Security News
American Express is warning customers that credit cards were exposed in a third-party data breach after one of its service providers was hacked. In a data breach notification filed with the state of Massachusetts, American Express said that the breach occurred at one of its service providers used by their travel services division, American Express Travel Related Services Company.
A new phishing campaign is using fake Okta single sign-on pages for the Federal Communications Commission and for various cryptocurrency platforms to target users and employees, Lookout researchers have discovered. The victims are then prompted to resolve a captcha using hCaptcha - a tactic that prevents the phishing site from being identified and adds to its credibility - and are presented with a spoofed Okta SSO page.
Researchers have demonstrated a worm that spreads through prompt injection. In the second method, the researchers say, an image with a malicious prompt embedded makes the email assistant forward the message on to others.
Malicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day. The security capabilities of public software package repositories plays a crucial factor in securing the open-source software supply chain.
A company’s lifecycle stage, size, and state have a significant impact on its security needs, policies, and priorities. This is particularly true for modern mid-market companies that are either...
Operation Cronos, led by the UK's National Crime Agency and the US's FBI, was put together by agencies from ten countries with the aim of closing down the world's most successful ransomware gang, LockBit. Best of all, the countdown timer by which LockBit displayed how long victims had left to pay up had been duplicated, only this time counting down to the unmasking of LockBit's head honcho, LockBitSupp.
As many as 100 malicious artificial intelligence (AI)/machine learning (ML) models have been discovered in the Hugging Face platform. These include instances where loading a pickle file leads to...
TL;DR: Stay up-to-date with the latest in cybersecurity with this seven-course e-learning bundle at $39.99 - that's just $6 per course. The 2024 Cybersecurity Mastermind Training Bundle includes seven e-courses covering both essential topics and hands-on applications.
Python Risk Identification Tool is Microsoft's open-source automation framework that enables security professionals and machine learning engineers to find risks in generative AI systems. It started as a collection of individual scripts used during the team's initial foray into red teaming generative AI systems in 2022.
More than 95% of responding IT and security professionals believe social engineering attacks have become more sophisticated in the last year, according to LastPass. Phishing and other social engineering attacks manipulate people into sharing information they shouldn't or making other mistakes that compromise their personal or organizational security.