Sat.Mar 18, 2023 - Fri.Mar 24, 2023

article thumbnail

ChatGPT Privacy Flaw

Schneier on Security

OpenAI has disabled ChatGPT’s privacy history, almost certainly because they had a security flaw where users were seeing each others’ histories.

article thumbnail

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Krebs on Security

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection. Here’s a primer on why you might want to do that, and how.

Mobile 290
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Massive adversary-in-the-middle phishing campaign bypasses MFA and mimics Microsoft Office

Tech Republic Security

Microsoft has already seen millions of phishing emails sent every day by attackers using this phishing kit. Learn how to protect your business from this AitM campaign. The post Massive adversary-in-the-middle phishing campaign bypasses MFA and mimics Microsoft Office appeared first on TechRepublic.

Phishing 203
article thumbnail

Procter & Gamble confirms data theft via GoAnywhere zero-day

Bleeping Computer

Consumer goods giant Procter & Gamble has confirmed a data breach affecting an undisclosed number of employees after its GoAnywhere MFT secure file-sharing platform was compromised in early February. [.

article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

Exploding USB Sticks

Schneier on Security

In case you don’t have enough to worry about, people are hiding explosives —actual ones—in USB sticks: In the port city of Guayaquil, journalist Lenin Artieda of the Ecuavisa private TV station received an envelope containing a pen drive which exploded when he inserted it into a computer, his employer said. Artieda sustained slight injuries to one hand and his face, said police official Xavier Chango.

241
241
article thumbnail

Vulnerability Management Automation: A Mandate, Not A Choice

CyberSecurity Insiders

Cybercriminals are smarter, faster, and more relentless in their attacks than in times past. Data breaches are a serious threat to organizations, but vulnerability management automation can help reduce the number of incidents businesses face each year. Managing vulnerabilities is difficult in an increasingly connected cyber environment. Companies have their own networks, networks connected to their supply chains, vendor access, remote workers, and other entry points, all creating security gaps.

More Trending

article thumbnail

New CISA tool detects hacking activity in Microsoft cloud services

Bleeping Computer

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has released a new open-source incident response tool that helps detect signs of malicious activity in Microsoft cloud environments. [.

Hacking 136
article thumbnail

7 guidelines for identifying and mitigating AI-enabled phishing campaigns

CSO Magazine

The emergence of effective natural language processing tools such as ChatGPT means it's time to begin understanding how to harden against AI-enabled cyberattacks. The natural language generation capabilities of large language models (LLMs) are a natural fit for one of cybercrime’s most important attack vectors: phishing. Phishing relies on fooling people and the ability to generate effective language and other content at scale is a major tool in the hacker’s kit.

Phishing 136
article thumbnail

We are scared of Artificial Intelligence says OpenAI CEO

CyberSecurity Insiders

After the release of ChatGPT in November 2022, the OpenAI CEO and the people behind the conversational chatbot launch say that they are equally scared of the negative consequences that the newly developed technology can fetch in the future. Sam Altman, the tech brain leading the company, now owned by Microsoft, spoke a few words about what the world was intending to say about the tech.

article thumbnail

First Dero cryptojacking campaign targets unprotected Kubernetes instances

Tech Republic Security

Learn how this cryptocurrency campaign operates and its scope. Then, get tips on protecting vulnerable Kubernetes instances from this cybersecurity threat. The post First Dero cryptojacking campaign targets unprotected Kubernetes instances appeared first on TechRepublic.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Dark Reading

In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest.

Hacking 145
article thumbnail

Hackers inject credit card stealers into payment processing modules

Bleeping Computer

A new credit card stealing hacking campaign is doing things differently than we have seen in the past by hiding their malicious code inside the 'Authorize.net' payment gateway module for WooCommcerce, allowing the breach to evade detection by security scans. [.

Hacking 133
article thumbnail

New vulnerabilities found in industrial control systems of major vendors

CSO Magazine

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued advisories on 49 vulnerabilities in eight industrial control systems (ICS) this week, which are used across multiple critical infrastructure sectors. The vulnerabilities identified by CISA were tracked in products from ICS providers including Siemens, Hitachi, Rockwell, Delta Electronics, VISAM, and Keysight.

article thumbnail

DevSecOps puts security in the software cycle

Tech Republic Security

Addressing cybersecurity can be a challenge when the focus is on speed in software development and production life cycles. The post DevSecOps puts security in the software cycle appeared first on TechRepublic.

Software 167
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Ferrari Announces Data Breach. Customers Risk Data Leakage

Heimadal Security

On March 20th, Ferrari announced they were victims of a cyberattack that could result in customers` data leakage. Threat actors claimed to have breached some of the Ferrari IT systems and sent a ransom demand. Ferrari N.V. announces that Ferrari S.p.A., its wholly-owned Italian subsidiary, was recently contacted by a threat actor with a ransom […] The post Ferrari Announces Data Breach.

article thumbnail

Windows 11, Tesla, Ubuntu, and macOS hacked at Pwn2Own 2023

Bleeping Computer

On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model 3. [.

