Sat.Feb 11, 2023 - Fri.Feb 17, 2023

article thumbnail

ChatGPT Is Ingesting Corporate Secrets

Schneier on Security

Interesting : According to internal Slack messages that were leaked to Insider , an Amazon lawyer told workers that they had “already seen instances” of text generated by ChatGPT that “closely” resembled internal company data. This issue seems to have come to a head recently because Amazon staffers and other tech workers throughout the industry have begun using ChatGPT as a “ coding assistant ” of sorts to help them write or improve strings of code, the report

354
354
article thumbnail

Quantum Computers: What Is Q-Day? And What’s the Solution?

Lohrman on Security

Quantum computers hold the promise of amazing advances in numerous fields. So why are cybersecurity experts so worried about Q-Day? What must be done now to prepare?

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

New Protections for Food Benefits Stolen by Skimmers

Krebs on Security

Millions of Americans receiving food assistance benefits just earned a new right that they can’t yet enforce: The right to be reimbursed if funds on their Electronic Benefit Transfer (EBT) cards are stolen by card skimming devices secretly installed at cash machines and grocery store checkout lanes. On December 29, 2022, President Biden signed into law the Consolidated Appropriations Act of 2023 , which — for the first time ever — includes provisions for the replacement of stol

Scams 253
article thumbnail

GUEST ESSAY: Data loss prevention beccomes paramount — expecially in the wake of layoffs

The Last Watchdog

When a company announces layoffs, one of the last things most employees or even company owners worry about is data loss. Related: The importance of preserving trust in 2023 Valuable or sensitive information on a computer is exposed to theft or to getting compromised. This can happen due to intentional theft, human error, malware, or even physical destruction of servers.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Defending against AI Lobbyists

Schneier on Security

When is it time to start worrying about artificial intelligence interfering in our democracy? Maybe when an AI writes a letter to The New York Times opposing the regulation of its own technology. That happened last month. And because the letter was responding to an essay we wrote, we’re starting to get worried. And while the technology can be regulated, the real solution lies in recognizing that the problem is human actors—and those we can do something about.

Hacking 235
article thumbnail

Cryptocurrency users in the US hit by ransomware and Clipper malware

Tech Republic Security

Learn how to protect your business and staff from the MortalKombat ransomware and Laplas Clipper malware. The post Cryptocurrency users in the US hit by ransomware and Clipper malware appeared first on TechRepublic.

Malware 204

More Trending

article thumbnail

SHARED INTEL: The expect impacts of Pres. Biden’s imminent National Cybersecurity Strategy

The Last Watchdog

The United States will soon get some long-awaited cybersecurity updates. Related: Spies use Tik Tok, balloons That’s because the Biden administration will issue the National Cyber Strategy within days. Despite lacking an official published document, some industry professionals have already seen a draft copy of the strategic plan and weighed in with their thoughts.

article thumbnail

The Rise of Security Service Edge (SSE): A Game-changer for the Modern Workforce

CyberSecurity Insiders

The pandemic shook businesses to its core, forcing users to trade in their office chairs for home desks. The result? Users, devices, and data scattered across the world. And for those in the networking and security fields, this shift brought major challenges. The traditional castle and moat access approach was no longer enough, and even the most reliable security tools became obsolete.

article thumbnail

Investigators uncover crypto scammers baiting ‘phish’ hooks on YouTube

Tech Republic Security

A report reveals a new network of malefactors in the lucrative crypto fraud market using videos, channels and web apps. The post Investigators uncover crypto scammers baiting ‘phish’ hooks on YouTube appeared first on TechRepublic.

Phishing 178
article thumbnail

IoC detection experiments with ChatGPT

SecureList

ChatGPT is a groundbreaking chatbot powered by the neural network-based language model text-davinci-003 and trained on a large dataset of text from the Internet. It is capable of generating human-like text in a wide range of styles and formats. ChatGPT can be fine-tuned for specific tasks, such as answering questions, summarizing text, and even solving cybersecurity-related problems, such as generating incident reports or interpreting decompiled code.

