Schneier on Security

JANUARY 17, 2024

Interesting research: “ Do Users Write More Insecure Code with AI Assistants? “: Abstract: We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that participants who had access to an AI assistant based on OpenAI’s codex-davinci-002 model wrote significantly less secure code than those without access.

Artificial Intelligence 295

Artificial Intelligence 295

The Last Watchdog

JANUARY 17, 2024

Los Angeles, Calif., Jan. 17, 2024 – Spam calls continue to be a major nuisance in the US, and advice on how to avoid them abound. Incogni’s latest research challenges prevalent assumptions about spam calls, revealing that traditional advice on avoiding specific area codes is largely ineffective. The study, based on the latest data from the Federal Trade Commission (FTC), demonstrates that, contrary to popular belief, a staggering 59.81% of all unwanted calls originate from local num

Data privacy 130

Data privacy Advertising Internet Internet 130

Malwarebytes

JANUARY 17, 2024

The San Francisco Chronicle tells a story about a family that almost got scammed when they heard their son’s voice telling them he’d been in a car accident and hurt a pregnant woman. Sadly, this is becoming more common. Scammers want to spread panic among their victims, and to do this, they feign an emergency situation. That may be a car accident, unexpected hospitalization, or any other scenarios which instantly cause concern and cause victims to act quickly.

Scams 143

Scams Artificial Intelligence Identity Theft Social Engineering 143

WIRED Threat Level

JANUARY 17, 2024

Once, drug dealers and money launderers saw cryptocurrency as perfectly untraceable. Then a grad student named Sarah Meiklejohn proved them all wrong—and set the stage for a decade-long crackdown.

Cryptocurrency 141

Cryptocurrency 141

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Tech Republic Security

JANUARY 17, 2024

Explore the best VPNs for Android devices. Find out which VPN offers the best security, speed and features for your Android device.

VPN 141

VPN 141

Security Boulevard

JANUARY 17, 2024

Salt Security added a posture governance engine to its API security platform that defines and enforces implementation standards. The post Salt Security Adds Governance Engine to API Security Platform appeared first on Security Boulevard.

Engineering 130

Engineering Government Risk Cybersecurity 130

Security Boulevard

JANUARY 17, 2024

As AI becomes available and robust, malicious actors have already used it to develop more advanced attack methods; defenders must also leverage AI in 2024. The post AI’s Role in Cybersecurity for Attackers and Defenders in 2024 appeared first on Security Boulevard.

Cybersecurity 125

Cybersecurity Artificial Intelligence Threat Detection Data privacy 125

Bleeping Computer

JANUARY 17, 2024

Security researchers found that infections with high-profile spyware Pegasus, Reign, and Predator could be discovered on compromised Apple mobile devices by checking Shutdown.log, a system log file that stores reboot events. [.

Spyware 124

Spyware Mobile 124

We Live Security

JANUARY 17, 2024

Here are some scams you may encounter on the shopping juggernaut, plus a few simple steps you can take to help safeguard your data while bagging that irresistible deal

Scams 124

Scams 124

Bleeping Computer

JANUARY 17, 2024

A previously unknown cybercrime syndicate named 'Bigpanzi' has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015. [.

Cybercrime 122

Cybercrime Malware 122

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

JANUARY 17, 2024

Artificial intelligence (AI)-based attacks would likely possess greater adaptability and evasion capabilities than WannaCry and NotPetya. The post London Calling: Hey, US, Let’s Chat About Cyber AI – The Next WannaCry appeared first on Security Boulevard.

Artificial Intelligence 117

Artificial Intelligence Cyber Attacks Security Awareness Software 117

Security Affairs

JANUARY 17, 2024

Citrix fixed two actively exploited zero-day vulnerabilities impacting Netscaler ADC and Gateway appliances. Citrix warns customers to install security updates to address two actively exploited zero-day vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, impacting Netscaler ADC and Gateway appliances. “Exploits of these CVEs on unmitigated appliances have been observed.

VPN 110

VPN Software Authentication Internet 110

Security Boulevard

JANUARY 17, 2024

Researchers with cybersecurity firm Kaspersky are detailing a lightweight method for detecting the presence of spyware, including The NSO Group’s notorious Pegasus software, in Apple iOS devices. The new method, which calls for looking for traces of spyware in a log file called Shutdown.log on the devices, gives users and cybersecurity professionals an easier and.

Spyware 117

Spyware Cybersecurity Software Data privacy 117

Bleeping Computer

JANUARY 17, 2024

Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks. [.

113

113

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

JANUARY 17, 2024

Understanding distinctions between cyberbullying & cyberstalking requires looking beyond surface similarities at key differences in behaviors, motivations, impacts & societal responses to these rising forms of online harassment. The post What is the Difference Between Cyberstalking and Cyberbullying? appeared first on SternX Technology. The post What is the Difference Between Cyberstalking and Cyberbullying?

Technology 111

Technology 111

Bleeping Computer

JANUARY 17, 2024

Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware. [.

Malware 109

Malware 109

Security Boulevard

JANUARY 17, 2024

The bad actors behind the Androxgh0st malware are building a botnet they can use to identify victims and exploit vulnerable networks to steal confidential information from such high-profile cloud applications as Amazon Web Services (AWS), Microsoft Office 365, SendGrid, and Twilio, according to two government agencies. The FBI and Cybersecurity and Infrastructure Security Agency (CISA).

