Tech Republic Security
JUNE 27, 2024
This guide covers various ransomware attacks, including Colonial Pipeline, WannaCry and LockBit, the systems hackers target and how to avoid becoming a victim and paying cybercriminals a ransom.
Schneier on Security
JUNE 3, 2024
A piece I coauthored with Fredrik Heiding and Arun Vishwanath in the Harvard Business Review : Summary. Gen AI tools are rapidly making these emails more advanced, harder to spot, and significantly more dangerous. Recent research showed that 60% of participants fell victim to artificial intelligence (AI)-automated phishing, which is comparable to the success rates of non-AI-phishing messages created by human experts.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Penetration Testing
JUNE 25, 2024
A security researcher has published a proof-of-concept (PoC) exploit code targeting a recent high-severity vulnerability (CVE-2024-30088) in Microsoft Windows. This critical flaw holds a risk severity score of 7.0 and impacts systems across the... The post PoC Exploit Published for Windows Kernel Elevation of Privilege Vulnerability (CVE-2024-30088) appeared first on Cybersecurity News.
Krebs on Security
JUNE 15, 2024
A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider , a cybercrime group suspected of hacking into Twilio , LastPass , DoorDash , Mailchimp , and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today reports the suspect was wanted by the FBI and arrested in Palma de Mallorca as he tried to board a flight to Italy.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Troy Hunt
JUNE 24, 2024
I've been harbouring some thoughts about the state of data breaches over recent months, and I feel they've finally manifested themselves into a cohesive enough story to write down. Parts of this story relate to very sensitive incidents and parts to criminal activity, not just on behalf of those executing data breaches but also very likely on behalf of some organisations handling them.
Lohrman on Security
JUNE 9, 2024
Over the past month, the Verizon Data Breach Investigation Report and the Watchguard Technologies Internet Security Report were released. Here are some highlights.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Schneier on Security
JUNE 5, 2024
Microsoft recently caught state-backed hackers using its generative AI tools to help with their attacks. In the security community, the immediate questions weren’t about how hackers were using the tools (that was utterly predictable), but about how Microsoft figured it out. The natural conclusion was that Microsoft was spying on its AI users, looking for harmful hackers at work.
Tech Republic Security
JUNE 6, 2024
Both the promise and the risk of "human-level" AI has always been part of OpenAI’s makeup. What should business leaders take away from this letter?
Krebs on Security
JUNE 11, 2024
Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows users. The software giant also responded to a torrent of negative feedback on a new feature of Redmond’s flagship operating system that constantly takes screenshots of whatever users are doing on their computers, saying the feature would no longer be enabled by default.
Troy Hunt
JUNE 30, 2024
Last week, I wrote about The State of Data Breaches and got loads of feedback. It was predominantly sympathetic to the position I find myself in running HIBP, and that post was mostly one of frustration: lack of disclosure, standoffish organisations, downplaying breaches and the individual breach victims themselves making it worse by going to town on the corporate victims.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Lohrman on Security
JUNE 16, 2024
It’s been six months since I released the Top 24 Security Predictions for 2024, so which predictions are on track and which seem off base — so far? And what’s new as we hit the halfway point in the year?
The Last Watchdog
JUNE 10, 2024
Could we be on the verge of Privacy Destruction 2.0, thanks to GenAI? Related: Next-level browser security That’s a question that spilled out of a thought-provoking conversation I had with Pedro Fortuna , co-founder and CTO of Jscrambler , at RSAC 2024. Jscrambler provides granular visibility and monitoring of JavaScript coding thus enabling companies to set and enforce security rules and privacy policies.
Schneier on Security
JUNE 4, 2024
Interesting story of breaking the security of the RoboForm password manager in order to recover a cryptocurrency wallet password. Grand and Bruno spent months reverse engineering the version of the RoboForm program that they thought Michael had used in 2013 and found that the pseudo-random number generator used to generate passwords in that versionand subsequent versions until 2015did indeed have a significant flaw that made the random number generator not so random.
Tech Republic Security
JUNE 7, 2024
Anthropic opened a window into the ‘black box’ where ‘features’ steer a large language model’s output. OpenAI dug into the same concept two weeks later with a deep dive into sparse autoencoders.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Malwarebytes
JUNE 28, 2024
Chinese online shopping giant Temu is facing a lawsuit filed by State of Arkansas Attorney General Tim Griffin, alleging that the retailer’s mobile app spies on users. “Temu purports to be an online shopping platform, but it is dangerous malware, surreptitiously granting itself access to virtually all data on a user’s cellphone.” Temu quickly denied the allegations.
Troy Hunt
JUNE 2, 2024
What a week! It was Ticketmaster that consumed the bulk of my time this week with the media getting themselves into a bit of a frenzy over a data breach that at the time of recording, still hadn't even been confirmed. But as predicted in the video, confirmation came late on a Friday arvo and since that time we've learned a lot more about just how bad the situation is.
