~hackernews | Bookmarks (58)

clear filters

security ×

Cloudflare Announces Firewall for AI

cloudflare.com

Today, Cloudflare is announcing the development of Firewall for AI, a protection layer that can be...
Today, Cloudflare is announcing the development of Firewall for AI, a protection layer that can be deployed in front of Large Language Models (LLMs) to identify abuses before they reach the models. While AI models, and specifically LLMs, are surging, customers tell us that they are concerned about the best strategie...

ai developer platform llm security security week
1
Why do we need for an Undefined Behavior Annex to C++

intel.com

Intel's developer software engineers are not only working on the latest optimizations and improvements in the...
Intel's developer software engineers are not only working on the latest optimizations and improvements in the Intel® oneAPI DPC++/C++ Compiler. We actively contribute to the advancements of Khronos Group's SYCL*, the LLVM* Project, and the latest C and C++ language standards .We would like to share a more detailed p...

c++functional safety oneapi security standard
1
White House urges devs to switch to memory-safe programming languages

bleepingcomputer.com

The White House Office of the National Cyber Director (ONCD) urged tech companies today to switch...
The White House Office of the National Cyber Director (ONCD) urged tech companies today to switch to memory-safe programming languages, such as Rust, to improve software security by reducing the number of memory safety vulnerabilities. Such vulnerabilities are coding errors or weaknesses within software that can lea...

cybersecurity security software usa vulnerability
1
FTC Bans Antivirus Provider Avast from Selling Users' Browsing Data

pcmag.com

The US Federal Trade Commission is cracking down on antivirus provider Avast for secretly harvesting users’...
The US Federal Trade Commission is cracking down on antivirus provider Avast for secretly harvesting users’ browsing data and then selling the information to third-party companies. On Thursday, the FTC announced it was fining Avast $16.5 million and prohibiting the antivirus brand from selling or licensing collected...

antivirus home security software & services
1
FTC to ban Avast from selling browsing data for advertising purposes

bleepingcomputer.com

The U.S. Federal Trade Commission (FTC) will order Avast to pay $16.5 million and ban the...
The U.S. Federal Trade Commission (FTC) will order Avast to pay $16.5 million and ban the company from selling the users' web browsing data or licensing it for advertising purposes. The complaint says Avast violated millions of consumers' rights by collecting, storing, and selling their browsing data without their k...

advertising avast ban ftc privacy
1
Bitwarden's new auto-fill option adds phishing resistance

bleepingcomputer.com

The Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the...
The Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the risk of user credentials being stolen through malicious form fields. The issue was highlighted nearly a year ago when Flashpoint analysts demonstrated that it was possible for attackers to inject rogue...

bitwarden infosec password manager passwords security
1
New Google Chrome feature blocks attacks against home networks

bleepingcomputer.com

Google is testing a new feature to prevent malicious public websites from pivoting through a user's...
Google is testing a new feature to prevent malicious public websites from pivoting through a user's browser to attack devices and services on internal, private networks. More simply, Google plans to prevent bad websites on the internet from attacking a visitor's devices (like printers or routers) in your home or on ...

google google chrome network router security
1
Chinese mini PC gets caught shipping with factory-installed spyware

notebookcheck.net

chinese mini pc malware mini pc security spyware
1
Will Artificial Intelligence Lead to War?

nationalinterest.org

A deterrence strategy depends on adversaries’ perceptions of both capabilities and intentions. Today, large language models...
A deterrence strategy depends on adversaries’ perceptions of both capabilities and intentions. Today, large language models and other fast-evolving forms of generative AI could change those perceptions in ways we can scarcely anticipate. Machine learning is becoming routine in predictive maintenance, logistics, pers...

artificial intelligence china deterrence north korea security
1
UK to replace physical biometric immigration cards with e-visas

bleepingcomputer.com

By 2025, Britain is set to ditch physical immigration status documents such as Biometric Residence Permits...
By 2025, Britain is set to ditch physical immigration status documents such as Biometric Residence Permits (BRPs) and Biometric Residence Cards (BRCs) in a bid to make its borders digital, which is in-line with developed countries like Australia. Understand what the new Home Office development means for existing BRP...

