The Latest

Changes witnessed over the last few years have led to larger ransomware groups breaking into smaller units, posing more considerable challenges for law enforcement. Ransomware actors are evading arrest more easily and adapting methods with innovative technologies. In this Help Net Security video, Shobhit Gautam, Security Solutions Architect at HackerOne, discusses how ransomware tactics have evolved and how organizations and government bodies are having to fight change with change.

The post Rebrand, regroup, ransomware, repeat appeared first on Help Net Security.


from Help Net Security https://ift.tt/3RqL9mc

GenAI adoption has reached a critical phase, with 67% of respondents reporting their organization is increasing its investment in GenAI due to strong value to date, according to Deloitte.

GenAI adoption phase

“The State of Generative AI in the Enterprise: Now decides Next,” is based on a survey of 2,770 director- to C-suite-level respondents across 14 countries. While respondents have a range of self-reported levels of Generative AI expertise, all are experienced with AI and are piloting or implementing Generative AI in their organizations.

“As promising experiments and use cases begin to pay off, it’s clear that we have arrived at a pivotal moment for GenAI, balancing leaders’ high expectations with challenges such as data quality, investment costs, effective measurement and an evolving regulatory landscape. Our Q3 survey has revealed that now more than ever, change management and deep organizational integration are critical to overcoming barriers, unlocking value and building for the future of GenAI,” said Jim Rowan, Applied AI leader and principal, Deloitte Consulting LLP.

“We are seeing continued enthusiasm for GenAI across organizations, and leaders are deriving the most value from the technology by deeply embedding it into critical business functions and processes. Our research indicates that the top benefits of GenAI are extending beyond improved efficiency, productivity and cost reduction, with more than half pointing to increased innovation, improved products and services, enhanced customer relationships and other types of value. The diversity of these value sources underscores the immense potential and versatility of this transformative technology,” said Costi Perricos, Generative AI leader, Deloitte Global.

Solving data gaps critical for GenAI success

Survey respondents say that while their senior executives and board members are still intrigued by GenAI, there are signs of enthusiasm beginning to wane as the “new technology” shine wears off.

Interest remains “high” or “very high” among most senior executives (63%) and boards (53%); however, those numbers have declined since the Q1 2024 survey, dropping 11 percentage points and eight percentage points respectively.

While selecting and quickly scaling the GenAI projects with the most potential to create value is the goal, many GenAI efforts are still at the pilot or proof-of-concept stage, with 68% saying their organization has moved 30% or fewer of their GenAI experiments fully into production.

Data is taking center stage for AI-savvy leaders, with 75% of organizations increasing their technology investments around data management due to GenAI. However, as enterprises look to scale, unforeseen roadblocks were exposed— with data-related issues causing 55% of surveyed organizations to avoid certain GenAI use cases.

Solving for data deficiencies has emerged as a crucial step in addressing the GenAI-specific demands of data architectures. To modernize their data-related capabilities, organizations are enhancing data security (54%); improving data quality practices (48%); and updating data governance frameworks and/or developing new data policies (45%).

Top barriers to GenAI deployment

Although respondents recognized that managing GenAI risk is critical, three of the top four reported barriers to successful GenAI deployment are risk-related, including worries about regulatory compliance (36%); difficulty managing risks (30%); and lack of a governance model (29%).

Likely driving these concerns are risks specific to GenAI, like model bias, hallucinations, novel privacy concerns, trust, and protecting new attack surfaces. To help build trust and ensure responsible use, organizations are working to build new guardrails and oversight capabilities.

The top actions organizations are taking include establishing a governance framework for using GenAI tools and applications (51%); monitoring regulatory requirements and ensuring compliance (49%); and conducting internal audits/testing on GenAI tools and applications (43%).

While surveyed organizations are beginning to scale past proof-of-concept, 41% have struggled to define and measure the exact impacts of their GenAI efforts and only 16% have produced regular reports for the CFO about the value being created with GenAI.

