Sat.Mar 09, 2024 - Fri.Mar 15, 2024

article thumbnail

Automakers Are Sharing Driver Data with Insurers without Consent

Schneier on Security

Kasmir Hill has the story : Modern cars are internet-enabled, allowing access to services like navigation, roadside assistance and car apps that drivers can connect to their vehicles to locate them or unlock them remotely. In recent years, automakers, including G.M., Honda, Kia and Hyundai, have started offering optional features in their connected-car apps that rate people’s driving.

Insurance 302
article thumbnail

CEO of data privacy company Onerep.com founded dozens of people-search firms

Krebs on Security

The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Welcoming the Liechtenstein Government to Have I Been Pwned

Troy Hunt

Over the last 6 years, we've been very happy to welcome dozens of national governments to have unhindered access to their domains in Have I Been Pwned , free from cost and manual verification barriers. Today, we're happy to welcome Liechtenstein's National Cyber Security Unit who now have full access to their government domains. We provide this support to governments to help those tasked with protecting their national interests understand more about the threats posed by data breac

article thumbnail

NIST Releases Cybersecurity Framework 2.0: What’s Next?

Lohrman on Security

Many global cyber teams are analyzing cyber defense gaps now that the NIST Cybersecurity Framework 2.0 has been released. How will this guidance move the protection needle?

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Jailbreaking LLMs with ASCII Art

Schneier on Security

Researchers have demonstrated that putting words in ASCII art can cause LLMs—GPT-3.5, GPT-4 , Gemini, Claude, and Llama2—to ignore their safety instructions. Research paper.

article thumbnail

Incognito Darknet Market Mass-Extorts Buyers, Sellers

Krebs on Security

Borrowing from the playbook of ransomware purveyors, the darknet narcotics bazaar Incognito Market has begun extorting all of its vendors and buyers, threatening to publish cryptocurrency transaction and chat records of users who refuse to pay a fee ranging from $100 to $20,000. The bold mass extortion attempt comes just days after Incognito Market administrators reportedly pulled an “exit scam” that left users unable to withdraw millions of dollars worth of funds from the platform.

Marketing 268

More Trending

article thumbnail

5 Best VPNs for Travel in 2024 (Free & Paid VPNs)

Tech Republic Security

What’s the best VPN to use when traveling? Our in-depth guide helps you understand what to look for in a VPN and find the best solution for your needs.

VPN 171
article thumbnail

Using LLMs to Unredact Text

Schneier on Security

Initial results in using LLMs to unredact text based on the size of the individual-word redaction rectangles. This feels like something that a specialized ML system could be trained on.

262
262
article thumbnail

Patch Tuesday, March 2024 Edition

Krebs on Security

Apple and Microsoft recently released software updates to fix dozens of security holes in their operating systems. Microsoft today patched at least 60 vulnerabilities in its Windows OS. Meanwhile, Apple’s new macOS Sonoma addresses at least 68 security weaknesses, and its latest update for iOS fixes two zero-day flaws. Last week, Apple pushed out an urgent software update to its flagship iOS platform, warning that there were at least two zero-day exploits for vulnerabilities being used in

article thumbnail

Former telecom manager admits to doing SIM swaps for $1,000

Bleeping Computer

A former manager at a telecommunications company in New Jersey pleaded guilty to conspiracy charges for accepting money to perform unauthorized SIM swaps that enabled an accomplice to hack customer accounts. [.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

MFA vs 2FA: Which Is Best for Your Business?

Tech Republic Security

Learn the key differences between multi-factor authentication (MFA) and two-factor authentication (2FA) and find out which one is best for your business needs.

article thumbnail

Improving C++

Schneier on Security

C++ guru Herb Sutter writes about how we can improve the programming language for better security. The immediate problem “is” that it’s Too Easy By Default™ to write security and safety vulnerabilities in C++ that would have been caught by stricter enforcement of known rules for type, bounds, initialization , and lifetime language safety.

Software 240
article thumbnail

attackgen: A cybersecurity incident response testing tool

Penetration Testing

AttackGen AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework. The tool generates tailored incident response scenarios based on user-selected threat... The post attackgen: A cybersecurity incident response testing tool appeared first on Penetration Testing.

article thumbnail

SIM swappers hijacking phone numbers in eSIM attacks

Bleeping Computer

SIM swappers have adapted their attacks to steal a target's phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models. [.

141
141
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Sophos: Cyber Security Professional Burnout Is Widespread, Creating Risk for APAC Organisations

Tech Republic Security

Burnout and fatigue among cyber professionals are leading to flow-on consequences like more data breaches, employee apathy to cyber duties and turnover of cyber workforces during a skills crisis.

article thumbnail

Burglars Using Wi-Fi Jammers to Disable Security Cameras

Schneier on Security

The arms race continues, as burglars are learning how to use jammers to disable Wi-Fi security cameras.

