Schneier on Security

JUNE 11, 2024

New research: “ Deception abilities emerged in large language models “: Abstract: Large language models (LLMs) are currently at the forefront of intertwining AI systems with human communication and everyday life. Thus, aligning them with human values is of great importance. However, given the steady increase in reasoning abilities, future LLMs are under suspicion of becoming able to deceive human operators and utilizing this ability to bypass monitoring efforts.

Artificial Intelligence 336

Artificial Intelligence 336

Krebs on Security

JUNE 11, 2024

Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows users. The software giant also responded to a torrent of negative feedback on a new feature of Redmond’s flagship operating system that constantly takes screenshots of whatever users are doing on their computers, saying the feature would no longer be enabled by default.

Internet 308

Internet Internet Software Malware 308

Lohrman on Security

JUNE 9, 2024

Over the past month, the Verizon Data Breach Investigation Report and the Watchguard Technologies Internet Security Report were released. Here are some highlights.

Data breaches 303

Data breaches Internet Internet Technology 303

The Last Watchdog

JUNE 10, 2024

Could we be on the verge of Privacy Destruction 2.0, thanks to GenAI? Related: Next-level browser security That’s a question that spilled out of a thought-provoking conversation I had with Pedro Fortuna , co-founder and CTO of Jscrambler , at RSAC 2024. Jscrambler provides granular visibility and monitoring of JavaScript coding thus enabling companies to set and enforce security rules and privacy policies.

Data collection 261

Data collection Internet Internet Technology 261

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Schneier on Security

JUNE 10, 2024

Interesting research: “ Hyperlink Hijacking: Exploiting Erroneous URL Links to Phantom Domains “: Abstract: Web users often follow hyperlinks hastily, expecting them to be correctly programmed. However, it is possible those links contain typos or other mistakes. By discovering active but erroneous hyperlinks, a malicious actor can spoof a website or service, impersonating the expected content and phishing private information.

Phishing 321

Phishing 321

Tech Republic Security

JUNE 11, 2024

Direct revenue loss is the biggest drain from downtime, but other hidden costs include diminished shareholder value, stagnant productivity and reputational damage.

Digital transformation 194

Digital transformation Software Phishing Malware 194

The Last Watchdog

JUNE 13, 2024

Confidence in the privacy and security of hyper-connected digital services is an obvious must have. Related: NIST’s quantum-resistant crypto Yet, Digital Trust today is not anywhere near the level it needs to be. At RSAC 2024 I had a wide-ranging conversation with DigiCert CEO Amit Sinha all about why Digital Trust has proven to be so elusive.

Internet 162

Internet Internet Encryption Authentication 162

Schneier on Security

JUNE 14, 2024

This is really neat demo of the security problems arising from reusing nonces with a symmetric cipher in GCM mode.

Encryption 315

Encryption 315

Tech Republic Security

JUNE 12, 2024

The U.K. is the 25th most technically proficient country in Europe, with Switzerland, Germany and the Netherlands taking the top three places.

Digital transformation 190

Digital transformation Artificial Intelligence 190

Trend Micro

JUNE 10, 2024

This blog entry provides an analysis of the Noodle RAT backdoor, which is likely being used by multiple Chinese-speaking groups engaged in espionage and other types of cybercrime.

Cybercrime 145

Cybercrime Malware 145

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

The Last Watchdog

JUNE 10, 2024

Torrance, Calif., June 10, 2024, CyberNewsWire — AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, announced that it has started selling its paid threat detection data from its CTI search engine ‘ Criminal IP ‘ on the Snowflake Marketplace. Criminal IP is committed to offering advanced cybersecurity solutions through Snowflake, the leading cloud-based data warehousing platform.

Cyber threats 147

Cyber threats Threat Detection Engineering Media 147

Schneier on Security

JUNE 14, 2024

This is a current list of where and when I am scheduled to speak: I’m appearing on a panel on Society and Democracy at ACM Collective Intelligence in Boston, Massachusetts. The conference runs from June 26 through 29, 2024, and my panel is at 9:00 AM on Friday, June 28. I’m speaking on “Reimagining Democracy in the Age of AI” at the Bozeman Library in Bozeman, Montana, USA, July 18, 2024.

303

303

Tech Republic Security

JUNE 12, 2024

What's the best VPN to use in Australia? Discover the pricing, features, pros and cons of our recommended VPNs for Australia.

VPN 190

VPN 190

SecureList

JUNE 10, 2024

Introduction Two-factor authentication (2FA) is a security feature we have come to expect as standard by 2024. Most of today’s websites offer some form of it, and some of them won’t even let you use their service until you enable 2FA. Individual countries have adopted laws that require certain types of organizations to protect users’ accounts with 2FA.