As applications and use cases mature, leaders will be less inclined to invest based solely on lofty visions and the fear of missing out — making measurement a critical factor in maintaining interest and support from the C-suite and boardroom.

To demonstrate value, organizations are using specific KPIs for evaluating GenAI performance (48%); building a framework for evaluating GenAI investments (38%); and tracking changes in employee productivity (38%).


from Help Net Security https://ift.tt/qaG4YVu

Week in review

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

PostgreSQL databases under attack
Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers.

Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera
Vulnerabilities in popular Microsoft apps for macOS can be abused by attackers to record video and audio clips, take pictures, access and exfiltrate data and send emails, Cisco Talos researchers have discovered.

New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971)
A new Chrome zero-day vulnerability (CVE-2024-7971) exploited by attackers in the wild has been fixed by Google.

OpenCTI: Open-source cyber threat intelligence platform
OpenCTI is an open-source platform designed to help organizations manage their cyber threat intelligence (CTI) data and observables.

Cybersecurity jobs available right now: August 21, 2024
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)
A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents.

Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)
A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw (CVE-2024-28987) in the company’s IT help desk solution has been pushed out.

Fraud tactics and the growing prevalence of AI scams
In the first six months of 2024, Hiya flagged nearly 20 billion calls as suspected spam – more than 107 million spam calls everyday. The data showed spam flag rates of more than 20% of unknown calls (calls coming from outside of someone’s address book) in 25 out of the 42 countries – with some spam flag rates above 50%.

Mandatory MFA for Azure sign-ins is coming
Microsoft is making multi-factor authentication (MFA) – “one of the most effective security measures available” – mandatory for all Azure sign-ins.

AI for application security: Balancing automation with human oversight
In this Help Net Security interview, Kyle Wickert, Worldwide Strategic Architect at AlgoSec, discusses the role of AI in application security, exploring how it’s transforming threat detection and response.

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)
CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ computers, Gen Digital researchers have revealed.

Android malware uses NFC to steal money at ATMs
ESET researchers uncovered NGate malware, which can relay data from victims’ payment cards via a malicious app installed on their Android devices to the attacker’s rooted Android phone.

Common API security issues: From exposed secrets to unauthorized access
Despite their role in connecting applications and driving innovation, APIs often suffer from serious security vulnerabilities. Recent investigations reveal that many organizations are struggling with exposed secrets such as passwords and API keys, which attackers frequently misuse. The persistence of these vulnerabilities, coupled with outdated security measures, underscores a growing concern.

Microchip Technology manufacturing facilities impacted by cyberattack
American semiconductor manufacturer Microchip Technology Incorporated has had some of its business operations disrupted by a cyberattack.

A survival guide for data privacy in the age of federal inaction
Things change fast in the world of data privacy. Just earlier this year, the question I was being asked most frequently was, “How similar will the proposed federal privacy law (APRA) be to the EU’s GDPR?” Now that APRA is pretty much dead on arrival by Congressional watchers, the question I am hearing is, “Will we ever have a national privacy law in the US?”

Stolen, locked payment cards can be used with digital wallet apps
Fraudsters can add stolen payment cards to digital wallet apps and continue making online purchases even after victims report the card stolen and the bank replaces it, computer engineers with University of Massachusetts Amherst and Pennsylvania State University have discovered.

x64dbg: Open-source binary debugger for Windows
x64dbg is an open-source binary debugger for Windows, designed for malware analysis and reverse engineering of executables without access to the source code. It offers a wide range of features and a plugin system, allowing you to customize and extend its capabilities to suit your needs.

Vulnerability prioritization is only the beginning
To date, most technology solutions focused on vulnerability management have focused on the prioritization of risks. That usually took the shape of some risk-ranking structure displayed in a table with links out to the CVEs and other advisory or threat intelligence information.

