Sat.Jan 28, 2023 - Fri.Feb 03, 2023

article thumbnail

ChatGPT: Hopes, Dreams, Cheating and Cybersecurity

Lohrman on Security

ChatGPT is an AI-powered chatbot created by OpenAI. So what are the opportunities and risks with using this technology across different domains?

article thumbnail

AIs as Computer Hackers

Schneier on Security

Hacker “Capture the Flag” has been a mainstay at hacker gatherings since the mid-1990s. It’s like the outdoor game, but played on computer networks. Teams of hackers defend their own computers while attacking other teams’. It’s a controlled setting for what computer hackers do in real life: finding and fixing vulnerabilities in their own systems and exploiting them in others’ It’s the software vulnerability lifecycle.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Weekly Update 333

Troy Hunt

Getting everything out nice and early today so we can get out there in hit the wake park in the balmy "well over 30C" weather (the radio is talking about "severe heatwave weather" as I write this). But hey, we're surrounded by water and a beer delivery is due today so no crisis 😎 There's also a heap more data breach news and I'll be putting that connected BBQ to use for the first time today, stay tuned for epic pics on all of the above over the coming hours

article thumbnail

The headache of changing passwords

Tech Republic Security

Change Your Password Day — an annual reminder of just how bad passwords really are. The post The headache of changing passwords appeared first on TechRepublic.

Passwords 190
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

‘Finish Him!’ US Kills Huawei With Final Tech Ban

Security Boulevard

U.S. cuts off Huawei’s last sources of technology. Export licenses for chips and other tech components are finished. The post ‘Finish Him!’ US Kills Huawei With Final Tech Ban appeared first on Security Boulevard.

article thumbnail

Ransomware Payments Are Down

Schneier on Security

Chainalysis reports that worldwide ransomware payments were down in 2022. Ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million the year before. As always, we have to caveat these findings by noting that the true totals are much higher, as there are cryptocurrency addresses controlled by ransomware attackers that have yet to be identified on the blockchain and incorporated into our data.

More Trending

article thumbnail

New cybersecurity BEC attack mimics vendors

Tech Republic Security

A new business email attack threat actor is using a stealth tactic to avoid giveaways of typical social engineering attacks. Learn the best defense for protecting your company. The post New cybersecurity BEC attack mimics vendors appeared first on TechRepublic.

article thumbnail

Why Traditional Approaches Don’t Work for API Security

Security Boulevard

API sprawl, which Brian Otten, VP of the digital transformation catalysts division with Axway, defined as “an uncontrolled proliferation of APIs in an organization,” is creating a flood of new security headaches for organizations. One of the biggest problems in providing security for APIs is that sprawl makes them difficult to track and inventory. And.

article thumbnail

Passwords Are Terrible (Surprising No One)

Schneier on Security

This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, and ChangeItN0w!—were weak enough to be cracked using standard methods, a recently published security audit of the agency found. […] The results weren’t encouraging.

Passwords 245
article thumbnail

How to survive below the cybersecurity poverty line

CSO Magazine

The security poverty line broadly defines a divide between the organizations that have the means and resources to achieve and maintain mature security postures to protect data, and those that do not. It was first coined by cybersecurity expert Wendy Nather in 2011, and the concept is just as relevant today as it was then (if not more so). It has widely become the benchmark for acceptable cybersecurity, often associated with factors such as company size, sector and disposable income, but also kno

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

CIOs hold greater organizational leadership status

Tech Republic Security

Foundry’s study found the role has been significantly elevated because of the economy, and CIOs are recognized as strategic business partners by their LOB peers. The post CIOs hold greater organizational leadership status appeared first on TechRepublic.

161
161
article thumbnail

Security, Compliance Risks Complicate Cloud Migration Efforts 

Security Boulevard

Security and compliance risks are ranked as among the top barriers to achieving value from investments moving to the cloud as organizations grapple with what they consider an “urgent priority,” according to a recent report from Accenture. The global survey of 800 business and IT leaders revealed security continues to be one of the top. The post Security, Compliance Risks Complicate Cloud Migration Efforts appeared first on Security Boulevard.

article thumbnail

Google Fi data breach let hackers carry out SIM swap attacks

Bleeping Computer

Google Fi, Google's U.S.-only telecommunications and mobile internet service, has informed customers that personal data was exposed by a data breach at one of its primary network providers, with some customers warned that it allowed SIM swapping attacks. [.

article thumbnail

Clarity and Transparency: How to Build Trust for Zero Trust

Cisco Security

Be impeccable with your words. It’s the first of the Four Agreements – a set of universal life principles outlined in the bestselling book by Don Miguel Ruiz. ‘Being impeccable with your words’ is my favorite, and it’s no surprise. As a product marketer, I spend most of my daily existence casting about for the perfect word to use in web copy, a webinar, or video script.

Marketing 130
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

OneNote documents spread malware in several countries

Tech Republic Security

A new phishing campaign abuses OneNote documents to infect computers with the infamous AsyncRAT malware, targeting users in the U.K., Canada and the U.S. The post OneNote documents spread malware in several countries appeared first on TechRepublic.

