GlobalSign

AUGUST 14, 2023

As companies extend their operations globally, they must prioritise cybersecurity measures to support sustainable long-term growth. Read more.

Cybersecurity 98

Cybersecurity 98

Schneier on Security

AUGUST 15, 2023

This is why we need regulation: Zoom updated its Terms of Service in March, spelling out that the company reserves the right to train AI on user data with no mention of a way to opt out. On Monday, the company said in a blog post that there’s no need to worry about that. Zoom execs swear the company won’t actually train its AI on your video calls without permission, even though the Terms of Service still say it can.

Technology 246

Technology Artificial Intelligence Surveillance 246

The Last Watchdog

AUGUST 13, 2023

LAS VEGAS – Just when we appeared to be on the verge of materially shrinking the attack surface, along comes an unpredictable, potentially explosive wild card: generative AI. Related: Can ‘CNAPP’ do it all? Unsurprisingly, generative AI was in the spotlight at Black Hat USA 2023 , which returned to its full pre-Covid grandeur here last week.

Artificial Intelligence 246

Artificial Intelligence Engineering Internet Internet 246

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams.

Phishing 243

Phishing Passwords Hacking Internet 243

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Troy Hunt

AUGUST 14, 2023

I've been teaching my 13-year old son Ari how to code since I first got him started on Scratch many years ago, and gradually progressed through to the current day where he's getting into Python in Visual Studio Code. As I was writing the new domain search API for Have I Been Pwned (HIBP) over the course of this year, I was trying to explain to him how powerful APIs are: Think of HIBP as one website that does pretty much one thing; you load it in your browser and search through data bre

Data breaches 242

Data breaches Mobile Engineering 242

Schneier on Security

AUGUST 16, 2023

The UK Electoral Commission discovered last year that it was hacked the year before. That’s fourteen months between the hack and the discovery. It doesn’t know who was behind the hack. We worked with external security experts and the National Cyber Security Centre to investigate and secure our systems. If the hack was by a major government, the odds are really low that it has resecured its systems—unless it burned the network to the ground and rebuilt it from scratch (which see

Hacking 245

Hacking Government 245

Krebs on Security

AUGUST 14, 2023

John Clifton Davies , a convicted fraudster estimated to have bilked dozens of technology startups out of more than $30 million through phony investment schemes, has a brand new pair of scam companies that are busy dashing startup dreams: A fake investment firm called Equity-Invest[.]ch , and Diligere[.]co.uk , a scam due diligence company that Equity-Invest insists all investment partners use.

Scams 224

Scams Software Technology 224

The Last Watchdog

AUGUST 15, 2023

Social media giants have long held too much power over our digital identities. Related: Google, Facebook promote third-party snooping Today, no one is immune to these giants’ vicious cycle of collecting personal data, selling it to advertisers, and manipulating users with data metrics. By making people feel like mere products- this exploitative digital environment further encourages a bubble of distrust amongst social media users.

Media 188

Media Accountability Social Engineering Hacking 188

Schneier on Security

AUGUST 14, 2023

The NSA discovered the intrusion in 2020—we don’t know how—and alerted the Japanese. The Washington Post has the story : The hackers had deep, persistent access and appeared to be after anything they could get their hands on—plans, capabilities, assessments of military shortcomings, according to three former senior U.S. officials, who were among a dozen current and former U.S. and Japanese officials interviewed, who spoke on the condition of anonymity because of the matte

Hacking 244

Hacking Cybersecurity 244

Tech Republic Security

AUGUST 17, 2023

Learn how to retrieve and generate Google 2FA backup codes with this easy-to-follow, step-by-step tutorial.

Backups 183

Backups Authentication Software 183

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Jane Frankland

AUGUST 18, 2023

Every now and again I’m asked about conferences and whether they’re worth attending. My answer is always, yes so long as you plan carefully. Over the years I’ve attended hundreds of cybersecurity conferences all over the world, and participated as an attendee, speaker, chair, and advisor. All these roles have enabled me to gain an understanding of conferences through different lenses.

Cybersecurity 130

Cybersecurity Risk Media Government 130

The Last Watchdog

AUGUST 17, 2023

Tel Aviv, Israel, Aug. 17, 2023 — Cynomi , the leading AI-powered virtual Chief Information Security Officer (vCISO) platform vendor for Managed Service Providers (MSPs), Managed Security Service Providers (MSSPs) and consulting firms, has published the results of its first annual report, “ The State of the Virtual CISO 2023 ”. The report, conducted by Global Surveys on behalf of Cynomi, reveals critical insights into MSPs and MSSPs’ recent shift towards vCISO services.

CISO 130

CISO Cybersecurity Risk Banking 130

Schneier on Security

AUGUST 18, 2023

Interesting research: “ An Empirical Study & Evaluation of Modern CAPTCHAs “: Abstract: For nearly two decades, CAPTCHAS have been widely used as a means of protection against bots. Throughout the years, as their use grew, techniques to defeat or bypass CAPTCHAS have continued to improve. Meanwhile, CAPTCHAS have also evolved in terms of sophistication and diversity, becoming increasingly difficult to solve for both bots (machines) and humans.

Accountability 243

Accountability 243

Tech Republic Security

AUGUST 17, 2023

Learn seven different ways to boot a Windows 10 PC in Safe Mode to help troubleshoot issues using this comprehensive guide.

