AI's rapid development is a security disaster waiting to happen
No matter how you look at it, AI is currently booming. The AI market is on track to reach $407 billion by 2027 (compared to $86.9 billion in 2024). Last year, ChatGPT became the fastest-growing consumer application in history when it reached 100 million monthly active users just two months post launch. McKinsey declared 2023 as Generative AI’s breakout year, and a follow-up 2024 survey found that the percentage of organizations using Generative AI jumped from approximately 50 percent to 72 percent from 2023 and 2024. Meanwhile, a culture shift within tech and business has accelerated AI adoption seemingly overnight.
Long before Generative AI entered the scene, tech C-suites were concerned about being left behind. AI’s disruptive potential has only exacerbated this. Companies with the bandwidth to do so are developing their own AI systems or converting existing ones over to AI. Such behavior is motivated primarily by reputation management. No major player wants to look like they were left behind as their competitors innovated to newer heights.
Pool your cybersecurity resources to build the perfect security ecosystem
Cybersecurity has never been something to set once and leave running in the background -- it is a constantly evolving landscape. While the migration of data and applications to the cloud provides numerous business benefits, many organisations struggle to secure their networks against rapidly changing cyber threats. Ransomware attackers have understood the value of targeting smaller organisations and tailoring attacks to take advantage of businesses they believe will pay up immediately (and often with the backing of cyber insurance) rather than invest in defences.
Tight security for data and resources is now the difference between operations running smoothly or being disrupted to the point that businesses are forced to close entirely. But how can SMBs achieve comprehensive security management and threat intelligence on a budget? Partnerships and alliances provide the solution.
Get 'Cybersecurity For Dummies, 2nd Edition' FREE for a limited time
Every day it seems we read another story about one company or another being targeted by cybercriminals. It makes some of us wonder: am I safe online? The good news is that we can all be cybersecure -- and it doesn’t take a degree in computer science to make it happen!
Cybersecurity For Dummies is the down-to-earth guide you need to secure your own data (and your company’s, too).
Microsoft reveals Office security flaw that has not yet been patched
Various versions of Microsoft Office have a serious security vulnerability which could expose sensitive data to an attacker. Worryingly, while disclosing the flaw, Microsoft has also conceded that there is no patch available.
The issue is being tracked as CVE-2024-38200 and it affects a variety of edition of the office suite -- namely the 32- and 64-bit versions of Microsoft Office 2016, Microsoft Office 2019, Microsoft Office LTSC 2021, and Microsoft 365 Apps for Enterprise. While there is no fix available right now, one is expected in the coming days.
Devs beware: Apple announces Gatekeeper security enhancements in macOS Sequoia
Working much like Microsoft's Smart App Control tool that is part of Windows, Apple has Gatekeeper for macOS. It is a security feature which is designed to ensure that only trusted software runs on a user's Mac.
In the upcoming macOS Sequoia, Gatekeeper is being updated to help boost security. While this runtime protection change may be welcomed by many, the approach Apple has taken is also likely to irritate some users as it makes it more awkward to run unsigned software.
Security firm warns that 'design weaknesses' in Windows Smart App Control mean it can be easily bypassed
Smart App Control is just one of various security features Microsoft has built into Windows 11. But while many users place faith in the tool to block malicious apps, Elastic Security Labs warns that it is fundamentally flawed.
The company says that Windows Smart App Control and its predecessor SmartScreen "have several design weaknesses that allow attackers to gain initial access with no security warnings or popups". In an investigatory report, Elastic Security Labs details numerous types of attack that can be used to bypass Windows Smart Control as well as revealing a bug in the handling of .lnk files which can be used to get around security.
Get 'Security-Driven Software Development' (worth $30.99) for FREE
Perfect for any programmer or developer working on mission-critical applications, this hands-on guide, Security-Driven Software Development, helps you adopt secure software development practices.
Explore core concepts like security specification, modeling, and threat mitigation with the iterative approach of this book that allows you to trace security requirements through each phase of software development. You won’t stop at the basics; you’ll delve into multiple-layer attacks and develop the mindset to prevent them.
Get 'Deep Learning Approaches to Cloud Security' (worth $190) for FREE
Covering one of the most important subjects to our society today, Deep Learning Approaches to Cloud Security delves into solutions taken from evolving deep learning approaches, solutions allowing computers to learn from experience and understand the world in terms of a hierarchy of concepts, with each concept defined through its relation to simpler concepts.
Deep learning is the fastest growing field in computer science. Deep learning algorithms and techniques are found to be useful in different areas like automatic machine translation, automatic handwriting generation, visual recognition, fraud detection, and detecting developmental delay in children. However, applying deep learning techniques or algorithms successfully in these areas needs a concerted effort, fostering integrative research between experts ranging from diverse disciplines from data science to visualization.
