February, 2023

article thumbnail

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group.

Hacking 299
article thumbnail

ChatGPT Is Ingesting Corporate Secrets

Schneier on Security

Interesting : According to internal Slack messages that were leaked to Insider , an Amazon lawyer told workers that they had “already seen instances” of text generated by ChatGPT that “closely” resembled internal company data. This issue seems to have come to a head recently because Amazon staffers and other tech workers throughout the industry have begun using ChatGPT as a “ coding assistant ” of sorts to help them write or improve strings of code, the report

354
354
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Quantum Computers: What Is Q-Day? And What’s the Solution?

Lohrman on Security

Quantum computers hold the promise of amazing advances in numerous fields. So why are cybersecurity experts so worried about Q-Day? What must be done now to prepare?

article thumbnail

Down the Cloudflare / Stripe / OWASP Rabbit Hole: A Tale of 6 Rabbits Deep ? ? ? ? ? ?

Troy Hunt

I found myself going down a previously unexplored rabbit hole recently, or more specifically, what I thought was "a" rabbit hole but in actual fact was an ever-expanding series of them that led me to what I refer to in the title of this post as "6 rabbits deep" It's a tale of firewalls, APIs and sifting through layers and layers of different services to sniff out the root cause of something that seemed very benign, but actually turned out to be highly impactful.

Firewall 335
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

IBM: Most ransomware blocked last year, but cyberattacks are moving faster

Tech Republic Security

A new study from IBM Security suggests cyberattackers are taking side routes that are less visible, and they are getting much faster at infiltrating perimeters. The post IBM: Most ransomware blocked last year, but cyberattacks are moving faster appeared first on TechRepublic.

article thumbnail

How to Create a GDPR Data Protection Policy

Security Boulevard

In this blog, we will discuss what GDPR compliance entails and provide tips on how to create an effective GDPR data protection policy. The post How to Create a GDPR Data Protection Policy appeared first on Scytale. The post How to Create a GDPR Data Protection Policy appeared first on Security Boulevard.

Risk 145

More Trending

article thumbnail

Putting Undetectable Backdoors in Machine Learning Models

Schneier on Security

This is really interesting research from a few months ago: Abstract: Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider. Delegation of learning has clear benefits, and at the same time raises serious concerns of trust. This work studies possible abuses of power by untrusted learners.We show how a malicious learner can plant an undetectable backdoor into a classifier.

322
322
article thumbnail

From Progress to Bans: How Close Are Human Microchip Implants?

Lohrman on Security

A lot has happened in the past 12 months regarding human microchip implants. Here’s your roundup of recent developments.

318
318
article thumbnail

Pwned Passwords Adds NTLM Support to the Firehose

Troy Hunt

I think I've pretty much captured it all in the title of this post but as of about a day ago, Pwned Passwords now has full parity between the SHA-1 hashes that have been there since day 1 and NTLM hashes. We always had both as a downloadable corpus but as of just over a year ago with the introduction of the FBI data feed , we stopped maintaining downloadable behemoths of data.

Passwords 321
article thumbnail

Cryptocurrency users in the US hit by ransomware and Clipper malware

Tech Republic Security

Learn how to protect your business and staff from the MortalKombat ransomware and Laplas Clipper malware. The post Cryptocurrency users in the US hit by ransomware and Clipper malware appeared first on TechRepublic.

