Schneier on Security
MARCH 4, 2024
Researchers have demonstrated a worm that spreads through prompt injection. Details : In one instance, the researchers, acting as attackers, wrote an email including the adversarial text prompt, which “poisons” the database of an email assistant using retrieval-augmented generation (RAG) , a way for LLMs to pull in extra data from outside its system.
The Last Watchdog
MARCH 4, 2024
Charities and nonprofits are particularly vulnerable to cybersecurity threats, primarily because they maintain personal and financial data, which are highly valuable to criminals. Related: Hackers target UK charities Here are six tips for establishing robust nonprofit cybersecurity measures to protect sensitive donor information and build a resilient organization.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
MARCH 4, 2024
A new report promotes preventing cyberattacks by using memory-safe languages and the development of software safety standards.
Bleeping Computer
MARCH 4, 2024
The hacking group known as TA577 has recently shifted tactics by using phishing emails to steal NT LAN Manager (NTLM) authentication hashes to perform account hijacks. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
MARCH 4, 2024
At just $6 per course, you could learn how to protect your personal information and business systems, or work toward a career in this high-paying industry.
Penetration Testing
MARCH 4, 2024
A severe security flaw (CVE-2023-6825) has been uncovered in the popular File Manager and File Manager Pro WordPress plugins. With over a million active installs, this vulnerability has the potential to cause widespread damage... The post CVE-2023-6825 (CVSS 9.9): Over a WordPress Million Sites Exposed by File Manager Flaw appeared first on Penetration Testing.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Penetration Testing
MARCH 4, 2024
FortiGuard Labs uncovered a threat actor leveraging a sophisticated attack to distribute the CHAVECLOAK banking Trojan. The attack begins with a malicious PDF, downloads a ZIP file, and employs DLL side-loading for malware execution.... The post Warning: CHAVECLOAK Trojan Targets Brazil, Steals Your Banking Credentials appeared first on Penetration Testing.
WIRED Threat Level
MARCH 4, 2024
The transaction, visible on Bitcoin's blockchain, suggests the victim of one of the worst ransomware attacks in years may have paid a very large ransom.
Security Boulevard
MARCH 4, 2024
Prompt injection attacks can deceive AI into interpreting the malicious input as a legitimate command or query. Here's how to stop them. The post 5 Ways to Prevent Prompt Injection Attacks appeared first on Security Boulevard.
Bleeping Computer
MARCH 4, 2024
The ALPHV/BlackCat ransomware gang has shut down its servers amid claims that they scammed the affiliate responsible for the attack on Optum, the operator of the Change Healthcare platform, of $22 million. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Hacker News
MARCH 4, 2024
As many as 100 malicious artificial intelligence (AI)/machine learning (ML) models have been discovered in the Hugging Face platform. These include instances where loading a pickle file leads to code execution, software supply chain security firm JFrog said.
Bleeping Computer
MARCH 4, 2024
American Express is warning customers that credit cards were exposed in a third-party data breach after one of its service providers was hacked. [.
Security Affairs
MARCH 4, 2024
The Main Intelligence Directorate (GUR) of Ukraine’s Ministry of Defense claims that it hacked the Russian Ministry of Defense. The Main Intelligence Directorate (GUR) of Ukraine’s Ministry of Defense announced it had breached the Russian Ministry of Defense servers as part of a special operation, and exfiltrated confidential documents. Stolen documents include: confidential documents, including orders and reports circulated among over 2000 structural units of the Russian military se
Bleeping Computer
MARCH 4, 2024
The Main Intelligence Directorate (GUR) of Ukraine's Ministry of Defense claims that it breached the servers of the Russian Ministry of Defense (Minoborony) and stole sensitive documents. [.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Penetration Testing
MARCH 4, 2024
When the Babuk ransomware group disbanded in 2021, it seemed like a minor victory in the ongoing battle against cybercrime. However, the leak of Babuk’s source code has become a breeding ground for new... The post RA World Ransomware: A Babuk Successor Targets Healthcare appeared first on Penetration Testing.
Security Boulevard
MARCH 4, 2024
Phobos, a complex ransomware-as-a-service (RaaS) operation that has been around for five years and is includes multiple variants, continues to target a range of critical infrastructure in the United States, including education, healthcare, and emergency services, according to federal agencies. The FBI and Cybersecurity and Infrastructure Security Agency (CISA) issued a warning with a list.
