Sat.Jan 13, 2024 - Fri.Jan 19, 2024

article thumbnail

Code Written with AI Assistants Is Less Secure

Schneier on Security

Interesting research: “ Do Users Write More Insecure Code with AI Assistants? “: Abstract: We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that participants who had access to an AI assistant based on OpenAI’s codex-davinci-002 model wrote significantly less secure code than those without access.

article thumbnail

Warning: Scammers Are Now PERFECTLY Impersonating Utility Companies

Joseph Steinberg

Several hours ago , I received a phone call; the caller ID displayed the accurate name and phone number of my local utility company. As our area has, at times, suffered from power disruptions during winter storms, and we had winter weather yesterday and are expecting more tomorrow, I answered the call to see if the utility was advising of some repair that could impact service.

Scams 223
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Canadian Man Stuck in Triangle of E-Commerce Fraud

Krebs on Security

A Canadian man who says he's been falsely charged with orchestrating a complex e-commerce scam is seeking to clear his name.

Scams 264
article thumbnail

Androxgh0st Malware Botnet Steals AWS, Microsoft Credentials and More

Tech Republic Security

The Androxgh0st malware botnet is used for victim identification and exploitation in targeted networks, as well as credentials collection. Read the FBI/CISA's tips for protecting against this malware threat.

Malware 178
article thumbnail

Guide to Business Writing

Everything you need to know about better business writing in one place. This is a complete guide to business writing — from a clear business writing definition to tips on how to hone your business writing skills.

article thumbnail

Zelle Is Using My Name and Voice without My Consent

Schneier on Security

Okay, so this is weird. Zelle has been using my name, and my voice, in audio podcast ads—without my permission. At least, I think it is without my permission. It’s possible that I gave some sort of blanket permission when speaking at an event. It’s not likely, but it is possible. I wrote to Zelle about it. Or, at least, I wrote to a company called Early Warning that owns Zelle about it.

Marketing 254
article thumbnail

CVE-2023-22527 (CVSS 10): Critical RCE Flaw in Confluence Data Center and Server

Penetration Testing

A new threat looms large for users of Confluence Data Center and Confluence Server, marked by the alarming designation CVE-2023-22527. This vulnerability, with a CVSS score of 10, signifies the highest level of severity... The post CVE-2023-22527 (CVSS 10): Critical RCE Flaw in Confluence Data Center and Server appeared first on Penetration Testing.

More Trending

article thumbnail

Top IT Trends in Australia for IT Pros to Prepare For in 2024

Tech Republic Security

IT spending in Australia is forecast to increase significantly in 2024. This means that IT pros who spend time on skills development will be able to instead focus on growth in their career.

Big data 166
article thumbnail

Speaking to the CIA’s Creative Writing Group

Schneier on Security

This is a fascinating story. Last spring, a friend of a friend visited my office and invited me to Langley to speak to Invisible Ink, the CIA’s creative writing group. I asked Vivian (not her real name) what she wanted me to talk about. She said that the topic of the talk was entirely up to me. I asked what level the writers in the group were.

243
243
article thumbnail

AI used to fake voices of loved ones in “I’ve been in an accident” scam

Malwarebytes

The San Francisco Chronicle tells a story about a family that almost got scammed when they heard their son’s voice telling them he’d been in a car accident and hurt a pregnant woman. Sadly, this is becoming more common. Scammers want to spread panic among their victims, and to do this, they feign an emergency situation. That may be a car accident, unexpected hospitalization, or any other scenarios which instantly cause concern and cause victims to act quickly.

Scams 144
article thumbnail

pandora: A red team tool to extract credentials from password managers

Penetration Testing

Pandora This is a red team tool that assists in gathering credentials from different password managers. They are separated into three categories, Windows 10 desktop applications, browsers, and browser plugins. This may work on... The post pandora: A red team tool to extract credentials from password managers appeared first on Penetration Testing.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Attackers Could Eavesdrop on AI Conversations on Apple, AMD, Imagination and Qualcomm GPUs

Tech Republic Security

Security researchers from Trail of Bits identified a GPU memory vulnerability they called LeftoverLocals. Some affected GPU vendors have issued fixes.

article thumbnail

Canadian Citizen Gets Phone Back from Police

Schneier on Security

After 175 million failed password guesses, a judge rules that the Canadian police must return a suspect’s phone. [Judge] Carter said the investigation can continue without the phones, and he noted that Ottawa police have made a formal request to obtain more data from Google. “This strikes me as a potentially more fruitful avenue of investigation than using brute force to enter the phones,” he said.

Passwords 231
article thumbnail

TeamViewer abused to breach networks in new ransomware attacks

Bleeping Computer

Ransomware actors are again using TeamViewer to gain initial access to organization endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder. [.

article thumbnail

Lateral Movement – Visual Studio DTE

Penetration Testing Lab

A lot of organizations have some sort of application development program and it is highly likely that developers will utilize Visual Studio for their development… Continue reading → Lateral Movement – Visual Studio DTE

144
144
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

SMB Security Pack

Tech Republic Security

Small and midsize businesses are increasingly being targeted by cybercriminals — but they often lack the resources and expertise to develop comprehensive security policies to help defend against threats. This set of policies from TechRepublic Premium will help your company establish guidelines and procedures to reduce the risks. The pack comprises seven documents: IT Staff.

