Schneier on Security

SEPTEMBER 8, 2023

Last March, just two weeks after GPT-4 was released , researchers at Microsoft quietly announced a plan to compile millions of APIs—tools that can do everything from ordering a pizza to solving physics equations to controlling the TV in your living room—into a compendium that would be made accessible to large language models (LLMs). This was just one milestone in the race across industry and academia to find the best ways to teach LLMs how to manipulate tools, which would supercharge

Banking 327

Banking Risk Accountability Government 327

Tech Republic Security

SEPTEMBER 8, 2023

It’s a cat-and-mouse struggle as tech giants Microsoft and Apple deal with persistent threats from China state actors and Pegasus spyware.

Spyware 210

Spyware Cyber threats Mobile 210

The Hacker News

SEPTEMBER 8, 2023

Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. The issues are described as below - CVE-2023-41061 - A validation issue in Wallet that could result in arbitrary code execution when handling a maliciously crafted attachment.

Spyware 145

Spyware 145

Tech Republic Security

SEPTEMBER 8, 2023

A new study by Cisco Investments with venture capital firms finds that most CISOs find complexity of tools, number of solutions and users, and even jargon a barrier to zero trust.

Marketing 195

Marketing CISO Artificial Intelligence Cybersecurity 195

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Security Affairs

SEPTEMBER 8, 2023

A zero-day vulnerability (CVE-2023-20269) in Cisco ASA and FTD is actively exploited in ransomware attacks, the company warns. Cisco warns that a zero-day vulnerability (CVE-2023-20269) in Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) is actively exploited by ransomware groups to gain initial access to corporate networks.

Ransomware 145

Ransomware VPN Authentication Hacking 145

Tech Republic Security

SEPTEMBER 8, 2023

Australian data breach costs have jumped over the last five years to $2.57 million USD, according to IBM. Prioritizing DevSecOps and incident response planning can help IT leaders minimize the financial risk.

Data breaches 187

Data breaches Risk 187

The Hacker News

SEPTEMBER 8, 2023

Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in an unspecified software over the past several weeks to infiltrate their machines.

Cybersecurity 143

Cybersecurity Media Accountability Software 143

Security Affairs

SEPTEMBER 8, 2023

U.S. CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. The US agency has detected the presence of indicators of compromise (IOCs) at an Aeronautical Sector organization as early as January 2023.

VPN 141

VPN Firewall Accountability Cybersecurity 141

The Hacker News

SEPTEMBER 8, 2023

A legitimate Windows tool used for creating software packages called Advanced Installer is being abused by threat actors to drop cryptocurrency-mining malware on infected machines since at least November 2021.

Cryptocurrency 141

Cryptocurrency Software Malware 141

Bleeping Computer

SEPTEMBER 8, 2023

Notepad++ version 8.5.7 has been released with fixes for multiple buffer overflow zero-days, with one marked as potentially leading to code execution by tricking users into opening specially crafted files. [.

Software 139

Software 139

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

The Hacker News

SEPTEMBER 8, 2023

Cisco has released security fixes to address multiple security flaws, including a critical bug, that could be exploited by a threat actor to take control of an affected system or cause a denial-of service (DoS) condition. The most severe of the issues is CVE-2023-20238, which has the maximum CVSS severity rating of 10.0.

Authentication 137

Authentication 137

Security Affairs

SEPTEMBER 8, 2023

North Korea-linked threat actors associated with North Korea exploited a zero-day flaw in attacks against cybersecurity experts. North Korea-linked threat actors were observed exploiting a zero-day vulnerability in an unnamed software to target cybersecurity researchers. The attacks that took place in the past weeks were detected by researchers at Google’s Threat Analysis Group (TAG). “Recently, TAG became aware of a new campaign likely from the same actors based on similarities with

Cybersecurity 135

Cybersecurity Media Accountability Software 135

The Hacker News

SEPTEMBER 8, 2023

The U.K. and U.S. governments on Thursday sanctioned 11 individuals who are alleged to be part of the notorious Russia-based TrickBot cybercrime gang. “Russia has long been a safe haven for cybercriminals, including the TrickBot group,” the U.S. Treasury Department said, adding it has “ties to Russian intelligence services and has targeted the U.S. Government and U.S.

Cybercrime 137

Cybercrime Government 137

Security Boulevard

SEPTEMBER 8, 2023

Firefox looking good right now: “Privacy Sandbox” criticized as a proprietary, hypocritical, anti-competitive, self-serving contradiction. The post Google Kills 3rd-Party Cookies — but Monopolizes AdTech appeared first on Security Boulevard.

Advertising 132

Advertising Social Engineering Data privacy Engineering 132

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

WIRED Threat Level

SEPTEMBER 8, 2023

Civil rights groups say efforts to get US intelligence agencies to adopt privacy reforms have largely failed. Without those changes, renewal of a post-911 surveillance policy may be doomed.

