Schneier on Security
OCTOBER 1, 2024
This vulnerability hacks a feature that allows ChatGPT to have long-term memory, where it uses information from past conversations to inform future conversations with that same user. A researcher found that he could use that feature to plant “false memories” into that context window that could subvert the model. A month later, the researcher submitted a new disclosure statement.
Tech Republic Security
OCTOBER 1, 2024
A report from insurer QBE predicts that the world will experience 211 significant cyber attacks this year, marking a 105% increase over four years.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Elie
OCTOBER 2, 2024
This talk examine current real-world examples of AI-driven attacks and explore which defensive AI capabilities are available today.
Tech Republic Security
OCTOBER 1, 2024
Version 24H2 adds the sudo command and alerts users when an application accesses their physical location. Microsoft polished other security features, too.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Malwarebytes
OCTOBER 1, 2024
Ireland’s privacy watchdog Data Protection Commission (DPC) has fined Meta €91M ($101M) after the discovery in 2019 that Meta had stored 600 million Facebook and Instagram passwords in plaintext. The DPC ruled that Meta was in violation of GDPR on several occasions related to this breach. It determined that the company failed to “notify the DPC of a personal data breach concerning storage of user passwords in plaintext” without delay, and failed to “document personal data breaches concerning the
Schneier on Security
OCTOBER 2, 2024
Governor Newsom has vetoed the state’s AI safety bill. I have mixed feelings about the bill. There’s a lot to like about it, and I want governments to regulate in this space. But, for now, it’s all EU. (Related, the Council of Europe treaty on AI is ready for signature. It’ll be legally binding when signed, and it’s a big deal.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
The Last Watchdog
OCTOBER 3, 2024
Singapore, Oct. 3, 2024, CyberNewswire — At DEF CON 32, the SquareX research team delivered a hard-hitting presentation titled Sneaky Extensions: The MV3 Escape Artists where they shared their findings on how malicious browser extensions are bypassing Google’s latest standard for building chrome extensions: Manifest V3 (MV3)’s security features, putting millions of users and businesses at risk.
Tech Republic Security
OCTOBER 4, 2024
Check Point documented 5,000 spam emails coming from legitimate-looking domains as fake Microsoft application alerts. Real links complete the trap.
Schneier on Security
OCTOBER 3, 2024
Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit. In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren’t likely to lead to mass infections that could install ransomware or espionage malware.
Lohrman on Security
SEPTEMBER 29, 2024
As we head toward 2025, are the duties and goals of a chief information security officer achievable? Are CISOs set up for failure? Should position descriptions be changed? Let’s explore.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
SecureList
OCTOBER 4, 2024
While trying to deliver malware on victims’ devices and stay on them as long as they can, sometimes attackers are using quite unusual techniques. In a recent campaign starting in 2022, unknown malicious actors have been trying to mine cryptocurrency on victims’ devices without user consent; they’ve used large amounts of resources for distribution, but what’s more, used multiple unusual vectors for defense evasion and persistence.
Tech Republic Security
SEPTEMBER 30, 2024
Prompt injection and data leakage are among the top threats posed by LLMs, but they can be mitigated using existing security logging technologies.
Penetration Testing
OCTOBER 2, 2024
A discovered zero-day vulnerability is putting Microsoft Office users at risk. Security researcher Metin Yunus Kandemir recently published the technical details and a proof-of-concept (PoC) exploit that reveals a critical... The post 0-Day Flaw CVE-2024-38200 in Microsoft Office Exposes NTLMv2 Hashes: PoC Exploit Released appeared first on Cybersecurity News.
Security Affairs
SEPTEMBER 29, 2024
Israel allegedly hacked Beirut airport ‘s control tower, warning an Iranian plane not to land, forcing it to return to Tehran. The Israeli cyber army on Saturday hacked into the control tower of Beirut Airport, the Rafic Hariri International Airport. The IDF breached the communication network of the control tower and threatened an Iranian civilian plane attempting to land, reported the MiddleEastMonitor website.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
We Live Security
OCTOBER 2, 2024
ESET Research details the tools and activities of a new China-aligned threat actor, CeranaKeeper, focusing on massive data exfiltration in Southeast Asia
Tech Republic Security
OCTOBER 4, 2024
Learn how to execute the fundamentals, harden your defenses, and protect your business's network security with no high-tech software.
