Schneier on Security
FEBRUARY 23, 2024
New research : LLM Agents can Autonomously Hack Websites Abstract: In recent years, large language models (LLMs) have become increasingly capable and can now interact with tools (i.e., call functions), read documents, and recursively call themselves. As a result, these LLMs can now function autonomously as agents. With the rise in capabilities of these agents, recent work has speculated on how LLM agents would affect cybersecurity.
Troy Hunt
FEBRUARY 23, 2024
It's just been a joy to watch the material produced by the NCA and friends following the LockBit takedown this week. So much good stuff from the agencies themselves, not just content but high quality trolling too. Then there's the whole ecosystem of memes that have since emerged and provided endless hours of entertainment 😊 I'm sure we'll see a lot more come out of this yet and inevitably there's seized material that will still be providing value to further inves
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Bleeping Computer
FEBRUARY 23, 2024
Healthcare giant UnitedHealth Group confirmed that its subsidiary Optum was forced to shut down IT systems and various services after a cyberattack by "nation-state" hackers on the Change Healthcare platform. [.
Penetration Testing
FEBRUARY 23, 2024
A high-severity vulnerability, designated CVE-2024-26582, has been discovered within the Transport Layer Security (TLS) subsystem of the Linux kernel. This flaw stems from a use-after-free error in the way kTLS (the kernel’s TLS implementation)... The post CVE-2024-26582 (CVSS 8.4): Linux Kernel Code Execution Vulnerability appeared first on Penetration Testing.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
FEBRUARY 23, 2024
U-Haul has started informing customers that a hacker used stolen account credentials to access an internal system for dealers and team members to track customer reservations. [.
Security Boulevard
FEBRUARY 23, 2024
The Cloud Security Alliance (CSA) State of Security Remediation report underscored the difficult balancing act cloud security experts face. The post Organizations Unprepared to Face Cloud Security Threats appeared first on Security Boulevard.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Tech Republic Security
FEBRUARY 23, 2024
Looking for the best free VPNs? Check out our guide to find the most reliable and secure options for protecting your online privacy that won’t break the bank.
Graham Cluley
FEBRUARY 23, 2024
Prescription orders across the United States are reportedly being delayed after a cyber attack impacted a healthcare technology firm that supplies services to pharmacies, including CVS Health. Read more in my article on the Hot for Security blog.
Tech Republic Security
FEBRUARY 23, 2024
Learn more about IAM and its importance in securing digital identities and managing access privileges in this comprehensive guide.
Security Boulevard
FEBRUARY 23, 2024
Cyberattacks exploiting critical vulnerabilities in ConnectWise’s remote monitoring and management (RMM) tool revealed this week have snowballed and some bad actors are using it to deploy LockBit ransomware, which was the target of a recent international law enforcement operation. The information shows the merging of two of the more significant news stories in the cybersecurity.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Hacker News
FEBRUARY 23, 2024
Microsoft has released an open access automation framework called PyRIT (short for Python Risk Identification Tool) to proactively identify risks in generative artificial intelligence (AI) systems.
Security Boulevard
FEBRUARY 23, 2024
Avast Software will pay a $16.5 million fine to settle a federal complaint accusing the antivirus vendor of collecting users’ browsing data over six years and selling it to advertising companies without their consent. In fact, Avast did all this while promising users that its products would protect consumers from being tracked online, according to. The post Avast Hit With $16.5 Million Fine for Selling Customer Data appeared first on Security Boulevard.
Malwarebytes
FEBRUARY 23, 2024
On February 20, Joomla! posted details about four vulnerabilities it had fixed in its Content Management System (CMS), and one in the Joomla! Framework that affects the CMS. Joomla! is an open-source CMS that’s been around since 2005, and has been one of the most popular CMS platforms by market share for much of that time. Many companies, from small outfits to large enterprises, use a CMS in some form to manage their websites.
Bleeping Computer
FEBRUARY 23, 2024
Google is retiring the standalone Pay app in the United States. Users have until June 4 to transfer the balance to bank accounts. [.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Approachable Cyber Threats
FEBRUARY 23, 2024
Category Awareness, Artificial Intelligence Risk Level Artificial Intelligence (AI) is set to be the newest ally for many companies, but it’s also set to be the newest threat. The realm of cybersecurity is undergoing a transformation, guided by the omnipresent force of Artificial Intelligence (AI). As we navigate this dynamic landscape, AI emerges as both the guardian of digital fortresses and the stealthy architect of cyber threats.
The Hacker News
FEBRUARY 23, 2024
A dormant package available on the Python Package Index (PyPI) repository was updated nearly after two years to propagate an information stealer malware called Nova Sentinel.
