Sat.May 25, 2024 - Fri.May 31, 2024

article thumbnail

Navigating the AI Revolution: The Global Battle for Tech Supremacy

Lohrman on Security

Artificial intelligence is yielding unprecedented benefits, battles, opportunities and fears — and advancing faster than ever. What is the latest on the global AI landscape?

article thumbnail

Weekly Update 401

Troy Hunt

Ah, episode 401, the unauthorised one! Ok, that was terrible, but what's not terrible is finally getting some serious dev resources behind HIBP. I touch on it in the blog post but imagine all the different stuff I have to spread myself across to run this thing, and how much time is left for actual coding. By welcoming Stefan to the team we're not doubling or tripling or even quadrupling the potential dev hours, it's genuinely getting close to 10x.

157
157
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

What is Azure Identity Protection and 7 Steps to a Seamless Setup

Security Boulevard

Protecting credentials has become increasingly critical in recent years, with everyday employees using more passwords, devices, and systems than ever before. Remote work has significantly increased the risk of identity attacks. 55% of remote workers say they receive more phishing emails than they used to while working in the office and attempted password attacks are […] The post What is Azure Identity Protection and 7 Steps to a Seamless Setup appeared first on Security Boulevard.

Passwords 105
article thumbnail

Experts Find Flaw in Replicate AI Service Exposing Customers' Models and Data

The Hacker News

Cybersecurity researchers have discovered a critical security flaw in an artificial intelligence (AI)-as-a-service provider Replicate that could have allowed threat actors to gain access to proprietary AI models and sensitive information.

article thumbnail

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

Speaker: Speakers:

They say a defense can be measured by its weakest link. In your cybersecurity posture, what––or who––is the weakest link? And how can you make them stronger? This webinar will equip you with the resources to search for quality training, implement it, and improve the cyber-behaviors of your workforce. By the end of the hour, you will feel empowered to improve the aspects of your security posture you control the least – the situational awareness and decision-making of your workforce.

article thumbnail

CERT-UA warns of malware campaign conducted by threat actor UAC-0006

Security Affairs

The Ukraine CERT-UA warns of a concerning increase in cyberattacks attributed to the financially-motivated threat actor UAC-0006. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of surge in in cyberattacks linked to the financially-motivated threat actor UAC-0006. UAC-0006 has been active since at least 2013. The threat actors focus on compromising accountants’ PCs (which are used to support financial activities, such as access to remote banking systems), stealing credentials, a

Malware 87
article thumbnail

Arc browser’s Windows launch targeted by Google ads malvertising

Bleeping Computer

A new Google Ads malvertising campaign, coinciding with the launch of the Arc web browser for Windows, was tricking people into downloading trojanized installers that infect them with malware payloads. [.

Malware 85

More Trending

article thumbnail

macOS Under Threat: PoC Exploit for CVE-2024-27842 Allows Kernel-Level Code Execution

Penetration Testing

Recently, security researcher Wang Tielei published a proof-of-concept (PoC) exploit codes for a significant privilege escalation vulnerability (CVE-2024-27842) in macOS. The vulnerability has been patched by Apple, but the release of the PoC codes... The post macOS Under Threat: PoC Exploit for CVE-2024-27842 Allows Kernel-Level Code Execution appeared first on Penetration Testing.

article thumbnail

Fake AV websites used to distribute info-stealer malware

Security Affairs

Threat actors used fake AV websites masquerading as legitimate antivirus products from Avast, Bitdefender, and Malwarebytes to distribute malware. In mid-April 2024, researchers at Trellix Advanced Research Center team spotted multiple fake AV sites used to distribute info-stealers. The malicious websites hosted sophisticated malicious files such as APK, EXE and Inno setup installer, including Spy and Stealer capabilities.

