Sat.Nov 11, 2023 - Fri.Nov 17, 2023

article thumbnail

Ten Ways AI Will Change Democracy

Schneier on Security

Artificial intelligence will change so many aspects of society, largely in ways that we cannot conceive of yet. Democracy, and the systems of governance that surround it, will be no exception. In this short essay, I want to move beyond the “AI-generated disinformation” trope and speculate on some of the ways AI will change how democracy functions—in both large and small ways.

article thumbnail

Acuity Who? Attempts and Failures to Attribute 437GB of Breached Data

Troy Hunt

Allegedly, Acuity had a data breach. That's the context that accompanied a massive trove of data that was sent to me 2 years ago now. I looked into it, tried to attribute and verify it then put it in the "too hard basket" and moved onto more pressing issues. It was only this week as I desperately tried to make some space to process yet more data that I realised why I was short on space in the first place: Ah, yeah - Acuity - that big blue 437GB blob.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

MY TAKE: New tech standards, like ‘Matter’ and ‘BIMI,’ point the way to secure interoperability

The Last Watchdog

The IQ of our smart homes is about to level-up. Hundreds of different types of smart devices designed to automate tasks and route control to our smart phones and wearable devices have arrived on store shelves, just in time for the holiday shopping season. Related: Extending digital trust globally Some of these latest, greatest digital wonders will function well together, thanks to the new Matter smart home devices standard, which was introduced one year ago.

article thumbnail

Microsoft Patch Tuesday, November 2023 Edition

Krebs on Security

Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three “zero day” vulnerabilities that Microsoft warns are already being exploited in active attacks. The zero-day threats targeting Microsoft this month include CVE-2023-36025 , a weakness that allows malicious content to bypass the Windows SmartScreen Security feature.

article thumbnail

Human-Centered Cyber Security Training: Driving Real Impact on Security Culture

Speaker: Speakers:

In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.

article thumbnail

New SSH Vulnerability

Schneier on Security

This is interesting : For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established. […] The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection.

355
355
article thumbnail

Weekly Update 373

Troy Hunt

Most of this week's video went on the scraped (and faked) LinkedIn data, but it's the ransomware discussion that keeps coming back to mind. Even just this morning, 2 days after recording this live stream, I ended up on nation TV talking about the DP World security incident and whilst we don't have any confirmation yet, it has all the hallmarks of another ransomware case.

More Trending

article thumbnail

Alleged Extortioner of Psychotherapy Patients Faces Trial

Krebs on Security

Prosecutors in Finland this week commenced their criminal trial against Julius Kivimäki , a 26-year-old Finnish man charged with extorting a once popular and now-bankrupt online psychotherapy practice and thousands of its patients. In a 2,200-page report, Finnish authorities laid out how they connected the extortion spree to Kivimäki, a notorious hacker who was convicted in 2015 of perpetrating tens of thousands of cybercrimes, including data breaches, payment fraud, operating a botnet and calli

article thumbnail

FTC’s Voice Cloning Challenge

Schneier on Security

The Federal Trade Commission is running a competition “to foster breakthrough ideas on preventing, monitoring, and evaluating malicious voice cloning.

article thumbnail

Weekly Update 374

Troy Hunt

Think about it like this: in 2015, we all lost our proverbial minds at the idea of the Kazakhstan government mandating the installation of root certificates on their citizens' devices. We were outraged at the premise of a government mandating the implementation of a model that could, at their bequest, allow them to intercept traffic without any transparency or accountability.

article thumbnail

MY TAKE: Sophos X-Ops advances internal, external threat intelligence sharing to the next level

The Last Watchdog

Threat intelligence sharing has come a long way since Valentine’s Day 2015. Related: How ‘Internet Access Brokers’ fuel ransomware I happened to be in the audience at Stanford University when President Obama took to the stage to issue an executive order challenging the corporate sector and federal government to start collaborating as true allies.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Australian Nonprofit Cyber Security Is So Poor It Might Be Affecting Donations

Tech Republic Security

Research from Infoxchange indicates that poor cyber security practices in Australia’s not-for-profit sector are putting its donors’ and communities’ data at risk.

Risk 186
article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking at the AI Summit New York on December 6, 2023. The list is maintained on this page.

227
227
article thumbnail

The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story

WIRED Threat Level

Netflix, Spotify, Twitter, PayPal, Slack. All down for millions of people. How a group of teen friends plunged into an underworld of cybercrime and broke the internet—then went to work for the FBI.

article thumbnail

Ransomware gang files SEC complaint over victim’s undisclosed breach

Bleeping Computer

The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack. [.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Sandworm, a Russian Threat Actor, Disrupted Power in Ukraine Via Cyberattack

Tech Republic Security

Any company that is strategic could be targeted for the same kind of actions as this cyberattack. Follow these tips to mitigate your company’s risk to this cybersecurity threat.

