Thu.Feb 22, 2024

article thumbnail

New Image/Video Prompt Injection Attacks

Schneier on Security

Simon Willison has been playing with the video processing capabilities of the new Gemini Pro 1.5 model from Google, and it’s really impressive. Which means a lot of scary new video prompt injection attacks. And remember, given the current state of technology, prompt injection attacks are impossible to prevent in general.

article thumbnail

5 Best Free Password Managers for 2024

Tech Republic Security

Discover the top free password managers for securely storing and managing your passwords. Learn about their features, benefits and choose the best one for your needs.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

FTC to ban Avast from selling browsing data for advertising purposes

Bleeping Computer

The U.S. Federal Trade Commission (FTC) will order Avast to pay $16.5 million and ban the company from selling the users' web browsing data or licensing it for advertising purposes. [.

article thumbnail

6 Best Open Source IAM Tools in 2024

Tech Republic Security

Explore the top open source IAM (Identity and Access Management) tools, their features and how they can enhance your organization's security and access control.

174
174
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

PRC State Hacking: ‘Chinese Edward Snowden’ Spills I?Soon Secrets in Huge Dump of TTPs

Security Boulevard

Underpaid, overworked and angry: Whistleblower in hacker contractor firm for Chinese government blows lid off tactics, techniques and procedures. The post PRC State Hacking: ‘Chinese Edward Snowden’ Spills I‑Soon Secrets in Huge Dump of TTPs appeared first on Security Boulevard.

Hacking 136
article thumbnail

Tenable: Cyber Security Pros Should Worry About State-Sponsored Cyber Attacks

Tech Republic Security

The outing of China-backed threat actor Volt Typhoon and Microsoft’s compromise by Russia-backed Midnight Blizzard provide important cyber security strategy lessons for Australia, says Tenable.

More Trending

article thumbnail

ISC2 Research: Most Cybersecurity Professionals Expect AI to Impact Their Jobs

Tech Republic Security

Deepfakes are at the top of the list of the concerns in the ISC2 AI survey, which polled cybersecurity professionals on the real-world impact of AI. Gen AI regulation is another top-of-mind subject.

article thumbnail

LockBit ransomware secretly building next-gen encryptor before takedown

Bleeping Computer

LockBit ransomware developers were secretly building a new version of their file encrypting malware, dubbed LockBit-NG-Dev - likely a future LockBit 4.0, when law enforcement took down the cybercriminal's infrastructure earlier this week. [.

article thumbnail

Checklist: Network and Systems Security

Tech Republic Security

Cybersecurity demands and the stakes of failing to properly secure systems and networks are high. While every organization’s specific security needs form a unique and complex blend of interconnected requirements, numerous security fundamentals almost always apply to each of these groups. It stands to reason that cybersecurity pros who effectively identify network and systems risks.

Risk 129
article thumbnail

Cybercriminals Weaponizing Open-Source SSH-Snake Tool for Network Attacks

The Hacker News

A recently open-sourced network mapping tool called SSH-Snake has been repurposed by threat actors to conduct malicious activities. "SSH-Snake is a self-modifying worm that leverages SSH credentials discovered on a compromised system to start spreading itself throughout the network," Sysdig researcher Miguel Hernández said.

132
132
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Develop Advanced Cybersecurity Skills for Just $80

Tech Republic Security

If you’re ready to start moving up to higher positions in the lucrative cybersecurity field, this e-learning bundle can help you pass certification exams.

article thumbnail

Apple Shortcuts Vulnerability (CVE-2024-23204): Technical Analysis and Mitigation

Penetration Testing

A patched vulnerability within Apple’s Shortcuts automation framework presents a substantial risk to macOS and iOS devices. Identified as CVE-2024-23204, this flaw leaves affected systems susceptible to unauthorized data exfiltration due to a potential... The post Apple Shortcuts Vulnerability (CVE-2024-23204): Technical Analysis and Mitigation appeared first on Penetration Testing.

article thumbnail

Microsoft has started testing Wi-Fi 7 support in Windows 11

Bleeping Computer

Microsoft is testing support for Wi-Fi 7 in Windows 11, which offers multi-gigabit speeds and improved throughput, latency, and reliability compared to previous Wi-Fi generations. [.

109
109
article thumbnail

Signal to shield user phone numbers by default

Malwarebytes

Chat app Signal will shield user’s phone numbers by default from now on. And, it will no longer be necessary to exchange phone numbers when people want to connect through the app. In November, we reported that Signal was testing usernames to eliminate the need to share your phone number. Signal has now announced that these options are live, and will be rolled out to everyone in the coming weeks.

VPN 121
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Bitwarden’s new auto-fill option adds phishing resistance

Bleeping Computer

The Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the risk of user credentials being stolen through malicious form fields. [.

article thumbnail

FTC Slams Avast with $16.5 Million Fine for Selling Users' Browsing Data

The Hacker News

The U.S. Federal Trade Commission (FTC) has hit antivirus vendor Avast with a $16.5 million fine over charges that the firm sold users' browsing data to advertisers after claiming its products would block online tracking. In addition, the company has been banned from selling or licensing any web browsing data for advertising purposes.

