For starters, it could launch a prompt injection attack on itself... The latest version of AI startup Anthropic's Claude 3.5 Sonnet model can use computers – and the developer makes it sound like that's a good thing.... [...]
Attacks on unprotected servers reach 'critical level' An unknown attacker is abusing exposed Docker Remote API servers to deploy perfctl cryptomining malware on victims' systems, according to Trend Micro researchers.... [...]
Don't ignore this nasty zero day exploit says TAG A nasty bug in Samsung's mobile chips is being exploited by miscreants as part of an exploit chain to escalate privileges and then remotely execute arbitrary code, according to Google security researchers.... [...]
Fight On, State? Not this time Pennsylvania State University has agreed to pay the Justice Department $1.25 million to settle claims of misrepresenting its cybersecurity compliance to the federal government and leaving sensitive data improperly secured.... [...]
You likely have never heard of Babel Street or Location X, but chances are good that they know a lot about you and anyone else you know who keeps a phone nearby around the clock. Reston, Virginia-located Babel Street is the little-known firm behind Location X, a service with …
Security shop and CISA urge rapid action Updated Fortinet has gone public with news of a critical flaw in its software management platform.... [...]
We know where you got your skinny jeans - big deal A data thief calling themselves Satanic claims to have purloined the records of around 350 million customers of fashion retailer Hot Topic.... [...]
Plus, a POC to make it extra easy for attackers A Microsoft SharePoint bug that can allow an attacker to remotely inject code into vulnerable versions is under active exploitation, according to the US Cybersecurity and Infrastructure Security Agency (CISA).... [...]
An advocacy groups is filing a Fourth Amendment challenge against automatic license plate readers. “The City of Norfolk, Virginia, has installed a network of cameras that make it functionally impossible for people to drive anywhere without having their movements tracked, photographed, and stored in an AI-assisted database that enables …
Not long ago, the ability to digitally track someone’s daily movements just by knowing their home address, employer, or place of worship was considered a dangerous power that should remain only within the purview of nation states. But a new lawsuit in a likely constitutional battle over a …
Azure Blob Storage, AWS, and Twilio keys all up for grabs An analysis of widely used mobile apps offered on Google Play and the Apple App Store has found hardcoded and unencrypted cloud service credentials, exposing millions of users to major security problems.... [...]
TaxSlayer, H&R Block, TaxAct, and Ramsey Solutions accused of sharing info with Meta and Google A quartet of lawmakers have penned a letter to the Department of Justice asking it to prosecute tax preparation companies for sharing customer data, including tax return information, with Meta and Google.... [...]
Understanding risk and identifying the root cause of an issue in a timely manner is critical to businesses. Amazon Web Services (AWS) offers multiple security services that you can use together to perform more timely investigations and improve the mean time to remediate issues. In this blog post, you …
Fortinet, a maker of network security software, has kept a critical vulnerability under wraps for more than a week amid reports that attackers are using it to execute malicious code on servers used by sensitive customer organizations. Fortinet representatives didn’t respond to emailed questions and have yet to …
Chip giant tells Uncle Sam someone could be making orders on the sly TSMC has reportedly tipped off US officials to a potential attempt by Huawei to circumvent export controls and obtain AI chips manufactured by the Taiwanese company.... [...]
If the first patches don't work, try, try again VMware has pushed a second patch for a critical, heap-overflow bug in the vCenter Server that could allow a remote attacker to fully compromise vulnerable systems after the first software update, issued last month, didn't work.... [...]
Unisys, Avaya, Check Point, and Mimecast settled with the agency without admitting or denying wrongdoing Four high-profile tech companies reached an agreement with the Securities and Exchange Commission to pay millions of dollars in penalties for misleading investors about their exposure to the 2020 SolarWinds hack.... [...]
The DORA research program has been investigating the capabilities, practices, and measures of high-performing technology-driven teams and organizations for more than a decade. It has published reports based on data collected from annual surveys of professionals working in technical roles, including software developers, managers, and senior executives. Today, we …
Crooks revert to old ways for greater efficiency Experts believe the Akira ransomware operation is up to its old tricks again, encrypting victims' files after a break from the typical double extortion tactics.... [...]
October 28, 2024: We updated the text and figure for security objective 1 to show Amazon Route 53 Resolver DNS Firewall. Amazon Virtual Private Cloud (Amazon VPC) endpoints—powered by AWS PrivateLink—enable customers to establish private connectivity to supported AWS services, enterprise services, and third-party services by using …
The headline is pretty scary: “ China’s Quantum Computer Scientists Crack Military-Grade Encryption.” No, it’s not true. This debunking saved me the trouble of writing one. It all seems to have come from this news article, which wasn’t bad but was taken widely out of proportion. Cryptography …
Miscreants combine it with an equally tricky piece of social engineering The Ghostpulse malware strain now retrieves its main payload via a PNG image file's pixels. This development, security experts say, is "one of the most significant changes" made by the crooks behind it since launching in 2023.... [...]
