Schneier on Security

JUNE 11, 2024

New research: “ Deception abilities emerged in large language models “: Abstract: Large language models (LLMs) are currently at the forefront of intertwining AI systems with human communication and everyday life. Thus, aligning them with human values is of great importance. However, given the steady increase in reasoning abilities, future LLMs are under suspicion of becoming able to deceive human operators and utilizing this ability to bypass monitoring efforts.

Artificial Intelligence 327

Artificial Intelligence 327

Krebs on Security

JUNE 11, 2024

Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows users. The software giant also responded to a torrent of negative feedback on a new feature of Redmond’s flagship operating system that constantly takes screenshots of whatever users are doing on their computers, saying the feature would no longer be enabled by default.

Internet 215

Internet Internet Software Malware 215

The Last Watchdog

JUNE 11, 2024

Companies that need to protect assets spread across hybrid cloud infrastructure face a huge challenge trying to mix and match disparate security tools. Related: Cyber help for hire Why not seek help from a specialist? At RSAC 2024 , I visited with Geoff Haydon , CEO, and Alex Berger , Head of Product Marketing, at Ontinue , a new player in the nascent Managed Extended Detection and Response ( MXDR ) space.

Antivirus 130

Antivirus Threat Detection Firewall Marketing 130

Tech Republic Security

JUNE 11, 2024

Direct revenue loss is the biggest drain from downtime, but other hidden costs include diminished shareholder value, stagnant productivity and reputational damage.

Digital transformation 160

Digital transformation Phishing Software Malware 160

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Bleeping Computer

JUNE 11, 2024

The Dutch Military Intelligence and Security Service (MIVD) warned today that the impact of a Chinese cyber-espionage campaign unveiled earlier this year is "much larger than previously known." [.

141

141

PCI perspectives

JUNE 11, 2024

To address stakeholder feedback and questions received since PCI DSS v4.0 was published in March 2022, the PCI Security Standards Council (PCI SSC) has published a limited revision to the standard, PCI DSS v4.0.1. It includes corrections to formatting and typographical errors and clarifies the focus and intent of some of the requirements and guidance.

133

133

Malwarebytes

JUNE 11, 2024

The British and Canadian privacy authorities have announced they will undertake a joint investigation into the data breach at global genetic testing company 23andMe that was discovered in October 2023. On Friday October 6, 2023, 23andMe confirmed via a somewhat opaque blog post that cybercriminals had “obtained information from certain accounts, including information about users’ DNA Relatives profiles.

Data breaches 125

Data breaches Accountability Passwords Risk 125

IT Security Guru

JUNE 11, 2024

Artificial Intelligence (AI) is highly innovative but also poses significant risks to all organisations, as shown by the recent high profile hacks at Ticketmaster, Santander and the NHS. This article will delve into how AI can be manipulated by cyber attackers for scams, particularly ones that affect businesses. The latest threats from AI you should be concerned about The NCSC recognised that AI will play as a contributing factor to how cyber-attacks operate, and said ‘AI provides capability upl

Cyber Attacks 123

Cyber Attacks Scams Artificial Intelligence Social Engineering 123

Tech Republic Security

JUNE 11, 2024

Learn how to use 1Password to securely store and manage your passwords. This step-by-step guide will help you get started.

Passwords 140

Passwords Password Management 140

IT Security Guru

JUNE 11, 2024

Entering the world of crypto trading is easy, but if you have plans to stay there on a long-term basis then you have to acknowledge all the ups and downs of it. This constant fluctuation won’t stop but what you can do to manage it? To your knowledge, this fluctuation can also make it extremely difficult for you to make a wise decision at the right time.

Accountability 117

Accountability Education Marketing Authentication 117

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Government

The Hacker News

JUNE 11, 2024

Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month.

120

120

Bleeping Computer

JUNE 11, 2024

Pure Storage, a leading provider of cloud storage systems and services, confirmed on Monday that attackers breached its Snowflake workspace and gained access to what the company describes as telemetry information [.

Data breaches 115

Data breaches Accountability Hacking 115

IT Security Guru

JUNE 11, 2024

Advancements in Artificial Intelligence (AI) and Machine Learning (ML) have lowered the barrier of entry for non-security users to independently develop and manage their own data products, which when decentralised to enable separate cross domain data analysis is known as ‘data mesh’. As enterprises are typically built on both structured and unstructured data, if the models these users add unstructured data to aren’t trained and governed properly, the users risk compromising desired outcom

Unstructured Data 114

Unstructured Data Government Cloud Migration Artificial Intelligence 114

The Hacker News

JUNE 11, 2024

Cybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting Domain Name System (DNS) on a global scale since at least June 2023. The adversary, according to Infoblox security researchers Dr. Renée Burton and Dave Mitchell, operates from the China Education and Research Network (CERNET), a project funded by the Chinese government.

DNS 118

DNS Education Government Cybersecurity 118

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Cisco Security

JUNE 11, 2024

Securing industrial networks is top of mind. Cisco’s comprehensive OT security solution and unified IT/OT security platform is a Leader according to Forrester. Learn what makes Cisco stand apart in this market. Securing industrial networks is top of mind. Cisco’s comprehensive OT security solution and unified IT/OT security platform is a Leader according to Forrester.

