Security News > 2024 > March

As many as 100 malicious artificial intelligence (AI)/machine learning (ML) models have been discovered in the Hugging Face platform. These include instances where loading a pickle file leads to...

TL;DR: Stay up-to-date with the latest in cybersecurity with this seven-course e-learning bundle at $39.99 - that's just $6 per course. The 2024 Cybersecurity Mastermind Training Bundle includes seven e-courses covering both essential topics and hands-on applications.

Python Risk Identification Tool is Microsoft's open-source automation framework that enables security professionals and machine learning engineers to find risks in generative AI systems. It started as a collection of individual scripts used during the team's initial foray into red teaming generative AI systems in 2022.

More than 95% of responding IT and security professionals believe social engineering attacks have become more sophisticated in the last year, according to LastPass. Phishing and other social engineering attacks manipulate people into sharing information they shouldn't or making other mistakes that compromise their personal or organizational security.

U.S. cybersecurity and intelligence agencies have warned of Phobos ransomware attacks targeting government and critical infrastructure entities, outlining the various tactics and techniques the...

NIST released its final guidelines for integrating software supply chain security in DevSecOps CI/CD pipelines. In this Help Net Security video, Henrik Plate, Security Researcher at Endor Labs, talks about this report, which provides actionable measures to integrate the various building blocks of software supply chain security assurance into CI/CD pipelines to enhance the preparedness of organizations to address supply chain security in the development and deployment of cloud-native applications.

For several years, cybersecurity leaders have grappled with talent shortages in crucial cyber roles. A new report illustrates that typical functional combinations within a role include architecture and engineering, application security, and product security.

Despite its importance, patching can be challenging for organizations due to factors such as the sheer volume of patches released by software vendors, compatibility issues with existing systems, and the need to balance security with operational continuity. To ensure effective patch management, organizations should establish clear policies and procedures for patching, automate patch deployment where possible, regularly scan for vulnerabilities, prioritize patches based on risk, and conduct thorough testing before deployment.

BSidesZagreb is a complimentary, non-profit conference driven by community participation, designed for information security professionals and enthusiasts to gather, exchange ideas, and collaborate. Help Net Security sponsored the 2024 edition that took place on March 1, and here are photos from the event.

Infosec in brief The infamous LockBit ransomware gang has been busy in the ten days since an international law enforcement operation took down many of its systems. LockBit quickly set up a new website and updated it with a list of forthcoming victim ransom deadlines - one of which included data allegedly stolen from Fulton County, Georgia.