What if there was a way to sneak malicious instructions into Claude, Copilot, or other top-name AI chatbots and get confidential data out of them by using characters large language models can recognize and their human users can’t? As it turns out, there was—and in some cases …
Forty new variants of the TrickMo Android banking trojan have been identified in the wild, linked to 16 droppers and 22 distinct command and control (C2) infrastructures, with new features designed to steal Android PINs. [...]
This is a current list of where and when I am scheduled to speak: I’m speaking at SOSS Fusion 2024 in Atlanta, Georgia, USA. The event will be held on October 22 and 23, 2024, and my talk is at 9:15 AM ET on October 22, 2024 …
Japanese video game developer Game Freak has confirmed it suffered a cyberattack in August after source code and game designs for unpublished games were leaked online. [...]
Technologies that help SOCs detect, analyze, and respond to emerging threats faster and more accurately Sponsored Post This article discusses some of the challenges traditional SOCs face and how integrating artificial intelligence/machine learning (AI/ML) modules could help solve the challenges faced by security professionals and organizations.... [...]
Florida man gets his hands on 'the best ever' With less than a month to go before American voters head to the polls to choose their next president, the Trump campaign has been investing in secure tech to make sure it doesn't get hacked again.... [...]
No excuses for not patching this nine-month-old issue More than 86,000 Fortinet instances remain vulnerable to the critical flaw that attackers started exploiting last week, according to Shadowserver's data.... [...]
Perfectl in an impressive piece of malware: The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua Security said. It can also …
Let Okta lift the lid on customer identity in this series of webinars Sponsored Post Recent reports suggest that stolen identity and privileged access credentials now account for 61 percent of all data breaches.... [...]
With an off-the-shelf D-Wave machine, but only against very short keys Chinese researchers claim they have found a way to use D-Wave's quantum annealing systems to develop a promising attack on classical encryption.... [...]
Google's Chrome Web Store is now warning that the uBlock Origin ad blocker and other extensions may soon be blocked as part of the company's deprecation of the Manifest V2 extension specification. [...]
The Iranian state-sponsored hacking group APT34, aka OilRig, has recently escalated its activities with new campaigns targeting government and critical infrastructure entities in the United Arab Emirates and the Gulf region. [...]
Reading, writing, and cyber mayhem, amirite? If we were to draw an infosec Venn diagram, with one circle representing "sensitive info that attackers would want to steal" and the other "limited resources plus difficult-to-secure IT environments," education would sit in the overlap.... [...]
Microsoft has officially deprecated the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) in future versions of Windows Server, recommending admins switch to different protocols that offer increased security. [...]
OpenAI has disrupted over 20 malicious cyber operations abusing its AI-powered chatbot, ChatGPT, for debugging and developing malware, spreading misinformation, evading detection, and conducting spear-phishing attacks. [...]
Also, phishing's easier over the phone, and your F5 cookies might be unencrypted, and more in brief If you need an excuse to improve your patching habits, a joint advisory from the US and UK governments about a massive, ongoing Russian campaign exploiting known vulnerabilities should do the trick …
Researchers point to evidence that scumbags visited the strategy boutique Researchers at Palo Alto's Unit 42 believe the INC ransomware crew is no more and recently rebranded itself as Lynx over a three-month period.... [...]
Cyberspies abusing a backdoor? Groundbreaking Lawmakers are demanding answers about earlier news reports that China's Salt Typhoon cyberspies breached US telecommunications companies Verizon, AT&T, and Lumen Technologies, and hacked their wiretapping systems. They also urge federal regulators to hold these companies accountable for their infosec practices - or lack …
Fishermen in Tamil Nadu are reporting smaller catches of squid. Blog moderation policy. [...]
In July, I wrote about my new book project on AI and democracy, to be published by MIT Press in fall 2025. My co-author and collaborator Nathan Sanders and I are hard at work writing. At this point, we would like feedback on titles. Here are four possibilities: Rewiring …
CISA is warning that threat actors have been observed abusing unencrypted persistent F5 BIG-IP cookies to identify and target other internal devices on the targeted network. [...]
At the doctor’s | Phone safety | Passwords | Heinz advert Lucy Mangan, writing about her doctor joking about her kidneys ( Digested week, 4 October ), reminded me of having an examination for an enlarged prostate. As I lay on the couch waiting for the procedure, my doctor said: “In accordance with …
Operating a telecommunications network is more than just connecting phone calls, or helping people share funny videos online. Telecom networks are critical components of our society’s infrastructure. Telecom operators face a wide array of risks to the critical communication services they provide and the sensitive data they protect …
Casio now confirms it suffered a ransomware attack earlier this month, warning that the personal and confidential data of employees, job candidates, and some customers was also stolen. [...]
Roadside assistance biz praised for deploying security monitoring software and reporting workers to cops Two former workers at roadside assistance provider RAC were this week given suspended sentences after illegally copying and selling tens of thousands of lines of personal data on people involved in accidents.... [...]
