Sat.Mar 04, 2023 - Fri.Mar 10, 2023

article thumbnail

New National Cybersecurity Strategy: What Do You Need to Know?

Lohrman on Security

The White House released a new national cybersecurity strategy this past week with five pillars. What’s in the plan, and how will this impact public- and private-sector organizations?

article thumbnail

New Report “State of Cloud Threat Detection and Response”

Anton on Security

Cloud D&R Report (2023) One of the mysteries of detection and response (D&R) is about how companies really approach D&R in the public cloud. So we did a survey focused on this, and we actually polled both leaders and technologists. “Our State of Cloud Threat Detection and Response report summarizes the survey responses of 400 security leaders and SecOps practitioners in North America regarding the capabilities, practices, and behaviors of protecting against, identifying, and remediat

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Prompt Injection Attacks on Large Language Models

Schneier on Security

This is a good survey on prompt injection attacks on large language models (like ChatGPT). Abstract: We are currently witnessing dramatic advances in the capabilities of Large Language Models (LLMs). They are already being adopted in practice and integrated into many systems, including integrated development environments (IDEs) and search engines. The functionalities of current LLMs can be modulated via natural language prompts, while their exact internal functionality remains implicit and unass

article thumbnail

Sued by Meta, Freenom Halts Domain Registrations

Krebs on Security

The domain name registrar Freenom , whose free domain names have long been a draw for spammers and phishers, has stopped allowing new domain name registrations. The move comes just days after the Dutch registrar was sued by Meta , which alleges the company ignores abuse complaints about phishing websites while monetizing traffic to those abusive domains.

Phishing 235
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Cloud security, hampered by proliferation of tools, has a “forest for trees” problem

Tech Republic Security

C-Suites executives have cybersecurity insecurities around cloud development, deployment and visibility, a Palo Alto Networks survey finds. The post Cloud security, hampered by proliferation of tools, has a “forest for trees” problem appeared first on TechRepublic.

article thumbnail

Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears

Dark Reading

More than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information.

144
144

More Trending

article thumbnail

Who’s Behind the NetWire Remote Access Trojan?

Krebs on Security

A Croatian national has been arrested for allegedly operating NetWire , a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the U.S. Federal Bureau of Investigation (FBI). While the defendant in this case hasn’t yet been named publicly, the NetWire website has been leaking information about the likely true identity and location of its owne

DNS 230
article thumbnail

CrowdStrike: Attackers focusing on cloud exploits, data theft

Tech Republic Security

CrowdStrike’s new threat report sees a big increase in data theft activity, as attackers move away from ransomware and other malware attacks, as defense gets better, and the value of data increases. The post CrowdStrike: Attackers focusing on cloud exploits, data theft appeared first on TechRepublic.

article thumbnail

Why Traditional Vulnerability Management isn’t Cutting it Anymore

CyberSecurity Insiders

Traditional vulnerability management is in need of a desperate change due to the lack of effectiveness in combating modern cyberattacks. It’s a bold statement, but true, nonetheless, because it’s just not enough. Numbers don’t lie, and the only direction the average cost of recovering from cyberattacks seems to move is up. Putting the monetary effect aside, a successful cyberattack from ineffective vulnerability management can fatally hit an organization’s reputation.

Risk 138
article thumbnail

Voice-Clone AI Scams — it’s NOT ME on the Phone, Grandma

Security Boulevard

Voice AI tech being misused by scammers: Scrotes fake your voice and call your grandparents. Then “you” beg them for money. The post Voice-Clone AI Scams — it’s NOT ME on the Phone, Grandma appeared first on Security Boulevard.

Scams 135
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

AT&T informs 9M customers about data breach

CSO Magazine

AT&T is informing customers about a data breach at a vendor’s system that allowed threat actors to gain access to AT&T’s Customer Proprietary Network Information (CPNI). The incident came to light after customers posted the email communication from AT&T on community forums to know if it was legitimate or email fraud. “We recently determined that an unauthorized person breached a vendor’s system and gained access to your ‘Customer Proprietary Network Information’ (CPNI),” AT&T sai

article thumbnail

New National Cybersecurity Strategy: resilience, regs, collaboration and pain (for attackers)

Tech Republic Security

The Biden administration’s National Cybersecurity Strategy aims to go after attackers, cultivate a resilience-first defensive posture and build public, private and international collaboration. The post New National Cybersecurity Strategy: resilience, regs, collaboration and pain (for attackers) appeared first on TechRepublic.

article thumbnail

How to prevent Microsoft OneNote files from infecting Windows with malware

Bleeping Computer

The seemingly innocuous Microsoft OneNote file has become a popular file format used by hackers to spread malware and breach corporate networks. Here's how to block malicious OneNote phishing attachments from infecting Windows. [.

