Enlarge (credit: Aurich Lawson | Getty Images) On Thursday, OpenAI announced a plugin system for its ChatGPT AI assistant. The plugins give ChatGPT the ability to interact with the wider world through the Internet, including booking flights, ordering groceries, browsing...

Enlarge / I mostly recognize this early laptop from its resemblance to a similar-looking computer in the film 2010. It's up for auction along with hundreds of other old Apple computers. (credit: Julien's Auctions) If you've been thinking your home...

Enlarge / An Orbi 750 series router. (credit: Netgear) If you rely on Netgear’s Orbi mesh wireless system to connect to the Internet, you’ll want to ensure it’s running the latest firmware now that exploit code has been released for...

Russia’s Kremlin ordered officials to stop using iPhones, apparently over concerns the devices could be vulnerable to Western intelligence agencies, Reuters reports. When surveillance-as-a-service firms sit exposed for brazenly undermining device security, it's hard to think there isn't an argument there. But the bigger story isn’t the harm to...

Microsoft has resolved 80 new CVEs this month in addition to four earlier CVEs, bringing the number of security issues addressed in this month's Patch Tuesday release to 84. Unfortunately, we have two zero-day flaws in Outlook (CVE-2023-23397) and Windows (CVE-2023-24880) that require a "Patch Now" release requirement for both...

The US government, worried about the continuing growth of cybercrime, ransomware, and countries including Russia, Iran, and North Korea hacking into government and private networks, is in the middle of drastically changing its cybersecurity strategy. No longer will it rely largely on prodding businesses and tech companies to voluntarily...

WooCommerce, a popular plug-in for running WordPress-based online stores, contains a critical vulnerability that could allow attackers to take over websites. Technical details about the vulnerability have not been published yet, but the WooCommerce team released updates and attackers could reverse-engineer the patch."Although what we know at this time...

SaaS-based external attack surface management (EASM) company Cyberpion has rebranded as Ionix, at the same time adding a clutch of new cybersecurity capabilities to its namesake offering.Designed to provide a “wider coverage and deeper focus” into its customers’ internet-facing assets and connected dependencies, the revamp of Ionix's system will...

Italian cybersecurity firm Cleafy has found “Nexus”, a new Android Trojan capable of hijacking online accounts and siphoning funds from them, to be targeting customers from 450 banks and cryptocurrency services worldwide.First observed in June 2022 as a variant of SOVA, another Android banking Trojan, Nexus has since improved...

The joint partnership represents expanded market opportunities.

In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest.

GitHub hastens to replace its RSA SSH host key after an exposure mishap threatens users with man-in-the-middle attacks and organization impersonation.

A new threat actor is racking up victims and showing unusual agility. Part of its success could spring from the use of the Nim programming language.

The idea of memory-safe languages is in the news lately. C/C++ is famous for being the world's system language (that runs most things) but also infamous for being unsafe. Many want to solve this by hard-forking the world's system code, either by changing C/C++ into something that's memory-safe, or rewriting everything...

Today is the 20th anniversary of the Slammer worm. I'm still angry over it, so I thought I'd write up my anger. This post will be of interest to nobody, it's just me venting my bitterness and get off my lawn!!Back in the day, I wrote "BlackICE", an intrusion...

I should write up a larger technical document on this, but in the meanwhile is this short (-ish) blogpost. Everything you know about RISC is wrong. It's some weird nerd cult. Techies frequently mention RISC in conversation, with other techies nodding their head in agreement, but it's all wrong....

Apple’s quarter-sized location tracker was hidden in a pill press by the DEA to conduct surveillance. The AirTag’s small size and reliability could make it an attractive tool for cops.

Cash App’s Barcelona-based business fined for anti-money laundering and terrorist financing failures, while Hindenburg Research shorts owner Block, citing ‘Wild West’ approach to compliance.

Consumer and environmental groups have hit out at new EU anti-greenwashing rules that they say fail to prevent companies spreading misinformation about their products.

