Schneier on Security

SEPTEMBER 8, 2023

Last March, just two weeks after GPT-4 was released , researchers at Microsoft quietly announced a plan to compile millions of APIs—tools that can do everything from ordering a pizza to solving physics equations to controlling the TV in your living room—into a compendium that would be made accessible to large language models (LLMs). This was just one milestone in the race across industry and academia to find the best ways to teach LLMs how to manipulate tools, which would supercharge

Banking 243

Banking Risk Accountability Government 243

Tech Republic Security

SEPTEMBER 8, 2023

A new study by Cisco Investments with venture capital firms finds that most CISOs find complexity of tools, number of solutions and users, and even jargon a barrier to zero trust.

Marketing 163

Marketing CISO Artificial Intelligence Cybersecurity 163

Bleeping Computer

SEPTEMBER 8, 2023

Notepad++ version 8.5.7 has been released with fixes for multiple buffer overflow zero-days, with one marked as potentially leading to code execution by tricking users into opening specially crafted files. [.

Software 142

Software 142

Tech Republic Security

SEPTEMBER 8, 2023

It’s a cat-and-mouse struggle as tech giants Microsoft and Apple deal with persistent threats from China state actors and Pegasus spyware.

Spyware 182

Spyware Cyber threats Mobile 182

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

The Hacker News

SEPTEMBER 8, 2023

Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. The issues are described as below - CVE-2023-41061 - A validation issue in Wallet that could result in arbitrary code execution when handling a maliciously crafted attachment.

Spyware 139

Spyware 139

Tech Republic Security

SEPTEMBER 8, 2023

Australian data breach costs have jumped over the last five years to $2.57 million USD, according to IBM. Prioritizing DevSecOps and incident response planning can help IT leaders minimize the financial risk.

Data breaches 145

Data breaches Risk 145

Bleeping Computer

SEPTEMBER 8, 2023

Cisco is warning of a CVE-2023-20269 zero-day vulnerability in its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) that is actively exploited by ransomware operations to gain initial access to corporate networks. [.

VPN 133

VPN Ransomware 133

Security Boulevard

SEPTEMBER 8, 2023

Firefox looking good right now: “Privacy Sandbox” criticized as a proprietary, hypocritical, anti-competitive, self-serving contradiction. The post Google Kills 3rd-Party Cookies — but Monopolizes AdTech appeared first on Security Boulevard.

Advertising 131

Advertising Social Engineering Data privacy Engineering 131

Security Affairs

SEPTEMBER 8, 2023

U.S. CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. The US agency has detected the presence of indicators of compromise (IOCs) at an Aeronautical Sector organization as early as January 2023.

VPN 129

VPN Firewall Accountability Cybersecurity 129

Dark Reading

SEPTEMBER 8, 2023

Legitimate-seeming Telegram "mods" available in the official Google Play store for the encrypted messaging app signal the rise of a new enterprise threat.

Spyware 128

Spyware Mobile Encryption 128

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Affairs

SEPTEMBER 8, 2023

North Korea-linked threat actors associated with North Korea exploited a zero-day flaw in attacks against cybersecurity experts. North Korea-linked threat actors were observed exploiting a zero-day vulnerability in an unnamed software to target cybersecurity researchers. The attacks that took place in the past weeks were detected by researchers at Google’s Threat Analysis Group (TAG). “Recently, TAG became aware of a new campaign likely from the same actors based on similarities with

Cybersecurity 111

Cybersecurity Media Accountability Software 111

WIRED Threat Level

SEPTEMBER 8, 2023

Civil rights groups say efforts to get US intelligence agencies to adopt privacy reforms have largely failed. Without those changes, renewal of a post-911 surveillance policy may be doomed.

Surveillance 109

Surveillance 109

SecureList

SEPTEMBER 8, 2023

A while ago we discovered a bunch of Telegram mods on Google Play with descriptions in traditional Chinese, simplified Chinese and Uighur. The vendor says these are the fastest apps which use a distributed network of data processing centers around the world. What can possibly be wrong with a Telegram mod duly tested by Google Play and available through the official store?

Encryption 110

Encryption Spyware Accountability Malware 110

The Hacker News

SEPTEMBER 8, 2023

Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in an unspecified software over the past several weeks to infiltrate their machines.

Cybersecurity 106

Cybersecurity Media Accountability Software 106

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

eSecurity Planet

SEPTEMBER 8, 2023

Technology reviews can be a temptingly easy way to gain insight into the often impenetrable world of enterprise cybersecurity products, but you need to know how to use them. The fact is that while all technology reviews have some value, all reviews also contain hidden biases — and sadly, those biases are often overlooked and misunderstood by buyers.