Malware 136
article thumbnail

Lockbit Ransomware Dominant Even as Overall Attack Rates Fall

Security Boulevard

With victims from 23 countries, Lockbit continues to be the most prolific ransomware group in the early months of 2023, even as an 11% decrease in ransomware victims was reported in January. These were among the findings from GuidePoint Security’s monthly ransomware threat report, which found the total number of attacks by Lockbit was more. The post Lockbit Ransomware Dominant Even as Overall Attack Rates Fall appeared first on Security Boulevard.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

TSA tells US aviation industry to boost its cybersecurity

Graham Cluley

The US Transportation and Security Administration (TSA) has issued new requirements for airport and aircraft operators who, they say, are facing a "persistent cybersecurity threat." Read more in my article on the Tripwire State of Security blog.

article thumbnail

GitHub rolling out two-factor authentication to millions of users

Tech Republic Security

Over the next nine months, the largest internet hosting service for software development and collaboration will make all code contributors add another layer of electronic evidence to their accounts. The post GitHub rolling out two-factor authentication to millions of users appeared first on TechRepublic.

article thumbnail

IceFire Ransomware Portends a Broader Shift From Windows to Linux

Dark Reading

IceFire has changed up its OS target in recent cyberattacks, emblematic of ransomware actors increasingly targeting Linux enterprise networks, despite the extra work involved.

article thumbnail

Identity verification in today’s digital-first era

Security Boulevard

The identity verification market was valued at $11B in 2022. It’s anticipated that in the. The post Identity verification in today’s digital-first era appeared first on Entrust Blog. The post Identity verification in today’s digital-first era appeared first on Security Boulevard.

Marketing 133
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Fortinet warns of new critical unauthenticated RCE vulnerability

Bleeping Computer

Fortinet has disclosed a "Critical" vulnerability impacting FortiOS and FortiProxy, which allows an unauthenticated attacker to execute arbitrary code or perform denial of service (DoS) on the GUI of vulnerable devices using specially crafted requests. [.

129
129
article thumbnail

LastPass releases new security incident disclosure and recommendations

Tech Republic Security

LastPass attacks began with a hacked employee's home computer. The investigation now reveals the password manager company's data vault was compromised. The post LastPass releases new security incident disclosure and recommendations appeared first on TechRepublic.

article thumbnail

Stolen credentials increasingly empower the cybercrime underground

CSO Magazine

The cybercrime underground has long functioned as an open market where sellers of products and services are paired with buyers and contractors. One of the most valuable commodities on this market are stolen credentials since they can provide attackers with access into networks, databases, and other assets owned by organizations. It's no surprise to see cybercriminals focused on this valuable commodity.

article thumbnail

‘Extraordinary, Egregious’ Data Breach at House and Senate

Security Boulevard

Capitol Trouble: Senators, representatives and staffers suffer PII leak. Could it finally kickstart some action? The post ‘Extraordinary, Egregious’ Data Breach at House and Senate appeared first on Security Boulevard.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Love scam or espionage? Transparent Tribe lures Indian and Pakistani officials

We Live Security

ESET researchers analyze a cyberespionage campaign that distributes CapraRAT backdoors through trojanized and supposedly secure Android messaging apps – but also exfiltrates sensitive information The post Love scam or espionage?

Scams 118
article thumbnail

Become your business’s cybersecurity expert

Tech Republic Security

Learn a wide variety of topics for a lifetime with this eclectic bundle. The post Become your business’s cybersecurity expert appeared first on TechRepublic.

article thumbnail

Study reveals companies are wasting millions on unused Kubernetes resources

Graham Cluley

Graham Cluley Security News is sponsored this week by the folks at Sysdig. Thanks to the great team there for their support! This move to the cloud has made it easier to scale up applications when they need to grow. However, there is a corollary to this: Budgeting! Chances are, you’re probably overspending.

121
121
article thumbnail

Hybrid Systems: AI and Humans Need Each Other for Effective Cybersecurity

Security Boulevard

The sudden mainstreaming of chatbots and generative AI like ChatGPT has a lot of people worried. They believe this is the AI technology that will replace them. Fortunately, that’s not actually the case. The more likely scenario is that humans will partner with AI to create a hybrid model of job roles. And this is. The post Hybrid Systems: AI and Humans Need Each Other for Effective Cybersecurity appeared first on Security Boulevard.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Acer Confirms Data Offered Up for Sale Was Stolen

Dark Reading

An Acer statement confirms that a document server for repair techs was compromised, but says customer data doesn't appear to be part of the leak.

131
131
article thumbnail

Emotet malware attacks return after three-month break

Bleeping Computer

The Emotet malware operation is again spamming malicious emails as of Tuesday morning after a three-month break, rebuilding its network and infecting devices worldwide. [.

Malware 135
article thumbnail

Experts Discover Flaw in U.S. Govt's Chosen Quantum-Resistant Encryption Algorithm

The Hacker News

A group of researchers has revealed what it says is a vulnerability in a specific implementation of CRYSTALS-Kyber, one of the encryption algorithms chosen by the U.S. government as quantum-resistant last year.

article thumbnail

What the LastPass Hack Says About Modern Cybersecurity

Security Boulevard

Online password managers are meant to help users keep track of the long and complex. The post What the LastPass Hack Says About Modern Cybersecurity appeared first on Axiad. The post What the LastPass Hack Says About Modern Cybersecurity appeared first on Security Boulevard.

Hacking 128
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.