Strategies for security leaders: Building a positive cybersecurity culture
Culture is a catalyst for security success. It can significantly reduce cybersecurity risks and boost cybersecurity resilience of any organization. Culture can also greatly enhance the perceived value, relevance and reputation of the cybersecurity function.

Protecting academic assets: How higher education can enhance cybersecurity
In this Help Net Security video, Doug Thompson, Chief Education Architect at Tanium, discusses how higher education institutions can defend against even the most sophisticated threats/vulnerabilities despite limited resources.

New phishing method targets Android and iPhone users
ESET researchers discovered an uncommon type of phishing campaign targeting Android and iPhone users. They analyzed a case observed in the wild that targeted clients of a prominent Czech bank.

To improve your cybersecurity posture, focus on the data
Effectively converging, managing and using enterprise data is a huge undertaking. Enterprises have vast hoards of data, but those hoards exist within siloed systems and applications, and it requires a lot of manual effort by highly skilled data scientists, engineers and analysts to extract value from all that data.

Food security: Accelerating national protections around critical infrastructure
In this Help Net Security video, Mike Lexa, CISO and Global VP of IT Infrastructure and Operations at CNH, discusses how the federal government is taking food security more seriously and what steps must be taken to prioritize security measures.

Organizations turn to biometrics to counter deepfakes
The risk of deepfakes is rising with 47% of organizations having encountered a deepfake and 70% of them believing deepfake attacks which are created using generative AI tools, will have a high impact on their organizations, according to iProov.

New infosec products of the week: August 23, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Entrust, Fortanix, McAfee, Own, RightCrowd, and Wallarm.


from Help Net Security https://ift.tt/BXrgY4t

If you’re looking for the Wordle answer for August 25, 2024 read on. We’ll share some clues, tips, and strategies, and finally the solution. Today’s puzzle is medium difficult; I got it in four. Beware, there are spoilers below for August 25, Wordle #1,1613! Keep scrolling if you want some hints (and then the answer) to today’s Wordle game.

How to play Wordle

Wordle lives here on the New York Times website. A new puzzle goes live every day at midnight, your local time.

Start by guessing a five-letter word. The letters of the word will turn green if they’re correct, yellow if you have the right letter in the wrong place, or gray if the letter isn’t in the day’s secret word at all. For more, check out our guide to playing Wordle here, and my strategy guide here for more advanced tips. (We also have more information at the bottom of this post, after the hints and answers.)

Ready for the hints? Let’s go!

Does today’s Wordle have any unusual letters?

We’ll define common letters as those that appear in the old typesetters’ phrase ETAOIN SHRDLU. (Memorize this! Pronounce it “Edwin Shirdloo,” like a name, and pretend he’s a friend of yours.)

There are four common letters from our mnemonic today. The fifth is somewhat common.

Can you give me a hint for today’s Wordle?

As a verb, can be done on ice or pavement.

Does today’s Wordle have any double or repeated letters?

There are no repeated letters today. 

How many vowels are in today’s Wordle?

There are two vowels.

What letter does today’s Wordle start with?

Today’s word starts with S. 

What letter does today’s Wordle end with?

Today’s word ends with E. 

What is the solution to today’s Wordle?

Ready? Today’s word is SKATE.

How I solved today’s Wordle

I started with RAISE and CHANT, assuming I wasn't looking for any additional vowels after A and E. My next guess was STALE, which left SKATE as the best solution.

Wordle 1,163 4/6

⬛🟨⬛🟨🟩
⬛⬛🟩⬛🟨
🟩🟨🟩⬛🟩
🟩🟩🟩🟩🟩

Yesterday’s Wordle answer

Yesterday’s Wordle was medium difficult. The hint was “a cut of meat or fish” and the answer contained four common letters and one fairly common letter.

The answer to yesterday’s Wordle was FILET.

A primer on Wordle basics

The idea of Wordle is to guess the day’s secret word. When you first open the Wordle game, you’ll see an empty grid of letters. It’s up to you to make the first move: type in any five-letter word. 

