Category: AI in news
Join me and Metomic CEO Richard Vibert for a discussion about some of the cybersecurity challenges faced by the financial services industry, and how you can best protect your organisations. In a webinar entitled “Fortifying financial services: mastering data security in the digital age”, we will be: describing the diverse threat landscape – I’ve got…
Read MoreUpcoming Speaking Engagements This is a current list of where and when I am scheduled to speak: The list is maintained on this page. Posted on February 14, 2024 at 12:01 PM • 0 Comments Sidebar photo of Bruce Schneier by Joe MacInnis. Source link ddde ddde ddde ddde ddde ddde ddde ddde ddde ddde…
Read MoreThe Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence, which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade’s worth of its internal email — and that of thousands of…
Read MoreEmerald Sleet (Thallium) Emerald Sleet — a North Korean threat actor that relies on spear-phishing emails to compromise and gather intelligence on prominent North Koreans — has used LLMs to understand publicly known vulnerabilities, to troubleshoot technical issues, and for assistance with using various web technologies. The report found that Emerald Sleet used LLM-assisted vulnerability…
Read MoreOverall, 80% of all active applications were detected to have unresolved flaws using Veracode’s SAST, DAST, and SCA scans, while this was 73% for SAST-only scans which consider issues specifically in the development phase of the applications. Flaws detected in third-party, open-source components were on par with those detected in first-party codes. In fact, 63.4%…
Read MoreImproving the Cryptanalysis of Lattice-Based Public-Key Algorithms The winner of the Best Paper Award at Crypto this year was a significant improvement to lattice-based cryptanalysis. This is important, because a bunch of NIST’s post-quantum options base their security on lattice problems. I worry about standardizing on post-quantum algorithms too quickly. We are still learning a…
Read MoreFeb 14, 2024NewsroomMalware / Cybercrime The infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new phishing campaign observed in February 2024. Enterprise security firm Proofpoint said the activity targets organizations in the U.S. with voicemail-themed lures containing links to OneDrive URLs. “The URLs…
Read MoreThe Varta Group was the target of a cyberattack on parts of its IT systems on the night of Feb. 12, the battery manufacturer has announced. Five production plants and the company’s administration were affected. “The IT systems and thus also production were proactively shut down temporarily for security reasons and disconnected from the internet,”…
Read MoreFeb 14, 2024NewsroomZero-Day / Financial Sector Security A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra (aka DarkCasino) targeting financial market traders. Trend Micro, which began tracking the campaign in late December 2023, said it entails the exploitation of…
Read MoreFor decades, the financial sector and other industries have relied on an authentication mechanism dubbed “know your customer” (KYC), a process that confirms a person’s identity when opening account and then periodically confirming that identity overtime. KYC typically involves a potential customer providing a variety of documents to prove that they are who they claim…
Read More