March, 2023

article thumbnail

ChatGPT Privacy Flaw

Schneier on Security

OpenAI has disabled ChatGPT’s privacy history, almost certainly because they had a security flaw where users were seeing each others’ histories. Uncategorized ChatGPT cybersecurity privacy

article thumbnail

Challenges With AI: Artistry, Copyrights and Fake News

Lohrman on Security

The world is buzzing about the new AI applications that are rapidly changing the landscape at home and work. But what about copyright protections, artistry and even fake news as our AI journey accelerates?

288
288
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Feds Charge NY Man as BreachForums Boss “Pompompurin”

Krebs on Security

The U.S. Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of running BreachForums , a popular English-language cybercrime forum where some of the world biggest hacked databases routinely show up for sale.

article thumbnail

To Infinity and Beyond, with Cloudflare Cache Reserve

Troy Hunt

What if I told you. that you could run a website from behind Cloudflare and only have 385 daily requests miss their cache and go through to the origin service? No biggy, unless.

Passwords 338
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

This exclusive webinar with William Hord, Senior VP of Risk & Professional Services, will explore the foundational elements you need to start or validate your ERM program. He will also dive into topic definitions, governance structures, and framework components for success.

article thumbnail

Massive adversary-in-the-middle phishing campaign bypasses MFA and mimics Microsoft Office

Tech Republic Security

Microsoft has already seen millions of phishing emails sent every day by attackers using this phishing kit. Learn how to protect your business from this AitM campaign. The post Massive adversary-in-the-middle phishing campaign bypasses MFA and mimics Microsoft Office appeared first on TechRepublic.

Phishing 208
article thumbnail

Artificial Intelligence in Cybersecurity: Boon or Bane? – A Free Webinar With Joseph Steinberg, Author of Cybersecurity For Dummies

Joseph Steinberg

As pretty much every professional knows, the cyber-threat landscape is constantly and rapidly evolving as hackers discover new techniques to breach organizations.

More Trending

article thumbnail

New National Cybersecurity Strategy: What Do You Need to Know?

Lohrman on Security

The White House released a new national cybersecurity strategy this past week with five pillars. What’s in the plan, and how will this impact public- and private-sector organizations

article thumbnail

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

Krebs on Security

Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the software.

Malware 253
article thumbnail

GUEST ESSAY: Could CISOs be on the verge of disproving the ‘security-as-a-cost-center’ fallacy?

The Last Watchdog

This year has kicked off with a string of high-profile layoffs — particularly in high tech — prompting organizations across all sectors to both consider costs and plan for yet another uncertain 12 or more months. Related: Attack surface management takes center stage. So how will this affect chief information security officers (CISOs) and security programs?

CISO 185
article thumbnail

Nexus Android malware targets 450 financial applications

Tech Republic Security

Learn how to protect your organization and users from this Android banking trojan. The post Nexus Android malware targets 450 financial applications appeared first on TechRepublic. Android Google Security android cybersecurity finance industry malware mobile security nexus

Malware 183
article thumbnail

The Power of Storytelling in Risk Management

Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC

Join this exclusive webinar with Dr. Karen Hardy, where she will explore the power of storytelling in risk communication as a core component of a resilient organization's management framework!

article thumbnail

New Report “State of Cloud Threat Detection and Response”

Anton on Security

Cloud D&R Report (2023) One of the mysteries of detection and response (D&R) is about how companies really approach D&R in the public cloud. So we did a survey focused on this, and we actually polled both leaders and technologists.

article thumbnail

Exploding USB Sticks

Schneier on Security

In case you don’t have enough to worry about, people are hiding explosives —actual ones—in USB sticks: In the port city of Guayaquil, journalist Lenin Artieda of the Ecuavisa private TV station received an envelope containing a pen drive which exploded when he inserted it into a computer, his employer said.

271
271
article thumbnail

Weekly Update 340

Troy Hunt

I'm excited about coming to Prague. One more country to check off the list, apparently a beautiful city and perhaps what I'm most stoked about, it's the home of Prusa 3D.

IoT 219
article thumbnail

UK Sets Up Fake Booter Sites To Muddy DDoS Market

Krebs on Security

The United Kingdom’s National Crime Agency (NCA) has been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services.

DDOS 227
article thumbnail

Everything You Need to Know About Crypto

Speaker: Ryan McInerny, CAMS, FRM, MSBA - Principal, Product Strategy

This exclusive webinar with Ryan McInerny will teach you all about cryptocurrency and NFTs! Register to learn more about identifying crypto transactions, crypto asset market trends, managing risk and compliance, and supporting customers and partners using crypto-based payments.

article thumbnail

GUEST ESSAY — The rationale for pursuing a culture of cybersecurity– and a roadmap to get there

The Last Watchdog

Organizations with strong cybersecurity cultures experience fewer cyberattacks and recover faster than others. Related: Deploying human sensors This results from emulating the culture building approaches of high-risk industries like construction that devote sustained attention to embedding safety throughout the organization. For most organizations, building a cybersecurity culture is a necessary evil rather than a cherished goal.

article thumbnail

Even after armed with defense tools, CISOs say successful cyberattacks are ‘inevitable’: New study

Tech Republic Security

Cisco’s just-released 2023 Cybersecurity Index shows companies will invest more in security, but the solution may be a larger tent, not more umbrellas. The post Even after armed with defense tools, CISOs say successful cyberattacks are ‘inevitable’: New study appeared first on TechRepublic.