Risk 176
article thumbnail

Credit card skimming on the rise for the holiday shopping season

Malwarebytes

As we head into shopping season, customers aren’t the only ones getting excited. More online shopping means more opportunities for cybercriminals to grab their share using scams and data theft. One particular threat we’re following closely and expect to increase over the next several weeks is credit card skimming. Online stores are not always as secure as you might think they are, and yet you need to hand over your valuable credit card information in order to buy anything.

Antivirus 142
article thumbnail

Reptar: New Intel CPU Vulnerability Impacts Multi-Tenant Virtualized Environments

The Hacker News

Intel has released fixes to close out a high-severity flaw codenamed Reptar that impacts its desktop, mobile, and server CPUs. Tracked as CVE-2023-23583 (CVSS score: 8.8), the issue has the potential to "allow escalation of privilege and/or information disclosure and/or denial of service via local access.

Mobile 139
article thumbnail

Mistaken Identity: Extracting Managed Identity Credentials from Azure Function Apps 

NetSpi Technical

As we were preparing our slides and tools for our DEF CON Cloud Village Talk ( What the Function: A Deep Dive into Azure Function App Security ), Thomas Elling and I stumbled onto an extension of some existing research that we disclosed on the NetSPI blog in March of 2023. We had started working on a function that could be added to a Linux container-based Function App to decrypt the container startup context that is passed to the container on startup.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Microsoft Ignite: New Solutions Offer More Security and Productivity from Windows in the Cloud

Tech Republic Security

Cloud PCs give you access to Windows AI tools on any device, and Windows 365 now has AI-powered tools to help IT give users the right cloud PC for their needs.

article thumbnail

Google to Force-Block Ad Blockers — Time to Get Firefox?

Security Boulevard

Manifest V3: Destiny. Huge advertising monopoly flexes muscles: “Manifest V2” extensions to be nuked, but “V3” cripples ad blockers. The post Google to Force-Block Ad Blockers — Time to Get Firefox? appeared first on Security Boulevard.

article thumbnail

Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities

The Hacker News

Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild. Of the 63 flaws, three are rated Critical, 56 are rated Important, and four are rated Moderate in severity. Two of them have been listed as publicly known at the time of the release.

Software 134
article thumbnail

WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks

Bleeping Computer

The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site's database. [.

131
131
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Intel Patches Widespread Processor Vulnerability

Tech Republic Security

The strange vulnerability could have allowed for escalation of privilege, denial of service or information disclosure attacks.

Software 182
article thumbnail

A Closer Look at ChatGPT's Role in Automated Malware Creation

Trend Micro

This blog entry explores the effectiveness of ChatGPT's safety measures, the potential for AI technologies to be misused by criminal actors, and the limitations of current AI models.

Malware 127
article thumbnail

Zero-Days in Edge Devices Become China's Cyber Warfare Tactic of Choice

Dark Reading

While China is already among the world's most formidable threat actors, a focus on exploiting public-facing appliances makes its state-sponsored APTs more dangerous than ever.

130
130
article thumbnail

Running Signal Will Soon Cost $50 Million a Year

WIRED Threat Level

Signal’s president reveals the cost of running the privacy-preserving platform—not just to drum up donations, but to call out the for-profit surveillance business models it competes against.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Red Hat: UK Leads Europe in IT Automation, But Key Challenges Persist

Tech Republic Security

The U.K.'s position as a financial services hub puts it ahead in enterprise-wide IT automation, says Red Hat. But skills shortages remain an issue for all IT leaders surveyed.

article thumbnail

Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers

The Hacker News

A sub-cluster within the infamous Lazarus Group has established new infrastructure that impersonates skills assessment portals as part of its social engineering campaigns. Microsoft attributed the activity to a threat actor it calls Sapphire Sleet, describing it as a "shift in the persistent actor's tactics.

article thumbnail

Top 7 cyber security measures that enterprises shouldn’t neglect

Security Boulevard

In an era dominated by digital connectivity, enterprises face unprecedented challenges in safeguarding their sensitive data and digital assets from an ever-evolving landscape of cyber threats. As the frequency and sophistication of cyber attacks continue to rise, it becomes imperative […] The post Top 7 cyber security measures that enterprises shouldn’t neglect appeared first on WeSecureApp :: Simplifying Enterprise Security.

article thumbnail

Microsoft fixes critical Azure CLI flaw that leaked credentials in logs

Bleeping Computer

Microsoft has fixed a critical security vulnerability that could let attackers steal credentials from GitHub Actions or Azure DevOps logs created using Azure CLI (short for Azure command-line interface). [.

127
127
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.