gov.uk great britain immigration infosec security
1
Canada to ban the Flipper Zero to stop surge in car thefts

bleepingcomputer.com

The Canadian government plans to ban the Flipper Zero and similar devices after tagging them as...
The Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars. The Flipper Zero is a portable and programmable pen-testing tool that helps experiment with and debug various hardware and digital devices over multiple protocols, including RFID, radi...

ban canada car flipper zero security
1
Americans lost record $10B to fraud in 2023, FTC warns

bleepingcomputer.com

The U.S. Federal Trade Commission (FTC) says Americans lost over $10 billion to scammers in 2023,...
The U.S. Federal Trade Commission (FTC) says Americans lost over $10 billion to scammers in 2023, marking a 14% increase in reported losses compared to the previous year. To put this into context, Chainalysis says ransomware gangs also had a record year, with ransomware payments having reached over $1.1 billion in 2...

fraud infosec scam security usa
1
The Viral Smart Toothbrush Botnet Story Is Not Real

404media.co

hacking security
1
Spoutible's Leaky API Spurted Out a Deluge of Personal Data

troyhunt.com

security
3
AnyDesk says hackers breached its production servers

bleepingcomputer.com

AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to...
AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack. AnyDesk is a remote access solution that allows users to remotely access co...

anydesk code signing certificate cyberattack infosec security
1
Secure Time Synchronization on macOS

privsec.dev

macOS by default uses the unencrypted and unauthenticated Network Time Protocol (NTP) for time synchronization. A...
macOS by default uses the unencrypted and unauthenticated Network Time Protocol (NTP) for time synchronization. A popular solution to mitigate this problem is to use ChronyControl to setup NTS. However, the application requires administrator privileges, which is less than ideal.In this post, I will go over how to le...

macos security
1
Cloudflare hacked using auth tokens stolen in Okta attack

bleepingcomputer.com

Cloudflare disclosed today that its internal Atlassian server was breached by a suspected 'nation state attacker'...
Cloudflare disclosed today that its internal Atlassian server was breached by a suspected 'nation state attacker' who accessed its Confluence wiki, Jira bug database, and Bitbucket source code management system. The threat actor first gained access to Cloudflare's self-hosted Atlassian server on November 14 and then...

breach cloudflare computer security infosec okta
1
Cloudflare Thanksgiving 2023 Security Incident

cloudflare.com

On Thanksgiving Day, November 23, 2023, Cloudflare detected a threat actor on our self-hosted Atlassian server....
On Thanksgiving Day, November 23, 2023, Cloudflare detected a threat actor on our self-hosted Atlassian server. Our security team immediately began an investigation, cut off the threat actor’s access, and on Sunday, November 26, we brought in CrowdStrike’s Forensic team to perform their own independent analysis.Yest...

security
1
"Leaky Vessels" Docker Container Breakout Vulnerability

snyk.io

Snyk security researcher Rory McNamara, with the Snyk Security Labs team, identified four vulnerabilities — dubbed...
Snyk security researcher Rory McNamara, with the Snyk Security Labs team, identified four vulnerabilities — dubbed "Leaky Vessels" — in core container infrastructure components that allow container escapes. An attacker could use these container escapes to gain unauthorized access to the underlying host operating sys...

acquisition developer devops executive pmm
1
Foundations – modular Rust library, designed for prod-grade distributed systems

cloudflare.com

In this blog post, we're excited to present Foundations, our foundational library for Rust services, now...
In this blog post, we're excited to present Foundations, our foundational library for Rust services, now released as open source on GitHub. Foundations is a foundational Rust library, designed to help scale programs for distributed, production-grade systems. It enables engineers to concentrate on the core business l...

observability open source oxy rust security
1
Purism Liberty Phone to Be Featured in Orpheum Films Collaboration

puri.sm

made in usa electronics most secure phone security
1
SMTP Smuggling – Spoofing Emails Worldwide [video]

ccc.de

11782 2023 37c3 chaos computer club security
1
Escaping from isolated networks using Broadcast DNS

medium.com

One of our latest escape methods is the capability send Domain Name System (DNS) queries via...
One of our latest escape methods is the capability send Domain Name System (DNS) queries via a broadcast ethernet packet. We call this the Broadcast DNS escape. Our hypothesis was that DNS server or cache could pick those up from the network and happily redirect it to another network.And our hypothesis has been prov...

cybersecurity information security information technology network security security
1
Skiff: Various Privacy Failures

grepular.com

developer hacker privacy programmer security
1