Security News > 2024 > March

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned three cryptocurrency exchanges for offering services used to evade economic restrictions imposed on Russia...

Two DNSSEC vulnerabilities were disclosed last month with similar descriptions and the same severity score, but they are not the same issue. The CVEs for KeyTrap and NSEC3-encloser each suggest the vulnerabilities can be exploited to conduct denial of service attacks.

Reinforcement learning underpins the benefit of AI to the cybersecurity ecosystem and is closest to how humans learn through experience and trial and error. AI reinforcement learning may have applicability in prediction to prevent attacks as well, learning from past experiences and low signals and using patterns to predict what might happen next time.

In this Help Net Security interview, Aaron Crow, Senior Director at MorganFranklin Consulting, discusses critical infrastructure cybersecurity strategies, barriers to threat information sharing, and innovative technologies enhancing resilience against cyberattacks. How do current cybersecurity strategies address the critical infrastructure sectors' unique needs and vulnerabilities?

Threat intelligence is no longer a 'nice to have' for organizations but a 'must,' as it provides leaders with critical insight into their business. If leveraged correctly, threat intelligence is not just a cybersecurity asset but also gives organizations a new approach to maximizing operations and making more effective business decisions.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation....

25% of Americans has lost money to online tax scams, according to McAfee. "As tax season ramps up, so too does cybercriminal activity. What's new this year is the scale and sophistication of scams we're now seeing thanks to artificial intelligence. From AI-generated robocalls with regional accents to very realistic and convincing fake emails, websites, and scam texts, cybercriminals are utilizing all the AI tools available to them, and so too should consumers to stay safe," said Steve Grobman, CTO at McAfee.

Innovation fuels the technology industry, but it comes at a cost. Certain technology sub-sectors like software companies and infrastructure providers have complex supply chains, making it challenging to ensure the security of all components and services.

The government of South Pacific island nation New Zealand has revealed that it, too, has been attacked by China. A Tuesday announcement penned by attorney-general and minister of defence Judith Collins reveals that in 2021 the nation's Government Communications Security Bureau and National Cyber Security Center "Completed a robust technical assessment following a compromise of the Parliamentary Counsel Office and the Parliamentary Service in 2021, and has attributed this activity to a PRC state-sponsored group known as APT40."