Surveillance 131

Surveillance 131

The Hacker News

SEPTEMBER 8, 2023

Microsoft Internet Information Services (IIS) is a web server software package designed for Windows Server. Organizations commonly use Microsoft IIS servers to host websites, files, and other content on the web. Threat actors increasingly target these Internet-facing resources as low-hanging fruit for finding and exploiting vulnerabilities that facilitate access to IT environments.

Malware 130

Malware Internet Internet Software 130

Dark Reading

SEPTEMBER 8, 2023

Legitimate-seeming Telegram "mods" available in the official Google Play store for the encrypted messaging app signal the rise of a new enterprise threat.

Spyware 128

Spyware Mobile Encryption 128

Bleeping Computer

SEPTEMBER 8, 2023

Cisco is warning of a CVE-2023-20269 zero-day vulnerability in its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) that is actively exploited by ransomware operations to gain initial access to corporate networks. [.

Ransomware 122

Ransomware VPN 122

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

WIRED Threat Level

SEPTEMBER 8, 2023

The CEO’s vision for Taser-equipped drones includes a fictitious scenario in which the technology averts a shooting at a day care center.

Technology 121

Technology 121

GlobalSign

SEPTEMBER 8, 2023

In this blog post, we're going to look at how Generative AI affects data security and how we can mitigate any possible risks.

Risk 119

Risk 119

Dark Reading

SEPTEMBER 8, 2023

Cyberattackers could exploit CVE-2023-20238 to carry out a variety of nefarious deeds, from data theft and code execution to phishing, fraud, and DoS.

Phishing 112

Phishing 112

Heimadal Security

SEPTEMBER 8, 2023

The Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform are both affected by a serious vulnerability that might allow remote attackers to counterfeit credentials and bypass authentication. Cisco BroadWorks is a cloud communication services platform used by both businesses and consumers. The other two components mentioned are used for app management and […] The post Cisco BroadWorks Is Affected by a Critical-Severity Vulnerability appeared first on

Authentication 111

Authentication Cybersecurity 111

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

eSecurity Planet

SEPTEMBER 8, 2023

Application programming interface (API) security is a combination of tools and best practices to secure the all-important connections between applications. API security protects data and back-end systems while preserving fluid communication between software components through strict protocols and access controls. Apps are protected from unauthorized access, data breaches, and other unwanted actions thanks to proactive defenses that prevent and mitigate vulnerabilities, misconfigurations, and oth

Authentication 109

Authentication Architecture Firewall Threat Detection 109

SecureWorld News

SEPTEMBER 8, 2023

As the school year kicks off and kids head back to the classroom (in-person and virtually), parents working from home are breathing a collective sigh of relief. After months of juggling remote work and remote learning, a return to some semblance of normalcy is in sight. While the transition back to school can be a positive time, it does pose its own set of challenges for parents in the cybersecurity field.

Cybersecurity 108

Cybersecurity Education Technology 108

Dark Reading

SEPTEMBER 8, 2023

Infostealer incidents have more than doubled recently, making it critical to bolster your defenses to mitigate this growing threat.

108

108

eSecurity Planet

SEPTEMBER 8, 2023

Technology reviews can be a temptingly easy way to gain insight into the often impenetrable world of enterprise cybersecurity products, but you need to know how to use them. The fact is that while all technology reviews have some value, all reviews also contain hidden biases — and sadly, those biases are often overlooked and misunderstood by buyers.

Cybersecurity 104

Cybersecurity Marketing Technology Energy and Utilities 104

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Dark Reading

SEPTEMBER 8, 2023

Training will cover cloud skills and working in a paperless environment, but any mention of a cybersecurity element is conspicuously lacking.

Cybersecurity 106

Cybersecurity 106

Digital Guardian

SEPTEMBER 8, 2023

Wins against cybercrime and the invasion of data privacy took the headlines this past week, but phishing, business email compromise, and the effects of climate change remain as threats against organizations. Catch up on all these stories in this week’s Friday Five!

Data privacy 103

Data privacy Cybercrime Phishing 103

Dark Reading

SEPTEMBER 8, 2023

US Treasury officials said the sanctions move is part of its effort to combat Russian state-sponsored cybercrime.

Cybercrime 105

Cybercrime 105

Digital Guardian

SEPTEMBER 8, 2023

Industrial designs and architectural blueprints are crucial centerpieces of the manufacturing sector’s intellectual property (IP). As the United States strives to reinvigorate its manufacturing sector, computer-aided design (CAD) files require the utmost data protection to safeguard against industrial espionage.

Manufacturing 97

Manufacturing Architecture 97

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!