Spoiler alert: it turned me down. But that’s far from the only thing I learned while playing around with the bot that the world has fallen in love with so badly. When it was unleashed into an astonished world on November 30th 2022, ChatGPT became the fastest-growing web app ever, reaching a million users in the
admin
Feb 15, 2023The Hacker NewsSecOps / DevOps In an ideal world, security and development teams would be working together in perfect harmony. But we live in a world of competing priorities, where DevOps and security departments often butt heads with each other. Agility and security are often at odds with each other— if a new
Spain’s Policia Nacional has teamed up with the US Secret Service to dismantle a cybercrime gang that stole millions of dollars from US citizens and companies. Nine suspected members of the group have been arrested – eight in Madrid and one in Miami – after receiving close to €5m ($5.4m) from their victims, which they
by Paul Ducklin Apple has just released updates for all supported Macs, and for any mobile devices running the very latest versions of their respective operating systems. In version number terms: iPhones and iPads on version 16 go to iOS 16.3.1 and iPadOS 16.3.1 respectively (see HT213635). Apple Watches on version 9 go to watchOS
Small and medium-sized businesses have good reason to be concerned about the loss of data and financial impacts While tech advancements have enabled small and medium businesses (SMBs) to grow their business and allowed them to evolve their operational models, cybersecurity risks and threats can cancel any progress that has been made so far. Underlying
Feb 14, 2023Ravie LakshmananCryptocurrency / Software Security Malicious actors have published more than 451 unique Python packages on the official Python Package Index (PyPI) repository in an attempt to infect developer systems with clipper malware. Software supply chain security company Phylum, which spotted the libraries, said the ongoing activity is a follow-up to a campaign
Security researchers have discovered another sizeable haul of malicious packages on the npm and PyPI open source registries, which could cause issues if unwittingly downloaded by developers. In January, Sonatype said it found 691 malicious npm packages and 49 malicious PyPI components containing crypto-miners, remote access Trojans (RATs) and more. The discoveries by the firm’s
There have been a number of reports of attacks on industrial control systems (ICS) in the past few years. Looking a bit closer, most of the attacks seem to have spilt over from traditional IT. That’s to be expected, as production systems are commonly connected to ordinary corporate networks at this point. Though our data
The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new Cybersecurity Advisory (CSA) on Thursday warning critical infrastructure sector entities against ongoing North Korean state-sponsored ransomware activity. Part of the #StopRansomware campaign, the new advisory is a result of a collaboration between CISA, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Department
by Naked Security writer In October 2022, we asked you to imagine being stuck in the following awful situation: Imagine that you’d spoken in what you thought was total confidence to a psychotherapist, but the contents of your sessions had been saved for posterity, along with precise personal identification details such as your unique national
Feb 11, 2023Ravie LakshmananRansomware / Endpoint Security After the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a decryptor for affected victims to recover from ESXiArgs ransomware attacks, the threat actors have bounced back with an updated version that encrypts more data. The emergence of the new variant was reported by a system administrator on
Reddit suffered a cyber-attack after its internal systems were breached on February 05 due to a “sophisticated” and “highly-targeted” phishing attack that led to employee credential compromise. “The attacker sent out plausible-sounding prompts pointing employees to a website that cloned the behavior of our intranet gateway in an attempt to steal credentials and second-factor tokens,”
by Paul Ducklin Popular social media site Reddit – “orange Usenet with ads”, as we’ve somewhat ungraciously heard it described – is the latest well-known web property to suffer a data breach in which its own source code was stolen. In recent weeks, LastPass and GitHub have confessed to similar experiences, with cyercriminals apparently breaking
What is behind the drop in ransomware and what should still be done for containing the ransomware scourge? Ransomware detections fell by 20% between 2021 and 2022, according to ESET’s latest Threat Report. What is behind the drop, why is ransomware still a huge problem, and what has yet to be done before the ransomware
Suspected Russian threat actors have been targeting Eastern European users in the crypto industry with fake job opportunities as bait to install information-stealing malware on compromised hosts. The attackers “use several highly obfuscated and under-development custom loaders in order to infect those involved in the cryptocurrency industry with Enigma stealer,” Trend Micro researchers Aliakbar Zahravi
