Jailbreaking LLMs with ASCII Art
Schneier on Security
MARCH 12, 2024
Researchers have demonstrated that putting words in ASCII art can cause LLMs—GPT-3.5, GPT-4 , Gemini, Claude, and Llama2—to ignore their safety instructions. Research paper.
Tue.Mar 12, 2024
281 
Welcoming the Liechtenstein Government to Have I Been Pwned
Troy Hunt
MARCH 12, 2024
Over the last 6 years, we've been very happy to welcome dozens of national governments to have unhindered access to their domains in Have I Been Pwned , free from cost and manual verification barriers. Today, we're happy to welcome Liechtenstein's National Cyber Security Unit who now have full access to their government domains. We provide this support to governments to help those tasked with protecting their national interests understand more about the threats posed by data breac
Join 29,000+
Insiders
Sign Up for our Newsletter
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Beyond Pleasantries: Understanding Kindness vs. Niceness
Jane Frankland
MARCH 12, 2024
In the tapestry of human interactions, the words ‘kind’ and ‘nice’ are often woven together so tightly that their distinct threads seem indistinguishable. On the surface, both suggest a pleasantness, a quality of being agreeable or gentle in nature. But is there more to it? Could these two seemingly synonymous words actually spell out different narratives in the screenplay of our lives?
VCURMS: New Java RATs Unleashed in Sophisticated Phishing Scheme
Penetration Testing
MARCH 12, 2024
A recently uncovered phishing campaign demonstrates a concerning level of sophistication in its efforts to infiltrate systems and deploy an array of powerful Remote Access Trojans (RATs). Security researchers at FortiGuard Labs have discovered... The post VCURMS: New Java RATs Unleashed in Sophisticated Phishing Scheme appeared first on Penetration Testing.
The Importance of User Roles and Permissions in Cybersecurity Software
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tor’s new WebTunnel bridges mimic HTTPS traffic to evade censorship
Bleeping Computer
MARCH 12, 2024
The Tor Project officially introduced WebTunnel, a new bridge type specifically designed to help bypass censorship targeting the Tor network by hiding connections in plain sight. [.
Information Security Policy
Tech Republic Security
MARCH 12, 2024
Information is the lifeblood of the business. Without it, employees can’t work, customers can’t interact with the business, bills can’t be paid and profits can’t be earned. Any given technological environment is useless if its main purpose for existence — the processing and sharing of information — is threatened or eliminated.
Sign up to get articles personalized to your interests!
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
More Trending
Fortinet Issues Urgent Security Patches for Critical Vulnerabilities
Penetration Testing
MARCH 12, 2024
Fortinet, a leading cybersecurity firm, has released five security advisories addressing six major vulnerabilities affecting its popular FortiOS, FortiProxy, and FortiClientEMS products. These vulnerabilities have high severity ratings and require immediate attention from administrators... The post Fortinet Issues Urgent Security Patches for Critical Vulnerabilities appeared first on Penetration Testing.
Tweaks Stealer Targets Roblox Users Through YouTube and Discord
Security Boulevard
MARCH 12, 2024
IntroductionZscaler’s ThreatLabz recently discovered a new campaign distributing an infostealer called Tweaks (aka Tweaker) that targets Roblox users. Attackers are exploiting popular platforms, like YouTube and Discord, to distribute Tweaks to Roblox users, capitalizing on the ability of legitimate platforms to evade detection by web filter block lists that typically block known malicious servers.
Equipment Reassignment Checklist
Tech Republic Security
MARCH 12, 2024
The reassignment of existing equipment takes place when employees leave the organization or receive new computers, mobile devices, printers and other assets. It is essential to follow strict guidelines for equipment reassignment so that company investments, data and privacy are protected. The following checklist, written by Scott Matteson for TechRepublic Premium, will help ensure that.
Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs
Bleeping Computer
MARCH 12, 2024
Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws. [.
IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
No More Patches: D-Link DIR-822 Vulnerable to Remote Takeovers (CVE-2024-25331)
Penetration Testing
MARCH 12, 2024
Security researchers Quynh Le and Eng De Sheng from Ensign InfoSecurity Labs have uncovered a major security flaw (CVE-2024-25331) in the popular D-Link DIR-822 router. This vulnerability leaves the door wide open for unauthenticated... The post No More Patches: D-Link DIR-822 Vulnerable to Remote Takeovers (CVE-2024-25331) appeared first on Penetration Testing.
Windows KB5035849 update failing to install with 0xd000034 errors
Bleeping Computer
MARCH 12, 2024
The KB5035849 cumulative update released during today's Patch Tuesday fails to install on Windows 10 and Windows Server systems with 0xd0000034 errors. [.
Microsoft Patch Tuesday security updates for March 2024 fixed 59 flaws
Security Affairs
MARCH 12, 2024
Microsoft Patch Tuesday security updates for March 2024 addressed 59 security vulnerabilities in its products, including RCE flaws. Microsoft released Patch Tuesday security updates for March 2023 that address 59 security vulnerabilities in its products. The IT giant addressed vulnerabilities in Microsoft Windows and Windows Components; Office and Office Components; Azure; NET Framework and Visual Studio; SQL Server; Windows Hyper-V; Skype; Microsoft Components for Android; and Microsoft Dynamic
Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws
The Hacker News
MARCH 12, 2024
Microsoft on Tuesday released its monthly security update, addressing 61 different security flaws spanning its software, including two critical issues impacting Windows Hyper-V that could lead to denial-of-service (DoS) and remote code execution. Of the 61 vulnerabilities, two are rated Critical, 58 are rated Important, and one is rated Low in severity.