Antivirus 125
article thumbnail

NSFOCUS Innovative DDoS Protection Technology Secures Your Network Perimeter

Security Boulevard

Cybersecurity is crucial for national security in the digital world, where major powers clash over their interests. However, technology also enables more sophisticated and harmful network attacks. One of the most common and dangerous types of attacks is distributed denial-of-service (DDoS), which can hide, coordinate, and scale up to overwhelm a target.

DDOS 111
article thumbnail

Apple Unveils PQ3 Protocol - Post-Quantum Encryption for iMessage

The Hacker News

Apple has announced a new post-quantum cryptographic protocol called PQ3 that it said will be integrated into iMessage to secure the messaging platform against future attacks arising from the threat of a practical quantum computer.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Multiple XSS flaws in Joomla can lead to remote code execution

Security Affairs

Joomla maintainers have addressed multiple vulnerabilities in the popular content management system (CMS) that can lead to execute arbitrary code. The maintainers of the Joomla! Project released Joomla 5.0.3 and 4.4.3 versions that addressed the following vulnerabilities in the popular content management system (CMS): [ 20240201 ] – CVE-2024-21722 Core – Insufficient session expiration in MFA management views: The MFA management features did not properly terminate existing user sessi

Media 112
article thumbnail

ConnectWise Says ScreenConnect Flaw Being Actively Exploited

Security Boulevard

Hackers are actively exploiting critical security flaws in ConnectWise’s remote desktop access tool just days after the software maker alerted customers of the vulnerabilities. ConnectWise learned of the bugs – tracked as CVE-2024-1709 (with the highest severity rating of 10) and CVE-2024-1708 (8.4 out of 10) – in ScreenConnect February 13 through its vulnerability disclosure.

Software 109
article thumbnail

“Beyond the border scam”, pay attention to the instance of the new Nigerian fraud

Security Affairs

Security researcher Salvatore Lombardo shared details about a new instance of Nigerian fraud that he called ‘Beyond the border scam.’ The 419 scam is a form of scam that requires the recipient to pay an upfront sum to receive a much larger reward later. The name derives from article 419 of the Nigerian penal code which punishes this type of fraud and is therefore also known as Nigerian fraud.

Scams 110
article thumbnail

Top Cyber Threats Automotive Dealerships Should Look Out For

Security Boulevard

Automotive dealerships are attractive targets for hackers. A combination of storing lots of sensitive customer data, handling large financial transactions, increased dependence on digital technologies and a perception of immature cybersecurity all combine to create a perception of dealerships as lucrative targets for threat actors. This article takes a look at some of the top automotive cyber threats dealerships should.

article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

Researchers Detail Apple's Recent Zero-Click Shortcuts Vulnerability

The Hacker News

Details have emerged about a now-patched high-severity security flaw in Apple's Shortcuts app that could permit a shortcut to access sensitive information on the device without users' consent. The vulnerability, tracked as CVE-2024-23204 (CVSS score: 7.5), was addressed by Apple on January 22, 2024, with the release of iOS 17.3, iPadOS 17.3, macOS Sonoma 14.

116
116
article thumbnail

Microsoft now force installing Windows 11 23H2 on eligible PCs

Bleeping Computer

Microsoft has started force installing Windows 11 23H2 on eligible devices that have reached or are close to their end-of-servicing date. [.

122
122
article thumbnail

A Comprehensive Guide on GraphQL Testing

Security Boulevard

GraphQL has taken the API world by storm, offering flexibility and efficiency like never before. But with great power comes great responsibility, and ensuring your GraphQL API functions flawlessly is crucial. This comprehensive guide will equip you with the knowledge […] The post A Comprehensive Guide on GraphQL Testing appeared first on WeSecureApp :: Simplifying Enterprise Security.

107
107
article thumbnail

FTC charged Avast with selling users’ browsing data to advertising companies

Security Affairs

US FTC charged cyber security firm Avast with harvesting consumer web browsing data through its browser extension and antivirus and sold it. The US Federal Trade Commission (FTC) has filed charges against cybersecurity firm Avast, accusing it of collecting and selling consumer web browsing data gathered through its browser extension and antivirus services.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Everything you need to know about IP grabbers

We Live Security

You would never give your personal ID to random strangers, right? So why provide the ID of your computer? Unsuspecting users beware, IP grabbers do not ask for your permission.

107
107
article thumbnail

CISA orders federal agencies to fix ConnectWise ScreenConnect bug in a week

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ConnectWise ScreenConnect bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a ConnectWise ScreenConnect vulnerability, tracked as CVE-2024-1709 , to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is an authentication bypass vulnerability issue that an attacker with network access to the management interface can exploit to create a new,

article thumbnail

Bring us the head of LockBit! $15 million bounty offered for information on leaders of notorious ransomware gang

Graham Cluley

A huge reward is being offered for information leading to the identification or location of any of the leaders of the LockBit ransomware gang. Read more in my article on the Tripwire State of Security blog.

article thumbnail

Massive AT&T, Verizon, and T-Mobile outage impacts US customers

Bleeping Computer

Tens of thousands of U.S. customers from Verizon, T-Mobile, and AT&T have been complaining about lack of wireless service or interruptions on Thursday morning. [.

Mobile 98
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.