Dark Reading

MAY 22, 2023

Techniques used in cyber warfare can be sold to anyone — irrespective of borders, authorities, or affiliations. We need to develop strategies to respond at scale.

124

124

Schneier on Security

MAY 25, 2023

Interesting essay on the poisoning of LLMs—ChatGPT in particular: Given that we’ve known about model poisoning for years, and given the strong incentives the black-hat SEO crowd has to manipulate results, it’s entirely possible that bad actors have been poisoning ChatGPT for months. We don’t know because OpenAI doesn’t talk about their processes, how they validate the prompts they use for training, how they vet their training data set, or how they fine-tune ChatGPT.

Artificial Intelligence 321

Artificial Intelligence Hacking 321

Krebs on Security

MAY 26, 2023

The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta , which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains. The volume of phishing websites registered through Freenom dropped considerably since the registrar was sued by Meta.

Phishing 320

Phishing Malware 320

Troy Hunt

MAY 21, 2023

I feel like the.zip TLD debate is one of those cases where it's very easy for the purest security view to overwhelm the practical human reality. I'm yet to see a single good argument that is likely to have real world consequences as far as phishing goes and whilst I understand the sentiment surrounding the confusion new TLDs with common file types, all "the sky is falling" commentary I've seen is speculative at best.

Phishing 51

Phishing Data breaches 51

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

The Last Watchdog

MAY 24, 2023

Zero trust networking architecture (ZTNA) is a way of solving security challenges in a cloud-first world. Related: The CMMC sea change NIST SP 800-207A (SP 207A), the next installment of Zero Trust guidance from the National Institute of Standards and Technology (NIST), has been released for public review. This special publication was written for security architects and infrastructure designers; it provides useful guidance when designing ZTNA for cloud-native application platforms, especially th

Authentication 223

Authentication Banking Architecture Encryption 223

Schneier on Security

MAY 23, 2023

In case you don’t have enough to worry about, someone has built a credible handwriting machine: This is still a work in progress, but the project seeks to solve one of the biggest problems with other homework machines, such as this one that I covered a few months ago after it blew up on social media. The problem with most homework machines is that they’re too perfect.

Media 294

Media Software Artificial Intelligence 294

Lohrman on Security

MAY 21, 2023

What is happening regarding cybersecurity operations, new developments and the future vision in the state of North Dakota? State CISO Michael Gregg shares his perspectives.

CISO 192

CISO Cybersecurity 192

The Last Watchdog

MAY 25, 2023

The inadequacy of siloed security solutions is well-documented. Related: Taking a security-first path The good news is that next-gen security platforms designed to unify on-prem and cloud threat detection and remediation are, indeed, coalescing. At RSA Conference 2023 I visited with Elias Terman , CMO, and Sudarsan Kannan , Director of Product Management, from Uptycs , a Walthan, Mass.

Threat Detection 214

Threat Detection Internet Internet Technology 214

Schneier on Security

MAY 24, 2023

It’s been a big month for US data privacy. Indiana, Iowa, and Tennessee all passed state privacy laws, bringing the total number of states with a privacy law up to eight. No private right of action in any of those, which means it’s up to the states to enforce the laws.

Data privacy 283

Data privacy 283

Tech Republic Security

MAY 25, 2023

The GDPR, in effect for five years on May 25, has influenced the U.S. data privacy laws and is likely to exert itself when AI creates a new set of privacy challenges. The post Experts laud GDPR at five year milestone appeared first on TechRepublic.

Data privacy 215

Data privacy Big data 215

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Trend Micro

MAY 25, 2023

This is an analysis of Bandit Stealer, a new Go-based information-stealing malware capable of evading detection as it targets multiple browsers and cryptocurrency wallets.

Cryptocurrency 145

Cryptocurrency Malware Cyber threats 145

The Last Watchdog

MAY 20, 2023

The ransomware plague endures — and has arisen as a potent weapon in geopolitical conflicts. Related: The Golden Age of cyber espionage Cyber extortion remains a material threat to organizations of all sizes across all industries. Ransomware purveyors have demonstrated their capability to endlessly take advantage of a vastly expanded network attack surface – one that will only continue to expand as the shift to massively interconnected digital services accelerates.

Ransomware 203

Ransomware Internet Internet 203

Schneier on Security

MAY 26, 2023

Cyberspace operations now officially has a physical dimension, meaning that the United States has official military doctrine about cyberattacks that also involve an actual human gaining physical access to a piece of computing infrastructure. A revised version of Joint Publication 3-12 Cyberspace Operations—published in December 2022 and while unclassified, is only available to those with DoD common access cards, according to a Joint Staff spokesperson—officially provides a definition

273

273

Tech Republic Security

MAY 22, 2023

A new Linux Foundation report finds that the global focus is on cloud/containers, cybersecurity and AI/ML skills, and that upskilling is key. The post Report: More organizations still plan to increase their tech staff appeared first on TechRepublic.

