February, 2023

article thumbnail

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites.

Hacking 262
article thumbnail

ChatGPT Is Ingesting Corporate Secrets

Schneier on Security

Interesting : According to internal Slack messages that were leaked to Insider , an Amazon lawyer told workers that they had “already seen instances” of text generated by ChatGPT that “closely” resembled internal company data.

363
363
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Quantum Computers: What Is Q-Day? And What’s the Solution?

Lohrman on Security

Quantum computers hold the promise of amazing advances in numerous fields. So why are cybersecurity experts so worried about Q-Day? What must be done now to prepare?

article thumbnail

Down the Cloudflare / Stripe / OWASP Rabbit Hole: A Tale of 6 Rabbits Deep ? ? ? ? ? ?

Troy Hunt

Firewall 335
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

This exclusive webinar with William Hord, Senior VP of Risk & Professional Services, will explore the foundational elements you need to start or validate your ERM program. He will also dive into topic definitions, governance structures, and framework components for success.

article thumbnail

IBM: Most ransomware blocked last year, but cyberattacks are moving faster

Tech Republic Security

A new study from IBM Security suggests cyberattackers are taking side routes that are less visible, and they are getting much faster at infiltrating perimeters. The post IBM: Most ransomware blocked last year, but cyberattacks are moving faster appeared first on TechRepublic.

article thumbnail

SHARED INTEL: The expect impacts of Pres. Biden’s imminent National Cybersecurity Strategy

The Last Watchdog

The United States will soon get some long-awaited cybersecurity updates. Related: Spies use Tik Tok, balloons That’s because the Biden administration will issue the National Cyber Strategy within days. Despite lacking an official published document, some industry professionals have already seen a draft copy of the strategic plan and weighed in with their thoughts. Here’s a look at some broad themes to expect and how they will impact businesses: •New vendor responsibilities.

More Trending

article thumbnail

Putting Undetectable Backdoors in Machine Learning Models

Schneier on Security

This is really interesting research from a few months ago: Abstract: Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider.

357
357
article thumbnail

From Progress to Bans: How Close Are Human Microchip Implants?

Lohrman on Security

A lot has happened in the past 12 months regarding human microchip implants. Here’s your roundup of recent developments

233
233
article thumbnail

Pwned Passwords Adds NTLM Support to the Firehose

Troy Hunt

I think I've pretty much captured it all in the title of this post but as of about a day ago, Pwned Passwords now has full parity between the SHA-1 hashes that have been there since day 1 and NTLM hashes.

Passwords 304
article thumbnail

Cryptocurrency users in the US hit by ransomware and Clipper malware

Tech Republic Security

Learn how to protect your business and staff from the MortalKombat ransomware and Laplas Clipper malware. The post Cryptocurrency users in the US hit by ransomware and Clipper malware appeared first on TechRepublic. Security cryptocurrency cybersecurity malware phishing ransomware

article thumbnail

The Power of Storytelling in Risk Management

Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC

Join this exclusive webinar with Dr. Karen Hardy, where she will explore the power of storytelling in risk communication as a core component of a resilient organization's management framework!

article thumbnail

GUEST ESSAY: Data loss prevention beccomes paramount — expecially in the wake of layoffs

The Last Watchdog

When a company announces layoffs, one of the last things most employees or even company owners worry about is data loss. Related: The importance of preserving trust in 2023 Valuable or sensitive information on a computer is exposed to theft or to getting compromised. This can happen due to intentional theft, human error, malware, or even physical destruction of servers. But it’s a real and growing risk to be aware of.

article thumbnail

New Protections for Food Benefits Stolen by Skimmers

Krebs on Security

Millions of Americans receiving food assistance benefits just earned a new right that they can’t yet enforce: The right to be reimbursed if funds on their Electronic Benefit Transfer (EBT) cards are stolen by card skimming devices secretly installed at cash machines and grocery store checkout lanes.

Scams 250
article thumbnail

Cyberwar Lessons from the War in Ukraine

Schneier on Security

The Aspen Institute has published a good analysis of the successes, failures, and absences of cyberattacks as part of the current war in Ukraine: “ The Cyber Defense Assistance Imperative ­ Lessons from Ukraine.” ” Its conclusion: Cyber defense assistance in Ukraine is working.

article thumbnail

After Corporate Tech Layoffs, Can Governments Benefit?

Lohrman on Security

Almost every day, online media sources proclaim new layoffs for tech workers. So how are federal, state and local governments trying to attract these talented pros now

article thumbnail

Everything You Need to Know About Crypto

Speaker: Ryan McInerny, CAMS, FRM, MSBA - Principal, Product Strategy

This exclusive webinar with Ryan McInerny will teach you all about cryptocurrency and NFTs! Register to learn more about identifying crypto transactions, crypto asset market trends, managing risk and compliance, and supporting customers and partners using crypto-based payments.

article thumbnail

What Is Polymorphic Encryption?

