In early July 2024, some of the world’s leading AI companies joined forces to create the Coalition for Secure AI (CoSAI). During a conversation with Infosecurity at Black Hat USA 2024, Jason Clinton, CISO at Anthropic, one of CoSAI’s founding members, explained some of the key goals of the new coalition and the cybersecurity focus
admin
Video Unsurprisingly, many discussions focused on the implications of the recent CrowdStrike outage, including the lessons it may have offered for bad actors 09 Aug 2024 This week was that time of the year when thousands of cybersecurity experts descended on Las Vegas to attend Black Hat USA, one of the world’s top cybersecurity conferences.
Aug 10, 2024Ravie LakshmananVulnerability / Mobile Security As many as 10 security flaws have been uncovered in Google’s Quick Share data transfer utility for Android and Windows that could be assembled to trigger remote code execution (RCE) chain on systems that have the software installed. “The Quick Share application implements its own specific application-layer communication
One of the US Cybersecurity and Infrastructure Security Agency’s (CISA) flagship initiatives is Secure by Design, launched in 2023. Now, the agency is imploring software customers to take the approach of Secure by Demand. This was the message given by CISA director Jen Easterly during the primary stage talk at Black Hat USA. “You have to
Business Security Cyber insurance is not only a safety net, but it can also be a catalyst for advancing security practices and standards Tony Anscombe 08 Aug 2024 • , 3 min. read If there was ever any doubt about the relationship between cybersecurity and the cyber insurance industry, then Black Hat USA 2024 dispelled
Aug 09, 2024Ravie LakshmananCloud Security / Data Protection Cybersecurity researchers have discovered multiple critical flaws in Amazon Web Services (AWS) offerings that, if successfully exploited, could result in serious consequences. “The impact of these vulnerabilities range between remote code execution (RCE), full-service user takeover (which might provide powerful administrative access), manipulation of AI modules, exposing
As the 2024 US election approaches, cybersecurity leaders intensify their efforts to safeguard the democratic process, drawing insights from global partners to address evolving threats. Jen Easterly, the director of the US Cybersecurity and Infrastructure Security Agency (CISA) spoke at Black Hat USA about her confidence in the integrity of the nation’s election officials. However,
Business Security Having knowledgeable leaders at the helm is crucial for protecting the organization and securing the best possible cyber insurance coverage Tony Anscombe 07 Aug 2024 • , 4 min. read The board does not understand cybersecurity – that’s not so anymore. Prior to the pandemic, the CISO and cybersecurity team were seen as
Aug 08, 2024Ravie LakshmananCyber Attack / Cyber Espionage The North Korea-linked threat actor known as Kimsuky has been linked to a new set of attacks targeting university staff, researchers, and professors for intelligence gathering purposes. Cybersecurity firm Resilience said it identified the activity in late July 2024 after it observed an operation security (OPSEC) error
The recent CrowdStrike IT outage served as a dress rehearsal for a potential cyber-attack on critical infrastructure that could potentially be orchestrated by a nation-state like China. The CrowdStrike IT outage was a useful exercise in what may happen if China were to act in a disruptive manner against critical systems. “It’s really about building
Aug 07, 2024Ravie LakshmananLinux / Vulnerability Cybersecurity researchers have shed light on a novel Linux kernel exploitation technique dubbed SLUBStick that could be exploited to elevate a limited heap vulnerability to an arbitrary memory read-and-write primitive. “Initially, it exploits a timing side-channel of the allocator to perform a cross-cache attack reliably,” a group of academics
Darktrace researchers have reported that 17.8 million phishing emails were detected between December 2023 and July 2024. The new report, published today at Black Hat USA, analyzes cyber-threats faced by businesses in the first half of the year and highlights the ongoing dominance of cybercrime-as-a-service. According to the new figures, models like malware-as-a-service (MaaS) and
Aug 06, 2024Ravie LakshmananEmail Security / Financial Fraud INTERPOL said it devised a “global stop-payment mechanism” that helped facilitate the largest-ever recovery of funds defrauded in a business email compromise (BEC) scam. The development comes after an unnamed commodity firm based in Singapore fell victim to a BEC scam in mid-July 2024. It refers to
A new report from HP Wolf Security has highlighted the growing danger from threat actors targeting physical device supply chains with 19% of organizations saying they have been impacted by nation-state threat actors targeting physical PC, laptop or printer supply chains. Of the 800 IT and security decision makers surveyed, almost all (91%) believe nation-state
Aug 05, 2024Ravie LakshmananThreat Intelligence / Vulnerability Cybersecurity researchers have uncovered design weaknesses in Microsoft’s Windows Smart App Control and SmartScreen that could enable threat actors to gain initial access to target environments without raising any warnings. Smart App Control (SAC) is a cloud-powered security feature introduced by Microsoft in Windows 11 to block malicious,