Now, you can use the colors that are revealed to get clues about the word: Green means you correctly guessed a letter, and it’s in the correct position. (For example, if you guess PARTY, and the word is actually PURSE, the P and R will be green.)

  • Yellow means the letter is somewhere in the word, but not in the position you guessed it. (For example, if you guessed PARTY, but the word is actually ROAST, the R, A and T will all be yellow.)

  • Gray means the letter is not in the solution word at all. (If you guessed PARTY and everything is gray, then the solution cannot be PURSE or ROAST.)

With all that in mind, guess another word, and then another, trying to land on the correct word before you run out of chances. You get six guesses, and then it’s game over.

The best starter words for Wordle

What should you play for that first guess? The best starters tend to contain common letters, to increase the chances of getting yellow and green squares to guide your guessing. (And if you get all grays when guessing common letters, that’s still excellent information to help you rule out possibilities.) There isn’t a single “best” starting word, but the New York Times’s Wordle analysis bot has suggested starting with one of these:

  • CRANE

  • TRACE

  • SLANT

  • CRATE

  • CARTE

Meanwhile, an MIT analysis found that you’ll eliminate the most possibilities in the first round by starting with one of these:

  • SALET

  • REAST

  • TRACE

  • CRATE

  • SLATE

Other good picks might be ARISE or ROUND. Words like ADIEU and AUDIO get more vowels in play, but you could argue that it’s better to start with an emphasis on consonants, using a starter like RENTS or CLAMP. Choose your strategy, and see how it plays out.

How to win at Wordle

We have a few guides to Wordle strategy, which you might like to read over if you’re a serious student of the game. This one covers how to use consonants to your advantage, while this one focuses on a strategy that uses the most common letters. In this advanced guide, we detail a three-pronged approach for fishing for hints while maximizing your chances of winning quickly.

The biggest thing that separates Wordle winners from Wordle losers is that winners use their guesses to gather information about what letters are in the word. If you know that the word must end in -OUND, don’t waste four guesses on MOUND, ROUND, SOUND, and HOUND; combine those consonants and guess MARSH. If the H lights up in yellow, you know the solution.

One more note on strategy: the original Wordle used a list of about 2,300 solution words, but after the game was bought by the NYT, the game now has an editor who hand-picks the solutions. Sometimes they are slightly tricky words that wouldn’t have made the original list, and sometimes they are topical. For example, FEAST was the solution one Thanksgiving. So keep in mind that there may be a theme.

Wordle alternatives

If you can’t get enough of five-letter guessing games and their kin, the best Wordle alternatives, ranked by difficulty, include:


from LifeHacker https://ift.tt/kA4mi6y

When your home’s value rises, you have more equity, which is a good thing. When it sinks, you have less equity—and it might be an indication that the housing market and the economy in general is headed for choppy waters, which is a bad thing. Both of those scenarios assume that home values will change steadily over time—but what happens if your home’s value drops or rises sharply and suddenly?

Right now property values are pretty high, and have been rising steadily for years. But as anyone who was alive in 2008 can tell you, home prices can plummet overnight. If your home’s value goes up or down very rapidly, there are a few steps you should take to protect your investment and your property.

What to do if your property value goes up sharply

If you wake up one morning and find that your house has jumped in value, you automatically have a huge benefit: more equity. You literally own more of your house than you did a short time ago, just because the ratio between what you owe on your mortgage and what you could get if you sold the place has gotten bigger.

But don’t just take the win—there’s more you can do to really take advantage of the situation:

  • Have the house appraised. When you took out your loan to buy the house, everything was based on the appraised value of the place. If the house is now worth dramatically more, you have an opportunity to get rid of private mortgage insurance (PMI) if you have it, or refinance to a better rate (if rates are, in fact, lower than when you initially took out the loan). To do either of those things, you’ll need to have the place appraised to make the increase in value official—not a self-appraisal, but paying for a real appraisal. That relatively small cost might be well worth it if you save yourself thousands (or more) in PMI and interest.