Marketing 109

Marketing Firewall IoT Engineering 109

Bleeping Computer

JUNE 11, 2024

The City of Cleveland, Ohio, is currently dealing with a cyberattack that has forced it to take citizen-facing services offline, including the public offices and facilities at Erieview and the City Hall. [.

Government 109

Government 109

The Hacker News

JUNE 11, 2024

Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced security architecture ever deployed for cloud AI compute at scale.

Artificial Intelligence 113

Artificial Intelligence Architecture 113

Security Affairs

JUNE 11, 2024

Semiconductor and software design company Arm warns of an actively exploited zero-day vulnerability in Mali GPU Kernel Driver. Arm is warning of an actively exploited zero-day vulnerability, tracked as CVE-2024-4610, in Mali GPU Kernel Driver. The vulnerability is a use-after-free issue issue that impacts Bifrost GPU Kernel Driver (all versions from r34p0 to r40p0) and Valhall GPU Kernel Driver (all versions from r34p0 to r40p0). “A local non-privileged user can make improper GPU memory pr

Hacking 111

Hacking Software Information Security 111

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Bleeping Computer

JUNE 11, 2024

Microsoft has released the Windows Server 2022 KB5039227 and Windows Server 2019 KB5039217 cumulative updates with security fixes and fixes for a variety of bugs. [.

108

108

Security Boulevard

JUNE 11, 2024

Asset Discovery: A Must Have for Understanding Your Complete Attack Surface Asset Discovery, a.k.a. You Can’t Manage What You Can’t See Why Speed is Important to Asset Discovery In Summary Get a Demo Asset Discovery: A Must Have for Understanding Your Complete Attack Surface Justin Stouder, FireMon’s Asset Manager GM, met with a large financial services company a few years back, talking with the company’s CISO about their asset inventory.

CISO 105

CISO IoT Financial Services Data breaches 105

Security Affairs

JUNE 11, 2024

Microsoft Patch Tuesday security updates for June 2024 addressed 49 vulnerabilities, only one of them is a publicly disclosed zero-day flaw. Microsoft Patch Tuesday security updates for June 2024 addressed 49 vulnerabilities in Windows and Windows Components; Office and Office Components; Azure; Dynamics Business Central; and Visual Studio. Eight of these bugs were reported through the ZDI program.

DNS 100

DNS Hacking Information Security 100

Security Boulevard

JUNE 11, 2024

The post Patch Tuesday Update - June 2024 appeared first on Digital Defense. The post Patch Tuesday Update – June 2024 appeared first on Security Boulevard.

111

111

Advertisement

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

Cybersecurity

The Hacker News

JUNE 11, 2024

Cybersecurity researchers have uncovered an updated version of malware called ValleyRAT that's being distributed as part of a new campaign. "In the latest version, ValleyRAT introduced new commands, such as capturing screenshots, process filtering, forced shutdown, and clearing Windows event logs," Zscaler ThreatLabz researchers Muhammed Irfan V A and Manisha Ramcharan Prajapati said.

Malware 101

Malware Cybersecurity 101

Malwarebytes

JUNE 11, 2024

“When things go wrong” is a troubling prospect for most couples to face, but the internet—and the way that romantic partners engage both with and across it—could require that this worst-case scenario become more of a best practice. In new research that Malwarebytes will release this month, romantic partners revealed that the degree to which they share passwords, locations, and devices with one another can invite mild annoyances—like having an ex mooch off a shared Netflix account—serious invasio

Accountability 97

Accountability Risk Passwords Technology 97

Bleeping Computer

JUNE 11, 2024

JetBrains warned customers to patch a critical vulnerability that impacts users of its IntelliJ integrated development environment (IDE) apps and exposes GitHub access tokens. [.

95

95

The Hacker News

JUNE 11, 2024

One of the most effective ways for information technology (IT) professionals to uncover a company’s weaknesses before the bad guys do is penetration testing.

Penetration Testing 101

Penetration Testing Data breaches Technology 101

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Bleeping Computer

JUNE 11, 2024

A never-before-seen Windows malware named 'Warmcookie' is distributed through fake job offer phishing campaigns to breach corporate networks.

Phishing 104

Phishing Malware 104

The Hacker News

JUNE 11, 2024

Managed service providers (MSPs) are on the front lines of soaring demand for cybersecurity services as cyberattacks increase in volume and sophistication. Cynet has emerged as the security vendor of choice for MSPs to capitalize on existing relationships with SMB clients and profitably expand their client base.

Cybersecurity 95

Cybersecurity 95

Bleeping Computer

JUNE 11, 2024

Microsoft is rolling out the KB5039212 cumulative update for Windows 11 version 23H3 with thirty-seven improvements and changes, including better drag-and-drop support in the File Explorer address bar. [.

Software 95

Software 95

SecureWorld News

JUNE 11, 2024

You probably already know that ransomware is a type of malicious software that encrypts a victim's data, demanding a ransom to restore access. It's a problem that's getting worse all the time, and its impact on healthcare is particularly concerning. Aside from the inconvenience created for everyone present when hospital systems go offline, the question we need to ask is whether ransomware can actually kill sick people.

Ransomware 80

Ransomware Computers and Electronics Healthcare Wireless 80

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk