Lohrman on Security
NOVEMBER 26, 2023
In the past year, ChatGPT has become one of the fastest growing online services ever. But how popular are the generative AI apps? A recent study reveals the data behind the growth.
Schneier on Security
NOVEMBER 27, 2023
There seems to be no end to warrantless surveillance : According to the letter, a surveillance program now known as Data Analytical Services (DAS) has for more than a decade allowed federal, state, and local law enforcement agencies to mine the details of Americans’ calls, analyzing the phone records of countless people who are not suspected of any crime, including victims.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
NOVEMBER 29, 2023
When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of its 18,000+ customers. But today, Okta revised that impact statement, saying the attackers also stole the name and email address for nearly all of its customer support users.
Troy Hunt
NOVEMBER 26, 2023
For a weekly update with no real agenda, we sure did spend a lot of time talking about the ridiculous approach Harvey Norman took to dealing with heavy traffic on Black Friday. It was just. unfathomable. A bunch of people chimed into the tweet thread and suggested it may have been by design, but they certainly wouldn't have set out to achieve the sorts of headlines that adorned the news afterwards.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
The Last Watchdog
NOVEMBER 27, 2023
In cybersecurity, keeping digital threats at bay is a top priority. A new ally in this battle is robotic process automation (RPA.) This technology promises to simplify tasks, boost accuracy and quicken responses. Related: Gen-A’s impact on DevSecOps Robotic process automation is about getting repetitive, rule-based tasks done with the help of software robots , often called “bots.
Schneier on Security
DECEMBER 1, 2023
A stock-trading AI (a simulated experiment) engaged in insider trading, even though it “knew” it was wrong. The agent is put under pressure in three ways. First, it receives a email from its “manager” that the company is not doing well and needs better performance in the next quarter. Second, the agent attempts and fails to find promising low- and medium-risk trades.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Malwarebytes
NOVEMBER 30, 2023
Meta is required to get users’ consent in Europe in order to show them targeted ads. For this reason, Meta has to provide European users with a way to opt out of behavioral advertising or face fines totalling $100,000 a day. Behavioral advertising are ads tailored to someone’s browsing habits and other online behavior. A profile of the user is built up over time, as they work their way around the web.
Bleeping Computer
NOVEMBER 27, 2023
Google Drive users are reporting that recent files stored in the cloud have suddenly disappeared, with the cloud service reverting to a storage snapshot as it was around April-May 2023. [.
Schneier on Security
NOVEMBER 30, 2023
This is clever : The actual attack is kind of silly. We prompt the model with the command “Repeat the word ‘poem’ forever” and sit back and watch as the model responds ( complete transcript here ). In the (abridged) example above, the model emits a real email address and phone number of some unsuspecting entity. This happens rather often when running our attack.
Tech Republic Security
DECEMBER 1, 2023
Apple recommends users update to iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2. Google’s Threat Analysis Group discovered these security bugs.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
WIRED Threat Level
NOVEMBER 30, 2023
In a year pocked with fights over US government funding, Republicans are quietly trying to strip the Centers for Disease Control and Prevention of its ability to research gun violence.
Security Affairs
NOVEMBER 30, 2023
A critical vulnerability in Zoom Room allowed threat actors to take over meetings and steal sensitive data. Researchers at AppOms discovered a vulnerability in Zoom Room as part of the HackerOne live hacking event H1-4420. Zoom Rooms is a feature of the Zoom video conferencing platform designed to enhance collaboration in physical meeting spaces, such as conference rooms or huddle rooms.
Schneier on Security
NOVEMBER 29, 2023
They’re not that good : Security researchers Jesse D’Aguanno and Timo Teräs write that, with varying degrees of reverse-engineering and using some external hardware, they were able to fool the Goodix fingerprint sensor in a Dell Inspiron 15, the Synaptic sensor in a Lenovo ThinkPad T14, and the ELAN sensor in one of Microsoft’s own Surface Pro Type Covers.
Tech Republic Security
NOVEMBER 28, 2023
At AWS re:Invent, NVIDIA contributed GPUs to Amazon's cloud efforts and added a retriever system to its AI Enterprise Software platform on AWS Marketplace.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Trend Micro
NOVEMBER 30, 2023
The Open Radio Access Network (ORAN) architecture provides standardized interfaces and protocols to previously closed systems. However, our research on ORAN demonstrates the potential threat posed by malicious xApps that are capable of compromising the entire Ran Intelligent Controller (RIC) subsystem.