Government 109

Government Malware Cybersecurity Network Security 109

Bleeping Computer

JANUARY 17, 2024

A new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space. [.

Technology 105

Technology 105

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Security Boulevard

JANUARY 17, 2024

As we surge into 2024, the cybersecurity landscape is witnessing a paradigm shift. Gone are the days when Indicators of Compromise (IOCs) held the throne. 2023 marked the realization within cybersecurity circles that while IOCs serve a purpose, particularly in confirming participation in major breaches, their continuous monitoring leads to an unsustainable level of alert […] The post Why Behavioral Threat Hunting is the Big Thing for Cybersecurity in 2024 appeared first on Cyborg Security.

Cybersecurity 108

Cybersecurity 108

Security Affairs

JANUARY 17, 2024

GitHub rotated some credentials after the discovery of a flaw that allowed access to the environment variables of a production container. After GitHub became aware of a vulnerability through its bug bounty program, the Microsoft-owned company rotated some credentials. The vulnerability, tracked as CVE-2024-0200 (CVSS score 7.2), allowed access to the environment variables of a production container and the company confirmed that all affected credentials have been rotated. “On December 26,

Authentication 101

Authentication Encryption Accountability Risk 101

Malwarebytes

JANUARY 17, 2024

Last week we wrote about two vulnerabilities in all supported versions of Ivanti Connect Secure and Ivanti Policy Secure Gateways that were being actively exploited. The researchers that discovered the active exploitation are warning that these attacks are now very widespread. “Victims are globally distributed and vary greatly in size, from small businesses to some of the largest organizations in the world, including multiple Fortune 500 companies across multiple industry verticals.”

Small Business 99

Small Business Risk Cybersecurity 99

Security Affairs

JANUARY 17, 2024

Switzerland believes that the attack claimed by pro-Russian group NoName that hit the government websites is retaliation for Zelensky’s presence at Davos. Switzerland believes that the cyberattack carried out by pro-Russia group NoName disrupted access to some government websites, following Ukrainian President Volodymyr Zelensky’s visit to Davos. “We took a look at Switzerland, where the World Economic Forum Davos is currently taking place.

DDOS 99

DDOS Government Hacking Information Security 99

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Penetration Testing

JANUARY 17, 2024

Siemens has released two new advisories to inform customers about four vulnerabilities, which include two critical vulnerabilities (CVE-2023-51438 and CVE-2023-49621) in their SIMATIC IPC and SIMATIC NC 4100 products. The vulnerabilities have a Common... The post Urgent Siemens Update: Addressing SIMATIC’s Near-Perfect CVSS Scores appeared first on Penetration Testing.

Penetration Testing 97

Penetration Testing 97

Security Affairs

JANUARY 17, 2024

U.S. CISA and the FBI warned of AndroxGh0st malware used to create a botnet for victim identification and exploitation in target networks. US CISA and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA) to warn of AndroxGh0st malware. The malware is spreading to create a botnet for victim identification and exploitation in target networks.

Malware 97

Malware Cybersecurity Hacking Information Security 97

The Hacker News

JANUARY 17, 2024

Cybersecurity researchers have identified a "lightweight method" called iShutdown for reliably identifying signs of spyware on Apple iOS devices, including notorious threats like NSO Group's Pegasus, QuaDream's Reign, and Intellexa's Predator.

Spyware 96

Spyware Cybersecurity 96

Penetration Testing

JANUARY 17, 2024

SBSCAN SBSCAN is a penetration testing tool specifically designed for the Spring framework, capable of scanning specified sites for Spring Boot sensitive information and verifying related Spring vulnerabilities. Most Comprehensive Dictionary for Sensitive Paths:... The post SBSCAN: penetration testing tool specifically designed for the Spring framework appeared first on Penetration Testing.

Penetration Testing 94

Penetration Testing 94

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

Bleeping Computer

JANUARY 17, 2024

Have I Been Pwned has added almost 71 million email addresses associated with stolen accounts in the Naz.API dataset to its data breach notification service. [.

Accountability 99

Accountability Data breaches 99

Penetration Testing

JANUARY 17, 2024

Anomalies were detected by Kaspersky through vigilant monitoring of internal network traffic, leading to the uncovering of what is now known as ‘Operation Triangulation’ Kaspersky Lab remains steadfast in its pursuit to unravel the... The post iShutdown: The New Vanguard in Detecting iOS Spyware Threats appeared first on Penetration Testing.

Spyware 92

Spyware Penetration Testing Malware 92

SecureWorld News

JANUARY 17, 2024

Artificial intelligence (AI) promises to transform major sectors like healthcare, transportation, finance, and government over the coming years. But the advanced machine learning (ML) models powering this AI revolution also introduce new vectors of attack for malicious actors. As adoption accelerates, so too do emerging cybersecurity risks. That troubling dynamic motivates a comprehensive new report on AI security published by the U.S.

Artificial Intelligence 87

Artificial Intelligence Data collection Architecture Healthcare 87

Penetration Testing

JANUARY 17, 2024

In the ever-evolving landscape of cybersecurity threats, one campaign has recently caught the attention of McAfee Labs. This sophisticated VBS script-driven campaign employs obfuscated Visual Basic Scripting (VBS) to deliver a range of malware,... The post AgentTesla and Beyond: McAfee Reveals Diverse VBS Malware Tactics appeared first on Penetration Testing.

Penetration Testing 88

Penetration Testing Malware Cybersecurity 88

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.