Note to Xi: Marco and Ted Cruz aren't the same person China's Spamouflage disinformation crew has been targeting US Senator Marco Rubio (R-Florida) with its fake news campaigns over the past couple of months, trolling the Republican lawmaker's official X account and posting negative stories about Rubio on Reddit …
Amazon Web Services (AWS) is excited to announce that 170 AWS services have achieved HITRUST certification for the 2024 assessment cycle, including the following 12 services that were certified for the first time: AWS AppFabric AWS Application Migration Service Amazon Bedrock AWS Clean Rooms Amazon DataZone AWS Entity Resolution …
Private equity giant Thoma Bravo adds another trophy to its growing collection British security biz Sophos has announced a plan to gobble up competitor Secureworks in an $859 million deal that will make Dell happy.... [...]
Dan O'Dowd tells El Reg about the OS secrets and ongoing clash with Musk Interview This month, presidential hopeful Donald Trump got a tool in his arsenal: some allegedly "unhackable" communications kit. The Register has talked to the man behind the operating system, who also ran for the US …
At Google Cloud, we believe that cloud computing will increasingly shift to private, encrypted services where users can be confident that their software and data are not being exposed to unauthorized actors. In support of this goal, our aim is to make confidential computing technology ubiquitous across our Cloud …
Like keeping your camera and microphone private? Patch up In revealing details about a vulnerability that threatens the privacy of Apple fans, Microsoft urges all macOS users to update their systems.... [...]
Welcome to the second post in our series on Security Guardians, a mechanism to distribute security ownership at Amazon Web Services (AWS) that trains, develops, and empowers builder teams to make security decisions about the software that they create. In the previous post, you learned the importance of building …
Tax farming is the practice of licensing tax collection to private contractors. Used heavily in ancient Rome, it’s largely fallen out of practice because of the obvious conflict of interest between the state and the contractor. Because tax farmers are primarily interested in short-term revenue, they have no …
Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them. [...]
It's true: Google Scholar profile of the renowned former physicist and polymath, Sir Isaac Newton bears a "verified email" note. According to Google Scholar, Isaac Newton is a "Professor of Physics, MIT" with a "Verified email at mit.edu." [...]
Also, new EU cyber reporting rules are live, exploiters hit the gas pedal, free PDNS for UK schools, and more in brief A critical security update for the near-ubiquitous WordPress plugin Jetpack was released last week. Site administrators should ensure the latest version is installed to keep their sites …
Cisco confirmed today that it took its public DevHub portal offline after a threat actor leaked "non-public" data, but it continues to state that there is no evidence that its systems were breached. [...]
Cute squid scarf. Blog moderation policy. [...]
Hackers breached ESET's exclusive partner in Israel to send phishing emails to Israeli businesses that pushed data wipers disguised as antivirus software for destructive attacks. [...]
Nidec Corporation is informing that hackers behind a ransomware attack is suffered earlier this year stole data and leaked it on the dark web. [...]
The latest generations of Intel processors, including Xeon chips, and AMD's older Zen 1, Zen 1+, and Zen 2 microarchitectures on Linux are vulnerable to new speculative execution attacks that bypass existing 'Spectre' mitigations. [...]
In 2024, the Federal Communications Commission (FCC) launched the K-12 Cybersecurity Pilot Program, a groundbreaking initiative backed by $200 million in funding. Learn more from Cynet about how schools and libraries can apply to this program. [...]
The Wall Street Journal is reporting that the CEO of a still unnamed company has been indicted for creating a fake auditing company to falsify security certifications in order to win government business. [...]
Multiple popular browsers have announced that they will no longer trust public certificates issued by Entrust later this year. Certificates that are issued by Entrust on dates up to and including November 11, 2024 will continue to be trusted until they expire, according to current information from browser makers …
Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being “ USDoD,” a prolific cybercriminal who rose to infamy in 2022 after infiltrating the FBI’s InfraGard program and leaking contact information for 80,000 members. More recently, USDoD was behind a breach at the consumer data broker …
SIM swappers strike again, warping cryptocurrency prices An Alabama man faces five years in prison for allegedly attempting to manipulate the price of Bitcoin by pwning the US Securities and Exchange Commission's X account earlier this year.... [...]
Says 'limited' incident isolated to 'partner company' ESET denies being compromised after an infosec researcher highlighted a wiper campaign that appeared to victims as if it was launched using the Slovak security shop's infrastructure.... [...]
Vulnerability reward programs play a vital role in driving security forward. By incentivizing security research, vulnerabilities can be found and fixed by vendors before they are potentially exploited by malicious actors, protecting users and strengthening security posture. Also known as bug bounties, Google has long been a leader in …
Chipzilla says it obeys the law wherever it is, which is nice Intel has responded to Chinese claims that its chips include security backdoors at the direction of America's NSA.... [...]
'My webcam isn't working today' is the new 'The dog ate my network' It's a pattern cropping up more and more frequently: a company fills an IT contractor post, not realizing it's mistakenly hired a North Korean operative. The phony worker almost immediately begins exfiltrating sensitive data, before being …
Propaganda op focuses on anti-West narratives to meddle with elections The US has placed a $10 million bounty on Russian media network Rybar and a number of its key staffers following alleged attempts to sway the upcoming US presidential election.... [...]
Globe Life claims blackmailers shared stolen into with short sellers US insurance provider Globe Life, already grappling with legal troubles, now faces a fresh headache: an extortion attempt involving stolen customer data.... [...]
Microsoft is warning enterprise customers that, for almost a month, a bug caused critical logs to be partially lost, putting at risk companies that rely on this data to detect unauthorized activity. [...]