Security News
Google awarded $10 million to 632 bug hunters last year through its vulnerability reward programs. Google's 2023 highlights include newer reward categories, including finding flaws in its AI products and Android phone apps, plus a brand-new Bonus Awards program that periodically pays out time-limited, extra rewards for specific vulnerability targets.
97% of technology leaders find traditional AIOps models are unable to tackle the data overload, according to Dynatrace. 88% of organizations say the complexity of their technology stack has increased in the past 12 months, and 51% say it will continue to increase.
The U.S. Department of Justice has announced the unsealing of an indictment against Linwei Ding, 38, a former software engineer at Google, suspected of stealing Google AI trade secrets for Chinese companies. The allegedly stolen trade secrets involve crucial technology underpinning Google's advanced supercomputing data centers, which are essential for training and hosting large AI models capable of processing nuanced language and generating intelligent responses.
Japan's government has ordered local tech giants LINE and NAVER to disentangle their tech stacks, after a data breach saw over 510,000 users' data exposed. LINE is a messaging app created by an offshoot of South Korea's NAVER - a Google-like web giant.
The US Commerce Department has blacklisted Sandvine for selling its networking monitoring technology to Egypt, where the Feds say the gear was used to spy on political and human-rights activists. Chengdu made the naughty list for apparently acquiring and attempting to acquire US goods on behalf of China's University of Electronic Science and Technology, which was already on the Entity List.
Cyber baddies have turned to ad networks to measure malware deployment and to avoid detection, according to HP Wolf Security. The security group's Q4 2024 Threat Insights Report finds criminals have adopted ad tech tools to make their social engineering attacks more effective.
As-a-service attacks continue to dominate the threat landscape, with Malware-as-a-Service and Ransomware-as-a-Service tools making up the majority of malicious tools in use by attackers, according to Darktrace. As-a-Service tools can provide attackers with everything from pre-made malware to templates for phishing emails, payment processing systems and even helplines to enable criminals to mount attacks with limited technical knowledge.
A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse...
The exposed secrets include hundreds of Stripe, GitHub/GitLab tokens, RSA private keys, OpenAI keys, AWS tokens, Twitch secret keys, cryptocurrency exchange keys, X tokens, and Slack and Discord webhooks. This approach shows how and where API secret keys and tokens are exposed in real-world settings, not only in code repositories.
There is a misconception that only software and technology companies leverage crowdsourced security. Companies across various sectors are increasingly adopting crowdsourced security, as reported by Bugcrowd.