By now most information technology managers are painfully aware of the consequences of software supply chain attacks. Thanks to exploits affecting the supply chains of SolarWinds,  Log4Shell and 3CX, the power and widespread damage inflicted by these attacks on thousands of businesses are certainly well-known. To try to remedy things, a raft of new supply ...

The former hacker known as Mudge is once again on the move. Mudge, the alias for Peiter Zatko (pictured, center), was the former head of security back when X Corp. was known as Twitter. He is now a consultant for the U.S. Cybersecurity and Infrastructure Security Agency, the Washington Post reported yesterday. Zatko has worked ...

This has been the summer of adversarial chatbots. Researchers from SlashNext Inc. and Netenrich discovered two such efforts, named WormGPT and FraudGPT. These cyberattack weapons are certainly just the beginning in a long line of products that will be developed for nefarious purposes such as creating very targeted phishing emails and new hacking tools. Both are ...

A new report sponsored by the European Commission has found that social media has played a key role in the spread of Russian-backed disinformation campaigns since their war with Ukraine began. “Over the course of 2022, the audience and reach of Kremlin-aligned social media accounts increased substantially all over Europe,” the researchers stated in the ...

Google LLC’s new application of generative AI to a tried-and-true cybersecurity method called fuzzing could help elevate it into the top tray of enterprises’ defensive tool chests. Fuzzing is the process by which security researchers use various automated tools to cycle rapidly through random data inputs to make the target code crash or yield unexpected ...

Greatness isn’t always a good thing. This past year has seen a lot of it — that is, in the form of an innovative phishing-as-a-service malware construction kit of the same name now in active usage. The Greatness malware attempts to put everything an attacker needs into one tidy package, so that anyone can fill ...

A group of North Korean hackers group continues to threaten networks and businesses around the world, now with ever more sophisticated new attacks. Lazarus has been behind some very nasty exploits, including the double software supply chain attack on 3CX this past March and one of the largest thefts of cryptocurrency from the Ronin Network in ...

Readers who have somehow escaped learning about ChatGPT and other AI-based chatbots should read a new book by my longtime freelancing colleague Pam Baker, “ChatGPT for Dummies.” Baker has been covering various AI-related topics for nearly a decade, including writing several books on machine learning and data science. She has a long business-to-business tech resume, ...

Once again, Microsoft Corp. has revoked a collection of what once were VeriSign Inc.’s digital certificates, another sign of how fragile that foundational digital ecosystem is. The action was confirmed by security firm Airlock Digital in a blog post last week, after it received customer complaints that certificates using VeriSign’s Class 3 Public Primary Certification Authority ...

The importance of end-to-end encryption of digital messages is getting new attention with the announcement that Meta Platforms Inc.’s Facebook will partly add the feature to its Messenger product now, and eventually for all use cases such as group chats by year-end. It’s an important step, since E2EE, as it’s known for short, is a ...