Tue.Jun 06, 2023

article thumbnail

Snowden Ten Years Later

Schneier on Security

In 2013 and 2014, I wrote extensively about new revelations regarding NSA surveillance based on the documents provided by Edward Snowden. But I had a more personal involvement as well. I wrote the essay below in September 2013. The New Yorker agreed to publish it, but the Guardian asked me not to. It was scared of UK law enforcement, and worried that this essay would reflect badly on it.

article thumbnail

RSAC Fireside Chat: Dealing with the return of computing workloads to on-premises datacenters

The Last Watchdog

A cloud migration backlash, of sorts, is playing out. Related: Guidance for adding ZTNA to cloud platforms Many companies, indeed, are shifting to cloud-hosted IT infrastructure, and beyond that, to containerization and serverless architectures. However, a “back-migration,” as Michiel De Lepper , global enablement manager, at London-based Runecast , puts it, is also ramping up.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Zero-day MOVEit Transfer vulnerability exploited in the wild, heavily targeting North America

Tech Republic Security

Read the technical details about this zero-day MoveIT vulnerability, find out who is at risk, and learn how to detect and protect against this SQL injection attack. The post Zero-day MOVEit Transfer vulnerability exploited in the wild, heavily targeting North America appeared first on TechRepublic.

Risk 168
article thumbnail

Sextortionists are making AI nudes from your social media images

Bleeping Computer

The Federal Bureau of Investigation (FBI) is warning of a rising trend of malicious actors creating deepfake nude content from social media images to perform sextortion attacks. [.

Media 145
article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

iOS 17 cheat sheet: Release date, supported devices and more

Tech Republic Security

iOS 17 has been announced, and it's Apple’s best version of iOS. Learn everything you need to know about iOS 17's features, release date and how to get it. The post iOS 17 cheat sheet: Release date, supported devices and more appeared first on TechRepublic.

Software 145
article thumbnail

ChatGPT creates mutating malware that evades detection by EDR

CSO Magazine

A global sensation since its initial release at the end of last year, ChatGPT 's popularity among consumers and IT professionals alike has stirred up cybersecurity nightmares about how it can be used to exploit system vulnerabilities. A key problem, cybersecurity experts have demonstrated, is the ability of ChatGPT and other large language models (LLMs) to generate polymorphic, or mutating, code to evade endpoint detection and response (EDR) systems.

Malware 145

More Trending

article thumbnail

US Aerospace Contractor Hacked With 'PowerDrop' Backdoor

Dark Reading

Hackers used a little to do a lot, cracking a high-value target with hardly more than the living-off-the-land tools (PowerShell especially) found on any standard Windows computer.

Hacking 135
article thumbnail

Outlook.com hit by outages as hacktivists claim DDoS attacks

Bleeping Computer

Outlook.com is suffering a series of outages today after being down multiple times yesterday, with hacktivists known as Anonymous Sudan claiming to perform DDoS attacks on the service. [.

DDOS 135
article thumbnail

WWDC 2023: Apple launches Vision Pro and raft of products powered by new chipsets

Tech Republic Security

At its Worldwide Developers conference, Apple unveiled supercomputation power on mobile and desktop devices, but the Vision Pro AR headset took center stage. The post WWDC 2023: Apple launches Vision Pro and raft of products powered by new chipsets appeared first on TechRepublic.

Mobile 123
article thumbnail

Buying a Home? Here’s How Your Credit Will Affect Your Mortgage Rate

Identity IQ

Buying a Home? Here’s How Your Credit Will Affect Your Mortgage Rate IdentityIQ To buy a home , you need to apply for a mortgage. But before you do that, you should know how important your credit score is in the mortgage application process since it can significantly impact the mortgage rate you’ll be offered. In this blog, we break down the relationship between credit scores and mortgage rates to help you understand what to expect and how to prepare to buy a home.

Insurance 128
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Over 60,000 Android apps secretly installed adware for past six months

Bleeping Computer

Over 60,000 Android apps disguised as legitimate applications have been quietly installing adware on mobile devices while remaining undetected for the past six months. [.

Adware 127
article thumbnail

ChatGPT Hallucinations Open Developers to Supply Chain Malware Attacks

Dark Reading

Attackers could exploit a common AI experience — false recommendations — to spread malicious code via developers that use ChatGPT to create software.

Malware 136
article thumbnail

Google fixes new Chrome zero-day flaw with exploit in the wild

Bleeping Computer

Google has released a security update for Chrome web browser to address the third zero-day vulnerability that hackers exploited this year. [.

136
136
article thumbnail

Only one in 10 CISOs today are board-ready, study says

CSO Magazine

Even though there is a growing demand for cybersecurity expertise at the highest levels of business, a significant number of public companies lack even one qualified cybersecurity expert on their board of directors, according to a study by cybersecurity research and advisory firm IANS. In addition, the study found that just a little more than one in 10 CISOs have all the key traits thought to be crucial for success on a corporate board.

CISO 118
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Google launches passkeys for Workspace

Tech Republic Security

Google launched an open beta feature on June 5 that lets individuals and organizations log in to Workspace with public and private encrypted passkeys. The post Google launches passkeys for Workspace appeared first on TechRepublic.

article thumbnail

Apple offers new privacy and security protections at WWDC

CyberSecurity Insiders

During the recent Worldwide Developers Conference (WWDC), Apple Inc. unveiled a range of new privacy and security features designed to enhance user protection. One notable feature is aimed at safeguarding children against online spying tools, while another focuses on maintaining user browsing history anonymity in the face of trackers. Additionally, iPhone users will now have the ability to access live transcripts of their voicemails, granting them the option to decide whether to answer incoming

Spyware 115
article thumbnail

Shadow IT is increasing and so are the associated security risks

CSO Magazine

Despite years of modernization initiatives, CISOs are still contending with an old-school problem: shadow IT, technology that operates within an enterprise but is not officially sanctioned — or on the radar of — the IT department. Unvetted software, services, and equipment can be nightmare fuel for a security team, potentially introducing a lurking host of vulnerabilities, entry points for bad actors, and malware.

