Security News

If you dine out at an Asian restaurant on your next holiday, the United Nations thinks your meal could help North Korea to launder money. We mention the restaurants because the UN reckons they collectively help the DPRK to launder $700 million a year.

When I started digging deeper into the open-source cybersecurity ecosystem, I discovered an engaged community of developers working to find practical solutions to many problems, one of them being saving time. Here are 20 essential open-source cybersecurity tools that are freely available and waiting for you to include them in your arsenal.

Among Gartner's top predictions are the collapse of the cybersecurity skills gap and the reduction of employee-driven cybersecurity incidents through the adoption of generative AI. Two-thirds of global 100 organizations are expected to extend directors' and officers' insurance to cybersecurity leaders due to personal legal exposure. "As we start moving beyond what's possible with GenAI, solid opportunities are emerging to help solve a number of perennial issues plaguing cybersecurity, particularly the skills shortage and unsecure human behavior. The scope of the top predictions this year is clearly not on technology, as the human element continues to gain far more attention. Any CISO looking to build an effective and sustainable cybersecurity program must make this a priority," said Deepti Gopal, Director Analyst at Gartner.

Organizations are becoming more laser-focused on extracting the value of AI, moving from the experimentation phase toward adoption. While the potential for AI is limitless, AI expertise sadly is not.

Scams directly targeting consumers continue to increase in both complexity and volume, according to Visa. While the number of individual scam reports from June to December decreased, the total money lost increased, indicating scammers are targeting victims with more effective - and costly - scams.

Developed by OpenAI, ChatGPT has garnered attention across industries for its ability to generate relevant responses to various queries. As the adoption of ChatGPT accelerates, so do discussions surrounding its ethical and security implications.

ALSO: Viasat hack wiper malware is back, users are the number one cause of data loss, and critical vulns Infosec in brief If your Windows domain controllers have been crashing since a security...

As many as 300,000 servers or devices on the public internet are thought to be vulnerable right now to the recently disclosed Loop Denial-of-Service technique that works against some UDP-based application-level services. It's pretty trivial, and basically relies on sending an error message to, let's say, vulnerable server A in such a way, using IP address source spoofing, that server A responds with an error message to vulnerable server B, which sends an error message to A, which responds to B, which responds to A, over and over again in an infinite loop.

A new large-scale StrelaStealer malware campaign has impacted over a hundred organizations across the United States and Europe, attempting to steal email account credentials. StrelaStealer was first documented in November 2022 as a new information-stealing malware that steals email account credentials from Outlook and Thunderbird.

In an email to customers, the Vans and North Face parent promised that crooks didn't swipe their credit card or bank account details. "VF never collects or retains any detailed payment or financial information, such as bank account or credit card information, so no such information was exposed to the threat actors. Furthermore, no consumers' passwords were compromised. Please note that formal investigations by competent authorities are still ongoing. For this reason, we are unable to provide further details."