Cybersecurity 208

Cybersecurity Artificial Intelligence 208

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

SecureList

MAY 23, 2023

GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. Despite the fact that they began their activities years ago, this group is generally unknown and, as far as we know, has not been publicly described. We started monitoring the group in mid-2020 and have observed a constant level of activity that indicates a capable and stealthy actor.

Malware 145

Malware Encryption Government Technology 145

The Last Watchdog

MAY 24, 2023

Hackers can hurt your business or organization in many ways. First and foremost, cyberattacks can lead to data breaches in which sensitive information is stolen. If a cyber-criminal uses you as a way to get at your customers, suppliers, or employees, these vital business relationships can turn sour. Related: Tapping hidden pools of security talent Sometimes hackers can encrypt your systems, holding them hostage and asking you to pay money to regain access to them.

Cybersecurity 202

Cybersecurity Backups Data breaches Technology 202

Schneier on Security

MAY 22, 2023

Google has backtracked on its plan to delete inactive YouTube videos—at least for now. Of course, it could change its mind anytime it wants. It would be nice if this would get people to think about the vulnerabilities inherent in letting a for-profit monopoly decide what of human creativity is worth saving.

Media 271

Media 271

Tech Republic Security

MAY 24, 2023

Barracuda Networks found that spearphishing exploits last year worked to great effect and took days to detect. The post Spearphishing report: 50% of companies were impacted in 2022 appeared first on TechRepublic.

Artificial Intelligence 205

Artificial Intelligence Phishing Cybersecurity 205

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

WIRED Threat Level

MAY 20, 2023

From USB worms to satellite-based hacking, Russia’s FSB hackers, known as Turla, have spent 25 years distinguishing themselves as “adversary number one.

Hacking 145

Hacking 145

The Last Watchdog

MAY 23, 2023

As digital transformation accelerates, Application Programming Interfaces (APIs) have become integral to software development – especially when it comes to adding cool new functionalities to our go-to mobile apps. Related: Collateral damage of T-Mobile hack Yet, APIs have also exponentially increased the attack vectors available to malicious hackers – and the software community has not focused on slowing the widening of this security gap.

Mobile 200

Mobile Digital transformation Financial Services Software 200

Trend Micro

MAY 22, 2023

In this blog entry, we will examine the security risks related to file extension-related Top-Level Domains (TLDs) while also providing best practices and recommendations on how both individual users and organizations can protect themselves from these hazards.

Risk 144

Risk Cyber threats 144

Tech Republic Security

MAY 25, 2023

Microsoft published specifics on the Volt Typhoon state-aligned China actor. Experts say raising awareness of threats is critical. The post Microsoft warns of Volt Typhoon, latest salvo in global cyberwar appeared first on TechRepublic.

Ransomware 197

Ransomware Malware Cybersecurity 197

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

WIRED Threat Level

MAY 22, 2023

In response to an EU proposal to scan private messages for illegal material, the country's officials said it is “imperative that we have access to the data.

Encryption 145

Encryption 145

Bleeping Computer

MAY 21, 2023

Researchers at Tencent Labs and Zhejiang University have presented a new attack called 'BrutePrint,' which brute-forces fingerprints on modern smartphones to bypass user authentication and take control of the device. [.

Authentication 143

Authentication Mobile 143

Security Boulevard

MAY 26, 2023

Shouty name—dangerous game. Red-team tool ripe for misuse. The post COSMICENERGY: ‘Russian’ Threat to Power Grids ICS/OT appeared first on Security Boulevard.

Cyber Attacks 137

Cyber Attacks IoT Risk Government 137

Tech Republic Security

MAY 23, 2023

On-premises artificial intelligence and specifically trained generative AI are now enterprise trends. Leaders from Dell and NVIDIA and analysts from Forrester Research weigh in. The post Dell’s Project Helix heralds a move toward specifically trained generative AI appeared first on TechRepublic.

Artificial Intelligence 190

Artificial Intelligence Big data Network Security 190

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

MAY 26, 2023

Security researchers have shared a deep dive into the commercial Android spyware called Predator, which is marketed by the Israeli company Intellexa (previously Cytrox). Predator was first documented by Google's Threat Analysis Group (TAG) in May 2022 as part of attacks leveraging five different zero-day flaws in the Chrome web browser and Android.

Spyware 136

Spyware Marketing 136

Bleeping Computer

MAY 21, 2023

Google has updated its policy for personal accounts across its services to allow a maximum period of inactivity of two years. [.

Accountability 141

Accountability 141

Google Security

MAY 26, 2023

Vincent Winstead, Technical Program Manager It’s Google CTF time! Get your hacking toolbox ready and prepare your caffeine for rapid intake. The competition kicks off on June 23 2023 6:00 PM UTC and runs through June 25 2023 6:00 PM UTC. Registration is now open at g.co/ctf. Google CTF gives you a chance to challenge your skillz, show off your hacktastic abilities, and learn some new tricks along the way.

Hacking 135

Hacking Technology Engineering 135

Tech Republic Security

MAY 22, 2023

With NordLocker, you can store, manage and share individual files. Learn how with this step-by-step guide. The post How to manage and share files online using NordLocker appeared first on TechRepublic.

Cybersecurity 183

Cybersecurity 183

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!