Products & Services
Products & Services
New report illuminates why OpenAI board said Altman “was not consistently candid”
Insider report details clash over one board member's criticism in an academic paper.
Due to AI, “We are about to enter the era of mass spying,” says Bruce Schneier
Schneier: AI will enable a shift from observing actions to interpreting intentions, en masse.
IBM, Meta form “AI Alliance” with 50 organizations to promote open source AI
What's the opposite of OpenAI? IBM and Meta devise plan that includes 50 members.
New Synopsys Report Reveals Application Security Automation Soars
Today, Synopsys released BSIMM14, the latest iteration of its annual Building Security In Maturity Model (BSIMM) report. This comprehensive analysis delves into the software security practices of 130 organisations, encompassing leading companies across v
Over 80% of IT Leaders Want to Move Their On-Prem PAM Solution to the Cloud
A new report by zero-trust and zero-knowledge cybersecurity software providers Keeper Security has found that over 80% of IT leaders (82%) want to move their on-premises Privilege Access Management (PAM) solution to the Cloud. The findings were outlined
Centripetal Announces Partnership With Tiger to Provide Cybersecurity Innovation to the UK Market
Today, intelligence powered cybersecurity pros Centripetal have announced that their patented cybersecurity threat solution is available for the first time ever across the UK as a result of its strategic partnership with Tiger. Centripetal’s innovative t
1960s chatbot ELIZA beat OpenAI’s GPT-3.5 in a recent Turing test study
AI chatbot deception paper suggests that some bots (and people) aren't very persuasive.
Broadcom cuts at least 2,800 VMware jobs following $69 billion acquisition
Broadcom hasn't said how many people will be affected, or much of anything else.
Google bins inactive accounts
Today marks the day when Google makes good on its new policy to reserve the right to delete inactive accounts after two years of inactivity. The company defines activity as “actions you take when you sign in or while you’re signed in to your Google Accou
ChatGPT is one year old. Here’s how it changed the tech world.
Examining 365 days with OpenAI's bot: The good, the bad, the ugly—and the productive?
Sam Altman officially back as OpenAI CEO: “We didn’t lose a single employee”
Altman forgives Sutskever; Microsoft will serve observer role on new OpenAI board.
How Huawei made a cutting-edge chip in China and surprised the US
China's flagship smartphone maker pulled off the feat despite sanctions.
2 municipal water facilities report falling to hackers in separate breaches
The facilities in Pennsylvania and Texas serve more than 2 million residents.
Stable Diffusion XL Turbo can generate AI images as fast as you can type
Even at home, SDXL Turbo can create detailed images with startling speed.
Amazon unleashes Q, an AI assistant for the workplace
Aimed at the office, Amazon Q can summarize docs and assist with programming tasks.
Report: Apple and Goldman Sachs are breaking up over money-losing Apple Card
Goldman Sachs has lost billions of dollars on its consumer-focused businesses.
ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation
Easy-to-exploit flaw can give hackers passwords and cryptographic keys to vulnerable servers.
Mother plucker: Steel fingers guided by AI pluck weeds rapidly and autonomously
AI applications like the Ekobot may help the people and the environment.
Hackers spent 2+ years looting secrets of chipmaker NXP before being detected
Chipmaker claims breach had no "material adverse effect."
New “Stable Video Diffusion” AI model can animate any still image
Given GPU and patience, SVD can turn any image into a 2-second video clip.
Amazon’s $195 thin clients are repurposed Fire TV Cubes
Amazon Workspaces Thin Client is a Fire TV Cube with different software.
40% of Cybersecurity Departments Want More Budget to Upskill Employees
According to a new Cyber Security Insights Report by S-RM, in 2023, the average cyber budgets grew to USD 27.10 million, up 3.1% from USD 26.30 million in 2022. S-RM’s research shows that senior IT professionals and their c-suites had anticipated a more
AI Receives £500 Million Funding in Finance Minister’s 2023 Autumn Statement
Jeremy Hunt, the Chancellor of the Exchequer for the UK, delivered his Autumn Statement of 2023 on November the 22nd to Parliament. In this statement, he outlined the government’s five economic priorities for the upcoming forecast period. These include r
Half of Cybersecurity Professionals Kept Awake By Workload Worries
According to research by the Chartered Institute of Information Security (CIISec), cybersecurity professionals report that the industry is “booming”, but 22% of staff report to work unsafe hours. This research, revealed in the Security Profes
Cyber Mindfulness Corner Company Spotlight: Pentest People
At the IT Security Guru we’re showcasing organisations that are passionate about making cybersecurity a healthier, more mindful industry. This week, Gemma Gilderdale, Head of People at Pentest People, spoke to the Gurus about Pentest People’s innov
Hack The Box Launches 5th Annual University CTF Competition
Fake Browser Updates Targeting Mac Systems With Infostealer
A pervasive ClearFake campaign targeting Windows systems with Atomic Stealer has expanded its social engineering scams to MacOS users, analysts warn.
