Lohrman on Security
MARCH 26, 2023
The world is buzzing about the new AI applications that are rapidly changing the landscape at home and work. But what about copyright protections, artistry and even fake news as our AI journey accelerates?
Schneier on Security
MARCH 30, 2023
Now this is interesting: Thousands of pages of secret documents reveal how Vulkan’s engineers have worked for Russian military and intelligence agencies to support hacking operations, train operatives before attacks on national infrastructure, spread disinformation and control sections of the internet. The company’s work is linked to the federal security service or FSB, the domestic spy agency; the operational and intelligence divisions of the armed forces, known as the GOU and GRU;
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
MARCH 28, 2023
The United Kingdom’s National Crime Agency (NCA) has been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services. The warning displayed to users on one of the NCA’s fake booter sites.
Troy Hunt
MARCH 25, 2023
I'm excited about coming to Prague. One more country to check off the list, apparently a beautiful city and perhaps what I'm most stoked about, it's the home of Prusa 3D. Writing this as I wrangle prints out of my trusty MK3S+, I'm going to do my best to catch up with folks there and see some of the super cool stuff they're doing.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
MARCH 29, 2023
Learn how to protect your organization and users from this Android banking trojan. The post Nexus Android malware targets 450 financial applications appeared first on TechRepublic.
Bleeping Computer
MARCH 29, 2023
A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company's customers in an ongoing supply chain attack. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Security Boulevard
MARCH 29, 2023
Skyhawk Security today revealed it is employing ChatGPT to add generative artificial intelligence (AI) capabilities to its cloud threat detection and response (CDR) platform at no extra charge. Skyhawk Security CEO Chen Burshan said in addition to providing textual explanations of the evolution of a security incident discovered by the company’s platform, ChatGPT also makes.
Tech Republic Security
MARCH 30, 2023
The new AI security tool, which can answer questions about vulnerabilities and reverse-engineer problems, is now in preview. The post Microsoft adds GPT-4 to its defensive suite in Security Copilot appeared first on TechRepublic.
Bleeping Computer
MARCH 28, 2023
Cybersecurity researchers have discovered a fundamental security flaw in the design of the IEEE 802.11 WiFi protocol standard, allowing attackers to trick access points into leaking network frames in plaintext form. [.
CyberSecurity Insiders
MARCH 31, 2023
Capita, an internationally acclaimed business processing & outsourcing firm, is experiencing a sudden halt in the operations of its IT services and suspects a cyber attack behind the disruption. However, the company is yet to reveal it on an official note and assured that it will definitely do so after a detailed investigation gets completed. Those from the company and familiar with the incident state that the incident could be the work of a ransomware gang or some notorious group operating
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
MARCH 30, 2023
UK National Crime Agency nips it in the bud: Aims to scare straight naughty DDoS kiddies. The post Brits Slap Wrists of DDoS Kids, via NCA’s Fake Booter Sites appeared first on Security Boulevard.
Tech Republic Security
MARCH 30, 2023
New studies by NCC Group and Barracuda Networks show threat actors are increasing ransomware exploits, with consumer goods and services receiving the brunt of attacks and a large percentage of victims being hit multiple times. The post Ransomware attacks skyrocket as threat actors double down on U.S., global attacks appeared first on TechRepublic.
Bleeping Computer
MARCH 25, 2023
American university researchers have developed a novel attack which they named "Near-Ultrasound Inaudible Trojan" (NUIT) that can launch silent attacks against devices powered by voice assistants, like smartphones, smart speakers, and other IoTs. [.
CyberSecurity Insiders
MARCH 30, 2023
Are you one of those who play games by investing real money to earn double or triple the amount in return? If yes, then you should be wary of scammers who are indulging in various kinds of gaming frauds. Account switching, account takeover, fake identity and promo abuse, money laundering, phishing scams, and fake websites intended to steal sensitive information are some of the frauds targeting gamers these days.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
WIRED Threat Level
MARCH 26, 2023
The GOP-fueled far right differs from similar movements around the globe, thanks to the country’s politics, electoral system, and changing demographics.
