Lohrman on Security
SEPTEMBER 17, 2023
Tech leaders gathered in Washington, D.C., this past week for public and private meetings with Congress on the future of AI in the U.S. What happened, and what’s next?
Schneier on Security
SEPTEMBER 20, 2023
In April, Cybersecurity Ventures reported on extreme cybersecurity job shortage: Global cybersecurity job vacancies grew by 350 percent, from one million openings in 2013 to 3.5 million in 2021, according to Cybersecurity Ventures. The number of unfilled jobs leveled off in 2022, and remains at 3.5 million in 2023, with more than 750,000 of those positions in the U.S.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Troy Hunt
SEPTEMBER 22, 2023
Well that's it, Europe is done! I've spent the week in Prague with highlights including catching up with Josef Prusa, keynoting at Experts Live EU and taking a "beer spa" complete with our own endless supply of tap beer. Life is good 🍻 That’s it - we’ve peaked - life is all downhill from here 🤣 🍻 #BeerSpa pic.twitter.com/ezCpUC6XEK — Troy Hunt (@troyhunt) September 21, 2023 All that and more in this week's video, next week I&apo
Krebs on Security
SEPTEMBER 18, 2023
The victim shaming website operated by the cybercriminals behind 8Base — currently one of the more active ransomware groups — was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The leaked data suggests that at least some of website’s code was written by a 36-year-old programmer residing in the capital city of Moldova.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Anton on Security
SEPTEMBER 21, 2023
This blog series was written jointly with Amine Besson, Principal Cyber Engineer, Behemoth CyberDefence and one more anonymous collaborator. This post is our second installment in the “Threats into Detections — The DNA of Detection Engineering” series, where we explore the challenges of detection engineering in more detail — and where threat intelligence plays (and where some hope appears … but you need to wait for Part 3 for this!
Schneier on Security
SEPTEMBER 19, 2023
There are no reliable ways to distinguish text written by a human from text written by an large language model. OpenAI writes : Do AI detectors work? In short, no. While some (including OpenAI) have released tools that purport to detect AI-generated content, none of these have proven to reliably distinguish between AI-generated and human-generated content.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Last Watchdog
SEPTEMBER 21, 2023
Ransomware is a significant threat to businesses worldwide. There are many gangs that work together to orchestrate increasingly damaging attacks. However, some of these groups follow codes of conduct that prevent them from purposefully targeting hospitals. Related: How Putin has weaponized ransomware In mid-March 2020, representatives from the cybersecurity website BleepingComputer contacted numerous ransomware gangs to ask if they’d continue targeting hospitals during the unprecedented COVID-19
Tech Republic Security
SEPTEMBER 21, 2023
Australian retailers are rolling out mass surveillance solutions to combat shoplifting, but a poor regulatory environment could mean high risks associated with data security and privacy.
Schneier on Security
SEPTEMBER 21, 2023
Jake Appelbaum’s PhD thesis contains several new revelations from the classified NSA documents provided to journalists by Edward Snowden. Nothing major, but a few more tidbits. Kind of amazing that that all happened ten years ago. At this point, those documents are more historical than anything else. And it’s unclear who has those archives anymore.
Bleeping Computer
SEPTEMBER 21, 2023
Apple released emergency security updates to patch three new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 16 zero-days patched this year. [.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
The Last Watchdog
SEPTEMBER 20, 2023
Creating ever smarter security software to defend embattled company networks pretty much sums up the cybersecurity industry. Related: The security role of semiconductors Cutting against the grain, Flexxon , a Singapore-based supplier of NAND memory drives and storage devices, arrived at Black Hat USA 2023 calling for a distinctive hardware approach to repelling cyber attacks.
Tech Republic Security
SEPTEMBER 18, 2023
The Microsoft leak, which stemmed from AI researchers sharing open-source training data on GitHub, has been mitigated.
The Hacker News
SEPTEMBER 19, 2023
Microsoft on Monday said it took steps to correct a glaring security gaffe that led to the exposure of 38 terabytes of private data. The leak was discovered on the company's AI GitHub repository and is said to have been inadvertently made public when publishing a bucket of open-source training data, Wiz said.