What's harder? Convincing people to invest in a beleaguered security business or a tiny island everybody hates? Keir Starmer's decision to appoint Poppy Gustafsson as the UK's new investment minister is being resoundingly praised despite the former Darktrace boss spending years failing to fully rebuild investor confidence in the …
After retiring in 2014 from an uncharacteristically long tenure running the NSA (and US CyberCommand), Keith Alexander founded a cybersecurity company called IronNet. At the time, he claimed that it was based on IP he developed on his own time while still in the military. That always troubled me …
It worked – alleged pump and dump schemers arrested in UK, US and Portugal this week The FBI created its own cryptocurrency so it could watch suspected fraudsters use it – an idea that worked so well it produced arrests in three countries.... [...]
Acknowledges bulk customer data leak weeks after Telegram channels dangled it online Leading Indian health insurance provider Star Health has admitted to being the victim of a cyber attack after criminals claimed they had posted records of 30-milion-plus clients online.... [...]
Ransomware gangs now exploit a critical security vulnerability that lets attackers gain remote code execution (RCE) on vulnerable Veeam Backup & Replication (VBR) servers. [...]
But hey, no worries, the firm claims no evidence of data misuse Fidelity Investments has notified 77,099 people that their personal information was stolen in an August data breach.... [...]
Marriott International and its subsidiary Starwood Hotels will pay $52 million and create a comprehensive information security program as part of settlements for data breaches that impacted over 344 million customers. [...]
U.S. and U.K. cyber agencies warned today that APT29 hackers linked to Russia's Foreign Intelligence Service (SVR) target vulnerable Zimbra and JetBrains TeamCity servers "at a mass scale." [...]
Fidelity Investments, a Boston-based multinational financial services company, disclosed that the personal information of over 77,000 customers was exposed after its systems were breached in August. [...]
The Underground ransomware gang has claimed responsibility for an October 5 attack on Japanese tech giant Casio, which caused system disruptions and impacted some of the firm's services. [...]
/ Generative AI is transforming industries in new and exciting ways every single day. At Amazon Web Services (AWS), security is our top priority, and we see security as a foundational enabler for organizations looking to innovate. As you prepare for AWS re:Invent 2024, make sure that these essential …
Project Shield has helped news, human rights, and elections-related organizations defend against distributed denial of service (DDoS) attacks since 2013 as part of Google's commitment to keep online content universally accessible. The solution has helped keep election resources online, supported news reporting during pivotal geopolitical events, and helped governments …
GitLab has released security updates to address multiple flaws in Community Edition (CE) and Enterprise Edition (EE), including a critical arbitrary branch pipeline execution flaw. [...]
After a great event last month in San Jose, Ars is switching coasts for October and descending in force on our nation's capital. If you're on the East Coast and want to come hang out with Ars EIC Ken Fisher and me while we talk to some neat speakers …
Unlock the power of generative AI with AWS Webinar Generative AI (GenAI) has quickly transitioned from an emerging concept to a core driver of innovation across lots of different industries.... [...]
Researcher spots 110 TB of sensitive info sitting in unprotected database Nearly 32 million records belonging to users of tech from Trackman were left exposed to the internet, sitting in a non-password protected database, for an undetermined amount of time, according to researcher Jeremiah Fowler.... [...]
Usual three-week window to address significant risks to federal agencies applies The US Cybersecurity and Infrastructure Security Agency (CISA) says vulnerabilities in Fortinet and Ivanti products are now being exploited, earning them places in its Known Exploited Vulnerabilities (KEV) catalog.... [...]
AWS is deeply committed to earning and maintaining the trust of customers who rely on us to run their workloads. Security has always been our top priority, which includes designing our own services with security in mind at the outset, and taking proactive measures to mitigate potential threats so …
Firefixed: It's maintenance time for low-complexity, high-impact security flaw It's patch time for Firefox fans as Mozilla issues a security advisory for a critical code execution vulnerability in the browser.... [...]
An Australian news agency is reporting that robot vacuum cleaners from the Chinese company Deebot are surreptitiously taking photos and recording audio, and sending that data back to the vendor to train their AIs. Ecovacs’s privacy policy— available elsewhere in the app —allows for blanket collection of user …
Let the SANS AI Toolkit promote secure and responsible use of AI tools in the workplace Sponsored Post It's Cybersecurity Awareness Month again this October - a timely reminder for public and private sector organisations to work together and raise awareness about the importance of cybersecurity.... [...]
Apply comprehensive security with access control, secure coding, infrastructure protection and AI governance Partner Content As generative AI (GenAI) becomes increasingly integrated into the corporate world, it is transforming everyday operations across various industries.... [...]
Two arrested after allegedly trying to make off with their ill-gotten gains The alleged administrators of the infamous Bohemia and Cannabia dark web marketplaces have been arrested after apparently shuttering the sites and trying to flee with their earnings.... [...]
31M folks' usernames, email addresses, salted-encrypted passwords now out there The Internet Archive had a bad day on the infosec front, after being DDoSed and having had its user account data stolen in a security breach.... [...]
Archive.org, one of the only entities to attempt to preserve the entire history of the World Wide Web and much of the broader Internet, was recently compromised in a hack that revealed data on roughly 31 million users. A little after 2 pm California time, social media sites …