Schneier on Security

APRIL 25, 2024

The web has become so interwoven with everyday life that it is easy to forget what an extraordinary accomplishment and treasure it is. In just a few decades, much of human knowledge has been collectively written up and made available to anyone with an internet connection. But all of this is coming to an end. The advent of AI threatens to destroy the complex online ecosystem that allows writers, artists, and other creators to reach human audiences.

Engineering 323

Engineering Internet Internet Artificial Intelligence 323

Tech Republic Security

APRIL 25, 2024

Researchers from the University of Illinois Urbana-Champaign found that OpenAI’s GPT-4 is able to exploit 87% of a list of vulnerabilities when provided with their NIST descriptions.

Artificial Intelligence 186

Artificial Intelligence 186

Javvad Malik

APRIL 25, 2024

I was taking a walk the other day and saw this pathway which is shared by two houses. The house on the right got their pressure washer and cleaned their half of the path. Part of me secretly admires the pettiness of this move. But the truth is that it is one path and just using one half is not practical. If it needs repair at any point, it’s a joint responsibility, you can’t just fix your bit and expect things to be fine… a bit like using the cloud or outsourcing work to a thir

113

113

Bleeping Computer

APRIL 25, 2024

Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access. [.

Accountability 136

Accountability 136

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Boulevard

APRIL 25, 2024

Developers in North America are more likely than their counterparts in other regions to see generative AI as a tool that can improve the security of the code they’re writing, according to a report by market research firm Evans Data Corp. The company’s most recent Global Development Survey found that 37.6% of programmers from North. The post N.A. Developers Optimistic About Generative AI and Code Security appeared first on Security Boulevard.

Marketing 129

Marketing Data privacy Software Cybersecurity 129

Bleeping Computer

APRIL 25, 2024

Security researchers have discovered a new Android banking trojan they named Brokewell that can capture every event on the device, from touches and information displayed to text input and the applications the user launches. [.

Banking 135

Banking Malware Mobile 135

Bleeping Computer

APRIL 25, 2024

Researchers have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2.5 million connections from unique IP addresses. [.

Malware 126

Malware 126

Security Boulevard

APRIL 25, 2024

The warning underscores the importance of a collaborative approach to AI security involving stakeholders across different domains, including data science and infrastructure. The post AI Adoption Prompts Security Advisory from NSA appeared first on Security Boulevard.

Risk 121

Risk Government 121

Security Affairs

APRIL 25, 2024

Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics layer engine. Google addressed four vulnerabilities in the Chrome web browser, including a critical vulnerability tracked as CVE-2024-4058. The vulnerability CVE-2024-4058 is a Type Confusion issue that resides in the ANGLE graphics layer engine.

Engineering 120

Engineering Hacking Information Security 120

Security Boulevard

APRIL 25, 2024

Healthcare ransomware incidents are far too common, but none have wreaked as much havoc as the recent Change Healthcare attack. Rick Pollack, President and CEO of the American Hospital Association stated that “the Change Healthcare cyberattack is the most significant and consequential incident of its kind against the U.S. healthcare system in history.

Healthcare 113

Healthcare Ransomware Cybersecurity 113

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Penetration Testing

APRIL 25, 2024

ThreatFabric has unveiled a sophisticated new Android malware strain named “Brokewell.” This potent threat combines extensive data theft capabilities with remote device control, allowing attackers to hijack infected phones for fraudulent financial transactions. The... The post Alert: “Brokewell” Malware – New Threat Targets Bank Users with Remote Device Takeover appeared first on Penetration Testing.

Banking 113

Banking Penetration Testing Malware 113

Security Affairs

APRIL 25, 2024

CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-20353 Cisco ASA and FTD Denial of Service Vulnerability CVE-2024-20359 Cisco ASA and FTD Privilege Escalation Vulnerability CVE-2024-4040 CrushFTP VFS Sandbox Escape Vulnerability Cisco Talos this week warned that the nati

VPN 111

VPN Software Firewall Authentication 111

Penetration Testing

APRIL 25, 2024

A significant vulnerability has been exposed in the widely-used Skylab IGX IIoT Gateway (CVE-2024-4163), allowing attackers to escalate their privileges and potentially take complete control of the affected devices. This flaw puts sensitive industrial... The post Skylab IGX IIoT Gateway Vulnerability (CVE-2024-4163): Root Access for Attackers appeared first on Penetration Testing.

Penetration Testing 112

Penetration Testing 112

Graham Cluley

APRIL 25, 2024

A wave of cheap, crude, amateurish ransomware has been spotted on the dark web - and although it may not make as many headlines as LockBit, Rhysida, and BlackSuit, it still presents a serious threat to organizations. Read more in my article on the Tripwire State of Security blog.

Small Business 107

Small Business Ransomware Malware 107

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Penetration Testing

APRIL 25, 2024

The release of public PoC exploit code targeting a maximum severity zero-day flaw in Cisco IOS XE (CVE-2023-20198) has dramatically amplified the risk landscape for countless organizations worldwide. Previously, only a few advanced attackers... The post Cisco Zero-Day Exploit Code Goes Public: Patch Now or Face Total System Takeover appeared first on Penetration Testing.

