Credit to Author: BrianKrebs| Date: Thu, 15 Jun 2023 15:40:09 +0000
The U.S. government agency in charge of improving the nation’s cybersecurity posture is ordering all federal civilian agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances.
Read more
Credit to Author: BrianKrebs| Date: Tue, 13 Jun 2023 20:44:28 +0000
Microsoft Corp. today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. This month’s relatively light patch load has another added bonus for system administrators everywhere: It appears to be the first Patch Tuesday since March 2022 that isn’t marred by the active exploitation of a zero-day vulnerability in Microsoft’s products.
Read more
Credit to Author: BrianKrebs| Date: Thu, 08 Jun 2023 20:17:06 +0000
It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks, as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely updated with software fixes.
Read more
Vision Pro, Apple Silicon, Macs, new enterprise tools — and privacy protection were all among the many WWDC announcements Apple made this week.
Introducing these protections, Craig Federighi, Apple’s senior vice president for software engineering said: “We are focused on keeping our users in the driver’s seat when it comes to their data by continuing to provide industry-leading privacy features and the best data security in the world.
Cisco is adding new generative AI capabilities to its Webex collaboration platform, aimed at increasing productivity through automated meeting and conversation summaries.
The new offerings, announced at the Cisco Live! customer event in Las Vegas on Wednesday, include summarization capabilities that allow users to catch up on missed meetings or focus on the most important action items from a call. The capabilities also extend to Cisco’s asynchronous Vidcast tool and the Webex Contact Center.
Credit to Author: BrianKrebs| Date: Tue, 06 Jun 2023 20:09:13 +0000
One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to create large numbers of new throwaway email accounts. Now a new service offers to help dramatically cut costs associated with large-scale spam and account creation campaigns, by paying people to sell their email account credentials and letting customers temporarily rent access to a vast pool of established accounts at major providers.
Read more
Ever since generative AI exploded into public consciousness with the launch of ChatGPT at the end of last year, calls to regulate the technology to stop it from causing undue harm have risen to fever pitch around the world. The stakes are high — just last week, technology leaders signed an open public letter saying that if government officials get it wrong, the consequence could be the extinction of the human race.
Credit to Author: BrianKrebs| Date: Thu, 01 Jun 2023 16:15:34 +0000
Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive to cybercriminal groups, who prize their ability to add stealth and longevity to malicious software. This post is a deep dive on “Megatraffer,” a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015.
Read more
Credit to Author: BrianKrebs| Date: Wed, 31 May 2023 00:19:17 +0000
A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark.
Read more
Hundreds of tech industry leaders, academics, and others public figures signed an open letter warning that artificial intelligence (AI) evolution could lead to an extinction event and saying that controlling the tech should be a top global priority.
“Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war,” read the statement published by San Francisco-based Center for AI Safety.
The brief statement in the letter reads almost like a mea culpa for the technology about which its creators are now joining together to warn the world.