Bleeping Computer
SEPTEMBER 22, 2023
Security researchers discovered a multi-step information stealing campaign where hackers breach the systems of hotels, booking sites, and travel agencies and then use their access to go after financial data belonging to customers. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Trend Micro
SEPTEMBER 17, 2023
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior and SOCKS implementation.
Tech Republic Security
SEPTEMBER 21, 2023
The attestation service is designed to allow data in confidential computing environments to interact with AI safely, as well as provide policy enforcements and audits.
Security Affairs
SEPTEMBER 21, 2023
Apple released emergency security updates to address three new actively exploited zero-day vulnerabilities. Apple released emergency security updates to address three new zero-day vulnerabilities (CVE-2023-41993, CVE-2023-41991, CVE-2023-41992) that have been exploited in attacks in the wild. The three flaws were discovered by Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group.
Bleeping Computer
SEPTEMBER 17, 2023
TikTok is flooded by a surge of fake cryptocurrency giveaways posted to the video-sharing platform, with almost all of the videos pretending to be themes based on Elon Musk, Tesla, or SpaceX. [.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
The Hacker News
SEPTEMBER 21, 2023
Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16.
Tech Republic Security
SEPTEMBER 20, 2023
At CrowdStrike Fal.Con 2023, CrowdStrike announced a new Falcon Raptor release with generative-AI capabilities and the acquisition of Bionic.
Security Affairs
SEPTEMBER 20, 2023
Pro-Russia hacker group NoName is suspected to have launched a cyberattack that caused border checkpoint outages at several Canadian airports. A massive DDoS cyber attack, likely carried out by Pro-Russia hacker group NoName , severely impacted operations at several Canadian airports last week, reported Recorded Future News. Canada Border Services Agency (CBSA) was able to mitigate the attack after a few hours.
Bleeping Computer
SEPTEMBER 16, 2023
The BlackCat (ALPHV) ransomware gang now uses stolen Microsoft accounts and the recently spotted Sphynx encryptor to encrypt targets' Azure cloud storage. [.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
We Live Security
SEPTEMBER 18, 2023
Once you’ve made it past the initial screening process and secured that all-important interview, it’s time to seal the deal. These 10 tips will put you on the right track.
Tech Republic Security
SEPTEMBER 22, 2023
On Thursday Cisco agreed to buy Splunk in a $28 billion deal intended to address AI-enabled security and observability issues.
Security Affairs
SEPTEMBER 17, 2023
One of Thailand’s major digital financial platforms, CardX , recently disclosed a data leak that affected their customers. According to the statement published on the CardX official website on September 15th, the company experienced a cybersecurity incident that exposed personal information related to personal loan and cash card applications. This information includes the customer’s first and last name, address, telephone number, and email.
Dark Reading
SEPTEMBER 22, 2023
Tens of millions in losses later, the MGM and Caesars systems are back online following dual cyberattacks by the same threat actor — here's what experts say about their incident responses.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Trend Micro
SEPTEMBER 21, 2023
We examine the campaigns of the cyberespionage group known as Turla over the years, with a special focus on the key MITRE techniques and the corresponding IDs associated with the threat actor group.
Tech Republic Security
SEPTEMBER 18, 2023
Macs, like Windows computers, benefit from routine maintenance. Regular tune-ups help protect Macs, both desktop and laptop models, from potential data loss, needlessly slow performance and other issues. Just what steps should a macOS tune-up checklist include? Check out the steps below, from TechRepublic Premium, to ensure you get proper, consistent results during each macOS.
Security Affairs
SEPTEMBER 18, 2023
Microsoft AI researchers accidentally exposed 38TB of sensitive data via a public GitHub repository since July 2020. Cybersecurity firm Wiz discovered that the Microsoft AI research division accidentally leaked 38TB of sensitive while publishing a bucket of open-source training data on GitHub. The exposed data exposed a disk backup of two employees’ workstations containing secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages. “The researchers shared their fi
Malwarebytes
SEPTEMBER 17, 2023
The recent attack on MGM Resorts generated lots of speculation with regard to what the cause was. Some folks claimed the culprit was ransomware. Well, confirmation is now forthcoming as an affiliate of the BlackCat/ALPHV ransomware group is said to be the one responsible for the attack and subsequent outage. The statement is quite long, takes a few digs at MGM Resorts, and seeks to correct what the group feels to be inaccurate statements made by security vendors and others with regard to the att
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
222 
Let's personalize your content