Thu.Jun 01, 2023

article thumbnail

On the Catastrophic Risk of AI

Schneier on Security

Earlier this week, I signed on to a short group statement , coordinated by the Center for AI Safety: Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war. The press coverage has been extensive, and surprising to me. The New York Times headline is “A.I. Poses ‘Risk of Extinction,’ Industry Leaders Warn.” BBC : “Artificial intelligence could lead to extinction, experts warn.”

Risk 284
article thumbnail

Ask Fitis, the Bear: Real Crooks Sign Their Malware

Krebs on Security

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive to cybercriminal groups, who prize their ability to add stealth and longevity to malicious software.

Malware 250
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

How to determine exactly what personal information Microsoft Edge knows about you

Tech Republic Security

Users should be aware of what personal data is being collected and stored by Microsoft Edge and be prepared to perform periodic maintenance on that data to keep it secure. The post How to determine exactly what personal information Microsoft Edge knows about you appeared first on TechRepublic.

Software 160
article thumbnail

New Horabot campaign takes over victim's Gmail, Outlook accounts

Bleeping Computer

A previously unknown campaign involving the Hotabot botnet malware has targeted Spanish-speaking users in Latin America since at least November 2020, infecting them with a banking trojan and spam tool. [.

article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

Most people are aware of their data trails, but few know how to deal with it: Okta study

Tech Republic Security

A new study by Okta finds that a proliferation of active accounts and web identities is exacerbating security risks both for individuals and enterprises. The post Most people are aware of their data trails, but few know how to deal with it: Okta study appeared first on TechRepublic.

Risk 154
article thumbnail

Russia says US hacked thousands of iPhones in iOS zero-click attacks

Bleeping Computer

Russian cybersecurity firm Kaspersky says some iPhones on its network were hacked using an iOS vulnerability that installed malware via iMessage zero-click exploits. Russia blames these attacks on US intelligence agencies. [.

Hacking 144

More Trending

article thumbnail

Harvard Pilgrim Health Care ransomware attack hits 2.5 million people

Bleeping Computer

Harvard Pilgrim Health Care (HPHC) has disclosed that a ransomware attack it suffered in April 2023 impacted 2,550,922 people, with the threat actors also stealing their sensitive data from compromised systems. [.

article thumbnail

Decade-old critical vulnerability in Jetpack patched on millions of WordPress websites

Graham Cluley

Jetpack. an extremely popular WordPress plugin that provides a variety of functions including security features for around five million websites, has received a critical security update following the discovery of a bug that has lurked unnoticed since 2012. Read more in my article on the Tripwire State of Security blog.

115
115
article thumbnail

ISACA pledges to help grow cybersecurity workforce in Europe

CSO Magazine

Global professional association ISACA has announced a pledge to the European Commission to grow and empower the cybersecurity workforce in Europe. The pledge will see ISACA provide 20,000 free memberships to students across Europe to acquire crucial cybersecurity skills and support the identification of qualified cybersecurity candidates for organizations, supporting the European Union’s (EU) cybersecurity agenda, it said.

article thumbnail

Ransomware attack on Biotech company exposes info of over 2.5 million patients

CyberSecurity Insiders

A recent ransomware attack on a New York-based biotech company, Enzo Biochem, has resulted in the exposure of sensitive information belonging to more than 2.5 million patients. The cyber incident, which occurred on April 6th, compromised clinical test data and approximately 600,000 social security numbers. Enzo Biochem, renowned for its bacterial disease detection capabilities, has confirmed the breach in its SEC filing, expressing concerns that employee data may have also been accessed by the m

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

All eyes on APIs: Top 3 API security risks and how to mitigate them

We Live Security

As APIs are a favorite target for threat actors, the challenge of securing the glue that holds various software elements together is taking on increasing urgency The post All eyes on APIs: Top 3 API security risks and how to mitigate them appeared first on WeLiveSecurity

Risk 104
article thumbnail

Cyberinsurance Prices Moderate as Premium Hikes Slow

Security Boulevard

Two reports focused on the cyberinsurance market found prices continued to moderate in the first quarter of 2023, according to the Global Insurance Market Index from Marsh. Average price increases rose by just 11% compared with 28% increases during the fourth quarter of 2022. A Fitch Ratings report found a decline in ransomware incidents helped slow.

Insurance 104
article thumbnail

Amazon agrees to pay $31 after FTC Privacy and Security charges

CyberSecurity Insiders

Amazon has recently reached a settlement with the Federal Trade Commission (FTC) and agreed to pay a $31 million penalty in response to two civil complaints. The charges against the retailing giant involved allegations of invading the privacy of its female employees through Ring cameras and failing to delete recordings of children on its Alexa devices.

article thumbnail

Are Internet Providers ‘Aiding and Abetting’ Crimes?

Security Boulevard

The internet was on tenterhooks over the question of whether the U.S. Supreme Court would find that online providers like Google, Facebook and others could continue to enjoy protection under the Communications Decency Act Section 230 for the statements and actions of users of their site. In particular, the Supreme Court was presented with an. The post Are Internet Providers ‘Aiding and Abetting’ Crimes?

Internet 104
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

The Evolving Landscape of Cybersecurity: Trends and Challenges

CyberSecurity Insiders

In today’s interconnected world, where technology permeates every aspect of our lives, ensuring robust cybersecurity has become an utmost priority. With the ever-evolving threat landscape, it is crucial to stay informed about the latest trends and challenges in the field of cybersecurity. In this article, we will explore some of the trending topics in cybersecurity, shedding light on the advancements, threats, and the measures we need to take to protect ourselves.

article thumbnail

Novel PyPI Malware Uses Compiled Python Bytecode to Evade Detection

Dark Reading

In an already fraught environment surrounding the popular Python programming language software package manager, hackers are coming up with new ways to sneak malicious goodies past cybersecurity buffers.

