CyberSecure Specialist

14 Aug

Diligere, Equity-Invest Are New Firms of U.K. Con Man

Information, Insights

John Clifton Davies, a convicted fraudster estimated to have bilked dozens of technology startups out of more than $30 million through phony investment schemes, has a brand new pair of scam companies that are busy dashing startup dreams: A fake investment firm called Equity-Invest[.]ch, and Diligere[.]co.uk, a scam due diligence company that Equity-Invest insists all investment partners use. A native of the United Kingdom, Mr. Davies absconded from justice before being convicted on multiple counts…

Read More
14 Aug

Colorado Health Agency Says 4 Million Impacted by MOVEit Hack

Data Breaches, Information, News

The Colorado Department of Health Care Policy and Financing (HCPF) has revealed that the personal information of millions of individuals was compromised in a data breach resulting from the recent MOVEit cyberattack. On Friday, HCPF informed the Maine Attorney General’s office that it has started informing close to 4.1 million individuals that their personal information might have been compromised in the incident. In a sample notification letter submitted to authorities, HCPF revealed that, on May…

Read More
13 Aug

Don’t Expect Quick Fixes in ‘Red-Teaming’ of AI Models. Security Was an Afterthought

Information, News

White House officials concerned by AI chatbots’ potential for societal harm and the Silicon Valley powerhouses rushing them to market are heavily invested in a three-day competition ending Sunday at the DefCon hacker convention in Las Vegas. Some 2,200 competitors tapped on laptops seeking to expose flaws in eight leading large-language models representative of technology’s next big thing. But don’t expect quick results from this first-ever independent “red-teaming” of multiple models. Findings won’t be made…

Read More
11 Aug

In Other News: macOS Security Reports, Keyboard Spying, VPN Vulnerabilities

Information, News

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More
11 Aug

Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying

Information, News

Over a dozen vulnerabilities discovered by Microsoft researchers in Codesys products can be exploited to cause disruption to industrial processes or deploy backdoors that allow the theft of sensitive information. Germany-based Codesys makes automation software for engineering control systems. Its products are used by some of the world’s largest industrial control system (ICS) manufacturers, the vendor claiming that its software is found in millions of devices — roughly 1,000 different types of products made by…

Read More
11 Aug

S3 Ep147: What if you type in your password during a meeting?

Information

by Paul Ducklin SNOOPING ON MEMORY, KEYSTROKES AND CRYPTOCOINS No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG.  Crocodilian cryptocrime, the BWAIN streak continues, and a reason to…

Read More
10 Aug

Check Point to Acquire SASE Security Firm Perimeter 81 for $490 Million

Information, News

Network security giant Check Point Software (NASDAQ: CHKP) on Thursday said it has agreed to acquire Secure Access Service Edge (SASE) and Zero Trust Network Access (ZTNA) solutions provider Perimeter 81 for roughly $490 million in “cash free, debt free” deal. Perimeter 81 launched in 2018 and offers a platform that helps businesses to secure remote access, network traffic, and endpoint devices with its cloud-delivered Zero Trust Network Access, Firewall as a Service, and Secure Web Gateway (SWG) offerings.…

Read More
10 Aug

Microsoft Patch Tuesday: 74 CVEs plus 2 “Exploit Detected” advisories

Information

by Paul Ducklin The August 2023 Microsoft security updates are out (the first day of the month was a Tuesday, making this month’s Patch Tuesday as early as ever it can be), with 74 CVE-numbered bugs fixed. Intriguingly, if not confusingly, Microsoft’s offical bug listing page is topped by two special items dubbed Exploitation Detected. That terminology is Microsoft’s usual euphemistic reworking of the word zero-day, typically denoting bugs that were first found and exploited…

Read More
09 Aug

White House Offers Prize Money for Hacker-Thwarting AI

Information, News

The White House on Wednesday launched a competition offering millions of dollars in prize money for creating new artificial intelligence systems that can defend critical software from hackers. Competitors vying for some of the $18.5 million in prize money will need to design novel AI systems that quickly find and fix software vulnerabilities in electric grids, subways or other key networks that could be exploited by hackers, President Joe Biden’s administration said. “This competition will…

Read More