From darkreading.com
ChatGPT Exposes Its Instructions, Knowledge & OS Files
4 7
According to Mozilla, users have a lot more power to manipulate ChatGPT than they might realize. OpenAI hopes those manipulations remain within a clearly delineated sandbox.
on Sat, 2AM
From darkreading.com
Biden Files Charges Against Russian Election Meddlers
2 2
Working with the Treasury and Justice departments, the president has sanctioned anti-democratic Russian adversaries.
on Sep 5
From darkreading.com
Microsoft Pulls Exchange Patches Amid Mail Flow Issues
1 3
Email at many organizations has stopped working; the tech giant has advised users who are facing the issue to uninstall the updates so that it can address flaw.
on Sat, 1AM
From darkreading.com
Microsoft Power Pages Leak Millions of Private Records
1 8
Less-experienced users of Microsoft's website building platform may not understand all the implications of the access controls in its low- or no-code environment.
on Thu, 2PM
From darkreading.com
Hamas Hackers Spy on Mideast Gov'ts, Disrupt Israel
1 3
APT Wirte is doing double duty, adding all manner of supplemental malware to gain access, eavesdrop, and wipe data, depending on the target.
on Thu, 7AM
From darkreading.com
Hackers Target Texas Oilfield Supplier With Ransomware
1 2
It remains unclear how the attackers gained access to Newpark Resources' system, or what they plan to do with any stolen data the strike may have spewed out.
#kritis #energie #oilfield #supplier #Ransomware #supplychain
on Nov 8
From darkreading.com
What is the Shared Fate Model?
1 1
New threats, an overburdened workforce, and regulatory pressures mean cloud service providers need a more resilient model than the shared responsibility framework. That's where "shared fate" comes in.
on Sep 6
From darkreading.com
Malvertising Campaign Phishes Lowe's Employees
1 1
Retail employees are being duped into divulging their credentials by typosquatting malvertisements.
on Sep 5
From darkreading.com
China's 'Earth Lusca' Propagates Multiplatform Backdoor
1 1
The malware, KTLVdoor, has already been found on more than 50 command-and-control servers and enables full control of any environment it compromises.
on Sep 5
From darkreading.com
Chinese 'Tropic Trooper' APT Targets Mideast Governments
1 1
In the past, the group has targeted different sectors in East and Southeast Asia, but recently has pivoted its focus to the Middle East, specifically to entities that publish human rights studies.
on Sep 5
From darkreading.com
FBI: North Korean Actors Readying Aggressive Cyberattack Wave
1 4
Sophisticated social engineering is expected to accompany threat campaigns that are highly targeted and aimed at stealing crypto and deploying malware.
on Sep 4
From darkreading.com
Combating the Rise of Federally Aimed Malicious Intent
0 2
In the future, the cybersecurity landscape likely will depend not only on the ability of federal workforces to protect their agencies but also on their capacity to continuously develop and sharpen those skills.
on Fri, 4PM
From darkreading.com
Lessons From OSC&R on Protecting Software Supply Chain
0 3
A new report from Open Software Supply Chain Attack Reference (OSC&R) provides a framework to reduce how much vulnerable software reaches production.
on Fri, 3PM
From darkreading.com
Trump 2.0 May Mean Fewer Cybersecurity Regs
0 3
Given increased tensions with China over tariffs, companies could see a shift in attacks, but also fewer regulations and a run at a business-friendly federal privacy law.
on Fri, 1PM
From darkreading.com
TSA Proposes Cyber Risk Mandates for Pipelines, Transportation Systems
0 4
The proposed rules codify existing temporary directives requiring pipeline and railroad operators to report cyber incidents and create cyber risk management plans.
on Fri, 2AM
From darkreading.com
Attacker Hides Payload in Emulated Linux Environment
0 1
The CRON#TRAP campaign involves a novel technique for executing malicious commands on a compromised system.
on Fri, 2AM
From darkreading.com
Frenos Takes Home the Prize at 2024 DataTribe Challenge
0 2
Frenos offers a zero-impact, continuous security assessment platform for operational technology environments.