Malware 140
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

‘Serious’ Ransomware Emergency in Oakland, Calif. — Legacy FAIL

Security Boulevard

Oakland is still reeling from last week’s ransomware attack. San Francisco’s poorer neighbor is asking for help. The post ‘Serious’ Ransomware Emergency in Oakland, Calif. — Legacy FAIL appeared first on Security Boulevard.

article thumbnail

GoDaddy: Hackers stole source code, installed malware in multi-year breach

Bleeping Computer

Web hosting giant GoDaddy says it suffered a breach where unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment in a multi-year attack. [.

Malware 137
article thumbnail

Security warning: Beep malware can evade detection

Tech Republic Security

Find out how Beep malware can evade your security system, what it can do and how to protect your business. The post Security warning: Beep malware can evade detection appeared first on TechRepublic.

Malware 161
article thumbnail

EU parliamentary committee says 'no' to EU-US data privacy framework

CSO Magazine

The European Parliament’s Committee on Civil Liberties, Justice and Home Affairs has recommended that the European Commission reject the proposed EU-US Data Privacy Framework, which would govern the way in which the personal information of EU citizens is handled by US companies. The committee's decision — formally, a draft motion for a resolution— represents a rejection of the European Commission’s recommendation, announced in December , that the data privacy framework should be adopted.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Your Mental Health Data for Sale or Rent — 20¢

Security Boulevard

U.S. GDPR ASAP: Data brokers are selling PII about mental health conditions—depression, anxiety, bipolar disorder, PTSD, OCD, etc. The post Your Mental Health Data for Sale or Rent — 20¢ appeared first on Security Boulevard.

article thumbnail

Hackers backdoor Microsoft IIS servers with new Frebniis malware

Bleeping Computer

Hackers are deploying a new malware named 'Frebniss' on Microsoft's Internet Information Services (IIS) that stealthily executes commands sent via web requests. [.

Malware 136
article thumbnail

Check Point’s annual cybersecurity event spotlights power of AI

Tech Republic Security

The company showcased dozens of new security tools and services to detect and prevent malware, phishing, ransomware and other attacks, but AI took center stage. The post Check Point’s annual cybersecurity event spotlights power of AI appeared first on TechRepublic.

article thumbnail

BrandPost: The Future of Machine Learning in Cybersecurity

CSO Magazine

Machine learning (ML) is a commonly used term across nearly every sector of IT today. And while ML has frequently been used to make sense of big data—to improve business performance and processes and help make predictions—it has also proven priceless in other applications, including cybersecurity. This article will share reasons why ML has risen to such importance in cybersecurity, share some of the challenges of this particular application of the technology and describe the future that machine

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Oligo Security Mitigates Open Source Vulnerabilities at Runtime

Security Boulevard

Oligo Security today launched a runtime application security and observability platform that enables cybersecurity teams to detect and prioritize open source code vulnerabilities based on severity without affecting performance. Fresh from raising $28 million in funding, Oligo CEO Nadav Czerninski said the Oligo platform makes use of dynamic library-level analysis and behavior monitoring software to.

article thumbnail

Cyber Attack on Succession Wealth and NHS Staff Data Leaked

CyberSecurity Insiders

Succession Wealth, a financial wealth management service offering company, has released a press statement that a cyber attack targeted its servers and it can only reveal details after the investigation gets concluded. Prima Facie revealed that hackers accessed no client data in the attack. However, a confirmation on this note can only be given after a detailed inquiry gets concluded.

article thumbnail

What Twitter outage says about (over) zealous downsizing

Tech Republic Security

The outage message that Twitter users got last week could be read as a warning for big tech firms looking to slash their IT workforce. The post What Twitter outage says about (over) zealous downsizing appeared first on TechRepublic.

