Tue.Jun 11, 2024

article thumbnail

LLMs Acting Deceptively

Schneier on Security

New research: “ Deception abilities emerged in large language models “: Abstract: Large language models (LLMs) are currently at the forefront of intertwining AI systems with human communication and everyday life. Thus, aligning them with human values is of great importance. However, given the steady increase in reasoning abilities, future LLMs are under suspicion of becoming able to deceive human operators and utilizing this ability to bypass monitoring efforts.

article thumbnail

Patch Tuesday, June 2024 “Recall” Edition

Krebs on Security

Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows users. The software giant also responded to a torrent of negative feedback on a new feature of Redmond’s flagship operating system that constantly takes screenshots of whatever users are doing on their computers, saying the feature would no longer be enabled by default.

Internet 217
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Downtime Costs World’s Largest Companies $400 Billion a Year, According to Splunk Report

Tech Republic Security

Direct revenue loss is the biggest drain from downtime, but other hidden costs include diminished shareholder value, stagnant productivity and reputational damage.

article thumbnail

RSAC Fireside Chat: Ontinue ups the ‘MXDR’ ante — by emphasizing wider automation, collaboration

The Last Watchdog

Companies that need to protect assets spread across hybrid cloud infrastructure face a huge challenge trying to mix and match disparate security tools. Related: Cyber help for hire Why not seek help from a specialist? At RSAC 2024 , I visited with Geoff Haydon , CEO, and Alex Berger , Head of Product Marketing, at Ontinue , a new player in the nascent Managed Extended Detection and Response ( MXDR ) space.

Antivirus 130
article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

Chinese hackers breached 20,000 FortiGate systems worldwide

Bleeping Computer

The Dutch Military Intelligence and Security Service (MIVD) warned today that the impact of a Chinese cyber-espionage campaign unveiled earlier this year is "much larger than previously known." [.

144
144
article thumbnail

Just Published: PCI DSS v4.0.1

PCI perspectives

To address stakeholder feedback and questions received since PCI DSS v4.0 was published in March 2022, the PCI Security Standards Council (PCI SSC) has published a limited revision to the standard, PCI DSS v4.0.1. It includes corrections to formatting and typographical errors and clarifies the focus and intent of some of the requirements and guidance.

133
133

More Trending

article thumbnail

23andMe data breach under joint investigation in two countries

Malwarebytes

The British and Canadian privacy authorities have announced they will undertake a joint investigation into the data breach at global genetic testing company 23andMe that was discovered in October 2023. On Friday October 6, 2023, 23andMe confirmed via a somewhat opaque blog post that cybercriminals had “obtained information from certain accounts, including information about users’ DNA Relatives profiles.

article thumbnail

How to Use 1Password: A Guide for Beginners

Tech Republic Security

Learn how to use 1Password to securely store and manage your passwords. This step-by-step guide will help you get started.

Passwords 141
article thumbnail

Pure Storage confirms data breach after Snowflake account hack

Bleeping Computer

Pure Storage, a leading provider of cloud storage systems and services, confirmed on Monday that attackers breached its Snowflake workspace and gained access to what the company describes as telemetry information [.

article thumbnail

Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability

The Hacker News

Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month.

117
117
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

City of Cleveland shuts down IT systems after cyberattack

Bleeping Computer

The City of Cleveland, Ohio, is currently dealing with a cyberattack that has forced it to take citizen-facing services offline, including the public offices and facilities at Erieview and the City Hall. [.

article thumbnail

Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale

The Hacker News

Cybersecurity researchers have shed more light on a Chinese actor codenamed SecShow that has been observed conducting Domain Name System (DNS) on a global scale since at least June 2023. The adversary, according to Infoblox security researchers Dr. Renée Burton and Dave Mitchell, operates from the China Education and Research Network (CERNET), a project funded by the Chinese government.

DNS 116
article thumbnail

Is Your Business Under Attack From AI?

IT Security Guru

Artificial Intelligence (AI) is highly innovative but also poses significant risks to all organisations, as shown by the recent high profile hacks at Ticketmaster, Santander and the NHS. This article will delve into how AI can be manipulated by cyber attackers for scams, particularly ones that affect businesses. The latest threats from AI you should be concerned about The NCSC recognised that AI will play as a contributing factor to how cyber-attacks operate, and said ‘AI provides capability upl

article thumbnail

New Windows Server KB5039227 and KB5039217 updates fix LSASS crashes

Bleeping Computer

Microsoft has released the Windows Server 2022 KB5039227 and Windows Server 2019 KB5039217 cumulative updates with security fixes and fixes for a variety of bugs. [.

115
115
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Apple Integrates OpenAI's ChatGPT into Siri for iOS, iPadOS, and macOS

The Hacker News

Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute (PCC) that's designed for processing artificial intelligence (AI) tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced security architecture ever deployed for cloud AI compute at scale.

article thumbnail

JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens

Bleeping Computer

JetBrains warned customers to patch a critical vulnerability that impacts users of its IntelliJ integrated development environment (IDE) apps and exposes GitHub access tokens. [.