Internet 306
article thumbnail

CVE-2024-21378 — Remote Code Execution in Microsoft Outlook 

NetSpi Technical

In 2023 NetSPI discovered that Microsoft Outlook was vulnerable to authenticated remote code execution (RCE) via synced form objects. This blog will cover how we discovered CVE-2024-21378 and weaponized it by modifying Ruler , an Outlook penetration testing tool published by SensePost. Note, a pull request containing the proof-of-concept code is forthcoming to provide organizations with sufficient time to patch.

article thumbnail

Fortinet warns of critical RCE bug in endpoint management software

Bleeping Computer

Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server (EMS) software that can allow attackers to gain remote code execution (RCE) on vulnerable servers. [.

Software 139
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Information Security Policy

Tech Republic Security

Information is the lifeblood of the business. Without it, employees can’t work, customers can’t interact with the business, bills can’t be paid and profits can’t be earned. Any given technological environment is useless if its main purpose for existence — the processing and sharing of information — is threatened or eliminated.

article thumbnail

Friday Squid Blogging: Operation Squid

Schneier on Security

Operation Squid found 1.3 tons of cocaine hidden in frozen fish. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

207
207
article thumbnail

Thousands of VMware ESXi Instances Exposed to Critical CVE-2024-22252 Vulnerability

Penetration Testing

Today, Security researchers at The Shadowserver Foundation have sounded the alarm after discovering approximately 16,500 VMware ESXi instances exposed to a critical security flaw. The vulnerability, designated as CVE-2024-22252, could potentially allow attackers to... The post Thousands of VMware ESXi Instances Exposed to Critical CVE-2024-22252 Vulnerability appeared first on Penetration Testing.

article thumbnail

Tor’s new WebTunnel bridges mimic HTTPS traffic to evade censorship

Bleeping Computer

The Tor Project officially introduced WebTunnel, a new bridge type specifically designed to help bypass censorship targeting the Tor network by hiding connections in plain sight. [.

141
141
article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Open Source Password Managers: Overview, Pros & Cons

Tech Republic Security

Learn about open-source password managers, the benefits, and the potential drawbacks of using these tools for managing your passwords securely.

article thumbnail

Microsoft Preps AI-Based Copilot for Security for April 1 Release

Security Boulevard

Microsoft for more than a year has been infusing generative AI capabilities throughout much of its product and services portfolio – such as Microsoft 365 and Bing – through its Copilot initiative, an effort to help enterprise IT administrators, developers, and other users to get the benefits of the emerging technology in their work. Come. The post Microsoft Preps AI-Based Copilot for Security for April 1 Release appeared first on Security Boulevard.

article thumbnail

CVE-2024-27307: Critical Flaw in Popular JSONata Library Could Lead to Code Execution

Penetration Testing

A critical vulnerability has been recently discovered in JSONata, a widely used JavaScript library for querying and transforming JSON data. This vulnerability, designated as CVE-2024-27307, poses a serious security risk and could allow attackers... The post CVE-2024-27307: Critical Flaw in Popular JSONata Library Could Lead to Code Execution appeared first on Penetration Testing.

article thumbnail

Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware

Bleeping Computer

Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. [.

Malware 142
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Microsoft’s Security Copilot Enters General Availability

Tech Republic Security

Microsoft’s AI chatbot and data aggregator is open for security business on April 1, with a new per-unit pricing model.

article thumbnail

Irony of Ironies: CISA Hacked — ‘by China’

Security Boulevard

Free rides and traffic jams: U.S. Cybersecurity and Infrastructure Security Agency penetrated in February, via vuln in Ivanti. The post Irony of Ironies: CISA Hacked — ‘by China’ appeared first on Security Boulevard.

Hacking 137
article thumbnail

VCURMS: New Java RATs Unleashed in Sophisticated Phishing Scheme

Penetration Testing

A recently uncovered phishing campaign demonstrates a concerning level of sophistication in its efforts to infiltrate systems and deploy an array of powerful Remote Access Trojans (RATs). Security researchers at FortiGuard Labs have discovered... The post VCURMS: New Java RATs Unleashed in Sophisticated Phishing Scheme appeared first on Penetration Testing.

Phishing 143
article thumbnail

Over 15,000 hacked Roku accounts sold for 50¢ each to buy hardware

Bleeping Computer

Roku has disclosed a data breach impacting over 15,000 customers after hacked accounts were used to make fraudulent purchases of hardware and streaming subscriptions. [.

article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.