Cybersecurity 104

Cybersecurity Marketing Technology Energy and Utilities 104

The Hacker News

SEPTEMBER 8, 2023

A legitimate Windows tool used for creating software packages called Advanced Installer is being abused by threat actors to drop cryptocurrency-mining malware on infected machines since at least November 2021.

Cryptocurrency 104

Cryptocurrency Software Malware 104

Digital Guardian

SEPTEMBER 8, 2023

Wins against cybercrime and the invasion of data privacy took the headlines this past week, but phishing, business email compromise, and the effects of climate change remain as threats against organizations. Catch up on all these stories in this week’s Friday Five!

Data privacy 103

Data privacy Cybercrime Phishing 103

Dark Reading

SEPTEMBER 8, 2023

Cyberattackers could exploit CVE-2023-20238 to carry out a variety of nefarious deeds, from data theft and code execution to phishing, fraud, and DoS.

Phishing 112

Phishing 112

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

Digital Guardian

SEPTEMBER 8, 2023

Industrial designs and architectural blueprints are crucial centerpieces of the manufacturing sector’s intellectual property (IP). As the United States strives to reinvigorate its manufacturing sector, computer-aided design (CAD) files require the utmost data protection to safeguard against industrial espionage.

Manufacturing 97

Manufacturing Architecture 97

The Hacker News

SEPTEMBER 8, 2023

The U.K. and U.S. governments on Thursday sanctioned 11 individuals who are alleged to be part of the notorious Russia-based TrickBot cybercrime gang. “Russia has long been a safe haven for cybercriminals, including the TrickBot group,” the U.S. Treasury Department said, adding it has “ties to Russian intelligence services and has targeted the U.S. Government and U.S.

Cybercrime 96

Cybercrime Government 96

Dark Reading

SEPTEMBER 8, 2023

Training will cover cloud skills and working in a paperless environment, but any mention of a cybersecurity element is conspicuously lacking.

Cybersecurity 106

Cybersecurity 106

The Hacker News

SEPTEMBER 8, 2023

Cisco has released security fixes to address multiple security flaws, including a critical bug, that could be exploited by a threat actor to take control of an affected system or cause a denial-of service (DoS) condition. The most severe of the issues is CVE-2023-20238, which has the maximum CVSS severity rating of 10.0.

Authentication 95

Authentication 95

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

Bleeping Computer

SEPTEMBER 8, 2023

It started as a slow ransomware news week but slowly picked up pace with the Department of Justice announcing indictments on TrickBot and Conti operations members. [.

Ransomware 96

Ransomware 96

Heimadal Security

SEPTEMBER 8, 2023

The Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform are both affected by a serious vulnerability that might allow remote attackers to counterfeit credentials and bypass authentication. Cisco BroadWorks is a cloud communication services platform used by both businesses and consumers. The other two components mentioned are used for app management and […] The post Cisco BroadWorks Is Affected by a Critical-Severity Vulnerability appeared first on

Authentication 92

Authentication Cybersecurity 92

Dark Reading

SEPTEMBER 8, 2023

Infostealer incidents have more than doubled recently, making it critical to bolster your defenses to mitigate this growing threat.

108

108

SecureWorld News

SEPTEMBER 8, 2023

As the school year kicks off and kids head back to the classroom (in-person and virtually), parents working from home are breathing a collective sigh of relief. After months of juggling remote work and remote learning, a return to some semblance of normalcy is in sight. While the transition back to school can be a positive time, it does pose its own set of challenges for parents in the cybersecurity field.

Cybersecurity 88

Cybersecurity Education Technology 88

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

SEPTEMBER 8, 2023

Microsoft Internet Information Services (IIS) is a web server software package designed for Windows Server. Organizations commonly use Microsoft IIS servers to host websites, files, and other content on the web. Threat actors increasingly target these Internet-facing resources as low-hanging fruit for finding and exploiting vulnerabilities that facilitate access to IT environments.

Malware 87

Malware Internet Internet Software 87

WIRED Threat Level

SEPTEMBER 8, 2023

The CEO’s vision for Taser-equipped drones includes a fictitious scenario in which the technology averts a shooting at a day care center.

Technology 97

Technology 97

Bleeping Computer

SEPTEMBER 8, 2023

Dymocks Booksellers is warning customers their personal information was exposed in a data breach after the company's database was shared on hacking forums. [.

Data breaches 89

Data breaches Hacking 89

GlobalSign

SEPTEMBER 8, 2023

In this blog post, we're going to look at how Generative AI affects data security and how we can mitigate any possible risks.

Risk 99

Risk 99

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.