Cybersecurity Predictions for 2024
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign
Trend Micro
MARCH 12, 2024
In addition to our Water Hydra APT zero day analysis, the Zero Day Initiative (ZDI) observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412.
Broadcom Merging Carbon Black, Symantec to Create Security Unit
Security Boulevard
MARCH 12, 2024
Carbon Black’s uncertain future following the closing of Broadcom’s $69 billion acquisition of VMware in November is now settled, with the security software business merging with Symantec to form Broadcom’s new Enterprise Security Group. Broadcom will make “significant investments in both brands” and offer both Carbon Black and Symantec product portfolios through the new business.
Acer confirms Philippines employee data leaked on hacking forum
Bleeping Computer
MARCH 12, 2024
Acer Philippines confirmed that employee data was stolen in an attack on a third-party vendor who manages the company's employee attendance data after a threat actor leaked the data on a hacking forum. [.
FakeBat delivered via several active malvertising campaigns
Malwarebytes
MARCH 12, 2024
February was a particularly busy month for search-based malvertising with the number of incidents we documented almost doubling. We saw similar payloads being dropped but also a few new ones that were particularly good at evading detection. One malware family we have been tracking on this blog is FakeBat. It is very unique in that the threat actor uses MSIX installers packaged with heavily obfuscated PowerShell code.
Beware of Pixels & Trackers on U.S. Healthcare Websites
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
SAP Security Patch Day: CVE-2024-22127 – Critical Vulnerability Demand Immediate Action
Penetration Testing
MARCH 12, 2024
Enterprise software leader SAP released a critical set of patches as part of its March 2024 Security Patch Day, addressing multiple severe vulnerabilities within its widely used product suite. Topping the list are three... The post SAP Security Patch Day: CVE-2024-22127 – Critical Vulnerability Demand Immediate Action appeared first on Penetration Testing.
Alert: FBI Warns Of BlackCat Ransomware Healthcare Attack
Security Boulevard
MARCH 12, 2024
In recent months, a concerning trend has emerged within the healthcare sector: the resurgence of BlackCat ransomware attacks. The BlackCat ransomware healthcare attack has prompted a joint advisory from the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS), warning healthcare organizations about […] The post Alert: FBI Warns Of BlackCat Ransomware Healthcare Attack appeared first on TuxCare.
Brave: Sharp increase in installs after iOS DMA update in EU
Bleeping Computer
MARCH 12, 2024
Brave has seen a sharp increase in users installing its privacy-focused Brave Browser on iPhones after Apple introduced changes to adhere to the new European Digital Markets Act. [.
Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites
The Hacker News
MARCH 12, 2024
A new malware campaign is leveraging a high-severity security flaw in the Popup Builder plugin for WordPress to inject malicious JavaScript code. According to Sucuri, the campaign has infected more than 3,900 sites over the past three weeks.
5 Key Findings From the 2023 FBI Internet Crime Report
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Google paid $10 million in bug bounty rewards last year
Bleeping Computer
MARCH 12, 2024
Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. [.
GhostRace (CVE-2024-2193): Processor Flaws Enable Kernel Attacks
Penetration Testing
MARCH 12, 2024
Researchers from Vrije Universiteit Amsterdam and IBM Research Europe have uncovered a new security vulnerability dubbed “GhostRace” (CVE-2024-2193) that exposes a critical flaw in the foundational elements of operating system security: synchronization primitives. This... The post GhostRace (CVE-2024-2193): Processor Flaws Enable Kernel Attacks appeared first on Penetration Testing.
First-ever South Korean national detained for espionage in Russia
Security Affairs
MARCH 12, 2024
Russian authorities have detained a South Korean national on cyber espionage charges, it is the first time for a Korean citizen. Russian authorities have arrested a South Korean citizen on charges of cyber espionage, marking the first instance involving a Korean national. “During the investigation of an espionage case, a South Korean citizen Baek Won-soon was identified and detained in Vladivostok, and put into custody under a court order.
Stanford: Data of 27,000 people stolen in September ransomware attack
Bleeping Computer
MARCH 12, 2024
Stanford University says the personal information of 27,000 individuals was stolen in a ransomware attack impacting its Department of Public Safety (SUDPS) network. [.
Software Composition Analysis: The New Armor for Your Cybersecurity
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Insurance scams via QR codes: how to recognise and defend yourself
Security Affairs
MARCH 12, 2024
Threat actors can abuse QR codes to carry out sophisticated scams, as reported by the Italian Postal Police in its recent alert. As is well known, QR codes are two-dimensional barcodes that can be read with a smartphone or other hand-held device. They are widely used to access information, services, or online payments quickly and conveniently. However, they can also hide scams, as denounced by the Italian Postal Police in its recent alert.
CVE-2024-22039 (CVSS 10): Siemens Fire Protection Systems Vulnerable to Remote Attacks
Penetration Testing
MARCH 12, 2024
A serious security alert from Siemens ProductCERT reveals that multiple products within their widely used Sinteso EN and Cerberus PRO EN fire protection systems harbor critical vulnerabilities. These flaws could be exploited by attackers... The post CVE-2024-22039 (CVSS 10): Siemens Fire Protection Systems Vulnerable to Remote Attacks appeared first on Penetration Testing.
Patch Tuesday Update – March 2024
Security Boulevard
MARCH 12, 2024
The post Patch Tuesday Update - March 2024 appeared first on Digital Defense. The post Patch Tuesday Update – March 2024 appeared first on Security Boulevard.
Windows 10 KB5035845 update released with 9 new changes, fixes
Bleeping Computer
MARCH 12, 2024
Microsoft has released the KB5035845 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes nine new changes and fixes. [.
From Complexity to Clarity: Strategies for Effective Compliance and Security Measures
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Let's personalize your content