Risk 105
article thumbnail

North Korean cyber attacks income and free VPN data breach

CyberSecurity Insiders

According to a report published by Japanese news resource Nikkei, it has been revealed that the North Korean government is actively engaging in cyber attacks on the digital infrastructure of its adversaries. This information is not entirely new, as many are already aware of the country’s involvement in such activities. However, what sets this report apart is the claim that North Korea earns a significant portion of its annual income from cryptocurrency heists conducted through cyber attack

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

The FBI Could Help Retrieve Your Data After a Ransomware Attack

Security Boulevard

To pay or not to pay? That is the question leadership and security teams ask whenever they deal with a ransomware attack. The recommendation from the FBI is to not pay, stating on its website that “paying a ransom doesn’t guarantee you or your organization will get any data back. It also encourages perpetrators to. The post The FBI Could Help Retrieve Your Data After a Ransomware Attack appeared first on Security Boulevard.

article thumbnail

7 tips for spotting a fake mobile app

We Live Security

Plus, 7 ways to tell that you downloaded a sketchy app and 7 tips for staying safe from mobile security threats in the future The post 7 tips for spotting a fake mobile app appeared first on WeLiveSecurity

Mobile 102
article thumbnail

Cyber Attack Due to Malicious Open-source Package

Security Boulevard

Introduction Open-source tools and packages are an essential part of the modern software development ecosystem. They are widely used by developers to speed up the development process and reduce the amount of work required to build complex systems. However, this convenience comes at a cost. Open-source packages can be compromised by attackers to deliver malicious […] The post Cyber Attack Due to Malicious Open-source Package appeared first on Kratikal Blogs.

article thumbnail

Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability - Update Now!

The Hacker News

Google on Monday released security updates to patch a high-severity flaw in its Chrome web browser that it said is being actively exploited in the wild. Tracked as CVE-2023-3079, the vulnerability has been described as a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on June 1, 2023.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Microsoft Preps $425M Payment for LinkedIn GDPR Violations

Dark Reading

The company plans on disputing these fines once a final decision is made, but warned shareholders that it set aside the funds to pay it, nonetheless.

109
109
article thumbnail

D-Day, Operation Overlord, June 6, 1944

Security Boulevard

“… these men came here – British and our Allies, and Americans – to storm these beaches for one purpose only, not to gain anything for ourselves, not to fulfill any ambitions that America had for conquest, but just to preserve freedom. Many thousands of men have died for such ideals as these. but these young boys. were cut off in their prime. I devoutly hope that we will never again have to see such scenes as these.

98
article thumbnail

Five Ways to Configure a SIEM for Accurate Threat Detection

eSecurity Planet

A security information and event management (SIEM) system is about as complicated as a security tool can get, pulling in log and threat data from a wide range of sources to look for signs of a cyber attack. Not surprisingly, they can be challenging to manage. A recent Gurucul survey of over 230 security pros at the recent RSA Conference found that managing and configuring SIEM solutions can be an overwhelming task.

article thumbnail

Lacework Adds Ability to Manage and Secure Cloud Identities

Security Boulevard

Lacework today added cloud infrastructure entitlement management (CIEM) capabilities to its cloud-native application protection platform (CNAPP). The CIEM addition provides cybersecurity teams visibility into who within an organization has permission to access a specific cloud service. Adam Leftik, vice president of product for Lacework, said the goal is to make it simpler for cybersecurity teams.

article thumbnail

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

article thumbnail

OWASP lists 10 most critical large language model vulnerabilities

CSO Magazine

The Open Worldwide Application Security Project (OWASP) has published the top 10 most critical vulnerabilities often seen in large language model (LLM) applications, highlighting their potential impact, ease of exploitation, and prevalence. Examples of vulnerabilities include prompt injections, data leakage, inadequate sandboxing, and unauthorized code execution.

article thumbnail

OSINT For and Against Fraudsters: Two Sides of the Same Coin

Security Boulevard

Is open source intelligence (OSINT) a force for good or simply a dream come true for fraudsters? Actually, it’s both. Between the media, the internet, public government data, professional and academic publications, commercial data and grey literature (such as technical reports and patents), there is a vast amount of information available. OSINT takes that information.

Media 98
article thumbnail

Traditional malware increasingly takes advantage of ChatGPT for attacks

CSO Magazine

Traditional malware techniques are increasingly taking advantage of interest in ChatGPT and other generative AI programs, according to a Palo Alto Networks report on malware trends. “Between November 2022-April 2023, we noticed a 910% increase in monthly registrations for domains, both benign and malicious, related to ChatGPT,” according to the latest Network Threat Trends Research Report from Unit 42, the threat research arm of Palo Alto Networks.

Malware 95
article thumbnail

Threat Intelligence & Cybersecurity: Quick Wins for 2023

Security Boulevard

In the dynamic landscape of cybersecurity, staying one step ahead is vital. Enter threat intelligence – a proactive approach that involves collecting, analyzing, and applying information about cyber threats. It’s like having your own team of digital detectives, constantly unearthing clues about potential attacks before they can impact your business.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?