Malware 103
article thumbnail

New MOVEit Transfer zero-day mass-exploited in data theft attacks

Bleeping Computer

Hackers are actively exploiting a zero-day vulnerability in the MOVEit Transfer file transfer software to steal data from organizations. [.

Software 117
article thumbnail

The role of cybersecurity in financial institutions -protecting against evolving threats

CyberSecurity Insiders

The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Cybersecurity is practice of protecting information technology (IT) infrastructure assets such as computers, networks, mobile devices, servers, hardware, software, and data (personal & financial) against attacks, breaches and unauthorised access.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Google triples rewards for Chrome sandbox escape chain exploits

Bleeping Computer

Google announced today that bug bounty hunters who report sandbox escape chain exploits targeting its Chrome web browser are now eligible for triple the standard reward until December 1st, 2023. [.

104
104
article thumbnail

Uncovering the Hidden Risks of Mobile Device Security

Security Boulevard

Organizations often encounter issues when trying to implement best practices in mobile device security while also ensuring a seamless user experience. This is because end users can be hesitant to install additional apps on their mobile device, while others engage in risky practices such as jailbreaking or rooting their phones, sometimes even using custom operating.

Mobile 98
article thumbnail

DMARC Setup & Configuration: Step-By-Step Guide

eSecurity Planet

At a high level, implementation of the Domain-based Message Authentication, Reporting and Conformance (DMARC) standard can be done simply and easily for outgoing mail by adding a text file to an organization’s DNS record. However, in practice, the messiness of modern organizations can complicate the process significantly and require an iterative approach to ensure no legitimate email senders suddenly become flagged as SPAM.

DNS 98
article thumbnail

On the Catastrophic Risk of AI

Security Boulevard

Earlier this week, I signed on to a short group statement , coordinated by the Center for AI Safety: Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war. The press coverage has been extensive, and surprising to me. The New York Times headline is “A.I. Poses ‘Risk of Extinction,’ Industry Leaders Warn.

Risk 98
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Widespread exploitation by botnet operators of Zyxel firewall flaw

Security Affairs

Threat actors are actively exploiting a command injection flaw, tracked as CVE-2023-28771, in Zyxel firewalls to install malware. Threat actors are actively attempting to exploit a command injection vulnerability, tracked as CVE-2023-28771 , that impacts Zyxel firewalls. Their objective is to leverage this vulnerability to deploy and install malware on the affected systems.

article thumbnail

CyRC Vulnerability Advisory: CVE-2023-32353, Apple iTunes local privilege escalation on Windows

Security Boulevard

Synopsys Cybersecurity Research Center has discovered a local privilege escalation vulnerability in Apple iTunes on Microsoft Windows. Overview The Synopsys Cybersecurity Research Center (CyRC) has discovered CVE-2023-32353, a local privilege escalation vulnerability in Apple iTunes on Microsoft Windows. iTunes is a software program that acts as a media player, media library, mobile device management utility, and the client app for the iTunes Store.

Media 97
article thumbnail

Improved BlackCat Ransomware Strikes with Lightning Speed and Stealthy Tactics

The Hacker News

The threat actors behind BlackCat ransomware have come up with an improved variant that prioritizes speed and stealth in an attempt to bypass security guardrails and achieve their goals. The new version, dubbed Sphynx and announced in February 2023, packs a "number of updated capabilities that strengthen the group's efforts to evade detection," IBM Security X-Force said in a new analysis.

article thumbnail

What Is DMARC Email Security Technology?

eSecurity Planet

The Domain-based Message Authentication, Reporting and Conformance (DMARC) standard for email authentication is adopted by all U.S. email domain providers and many corporate and government entities. DMARC addresses weaknesses in other email authentication standards to check for misleading “From” fields in emails and to improve tracking of potential spoofing campaigns.

article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

Apps with over 420 Million downloads from Google Play unveil the discovery of SpinOk spyware

Security Affairs

Researchers discovered spyware, dubbed SpinOk, hidden in 101 Android apps with over 400 million downloads in Google Play. The malicious module is distributed as a marketing SDK that developers behind the apps embedded in their applications and games, including those available on Google Play. Upon executing the module, the malware-laced SDK connects to the C2 sending back a large amount of system information about the infected device.

Spyware 94
article thumbnail

New Zero-Click Hack Targets iOS Users with Stealthy Root-Privilege Malware

The Hacker News

A previously unknown advanced persistent threat (APT) is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019. "The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the device and user data," Kaspersky said.

Malware 94
article thumbnail

Google Drive Deficiency Allows Attackers to Exfiltrate Workspace Data Without a Trace

Dark Reading

No activity logging in the free subscription for Google's Web-based productivity suite exposes enterprises to insider and other threats, researchers say.

101
101
article thumbnail

MOVEit Transfer Under Attack: Zero-Day Vulnerability Actively Being Exploited

The Hacker News

A critical flaw in Progress Software's in MOVEit Transfer managed file transfer application has come under widespread exploitation in the wild to take over vulnerable systems. The shortcoming, which is yet to be assigned a CVE identifier, relates to a severe SQL injection vulnerability that could lead to escalated privileges and potential unauthorized access to the environment.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?