Malware 89
article thumbnail

Indian man stole $37 million in crypto using fake Coinbase Pro site

Bleeping Computer

An Indian national pleaded guilty to wire fraud conspiracy for stealing over $37 million through a fake Coinbase website used to steal credentials. [.

article thumbnail

Microsoft’s New Recall AI Tool May Be a ‘Privacy Nightmare’

WIRED Threat Level

Plus: US surveillance reportedly targets pro-Palestinian protesters, the FBI arrests a man for AI-generated CSAM, and stalkerware targets hotel computers.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

USENIX Security ’23 – ARGUS: Context-Based Detection of Stealthy IoT Infiltration Attacks

Security Boulevard

Authors/Presenters:Phillip Rieger, Marco Chilese, Reham Mohamed, Markus Miettinen, Hossein Fereidooni, Ahmad-Reza Sadeghi Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel.

IoT 59
article thumbnail

MITRE December 2023 attack: Threat actors created rogue VMs to evade detection

Security Affairs

The MITRE Corporation revealed that threat actors behind the December 2023 attacks created rogue virtual machines (VMs) within its environment. The MITRE Corporation has provided a new update about the December 2023 attack. In April 2024, MITRE disclosed a security breach in one of its research and prototyping networks. The security team at the organization promptly launched an investigation, logged out the threat actor, and engaged third-party forensics Incident Response teams to conduct indepe

Risk 83
article thumbnail

Hackers phish finance orgs using trojanized Minesweeper clone

Bleeping Computer

Hackers are utilizing code from a Python clone of Microsoft's venerable Minesweeper game to hide malicious scripts in attacks on European and US financial organizations. [.

article thumbnail

China’s Cyber Espionage Actors Employ ORB Networks to Evade Detection

Penetration Testing

Mandiant Intelligence has revealed a concerning trend among China-linked cyber espionage groups: the use of Operational Relay Box (ORB) networks to enhance their espionage capabilities. These ORB networks, comprised of compromised virtual private servers... The post China’s Cyber Espionage Actors Employ ORB Networks to Evade Detection appeared first on Penetration Testing.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Navigating the AI Revolution: The Global Battle for Tech Supremacy

Security Boulevard

Artificial intelligence is yielding unprecedented benefits, battles, opportunities and fears — and advancing faster than ever. What is the latest on the global AI landscape? The post Navigating the AI Revolution: The Global Battle for Tech Supremacy appeared first on Security Boulevard.

article thumbnail

Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets

The Hacker News

The Pakistan-nexus Transparent Tribe actor has been linked to a new set of attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware written in Python, Golang, and Rust.

Malware 66
article thumbnail

A high-severity vulnerability affects Cisco Firepower Management Center

Security Affairs

Cisco addressed a SQL injection vulnerability in the web-based management interface of the Firepower Management Center (FMC) Software. Cisco addressed a vulnerability, tracked as CVE-2024-20360 (CVSS score 8.8), in the web-based management interface of the Firepower Management Center (FMC) Software. The vulnerability is a SQL injection issue, an attacker can exploit the flaw to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privile

article thumbnail

Google Cloud Report Reveals Accidental Deletion of Customer Data

Penetration Testing

Google Cloud has publicly addressed an incident in which a misconfiguration during the setup of a Google Cloud VMware Engine (GCVE) private cloud led to the unintended deletion of Australian customer UniSuper’s data, including... The post Google Cloud Report Reveals Accidental Deletion of Customer Data appeared first on Penetration Testing.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

USENIX Security ’23 – Network Detection of Interactive SSH Impostors Using Deep Learning

Security Boulevard

Authors/Presenters:Julien Piet, Aashish Sharma, Vern Paxson, David Wagner Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – Network Detection of Interactive SSH Impostors Using Deep Learning appeared first on Security Boulevard.

article thumbnail

New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI

The Hacker News

Cybersecurity researchers are alerting of phishing campaigns that abuse Cloudflare Workers to serve phishing sites that are used to harvest users' credentials associated with Microsoft, Gmail, Yahoo!, and cPanel Webmail.