139
139
article thumbnail

Attacks on industrial infrastructure on the rise, defenses struggle to keep up

CSO Magazine

The last year saw a rise in the sophistication and number of attacks targeting industrial infrastructure, including the discovery of a modular malware toolkit that's capable of targeting tens of thousands of industrial control systems (ICS) across different industry verticals. At the same time, incident response engagements by industrial cybersecurity firm Dragos showed that 80% of impacted environments lacked visibility into ICS traffic and half had network segmentation issues and uncontrolled

Malware 130
article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.

article thumbnail

Ransomware Closed 2022 With a Bang, Fueled by RaaS

Security Boulevard

It comes as no surprise that, as last year came to a close, Microsoft was tracking more than 50 unique active ransomware families and more than 100 threat actors that were using ransomware in their attacks. After all, ransomware is still a familiar, destructive and sometimes costly foe; 2022 ended with the Sandworm gang launching. The post Ransomware Closed 2022 With a Bang, Fueled by RaaS appeared first on Security Boulevard.

article thumbnail

Cyber Attack news headlines trending on Google

CyberSecurity Insiders

Technion University, one of the top technology schools in Israel, has issued a press update that most of its systems were targeted by a ransomware attack and it could be the work of the DarkBit hacking group, a gang that is opposing the government policies of Israel. This is for the first time that the name of the DarkBit hacking group has emerged on the web and news is out that the gang demands 80 Bitcoins to release a decryption key to the Israel Institute of Technology in Haifa and the paymen

article thumbnail

How to secure your iOS device to prevent unwanted access

Tech Republic Security

Leaving your iOS device unattended can pose a security risk as more iOS users are carrying personal information on their devices. Keep it secure with these handy tips. The post How to secure your iOS device to prevent unwanted access appeared first on TechRepublic.

Risk 130
article thumbnail

5 biggest risks of using third-party services providers

CSO Magazine

As business processes become more complex, companies are turning to third parties to boost their ability to provide critical services from cloud storage to data management to security. It’s often more efficient and less expensive to contract out work that would otherwise require significant effort and potentially drain in-house resources to those who can do it for you.

Risk 129
article thumbnail

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Did you know that 2021 was a record-breaking year for ransomware? The days of a “once in a while” attack against businesses and organizations are over. Cyberthreats have become a serious issue. With 495.1 million attacks, the threat marked a 148% increase compared to 2020 and was the most expensive year on record! As a result, data protection needs to be a concern for most banks, businesses, and information technology specialists.

article thumbnail

When Will the First ChatGPT-Based Cyberattacks Launch?

Security Boulevard

It’s evident that many cybersecurity and IT professionals have mixed feelings about AI in general and ChatGPT in particular. According to a recent study from BlackBerry, while eight in ten decision makers said they plan to invest in AI-driven cybersecurity by 2025, three-quarters of those respondents saw AI as a serious threat to security. The. The post When Will the First ChatGPT-Based Cyberattacks Launch?

article thumbnail

Oakland Declares State of Emergency Following Ransomware Attack

SecureWorld News

How would you feel to wake up one day and find that your city's IT systems are offline? That's the reality the City of Oakland, California, is facing after a ransomware attack last week. The incident has caused enough damage that the city has declared a state of emergency to expedite orders, materials, and equipment procurement, and to activate emergency workers when needed, highlighting the real-world consequences of cyberattacks.

article thumbnail

New Mirai malware variant infects Linux devices to build DDoS botnet

Bleeping Computer

A new Mirai botnet variant tracked as 'V3G4' targets 13 vulnerabilities in Linux-based servers and IoT devices to use in DDoS (distributed denial of service) attacks. [.

DDOS 124
article thumbnail

Plan now to avoid a communications failure after a cyberattack

CSO Magazine

Responses to recent cyber breaches suggest organizations can struggle to get the message right in the midst of an incident. While managing the communications around an incident is outside the direct purview of the CISO, having an existing communications plan in place is an essential element of cyber preparedness. “Communications are a critical component of a good cyber strategy, and it should be prepared and practiced in organizations before an incident occurs,” says Eden Winokur, head of cyber

CISO 127
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?