October, 2024

article thumbnail

Secure Your World with Phishing Resistant Passkeys

Thales Cloud Protection & Licensing

Secure Your World with Phishing Resistant Passkeys madhav Thu, 10/10/2024 - 05:12 As we celebrate Cybersecurity Awareness Month 2024 with the theme "Secure Our World," exploring innovative technologies is crucial to help us achieve this goal. One such advancement that's revolutionizing online security and user authentication is passkeys. Passkeys represent a significant leap forward in creating a safer digital landscape, aligning perfectly with the mission to secure our world.

Phishing 133
article thumbnail

Generative AI in Cybersecurity: A Mixed Bag

Data Breach Today

Forrester Analyst Allie Mellen on Misaligned Expectations and Future Trends Generative AI has shown some value in cybersecurity, but it hasn’t met early hopes for handling complex incident responses or providing precise recommendations. Analyst Allie Mellen discusses where AI fell short, why companies are deprioritizing it, and potential use cases in 2025.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

News alert: SpyCloud accelerates supply chain risk analysis with new ‘IDLink’ correlation capability

The Last Watchdog

Austin, TX, Oct. 10th, 2024, CyberNewswire — SpyCloud, the leader in Identity Threat Protection, announced that its SaaS Investigations solution has been enhanced with identity analytics that illuminate the scope of digital identities and accelerate successful outcomes of complex investigations from days or hours to minutes. SpyCloud Investigations is a powerful cybercrime and identity threat investigation solution used by analysts and investigators to discover and act on threats by naviga

Risk 286
article thumbnail

The Shitposting Cartoon Dogs Sending Trucks, Drones, and Weapons to Ukraine’s Front Lines

WIRED Threat Level

The North Atlantic Fella Organization, which started as a way to fight Kremlin propaganda, has raised millions of dollars to send vital equipment directly to soldiers fighting Russia.

Security 143
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

How ChatGPT scanned 170k lines of code in seconds, saving me hours of work

Collaboration 2.0

Have a question that requires a lot of text or numerical analysis? Consider running it by ChatGPT or another popular model -- the answer might surprise you.

IT 142

More Trending

article thumbnail

Passwordless Authentication without Secrets!

Thales Cloud Protection & Licensing

Passwordless Authentication without Secrets! divya Fri, 10/11/2024 - 08:54 As user expectations for secure and seamless access continue to grow, the 2024 Thales Consumer Digital Trust Index (DTI) research revealed that 65% of users feel frustrated with frequent password resets. This highlights an increasing demand for advanced authentication methods like passkeys and multi-factor authentication (MFA), which provide robust security for most use cases.

article thumbnail

Career Advice: Cybersecurity Means Business

Data Breach Today

Understanding the Impact of Security on the Business Makes You More Effective With cybersecurity now embedded across all industries and functions, the importance of aligning security measures with business objectives has never been greater. Here’s why being business savvy is crucial in cybersecurity - and how you can cultivate it to become a more effective professional.

article thumbnail

Law Enforcement Deanonymizes Tor Users

Schneier on Security

The German police have successfully deanonymized at least four Tor users. It appears they watch known Tor relays and known suspects, and use timing analysis to figure out who is using what relay. Tor has written about this. Hacker News thread.

IT 126
article thumbnail

Inside Sophos' 5-Year War With the Chinese Hackers Hijacking Its Devices

WIRED Threat Level

Sophos went so far as to plant surveillance “implants” on its own devices to catch the hackers at work—and in doing so, revealed a glimpse into China's R&D pipeline of intrusion techniques.

IT 132
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

AI scams have infiltrated the knitting and crochet world - why it matters for everyone

Collaboration 2.0

Using AI, scammers are creating frustrating - and expensive - problems for makers. Here's how to spot AI-generated patterns - and why anyone who relies on downloaded instructions should pay attention.

IT 128
article thumbnail

WordPress LiteSpeed Cache plugin flaw could allow site takeover

Security Affairs

A high-severity flaw in the WordPress LiteSpeed Cache plugin could allow attackers to execute arbitrary JavaScript code under certain conditions. A high-severity security flaw, tracked as CVE-2024-47374 (CVSS score 7.2), in the LiteSpeed Cache plugin for WordPress could allow attackers to execute arbitrary JavaScript. The vulnerability is a stored cross-site scripting (XSS) issue impacting versions up to 6.5.0.2.

Access 131
article thumbnail

American Water Shuts Down Services After Cybersecurity Breach

eSecurity Planet

American Water, one of the largest water utility providers in the United States, fell victim to a cyberattack that disrupted its billing systems, throwing light on the increasing vulnerability of critical infrastructure to such threats. While water services were not interrupted, the breach temporarily paused the company’s billing operations, causing customer concern.

article thumbnail

Microsoft Warns of Ongoing Russian Intelligence Campaign

Data Breach Today

Russian SVR Targeting Government, Academia, Defense Organizations Globally A Russian-state hacking group is posing as Microsoft employees and sending malicious configuration files as email attachments to target organizations across the world. The campaign has the hallmarks of a Midnight Blizzard phishing campaign although its use of an RDP configuration file is novel.

Phishing 298
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Tracking World Leaders Using Strava

Schneier on Security

Way back in 2018, people noticed that you could find secret military bases using data published by the Strava fitness app. Soldiers and other military personal were using them to track their runs, and you could look at the public data and find places where there should be no people running. Six years later, the problem remains. Le Monde has reported that the same Strava data can be used to track the movements of world leaders.