Tech Republic Security
MARCH 31, 2023
Feelings of exclusion and being disrespected impacts hiring opportunities and retention for women, according to a new report. The post Study: Women in cybersecurity feel excluded, disrespected appeared first on TechRepublic.
Bleeping Computer
MARCH 30, 2023
Microsoft has shared more information on what types of malicious embedded files OneNote will soon block to defend users against ongoing phishing attacks pushing malware. [.
We Live Security
MARCH 29, 2023
How fraudsters groom their marks and move in for the kill using tricks from the playbooks of romance and investment scammers The post Pig butchering scams: The anatomy of a fast‑growing threat appeared first on WeLiveSecurity
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
WIRED Threat Level
MARCH 29, 2023
Documents obtained by WIRED confirm that Good Smile, which licenses toy production for Disney, was an investor in the controversial image board.
Tech Republic Security
MARCH 30, 2023
Find out the most commonly used weak passwords by industry and country, according to NordPass. Plus, get tips on creating strong passwords. The post Report: Terrible employee passwords at world’s largest companies appeared first on TechRepublic.
Bleeping Computer
MARCH 31, 2023
A 10-year-old Windows vulnerability is still being exploited in attacks to make it appear that executables are legitimately signed, with the fix from Microsoft still "opt-in" after all these years. Even worse, the fix is removed after upgrading to Windows 11. [.
CyberSecurity Insiders
MARCH 26, 2023
Artificial intelligence (AI) and machine learning (ML) are two terms that are often used interchangeably, but they are not the same. As AI and ML are related, but they have distinct differences. In this article, we will explore the differences between AI and ML and provide examples of how they are used in the real world. What is Artificial Intelligence?
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Dark Reading
MARCH 27, 2023
Indicators point to Twitter's source code being publicly available for around 3 months, offering a developer security object lesson for businesses.
Tech Republic Security
MARCH 30, 2023
While cost is generally the main consideration, the war in Ukraine and global political tensions are prompting companies to shift their IT outsourcing strategies, according to a new report. The post Report: Some IT outsourcing is moving back onshore appeared first on TechRepublic.
Bleeping Computer
MARCH 27, 2023
Microsoft is introducing a new Exchange Online security feature that will automatically start throttling and eventually block all emails sent from "persistently vulnerable Exchange servers" 90 days after the admins are pinged to secure them. [.
Trend Micro
MARCH 28, 2023
We discovered a new malware, which we named “OpcJacker” (due to its opcode configuration design and its cryptocurrency hijacking ability), that has been distributed in the wild since the second half of 2022.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
CyberSecurity Insiders
MARCH 28, 2023
If you handle consumer financial data, you need to be aware of the U.S. Federal Trade Commission ‘s ( FTC ) revised Safeguards Rule cybersecurity regulation. The rule applies to a wide range of businesses, including those that may not consider themselves to be financial institutions. The FTC has classified many companies as “non-banking financial institutions” subject to the rule, which requires them to implement specific measures to protect customer data.
Tech Republic Security
MARCH 28, 2023
Learn how to protect your Linux server from the fork bomb denial-of-service attack with this video tutorial by Jack Wallen. The post How to prevent fork bombs on your Linux development servers appeared first on TechRepublic.
Bleeping Computer
MARCH 29, 2023
Taiwanese hardware vendor QNAP warns customers to secure their Linux-powered network-attached storage (NAS) devices against a high-severity Sudo privilege escalation vulnerability. [.
CSO Magazine
MARCH 27, 2023
The French government has banned TikTok and all other “recreational apps” from phones issued to its employees. The Minister of Transformation and the Public Service Stanislas Guerini, said in a statement that recreational applications do not have sufficient levels of cybersecurity and data protection to be deployed on government equipment. This prohibition applies immediately and uniformly, although exemptions may be granted on an exceptional basis for professional needs such as the institutiona
Speaker: William Hord, Vice President of ERM Services
A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.
Expert insights. Personalized for you.
314 
Let's personalize your content