Google issues apology for Chrome flaw that broke its password manager
Google has apologized for a Chrome problem that resulted in millions of users being unable to use the browser's password manger.
The issue meant that affected users were not able to access saved passwords for the majority of a day. In issuing its apology, Google explains that a faulty update for the M127 version of Chrome for Windows was to blame, noting that the problem hit users globally.
Four ways relentless hybrid attackers are targeting their prey
One way to understand the mind of hybrid attackers is to compare their behavior to the animal kingdom. They are predators using a relentless arsenal of tactics to hunt their prey across a large domain. Threat actors are the honey badger. A snake bite or a few bee stings might delay their attack for a moment, but they’ll find a way to take down the entire hive and satisfy their appetite.
But what is a hybrid attack? Today, all cyberattacks are hybrid. Every enterprise uses a mix of on-premises and cloud services, and the number of services used is rising. In fact, employees now use an average of 20 cloud and SaaS apps every month. Despite enterprises having every preventative measure in place, attackers are using this widening attack surface to their advantage. They can start with anyone or anything they can access, no matter how small, before moving at speed to extend their access and disrupt business operations at scale. Some of the most common traits that make stopping hybrid attacks difficult are how they bypass prevention, compromise identities, elevate and hide in privileges to move laterally across domains -- often at high speed.
Securing the unknown: Future-proof cyber security
A recent article from Harvard Business Review explores the mindset of today’s cyber hackers and explains why effective cybersecurity has become so challenging by outlining the three traits shared by every successful hacker: creativity, speed, and resourcefulness. Hackers who can successfully leverage these traits are able to assault a company’s defenses with an ever-evolving barrage of novel and impactful attacks.
Thus, to remain secure, companies must be prepared for the unknown. Today’s threat landscape includes tried-and-true attacks -- phishing, social engineering, and DoS attacks -- as well as innovative strategies driven by creativity, speed, and resourcefulness. The latter are designed to exploit weaknesses before companies discover they exist. The following approaches to cybersecurity can help companies develop a future-proof framework that anticipates and addresses hidden threats.
Six steps to protecting data in financial services companies
There is no shortage of news headlines about companies falling victim to cyber breaches and the astounding costs associated with them. According to the IBM Cost of a Data Breach Report 2023, the global average cost of a data breach in 2023 was $4.45 million, a 15 percent increase since 2020. For the financial services industry, the cost is even higher at $5.9 million per breach; that is 28 percent above the global average.
In addition to the higher price tag associated with a cyber breach, companies within the financial industry must also adhere to evolving compliance regulations that dictate how they respond to an attack and where they must invest to reduce the total risk.
A technical overview of Cisco IoT part 3: Security essentials & industrial applications
Following the second installment of this Cisco IoT series regarding IoT networking and security supported by Cisco's innovative hardware offerings, this next discussion explores related key topics that are essential for understanding and implementing IoT solutions effectively.
This comprehensive overview will cover critical aspects such as IoT security, operational technology visibility, and industry-specific use cases. By examining these elements, readers will gain a clearer picture of how Cisco's advanced IoT solutions can enhance security, improve operational efficiency, and drive business innovation across various sectors.
Source code: The source of truth for securing the API attack surface
Most organizations find themselves in the midst of their API security journey, racing to keep pace with expanding API ecosystems in a colossal threat landscape. As a core enabler of modern applications, facilitating seamless connectivity and powering mobile and web applications, APIs are everywhere. The DevOps revolution has completely transformed the pace at which developers can design and build APIs faster than a security team can match.
Large enterprises are operating with tens of thousands of APIs, and even small organizations have a surprising number, both internal and external. With applications and API portfolios becoming increasingly complex, maintaining a comprehensive understanding of all existing APIs has emerged as a significant hurdle. As APIs can quickly become obscured or forgotten, many organizations lack accurate context into the sheer scale and volume of APIs that persist across their infrastructure -- subsequently resulting in the absence of a full picture of their attack surface. As one cannot secure what they cannot see, the absence of discovery mechanisms opens organizations to a host of security risks. That is why API discovery is now a crucial process for security teams, designed to identify, catalog, and assess APIs.
Resurrecting Internet Explorer -- the nasty threat impacting potentially millions of Windows 10 and 11 users
Check Point Research (CPR) has identified a critical zero-day spoofing attack exploiting Microsoft Internet Explorer on modern Windows 10/11 systems, despite the browser's retirement.
Identified as CVE-2024-38112, this vulnerability allows attackers to execute remote code by tricking users into opening malicious Internet Shortcut (.url) files. This attack method has been active for over a year and could potentially impact millions.
Recent Headlines
Most Commented Stories
Windows 12.1 is everything Windows 11 should be -- and the Microsoft operating system we need!
Apple Intelligence will launch in beta and that’s unacceptable for a trillion-dollar company
© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.