Thu.Apr 11, 2024

article thumbnail

Our Security of AI Papers and Blogs Explained

Anton on Security

Moderately relevant AI made image about AI papers :-) steampunk ofc! Recently our team has written several papers and blogs focused on securing AI. What you will not see in these papers is anything to do with robot rebellion or some such long-term potential threats. We also don’t touch on responsible AI and AI ethics because frankly there are many (and I mean … MANY!

article thumbnail

4 Best Open Source Password Managers for Teams in 2024

Tech Republic Security

Find the best open-source password managers to keep your sensitive information secure and easily accessible. Explore top options for protecting your passwords.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

CISA: Russian Hackers Stole Emails Between U.S. Agencies and Microsoft

Security Boulevard

Russian state-sponsored hackers who broke into Microsoft’s corporate email accounts during the monthslong hack stole email messages between the enterprise software giant and a number of U.S. federal agencies, adding to an ongoing series of revelations about the attack. The Midnight Blizzard group is using information taken from the corporate email systems, such as authentication.

article thumbnail

How to check if your data was exposed in the AT&T breach

Malwarebytes

AT&T has notified US state authorities and regulators about its recent (or not) data breach, saying 51,226,382 people were affected. For those that have missed the story so far: Back in 2021, a hacker named Shiny Hunters claimed to have breached AT&T. On March 20, 2024, we reported how the data of over 70 million people was posted for sale on an online cybercrime forum.

article thumbnail

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

Speaker: Speakers:

They say a defense can be measured by its weakest link. In your cybersecurity posture, what––or who––is the weakest link? And how can you make them stronger? This webinar will equip you with the resources to search for quality training, implement it, and improve the cyber-behaviors of your workforce. By the end of the hour, you will feel empowered to improve the aspects of your security posture you control the least – the situational awareness and decision-making of your workforce.

article thumbnail

Google Extends Generative AI Reach Deeper into Security

Security Boulevard

The Google Chronicle cybersecurity platform extensions are based on the Gemini LLM with the addition of cybersecurity data. The post Google Extends Generative AI Reach Deeper into Security appeared first on Security Boulevard.

article thumbnail

News alert: Simbian launches with $10M to build autonomous, GenAI-powered security platform

The Last Watchdog

Mountain View, Calif. – April 11, 2024 – Simbian today emerged from stealth mode with oversubscribed $10M seed funding to deliver on fully autonomous security. As a first step towards that goal, the company is introducing the industry’s first GenAI-powered security co-pilot that integrates secure and intelligent AI solutions into diverse IT environments to maximize coverage and expedite resolutions to security teams’ ever-changing needs.

CSO 100

More Trending

article thumbnail

Palo Alto Networks fixed multiple DoS bugs in its firewalls

Security Affairs

Palo Alto Networks fixed several vulnerabilities in its PAN-OS operating system, including 3 issues that can trigger a DoS condition on its firewalls. Palo Alto Networks released security updates to address several high-severity vulnerabilities in its PAN-OS operating system. The company fixed the following DoS vulnerabilities: CVE-2024-3385 – The company reported that a packet processing mechanism in Palo Alto Networks PAN-OS software allows a remote attacker to reboot hardware-based fire

Firewall 123
article thumbnail

Cyber Insurance: Sexy? No. Important? Critically yes.

Security Boulevard

Season 3, Episode 5: Cyber Insurance may not be the sexiest topic, but it’s an important piece of any mature cyber program. We chatted with a lawyer and a VC who share their perspective. The post Cyber Insurance: Sexy? No. Important? Critically yes. appeared first on Security Boulevard.

article thumbnail

LastPass: Hackers targeted employee in failed deepfake CEO call

Bleeping Computer

LastPass revealed this week that threat actors targeted one of its employees in a voice phishing attack, using deepfake audio to impersonate Karim Toubba, the company's Chief Executive Officer. [.

Phishing 127
article thumbnail

Cybersecurity Market Faces Funding Downturn in Q1 2024

Security Boulevard

Industry experts remain cautiously optimistic about future funding trends, emphasizing investor interest in emerging technologies including blockchain and AI security. The post Cybersecurity Market Faces Funding Downturn in Q1 2024 appeared first on Security Boulevard.

Marketing 121
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

DragonForce ransomware – what you need to know

Graham Cluley

Learn more about the DragonForce ransomware - how it came to prominence, and some of the unusual tactics used by the hackers who extort money from companies with it. Read more in my article on the Tripwire State of Security blog.

article thumbnail

CISA makes its "Malware Next-Gen" analysis system publicly available

Bleeping Computer

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new version of "Malware Next-Gen," now allowing the public to submit malware samples for analysis by CISA. [.

Malware 124
article thumbnail

Sneaky Credit Card Skimmer Disguised as Harmless Facebook Tracker

The Hacker News

Cybersecurity researchers have discovered a credit card skimmer that's concealed within a fake Meta Pixel tracker script in an attempt to evade detection. Sucuri said that the malware is injected into websites through tools that allow for custom code, such as WordPress plugins like Simple Custom CSS and JS or the "Miscellaneous Scripts" section of the Magento admin panel.

Malware 118
article thumbnail

Groundbreaking Report Exposes Stark Exclusion of Women in Cybersecurity

SecureWorld News

A first-of-its-kind study by Women in CyberSecurity (WiCyS) has revealed sobering findings about the lack of inclusion and barriers faced by women in the cybersecurity industry. The 2023 State of Inclusion Benchmark in Cybersecurity report quantifies the dramatically worse workplace experiences of women compared to men across virtually every measured category.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Are you prepared for Google’s 90-day validity period on TLS certificates?

