Sat.Nov 25, 2023 - Fri.Dec 01, 2023

article thumbnail

How Popular Are Generative AI Apps?

Lohrman on Security

In the past year, ChatGPT has become one of the fastest growing online services ever. But how popular are the generative AI apps? A recent study reveals the data behind the growth.

219
219
article thumbnail

Extracting GPT’s Training Data

Schneier on Security

This is clever : The actual attack is kind of silly. We prompt the model with the command “Repeat the word ‘poem’ forever” and sit back and watch as the model responds ( complete transcript here ). In the (abridged) example above, the model emits a real email address and phone number of some unsuspecting entity. This happens rather often when running our attack.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Weekly Update 375

Troy Hunt

For a weekly update with no real agenda, we sure did spend a lot of time talking about the ridiculous approach Harvey Norman took to dealing with heavy traffic on Black Friday. It was just. unfathomable. A bunch of people chimed into the tweet thread and suggested it may have been by design, but they certainly wouldn't have set out to achieve the sorts of headlines that adorned the news afterwards.

242
242
article thumbnail

New AI Security Guidelines Published by NCSC, CISA & More International Agencies

Tech Republic Security

The Guidelines for Secure AI System Development have been drawn up to help developers ensure security is baked into the heart of new artificial intelligence models.

article thumbnail

Guide to Business Writing

Everything you need to know about better business writing in one place. This is a complete guide to business writing — from a clear business writing definition to tips on how to hone your business writing skills.

article thumbnail

Meta sued over forcing users to pay to stop tracking

Malwarebytes

Meta is required to get users’ consent in Europe in order to show them targeted ads. For this reason, Meta has to provide European users with a way to opt out of behavioral advertising or face fines totalling $100,000 a day. Behavioral advertising are ads tailored to someone’s browsing habits and other online behavior. A profile of the user is built up over time, as they work their way around the web.

article thumbnail

AI Decides to Engage in Insider Trading

Schneier on Security

A stock-trading AI (a simulated experiment) engaged in insider trading, even though it “knew” it was wrong. The agent is put under pressure in three ways. First, it receives a email from its “manager” that the company is not doing well and needs better performance in the next quarter. Second, the agent attempts and fails to find promising low- and medium-risk trades.

Marketing 278

More Trending

article thumbnail

Apple Security Update Fixes Zero-Day Webkit Exploits

Tech Republic Security

Apple recommends users update to iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2. Google’s Threat Analysis Group discovered these security bugs.

Software 192
article thumbnail

The CDC's Gun Violence Research Is in Danger

WIRED Threat Level

In a year pocked with fights over US government funding, Republicans are quietly trying to strip the Centers for Disease Control and Prevention of its ability to research gun violence.

article thumbnail

Secret White House Warrantless Surveillance Program

Schneier on Security

There seems to be no end to warrantless surveillance : According to the letter, a surveillance program now known as Data Analytical Services (DAS) has for more than a decade allowed federal, state, and local law enforcement agencies to mine the details of Americans’ calls, analyzing the phone records of countless people who are not suspected of any crime, including victims.

article thumbnail

Associated Press, ESPN, CBS among top sites serving fake virus alerts

Malwarebytes

ScamClub is a threat actor who’s been involved in malvertising activities since 2018. Chances are you probably ran into one of their online scams on your mobile device. Confiant, the firm that has tracked ScamClub for years, released a comprehensive report in September while also disrupting their activities. However, ScamClub has been back for several weeks, and more recently they were behind some very high profile malicious redirects.

Mobile 138
article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Australian SMBs Feel the Cyber Security Heat: Here’s What IT Pros Can Do to Help

Tech Republic Security

60% of Australian small businesses don’t survive a cyber breach. What can the overworked IT pros in small businesses do with limited budgets against the cyber crime wave?

article thumbnail

Apple fixes two new iOS zero-days in emergency updates

Bleeping Computer

Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. [.

136
136
article thumbnail

Breaking Laptop Fingerprint Sensors

Schneier on Security

They’re not that good : Security researchers Jesse D’Aguanno and Timo Teräs write that, with varying degrees of reverse-engineering and using some external hardware, they were able to fool the Goodix fingerprint sensor in a Dell Inspiron 15, the Synaptic sensor in a Lenovo ThinkPad T14, and the ELAN sensor in one of Microsoft’s own Surface Pro Type Covers.

article thumbnail

Update now! Chrome fixes actively exploited zero-day vulnerability

Malwarebytes

Google has released an update to Chrome which includes seven security fixes including one for a vulnerability which is known to have already been exploited. If you’re a Chrome user on Windows, Mac, or Linux, you should update as soon as possible. The easiest way to update Chrome is to set it to update automatically, but you have to make sure to close your browser for the update to finish.

Risk 136
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

AWS Launches New Chips for AI Training and Its Own AI Chatbot

Tech Republic Security

At AWS re:Invent, NVIDIA contributed GPUs to Amazon's cloud efforts and added a retriever system to its AI Enterprise Software platform on AWS Marketplace.

