Sat.Jun 08, 2024 - Fri.Jun 14, 2024

article thumbnail

LLMs Acting Deceptively

Schneier on Security

New research: “ Deception abilities emerged in large language models “: Abstract: Large language models (LLMs) are currently at the forefront of intertwining AI systems with human communication and everyday life. Thus, aligning them with human values is of great importance. However, given the steady increase in reasoning abilities, future LLMs are under suspicion of becoming able to deceive human operators and utilizing this ability to bypass monitoring efforts.

article thumbnail

RSAC Fireside Chat: Jscrambler levels-up JavaScript security, slows GenAI-fueled privacy loss

The Last Watchdog

Could we be on the verge of Privacy Destruction 2.0, thanks to GenAI? Related: Next-level browser security That’s a question that spilled out of a thought-provoking conversation I had with Pedro Fortuna , co-founder and CTO of Jscrambler , at RSAC 2024. Jscrambler provides granular visibility and monitoring of JavaScript coding thus enabling companies to set and enforce security rules and privacy policies.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Evolving Cyber Landscape: Insights from 2024 Reports

Lohrman on Security

Over the past month, the Verizon Data Breach Investigation Report and the Watchguard Technologies Internet Security Report were released. Here are some highlights.

article thumbnail

Patch Tuesday, June 2024 “Recall” Edition

Krebs on Security

Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows users. The software giant also responded to a torrent of negative feedback on a new feature of Redmond’s flagship operating system that constantly takes screenshots of whatever users are doing on their computers, saying the feature would no longer be enabled by default.

Internet 217
article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

Exploiting Mistyped URLs

Schneier on Security

Interesting research: “ Hyperlink Hijacking: Exploiting Erroneous URL Links to Phantom Domains “: Abstract: Web users often follow hyperlinks hastily, expecting them to be correctly programmed. However, it is possible those links contain typos or other mistakes. By discovering active but erroneous hyperlinks, a malicious actor can spoof a website or service, impersonating the expected content and phishing private information.

Phishing 273
article thumbnail

RSAC Fireside Chat: What it will take to achieve Digital Trust in our hyper-connected future

The Last Watchdog

Confidence in the privacy and security of hyper-connected digital services is an obvious must have. Related: NIST’s quantum-resistant crypto Yet, Digital Trust today is not anywhere near the level it needs to be. At RSAC 2024 I had a wide-ranging conversation with DigiCert CEO Amit Sinha all about why Digital Trust has proven to be so elusive.

Internet 163

More Trending

article thumbnail

CVE-2024-26229: Windows Elevation of Privilege Flaw Weaponized, PoC Exploit on GitHub

Penetration Testing

Security researchers are raising the alarm as proof-of-concept (PoC) exploit code targeting a recently patched high-severity vulnerability (CVE-2024-26229) in Microsoft Windows has surfaced on GitHub. The vulnerability could allow attackers to gain SYSTEM privileges,... The post CVE-2024-26229: Windows Elevation of Privilege Flaw Weaponized, PoC Exploit on GitHub appeared first on Cybersecurity News.

article thumbnail

AI and the Indian Election

Schneier on Security

As India concluded the world’s largest election on June 5, 2024, with over 640 million votes counted, observers could assess how the various parties and factions used artificial intelligence technologies—and what lessons that holds for the rest of the world. The campaigns made extensive use of AI, including deepfake impersonations of candidates, celebrities and dead politicians.

article thumbnail

Chinese hackers breached 20,000 FortiGate systems worldwide

Bleeping Computer

The Dutch Military Intelligence and Security Service (MIVD) warned today that the impact of a Chinese cyber-espionage campaign unveiled earlier this year is "much larger than previously known." [.

144
144
article thumbnail

Crowdstrike vs Trellix (2024): What Are The Main Differences?

Tech Republic Security

Endpoint detection and response software protects against a variety of threats and attacks. Learn about two of the most popular EDR options, CrowdStrike and Trellix, and how to protect your network.

Software 152
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Noodle RAT: Reviewing the New Backdoor Used by Chinese-Speaking Groups

Trend Micro

This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime.

article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m appearing on a panel on Society and Democracy at ACM Collective Intelligence in Boston, Massachusetts. The conference runs from June 26 through 29, 2024, and my panel is at 9:00 AM on Friday, June 28. I’m speaking on “Reimagining Democracy in the Age of AI” at the Bozeman Library in Bozeman, Montana, USA, July 18, 2024.

252
252
article thumbnail

Malicious VSCode extensions with millions of installs discovered

Bleeping Computer

A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs. [.

