Information

11 Aug

Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying

Information, News

Over a dozen vulnerabilities discovered by Microsoft researchers in Codesys products can be exploited to cause disruption to industrial processes or deploy backdoors that allow the theft of sensitive information. Germany-based Codesys makes automation software for engineering control systems. Its products are used by some of the world’s largest industrial control system (ICS) manufacturers, the vendor claiming that its software is found in millions of devices — roughly 1,000 different types of products made by…

Read More
11 Aug

S3 Ep147: What if you type in your password during a meeting?

Information

by Paul Ducklin SNOOPING ON MEMORY, KEYSTROKES AND CRYPTOCOINS No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG.  Crocodilian cryptocrime, the BWAIN streak continues, and a reason to…

Read More
10 Aug

Check Point to Acquire SASE Security Firm Perimeter 81 for $490 Million

Information, News

Network security giant Check Point Software (NASDAQ: CHKP) on Thursday said it has agreed to acquire Secure Access Service Edge (SASE) and Zero Trust Network Access (ZTNA) solutions provider Perimeter 81 for roughly $490 million in “cash free, debt free” deal. Perimeter 81 launched in 2018 and offers a platform that helps businesses to secure remote access, network traffic, and endpoint devices with its cloud-delivered Zero Trust Network Access, Firewall as a Service, and Secure Web Gateway (SWG) offerings.…

Read More
10 Aug

Microsoft Patch Tuesday: 74 CVEs plus 2 “Exploit Detected” advisories

Information

by Paul Ducklin The August 2023 Microsoft security updates are out (the first day of the month was a Tuesday, making this month’s Patch Tuesday as early as ever it can be), with 74 CVE-numbered bugs fixed. Intriguingly, if not confusingly, Microsoft’s offical bug listing page is topped by two special items dubbed Exploitation Detected. That terminology is Microsoft’s usual euphemistic reworking of the word zero-day, typically denoting bugs that were first found and exploited…

Read More
09 Aug

White House Offers Prize Money for Hacker-Thwarting AI

Information, News

The White House on Wednesday launched a competition offering millions of dollars in prize money for creating new artificial intelligence systems that can defend critical software from hackers. Competitors vying for some of the $18.5 million in prize money will need to design novel AI systems that quickly find and fix software vulnerabilities in electric grids, subways or other key networks that could be exploited by hackers, President Joe Biden’s administration said. “This competition will…

Read More
09 Aug

Serious Security: Why learning to touch-type could protect you from audio snooping

Information

by Paul Ducklin Audio recordings are dangerously easy to make these days, whether by accident or by design. You could end up with your own permanent copy of something you thought you were discussing privately, preserved indefinitely in an uninterestingly-named file on your phone or laptop, thanks to hitting “Record” by mistake. Someone else could end up with a permanent transcript of something you didn’t want preserved at all, thanks to them hitting “Record” on…

Read More
08 Aug

Rapid7 Announces Layoffs, Office Closings Under Restructuring Plan

Information, News

Rapid7 (NASDAQ: RPD) is the latest cybersecurity vendor to announce layoffs, with the Boston-based firm announcing a restructuring plan late Tuesday that will result in an 18% reduction in employee headcount. In total, approximately 500 employees could be impacted based on the roughly 2,700-person headcount at the end of 2022, with more than 700 people in its Boston headquarters. The company also said in and SEC filing that it would close certain office locations, but…

Read More
08 Aug

Microsoft Patch Tuesday, August 2023 Edition

Information, Insights

Microsoft Corp. today issued software updates to plug more than 70 security holes in its Windows operating systems and related products, including multiple zero-day vulnerabilities currently being exploited in the wild. Six of the flaws fixed today earned Microsoft’s “critical” rating, meaning malware or miscreants could use them to install software on a vulnerable Windows system without any help from users. Last month, Microsoft acknowledged a series of zero-day vulnerabilities in a variety of Microsoft…

Read More
08 Aug

Meet the Brains Behind the Malware-Friendly AI Chat Service ‘WormGPT’

Information, Insights

WormGPT, a private new chatbot service advertised as a way to use Artificial Intelligence (AI) to write malicious software without all the pesky prohibitions on such activity enforced by the likes of ChatGPT and Google Bard, has started adding restrictions of its own on how the service can be used. Faced with customers trying to use WormGPT to create ransomware and phishing scams, the 23-year-old Portuguese programmer who created the project now says his service…

Read More