Phishing 145

Phishing Banking Social Engineering Accountability 145

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Bleeping Computer

JUNE 9, 2024

A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs. [.

144

144

Penetration Testing

JUNE 9, 2024

Redfox Security has uncovered a series of critical vulnerabilities in the popular Netgear WNR614 N300 router, exposing users to significant security risks. The vulnerabilities, ranging from authentication bypass to password policy circumvention and insecure... The post Multiple Critical Vulnerabilities Discovered in Netgear WNR614 Router, No Patch Available appeared first on Cybersecurity News.

Authentication 142

Authentication Passwords Risk Cybersecurity 142

Tech Republic Security

JUNE 12, 2024

A threat actor exploited the Snowflake platform to target organizations for data theft and extortion using compromised credentials. Learn how to protect your business from this threat.

Big data 189

Big data Malware Cybersecurity 189

Security Affairs

JUNE 9, 2024

A new PHP for Windows remote code execution (RCE) flaw affects version 5.x and earlier versions, potentially impacting millions of servers worldwide. Researchers at cybersecurity firm DEVCORE discovered a critical remote code execution (RCE) vulnerability , tracked as CVE-2024-4577, in the PHP programming language. An unauthenticated attacker can exploit the flaw to take full control of affected servers.

Architecture 142

Architecture Hacking Risk Cybersecurity 142

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Bleeping Computer

JUNE 9, 2024

A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs. [.

143

143

The Hacker News

JUNE 8, 2024

Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances. The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP installed on the Windows operating system.

141

141

Tech Republic Security

JUNE 14, 2024

From saving on flights and hotels to protecting your data when working online, these tips could save you money in the long run.

VPN 186

VPN Mobile Network Security 186

Security Affairs

JUNE 13, 2024

Fortinet released security updates to address multiple vulnerabilities in FortiOS, including a high-severity code execution security issue. Fortinet addressed multiple vulnerabilities in FortiOS and other products, including some code execution flaws. The company states that multiple stack-based buffer overflow vulnerabilities in the command line interpreter of FortiOS [CWE-121], collectively tracked as CVE-2024-23110 (CVSS score of 7.4), can be exploited by an authenticated attacker to achieve

Authentication 141

Authentication Hacking Information Security 141

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Bleeping Computer

JUNE 11, 2024

The Dutch Military Intelligence and Security Service (MIVD) warned today that the impact of a Chinese cyber-espionage campaign unveiled earlier this year is "much larger than previously known." [.

141

141

Malwarebytes

JUNE 11, 2024

The British and Canadian privacy authorities have announced they will undertake a joint investigation into the data breach at global genetic testing company 23andMe that was discovered in October 2023. On Friday October 6, 2023, 23andMe confirmed via a somewhat opaque blog post that cybercriminals had “obtained information from certain accounts, including information about users’ DNA Relatives profiles.

Data breaches 141

Data breaches Accountability Passwords Risk 141

Tech Republic Security

JUNE 10, 2024

A company’s network must be secured to ensure the safety of its data against the risks of cyberthreats.

Network Security 187

Network Security Risk 187

Graham Cluley

JUNE 13, 2024

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that scammers are impersonating its employees, in an attempt to commit fraud. Impersonation scams are on the rise, warns the agency. Read more, and learn how to protect yourself, in my article on the Tripwire State of Security blog.

Scams 139

Scams Cybersecurity 139

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

IT Security Guru

JUNE 11, 2024

Artificial Intelligence (AI) is highly innovative but also poses significant risks to all organisations, as shown by the recent high profile hacks at Ticketmaster, Santander and the NHS. This article will delve into how AI can be manipulated by cyber attackers for scams, particularly ones that affect businesses. The latest threats from AI you should be concerned about The NCSC recognised that AI will play as a contributing factor to how cyber-attacks operate, and said ‘AI provides capability upl

Cyber Attacks 138

Cyber Attacks Scams Artificial Intelligence Social Engineering 138

Malwarebytes

JUNE 13, 2024

Google has notified Pixel users about an actively exploited vulnerability in their phones’ firmware. Firmware is the code or program which is embedded into hardware devices. Simply put, it is the software layer between the hardware and the applications on the device. About the vulnerability, Google said there are indications it may be: “under limited, targeted exploitation.

Firmware 140

Firmware Spyware Mobile Software 140

Tech Republic Security

JUNE 14, 2024

An upcoming blog post for members of the Windows Insider Program will explain how to get the AI-powered Recall feature.

Artificial Intelligence 186

Artificial Intelligence Software 186

The Hacker News

JUNE 10, 2024

Google has revealed that it took down 1,320 YouTube channels and 1,177 Blogger blogs as part of a coordinated influence operation connected to the People’s Republic of China (PRC). "The coordinated inauthentic network uploaded content in Chinese and English about China and U.S.

138

138

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!