Posted by Oliver Chang and Andrew Pollock, Google Open Source Security Team It is an interesting time for everyone concerned with open source vulnerabilities. The U.S. Executive Order on Improving the Nation's Cybersecurity requirements for vulnerability disclosure programs and assurances for software used by the US government will go...

Posted by Jasika Bawa, Chrome Security Team Starting in Chrome 111 we will begin to turn down the Chrome Cleanup Tool, an application distributed to Chrome users on Windows to help find and remove unwanted software (UwS). Origin story The Chrome Cleanup Tool was introduced in 2015...

Andy Warner, Google Trust Services, and Carl Krauss, Product Manager, Google DomainsWe’re excited to announce changes that make getting Google Trust Services TLS certificates easier for Google Domains customers. With this integration, all Google Domains customers will be able to acquire public certificates for their websites at no additional...

If you were sent a USB stick anonymously through the post, would you plug it into your computer? Perhaps you'll think twice when you hear what happened to these Ecuadorian journalists. Read more in my article on the Hot for Security blog.

A new report from ENISA, the European Union Agency for Cybersecurity, looking at cyberattacks targeting the European transport network over a period of almost two years, has identified that ransomware has become the prominent threat. Read more in my article on the Tripwire State of Security blog.

The world has gone ChatGPT bonkers. Which makes it an effective lure for cybercriminals who may want to break into accounts...

An unknown attacker group is targeting customer service agents at gambling and gaming companies with a new malware effort. Known as IceBreaker, the code is capable of stealing passwords and cookies, exfiltrating files, taking screenshots and running custom VBS scripts. While these are fairly standard functions, what sets IceBreaker apart...

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity...

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience.  Many companies must now protect their...

We rely primarily on technology to protect our sensitive data, including financial information, personal information, and corporate secrets, in the extremely digital world we live in today. Our personal and sensitive information is vulnerable to being obtained by evil people as technology is widely adopted. One of the methods...

In today’s digital world, businesses face various cybersecurity threats, including malware, hacking, and phishing scams. Insider threats, unfortunately, are widely ignored. These threats could emerge from former or present staff members, professionals, or affiliates with access to sensitive company data. Insiders can cause considerable harm to a business, either...

AI in cybersecurity positively affects the rapid evolution of technology, and the threat landscape for cyber-attacks has increased. Cybercriminals are developing increasingly complex attacks, making it increasingly difficult for businesses to keep up with their security measures. This is where Artificial Intelligence (AI) plays a huge role, as it...

Provides businesses with early warnings to evict threat actors before they can encrypt data

The vulnerability could allow an unauthenticated attacker to gain admin privileges and take over a website

The move reportedly did not stem from a compromise of GitHub systems or customer information

Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the app. The move comes just weeks after Chinese security researchers published an analysis suggesting the popular e-commerce app sought to seize total control over affected devices by exploiting...

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this...

The U.S. Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of running BreachForums, a popular English-language cybercrime forum where some of the world biggest hacked databases routinely first show up for sale. The forum’s administrator “Pompompurin” has been a thorn in the side...

Admin-level holes in websites are always a bad thing... and for "bad", read "worse" if it's an e-commerce site.

Listen now - latest episode. Full transcript inside.

Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem...

What if the "safe" images you shared after carefully cropping them... had some or all of the "unsafe" pixels left behind anyway?

Malware on an air-gapped computer can transmit data like Morse code by changing screen brightness in a way that's invisible to the naked eye but easily recorded with a camera.

Watch out for suspicious interview requests. 'The main focus of this phishing campaign was stealing email account information of the victims, and finding information about their contacts/networks,' the cybersecurity experts at Certfa Lab warned on Wednesday.

Google's Takeout service was designed to let people download their data, but accidentally sent videos from Google Photos accounts to strangers.

Customers complain that they are still having payment issues and are not able to contact customer service weeks after Dish Network suffered a ransomware attack.

