in attacks aimed at IT job seekers. The North Korea-linked APT group Sapphire Sleet (aka APT38 , BlueNoroff , CageyChameleon , and CryptoCore ) is considered a sub-group of the popular Lazarus APT group. The APT group’s campaigns focus on cryptocurrency exchanges, venture capital firms, and banks.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Dark Reading
NOVEMBER 13, 2023
A federal push to enforce cybersecurity requirements is holding public companies and government contractors accountable as a matter of law and for national security.
Security Affairs
NOVEMBER 13, 2023
The LockBit ransomware group published data allegedly stolen from the aerospace giant Boeing in a recent attack. The Boeing Company, commonly known as Boeing, is one of the world’s largest aerospace manufacturers and defense contractors. In 2022, Boeing recorded $66.61 billion in sales, the aerospace giant has 156,000 (2022). At the end of October, the Lockbit ransomware group added Boeing to the list of victims on its Tor leak site.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
NOVEMBER 13, 2023
CISA warned federal agencies today to secure Juniper devices on their networks by Friday against four vulnerabilities now used in remote code execution (RCE) attacks as part of a pre-auth exploit chain. [.
The Hacker News
NOVEMBER 13, 2023
The threat actors behind a new ransomware group called Hunters International have acquired the source code and infrastructure from the now-dismantled Hive operation to kick-start its own efforts in the threat landscape.
Bleeping Computer
NOVEMBER 13, 2023
The FBI and CISA revealed in a joint advisory that the Royal ransomware gang has breached the networks of at least 350 organizations worldwide since September 2022. [.
Trend Micro
NOVEMBER 13, 2023
This blog entry explores the effectiveness of ChatGPT's safety measures, the potential for AI technologies to be misused by criminal actors, and the limitations of current AI models.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
NOVEMBER 13, 2023
Five chip buyers are accusing Intel of failing to address security flaws in its CPUs that it has known about for five years, making the computers either open to the Downfall vulnerability disclosed in August or low-performing after applying a patch. The five filed a class-action lawsuit last week against the giant chipmaker, also accusing. The post Chip Buyers Sue Intel Over Downfall Vulnerability appeared first on Security Boulevard.
We Live Security
NOVEMBER 13, 2023
Through engaging hacking challenges and competitions, CTFs offer an excellent opportunity to test and enhance your security and problem-solving skills
Security Boulevard
NOVEMBER 13, 2023
An in-depth investigation of a new AI chatbot called Abrax666 advertised on cybercrime forums reveals multiple red flags suggesting it’s likely a scam. With a negative review after communication, no seller deposit, exaggerated capabilities claimed, and zero evidence of satisfied customers, we judge that Abrax666 has no credibility as a real product.
Thales Cloud Protection & Licensing
NOVEMBER 13, 2023
Defending Financial Services Against Fraud in a Shifting Cyber Landscape sparsh Tue, 11/14/2023 - 05:05 As we approach International Fraud Awareness Week during 12-18 November 2023, taking stock of the evolving threat landscape and the vulnerabilities that financial services organizations face is crucial. The security challenges faced by financial services organizations can never be understated.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Dark Reading
NOVEMBER 13, 2023
Hunters International appears to have acquired Hive ransomware from its original operators and may be seeking to cash in on the malware's reputation.
ZoneAlarm
NOVEMBER 13, 2023
OpenAI’s ChatGPT and associated APIs have faced significant service disruptions. This series of events, triggered by Distributed Denial-of-Service (DDoS) attacks, has raised critical questions about cybersecurity and the vulnerabilities of even the most sophisticated AI platforms. ChatGPT, a popular generative AI application, recently faced recurring outages impacting both its user interface and API services.
Dark Reading
NOVEMBER 13, 2023
Threat actors distributed an archive containing images of new products by major clothing companies, along with a malicious executable disguised with a PDF icon.
Bleeping Computer
NOVEMBER 13, 2023
Malicious actors have been abusing Ethereum's 'Create2' function to bypass wallet security alerts and poison cryptocurrency addresses, which led to stealing $60,000,000 worth of cryptocurrency from 99,000 people in six months. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Digital Guardian
NOVEMBER 13, 2023
When it comes to keeping sensitive information safe from intruders, file protection - safeguarding files from unauthorized access - is critical.
Bleeping Computer
NOVEMBER 13, 2023
The Criminal IP threat intelligence search engine by AI SPERA has recently integrated with Cisco SecureX/XDR, empowering organizations to stay ahead of malicious actors. Learn more about this integration from Criminal IP in this article. [.
Penetration Testing
NOVEMBER 13, 2023
VED-eBPF: Kernel Exploit and Rootkit Detection using eBPF VED (Vault Exploit Defense)-eBPF leverages eBPF (extended Berkeley Packet Filter) to implement runtime kernel security monitoring and exploit detection for Linux systems. Introduction eBPF is an... The post ved-ebpf: Kernel Exploit and Rootkit Detection using eBPF appeared first on Penetration Testing.
Dark Reading
NOVEMBER 13, 2023
SaaS applications are the new supply chain and, practically speaking, SaaS is the modern vendor. Here are three straightforward steps to manage this new vendor risk.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Penetration Testing
NOVEMBER 13, 2023
The PostgreSQL Global Development Group has released PostgreSQL 16.1, 15.5, 14.10, 13.13, 12.17, and 11.22, which include fixes for three security vulnerabilities. These vulnerabilities could have allowed attackers to take control of affected systems... The post CVE-2023-5869: Unpatched PostgreSQL Servers at Risk of Arbitrary Code Execution Attacks appeared first on Penetration Testing.
The Hacker News
NOVEMBER 13, 2023
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given a November 17, 2023, deadline for federal agencies and organizations to apply mitigations to secure against a number of security flaws in Juniper Junos OS that came to light in August.
SecureBlitz
NOVEMBER 13, 2023
In this post, I will reveal the Private Internet Access VPN Black Friday deal. Welcome, cyber guardians of SecureBlitz, to a cybersecurity revolution brought to you by Private Internet Access VPN's Black Friday deal extravaganza! As the premier source for cybersecurity insights, we are ecstatic to present you with an extended, information-packed journey into the […] The post Private Internet Access VPN Black Friday Deal 2023: Embark on a Cybersecurity Odyssey appeared first on SecureBlitz
Dark Reading
NOVEMBER 13, 2023
Complexity impedes the universal and consistent application of security policy, which is an obstacle to adequately securing government environments.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Penetration Testing
NOVEMBER 13, 2023
In an era where digital currencies are becoming the norm, the security of these digital assets and their associated data has never been more critical. The latest victim in a series of cyber-attacks targeting... The post Bitcoin ATM Company Coin Cloud Suffers Massive Data Breach, Exposing Personal Information of 300,000 Customers appeared first on Penetration Testing.
Dark Reading
NOVEMBER 13, 2023
Process failures are the root cause of most serious cybersecurity incidents. We need to treat security as a process issue, not try to solve it with a collection of tools.
InfoWorld on Security
NOVEMBER 13, 2023
Since the proliferation of large language models (LLMs), like OpenAI’s GPT-4 , Meta’s Llama 2 , and Google’s PaLM 2 , we have seen an explosion of generative AI applications in almost every industry, cybersecurity included. However, for a majority of LLM applications, privacy and data residency is a major concern that limits the applicability of these technologies.
Dark Reading
NOVEMBER 13, 2023
Details of a major cyberattack against Australia's shipping industry remain few and far between, but the economic impact is clear.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
293 
Let's personalize your content