Penetration Testing 107

Penetration Testing Risk 107

Security Boulevard

APRIL 25, 2024

The RSA Conference 2024 will kick off on May 6. Known as the “Oscars of Cybersecurity,” the RSAC Innovation Sandbox has become a benchmark for innovation in the cybersecurity industry. Let’s focus on the new hotspots in cybersecurity and understand the new trends in security development. Today, let’s get to know Harmonic Security. Introduction of […] The post RSAC 2024 Innovation Sandbox | The Future Frontline: Harmonic Security’s Data Protection in the AI Era appeared first on NSFOCUS, Inc

Cyber Attacks 107

Cyber Attacks Cybersecurity 107

Security Affairs

APRIL 25, 2024

A ransomware attack on a Swedish logistics company Skanlog severely impacted the country’s liquor supply. Skanlog, a critical distributor for Systembolaget, the Swedish government-owned retail chain suffered a ransomware attack. Systembolaget has a monopoly on the sale of alcoholic beverages containing more than 3.5% alcohol by volume. It operates stores across Sweden and is responsible for the retail sale of wine, spirits, and strong beer.

Ransomware 107

Ransomware Retail Cyber Attacks Backups 107

Penetration Testing

APRIL 25, 2024

Recently, Zscaler ThreatLabz released its 2024 Phishing Report, revealing a disturbing evolution in phishing tactics fueled by generative AI technologies. This detailed analysis, based on over 2 billion phishing transactions in 2023, presents a... The post AI Powers a Phishing Frenzy – Zscaler Report Warns of Unprecedented Threat Wave appeared first on Penetration Testing.

Phishing 105

Phishing Penetration Testing Technology 105

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Tech Republic Security

APRIL 25, 2024

About 23% of security teams include women, ISC2 found in its Cybersecurity Workforce Study.

Cybersecurity 133

Cybersecurity 133

Penetration Testing

APRIL 25, 2024

SonicWall Capture Labs threat research team has recently uncovered sophisticated.NET managed code injection methods employed by the notorious AgentTesla malware, marking a significant advancement in malware delivery tactics. The detailed technical analysis provided... The post Hackers Employ Advanced Fileless Attack to Implant AgentTesla Malware appeared first on Penetration Testing.

Malware 104

Malware Penetration Testing Spyware 104

Bleeping Computer

APRIL 25, 2024

Reddit is investigating a major outage blocking users worldwide from accessing the social network's websites and mobile apps.

Mobile 122

Mobile Technology 122

We Live Security

APRIL 25, 2024

Python’s versatility and short learning curve are just two factors that explain the language’s firm 'grip' on cybersecurity.

Cybersecurity 119

Cybersecurity 119

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

APRIL 25, 2024

The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT.

Malware 112

Malware 112

Bleeping Computer

APRIL 25, 2024

The FBI has warned today that using unlicensed cryptocurrency transfer services can result in financial loss if these platforms are taken down by law enforcement. [.

Cryptocurrency 107

Cryptocurrency 107

The Hacker News

APRIL 25, 2024

The U.S. Department of Justice (DoJ) on Wednesday announced the arrest of two co-founders of a cryptocurrency mixer called Samourai and seized the service for allegedly facilitating over $2 billion in illegal transactions and for laundering more than $100 million in criminal proceeds.

Cryptocurrency 106

Cryptocurrency 106

Bleeping Computer

APRIL 25, 2024

The L.A. County's Department of Health Services, the second-largest public health care system in the United States, disclosed a data breach after patients' personal and health information was exposed in a data breach resulting from a recent phishing attack impacting over two dozen employees. [.

Phishing 101

Phishing Data breaches 101

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

APRIL 25, 2024

Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy.

Technology 103

Technology 103

Security Affairs

APRIL 25, 2024

The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer Samourai. The U.S. Department of Justice (DoJ) has arrested two co-founders of the cryptocurrency mixer Samourai and seized the service. The allegations include claims of facilitating over $2 billion in illicit transactions and laundering more than $100 million in criminal proceeds.

Cryptocurrency 91

Cryptocurrency Marketing Mobile Hacking 91

SecureWorld News

APRIL 25, 2024

North Korea's prolific state-sponsored hacking units are once again setting their sights on South Korea's defense and arms manufacturing sector. According to cybersecurity analysts, the notorious Lazarus Group, as well as other crews like Kimsuky and Andariel, have launched multiple cyberattacks over the past year targeting South Korean companies involved in military and weapons technology development.

Manufacturing 92

Manufacturing Technology Cyber Risk Risk 92

Penetration Testing

APRIL 25, 2024

A public-private partnership in the Netherlands has revealed critical information about a dangerous ransomware group dubbed Cactus that has been actively targeting Qlik Sense servers, a popular business intelligence tool. Through the combined expertise... The post Cactus Ransomware Targets Qlik Sense Servers appeared first on Penetration Testing.

Penetration Testing 87

Penetration Testing Ransomware Malware 87

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.