Software 158

Software 158

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

The Hacker News

AUGUST 18, 2023

Microsoft on Thursday disclosed that it found a new version of the BlackCat ransomware (aka ALPHV and Noberus) that embeds tools like Impacket and RemCom to facilitate lateral movement and remote code execution.

Ransomware 98

Ransomware 98

Bleeping Computer

AUGUST 18, 2023

A high-severity vulnerability has been fixed in WinRAR, the popular file archiver utility for Windows used by millions, that can execute commands on a computer simply by opening an archive. [.

Software 98

Software 98

Schneier on Security

AUGUST 17, 2023

Researchers are trying to use AI to detect “social norms violations.” Feels a little sketchy right now, but this is the sort of thing that AIs will get better at. (Like all of these systems, anything but a very low false positive rate makes the detection useless in practice.) News article.

Artificial Intelligence 238

Artificial Intelligence Internet Internet 238

Tech Republic Security

AUGUST 16, 2023

Stories of virus and malware infections, data loss, system compromises and unauthorized access dominate headlines, and your WordPress website may be contributing to the problem. WordPress is the most popular CMS in the world. According to Colorlib, WordPress is used by over 800 million websites worldwide. But unfortunately, that popularity also makes it one of.

Malware 158

Malware Software 158

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

AUGUST 18, 2023

Threat actors are using Android Package (APK) files with unknown or unsupported compression methods to elude malware analysis. That's according to findings from Zimperium, which found 3,300 artifacts leveraging such compression algorithms in the wild. 71 of the identified samples can be loaded on the operating system without any problems.

Malware 98

Malware 98

Security Affairs

AUGUST 18, 2023

A flaw impacting the file archiver utility for Windows WinRAR can allow the execution of commands on a computer by opening an archive. WinRAR is a popular file compression and archival utility for Windows operating systems. The utility is affected by a now-fixed high-severity vulnerability, tracked as CVE-2023-40477 (CVSS score 7.8), that can allow remote execution of arbitrary code on a computer by opening a crafted RAR archive.

Hacking 98

Hacking Information Security 98

Bleeping Computer

AUGUST 18, 2023

Hotmail users worldwide have problems sending emails, with messages flagged as spam or not delivered after Microsoft misconfigured the domain's DNS SPF record. [.

DNS 98

DNS 98

Tech Republic Security

AUGUST 17, 2023

Code development, content creation and analytics are the top generative AI use cases. However, many enterprise users don't trust gen AI to be private.

Artificial Intelligence 148

Artificial Intelligence Big data Software 148

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Digital Shadows

AUGUST 18, 2023

Cyber-actors hide using "clean" resources. ReliaQuest shows tracking IoCs & detection helps security pros counteract disguised attacks. Enhancing OSINT is key.

98

98

Security Affairs

AUGUST 18, 2023

Experts warn of an ongoing campaign attributed to China-linked Bronze Starlight that is targeting the Southeast Asian gambling sector. SentinelOne observed China-linked APT group Bronze Starlight (aka APT10 , Emperor Dragonfly or Storm-0401) targeting the gambling sector within Southeast Asia. The malware and infrastructure employed in the campaign are linked to the ones observed in Operation ChattyGoblin attributed by the security firm ESET to China-linked threat actors.

VPN 98

VPN Malware Encryption Passwords 98

Malwarebytes

AUGUST 18, 2023

An ongoing campaign targeting LinkedIn accounts has led to victims losing control of their accounts, or being locked out following repeated login attempts. Whether the attackers are using brute force methods or credential stuffing isn't known, but because some victims are being being locked out following a great number of failed attempts, you might suspect brute force methods.

Accountability 98

Accountability Passwords Authentication Phishing 98

Tech Republic Security

AUGUST 15, 2023

Data from the human vs. machine challenge could provide a framework for government and enterprise policies around generative AI.

Hacking 148

Hacking Government Artificial Intelligence Cybersecurity 148

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Heimadal Security

AUGUST 18, 2023

As the cybercrime landscape evolves, you may wonder if the old Antivirus solution that you have installed on your organization’s endpoints still does the job. Traditional antivirus software initially offered sufficient defense against the majority of viruses before they evolved into other types of malware. A better type of endpoint security is required because traditional […] The post What Is Next-Generation Antivirus (NGAV) and How Does It Work?

Antivirus 98

Antivirus Cybercrime Malware Software 98

Security Affairs

AUGUST 18, 2023

#OpFukushima: The famous collective Anonymous has launched cyberattacks against Japan nuclear websites over Fukushima water plan. The hacker collective Anonymous has launched cyberattacks against nuclear power-linked groups in Japan as part of an operation called #OpFukushima. The campaign was launched to protest against the Government’s plan to release the treated radioactive water from the Fukushima nuclear plant into the sea.

Government 98

Government Media DDOS Hacking 98

The Hacker News

AUGUST 17, 2023

A previously undetected attack method called NoFilter has been found to abuse the Windows Filtering Platform (WFP) to achieve privilege escalation in the Windows operating system.

98

98

Tech Republic Security

AUGUST 14, 2023

This attack sent approximately 120,000 phishing emails to organizations worldwide with the goal to steal Microsoft 365 credentials.

Phishing 148

Phishing Authentication Cybersecurity 148

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!