The Last Watchdog

JULY 24, 2023

Accessing vital information to complete day-to-day tasks at our jobs still requires using a password-based system at most companies. Related: Satya Nadella calls for facial recognition regulations Historically, this relationship has been effective from both the user experience and host perspectives; passwords unlocked a world of possibilities, acted as an effective security measure, and were simple to remember.

Authentication 245

Authentication Passwords Social Engineering Phishing 245

Schneier on Security

JULY 26, 2023

Seems that there is a deliberate backdoor in the twenty-year-old TErrestrial Trunked RAdio (TETRA) standard used by police forces around the world. The European Telecommunications Standards Institute (ETSI), an organization that standardizes technologies across the industry, first created TETRA in 1995. Since then, TETRA has been used in products, including radios, sold by Motorola, Airbus, and more.

Telecommunications 246

Telecommunications Encryption Technology Software 246

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort , which rents hacked residential and small business devices to cybercriminals looking to hide their true location online.

Malware 244

Malware VPN Internet Internet 244

Tech Republic Security

JULY 25, 2023

Want a custom security dashboard to bring together data from multiple places? Microsoft Power BI can do that and help you spot what's changing.

Big data 206

Big data Software 206

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

The Last Watchdog

JULY 27, 2023

Paris, France, July 27, 2023 – CrowdSec , the pioneering open source and collaborative cybersecurity company, today released its Q2 2023 Majority Report , a comprehensive community-driven data report fueled by the collective efforts of its thousands of users. Key takeaways from the report include the rise of IPv6 as well as the role of VPN in cybercriminal activities.

VPN 246

VPN Data collection Cybersecurity Threat Detection 246

Schneier on Security

JULY 27, 2023

World of Warcraft players wrote about a fictional game element, “Glorbo,” on a subreddit for the game, trying to entice an AI bot to write an article about it. It worked : And it…worked. Zleague auto-published a post titled “World of Warcraft Players Excited For Glorbo’s Introduction.” […] That is…all essentially nonsense.

Social Engineering 242

Social Engineering Artificial Intelligence Engineering 242

Troy Hunt

JULY 28, 2023

IoT, breaches and largely business as usual so I'll skip that in the intro to this post and jump straight to the end: the impending HIBP domain search changes. As I say in the vid, I really value people's feedback on this so if nothing else, please skip through to 48:15, listen to that section and let me know what you think. By the time I do next week's vid my hope is that all the coding work is done and I'm a couple of days out from shipping it, so now is your time to provid

IoT 195

IoT Passwords Accountability 195

Lohrman on Security

JULY 23, 2023

Maine paused the use of ChatGPT and other generative AI apps for six months beginning in June. After hearing wide-ranging reactions, I decided to ask Nathan Willigar, the state CISO, about the move.

CISO 189

CISO 189

Schneier on Security

JULY 24, 2023

Supposedly Google is starting a pilot program of disabling Internet connectivity from employee computers: The company will disable internet access on the select desktops, with the exception of internal web-based tools and Google-owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated in materials.

Internet 241

Internet Internet 241

The Last Watchdog

JULY 27, 2023

New York, NY, July 27, 2023 – QBE North America today announced the launch of a cyber insurance program with new MGA, Converge, acting as program administrator. The program will be broken down into two separate distribution structures, each with a distinct revenue focus and cyber security data access formation. •ConvergeElements™ offers primary and excess cyber coverage through select agents and brokers for companies with up to $100 million in revenue.

Cyber Insurance 188

Cyber Insurance Insurance Cyber Risk Small Business 188

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Tech Republic Security

JULY 25, 2023

Digital information is generally the lifeblood of any given organization, containing essential company data needed to run the business. Paperless offices have become the norm across industries and remote work depends on the ability to share electronic information for communication, announcements and collaboration. This checklist from TechRepublic Premium provides a strategy for implementing the maximum.

Big data 157

Big data 157

Bleeping Computer

JULY 28, 2023

Microsoft Edge web browser has been displaying security warnings after Twitter changed its name to 'X'. It's got to do with a security feature dubbed 'Progressive Web App Icon change', designed to keep users safe during app icon or name changes. [.

98

98

Schneier on Security

JULY 28, 2023

Interesting research: “ (Ab)using Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs “: Abstract: We demonstrate how images and sounds can be used for indirect prompt and instruction injection in multi-modal LLMs. An attacker generates an adversarial perturbation corresponding to the prompt and blends it into an image or audio recording.

Artificial Intelligence 241

Artificial Intelligence 241

The Last Watchdog

JULY 26, 2023

Seattle, Wash., July 26, 2023 — Protect AI , the artificial intelligence (AI) and machine learning (ML) security company, today announced it has closed a $35M Series A round of funding. The round was led by Evolution Equity Partners with participation from Salesforce Ventures and existing investors Acrew Capital, boldstart ventures, Knollwood Capital and Pelion Ventures.

Software 188

Software Digital transformation Marketing Artificial Intelligence 188

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Tech Republic Security

JULY 28, 2023

Security experts from HackerOne and beyond weigh in on malicious prompt engineering and other attacks that could strike through LLMs.

Artificial Intelligence 148

Artificial Intelligence Cyber threats Hacking Engineering 148

The Hacker News

JULY 28, 2023

A legitimate Windows search feature is being exploited by unknown malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT.

