security

DeepSeek Locked Down Public Database Access That Exposed Chat History

Posted on by Admin
DeepSeek Locked Down Public Database Access That Exposed Chat History

On Jan. 29, U.S.-based Wiz Research announced it responsibly disclosed a DeepSeek database previously open to the public, exposing chat logs and other sensitive information. DeepSeek locked down the database, but the discovery highlights possible risks with generative AI models, particularly international projects. DeepSeek shook up the tech industry over the last week as the Chinese company’s AI models rivaled American generative AI leaders. In particular, DeepSeek’s R1 competes with OpenAI o1 on some benchmarks….

Read More

Phishing Emails in Australia Rise by 30%

Posted on by Admin
Phishing Emails in Australia Rise by 30%

The number of phishing emails received by Australians surged by 30% last year, new research by security firm Abnormal Security has found. Cybercriminals have increasingly targeted the Asia-Pacific region, partly because it is becoming a larger player in critical industries like data centres and telecoms. For APAC as a whole, credential phishing attacks rose by 30.5% between 2023 and 2024, according to the research. New Zealand saw a 30% rise, while for Japan and Singapore,…

Read More

GhostGPT: New Chatbot for Malware Creation, Scams

Posted on by Admin
GhostGPT: New Chatbot for Malware Creation, Scams

Security researchers have discovered a new malicious chatbot advertised on cybercrime forums. GhostGPT generates malware, business email compromise scams, and more material for illegal activities. The chatbot likely uses a wrapper to connect to a jailbroken version of OpenAI’s ChatGPT or another large language model, the Abnormal Security experts suspect. Jailbroken chatbots have been instructed to ignore their safeguards to prove more useful to criminals. Must-read security coverage What is GhostGPT? The security researchers found…

Read More

UK Considers Banning Ransomware Payments

Posted on by Admin
UK Considers Banning Ransomware Payments

The U.K. government is considering banning ransomware payments to make critical industries “unattractive targets for criminals.” It would apply to all public sector bodies and critical national infrastructure, which includes NHS trusts, schools, local councils, and data centres. Currently, all government departments nationwide are banned from paying cyber criminals to decrypt their data or prevent it from being leaked. This rule intends to protect the services and infrastructure the British public relies on from financial…

Read More

Patch Tuesday: Microsoft’s January 2025 Security Update Patches Exploited Elevation of Privilege Attacks

Posted on by Admin
Patch Tuesday: Microsoft’s January 2025 Security Update Patches Exploited Elevation of Privilege Attacks

Microsoft’s latest batch of security patches includes an expanded blacklist for certain Windows Kernel Vulnerable Drivers and fixes for several elevations of privilege vulnerabilities. The January 2025 Security Update addressed 159 vulnerabilities. Security patches should be applied to keep software up-to-date. However, early versions of patches may be unreliable and should be cautiously approached and deployed in test environments first. 1 Pipedrive CRM Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999),…

Read More

What’s Next for Open Source Software Security in 2025?

Posted on by Admin
What’s Next for Open Source Software Security in 2025?

Open-source software is common throughout the tech world, and tools like software composition analysis can spot dependencies and secure them. However, working with open source presents security challenges compared with proprietary software. Chris Hughes, chief security advisor at open-source software security startup Endor Labs, spoke to TechRepublic about the state of open-source software security today and where it might go in the next year. “Organizations are starting to try to get some foundational things like…

Read More

Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others

Posted on by Admin
Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others

December brought a relatively mild Patch Tuesday, with one vulnerability having been actively exploited. Of all 70 vulnerabilities fixed, 16 were classified as critical. “This year, cybersecurity professionals must be on Santa’s nice list, or, at the very least, Microsoft’s,” Tyler Reguly, associate director of security R&D at cybersecurity software and services company Fortra, told TechRepublic in an email. Microsoft patches leaky CLFS CVE-2024-49138 is an elevation of privilege vulnerability in the Windows Common Log…

Read More

EU Cyber Resilience Act: What You Need to Know

Posted on by Admin
EU Cyber Resilience Act: What You Need to Know

The E.U. Cyber Resilience Act was enacted on Dec. 10. This legislation impacts all manufacturers, distributors, and tech importers that connect to other devices or networks operating in the bloc. Examples of applicable products include smart doorbells, baby monitors, alarm systems, routers, mobile apps, speakers, toys, and fitness trackers. Those that comply with the legislation will have a CE label, which indicates the device meets E.U. standards for health, safety, and environmental protection, allowing consumers…

Read More

Cybersecurity News Round-Up 2024: Top 10 Biggest Stories

Posted on by Admin
Cybersecurity News Round-Up 2024: Top 10 Biggest Stories

This year has not been quiet for the cybersecurity field. We have seen record-breaking data breaches, huge ransomware payouts, and illuminating studies about the impact of the increasingly complex and ever-evolving threat landscape. As we approach the new year, TechRepublic revisits the biggest cybersecurity stories of 2024. 1.  Midnight Blizzard’s attack on Microsoft In January, Microsoft disclosed that it had been a victim of a nation-state-backed attack beginning in November 2023. The Russian threat actor…

Read More
1 2 3 16