Kiteworks' Maytech Acquisition Reaffirms Commitment to UK Market
Generative AI Takes on SIEM
IBM joins Crowdstrike and Microsoft is releasing AI models to cloud-native SIEM platforms.
Web Shells Gain Sophistication for Stealth, Persistence
A favorite post-exploitation tool continues to gain sophistication, with one recent example adding disguised log-in pages, credential stealing, and information gathering via services such as VirusTotal.
Qatar Cyber Agency Runs National Cyber Drills
Qatari organizations participate in cybersecurity exercises to hone their incident response plans and processes.
Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet
Internet scans show 7,000 devices may be vulnerable. The true number could be higher.
Researchers Undermine 'Windows Hello' on Lenovo, Dell, Surface Pro PCs
Biometric security on PCs isn't quite as bulletproof as you might think, as the line between sensors and host computers can be tampered with.
Mideast Oil & Gas Facilities Could Face Cyber-Related Energy Disruptions
The Israel-Gaza conflict could expose the region's oil and gas operations to renewed cyberattacks, with global ramifications.
Equal Pay Day: Women, Cybersecurity, and Money
Let’s talk about women – and money. Today (22nd November 2023) marks the day that women effectively stop being paid for the year. Stop being paid against their male counterparts for the same work that they do – for the rest of the year. Yes, the rest of
3 Ways to Stop Unauthorized Code From Running in Your Network
As organizations increasingly rely on AI-developed code, they must put guardrails in place to prevent major cybersecurity risks related to malicious code.
Idaho National Nuclear Lab Targeted in Major Data Breach
The laboratory operates a major test reactor, tests advanced nuclear energy concepts, and conducts research involving hydrogen production and bioenergy.
Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack
The actor behind the high-profile MGM incident jumps across segmentations in under an hour, in a ransomware attack spanning Okta, Citrix, Azure, SharePoint, and more.
Rootkit Turns Kubernetes From Orchestration to Subversion
Kubernetes compromises have usually led to attackers creating cryptomining containers, but the outcomes could be much worse, say researchers presenting at the Black Hat Europe conference.
Employees breaking security policies just dangerous as being hacked, Kaspersky global study shows
Employee violations of an organisation’s information security policies are as dangerous as external hacker attacks according to a recent study from Kaspersky. In the last two years, 26% of cyber incidents in businesses occurred due to employees intention
The Persian Gulf's March to the Cloud Presents Global Opportunities
Loosening attitudes about cloud security are expected to create a nearly $10 billion public cloud market in the Middle East by 2027.
Over Half of Organisations Are at Risk of Cyberattack Due to Exhausted and Stressed Staff
Today, new research from Adarma has revealed that organisations believe that they are at significant risk of cyberattacks due to stressed and exhausted staff. The report, entitled “A False Sense of Cybersecurity: How Feeling Safe Can Sabotage Your Busine
USB worm unleashed by Russian state hackers spreads worldwide
LitterDrifter's means of self-propagation are simple. So why is it spreading so widely?
The 7 Deadly Sins of Security Awareness Training
Stay away from using these tactics when trying to educate employees about risk.
Citrix Bleed Bug Inflicts Mounting Wounds, CISA Warns
Patch or isolate now: Organizations in every sector run the risk of hemorrhaging data as opportunistic attacks from LockBit ransomware and others grow.
AutoZone Files MOVEit Data Breach Notice With State of Maine
The company temporarily disabled the application and patched the vulnerability, though affected individuals should still remain vigilant.
DPRK Hackers Masquerade as Tech Recruiters, Job Seekers
No one has turned the job market into an attack surface quite like North Korea, which plays both sides for financial gain and, possibly, espionage.
Inside Job: Cyber Exec Admits to Hospital Hacks
Healthcare cyber services executive Vikas Singla admits to hobbling hospital operations, then using the incidents to try and gin up extra business.
Major Saudi University to Offer AI, Cybersecurity Studies
University of Jeddah partners with Resecurity to teach cybersecurity skills.
Kinsing Cyberattackers Target Apache ActiveMQ Flaw to Mine Crypto
Active exploit of the critical RCE flaw targets Linux systems to achieve full system compromise.