Hacking 132
article thumbnail

GitHub's Private RSA SSH Key Mistakenly Exposed in Public Repository

Dark Reading

GitHub hastens to replace its RSA SSH host key after an exposure mishap threatens users with man-in-the-middle attacks and organization impersonation.

142
142
article thumbnail

Ransomware gangs’ harassment of victims is increasing

Tech Republic Security

The harassment reported by Palo Alto Networks Unit 42 typically takes the form of phone calls and emails directed toward employees, C-suite executives and even customers. The post Ransomware gangs’ harassment of victims is increasing appeared first on TechRepublic.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Your Guide to Vulnerability Scanning

CyberSecurity Insiders

Is your organization doing enough to protect its environment from hackers? In 2021, U.S. companies lost nearly $7 billion to phishing scams, malware, malvertising, and other cybercrimes. Experts estimate that by 2025, such schemes will cost businesses worldwide more than $10.5 trillion annually. Given those figures, it’s clear that companies can’t afford to ignore the threat hackers pose to their bottom line.

Firewall 129
article thumbnail

Using Deception to Learn About Russian Threat Actors

Security Boulevard

It has been almost a year since Russia first invaded Ukraine, and the war has resulted in a massive rise in both physical and digital attacks. Since the invasion, Russian cyberattacks have skyrocketed and any country or business that has allied with Ukraine, or opposed the war, has become a target. As these attacks have. The post Using Deception to Learn About Russian Threat Actors appeared first on Security Boulevard.

article thumbnail

Windows 11 also vulnerable to “aCropalypse” image data leakage

Naked Security

Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem.

141
141
article thumbnail

BECs double in 2022, overtaking ransomware

Tech Republic Security

A look at 4th quarter 2022, data suggests that new threat surfaces notwithstanding, low-code cybersecurity business email compromises including phishing, as well as MFA bombing are still the prevalent exploits favored by threat actors. The post BECs double in 2022, overtaking ransomware appeared first on TechRepublic.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Google Project Zero issues vulnerability alert on Samsung Exynos Modems

CyberSecurity Insiders

Google’s dedicated team of cybersecurity researchers from ‘Project Zero’ have found a flaw in Samsung Exynos Modems that can give unauthorized data access to hackers, without the knowledge of users. And it’s discovered that the vulnerability allows a cyber criminal to compromise a smart phone at the Internet-to-baseband remote code execution level, giving access to sensitive data such as contacts, messages and even photos.

article thumbnail

ShellBot DDoS Malware Targets Poorly Managed Linux Servers

Heimadal Security

A new campaign is deploying variants of the ShellBot malware, specifically targeting poorly maintained Linux SSH servers. It seems the threat actors use scanner malware to find systems that have SSH port 22 open and proceed to install ShellBot on the servers that have weak credentials. ShellBot, also known as PerlBot, is a DDoS Bot […] The post ShellBot DDoS Malware Targets Poorly Managed Linux Servers appeared first on Heimdal Security Blog.

DDOS 126
article thumbnail

Emotet malware now distributed in Microsoft OneNote files to evade defenses

Bleeping Computer

The Emotet malware is now distributed using Microsoft OneNote email attachments, aiming to bypass Microsoft security restrictions and infect more targets. [.

Malware 132
article thumbnail

Running WordPress on Azure for secure, fast and global content delivery

Tech Republic Security

Learn about Microsoft's WordPress on Azure App Service, as well as an interesting alternative from WP Engine. The post Running WordPress on Azure for secure, fast and global content delivery appeared first on TechRepublic.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Lessons from a Scam Artist

Security Through Education

What does a government scam, an IT support scam and a romance scam have in common? They all use psychology and social engineering skills to convince their victims to take an action that is detrimental to them. It’s easy to think “I know better” or “that will never happen to me.” The truth is, being human is enough for anyone to fall victim to a scammer’s tactics.

Scams 122
article thumbnail

BlackGuard stealer extends its capabilities in new variant

CyberSecurity Insiders

AT&T Alien Labs researchers have discovered a new variant of BlackGuard stealer in the wild, infecting using spear phishing attacks. The malware evolved since its previous variant and now arrives with new capabilities. Key takeaways: BlackGuard steals user sensitive information from a wide range of applications and browsers. The malware can hijack crypto wallets copied to clipboard.

Malware 121
article thumbnail

Facebook accounts hijacked by new malicious ChatGPT Chrome extension

Bleeping Computer

A trojanized version of the legitimate ChatGPT extension for Chrome is gaining popularity on the Chrome Web Store, accumulating over 9,000 downloads while stealing Facebook accounts. [.

article thumbnail

Report: Too many enterprises have shadow IT – unlocked doors with no cameras

Tech Republic Security

New report says far too many firms have too many IT assets they cannot see or aren’t using, with some Windows servers lacking endpoint protection and patch management. The post Report: Too many enterprises have shadow IT – unlocked doors with no cameras appeared first on TechRepublic.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.