98

98

Schneier on Security

JULY 25, 2023

The details are scant—the article is based on a “heavily redacted” contract—but the New York subway authority is using an “AI system” to detect people who don’t pay the subway fare. Joana Flores, an MTA spokesperson, said the AI system doesn’t flag fare evaders to New York police, but she declined to comment on whether that policy could change.

Artificial Intelligence 229

Artificial Intelligence 229

The Last Watchdog

JULY 27, 2023

Tel Aviv, Israel, July 27, 2023 — Perception Point , a leading provider of advanced threat prevention across digital communication channels, today published a new report analyzing global cyberattack trends in H1 2023 amidst the paradigm shift brought about by advances in generative AI (GenAI) capabilities. In its H1 2023 Report: Cybersecurity Trends & Insights , Perception Point reported an overall increase in social engineering attacks, including a 20% growth in the prevalence of

Phishing 186

Phishing Social Engineering Engineering Media 186

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Tech Republic Security

JULY 28, 2023

The forum's goal is to establish "guardrails" to mitigate the risk of AI. Learn about the group's four core objectives, as well as the criteria for membership.

Risk 148

Risk Artificial Intelligence Cybersecurity 148

Security Affairs

JULY 28, 2023

Russia-linked BlueBravo has been spotted targeting diplomatic entities in Eastern Europe with the GraphicalProton Backdoor. The Russia-linked threat-state actor BlueBravo (aka APT29 , Cloaked Ursa, and Midnight Blizzard, Nobelium ) has been observed targeting diplomatic entities throughout Eastern Europe. The group was observed conducting a spear-phishing campaign with the end goal of infecting recipients with a new backdoor called GraphicalProton.

Government 98

Government Malware Phishing Internet 98

The Hacker News

JULY 28, 2023

As part of Checkmarx's mission to help organizations develop and deploy secure software, the Security Research team started looking at the security posture of major car manufacturers. Porsche has a well-established Vulnerability Reporting Policy (Disclosure Policy)[1], it was considered in scope for our research, so we decided to start there, and see what we could find.

Manufacturing 98

Manufacturing Software 98

SecureList

JULY 28, 2023

One of the most complex yet effective methods of gaining unauthorized access to corporate network resources is an attack using forged certificates. Attackers create such certificates to fool the Key Distribution Center (KDC) into granting access to the target company’s network. An example of such an attack is the Shadow Credentials technique, which lets an attacker sign in under a user account by modifying the victim’s msDS-KeyCredentialLink attribute and adding an authorization cert

Authentication 98

Authentication Passwords Accountability Software 98

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Tech Republic Security

JULY 28, 2023

The free NordVPN Meshnet helps you create your own VPN tunnel to securely and directly connect different devices. Learn more about Meshnet and how to set it up in this guide.

VPN 148

VPN Cybersecurity Network Security 148

Security Affairs

JULY 28, 2023

Crypto-payments service provider CoinsPaid suffered a cyber attack that resulted in the theft of $37,200,000 worth of cryptocurrency. CoinsPaid, a crypto-payment service provider, fell victim to a cyber attack, leading to the theft of $37,200,000 worth of cryptocurrency. The company attributes the cyber heist to the North Korea-linked APT Lazarus , which is also responsible for the attacks against Axie Infinity (USD 625M), Horizon Bridge (USD 100M), Atomic Wallet (USD 100M) and Alphapo (USD 23M)

Cryptocurrency 98

Cryptocurrency Cyber Attacks Hacking Cybercrime 98

The Hacker News

JULY 28, 2023

The threat actors linked to the malware loader known as IcedID have made updates to the BackConnect (BC) module that's used for post-compromise activity on hacked systems, new findings from Team Cymru reveal.

Malware 98

Malware Banking Hacking 98

Security Boulevard

JULY 28, 2023

C’mon Cupertino: “Unknown Tracker Detected,” your phone screams. What now? The post Android Foils AirTag Stalkers and Thieves — While Apple Does Nothing appeared first on Security Boulevard.

Social Engineering 98

Social Engineering IoT Security Awareness Engineering 98

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Tech Republic Security

JULY 27, 2023

What is the best CSPM tool for your business? Use our guide to review our picks for the best cloud security posture management (CSPM) tools for 2023.

Software 148

Software Cybersecurity 148

Security Affairs

JULY 28, 2023

The issue of how to prevent insider threats without infringing on employee privacy is one that has been a hot topic of debate in recent years. Because insider threats are uniquely challenging to detect and identify, different methods are needed than traditional detection based on signatures or other known threat triggers. Tools that are designed to detect insider threats are more effective, but also bring up questions related to the level of monitoring necessary and employees’ right to a certain

Surveillance 98

Surveillance Threat Detection Software Firewall 98

SecureList

JULY 27, 2023

For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

Malware 98

Malware Government Phishing Social Engineering 98

The Hacker News

JULY 27, 2023

Cybersecurity researchers have disclosed two high-severity security flaws in the Ubuntu kernel that could pave the way for local privilege escalation attacks. Cloud security firm Wiz, in a report shared with The Hacker News, said the easy-to-exploit shortcomings have the potential to impact 40% of Ubuntu users.

Cybersecurity 98

Cybersecurity 98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!