Reverse-engineering reveals close similarities to BlackMatter ransomware, with some improvements

WooCommerce Payments runs on more than 6 million websites, so security teams that use the platform need to patch immediately or risk unauthenticated administrative takeover of their websites.

This is fascinating: “When a squid ends up chipping what’s called its ring tooth, which is the nail underneath its tentacle, it needs to regrow that tooth very rapidly, otherwise it can’t claw its prey,” he explains. This was intriguing news ­ and it sparked an idea in Hopkins lab where...

My latest book continues to sell well. Its ranking hovers between 1,500 and 2,000 on Amazon. It’s been spied in airports. Reviews are consistently good. I have been enjoying giving podcast interviews. It all feels pretty good right now. You can order a signed book from me here. For those of you...

In case you don’t have enough to worry about, people are hiding explosives—actual ones—in USB sticks: In the port city of Guayaquil, journalist Lenin Artieda of the Ecuavisa private TV station received an envelope containing a pen drive which exploded when he inserted it into a computer, his employer said. Artieda...

Backup tips for Apple users on World Backup Day. The post Apple backup tips for World Backup Day appeared first on SecureMac.

ICE breaks its own rules; Customer Proprietary Network Information and your privacy; the Kremlin ditches smartphones. The post Checklist 321: Not Phoning It In appeared first on SecureMac.

SVB scams and how to spot them. Plus: Simple steps to make iCloud safer. The post Checklist 320: Speedy Scams and Securing iCloud appeared first on SecureMac.

The US Cybersecurity and Infrastructure Security Agency (CISA) announced the Pre-Ransomware Notifications service to help organizations stop ransomware attacks before damage occurs. The US Cybersecurity and Infrastructure Security Agency announced a new Pre-Ransomware Notification initiative that aims at alerting organizations of early-stage ransomware attacks. The principle behind the initiative is simple, ransomware...

A patch for a critical vulnerability in the WooCommerce Payments plugin for WordPress has been released for over 500,000 websites. On March 23, 2023, researchers from Wordfence observed that the “WooCommerce Payments – Fully Integrated Solution Built and Supported by Woo” plugin had been updated to version 5.6.2. The WooCommerce Payments...

Cisco addressed tens of vulnerabilities in its IOS and IOS XE software, six of these issues have been rated ‘high severity’. Cisco published the March 2023 Semiannual IOS and IOS XE Software Security Advisory that addresses several vulnerabilities in IOS and IOS XE software. Below is the list of flaws...

The US Justice Department charged Conor Brian Fitzpatrick, founder of BreachForums, a major underground website for computer hackers. The post US Charges 20-Year-Old Head of Hacker Site BreachForums appeared first on SecurityWeek.

Researchers at French offensive hacking shop Synacktiv demonstrated successful exploit chains against Tesla’s newest electric car to take top billing at the annual Pwn2Own contest. The post Tesla Hacked Twice at Pwn2Own Exploit Contest appeared first on SecurityWeek.

The U.S. government’s cybersecurity agency ships a new tool to help network defenders hunt for signs of compromise in Microsoft’s Azure and M365 cloud deployments. The post CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections appeared first on SecurityWeek.

Addressing cybersecurity can be a challenge when the focus is on speed in software development and production life cycles. The post DevSecOps puts security in the software cycle appeared first on TechRepublic.

Cisco’s just-released 2023 Cybersecurity Index shows companies will invest more in security, but the solution may be a larger tent, not more umbrellas. The post Even after armed with defense tools, CISOs say successful cyberattacks are ‘inevitable’: New study appeared first on TechRepublic.

Microsoft has already seen millions of phishing emails sent every day by attackers using this phishing kit. Learn how to protect your business from this AitM campaign. The post Massive adversary-in-the-middle phishing campaign bypasses MFA and mimics Microsoft Office appeared first on TechRepublic.

UK has removed app over concerns data can be monitored by Chinese state, but public remain vulnerableTikTok is wildly popular, with more than 1 billion people consuming its short video posts around the world. But the app is less favoured by politicians in key markets such as the US...