Malware 209
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

‘See No Evil’ — Mozilla SLAMS Google’s App Privacy Labels

Security Boulevard

Google doesn’t want you to know what your Android apps do with your data. That seems to be the conclusion from a Mozilla study into the Play Store. The post ‘See No Evil’ — Mozilla SLAMS Google’s App Privacy Labels appeared first on Security Boulevard.

article thumbnail

New Protections for Food Benefits Stolen by Skimmers

Krebs on Security

Millions of Americans receiving food assistance benefits just earned a new right that they can’t yet enforce: The right to be reimbursed if funds on their Electronic Benefit Transfer (EBT) cards are stolen by card skimming devices secretly installed at cash machines and grocery store checkout lanes. On December 29, 2022, President Biden signed into law the Consolidated Appropriations Act of 2023 , which — for the first time ever — includes provisions for the replacement of stol

Scams 288
article thumbnail

Cyberwar Lessons from the War in Ukraine

Schneier on Security

The Aspen Institute has published a good analysis of the successes, failures, and absences of cyberattacks as part of the current war in Ukraine: “ The Cyber Defense Assistance Imperative ­ Lessons from Ukraine.” Its conclusion: Cyber defense assistance in Ukraine is working. The Ukrainian government and Ukrainian critical infrastructure organizations have better defended themselves and achieved higher levels of resiliency due to the efforts of CDAC and many others.

article thumbnail

Brave browser to block “open in app” prompts, pool-party attacks

Bleeping Computer

Brave Software, the developer of the privacy-focused web browser, has announced some plants for the upcoming version 1.49 that will block everyday browsing annoyances like "open in app" prompts and add better protections against pool-party attacks, [.

Software 145
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows

Dark Reading

Killnet is building its profile, inspiring jewelry sales and rap anthems. But the impact of its DDoS attacks, like the ones that targeted 14 major US hospitals this week, remain largely questionable.

DDOS 145
article thumbnail

How IT jobs and recruiting on the dark web might trick you

Tech Republic Security

A new Kaspersky report sheds light on why some tech pros look for jobs on the dark web and how to spot suspicious and likely illegal positions from recruiters in that environment. The post How IT jobs and recruiting on the dark web might trick you appeared first on TechRepublic.

article thumbnail

Innovation at the Expense of Cybersecurity? No More!

Security Boulevard

Earlier this month, Jen Easterly and Eric Goldstein of the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security signaled a major shift in the federal government’s approach to cybersecurity risk and responsibility. In their Foreign Affairs article Stop Passing the Buck on Cybersecurity, Easterly and Goldstein make a strong case for.

article thumbnail

Earth Kitsune Delivers New WhiskerSpy Backdoor via Watering Hole Attack

Trend Micro

We discovered a new backdoor which we have attributed to the advanced persistent threat actor known as Earth Kitsune, which we have covered before. Since 2019, Earth Kitsune has been distributing variants of self-developed backdoors to targets, primarily individuals who are interested in North Korea.

143
143
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.

article thumbnail

The Rise of Security Service Edge (SSE): A Game-changer for the Modern Workforce

CyberSecurity Insiders

The pandemic shook businesses to its core, forcing users to trade in their office chairs for home desks. The result? Users, devices, and data scattered across the world. And for those in the networking and security fields, this shift brought major challenges. The traditional castle and moat access approach was no longer enough, and even the most reliable security tools became obsolete.

article thumbnail

Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide

Bleeping Computer

Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy ransomware. [.

article thumbnail

Vulnerability Reward Program: 2022 Year in Review

Google Security

Posted by Sarah Jacobus, Vulnerability Rewards Team It has been another incredible year for the Vulnerability Reward Programs (VRPs) at Google! Working with security researchers throughout 2022, we have been able to identify and fix over 2,900 security issues and continue to make our products more secure for our users around the world. We are thrilled to see significant year over year growth for our VRPs, and have had yet another record breaking year for our programs!