on Fri, 1AM
From darkreading.com
Varonis Warns of Bug Discovered in PostgreSQL PL/Perl
0 2
Several versions of PostgreSQL are impacted, and customers will need to upgrade in order to patch.
on Thu, 10PM
From darkreading.com
Idaho Man Turns to RaaS to Extort Orthodontist
0 3
In addition to a 10-year prison sentence, he will have to pay more than $1 million in restitution to his victims.
on Thu, 10PM
From darkreading.com
The Vendor's Role in Combating Alert Fatigue
0 2
As alerts pile up, the complexity can overwhelm security professionals, allowing real threats to be missed. This is where vendors must step up.
on Thu, 7PM
From darkreading.com
Cloud Ransomware Flexes Fresh Scripts Against Web Apps
0 3
Cloud service providers are getting better at protecting data, pushing adversaries to develop new cloud ransomware scripts to target PHP applications, a new report says.
on Thu, 6PM
From darkreading.com
Washington's Cybersecurity Storm of Complacency
0 4
If the government truly wants to protect the US's most vital assets, it must rethink its cybersecurity policies and prioritize proactive, coordinated, and enforceable measures.
on Thu, 4PM
From darkreading.com
Trustwave-Cybereason Merger Boost MDR Portfolio
0 2
The consolidation folds Cybereason’s endpoint detection and response (EDR) platform into Trustwave’s managed security services offerings.
on Thu, 1PM
From darkreading.com
Toolkit Vastly Expands APT41's Surveillance Powers
0 3
The China-affiliated group is using the highly modular DeepData framework to target organizations in South Asia.
on Thu, 12AM
From darkreading.com
Zero-Days Win the Prize for Most Exploited Vulns
0 2
Among the top exploited zero-day vulnerabilities are bugs found in Citrix and Cisco systems.
on Wed, 10PM
From darkreading.com
5 Ways to Save Your Organization From Cloud Security Threats
0 2
The shift to cloud means securing your organization's digital assets requires a proactive, multi-layered approach
on Wed, 10PM
From darkreading.com
Google AI Platform Bugs Leak Proprietary Enterprise LLMs
0 4
The tech giant fixed privilege-escalation and model-exfiltration vulnerabilities in Vertex AI that could have allowed attackers to steal or poison custom-built AI models.
on Wed, 9PM
From darkreading.com
Iranian Cybercriminals Target Aerospace Workers via LinkedIn
0 2
The group seeks out aerospace professionals by impersonating job recruiters — a demographic it has targeted in the past as well — then deploys the SlugResin backdoor malware.
on Wed, 9PM
From darkreading.com
How CISOs Can Lead the Responsible AI Charge
0 2
CISOs understand the risk scenarios that can help create safeguards so everyone can use AI safely and focus on the technology's promises and opportunities.
on Wed, 4PM
From darkreading.com
New Essay Competition Explores AI’s Role in Cybersecurity
0 2
The essays are to focus on the impact artificial intelligence will have on European policy.
on Wed, 2PM
From darkreading.com
Middle East Cybersecurity Catches Up After Late Start
0 2
The Middle East, led by Saudi Arabia and other Gulf nations, have adopted mature cybersecurity frameworks and regulations amid escalating attacks.
on Wed, 8AM
From darkreading.com
Amazon Employee Data Compromised in MOVEit Breach
0 3
The data leak was not actually due to a breach in Amazon's systems but rather those of a third-party vendor, affecting several other clients as well.
on Wed, 3AM
From darkreading.com
2 Zero-Day Bugs in Microsoft's Nov. Update Under Exploit
0 4
The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could soon come under attack.
on Wed, 12AM
From darkreading.com
CrowdStrike Spends to Boost Identity Threat Detection
0 2
Adaptive Shield is the third security posture management provider it's acquired in the last 14 months as identity-based attacks continue to rise.
on Tue, 9PM
From darkreading.com
Citrix Issues Patches for Zero-Day Recording Manager Bugs
0 2
There is some disagreement over whether the remote code execution (RCE) security flaws allow for unauthenticated exploitation or not. Citrix says no, but researchers say the company is downplaying a "good old unauthenticated RCE."