Exclusive: Voiceprint program used by millions of Australians to access data held by government agencies shown to have a serious security flaw Get our morning and afternoon news emails, free app or daily news podcastA voice identification system used by the Australian government for millions of people has a...

A paper expanding on greater ability to intervene during hacks – especially on private companies – causes alarm among Coalition and GreensFollow our Australia news live blog for the latest updatesGet our morning and afternoon news emails, free app or daily news podcastLabor could face Senate difficulties if it...

Not a headline we expected to write today American cybersecurity officials have released an early-warning system to protect Microsoft cloud users.…

Getting connection failures? Don't panic. Get new keys Github has updated its SSH keys after accidentally publishing the private part to the world. Whoops.…

Liberté, égalité, reconnaissance faciale for all Despite the opposition of 38 civil society groups, the French National Assembly has approved the use of algorithmic video surveillance during the 2024 Paris Olympics.…

Paul speaks with Steve Orrin, the Federal CTO at Intel Corp about representing Intel and its technologies to Uncle Sam and the impact of the CHIPS Act a massive new federal investment in semiconductors. The post Episode 249: Intel Federal CTO Steve Orrin on the CHIPS Act and Supply...

Removing the ability to automate against a vulnerable API is a huge step forward, as automation is a key enabler for both the exploitation and the extraction of large amounts of sensitive data. The post Malicious Automation is driving API Security Breaches appeared first on The Security Ledger with Paul...

In this Spotlight episode of the Security Ledger podcast, I interview Itsik Kesler, the CTO of the threat intelligence firm Kela about the evolution of threat intelligence and findings from the company’s latest State of Cybercrime Threat Intelligence report. The post Spotlight: Making the Most of Cyber Threat Intelligence with Itsik Kesler of...Read...

Law enforcement agencies around the world appear to have scored a major victory in the fight against fraudsters, in an operation that seized tens of millions of dollars and seen more than 2000 people arrested. Operation “First Light 2022”, running for two months from March 8 2002 until May...

Presently sponsored by: Kolide ensures only secure devices can access your cloud apps. It's Device Trust tailor-made for Okta. Book a demo today.Why can't I audio right? It's my 339th video and I still make mistakes 🙂 But it came good and we got a decent show out of...

Presently sponsored by: Kolide ensures only secure devices can access your cloud apps. It's Device Trust tailor-made for Okta. Book a demo today.I'm going lead this post with where I finished the video because it brought the biggest smile to Charlotte's and my faces this week:This. Is. Amazing 😍...

Presently sponsored by: Kolide ensures only secure devices can access your cloud apps. It's Device Trust tailor-made for Okta. Book a demo today.What if I told you... that you could run a website from behind Cloudflare and only have 385 daily requests miss their cache and go through to...

Here are some of the key moments from the five hours of Shou Zi Chew's testimony and other interesting news on the data privacy front The post Highlights from TikTok CEO’s Congress grilling – Week in security with Tony Anscombe appeared first on WeLiveSecurity

As TikTok CEO attempts to placate U.S. lawmakers, it’s time for us all to think about the wealth of personal information that TikTok and other social media giants collect about us The post What TikTok knows about you – and what you should know about TikTok appeared first on WeLiveSecurity

Why your organization should consider an MDR solution and five key things to look for in a service offering The post Understanding Managed Detection and Response – and what to look for in an MDR solution appeared first on WeLiveSecurity

The interrogation of CEO Shou Zi Chew highlighted US lawmakers’ own failure to pass privacy legislation.

The embattled social media company brought out the checkbook to ensure at least 30 of its biggest assets—creators—were in DC to help fend off critics.

Image-editing tools from Google and Microsoft contain the “aCropalypse” bug, which can reveal information users intentionally removed.

On Thursday, Shou Zi Chew will meet a rare united front in the US Congress against the Chinese-owned social media app that has lawmakers in a tizzy.