65
article thumbnail

Threat landscape for industrial automation systems, Q1 2024

SecureList

Global statistics Statistics across all threats In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. Percentage of ICS computers on which malicious objects were blocked, by quarter, 2022–2024 Selected industries Building automation has historically led the surveyed industries in terms of the percentage of ICS computers

57
article thumbnail

CLOUD#REVERSER: Threat Actors Exploit Legitimate Cloud Services for Stealthy Attacks

Penetration Testing

Securonix’s Threat Research team has uncovered a novel cyberattack campaign, dubbed CLOUD#REVERSER, that leverages legitimate cloud storage services like Google Drive and Dropbox as a covert command-and-control (C2) infrastructure. This sophisticated attack chain demonstrates... The post CLOUD#REVERSER: Threat Actors Exploit Legitimate Cloud Services for Stealthy Attacks appeared first on Penetration Testing.

article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

The Importance of Patching Vulnerabilities in Cybersecurity

Security Boulevard

One of the most critical yet often overlooked aspects of cybersecurity is the timely patching of vulnerabilities. While much attention is given to sophisticated phishing attacks and the menace of password brute-forcing, the importance of addressing unpatched vulnerabilities cannot be overstated. These vulnerabilities represent low-hanging fruit for cybercriminals, offering a relatively straightforward path into systems. […] The post The Importance of Patching Vulnerabilities in Cybersecurity app

article thumbnail

Report: The Dark Side of Phishing Protection

The Hacker News

The transition to the cloud, poor password hygiene and the evolution in webpage technologies have all enabled the rise in phishing attacks. But despite sincere efforts by security stakeholders to mitigate them - through email protection, firewall rules and employee education - phishing attacks are still a very risky attack vector.

58
article thumbnail

A week in security (May 20 – May 26)

Malwarebytes

Last week on Malwarebytes Labs: How AI will change your credit card behind the scenes Criminal record database of millions of Americans dumped online Microsoft AI “Recall” feature records everything, secures far less How to remove a user from a shared Android device How to remove a user from a shared Mac How to remove a user from a shared Windows device Your vacation, reservations, and online dates, now chosen by AI: Lock and Code S05E11 What is real-time protection and why do you ne

Backups 55
article thumbnail

VuFind Libraries Face Critical Vulnerabilities – CVE-2024-25737 & CVE-2024-25738

Penetration Testing

VuFind, the widely used open-source library discovery platform, has issued an urgent security advisory, disclosing two critical vulnerabilities that could expose libraries and their users to serious risks. The flaws, identified as CVE-2024-25737 and... The post VuFind Libraries Face Critical Vulnerabilities – CVE-2024-25737 & CVE-2024-25738 appeared first on Penetration Testing.

article thumbnail

Cybersecurity Predictions for 2024

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

article thumbnail

Microsoft’s Copilot+ Recall Feature, Slack’s AI Training Controversy

Security Boulevard

Episode 331 of the Shared Security Podcast discusses privacy and security concerns related to two major technological developments: the introduction of Windows PC’s new feature ‘Recall,’ part of Microsoft’s Copilot+, which captures desktop screenshots for AI-powered search tools, and Slack’s policy of using user data to train machine learning features with users opted in by […] The post Microsoft’s Copilot+ Recall Feature, Slack’s AI Training Controversy appeared first on Shared Security Podcast

59
article thumbnail

Uncontrolled AI: Navigating Ethical Dilemmas and Shadow AI Risks

Centraleyes

Generative AI has captured the world’s imagination, evident in its remarkable adoption rate and popularity worldwide. According to a Deloitte survey , one in four UK citizens have dabbled in Generative AI. The research also found that nearly a third of these adopters did so for work purposes. But here’s the statistic that should fuel discussion among policymakers and risk managers: Despite the widespread usage and adoption rate across all respondents, only 23% believe their employer would

52
article thumbnail

Grab the best weatherproof Wyze Cam alternative for just $40 this Memorial Day right now

Zero Day

The newest version of the Blink Mini sees key improvements that make it worthy even for non-budget shoppers. This Memorial Day deal is the best chance to save on home security.

52
article thumbnail

CatDDoS-Related Gangs Ramp Up Attacks Exploiting Over 80 Vulnerabilities

Penetration Testing

A recent report from XLab’s Cyber Threat Insight Analysis (CTIA) system paints a concerning picture of the ever-evolving threat landscape. CatDDoS-related botnets, a family of malware strains derived from the infamous Mirai botnet, are... The post CatDDoS-Related Gangs Ramp Up Attacks Exploiting Over 80 Vulnerabilities appeared first on Penetration Testing.

article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.