Risk 148
article thumbnail

Voice Cloning with Very Short Samples

Schneier on Security

New research demonstrates voice cloning, in multiple languages, using samples ranging from one to twelve seconds. Research paper.

250
250
article thumbnail

Google changes wording for Incognito browsing in Chrome

Malwarebytes

Users of Chrome Canary have noticed some slight changes in the wording that Google uses for Incognito mode. Chrome Canary is mainly intended for use by developers. It’s updated nearly daily with new features, and because it can be used alongside versions of the “normal” Chrome browser (known collectively as Chrome’s “Stable channel”), it can serve for testing and development purposes.

article thumbnail

Massive ‘New’ Leaked Credentials List: Naz.API Pwns Troy

Security Boulevard

Have I been pwned? Yes, you probably have. Stop reusing passwords, already. Here’s what else you should do. The post Massive ‘New’ Leaked Credentials List: Naz.API Pwns Troy appeared first on Security Boulevard.

Passwords 132
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

This Top-Rated Data Recovery Tool is More Than $100 Off Now

Tech Republic Security

Protect your business from both tech and human error with EaseUS Data Recovery Wizard, now just $46 for life for a limited time this January.

152
152
article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking at the International PolCampaigns Expo (IPE24) in Cape Town, South Africa, January 25-26, 2024. The list is maintained on this page.

208
208
article thumbnail

“I’ll miss him so much” Facebook scam uses BBC branding to lure victims

Malwarebytes

Facebook scams are a constant nuisance and vary from like-farming to scams that can cost you some serious money. The latest one we found is a bit morbid. Recently, I’ve seen quite a few posts on my timeline that looked like this: Without going into details the post says: “I can’t believe he’s gone. I’ll miss him so much” In all the posts I’ve seen, one of my Facebook friends was tagged.

Scams 136
article thumbnail

FlowMate: BurpSuite extension that brings taint analysis to web applications

Penetration Testing

FlowMate Have you ever wondered how to consider all input-to-output correlations of a web application during a pentest? With FlowMate, you no longer have to. FlowMate is our BurpSuite extension designed to introduce taint analysis to web... The post FlowMate: BurpSuite extension that brings taint analysis to web applications appeared first on Penetration Testing.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Attackers Could Eavesdrop on AI Conversations on Apple, AMD, Imagination and Qualcomm GPUs

Tech Republic Security

Security researchers from Trail of Bits identified a GPU memory vulnerability they called LeftoverLocals. Some affected GPU vendors have issued fixes.

article thumbnail

The Story of the Mirai Botnet

Schneier on Security

Over at Wired, Andy Greenberg has an excellent story about the creators of the 2016 Mirai botnet.

243
243
article thumbnail

Update Chrome! Google patches actively exploited zero-day vulnerability

Malwarebytes

Google has released an update for Chrome which includes four security fixes, including one for a vulnerability that has reportedly already been exploited. The easiest way to update Chrome is to allow it to update automatically, which basically uses the same method as outlined below but does not require your attention. But you can end up lagging behind if you never close the browser or if something goes wrong—such as an extension stopping you from updating the browser.

article thumbnail

Salt Security Adds Governance Engine to API Security Platform

Security Boulevard

Salt Security added a posture governance engine to its API security platform that defines and enforces implementation standards. The post Salt Security Adds Governance Engine to API Security Platform appeared first on Security Boulevard.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Transmission of Sensitive Data Policy

Tech Republic Security

Data in transit means data is at risk if the proper precautions aren’t followed. Data stored inside a securely monitored environment is much less likely to fall into the wrong hands than data exchanged between people and systems. With this in mind, it is essential for company personnel to adhere to firm and clear guidelines.

Risk 133
article thumbnail

The 7 deadly cloud security sins and how SMBs can do things better

We Live Security

By eliminating these mistakes and blind spots, your organization can take massive strides towards optimizing its use of cloud without exposing itself to cyber-risk

article thumbnail

Jira down: Atlassian outage affecting multiple cloud services

Bleeping Computer

Multiple Atlassian Jira products are experiencing an ongoing outage as of this morning. Users of Jira Work management, Jira Software, Jira Service Management and Jira Product Discovery are facing connection issues. [.

Software 127
article thumbnail

AI & Cybersecurity: Navigating the Digital Future

Security Boulevard

By: Gary Perkins, Chief Information Security Officer As we keep a close eye on trends impacting businesses this year, it is impossible to ignore the impacts of Artificial Intelligence and its evolving relationship with technology. One of the key areas experiencing this transformational change is cybersecurity. The integration of AI with cybersecurity practices is imperative, […] The post AI & Cybersecurity: Navigating the Digital Future appeared first on CISO Global.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.