The number of published industrial control system (ICS) vulnerabilities has grown by almost 70% in the past three years, with over a fifth still not patched by manufacturers, according to SynSaber. The security vendor analyzed advisories published by the US Cybersecurity and Infrastructure Security Agency (CISA) between January 1 2020 and December 31 2022 in
by Paul Ducklin CAN YOU GET HACKED AND THEN PROSECUTED FOR IT? Cryptocurrency crimelords. Security patches for VMware, OpenSSH and OpenSSL. Medical breacher busted. Is that a bug or a feature? Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin Intro
Your smart speaker is designed to listen, but could it be eavesdropping too? Ever since Amazon came under fire for being able to potentially listen in on people through its Echo smart speakers, and even transcribe what they were saying, I have been intrigued by the idea of how IoT could be used to snoop
Feb 10, 2023Ravie LakshmananThreat Intelligence / Ransomware State-backed hackers from North Korea are conducting ransomware attacks against healthcare and critical infrastructure facilities to fund illicit activities, U.S. and South Korean cybersecurity and intelligence agencies warned in a joint advisory. The attacks, which demand cryptocurrency ransoms in exchange for recovering access to encrypted files, are designed
Three individuals including a married couple have been arrested in connection with a fraud scheme that may have cost several companies millions of dollars. Officers from the UK’s National Crime Agency (NCA) searched two properties in Loughborough and Lytham St Annes, arresting a man in his fifties and his wife, as well as a second
by Paul Ducklin Cybersecurity news, in Europe at least, is currently dominated by stories about “VMWare ESXi ransomware” that is doing the rounds, literally and (in a cryptographic sense at least) figuratively. CERT-FR, the French government’s computer emergency response team, kicked off what quickly turned into a mini-panic at the tail end of last week,
A view of the T3 2022 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts In 2022, an unprovoked and unjustified attack on Ukraine shocked the world, bringing devastating effects on the country and its population. The war continues to impact everything from energy prices and
Feb 09, 2023Ravie LakshmananCyber Attack / Cyber Threat A previously unknown threat actor dubbed NewsPenguin has been linked to a phishing campaign targeting Pakistani entities by leveraging the upcoming international maritime expo as a lure. “The attacker sent out targeted phishing emails with a weaponized document attached that purports to be an exhibitor manual for
Recorded business email compromise (BEC) attacks increased by more than 81% during 2022 and by 175% over the past two years, with open rates on malicious emails also surging, according to Abnormal Security. The security vendor analyzed data from its customers to help compile its H1 2023 threat report, Read Alert. It found the median
by Paul Ducklin OpenSSL, probably the best-known if not the most widely-used encryption library in the world, has just release a trifecta of security updates. These patches cover the two current open-source versions that the organisation supports for everyone, plus the “old” 1.0.2-version series, where updates are only available to customers who pay for premium
No internet, perfect security? Two ESET researchers perform a thought experiment where they consider the implications of being plunged into digital darkness. Not every computer problem is due to a war in Ukraine, or the failure of the power grid in Texas. But let’s say your network access gets shut off from the rest of
Feb 08, 2023Ravie LakshmananThreat Intelligence / Data Safety A Russia-linked threat actor has been observed deploying a new information-stealing malware in cyber attacks targeting Ukraine. Dubbed Graphiron by Broadcom-owned Symantec, the malware is the handiwork of an espionage group known as Nodaria, which is tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as
A government-backed competition to encourage school-aged children to pursue a career in cybersecurity persuaded thousands across the UK to enter this year. Thirteen teams were named champions of their region at the 2023 CyberFirst Girls Competition finals last weekend, with more than 8700 entering the contest, according to the National Cyber Security Centre (NCSC). After
by Paul Ducklin DO WE REALLY NEED A NEW “WAR AGAINST CRYPTOGRAPHY”? We talk to renowned cybersecurity author Andy Greenberg about his tremendous new book, Tracers in the Dark. Hear Andy’s thoughtful commentary on cybercrime, law enforcement, anonymity, privacy, and whether we really need a “war against cryptography” – codes and ciphers that the government
As children’s safety and privacy online becomes a matter of increasing urgency, lawmakers around the world push ahead on new regulations in the digital realm Tomorrow is Safer Internet Day (SID), an annual awareness campaign that started in Europe in 2004 and that aims to highlight the need for people to enjoy the benefits of
- « Previous Page
- 1
- …
- 64
- 65
- 66
- 67
- 68
- …
- 123
- Next Page »