Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

Submission + - OpenAI CTO Says AI Systems Should "Absolutely" be Regulated (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: Mira Murati, CTO of ChatGPT creator OpenAI, says artificial general intelligence (AGI) systems should be "absolutely" be regulated. In a recent interview, Murati said the company is constantly talking with governments and regulators and other organizations to agree on some level of standards. "We’ve done some work on that in the past couple of years with large language model developers in aligning on some basic safety standards for deployment of these models," Murati said. "But I think a lot more needs to happen. Government regulators should certainly be very involved."

Submission + - Tesla Hacked Twice at Pwn2Own Exploit Contest (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: Researchers at French offensive hacking shop Synacktiv demonstrated a pair of successful exploit chains against Tesla’s newest electric car, and were able to “fully compromise” a new Tesla Model 3 vehicle. SecurityWeek sources say Tesla security response team was on site at the event and validated the findings. The company is expected to issue fixes via the vehicle’s self-updating system.

Submission + - Acer Confirms Breach After Hacker Offers to Sell Stolen Data (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: Electronics giant Acer confirmed getting hacked after a hacker offered to sell more than 2,800 files totaling 160 Gb allegedly stolen from the Acer's systems. The cybercriminal claims the files include confidential slides, staff manuals, confidential product documentation, binary files, information on backend infrastructure, disk images, replacement digital product keys, and BIOS-related information.

The hacker, who has a good reputation on the forum where the data was offered for sale, claimed the data was stolen in mid-February.

Submission + - White House Releases National Cybersecurity Strategy (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: The U.S. government released its widely anticipated National Cybersecurity Strategy on Tuesday, pushing mandatory regulation on critical infrastructure vendors and green-lighting a more aggressive ‘hack-back’ approach to dealing with foreign adversaries and ransomware actors. The federal government plans to use existing authorities to set “necessary cybersecurity requirements in critical sectors” and where there are legal gaps around authority, the White House plans to work with Congress to close them.

The strategy document (PDF) goes deeper, assigning the work to the FBI’s National Cyber Investigative Joint Task Force working in tandem with all relevant U.S. agencies. It said private companies will be “full partners” to issue early warnings and help repel cyberattacks.

Submission + - LastPass Says Home Computer of DevOps Engineer Was Hacked (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: Password management software firm LastPass says one of its DevOps engineers had a personal home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud storage resources. LastPass, which is owned by GoTo (formerly LogMeIn), originally disclosed the breach in August 2022 and warned that portions of its source code had been stolen.

Submission + - Quantum Computing and the Coming Cryptopocalypse (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption. Since public key encryption is used to secure almost all data in transit, both between separate IT infrastructures and even within individual infrastructures, that data will become accessible by anyone with a sufficiently powerful quantum computer. This is known as the cryptopocalypse. SecurityWeek examines the why, what, and how we need to prepare for that cryptopocalypse--which is coming, but still probably decades away.

Submission + - Hive Ransomware Operation Shut Down by Law Enforcement (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: The notorious Hive ransomware operation appears to have been shut down as part of a major law enforcement operation involving agencies in 10 countries. The US government reported in November 2022 that the Hive ransomware gang had hit more than 1,300 businesses and made an estimated $100 million in ransom payments.

News of the takedown comes as some reports show that cybercriminals earned significantly less from ransomware attacks in 2022 compared to 2021 as victims are increasingly refusing to pay ransom demands. On the other hand, the volume of attacks does not seem to have dropped, with thousands of companies being targeted last year and tens of thousands of malware strains used in attacks.

Submission + - Pelosi Sold $3 Million of Google Stock Weeks Before DOJ Launched Antitrust Probe (freebeacon.com)

Submitted by Anonymous Coward
An anonymous reader writes: Rep. Nancy Pelosi (D., Calif.) and her multimillionaire husband sold up to $3 million in shares of Google in recent weeks—just before the Biden Justice Department launched an antitrust probe of the tech giant.

Paul Pelosi sold 30,000 shares of Google from Dec. 20 to Dec. 28, according to a financial disclosure filing the former House speaker submitted to the House Ethics Committee. The Pelosis made an undisclosed profit from the investments, according to the filing.

The trade proved timely. On Monday, the Justice Department and attorneys general from eight states—including California—sued Google over its monopoly on the digital ad market. The lawsuit could force Google to break up its online ad business, which generated nearly $55 billion in revenue for the company in the most recent quarter. Google's stock has dropped around 6 percent since the Justice Department announced the lawsuit.