Hacking 141
article thumbnail

New cybersecurity data reveals persistent social engineering vulnerabilities

Tech Republic Security

Ransomware was down last year, though LockBit led threat actors and employees opened a third of the toxic emails in the last six months of 2022. The post New cybersecurity data reveals persistent social engineering vulnerabilities appeared first on TechRepublic.

article thumbnail

How to Avoid the Pain and Cost of PCI Compliance While Optimizing Payments

Speaker: P. Andrew Sjogren, Sr. Product Marketing Manager at Very Good Security, Matt Doka, Co-Founder and CTO of Fivestars, and Steve Andrews, President & CEO of the Western Bankers Association 

PCI compliance can feel challenging and sometimes the result feels like you are optimizing more for security and compliance than you are for business outcomes. The key is to take the right strategy to PCI compliance that gets you both. In this webinar, we have a great set of panelists who will take you through how Zero Data strategies can be used as part of a well-rounded compliance and security approach, and get you to market much sooner by also allowing for payment optimization.

article thumbnail

Surprise! US DoD Server Had no Password — 3TB of Sensitive Data Leaked

Security Boulevard

Sensitive military data found on unprotected Microsoft Azure server. Defense Department email store left insecure for at least 11 days. The post Surprise! US DoD Server Had no Password — 3TB of Sensitive Data Leaked appeared first on Security Boulevard.

Passwords 144
article thumbnail

Clarity and Transparency: How to Build Trust for Zero Trust

Cisco Security

Be impeccable with your words. It’s the first of the Four Agreements – a set of universal life principles outlined in the bestselling book by Don Miguel Ruiz. ‘Being impeccable with your words’ is my favorite, and it’s no surprise. As a product marketer, I spend most of my daily existence casting about for the perfect word to use in web copy, a webinar, or video script.

CISO 140
article thumbnail

Beware rogue 2FA apps in App Store and Google Play – don’t get hacked!

Naked Security

Even in Apple's and Google's "walled gardens", there are plenty of 2FA apps that are either dangerously incompetent, or unrepentantly malicious. (Or perhaps both.

Hacking 144
article thumbnail

Google Fi data breach let hackers carry out SIM swap attacks

Bleeping Computer

Google Fi, Google's U.S.-only telecommunications and mobile internet service, has informed customers that personal data was exposed by a data breach at one of its primary network providers, with some customers warned that it allowed SIM swapping attacks. [.

article thumbnail

Back to the Office: Privacy and Security Solutions to Compliance Issues for 2021 and Beyond

Speaker: Mike Cramer, Director of HIPAA & Data Security at The Word & Brown Companies

The COVID-19 pandemic forced many people into working remotely, opening the floodgates for a host of digital compliance issues. Now that companies are slowly allowing employees to return to work at the office, it's time to re-evaluate your company’s posture towards privacy and security. This is especially vital if your workers were (and still are!) using company equipment from home, or are still working remotely.

article thumbnail

Cybersecurity in wartime: how Ukraine's infosec community is coping

CSO Magazine

Whenever shells rain down on Ukraine, Yuriy Gatupov's colleagues put a '+' sign in a chat room. Then, the pluses are counted. "We check if everybody is alive," he says. Gatupov, the owner of two cybersecurity companies, says it is vital to stay connected during a time of war. With Russia now controlling around 18% of Ukraine's territory including Donbas and Crimea, tech workers face formidable challenges.

article thumbnail

Pen testing report: IT budgets should focus on entire security stack

Tech Republic Security

With nearly 90% of companies reporting cyberattacks, pen testing budgets are on the rise, with cloud infrastructure and services a key focus area, according to a new report. The post Pen testing report: IT budgets should focus on entire security stack appeared first on TechRepublic.

article thumbnail

‘Finish Him!’ US Kills Huawei With Final Tech Ban

Security Boulevard

U.S. cuts off Huawei’s last sources of technology. Export licenses for chips and other tech components are finished. The post ‘Finish Him!’ US Kills Huawei With Final Tech Ban appeared first on Security Boulevard.

article thumbnail

Google confirms Russian cyber-attacks on Ukraine

CyberSecurity Insiders

After two days in this month, the war between Ukraine and Russian will enter its second year after completing one full year. And to make things worse, the Putin led nation is also found launching digital attacks simultaneously on the critical infrastructure of Ukraine for the past six months. Google, the internet giant of the world, has confirmed the news after releasing a joint report on this note with Mandiant.

article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?