May, 2023

article thumbnail

Building Trustworthy AI

Schneier on Security

We will all soon get into the habit of using AI tools for help with everyday problems and tasks. We should get in the habit of questioning the motives, incentives, and capabilities behind them, too. Imagine you’re using an AI chatbot to plan a vacation. Did it suggest a particular resort because it knows your preferences, or because the company is getting a kickback from the hotel chain?

article thumbnail

The AI Attack Surface Map v1.0

Daniel Miessler

Introduction Purpose Components Attacks Discussion Summary Introduction This resource is a first thrust at a framework for thinking about how to attack AI systems. At the time of writing, GPT-4 has only been out for a couple of months, and ChatGPT for only 6 months. So things are very early. There has been, of course, much content on attacking pre-ChatGPT AI systems, namely how to attack machine learning implementations.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Amazon faces $30 million fine over Ring, Alexa privacy violations

Bleeping Computer

Amazon will pay $30 million in fines to settle allegations of privacy violations related to the operation of its Ring video doorbell and Alexa virtual assistant services. [.

article thumbnail

Discord Admins Hacked by Malicious Bookmarks

Krebs on Security

A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark. This attack involves malicious Javascript that is added to one’s browser by dragging a component from a web page to one’s browser bookmarks.

Hacking 287
article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

EY survey: Tech leaders to invest in AI, 5G, cybersecurity, big data, metaverse

Tech Republic Security

Generative AI is of particular interest to leaders for the benefits of cost savings, efficiency and effectiveness. The post EY survey: Tech leaders to invest in AI, 5G, cybersecurity, big data, metaverse appeared first on TechRepublic.

Big data 215
article thumbnail

New Apple ‘Rapid’ Update is Slow, Messy FAIL

Security Boulevard

PATCH NOW! Oh, wait, you can’t: “You are no longer connected to the internet,” it sneers. The post New Apple ‘Rapid’ Update is Slow, Messy FAIL appeared first on Security Boulevard.

Internet 145

More Trending

article thumbnail

Future Exploitation Vector: File Extensions as Top-Level Domains

Trend Micro

In this blog entry, we will examine the security risks related to file extension-related Top-Level Domains (TLDs) while also providing best practices and recommendations on how both individual users and organizations can protect themselves from these hazards.

Risk 143
article thumbnail

KeePass exploit helps retrieve cleartext master password, fix coming soon

Bleeping Computer

The popular KeePass password manager is vulnerable to extracting the master password from the application's memory, allowing attackers who compromise a device to retrieve the password even with the database is locked. [.

Passwords 144
article thumbnail

Google launches entry-level cybersecurity certificate to teach threat detection skills

CSO Magazine

Google has announced a new entry-level cybersecurity certificate to teach learners how to identify common risks, threats, and vulnerabilities, as well as the techniques to mitigate them. Designed and taught by Google’s cybersecurity experts, the Google Cybersecurity Certificate aims to prepare learners for entry-level jobs in cybersecurity in less than six months with no prior experience required, create greater opportunities for people around the world, and help fill the growing number of open

article thumbnail

Google offers certificate in cybersecurity, no dorm room required 

Tech Republic Security

Google adds a Cybersecurity Certificate to its Career Certificates program, which offers paths to such enterprise tech fields as data analytics, IT support and business intelligence. The post Google offers certificate in cybersecurity, no dorm room required appeared first on TechRepublic.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Knives Out for TikTok as Journo Reveals her Spy Story

Security Boulevard

Clock Ticking for U.S. Ban: FT’s Cristina Criddle claims ByteDance spied on her—because she wrote damaging stories about TikTok. The post Knives Out for TikTok as Journo Reveals her Spy Story appeared first on Security Boulevard.

article thumbnail

How Compliance Automation Can Transform Your Next Audit

CyberSecurity Insiders

Automation transforms the audit experience. What was once a burden to bear becomes a competitive advantage that lets your company maximize every opportunity. Streamlining the audit process is not the only benefit compliance automation. From higher productivity to stronger security posture, automation improves your compliance program. Learn more about the benefits of compliance automation and then schedule a demo to see how you can streamline your audit processes.

Risk 139
article thumbnail

Attack on Security Titans: Earth Longzhi Returns With New Tricks

Trend Micro

After months of dormancy, Earth Longzhi, a subgroup of advanced persistent threat (APT) group APT41, has reemerged using new techniques in its infection routine. This blog entry forewarns readers of Earth Longzhi’s resilience as a noteworthy threat.

Malware 137
article thumbnail

Kali Linux 2023.2 released with 13 new tools, pre-built HyperV image

Bleeping Computer

Kali Linux 2023.2, the second version of 2023, is now available with a pre-built Hyper-V image and thirteen new tools, including the Evilginx framework for stealing credentials and session cookies. [.

143
143
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Patch now! The Mirai IoT botnet is exploiting TP-Link routers

Graham Cluley

Businesses should patch their TP-Link routers as soon as possible, after the revelation that a legendary IoT botnet is targeting them for recruitment. Read more in my article on the Tripwire State of Security blog.