Cato Networks Named SASE Leader, Again
Today, Cato Networks, announced its recognition as a Leader in both the Frost Radar™: Global SASE, 2023 by Frost & Sullivan and the Market Radar: SASE 2023 by Omdia. “Once again, Cato Networks and our cloud-native SASE platform have been recognised b
Maximize Cybersecurity Returns: 5 Key Steps to Enhancing ROI
Cybersecurity isn't a one-time task. It's an ongoing effort that needs regular checks, updates, and teamwork.
AI Helps Uncover Russian State-Sponsored Disinformation in Hungary
Researchers used machine learning to analyze Hungarian media reports and found Russian narratives soured the nation's perspective on EU sanctions and arms deliveries months before the Ukraine invasion.
Lookout Alerts U.S. Employees and Businesses of Significant Phishing Threat This Week
This week, Lookout, Inc., is warning employees and businesses that phishing attacks across enterprise and personal devices are expected to more than double this week, based on historical data. With more corporate data residing in the cloud today and an i
95% of OpenAI employees have threatened to quit in standoff with board
OpenAI's future hangs in the balance as staff says they'll join former CEO at Microsoft.
Proof of Concept Exploit Publicly Available for Critical Windows SmartScreen Flaw
Threat actors were actively exploiting CVE-2023-36025 before Microsoft patched it in November.
What Healthcare Cybersecurity Leaders Should Know About the FDA's Section 524B Guidelines
New cybersecurity regulations from the FDA outline specific steps that medical device companies must take in order to get their devices approved for market.
Lasso Security Emerges From Stealth With $6M Seed Funding for Gen AI and Advanced LLM Cybersecurity
Malware Uses Trigonometry to Track Mouse Strokes
The latest LummaC2 infostealer version includes a novel anti-sandbox trick to avoid detonating when no human mouse movements are detected.
GenAI Requires New, Intelligent Defenses
Understanding the risks of generative AI and the specific defenses to build to mitigate those risks is vital for effective business and public use of GenAI.
Amid Military Buildup, China Deploys Mustang Panda in the Philippines
China pairs cyber and kinetic attacks in the South Pacific as it continues to wrangle control of the South China Sea.
CISA Launches Pilot Program to Address Critical Infrastructure Threats
CISA expects to extend this program to include up to 100 critical infrastructure entities in its first year.
Exploited Vulnerabilities Can Take Months to Make KEV List
The Known Exploited Vulnerabilities (KEV) catalog is a high-quality source of information on software flaws being exploited in the wild, but updates are often delayed, which means companies need other sources of threat intelligence.
Enterprise Generative AI Enters Its Citizen Development Era
Business users are building Copilots and GPTs with enterprise data. What can security teams do about it?
Saudi Arabia Arms Public Sector With Google Cloud Services
Chronicle CyberShield will be offered as a managed service with security monitoring and Mandiant incident response included.
OpenAI employees revolt after board names new CEO; Altman may head to Microsoft
Ilya Sutskever announces regret; 700+ OpenAI employees sign letter asking board to resign.
How the Evolving Role of the CISO Impacts Cybersecurity Startups
CISOs and vendors must work together to keep up with emerging threats and find solutions, says a group of CISOs and security entrepreneurs.
LummaC2 Stealer’s New Anti-Sandbox Technique? Trigonometry
New research by Outpost24 has revealed that malware developers are using sandbox evasion techniques to avoid exposing malicious behaviour inside a sandbox where malware is analysed by security researches. Outpost24’s threat intelligence team, KrakenLabs,
Recognising Scam Patterns and Preventing Data Loss: A Unified Approach
Cybersecurity professionals stand on the frontlines, ever-vigilant against an increasing tide of cyber threats. From protecting sensitive corporate data to safeguarding our personal information, the battle against cybercrime is ongoing. In today’s
Understanding the UK government’s new cybersecurity regime, GovAssure
With the ever-growing threat of cyberattacks on the UK government and Critical National Infrastructure cyber safety matters more than ever. With the rising tide of ever-resent threat in mind, GovAssure was launched by the UK government in April 2023. It&
Leveraging Sandbox and Threat Intelligence Feeds to Combat Cyber Threats
Combining a malware sandbox with threat intelligence feeds improves security detection, analysis, and response capabilities.
A Detection and Response Benchmark Designed for the Cloud
Does your security operation center's performance meet the 5/5/5 benchmark for cloud threat detection and incident response?