Adam Levin

Polymorphic encryption refers to the encryption of data in multiple forms that are protected by multiple keys. The term is derived from the computer science concept of polymorphism, in which a single interface or symbol represents different types of data. What is encryption?

article thumbnail

How IT jobs and recruiting on the dark web might trick you

Tech Republic Security

A new Kaspersky report sheds light on why some tech pros look for jobs on the dark web and how to spot suspicious and likely illegal positions from recruiters in that environment. The post How IT jobs and recruiting on the dark web might trick you appeared first on TechRepublic.

article thumbnail

GUEST ESSAY: Advanced tools are ready to help SMBs defend Microsoft 365, Google Workspace

The Last Watchdog

Throughout 2022, we saw hackers become far more sophisticated with their email-based cyber attacks. Using legitimate services and compromised corporate email addresses became a norm and is likely to continue in 2023 and beyond. Related: Deploying human sensors Additionally, with tools like ChatGPT, almost anyone can create new malware and become a threat actor.

article thumbnail

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

A security firm has discovered that a six-year-old crafty botnet known as Mylobot appears to be powering a residential proxy service called BHProxies , which offers paying customers the ability to route their web traffic anonymously through compromised computers.

Web Fraud 226
article thumbnail

Exploring the Overlap: Cost Optimization and Digital Transformation

Speaker: Alex Jiménez, Managing Principal, Financial Service Consulting for EPAM

The largest banks have increased reserves for protection against deteriorating economic conditions. Should banks delay their digital transformation investments and focus on cost reductions? In this webinar, Alex Jiménez will walk us through that question and examine the prudent course of action.

article thumbnail

AIs as Computer Hackers

Schneier on Security

Hacker “Capture the Flag” has been a mainstay at hacker gatherings since the mid-1990s. It’s like the outdoor game, but played on computer networks. Teams of hackers defend their own computers while attacking other teams’.

article thumbnail

One Year Later: Cyber Battles Still Rage in Ukraine

Lohrman on Security

This past week was dominated with stories surrounding the one-year mark of Russia’s invasion into Ukraine. What have we learned on the global cybersecurity front in that time

article thumbnail

Weekly Update 336

Troy Hunt

Hey, it's double-Troy! I'm playing with the Insta360 Link cam, a gimbal-based model that can follow you around the room. It's tiny and pretty awesome for what it is, I'm doing some back-to-back with that and my usual Sony a6400 this week.

Firewall 219
article thumbnail

Pen testing report: IT budgets should focus on entire security stack

Tech Republic Security

With nearly 90% of companies reporting cyberattacks, pen testing budgets are on the rise, with cloud infrastructure and services a key focus area, according to a new report. The post Pen testing report: IT budgets should focus on entire security stack appeared first on TechRepublic.

article thumbnail

The Anti-Money Laundering Act of 2020: Initial Catalysts, Current Implications, and Future Impacts

Speaker: Elizabeth "Paige" Baumann, Founder and CEO of Paige Baumann Advisory, LLC

In this session, Elizabeth “Paige” Baumann will cover the Anti-Money Laundering Act of 2020, which also includes the Corporate Transparency Act. She'll take a deep dive into the catalysts that brought on the act, the current implications of the act, and what impacts the act has on the future of banking and finance.

article thumbnail

GUEST ESSAY: The case for complying with ISO 27001 — the gold standard of security frameworks

The Last Watchdog

Of the numerous security frameworks available to help companies protect against cyber-threats, many consider ISO 27001 to be the gold standard. Related: The demand for ‘digital trust’ Organizations rely on ISO 27001 to guide risk management and customer data protection efforts against growing cyber threats that are inflicting record damage , with the average cyber incident now costing $266,000 and as much as $52 million for the top 5% of incidents.

CISO 160
article thumbnail

Finland’s Most-Wanted Hacker Nabbed in France

Krebs on Security

Julius “Zeekill” Kivimäki, a 25-year-old Finnish man charged with extorting a local online psychotherapy practice and leaking therapy notes for more than 22,000 patients online, was arrested this week in France.

DDOS 219
article thumbnail

Defending against AI Lobbyists

Schneier on Security

When is it time to start worrying about artificial intelligence interfering in our democracy? Maybe when an AI writes a letter to The New York Times opposing the regulation of its own technology. That happened last month.

article thumbnail

‘See No Evil’ — Mozilla SLAMS Google’s App Privacy Labels

Security Boulevard

Google doesn’t want you to know what your Android apps do with your data. That seems to be the conclusion from a Mozilla study into the Play Store. The post ‘See No Evil’ — Mozilla SLAMS Google’s App Privacy Labels appeared first on Security Boulevard.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

article thumbnail

Weekly Update 333

Troy Hunt

Getting everything out nice and early today so we can get out there in hit the wake park in the balmy "well over 30C" weather (the radio is talking about "severe heatwave weather" as I write this).

article thumbnail

The headache of changing passwords

Tech Republic Security

Change Your Password Day — an annual reminder of just how bad passwords really are. The post The headache of changing passwords appeared first on TechRepublic. Security password management password security passwordless passwordless authentication passwords

Passwords 197
article thumbnail

GUEST ESSAY: Testing principles to mitigate real-world risks to ‘SASE’ and ‘Zero Trust’ systems

The Last Watchdog

A new generation of security frameworks are gaining traction that are much better aligned to today’s cloud-centric, work-from-anywhere world. Related: The importance of ‘attack surface management’ I’m referring specifically to Secure Access Service Edge (SASE) and Zero Trust (ZT). SASE replaces perimeter-based defenses with more flexible, cloud-hosted security that can extend multiple layers of protection anywhere.

Risk 151
article thumbnail

KrebsOnSecurity in Upcoming Hulu Series on Ashley Madison Breach

Krebs on Security

KrebsOnSecurity will likely have a decent amount of screen time in an upcoming Hulu documentary series about the 2015 megabreach at marital infidelity site Ashley Madison.

Media 210
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.