Malware 156
article thumbnail

6 misconceptions about Software Bills of Materials

Security Boulevard

There is no debate that the software supply chain is filled with action. It’s the front lines of the security world these days. If you have a shadow of a doubt, search the history of SolarWinds, Codecov , or CircleCI for examples of how attackers use the supply chain as a gateway of compromise. The post 6 misconceptions about Software Bills of Materials appeared first on Security Boulevard.

Software 132
article thumbnail

Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows

Dark Reading

Killnet is building its profile, inspiring jewelry sales and rap anthems. But the impact of its DDoS attacks, like the ones that targeted 14 major US hospitals this week, remain largely questionable.

DDOS 131
article thumbnail

New APT34 Malware Targets The Middle East

Trend Micro

We analyze an infection campaign targeting organizations in the Middle East for cyberespionage in December 2022 using a new backdoor malware. The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers.

Malware 121
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Study: Companies have upwards of 1,000 apps but only a third are integrated

Tech Republic Security

A new study by Salesforce’s MuleSoft suggests more isn’t necessarily better if an organization’s applications are not playing well together. Unfortunately, more than 70% remain disconnected from one another and the core business. The post Study: Companies have upwards of 1,000 apps but only a third are integrated appeared first on TechRepublic.

151
151
article thumbnail

QKD: The Key to a Resilient Future

Security Boulevard

One of the most imminent and pressing threats to organizations presently is harvest now, decrypt later (HNDL) attacks. According to a recent poll, half of responding professionals at organizations considering quantum computing benefits believe that their organizations are at risk for HNDL attacks. During an HNDL attack, threat actors will “harvest” encrypted data from unsuspecting.

article thumbnail

Russia Killnet launches DDoS attack on Netherlands and the United States

CyberSecurity Insiders

Killnet launched a Distributed Denial of Service attack(DDoS) on the healthcare websites of the United States and Netherlands, disrupting their operations for several hours. And preliminary investigations revealed that the attack was launched in retaliation for Biden’s pledge to send Abrams battle tanks to support Ukraine against Putin led nation. The University of Michigan Hospital and Stanford Health Care Center are two of the most renowned websites that were targeted in the attack, and the ca

DDOS 125
article thumbnail

APT groups use ransomware TTPs as cover for intelligence gathering and sabotage

CSO Magazine

State-sponsored threat groups increasingly use ransomware-like attacks as cover to hide more insidious activities. Russian advanced persistent threat (APT) group Sandworm used ransomware programs to destroy data multiple times over the past six months while North Korea's Lazarus group used infrastructure previously associated with a ransomware group for intelligence gathering campaigns.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Prilex POS malware evolves to block contactless transactions

Tech Republic Security

A new version of the Prilex POS malware has found a novel way to steal your credit card information. The post Prilex POS malware evolves to block contactless transactions appeared first on TechRepublic.

Malware 149
article thumbnail

Another Password Manager Leak Bug: But KeePass Denies CVE

Security Boulevard

Two researchers report vulnerability in KeePass. But lead developer Dominik Reichl says it’s not a problem—and refuses to fix the flaw. The post Another Password Manager Leak Bug: But KeePass Denies CVE appeared first on Security Boulevard.

article thumbnail

Phishers Trick Microsoft Into Granting Them 'Verified' Cloud Partner Status

Dark Reading

Everyone on Twitter wants a blue check mark. But Microsoft Azure's blue badges are even more valuable to a threat actor stealing your data via malicious OAuth apps.

126
126
article thumbnail

Remote code execution exploit chain available for VMware vRealize Log Insight

CSO Magazine

VMware published patches last week for four vulnerabilities in its vRealize Log Insight product that, if combined, could allow attackers to take over the log collection and analytics platform. This week, a proof-of-concept exploit chain has been released by security researchers, along with detailed explanations for each vulnerability, meaning in-the-wild attacks could soon follow.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

IT staff systems and data access policy

Tech Republic Security

IT pros typically have access to company servers, network devices and data so they can perform their jobs. However, that access entails risk, including exposure of confidential information and interruption in essential business services. This policy from TechRepublic Premium offers guidelines for governing access to critical systems and confidential data.

article thumbnail

ChatGPT Makes Waves Inside and Outside of the Tech Industry

Security Boulevard

New and Noteworthy: ChatGPT Makes Waves Inside and Outside of the Tech Industry Since it was made publicly available in December, ChatGPT has prompted all sorts of reactions from both inside and outside technology circles. Microsoft, which previously invested $1B into ChatGPT creator company OpenAI, indicated it will invest another $10 billion into the company and that it would incorporate AI into all of Microsoft’s tools. ( 1 ) Cybercriminals also seem to see the potential in ChatGPT; some sec

Malware 125
article thumbnail

Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover

Dark Reading

Two security holes — one particularly gnarly — could allow hackers the freedom to do as they wish with the popular edge equipment.

142
142
article thumbnail

QNAP NAS devices are vulnerable to ransomware attacks

CyberSecurity Insiders

A critical vulnerability on QNAP NAS devices was recently patched by the Taiwanese firm. But the issue is that thousands of devices, say 59,000 in number, are yet to receive the update or have to be updated by the admins to avoid hackers from exploiting the SQL Injection Vulnerability. To those new to QNAP, the company is into the manufacturing of network attacks storage devices and has been constantly facing issued regarding security for the past 2 years.

article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.