CISO 190
article thumbnail

How Good Smile, a Major Toy Company, Kept 4chan Online

WIRED Threat Level

Documents obtained by WIRED confirm that Good Smile, which licenses toy production for Disney, was an investor in the controversial image board. Security Security / National Security Security / Privacy Business / Social Media Business / National Affairs

Media 144
article thumbnail

Prompt Injection Attacks on Large Language Models

Schneier on Security

This is a good survey on prompt injection attacks on large language models (like ChatGPT). Abstract: We are currently witnessing dramatic advances in the capabilities of Large Language Models (LLMs).

article thumbnail

Exploring the Overlap: Cost Optimization and Digital Transformation

Speaker: Alex Jiménez, Managing Principal, Financial Service Consulting for EPAM

The largest banks have increased reserves for protection against deteriorating economic conditions. Should banks delay their digital transformation investments and focus on cost reductions? In this webinar, Alex Jiménez will walk us through that question and examine the prudent course of action.

article thumbnail

Debating SIEM in 2023, Part 1

Anton on Security

Hey, it is 2023, let’s debate SIEM again! Debate SIEM? In 2023? This is so 1997! Or perhaps 2017. Anyhow, Security Information and Event Management (SIEM) is a growing $4+B market that is proving remarkably resilient, and, actually, interesting again.

Marketing 233
article thumbnail

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Krebs on Security

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection.

Mobile 239
article thumbnail

GUEST ESSAY: Scammers leverage social media, clever con games to carry out digital exploitation

The Last Watchdog

One common misconception is that scammers usually possess a strong command of computer science and IT knowledge. Related: How Google, Facebook enable snooping In fact, a majority of scams occur through social engineering. The rise of social media has added to the many user-friendly digital tools scammers, sextortionists, and hackers can leverage in order to manipulate their victims.

Media 173
article thumbnail

Humans are still better at creating phishing emails than AI — for now

Tech Republic Security

AI-generated phishing emails, including ones created by ChatGPT, present a potential new threat for security professionals, says Hoxhunt. The post Humans are still better at creating phishing emails than AI — for now appeared first on TechRepublic.

Phishing 196
article thumbnail

The Anti-Money Laundering Act of 2020: Initial Catalysts, Current Implications, and Future Impacts

Speaker: Elizabeth "Paige" Baumann, Founder and CEO of Paige Baumann Advisory, LLC

In this session, Elizabeth “Paige” Baumann will cover the Anti-Money Laundering Act of 2020, which also includes the Corporate Transparency Act. She'll take a deep dive into the catalysts that brought on the act, the current implications of the act, and what impacts the act has on the future of banking and finance.

article thumbnail

Skyhawk Security Taps Chat GPT to Augment Threat Detection

Security Boulevard

Skyhawk Security today revealed it is employing ChatGPT to add generative artificial intelligence (AI) capabilities to its cloud threat detection and response (CDR) platform at no extra charge.

article thumbnail

Fooling a Voice Authentication System with an AI-Generated Voice

Schneier on Security

A reporter used an AI synthesis of his own voice to fool the voice authentication system for Lloyd’s Bank. Uncategorized artificial intelligence authentication banking biometrics deep fake fraud identification spoofing voice recognition

article thumbnail

Weekly Update 337

Troy Hunt

You know, the things you kinda want to keep pretty well protected and out of the hands of nefarious parties, like the kinds of folks that following their data breach could match firearms to an individual at an address on a phone number of a gender and specific age.

article thumbnail

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Krebs on Security

Two U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases.

Hacking 241
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

Join us as we discuss the various tangents of data and the change management process that will help you make better risk-based business decisions to save time and money for your organization.

article thumbnail

GUEST ESSAY: Why CISOs absolutely must take authentication secrets much more seriously

The Last Watchdog

The IT world relies on digital authentication credentials, such as API keys, certificates, and tokens, to securely connect applications, services, and infrastructures. Related: The coming of agile cryptography These secrets work similarly to passwords, allowing systems to interact with one another. However, unlike passwords intended for a single user, secrets must be distributed. For most security leaders today, this is a real challenge.

article thumbnail

DevSecOps puts security in the software cycle

Tech Republic Security

Addressing cybersecurity can be a challenge when the focus is on speed in software development and production life cycles. The post DevSecOps puts security in the software cycle appeared first on TechRepublic. Developer Security Software cybersecurity devops devsecops

Software 184
article thumbnail

Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Dark Reading

In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest

article thumbnail

The Security Vulnerabilities of Message Interoperability

Schneier on Security

Jenny Blessing and Ross Anderson have evaluated the security of systems designed to allow the various Internet messaging platforms to interoperate with each other: The Digital Markets Act ruled that users on different platforms should be able to exchange messages with each other.

article thumbnail

Cover Your SaaS: How to Overcome Security Challenges and Risks For Your Organization

Speaker: Ronald Eddings, Cybersecurity Expert and Podcaster

In this webinar, Ronald Eddings, Cybersecurity Expert, will outline the relationship between SaaS apps and IT & security teams, along with several actionable solutions to overcome the new difficulties facing your organization.