Penetration Testing
SEPTEMBER 30, 2024
A serious vulnerability, dubbed KartLANPwn (CVE-2024-45200), has been identified in the wildly popular Nintendo game Mario Kart 8 Deluxe, putting millions of players at risk of remote code execution (RCE)... The post KartLANPwn (CVE-2024-45200) Exploits Mario Kart 8 Deluxe LAN Play Feature for RCE appeared first on Cybersecurity News.
Security Affairs
OCTOBER 2, 2024
Telegram fulfilled over a dozen U.S. law enforcement data requests this year, potentially revealing the IP addresses or phone numbers of 100+ users. Independent website 404 Media first revealed that in 2024 Telegram has fulfilled more than a dozen law enforcement data requests from the U.S. authorities. The social media platform “potentially revealed” that it has shared the IP addresses or phone numbers of over 100 users with law enforcement.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
OCTOBER 4, 2024
Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user's passwords to be read out aloud by its VoiceOver assistive technology. The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads.
Tech Republic Security
OCTOBER 3, 2024
A third of U.K. teachers have not received cyber security training this year, and only two-thirds of those that did deemed it useful, according to a government poll.
Penetration Testing
SEPTEMBER 29, 2024
A critical vulnerability has been discovered in the popular GiveWP donation plugin for WordPress, potentially allowing unauthenticated attackers to take complete control of affected websites. The flaw, tracked as CVE-2024-8353... The post CVE-2024-8353 (CVSS 10): Critical GiveWP Flaw, 100k WordPress Sites at Risk appeared first on Cybersecurity News.
Malwarebytes
OCTOBER 3, 2024
Like something out of Black Mirror, two students have demonstrated a way to use smart glasses and facial recognition technology to immediately reveal people’s names, phone numbers, and addresses. The Harvard students have dubbed the system I-XRAY and it works like this: When you look at someone’s face through the glasses—they used Ray-Ban Meta smart glasses—a connected Artificial Intelligence (AI) platform will look up that face on the internet and pull up all the information it can find about t
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
The Hacker News
SEPTEMBER 29, 2024
The Irish Data Protection Commission (DPC) has fined Meta €91 million ($101.56 million) as part of a probe into a security lapse in March 2019, when the company disclosed that it had mistakenly stored users' passwords in plaintext in its systems.
Tech Republic Security
OCTOBER 2, 2024
Need to share a Wi-Fi password with a friend or coworker? Learn how to share a Wi-Fi password on iPhones, iPads, Macs, Androids, and Windows computers.
Penetration Testing
SEPTEMBER 29, 2024
In a significant development for the cybersecurity community, researchers have published technical details and a proof-of-concept (PoC) exploit for a newly identified vulnerability in the Linux kernel, designated as CVE-2024-26808.... The post CVE-2024-26808: PoC Exploit Shows Local Privilege Escalation Risk in Linux appeared first on Cybersecurity News.
Security Affairs
OCTOBER 3, 2024
Over 4,000 unpatched Adobe Commerce and Magento stores have been compromised by exploiting critical vulnerability CVE-2024-34102. Sansec researchers reported that multiple threat actors have exploited a critical Adobe Commerce vulnerability, tracked as CVE-2024-34102 (aka CosmicSting, CVSS score of 9.8), to compromise more than 4,000 e-stores over the past three months.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Hacker News
OCTOBER 4, 2024
Cloudflare has disclosed that it mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds.
Tech Republic Security
OCTOBER 1, 2024
If you’re curious about how to create a secure password, read our in-depth guide covering password security and best practices.
Penetration Testing
SEPTEMBER 29, 2024
The PHP project has recently released a security advisory, addressing several vulnerabilities affecting various versions of PHP. These vulnerabilities range from potential log tampering to arbitrary file inclusion and data... The post Multiple Vulnerabilities Discovered in PHP, Prompting Urgent Security Updates appeared first on Cybersecurity News.
Security Affairs
OCTOBER 2, 2024
Multiple flaws in DrayTek residential and enterprise routers can be exploited to fully compromise vulnerable devices. Forescout researchers discovered 14 new vulnerabilities in DrayTek routers, two of which have been rated as critical. Of the 14 security flaws nine are rated high, and three are rated medium in severity. The flaws impact residential and enterprise routers manufactured by DrayTek that could be exploited to take over susceptible devices.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
290 
Let's personalize your content