on Tue, 7PM
From darkreading.com
'GoIssue' Cybercrime Tool Targets GitHub Developers En Masse
0 2
Marketed on a cybercriminal forum, the $700 tool harvests email addresses from public GitHub profiles, priming cyberattackers for further credential theft, malware delivery, OAuth subversion, supply chain attacks, and other corporate breaches.
on Tue, 7PM
From darkreading.com
Citrix Zero-Day Bug Allows Unauthenticated RCE
0 3
The unpatched security vulnerability, which doesn't have a CVE yet, is due to an exposed Microsoft Message Queuing (MSMQ) instance and the use of the insecure BinaryFormatter.
on Tue, 4PM
From darkreading.com
Power of the Purse: How to Ensure Security by Design
0 2
CISA should make its recommended goals mandatory and perform audits to ensure compliance.
on Tue, 4PM
From darkreading.com
Planned ICS Security Spending: Incident Response, Anomaly Detection
0 4
Data from the SANS State of ICS/OT Cybersecurity report suggest organizations are going to shift spending from security technologies protecting industrial control systems and operational technology environments to non-technical activities such as training and incident response.
on Tue, 12PM
From darkreading.com
What Listening to My Father Told Me About Cybersecurity
0 3
It's only polite to listen to advice that people share, but not all of it will be useful for you. Here's how to separate the wheat from the chaff.
on Tue, 11AM
From darkreading.com
Revamped Remcos RAT Deployed Against Microsoft Users
0 2
Windows users are at risk for full device takeover by an emerging malicious version of Remcos remote admin tool, which is being used in an ongoing campaign exploiting a known remote code execution (RCE) vulnerability in Microsoft Office and WordPad.
on Mon, 10PM
From darkreading.com
Halliburton Remains Optimistic Amid $35M Data Breach Losses
0 2
Though its third-quarter earnings report confirms that the company remains on track, it's unclear how that will be affected if the threat actors commit further damage.
on Mon, 10PM
From darkreading.com
Flexible Structure of Zip Archives Exploited to Hide Malware Undetected
0 2
Attackers abuse concatenation, a method that involves appending multiple zip archives into a single file, to deliver a variant of the SmokeLoader Trojan hidden in malicious attachments delivered via phishing
on Mon, 7PM
From darkreading.com
Facebook Asks Supreme Court to Dismiss Cambridge Analytica Lawsuit
0 3
Meta has maintained that Facebook did not mislead investors by not including mention of the Cambridge Analytica scandal in its forward-looking risk disclosures, but the plaintiffs say it was a glaring omission.
on Mon, 5PM
From darkreading.com
Open Source Security Incidents Aren't Going Away
0 5
Companies and organizations need to recognize the importance of investing in engineers who possess both the soft and hard skills required to secure open source software effectively.
on Mon, 4PM
From darkreading.com
German Law Could Protect Researchers Reporting Vulns
0 1
The draft amendment also includes prison time for those who access systems to maliciously spy or intercept data.
on Mon, 3PM
From darkreading.com
AI & LLMs Show Promise in Squashing Software Bugs
0 5
Large language models (LLMs) can help app security firms find and fix software vulnerabilities. Malicious actors are on to them too, but here's why defenders may retain the edge.
on Mon, 5AM
From darkreading.com
Canada Closes TikTok Offices, Citing National Security
0 0
Questions remain over what a corporate ban will achieve, since Canadians will still be able to use the app.
on Nov 10
From darkreading.com
Israel Battles Spike in Wartime Hacktivist, OT Cyberattacks
0 0
Israel's cybersecurity industry made strides in the past year despite the backdrop of the military conflict.
on Nov 9
From darkreading.com
6 Infotainment Bugs Allow Mazdas to Be Hacked With USBs
0 2
Direct cyberattacks on vehicles are all but unheard of. In theory though, the opportunity is there to cause real damage — data extraction, full system compromise, even gaining access to safety-critical systems.
on Nov 8