Security Boulevard

Are you prepared for Google's 90-day validity period on TLS certificates? Learn what's to come and how to prepare. The post Are you prepared for Google’s 90-day validity period on TLS certificates? appeared first on Akeyless. The post Are you prepared for Google’s 90-day validity period on TLS certificates? appeared first on Security Boulevard.

116
116
article thumbnail

CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following D-Link multiple NAS devices flaws to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-3272 D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability CVE-2024-3273 D-Link Multiple NAS Devices Command Injection Vulnerability The flaw CVE-202

DNS 115
article thumbnail

DuckDuckGo launches a premium Privacy Pro VPN service

Bleeping Computer

DuckDuckGo has launched a new paid-for 3-in-1 subscription service called 'Privacy Pro,' which includes a virtual private network (VPN), a personal data removal service, and an identity theft restoration solution. [.

VPN 119
article thumbnail

Microsoft fixed two zero-day bugs exploited in malware attacks

Security Affairs

Microsoft addressed two zero-day vulnerabilities (CVE-2024-29988 and CVE-2024-26234) actively exploited by threat actors to deliver malware Microsoft addressed two zero-day vulnerabilities, tracked as CVE-2024-29988 and CVE-2024-26234, that threat actors are exploiting to deliver malware. Microsoft Patches Tuesday security updates for April 2024 addressed 147 vulnerabilities in multiple products.

Malware 113
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

CVE-2024-31819: Critical Flaw in Popular Video Platform AVideo Could Allow Full System Takeover

Penetration Testing

Security researchers are sounding the alarm about a dangerous new critical vulnerability uncovered within the popular open-source video platform, AVideo. This vulnerability, designated as CVE-2024-31819, lies within the platform’s WWBNIndex plugin and has the... The post CVE-2024-31819: Critical Flaw in Popular Video Platform AVideo Could Allow Full System Takeover appeared first on Penetration Testing.

article thumbnail

Apple warns people of mercenary attacks via threat notification system

Malwarebytes

Apple has reportedly sent alerts to individuals in 92 nations on Wednesday, April 10, to say it’s detected that they may have been a victim of a mercenary attack. The company says it has sent out these types of threat notifications to over 150 countries since the start in 2021. Mercenary spyware is used by governments to target people like journalists, political activists, and similar targets, and involves the use of sophisticated tools like Pegasus.

Spyware 109
article thumbnail

Intel and Lenovo servers impacted by 6-year-old BMC flaw

Bleeping Computer

An almost 6-year-old vulnerability in the Lighttpd web server used in Baseboard Management Controllers has been overlooked by many device vendors, including Intel and Lenovo. [.

115
115
article thumbnail

Beyond fun and games: Exploring privacy risks in children’s apps

We Live Security

Should children’s apps come with ‘warning labels’? Here are some ways these digital playgrounds could be putting their safety at risk – and how to keep them safe.

Risk 110
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

DuckDuckGo Is Taking Its Privacy Fight to Data Brokers

WIRED Threat Level

Privacy-focused company DuckDuckGo is launching a tool to remove data from people-search websites, a VPN, and an identity theft restoration service.

article thumbnail

US CISA published an alert on the Sisense data breach

Security Affairs

Business intelligence software company Sisense suffered a cyberattack that may have exposed sensitive information of major enterprises worldwide. Sisense, a business intelligence software company, experienced a cyberattack potentially exposing the sensitive data of global enterprises. The list of the company’s customers includes Nasdaq, Philips Healthcare, Verizon, and many others.

article thumbnail

GitHub Search Sabotaged: Malware Hidden in Popular Repositories

Penetration Testing

In the ever-evolving landscape of cybersecurity, a new threat has emerged, cleverly exploiting GitHub’s vast open-source ecosystem. Cybercriminals, demonstrating both ingenuity and malice, have initiated a campaign that manipulates GitHub’s search functionality to distribute... The post GitHub Search Sabotaged: Malware Hidden in Popular Repositories appeared first on Penetration Testing.

article thumbnail

U.S. Federal Agencies Ordered to Hunt for Signs of Microsoft Breach and Mitigate Risks

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an emergency directive (ED 24-02) urging federal agencies to hunt for signs of compromise and enact preventive measures following the recent compromise of Microsoft's systems that led to the theft of email correspondence with the company.

Risk 105
article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

Apple Warns Users of Targeted Spyware Attacks – Here’s How to Stay Safe

Penetration Testing

Apple has sent warnings to a growing number of users, alerting them about highly sophisticated mercenary spyware attacks. These attacks are not your typical phishing scams or malware; they are meticulously crafted, state-sponsored operations... The post Apple Warns Users of Targeted Spyware Attacks – Here’s How to Stay Safe appeared first on Penetration Testing.

Spyware 104
article thumbnail

TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer

The Hacker News

A threat actor tracked as TA547 has targeted dozens of German organizations with an information stealer called Rhadamanthys as part of an invoice-themed phishing campaign. "This is the first time researchers observed TA547 use Rhadamanthys, an information stealer that is used by multiple cybercriminal threat actors," Proofpoint said.

Phishing 104
article thumbnail

Cisco Secure Access Wins Global Security Service Edge Customer Value Leadership Award

Cisco Security

It’s one thing to claim leadership in cloud security; it’s another to have that leadership acknowledged by industry experts. That’s why we’re thrilled to announce our recent recognition by Frost & Sul… Read more on Cisco Blogs We’re thrilled that our innovation in the security service edge space has earned us accolades. Learn how we beat out the competition.

103
103
article thumbnail

The Hidden Impact of Ad Fraud on Your Marketing Budget

Security Boulevard

Bot-driven click fraud and ad fraud could be siphoning off large portions of your advertising budget. Learn how ad fraud could be impacting you and how to protect your business. The post The Hidden Impact of Ad Fraud on Your Marketing Budget appeared first on Security Boulevard.

Marketing 103
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?