The trades are the latest in a string of questionable transactions for Paul and Nancy.

Submission + - Not so Fast--Microsoft Dismisses False Reports on End of Patch Tuesday (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: Microsoft has dismissed reports about June 14 being the last Patch Tuesday, as the rollout of the Windows Autopatch service seems to be causing some confusion. Several major cybersecurity companies and prominent security news publications caused confusion this week when they reported that June 14 was the final Patch Tuesday, describing it as “the last ever Patch Tuesday,” “the end of Patch Tuesday” and “the end of an era.”

That is not accurate. The rollout of Windows Autopatch does not mean there will no longer be Patch Tuesday updates, and Microsoft told SecurityWeek that the company will continue releasing security updates on the second Tuesday of the month.

Submission + - Can Elon Musk Spur Cybersecurity Innovation at Twitter? (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: Elon Musk’s sudden deal to buy Twitter has triggered optimism in some quarters that the mission to “authenticate all humans” and defeat spam bots will spur technology innovation at a company that has historically struggled with cybersecurity.

Musk’s stated mission to “authenticate all humans” and defeat the spam bots on Twitter could spur cybersecurity tech innovation around identity, multi-factor authentication and botnet detection. The question is, can Musk solve Twitter’s security woes?

Submission + - U.S. Warns New Sophisticated Malware Can Damage Critical Infrastructure (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: The U.S government is sounding a loud alarm after discovering new custom tools capable of full system compromise and disruption of ICS/SCADA devices and servers.

A joint advisory from the Department of Energy, CISA, NSA and the FBI warned that unidentified APT actors have created specialized tools capable of causing major damage to PLCs from Schneider Electric and OMRON Corp. and servers from open-source OPC Foundation.

Privately owned ICS security firm Dragos issued a separate notice documenting what is now the seventh known industrial control system (ICS)-specific malware. “[This] is a modular ICS attack framework that an adversary could leverage to cause disruption, degradation, and possibly even destruction depending on targets and the environment,” the company said.

Submission + - Twitter to Label Tweets Linking to Russian State Media (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: Twitter will put warnings on tweets sharing links to Russian state-affiliated media, the platform said Monday, as Kremlin-tied outlets are accused of spreading misinformation on Moscow's invasion of Ukraine. The news comes as Russian troops have launched a major assault on Ukraine and while their forces battle in the physical world for control over various cities and regions, a battle is also taking place in cyberspace with attacks and misinformation campaigns.

Submission + - Google: NSO's Zero-Click Exploit 'Most Technically Sophisticated Exploit Ever' (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: Security researchers at Google’s Project Zero have picked apart one of the most notorious in-the-wild iPhone exploits and found a never-before-seen hacking roadmap that included a PDF file pretending to be a GIF image with a custom-coded virtual CPU built out of boolean pixel operations.

If that makes you scratch your head, that was exactly the reaction from Google’s premier security research team after disassembling the so-called FORCEDENTRY iMessage zero-click exploit used to plant NSO Group’s Pegasus surveillance tool on iPhones.

“We assess this to be one of the most technically sophisticated exploits we've ever seen,” Google’s Ian Beer and Samuel Groß wrote in a technical deep-dive into the remote code execution exploit that was captured during an in-the-wild attack on an activist in Saudi Arabia.

Submission + - GoDaddy Hack Exposes 1.2 Million WordPress Customer Accounts (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: Domain registrar and web hosting giant GoDaddy has been hacked and customer data for some 1.2 million WordPress users were exposed to the attacker for more than three months.

The Tempe, Arizona-based GoDaddy disclosed the breach in an SEC filing and confirmed that millions of users of its managed WordPress hosting service had sensitive data stolen, including database usernames and passwords, email addresses and private SSL keys.

Submission + - Robinhood Hacked, Millions of Names, Emails Stolen (securityweek.com)

Submitted by wiredmikey
wiredmikey writes: Mobile stock trading platform Robinhood on Monday fessed up to a security breach that exposed names and email addresses for millions of users and “extensive account details” for what appeared to be very specific targets.

The Menlo Park., Calif-based company, which claims that about 13 million users trade stocks ETFs, and cryptocurrencies using its mobile app, said the breach happened on November 3 when a hacker stole names, email addresses, dates of birth, zip codes and additional personal information from its customer user data.

Slashdot Top Deals

Arithmetic is being able to count up to twenty without taking off your shoes. -- Mickey Mouse

Close