CyberSecure Specialist

22 Jun

Opaque Systems releases new data security, privacy-preserving features for LLMs

Data Breaches, Malware, Social Engineering

Opaque Systems has announced new features in its confidential computing platform to protect the confidentiality of organizational data during large language model (LLM) use. Through new privacy-preserving generative AI and zero-trust data clean rooms (DCRs) optimized for Microsoft Azure confidential computing, Opaque said it also now enables organizations to securely analyze their combined confidential data without sharing or revealing the underlying raw data. Meanwhile, broader support for confidential AI use cases provides safeguards for machine…

Read More
22 Jun

SSDF and IoT Cybersecurity Guidance: Building Blocks for IoT Product Security

Insights

Credit: Shutterstock NIST’s IoT cybersecurity guidance has long recognized the importance of secure software development (SSDF) practices, highlighted by the NIST IR 8259 series—such as the recommendation for documentation in Action 3.d of NIST IR 8259B, that manufacturers have considered and documented their “secure software development and supply chain practices used.” The NIST SSDF (NIST SP 800-218) describes software development practices that can aid manufacturers in developing IoT products by providing guidance for the secure…

Read More
22 Jun

RangeForce launches Defense Readiness Index to measure businesses’ cybersecurity capabilities

Data Breaches, Malware, Social Engineering

Cyber defense upskilling company RangeForce has announced the release of the Defense Readiness Index (DRI) to enable companies to measure and improve their cybersecurity capabilities. Integrated into RangeForce’s Threat Centric platform and mapped to both the MITRE ATT&CK and D3FEND frameworks, the DRI scores an organization’s readiness to respond to cyberattacks, the firm said in a press release. It also provides cybersecurity upskilling rooted in United States Department of Defense and NATO training to help…

Read More
22 Jun

Apple patches exploits used in spy campaign ‘Operation Triangulation’

Data Breaches, Malware, Social Engineering

Apple has shipped patches for the remote code execution (RCE) vulnerabilities in iOS that have already been exploited in the wild under the digital spy campaign, dubbed Operation Triangulation. The campaign used two zero-click iMessage exploits and compromises without any user interactions based on a pair of bugs respectively in the kernel and Webkit. Apple has attributed the discovery of these vulnerabilities to Kaspersky Lab just two weeks after the Russian cybersecurity firm reported discovering…

Read More
22 Jun

Silobreaker unveils new geopolitical cyber threat intelligence capabilities

Data Breaches, Malware, Social Engineering

Security and threat intelligence company Silobreaker has announced new geopolitical threat intelligence capabilities with RANE (Risk Assistance Network + Exchange). The tie-up will see Silobreaker integrate global risk intelligence company RANE’s enterprise geopolitical intelligence into its own platform, providing cyber threat intelligence teams with real-time information about world events that could heighten the risk of cyberattacks. The integration, announced at Infosecurity Europe 2023 in London, will provide context into highly complex, interconnected events, allowing teams…

Read More
22 Jun

Hybrid Microsoft network/cloud legacy settings may impact your future security posture

Data Breaches, Malware, Social Engineering

Once upon a time, the boundary that I worried about and considered that I was responsible for stopped at my Active Directory domain and at the firewall that protected it. Then the boundary of my network moved from the computers under my control to the internet and the connected devices and cloud applications that I now have access to and am linked into. We went from where the stakeholders of the firm were resistant to…

Read More
21 Jun

Going on vacation soon? Stay one step ahead of travel scammers

Information

From bogus free trips to fake rental homes, here are some of the most common online threats you should look out for both before and during your travels As the mercury rises and we look forward to vacationing in sunnier climbs, it’s also time to keep one eye peeled for internet scams and cyberthreats. Travel fraud is one of the biggest money-makers for cybercriminals. In 2022 alone, over 62,400 victim reports were filed with the…

Read More
21 Jun

“The Ransomware Documentary” – brand new video series from Sophos starting now!

Information

by Matt Fairbanks Ransomware – as readers here know only too well – is one of the biggest cybercrime challenges we collectively face today. That’s why Sophos has recently visited cities around the globe to dive deep into the real story behind ransomware. We captured more than 100 hours of interviews with cybercriminals, cybersecurity experts, industry analysts, and policy makers to provide a full 360-degree perspective. The result is Think You Know Ransomware?, a three-part…

Read More
21 Jun

Beware bad passwords as attackers co-opt Linux servers into cybercrime

Information, Malware

by Paul Ducklin Researchers at Korean anti-malware business AhnLab are warning about an old-school attack that they say they’re seeing a lot of these days, where cybercriminals guess their way into Linux shell servers and use them as jumping-off points for further attacks, often against innocent third parties. The payloads unleashed by this crew of otherwise unsophisticated crooks could not only cost you money through unexpected electricity bills, but also tarnish your reputation by leaving…

Read More