The UK’s National Cyber Security Centre (NCSC) has set out plans to launch a new version of its Active Cyber Defence (ACD) initiative to help businesses address evolving cyber-threats. ACD 2.0 will develop a “next generation” suite of cybersecurity tools and services that aim to plug gaps in the commercial market. The NCSC will also
Aug 03, 2024Ravie LakshmananDDoS Attack / Server Security Cybersecurity researchers have disclosed details of a new distributed denial-of-service (DDoS) attack campaign targeting misconfigured Jupyter Notebooks. The activity, codenamed Panamorfi by cloud security firm Aqua, utilizes a Java-based tool called mineping to launch a TCP flood DDoS attack. Mineping is a DDoS package designed for Minecraft
The US Environmental Protection Agency (EPA) urgently needs to address rising cyber risks to water and wastewater systems, a new report by the US Government Accountability Office (GAO) has found. The warning comes amid rising targeting of water systems, including by nation-state actors. In December 2023, the Cybersecurity and Infrastructure Security Agency (CISA) attributed a
Video Organizations that leveraged AI and automation in security prevention cut the cost of a data breach by US$2.22 million compared to those that didn’t deploy these technologies, according to IBM 02 Aug 2024 Organizations that leveraged the power of artificial intelligence (AI) and automation in security prevention cut the cost of a data breach
Aug 03, 2024Ravie LakshmananPrivacy / Data Protection The U.S. Department of Justice (DoJ), along with the Federal Trade Commission (FTC), filed a lawsuit against popular video-sharing platform TikTok for “flagrantly violating” children’s privacy laws in the country. The agencies claimed the company knowingly permitted children to create TikTok accounts and to view and share short-form
The UK’s Information Commissioner’s Office (ICO) has put 11 social media and video sharing platforms “on notice” for failing to do enough to safeguard children’s privacy. The regulator warned the 11 platforms that they could face enforcement action if they do not bring themselves into compliance or demonstrate a compelling reason for their current approach.
Aug 02, 2024Ravie LakshmananCyber Espionage / Malware A Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by nation-state threat actors with ties to China, according to new findings from Cisco Talos. The unnamed organization was targeted as early as mid-July 2023 to deliver a variety of backdoors and post-compromise tools
Russian Coms, the scam platform behind 1.8 million fraudulent calls, has been shut down by the UK’s National Crime Agency (NCA). Russian Coms was established in 2021 and is thought to be behind financial losses in the tens of millions of pounds, according to an NCA statement published on August 1. The NCA said
Business Security Many smaller organizations are turning to cyber risk insurance, both to protect against the cost of a cyber incident and to use the extensive post-incident services that insurers provide Tony Anscombe 31 Jul 2024 • , 4 min. read If we were to stop people on the street and ask for words to
Aug 01, 2024Ravie LakshmananVulnerability / Threat Intelligence Over a million domains are susceptible to takeover by malicious actors by means of what has been called a Sitting Ducks attack. The powerful attack vector, which exploits weaknesses in the domain name system (DNS), is being exploited by over a dozen Russian-nexus cybercriminal actors to stealthily hijack
An urgent appeal for blood donations has been issued following a ransomware attack on US blood donation center OneBlood. The non-profit center, headquartered in Florida, said the cyber-attack is impacting its software system, significantly reducing its capacity to collect, test and distribute blood to hospitals in Southeastern US. In a statement on July 31, Susan
ESET Research ESET researchers detected multiple, widespread phishing campaigns targeting SMBs in Poland during May 2024, distributing various malware families Jakub Kaloč 30 Jul 2024 • , 8 min. read Just a few months back, ESET Research published a blogpost about massive phishing campaigns across Central and Eastern Europe carried out during the second half
Jul 31, 2024Ravie LakshmananWeb Security / Compliance Certificate authority (CA) DigiCert has warned that it will be revoking a subset of SSL/TLS certificates within 24 hours due to an oversight with how it verified if a digital certificate is issued to the rightful owner of a domain. The company said it will be taking the
Security researchers have uncovered a sophisticated phishing campaign targeting Microsoft OneDrive users. The campaign employs advanced social engineering tactics to trick users into executing a PowerShell script, compromising their systems. The attack, discovered by the Trellix Advanced Research Center, begins with an email containing an HTML file urging users to resolve a DNS issue to
Generative AI (GenAI) is making waves across the world. Its popularity and widespread use has also attracted the attention of cybercriminals, leading to various cyberthreats. Yet much discussion around threats associated with tools like ChatGPT has focused on how the technology can be misused to help fraudsters create convincing phishing messages, produce malicious code or
- « Previous Page
- 1
- …
- 14
- 15
- 16
- 17
- 18
- …
- 123
- Next Page »