IoT 139
article thumbnail

How cyberstalkers could access your iPhone using the Windows Phone Link app

Tech Republic Security

Someone who gains physical access to an iPhone or Android phone could use the Phone Link app to spy on the user’s text messages, phone calls and notifications, says Certo. The post How cyberstalkers could access your iPhone using the Windows Phone Link app appeared first on TechRepublic.

Mobile 199
article thumbnail

Google Chrome 3rd Party Cookies Crumbling — Finally!

Security Boulevard

Om Nom Nom Nom Nom: Privacy Sandbox inching towards reality. But concerns remain. The post Google Chrome 3rd Party Cookies Crumbling — Finally! appeared first on Security Boulevard.

article thumbnail

Data Breach lawsuits against companies increasing in the year 2023

CyberSecurity Insiders

Companies that fail to protect their customers’ information are likely to face lawsuits in the year 2023, as impacted customers are no longer willing to tolerate such acts at the expense of their privacy and financial losses. This legal turn is supported by a study conducted by BakerHostetler, which confirms that lawsuits against companies that suffer data breaches are becoming more common and may increase by the end of this year.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Water Orthrus's New Campaigns Deliver Rootkit and Phishing Modules

Trend Micro

Water Orthrus has been active recently with two new campaigns. CopperStealth uses a rootkit to install malware on infected systems, while CopperPhish steals credit card information. This blog will provide the structure of the campaign and how they work.

Phishing 135
article thumbnail

Android phones are vulnerable to fingerprint brute-force attacks

Bleeping Computer

Researchers at Tencent Labs and Zhejiang University have presented a new attack called 'BrutePrint,' which brute-forces fingerprints on modern smartphones to bypass user authentication and take control of the device. [.

article thumbnail

Small- and medium-sized businesses: don’t give up on cybersecurity

CSO Magazine

In today’s increasingly hostile environment, every enterprise, be they big or small, should be concerned about cybersecurity and have access to protection from hackers, scammers, phishers, and all the rest of the host of bad actors who seem to be sprouting up around the world. Yet time and again, we see small- and medium-sized businesses (SMBs) left out in the cold, an unaddressed market segment that finds real protection either too expensive or far too complex to adopt.

article thumbnail

Report: More organizations still plan to increase their tech staff

Tech Republic Security

A new Linux Foundation report finds that the global focus is on cloud/containers, cybersecurity and AI/ML skills, and that upskilling is key. The post Report: More organizations still plan to increase their tech staff appeared first on TechRepublic.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Leaked EU Document Shows Spain Wants to Ban End-to-End Encryption

WIRED Threat Level

In response to an EU proposal to scan private messages for illegal material, the country's officials said it is “imperative that we have access to the data.

article thumbnail

Architecture Matters When it Comes to SSE

CyberSecurity Insiders

by John Spiegel, Director of Strategy, Axis Security Gartner just released the 2023 version of their “Magic Quadrant” for Secure Service Edge or SSE. Cheers are being heard from the companies who scored upper righthand and jeers being shouted for those companies who did not enjoy where they landed on Gartner’s matrix. Over the next few months, there will be a lot of noise coming from all the vendors.

article thumbnail

5 free OSINT tools for social media

We Live Security

A roundup of some of the handiest tools for the collection and analysis of publicly available data from Twitter, Facebook and other social media platforms The post 5 free OSINT tools for social media appeared first on WeLiveSecurity

Media 133
article thumbnail

Hackers start using double DLL sideloading to evade detection

Bleeping Computer

An APT hacking group known as "Dragon Breath," "Golden Eye Dog," or "APT-Q-27" is demonstrating a new trend of using several complex variations of the classic DLL sideloading technique to evade detection. [.

Hacking 143
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Security breaches push digital trust to the fore

CSO Magazine

As digital transactions with customers, employees, suppliers, and other stakeholders grow, digital trustworthiness is set to become one of the most important enterprise-wide initiatives with the biggest potential impact (both negative and positive), even though it often has the smallest budget allocation. “Organizations are focusing on security and privacy, but if your customers don’t trust you, they will go elsewhere,” says Mark Thomas president of Escoute Consulting, which specializes in compl

136
136
article thumbnail

PaperCut vulnerability abused by several threat actors could impact 70,000 organizations

Tech Republic Security

Get technical details about how the cybercriminals are targeting this vulnerability, who is impacted, and how to detect and protect against this security threat. The post PaperCut vulnerability abused by several threat actors could impact 70,000 organizations appeared first on TechRepublic.

article thumbnail

Leak of Intel Boot Guard Keys Could Have Security Repercussions for Years

Dark Reading

While Intel is still investigating the incident, the security industry is bracing itself for years of potential firmware insecurity if the keys indeed were exposed.

Firmware 138
article thumbnail

Go Phish: How Attackers Utilize HTML Files to Evade Security

CyberSecurity Insiders

By Motti Elloul, VP Customer Success and Incident Response, Perception Point Email phishing scams are nothing new. But they are growing increasingly prevalent and sophisticated – over 3 billion phishing emails are sent every day, and the tactics used to disguise them are only growing more devious. One case in point: the Incident Response team from our company, Perception Point, recently discovered a new phishing campaign that uses HTML files to conceal malicious scripts, duping unsuspecting user

Phishing 133
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.