Information

As all things (wrongly called) AI take the world’s biggest security event by storm, we round up of some of their most-touted use cases and applications Okay, so there’s this ChatGPT thing layered on top of AI – well, not really, it seems even the practitioners responsible for some of the most impressive machine learning (ML) based products don’t always stick to the basic terminology of their fields of expertise… At RSAC, the niceties of…

Read More

The importance of understanding – and prioritizing – the privacy and security implications of large language models like ChatGPT cannot be overstated Thousands of security professionals descended on San Francisco this week to attend RSA Conference, the world’s leading gathering of the security community. What was the hottest topic at the event? You guessed it – ChatGPT and large language models (LLMs) as such. But while these emerging technologies may have many benefits, they also…

Read More

A quick dive into the murky world of cyberespionage and other growing threats facing managed service providers – and their customers ESET telemetry from Q4 2022 saw the start of a new campaign by MuddyWater, a cyberespionage group linked to Iran’s Ministry of Intelligence and Security (MOIS) and active since at least 2017. The group (primarily) targets victims in the Middle East, Asia, Africa, Europe, and North America, focusing on telecommunications companies, governmental organizations, and…

Read More

by Paul Ducklin Apple’s AirTag system has famously been subjected to firmware hacking, used as a free low-bandwidth community radio network, and involved in a stalking incident that tragically ended in a murder charge. To be fair to Apple, the company has introduced various tricks and techniques to make AirTags harder for stalkers and criminals to exploit, given how given how easily the devices can be hidden in luggage, stuffed into the upholstery of a…

Read More

It’s all fun and games until someone gets hacked – here’s what to know about, and how to avoid, threats lurking on the social media juggernaut There are several tools or software applications that enable us to stay connected with our fellow teammates even during gameplay, with the best of them having a low impact on our network connection while allowing important elements like tap-to-talk or messaging capabilities. Discord is one of the online services…

Read More

Don’t torture people with exceedingly complex password composition rules but do blacklist commonly used passwords, plus other ways to help people help themselves – and your entire organization When engineer Bill Burr from the U.S. National Institute of Standards and Technology (NIST) wrote in 2003 what would soon become the world’s gold standard for password security, he advised people and organizations to protect their accounts by inventing long and ‘chaotic’ lines of characters, numbers, and…

Read More

The recent compromise of the networks of several companies via the abuse of a remote access tool used by MSPs exemplifies why state-aligned threat actors should be on the radars of IT service providers Managed service providers (MSPs) that don’t consider themselves targets for state-aligned threat actors may need to think again. While many people may associate advanced persistent threat (APT) groups with cyberespionage targeting only state agencies and large corporations, the fact is that…

Read More