105
105
article thumbnail

Finance Phantom Review – A Crypto Trading Robot that Can Be Your Guardian Too

IT Security Guru

Entering the world of crypto trading is easy, but if you have plans to stay there on a long-term basis then you have to acknowledge all the ups and downs of it. This constant fluctuation won’t stop but what you can do to manage it? To your knowledge, this fluctuation can also make it extremely difficult for you to make a wise decision at the right time.

article thumbnail

New Warmcookie Windows backdoor pushed via fake job offers

Bleeping Computer

A never-before-seen Windows malware named 'Warmcookie' is distributed through fake job offer phishing campaigns to breach corporate networks.

Phishing 114
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

When things go wrong: A digital sharing warning for couples

Malwarebytes

“When things go wrong” is a troubling prospect for most couples to face, but the internet—and the way that romantic partners engage both with and across it—could require that this worst-case scenario become more of a best practice. In new research that Malwarebytes will release this month, romantic partners revealed that the degree to which they share passwords, locations, and devices with one another can invite mild annoyances—like having an ex mooch off a shared Netflix account—serious invasio

article thumbnail

Windows 11 KB5039212 update released with 37 changes, fixes

Bleeping Computer

Microsoft is rolling out the KB5039212 cumulative update for Windows 11 version 23H3 with thirty-seven improvements and changes, including better drag-and-drop support in the File Explorer address bar. [.

Software 104
article thumbnail

Asset Discovery: A Must Have for Understanding Your Complete Attack Surface

Security Boulevard

Asset Discovery: A Must Have for Understanding Your Complete Attack Surface Asset Discovery, a.k.a. You Can’t Manage What You Can’t See Why Speed is Important to Asset Discovery In Summary Get a Demo Asset Discovery: A Must Have for Understanding Your Complete Attack Surface Justin Stouder, FireMon’s Asset Manager GM, met with a large financial services company a few years back, talking with the company’s CISO about their asset inventory.

CISO 104
article thumbnail

Arm zero-day in Mali GPU Drivers actively exploited in the wild

Security Affairs

Semiconductor and software design company Arm warns of an actively exploited zero-day vulnerability in Mali GPU Kernel Driver. Arm is warning of an actively exploited zero-day vulnerability, tracked as CVE-2024-4610, in Mali GPU Kernel Driver. The vulnerability is a use-after-free issue issue that impacts Bifrost GPU Kernel Driver (all versions from r34p0 to r40p0) and Valhall GPU Kernel Driver (all versions from r34p0 to r40p0). “A local non-privileged user can make improper GPU memory pr

Hacking 104
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Patch Tuesday Update – June 2024

Security Boulevard

The post Patch Tuesday Update - June 2024 appeared first on Digital Defense. The post Patch Tuesday Update – June 2024 appeared first on Security Boulevard.

109
109
article thumbnail

TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers

Bleeping Computer

The TellYouThePass ransomware gang has been exploiting the recently patched CVE-2024-4577 remote code execution vulnerability in PHP to deliver webshells and execute the encryptor payload on target systems. [.

article thumbnail

Forrester Names Cisco a Leader in OT Security

Cisco Security

Securing industrial networks is top of mind. Cisco’s comprehensive OT security solution and unified IT/OT security platform is a Leader according to Forrester. Learn what makes Cisco stand apart in this market. Securing industrial networks is top of mind. Cisco’s comprehensive OT security solution and unified IT/OT security platform is a Leader according to Forrester.

Marketing 102
article thumbnail

China-Linked ValleyRAT Malware Resurfaces with Advanced Data Theft Tactics

The Hacker News

Cybersecurity researchers have uncovered an updated version of malware called ValleyRAT that's being distributed as part of a new campaign. "In the latest version, ValleyRAT introduced new commands, such as capturing screenshots, process filtering, forced shutdown, and clearing Windows event logs," Zscaler ThreatLabz researchers Muhammed Irfan V A and Manisha Ramcharan Prajapati said.

Malware 99
article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

Microsoft Patch Tuesday security updates for June 2024 fixed only one critical issue

Security Affairs

Microsoft Patch Tuesday security updates for June 2024 addressed 49 vulnerabilities, only one of them is a publicly disclosed zero-day flaw. Microsoft Patch Tuesday security updates for June 2024 addressed 49 vulnerabilities in Windows and Windows Components; Office and Office Components; Azure; Dynamics Business Central; and Visual Studio. Eight of these bugs were reported through the ZDI program.

DNS 94
article thumbnail

How Cynet Makes MSPs Rich & Their Clients Secure

The Hacker News

Managed service providers (MSPs) are on the front lines of soaring demand for cybersecurity services as cyberattacks increase in volume and sophistication. Cynet has emerged as the security vendor of choice for MSPs to capitalize on existing relationships with SMB clients and profitably expand their client base.

article thumbnail

The role of unstructured data and Large Language Models in securing data

IT Security Guru

Advancements in Artificial Intelligence (AI) and Machine Learning (ML) have lowered the barrier of entry for non-security users to independently develop and manage their own data products, which when decentralised to enable separate cross domain data analysis is known as ‘data mesh’. As enterprises are typically built on both structured and unstructured data, if the models these users add unstructured data to aren’t trained and governed properly, the users risk compromising desired outcom

article thumbnail

Top 10 Critical Pentest Findings 2024: What You Need to Know

The Hacker News

One of the most effective ways for information technology (IT) professionals to uncover a company’s weaknesses before the bad guys do is penetration testing.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?