Security News > 2023 > August

Daniel Feenberg August 28, 2023 7:24 AM. In the book and movie "The Railway Children" the children wave a red flag to stop a train and prevent a mass fatality accident. We should be careful not to assume all unencrypted communication is malicious, or that all encrypted communication is benign.

Researchers have released additional details about the recently patched four vulnerabilities affecting Juniper Networks' SRX firewalls and EX switches that could allow remote code execution, as well as a proof-of-concept exploit. Earlier this month, Juniper Networks published an out-of-cycle security bulletin notifying customers using its SRX firewalls and EX switches of vulnerabilities that, chained together, would allow attackers to remotely execute code on vulnerable appliances.

An updated version of a botnet malware called KmsdBot is now targeting Internet of Things devices, simultaneously branching out its capabilities and the attack surface. The malware is designed to scan random IP addresses for open SSH ports and brute-force the system with a password list downloaded from an actor-controlled server.

ALSO: Euro chip maker breached, crims plan to undermine cyber insurance, and this week's critical vulnerabilities Infosec in Brief No one likes malware, but malicious code that tracks your...

Machine learning models are algorithms that process data to generate meaningful insights and inform critical business decisions. When these data sources contain sensitive or proprietary information, using them for machine learning model training or evaluation/inference raises significant privacy and security concerns.

In this Help Net Security interview, Florian Forster, CEO at Zitadel, discusses the challenges CISOs face in managing authentication across increasingly distributed and remote workforces, the negative consequences of ineffective authorization, and how the shift toward cloud transformation affects authentication strategies. Authentication devicesWhen companies want to start using secure authentication concepts like passwordless or even Smartcards it becomes an additional burden to deliver the authentication devices to their employees.

In this Help Net Security video, Larry Whiteside, Jr., CISO at RegScale and President of Cyversity, discusses how, now more than ever, the cybersecurity industry needs the diversity of thought to...

Cloud Native Application Protection Platforms have emerged as a critical category of security tooling in recent years due to the complexity of comprehensively securing multi-cloud environments, according to Cloud Security Alliance. Much of CNAPPs popularity has been driven by their ability to consolidate the capabilities of the numerous security tools organizations current deploy, namely Cloud Security Posture Management, Cloud Workload Protection, and Cloud Infrastructure Entitlement Management, network security, and secure DevOps.

Based on survey data from organizations experimenting with LLMs, researchers have found that enterprises are looking for ways to customize and deploy open-source LLMs without giving commercial vendors access to proprietary data, and they are exploring other use cases beyond generative AI capabilities. "It is now open season for LLMs. Thanks to the widespread recognition of OpenAI's ChatGPT, businesses are in an arms race to gain a competitive edge using the latest AI capabilities. Still, they require more customized LLMs to meet domain-specific use cases," said Piero Molino, CEO of Predibase.

PLUS: India calls for global action on AI and crypto; Vietnam seeks cybersecurity independence; China bans AI prescribing drugs Asia In Brief Taiwan-based infosec consultancy Team T5 has disputed...