Information

05 Jul

Infisical Snags $2.8M Seed Funding for Secrets Sprawl Security Tech

Information, News

Infisical, a San Francisco startup working on open-source technology to help organizations manage secrets sprawl, has banked $2.8 million in seed funding as investors continue to bet on early stage companies in the supply chain security space. Infisical’s seed round was led by Gradient Ventures, the Google-owned venture capital outfit.  The company said it also took on equity investments from Y Combinator, TwentyTwo VC, and a prominent list of prominent tech executives. The Silicon Valley…

Read More
05 Jul

Deepfaking it: What to know about deepfake‑driven sextortion schemes

Information

Criminals increasingly create deepfake nudes from people’s benign public photos in order to extort money from them, the FBI warns The U.S. Federal Bureau of Investigation (FBI) is warning about an increase in extortion campaigns where criminals tap into readily available artificial intelligence (AI) tools to create sexually explicit deepfakes from people’s innocent photos and then harass or blackmail them. According to its recent Public Service Announcement, the Bureau has received a growing number of…

Read More
05 Jul

Ghostscript bug could allow rogue documents to run system commands

Information

by Paul Ducklin Even if you haven’t heard of the venerable Ghostscript project, you may very well have used it without knowing. Alternatively, you may have it baked into a cloud service that you offer, or have it preinstalled and ready to go if you use a package-based software service such as a BSD or Linux distro, Homebrew on a Mac, or Chocolatey on Windows. Ghostscript is a free and open-source implementation of Adobe’s widely-used…

Read More
04 Jul

Verizon 2023 DBIR: What’s new this year and top takeaways for SMBs

Information

Here are some of the key insights on the evolving data breach landscape as revealed by Verizon’s analysis of more than 16,000 incidents Contrary to common perception, small and medium-sized businesses (SMBs) are often the target of cyberattacks. That’s understandable, as in the US and UK, they comprise over 99% of businesses, a majority of private sector jobs and around half of earnings. But if you’re an IT or business leader at a smaller organization,…

Read More
04 Jul

WordPress plugin lets users become admins – Patch early, patch often!

Information

by Paul Ducklin If you run a WordPress site with the Ultimate Members plugin installed, make sure you’ve updated it to the latest version. Over the weekend, the plugin’s creator published version 2.6.7, which is supposed to patch a serious security hole, described by user @softwaregeek on the WordPress support site as follows: A critical vulnerability in the plugin (CVE-2023-3460) allows an unauthenticated attacker to register as an administrator and take full control of the…

Read More
03 Jul

Who’s Behind the DomainNetworks Snail Mail Scam?

Information, Insights

If you’ve ever owned a domain name, the chances are good that at some point you’ve received a snail mail letter which appears to be a bill for a domain or website-related services. In reality, these misleading missives try to trick people into paying for useless services they never ordered, don’t need, and probably will never receive. Here’s a look at the most recent incarnation of this scam — DomainNetworks — and some clues about…

Read More
03 Jul

VMware, Other Tech Giants Announce Push for Confidential Computing Standards

Information, News

In conjunction with the 2023 Confidential Computing Summit last week, VMware announced a partnership with tech giants to accelerate the development of confidential computing applications. Confidential computing relies on a trusted execution environment that ensures the integrity and confidentiality of applications and data, even in the cloud and on third-party infrastructure. With the emergence of multi-cloud deployments and machine learning, confidential computing is expected to help protect intellectual property and sensitive data, but its adoption…

Read More
03 Jul

Apple, Civil Liberty Groups Condemn UK Online Safety Bill

Information, News

The latest variant of the crypto wars is happening now, with the UK and EU governments attempting to force backdoors into end-to-end encryption (E2EE). The war is law enforcement and government desire to prevent criminals ‘going dark’ through E2EE. The battlefield for liberal democracies is the EU (the Child Sexual Abuse Regulation) and the UK (the Online Safety Bill – OSB). The collateral damage could be every law abiding citizen – and the audience is…

Read More
01 Jul

Army Combat Veteran to Take Over Key Election Security Role Working With State, Local Officials

Information, News

An Army combat veteran with extensive cybersecurity and counterterrorism experience is taking over as one of the nation’s top election security officials, the director of the U.S. Cybersecurity Infrastructure Security Agency announced Friday. In the position, Cait Conley will coordinate with federal, state and local officials responsible for ensuring elections are secure ahead of the 2024 presidential election. CISA Director Jen Easterly said Conley’s national security experience made her “ideally suited to help those state…

Read More
01 Jul

The good, the bad and the ugly of AI – Week in security with Tony Anscombe

Information

The growing use of synthetic media and difficulties in distinguishing between real and fake content raises a slew of legal and ethical questions The news cycle is awash with articles about (what’s not always rightly called) artificial intelligence – some good, some bad, and some ugly. The fact that some individuals are using readily available new technology for turning people’s benign public photos into sexually explicit images, including into child sex abuse material, is clearly…

Read More