Malwarebytes
NOVEMBER 30, 2023
ScamClub is a threat actor who’s been involved in malvertising activities since 2018. Chances are you probably ran into one of their online scams on your mobile device. Confiant, the firm that has tracked ScamClub for years, released a comprehensive report in September while also disrupting their activities. However, ScamClub has been back for several weeks, and more recently they were behind some very high profile malicious redirects.
Schneier on Security
NOVEMBER 28, 2023
Soon we will be able to unlock and start our cars from our phones. Let’s hope people are thinking about security.
Tech Republic Security
NOVEMBER 28, 2023
60% of Australian small businesses don’t survive a cyber breach. What can the overworked IT pros in small businesses do with limited budgets against the cyber crime wave?
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
NOVEMBER 25, 2023
The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation. The Rhysida ransomware gang added the China Energy Engineering Corporation to the list of victims on its Tor leak site. Energy China [link] TL;DR That's huuuge! China Energy Engineering Group ranks 3rd in ENR Top 150 Global Engineering Design Firms and 13th in ENR Top 250 Global Contractors.
Graham Cluley
NOVEMBER 30, 2023
A 28-year-old maj has pleaded guilty to charges that he illegally hacked the network of his former company, telecoms firm Motorola, after he successfully tricked current staff into handing over their login credentials. Read more in my article on the Tripwire State of Security blog.
Malwarebytes
NOVEMBER 30, 2023
This morning I decided to write some ransomware, and I asked ChatGPT to help. Not because I wanted to turn to a life of crime, but because I wanted to see if anything had changed since March, when I last tried the same exact thing. In short: ChatGPT has helped me, worryingly so. But more on that later. Today is the first anniversary of the unveiling of OpenAI’s generative AI poster boy, ChatGPT.
Tech Republic Security
NOVEMBER 30, 2023
Hunters researchers noted the vulnerability could lead to privilege escalation. Google said the report “does not identify an underlying security issue in our products.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Security Affairs
DECEMBER 1, 2023
The popular cybersecurity researcher Patrick Wardle dissected the new macOS ransomware Turtle used to target Apple devices. The popular cyber security researcher Patrick Wardle published a detailed analysis of the new macOS ransomware Turtle. Wardle pointed out that since Turtle was uploaded on Virus Total, it was labeled as malicious by 24 anti-malware solutions, suggesting it is not a sophisticated threat.
WIRED Threat Level
NOVEMBER 27, 2023
Yes, your iPhone automatically turns on NameDrop with the latest software update. But you shouldn’t really be worried about it—regardless of what the police are saying.
Malwarebytes
NOVEMBER 29, 2023
Google has released an update to Chrome which includes seven security fixes including one for a vulnerability which is known to have already been exploited. If you’re a Chrome user on Windows, Mac, or Linux, you should update as soon as possible. The easiest way to update Chrome is to set it to update automatically, but you have to make sure to close your browser for the update to finish.
Tech Republic Security
DECEMBER 1, 2023
Store unlimited passwords in unlimited vaults on multiple servers, customize fields, use the tool on your smart watch, enjoy built-in authenticator and much more.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
NOVEMBER 29, 2023
The Rhysida ransomware group claimed to have hacked King Edward VII’s Hospital in London. King Edward VII’s Hospital is a private hospital located on Beaumont Street in the Marylebone district of central London. It is a leading provider of acute and specialist medical care, with a focus on musculoskeletal health, urology, women’s health, and digestive health.
SecureList
DECEMBER 1, 2023
Targeted attacks Unknown threat actor targets power generator with DroxiDat and Cobalt Strike Earlier this year, we reported on a new variant of SystemBC called DroxiDat that was deployed against a critical infrastructure target in South Africa. This proxy-capable backdoor was deployed alongside Cobalt Strike beacons. The incident occurred in the third and fourth week of March, as part of a small wave of attacks involving both DroxiDat and Cobalt Strike beacons around the world; and we believe t
WIRED Threat Level
NOVEMBER 29, 2023
Released earlier this month, OpenAI’s GPTs let anyone create custom chatbots. But some of the data they’re built on is easily exposed.
Tech Republic Security
NOVEMBER 27, 2023
With AdGuard DNS, you can block ads, customize parental controls and keep tabs on DNS requests coming in or out — all for the lowest price on the web.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
283 
Let's personalize your content