Lohrman on Security
JUNE 2, 2024
Some call it spam. Others call it marketing. Recipients want it to stop, while senders are looking to perfect their “art.” But both sides agree on one thing: Email communication is still broken in 2024.
The Last Watchdog
JUNE 19, 2024
The tectonic shift of network security is gaining momentum, yet this transformation continues to lag far behind the accelerating pace of change in the operating environment. Related: The advance of LLMs For at least the past decade, the cybersecurity industry has been bending away from rules-based defenses designed to defend on-premises data centers and leaning more into tightly integrated and highly adaptable cyber defenses directed at the cloud edge.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Schneier on Security
JUNE 11, 2024
New research: “ Deception abilities emerged in large language models “: Abstract: Large language models (LLMs) are currently at the forefront of intertwining AI systems with human communication and everyday life. Thus, aligning them with human values is of great importance. However, given the steady increase in reasoning abilities, future LLMs are under suspicion of becoming able to deceive human operators and utilizing this ability to bypass monitoring efforts.
Tech Republic Security
JUNE 4, 2024
Organisations providing services related to the Paris Olympics 2024 have an increased risk of cyber attack, a new study has found.
Security Affairs
JUNE 24, 2024
The Lockbit ransomware group announced that it had breached the US Federal Reserve and exfiltrated 33 TB of sensitive data. The Lockbit ransomware group announced that it had breached the systems of Federal Reserve of the United States and exfiltrated 33 TB of sensitive data, including “Americans’ banking secrets.” The Lockbit ransomware group added the Federal Reserve to the list of victims on its Tor data leak site and threatened to leak the stolen data on 25 June, 2024 20:27
Troy Hunt
JUNE 16, 2024
What a week! The NDC opening keynote and 3D printing talk both went off beautifully, the latter being the first time for 11-year old Elle on stage: And the pro shots are really cool 😎 pic.twitter.com/ud7ad0pF1x — Troy Hunt (@troyhunt) June 15, 2024 Videos of both will be available in the coming weeks so stay tuned for them. For now, we're at the end of a mostly cold and rainy Norwegian summer trip, heading to the sunny Greek isles for next week's update 😎 Referen
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Lohrman on Security
JUNE 30, 2024
I’m always looking for best practices and examples to share around government AI and cyber projects. Monty 2.0 is certainly praiseworthy and a GenAI project to watch and learn from.
The Last Watchdog
JUNE 13, 2024
Confidence in the privacy and security of hyper-connected digital services is an obvious must have. Related: NIST’s quantum-resistant crypto Yet, Digital Trust today is not anywhere near the level it needs to be. At RSAC 2024 I had a wide-ranging conversation with DigiCert CEO Amit Sinha all about why Digital Trust has proven to be so elusive.
Schneier on Security
JUNE 17, 2024
Interesting research: “ Teams of LLM Agents can Exploit Zero-Day Vulnerabilities.” Abstract: LLM agents have become increasingly sophisticated, especially in the realm of cybersecurity. Researchers have shown that LLM agents can exploit real-world vulnerabilities when given a description of the vulnerability and toy capture-the-flag problems.
Tech Republic Security
JUNE 4, 2024
A $1 billion commitment will send Cisco money to Cohere, Mistral AI and Scale AI.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
JUNE 15, 2024
NHS England confirmed that multiple London hospitals impacted by the ransomware attack at Synnovis were forced to cancel planned operations. NHS England confirmed that the recent ransomware attack on Synnovis had a severe impact of multiple London hospitals, forcing them to cancel more than hundreds of scheduled operations. Synnovis is a pathology partnership between Guy’s and St Thomas’ NHS Foundation Trust and King’s College Hospitals NHS Trust, and SYNLAB, Europe’s largest provider of medical
Troy Hunt
JUNE 29, 2024
Why does it need to be a crazy data breach week right when I'm struggling with jet lag?! I came home from Europe just as a bunch of the Snowflake-sourced breaches started being publicly dumped, and things went a little crazy. Lots of data to review, lots of media enquiries and many discussions with impacted individuals, breached companies, incident response folks and law enforcement agencies.
Lohrman on Security
JUNE 23, 2024
What are the top mistakes that I see new security leaders continue to make in 2024 as they start their CISO careers or take on new roles? How can these challenges be addressed?
The Last Watchdog
JUNE 4, 2024
Business data today gets scattered far and wide across distributed infrastructure. Just knowing where to look – or even how to look – much less enforcing security policies, has become next to impossible for many organizations. At RSAC 2024 , I visited with Pranava Adduri , co-founder and CEO of Bedrock Security which has just rolled out its AI Reasoning (AIR) Engine to help solve this problem in a bold new way.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Expert insights. Personalized for you.
195 
Let's personalize your content