Military 120
article thumbnail

Millions of People Are Using Abusive AI ‘Nudify’ Bots on Telegram

WIRED Threat Level

Bots that “remove clothes” from images have run rampant on the messaging app, allowing people to create nonconsensual deepfake images even as lawmakers and tech companies try to crack down.

article thumbnail

Ray-Ban Meta vs. GoPro: I took my smart glasses fly fishing and it was surprisingly relaxing

Collaboration 2.0

Fishing is one of my favorite ways to decompress and take in the beauty of the world around me. Meta's Ray-Ban smart glasses helped me capture that without diminishing the experience at all - unlike some other gadgets I've tried.

IT 126
article thumbnail

Thousands of Adobe Commerce e-stores hacked by exploiting the CosmicSting bug

Security Affairs

Over 4,000 unpatched Adobe Commerce and Magento stores have been compromised by exploiting critical vulnerability CVE-2024-34102. Sansec researchers reported that multiple threat actors have exploited a critical Adobe Commerce vulnerability, tracked as CVE-2024-34102 (aka CosmicSting, CVSS score of 9.8), to compromise more than 4,000 e-stores over the past three months.

CMS 123
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Top 9 Trends In Cybersecurity Careers for 2025

eSecurity Planet

Technologies that were figments of the imagination a dozen years ago, if they were conceived of at all, quickly become mainstream — think generative artificial intelligence (GenAI) or blockchain. As they do, they create more security vulnerabilities and inherent business, changing the nature of cybersecurity careers. According to research by IBM Corp. and the Ponemon Institute, the average security breach cost reached $4.88 million in 2024 — 10% more than the previous year and the highest averag

article thumbnail

Electric Vehicle Charging Stations at Risk From Hack Attacks

Data Breach Today

Many Charging Cable Interfaces Have Exposed SSH and HTTP Ports, Researchers Warn Researchers demonstrated that multiple brands of EV charging stations have vulnerabilities due to manufacturers often leaving open and unsecured SSH and HTTP ports. The risks of these vulnerabilities range from an expanded attack surface to a launching pad for assaults on the power grid.

Risk 304
article thumbnail

No, The Chinese Have Not Broken Modern Encryption Systems with a Quantum Computer

Schneier on Security

The headline is pretty scary: “ China’s Quantum Computer Scientists Crack Military-Grade Encryption.” No, it’s not true. This debunking saved me the trouble of writing one. It all seems to have come from this news article , which wasn’t bad but was taken widely out of proportion.

article thumbnail

A Window into Your Photos: Revealing How Sideloaded Apps Can Secretly Monitor Your Images

Jamf

In the ever-evolving realm of cybersecurity, staying ahead of malicious threats is essential. At Jamf, we are committed to proactively identifying and mitigating risks to iOS devices. Learn how in our latest post.

article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

I converted a mini PC running Windows 11 into a Linux workstation, and it blew me away

Collaboration 2.0

If you're looking for a small form-factor PC that doesn't skimp on performance, the Herk Orion might be just what you need.

IT 140
article thumbnail

New version of Android malware FakeCall redirects bank calls to scammers

Security Affairs

The latest FakeCall malware version for Android intercepts outgoing bank calls, redirecting them to attackers to steal sensitive info and bank funds. Zimperium researchers spotted a new version of the FakeCall malware for Android that hijacks outgoing victims’ calls and redirects them to the attacker’s phone number. The malware allows operators to steal bank users’ sensitive information and money from their bank accounts.

Phishing 119
article thumbnail

Deceptive Google Meet Invites Lures Users Into Malware Scams

eSecurity Planet

The reliance on virtual meetings has skyrocketed after the pandemic, making platforms like Google Meet and Zoom integral to our daily personal and professional communication. However, this surge in usage has also opened the door to a growing array of cybersecurity threats. One of the most concerning tactics currently on the rise is the ClickFix campaign — a sophisticated phishing scheme targeting unsuspecting Google Meet users.

Phishing 124
article thumbnail

UK Depends on Foreign Investment for AI, Hindering Scale

Data Breach Today

Scaling Business Often a Challenge in the Country, Experts Told Lawmakers Dependence on foreign capital in the United Kingdom for investments into artificial intelligence will stymie British technological progress, a parliamentary committee heard Tuesday.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Simpson Garfinkel on Spooky Cryptographic Action at a Distance

Schneier on Security

Excellent read. One example: Consider the case of basic public key cryptography, in which a person’s public and private key are created together in a single operation. These two keys are entangled, not with quantum physics, but with math. When I create a virtual machine server in the Amazon cloud, I am prompted for an RSA public key that will be used to control access to the machine.

Risk 114
article thumbnail

North Korean IT Worker Threat: 10 Critical Updates to Your Hiring Process

KnowBe4

KnowBe4 was asked what changes were made in the hiring process after the North Korean (DPRK) fake IT worker discovery. Here is the summary and we strongly suggest you talk this over with your own HR department and make these same changes or similar process updates. If you are new to this story, here is the original post.

IT 117
article thumbnail

I took my Ray-Ban Meta smart glasses fly fishing, and they beat GoPro in several surprising ways

Collaboration 2.0

Fishing is one of my favorite ways to decompress and take in the beauty of the world around me. Meta's Ray-Ban smart glasses helped me capture that without diminishing the experience at all - unlike some other gadgets I've tried.

116
116