Software 165
article thumbnail

You Don’t Need to Turn Off Apple’s NameDrop Feature in iOS 17

WIRED Threat Level

Yes, your iPhone automatically turns on NameDrop with the latest software update. But you shouldn’t really be worried about it—regardless of what the police are saying.

Software 135
article thumbnail

Digital Car Keys Are Coming

Schneier on Security

Soon we will be able to unlock and start our cars from our phones. Let’s hope people are thinking about security.

263
263
article thumbnail

Many major websites allow users to have weak passwords

Malwarebytes

A new study that examines the current state of password policies across the internet shows that many of the most popular websites allow users to create weak passwords. For the Georgia Tech study , the researchers designed an algorithm that automatically determined a website’s password policy. With the help of machine learning, they could see the consistency of length requirements and restrictions for numbers, upper- and lower-case letters, special symbols, combinations, and starting letters.

Passwords 131
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Google Workspace Security: DeleFriend Vulnerability Could Allow Unwanted Access to APIs

Tech Republic Security

Hunters researchers noted the vulnerability could lead to privilege escalation. Google said the report “does not identify an underlying security issue in our products.

article thumbnail

Critical Zoom Room bug allowed to gain access to Zoom Tenants

Security Affairs

A critical vulnerability in Zoom Room allowed threat actors to take over meetings and steal sensitive data. Researchers at AppOms discovered a vulnerability in Zoom Room as part of the HackerOne live hacking event H1-4420. Zoom Rooms is a feature of the Zoom video conferencing platform designed to enhance collaboration in physical meeting spaces, such as conference rooms or huddle rooms.

article thumbnail

New BLUFFS attack lets attackers hijack Bluetooth connections

Bleeping Computer

Researchers at Eurecom have developed six new attacks collectively named 'BLUFFS' that can break the secrecy of Bluetooth sessions, allowing for device impersonation and man-in-the-middle (MitM) attacks. [.

130
130
article thumbnail

A Civil Rights Firestorm Erupts Around a Looming Surveillance Power Grab

WIRED Threat Level

Dozens of advocacy groups are pressuring the US Congress to abandon plans to ram through the renewal of a controversial surveillance program that they say poses an “alarming threat to civil rights.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Make Life Safer and Easier With This Password Manager for Just $15

Tech Republic Security

Store unlimited passwords in unlimited vaults on multiple servers, customize fields, use the tool on your smart watch, enjoy built-in authenticator and much more.

article thumbnail

Security Pros See Budget Bump, Headcount Rise in 2023

Security Boulevard

Increased budgets and team sizes within security departments are giving IT pros a boost despite the prevailing economic challenges in 2023. The post Security Pros See Budget Bump, Headcount Rise in 2023 appeared first on Security Boulevard.

Risk 128
article thumbnail

Police dismantle ransomware group behind attacks in 71 countries

Bleeping Computer

In cooperation with Europol and Eurojust, law enforcement agencies from seven nations have arrested in Ukraine the core members of a ransomware group linked to attacks against organizations in 71 countries. [.

article thumbnail

Opening Critical Infrastructure: The Current State of Open RAN Security

Trend Micro

The Open Radio Access Network (ORAN) architecture provides standardized interfaces and protocols to previously closed systems. However, our research on ORAN demonstrates the potential threat posed by malicious xApps that are capable of compromising the entire Ran Intelligent Controller (RIC) subsystem.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Keep Web Traffic Streamlined and Safe With This $29.99 DNS

Tech Republic Security

With AdGuard DNS, you can block ads, customize parental controls and keep tabs on DNS requests coming in or out — all for the lowest price on the web.

DNS 130
article thumbnail

Security is an Economically Resilient Market: Strategies for Uncertain Times

Security Boulevard

Even in uncertain economic conditions, the need for safety and security create opportunities for security providers to grow. The post Security is an Economically Resilient Market: Strategies for Uncertain Times appeared first on Security Boulevard.

Marketing 128
article thumbnail

Hackers breach US water facility via exposed Unitronics PLCs

Bleeping Computer

CISA (Cybersecurity & Infrastructure Security Agency) is warning that threat actors breached a U.S. water facility by hacking into Unitronics programmable logic controllers (PLCs) exposed online. [.

Hacking 128
article thumbnail

Expert warns of Turtle macOS ransomware

Security Affairs

The popular cybersecurity researcher Patrick Wardle dissected the new macOS ransomware Turtle used to target Apple devices. The popular cyber security researcher Patrick Wardle published a detailed analysis of the new macOS ransomware Turtle. Wardle pointed out that since Turtle was uploaded on Virus Total, it was labeled as malicious by 24 anti-malware solutions, suggesting it is not a sophisticated threat.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

So, you’ve accomplished an organization-wide SaaS adoption. It started slow, and now just a few team members might be responsible for running Salesforce, Slack, and a few others applications that boost productivity, but it’s all finished. Or is it? Through all the benefits offered by SaaS applications, it’s still a necessity to onboard providers as quickly as possible.