Sam Altman reportedly in talks for potential return as OpenAI CEO
Altman's unpopular firing may be undone—if a deal can be worked out.
OpenAI board attempts to hit “Ctrl-Z” in talks with Altman to return as CEO
Cleared of malfeasance, Altman's unpopular firing may be undone—if he's interested.
The FCC says new rules will curb SIM swapping. I’m pessimistic
SIM swaps and port-out scams are a fact of life. New rules aren't likely to change that.
Details emerge of surprise board coup that ousted CEO Sam Altman at OpenAI
Microsoft CEO "furious"; OpenAI President and 3 researchers resign. COO says "No malfeasance."
OpenAI President Greg Brockman quits as shocked employees hold all-hands meeting
Details emerge in Sam Altman firing, which blindsided Microsoft and investors.
Hackers Weaponize SEC Disclosure Rules Against Corporate Targets
Ransomware group BlackCat/ALPHV files SEC complaint against its latest victim, putting an audacious new twist on cyber extortion tactics.
VicOne and Block Harbor Deliver Integrated Workflow-Based Cybersecurity System
CompTIA Advises Retailers to Check their Cybersecurity Preparedness Ahead of the Holiday Shopping Season
British Library Confirms Ransomware Attack Caused Outages
The library said that it expects many of its services to be restored in the forthcoming weeks.
Scattered Spider Casino Hackers Evade Arrest in Plain Sight
The feds seem to know all about the hacking group brazenly breaking into corporate networks; so why are enterprise teams left on their own to stop their cybercrimes?
Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyberattacks
For several years operators at New Delhi-based Appin hacked into, spied on, and stole data from targets around the world for clients that included private investigators, government agencies, law enforcement, and others.
Actions to Take to Defeat Initial Access Brokers
Initial access brokers (IAB) are often difficult to track. This Tech Tip spells out some countermeasures enterprises need to defend against stolen credentials.
“Hallucinating” AI models help coin Cambridge Dictionary’s word of the year
Cambridge: "When an artificial intelligence hallucinates, it produces false information."
Hands Off the Security Budget! Find Efficiencies to Reduce Risk
Security budgets will benefit from new priorities, streamlined responses rather than wholesale cost-cutting in light of cyberattacks and increased regulatory requirements.
Can bcrypt Passwords Be Cracked?
Specops Software, an Outpost24 company, have released new research about bcrypt-passwords – and how easy (or not) they are to crack. This research follows previously released data on how long it takes attackers to brute force MD5 hashed user passwords wi
Detection & Response That Scales: A 4-Pronged Approach
Building a resilient incident response team requires more than a simple combination of tools and on-call rotations.
IT Pros Worry That Generative AI Will Be a Major Driver of Cybersecurity Threats
Organizations are concerned about generative AI technologies as being a major driver of cybersecurity threats in 2024.
Ransomware group reports victim it breached to SEC regulators
Group tells SEC that the victim is in violation for not reporting it was hacked.
“Make It Real” AI prototype wows devs by turning drawings into working software
Designer: "I think I need to go lie down."
Dangerous Apache ActiveMQ Exploit Allows Stealthy EDR Bypass
There's no time to waste: For organizations on the fence about patching the critical bug in ActiveMQ, the new proof-of-concept exploit should push them towards action.
Unauthorized “David Attenborough” AI clone narrates developer’s life, goes viral
"We observe the sophisticated Homo sapiens engaging in the ritual of hydration."
'CacheWarp' AMD VM Bug Opens the Door to Privilege Escalation
Academics in Germany figured out how to reverse time in AMD virtualization environments, then reap the spoils.
No Bing, no Edge, no upselling: De-crufted Windows 11 coming to Europe soon
Some changes will arrive for non-EU users, too, but not the easy removals.
Consumer Software Security Assessment: Should We Follow NHTSA's Lead?
Vehicles are required to meet basic safety standards. Having similar requirements for software would give consumers greater control over their privacy and security.
Unpatched Critical Vulnerabilities Open AI Models to Takeover
The security holes can allow server takeover, information theft, model poisoning, and more.
The “Windows App” for Mac, iOS, and browsers is a fancy remote desktop, for now
Microsoft wants you in Windows, whether you're on iPad, Android, or Chrome OS.
'Randstorm' Bug: Millions of Crypto Wallets Open to Theft
Cybersecurity Investment Involves More Than Just Technology
Cybersecurity investment involves more than just buying security technologies — organizations are also looking at threat intelligence, risk assessment, cyber-insurance, and third-party risk management.
source : arstechnica, darkreading, itsecurityguru