Penetration Testing
MARCH 4, 2024
TA577, a prolific cybercrime group responsible for past Qbot campaigns and associated with Black Basta ransomware attacks, is demonstrating an alarming shift in tactics. Proofpoint’s latest analysis reveals they’ve added large-scale NTLM credential theft... The post Notorious Threat Actor TA577 Evolves: Stealing Your Credentials, One Click at a Time appeared first on Penetration Testing.
Bleeping Computer
MARCH 4, 2024
American Express is warning customers that credit cards were exposed in a third-party data breach after a merchant processor was hacked. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Penetration Testing
MARCH 4, 2024
On Monday, Google unveiled a comprehensive update addressing a total of 38 vulnerabilities within the Android ecosystem, spotlighting a particularly critical bug (CVE-2024-0039) that could allow malicious actors to execute code remotely on a... The post CVE-2024-0039: Critical Android Remote Code Execution Vulnerability appeared first on Penetration Testing.
Security Boulevard
MARCH 4, 2024
Articles related to cyber risk quantification, cyber risk management, and cyber resilience. The post Cybersecurity’s “Shift Up” Moment With CRQ | Kovrr appeared first on Security Boulevard.
The Hacker News
MARCH 4, 2024
A new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to take control of affected systems. The flaws, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), have been addressed in version 2023.11.4. They impact all TeamCity On-Premises versions through 2023.11.3.
Bleeping Computer
MARCH 4, 2024
The National Intelligence Service (NIS) in South Korea warns that North Korean hackers target domestic semiconductor manufacturers in cyber espionage attacks. [.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Affairs
MARCH 4, 2024
American Express warns customers that their credit cards were exposed due to a data breach experienced by a third-party merchant processor. American Express (Amex) notifies customers that their credit card information has been compromised in a data breach involving a third-party merchant processor. The company did not disclose the number of impacted customers. “We became aware that a third party service provider engaged by numerous merchants experienced unauthorized access to its system.&#
Security Boulevard
MARCH 4, 2024
A recent successful cyberattack on a large technology provider for hospitals and pharmacies in the US has left patients unable to obtain their medication. This attack is a reminder that healthcare cyberattacks are not stopping, and a successful attack will… The post Prevention & Cure: Countermeasures Against Healthcare Cyberattacks appeared first on LogRhythm.
Security Affairs
MARCH 4, 2024
This is my interview with TRT International on the Meta dispute with EU consumer groups, which are calling on the bloc to sanction the company EU consumer groups are calling on the bloc to sanction the company Meta – which owns Facebook, Instagram and WhatsApp – for allegedly breaching privacy rules. Earlier this week, Meta announced it will set up a team to tackle disinformation and the abuse of generative AI in the run-up to the European Parliament elections – amid concerns a
Penetration Testing
MARCH 4, 2024
A severe security hole (CVE-2024-27497) in the Linksys E2000 router lets hackers waltz right into your network, potentially stealing sensitive data, compromising your devices, and using your connection for further malicious activity. Sadly, there’s... The post CVE-2024-27497: Replace Your Linksys E2000 Router Now appeared first on Penetration Testing.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Security Through Education
MARCH 4, 2024
Public speaking is something that many people struggle with. In fact, 75% of the population has a fear of public speaking. Just the mere mention of it may start to make your heart race, if it is a fear of yours! Truth be told, I most definitely fall into the 75% category. Don’t get me wrong, I enjoy talking to people! In fact, it is something I do almost every day as a Human Risk Analyst.
Penetration Testing
MARCH 4, 2024
EVILRDP – More control over RDP The evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line. Features Control the mouse... The post evilrdp: The Ultimate Tool for Elevated RDP Command Control appeared first on Penetration Testing.
Google Security
MARCH 4, 2024
Alex Rebert, Software Engineer, Christoph Kern, Principal Engineer, Security Foundations Google’s Project Zero reports that memory safety vulnerabilities —security defects caused by subtle coding errors related to how a program accesses memory—have been "the standard for attacking software for the last few decades and it’s still how attackers are having success".
Penetration Testing
MARCH 4, 2024
A recent security review of the DNF package manager, a core component of many Linux distributions, uncovered two critical vulnerabilities that could allow attackers to gain complete control of affected systems. These vulnerabilities, found... The post CVE-2024-1929 & 1930: Protect Your Linux System from Root Exploits and DoS Attacks appeared first on Penetration Testing.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
305 
Let's personalize your content