Bleeping Computer
FEBRUARY 23, 2024
Sony subsidiary Insomniac Games is sending data breach notification letters to employees whose personal information was stolen and leaked online following a Rhysida ransomware attack in November. [.
Security Affairs
FEBRUARY 23, 2024
Australian telecommunications provider Tangerine disclosed a data breach that impacted roughly 230,000 individuals. Tangerine suffered a data breach that exposed the personal information of roughly 230,000 individuals. The security breach occurred on Sunday 18 February 2024, but Tangerine management became aware of the incident on Tuesday 20 February 2024.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Bleeping Computer
FEBRUARY 23, 2024
Google is retiring the standalone Pay app in the United States. Users have until June 4 to transfer the balance to bank accounts. [.
Penetration Testing
FEBRUARY 23, 2024
brutespray Brutespray has been updated to golang. Without needing to rely on other tools this version will be extensible to bruteforce many different services and is way faster than its Python counterpart. Currently, Brutespray... The post brutespray: Automatically attempts default creds on found services appeared first on Penetration Testing.
Bleeping Computer
FEBRUARY 23, 2024
The U.S. Federal Trade Commission (FTC) sued tax preparation giant H&R Block over the company's deceptive "free" online filing advertising and for pressuring people into overpaying for its services. [.
Heimadal Security
FEBRUARY 23, 2024
Researchers in security are issuing warnings about threat actors misusing Google Cloud Run to spread large amounts of banking trojans, such as Astaroth, Mekotio, and Ousaban. With Google Cloud Run, customers can manage workloads and launch front-end and back-end services, websites, and apps without having to worry about scaling or maintaining an infrastructure.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Bleeping Computer
FEBRUARY 23, 2024
Microsoft's Windows Photos app now has its own generative erase tool that enables users to replace unwanted objects with AI-generated content.
The Hacker News
FEBRUARY 23, 2024
Created by John Tuckner and the team at workflow and automation platform Tines, the SOC Automation Capability Matrix (SOC ACM) is a set of techniques designed to help security operations teams understand their automation capabilities and respond more effectively to incidents.
Malwarebytes
FEBRUARY 23, 2024
ConnectWise is warning self-hosted and on-premise customers that they need to take immediate action to remediate a critical vulnerability in its ScreenConnect remote desktop software. This software is typically used in data-centers and for remote assistance. Together ConnectWise’s partners manage millions of endpoints (clients). A Shadowserver scan revealed approximately 3,800 vulnerable ConnectWise ScreenConnect instances on Wednesday, most of them in the US. ~3800 vulnerable ConnectWise Screen
Heimadal Security
FEBRUARY 23, 2024
President Joe Biden has signed an executive order to enhance cybersecurity at U.S. ports. $20 billion will be invested in port upgrades, including a shift to trusted crane suppliers. This measure counteracts risks posed by the use of cranes made by China, and aims to expand the Coast Guard’s authority. Strengthening U.S. Port Cybersecurity The […] The post Biden Signs Executive Order to Boost Maritime Cybersecurity Amid China Concerns appeared first on Heimdal Security Blog.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Penetration Testing
FEBRUARY 23, 2024
What is Minder? Minder by Stacklok is an open-source platform that helps development teams and open-source communities build more secure software, and prove to others that what they’ve built is secure. Minder helps project owners... The post minder: Software Supply Chain Security Platform appeared first on Penetration Testing.
Security Boulevard
FEBRUARY 23, 2024
Before understanding the need for endpoint security, let’s make you see through a recent study on the same. Around 68% of businesses experienced a targeted endpoint attack that compromised their IT infrastructure. Devices also experienced the same percentage rise in cyber attacks compared to previous years. What is Endpoint Security? Endpoint security can be defined […] The post Why Do We Need Endpoint Security in 2024?
Heimadal Security
FEBRUARY 23, 2024
While Datto is undoubtedly a powerful solution, it has certain limitations which can be frustrating for MSPs. Let’s learn more about some of these limitations, and explore alternative solutions you should consider. Reasons MSPs Are Looking for Datto Alternatives Datto is a data backup and recovery provider. They build hardware which sits in client offices […] The post The 9 Best Datto Alternatives in 2024 (for MSPs) appeared first on Heimdal Security Blog.
Security Boulevard
FEBRUARY 23, 2024
Driverless vehicles represent a groundbreaking technological advancement in transportation, promising safer roads, efficient mobility, and reduced environmental impact. However, the realisation of this future hinges on technological innovation and robust cybersecurity measures. As we delve into the world of autonomous driving, it becomes increasingly evident that cybersecurity is not merely a peripheral concern but a […] The post Why is Cybersecurity Important for Driverless Vehicles?
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
264 
Let's personalize your content