145
145
article thumbnail

Mandiant Report: Snowflake Users Targeted for Data Theft and Extortion

Tech Republic Security

A threat actor exploited the Snowflake platform to target organizations for data theft and extortion using compromised credentials. Learn how to protect your business from this threat.

Big data 150
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Multiple Critical Vulnerabilities Discovered in Netgear WNR614 Router, No Patch Available

Penetration Testing

Redfox Security has uncovered a series of critical vulnerabilities in the popular Netgear WNR614 N300 router, exposing users to significant security risks. The vulnerabilities, ranging from authentication bypass to password policy circumvention and insecure... The post Multiple Critical Vulnerabilities Discovered in Netgear WNR614 Router, No Patch Available appeared first on Cybersecurity News.

article thumbnail

Using AI for Political Polling

Schneier on Security

Public polling is a critical function of modern political campaigns and movements, but it isn’t what it once was. Recent US election cycles have produced copious postmortems explaining both the successes and the flaws of public polling. There are two main reasons polling fails. First, nonresponse has skyrocketed. It’s radically harder to reach people than it used to be.

Media 254
article thumbnail

Malicious VSCode extensions with millions of installs discovered

Bleeping Computer

A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs. [.

144
144
article thumbnail

UK Trails Behind Europe in Technical Skills Proficiency, Coursera Report Finds

Tech Republic Security

The U.K. is the 25th most technically proficient country in Europe, with Switzerland, Germany and the Netherlands taking the top three places.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Chinese Threats Aim for Government Sector 

Security Boulevard

The rise in U.S.-politics-themed scams indicates that adversarial nation states understand the significance of election years. The post Chinese Threats Aim for Government Sector appeared first on Security Boulevard.

article thumbnail

Demo of AES GCM Misuse Problems

Schneier on Security

This is really neat demo of the security problems arising from reusing nonces with a symmetric cipher in GCM mode.

article thumbnail

New York Times source code stolen using exposed GitHub token

Bleeping Computer

Internal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company's GitHub repositories in January 2024, The Times confirmed to BleepingComputer. [.

141
141
article thumbnail

Apple iOS 18 Cheat Sheet: Release Date, RCS Integration and More

Tech Republic Security

Find out about Apple’s iOS 18 release date, key features including RCS integration and more, as well as how registered developers can install the beta.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Tile/Life360 Breach: ‘Millions’ of Users’ Data at Risk

Security Boulevard

Location tracking service leaks PII, because—incompetence? Seems almost TOO easy. The post Tile/Life360 Breach: ‘Millions’ of Users’ Data at Risk appeared first on Security Boulevard.

Risk 134
article thumbnail

AMD Processors Vulnerable to Serious SPI Lock Bypass Flaw (CVE-2022-23829)

Penetration Testing

A high-severity vulnerability, identified as CVE-2022-23829 (CVSS 8.2), has been discovered in various AMD processors, potentially impacting millions of devices worldwide. The flaw allows malicious actors with kernel-level access to bypass native system protections,... The post AMD Processors Vulnerable to Serious SPI Lock Bypass Flaw (CVE-2022-23829) appeared first on Cybersecurity News.

article thumbnail

Microsoft delays Windows Recall amid privacy and security concerns

Bleeping Computer

Microsoft is delaying the release of its AI-powered Windows Recall feature to test and secure it further before releasing it in a public preview on Copilot+ PCs. [.

137
137
article thumbnail

6 Best VPNs for Australia in 2024

Tech Republic Security

What's the best VPN to use in Australia? Discover the pricing, features, pros and cons of our recommended VPNs for Australia.

VPN 157
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Will AI Take Over Cybersecurity Jobs?

Security Boulevard

The post Will AI Take Over Cybersecurity Jobs? appeared first on AI Enabled Security Automation. The post Will AI Take Over Cybersecurity Jobs? appeared first on Security Boulevard.

article thumbnail

Just Published: PCI DSS v4.0.1

PCI perspectives

To address stakeholder feedback and questions received since PCI DSS v4.0 was published in March 2022, the PCI Security Standards Council (PCI SSC) has published a limited revision to the standard, PCI DSS v4.0.1. It includes corrections to formatting and typographical errors and clarifies the focus and intent of some of the requirements and guidance.

133
133
article thumbnail

Exploit for critical Veeam auth bypass available, patch now

Bleeping Computer

A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest security updates. [.

Backups 134
article thumbnail

5 Tips for Making the Most Out of Your Next Business Trip

Tech Republic Security

From saving on flights and hotels to protecting your data when working online, these tips could save you money in the long run.

VPN 154
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.