  • Consider selling. A house isn’t just an investment, it’s where you live—but people sell their homes every eight years or so, on average, so if your home is suddenly worth a lot more, it’s worth asking yourself if the time is right. Selling your house can give you a nice payout by liquidating all that equity, after all.

  • Consider a HELOC. A home equity line of credit (HELOC) is a loan made against your home’s equity, so waking up with more of that equity means you can get a larger HELOC to work with. You can use that HELOC money to make improvements to the house at a relatively low cost in terms of interest, which can lead to even higher home value and even more equity, so this could be a golden opportunity to renovate, repair, and refresh your property.

What to do if your property value goes down sharply

The opposite scenario is waking up one day to discover your home is worth considerably less than it was yesterday. This is not the time to panic, however—it’s the time to consider some thoughtful moves that can protect your finances and your home:

  • Appeal your property tax assessment. Your local government assesses the value of your home in order to set the amount of tax you have to pay on the property. If your property was last assessed at the high tide of its value, it might be worth it to file an appeal to get your assessment, and thus your tax bill, lowered. The procedure will vary depending on where you live, but it could mean significant savings.

  • Contact your insurance. Another reason to get a fresh appraisal on your home is your homeowners insurance, which is based in part on your home’s value and the estimated rebuilding costs. If that value has dropped, you might be able to lower the amount of coverage, and thus the premiums that you’re paying for that coverage.

  • Prepare for HELOC changes. If you already have a home equity line of credit on your house, it was based on your home’s old valuation. If your lender notices that your house is now worth significantly less, they might freeze or reduce your HELOC. You still have to repay anything you’ve borrowed from the HELOC, but you might lose access to any remaining funds. It might make sense to move some money out of your HELOC if you know you’re going to need it soon.

  • Consider refinancing. If the shift in your home’s value has pushed you into negative equity territory (meaning you owe more on your mortgage than the house is currently worth), you can consider a refinance to balance things out. This can be tricky depending on current interest rates and your lender’s willingness to work something out, but it’s something worth considering the moment you notice the sudden change in your home’s value—and it’s certainly worth a call to your lender to see what makes sense.


from LifeHacker https://ift.tt/sFt9QRh

There are all kinds of cleaning and decluttering methods out there and each is suited for a different kind of person or mess. But what do you do when a mess is truly overwhelming? How do you even know where to begin, regardless of what technique you're using or what you're trying to do? That answer will likely be different for everyone, but I am a big fan of this approach I found on TikTok called the "pile method."

What is the pile method?

This idea comes from Sharon.a.life, a TikTok user who vlogs about motherhood, cleaning, and mental health. She recommends her pile method for anyone who feels overwhelmed, but has to tackle a "total disaster" of a room or home.

To start, you simply pick up everything and toss it into a big pile. That's it. You can use a basket to gather things up and dump them into the pile, or just toss them one by one into the center of the room, but make sure you get it all. If something is out of place, if it's in your way, or if you just want to overhaul everything, toss it all in. At first, it's going to look even worse: It is, after all, a massive pile of stuff. But similar to the feeling you get when you take before-and-after photos of a big project, you're going to be motivated by the visual of the ever-shrinking pile. As it gets smaller and smaller, you'll feel more accomplished and keep going. This differs from other methods, like the ski-slope technique, because it doesn't require you to keep zipping around your room. Once you make the pile, you work right there in the middle.

How to use the pile method

Obviously, you start with your big pile. From there, you'll start making smaller ones. (It's a good idea to pick up some storage baskets for this, so you can bring each basket with you into its corresponding room when you're ready to put things away.) The piles should each represent a room or focus area, so consider one for kitchen items, one for each kid's room, one for laundry, etc. Don't forget a trash pile and a pile for donating or selling, too, if you have anything in those categories.

As you sort, you'll see your giant pile shrinking, which will help you feel less overwhelmed. Once you've made your smaller piles in the baskets, take each basket to the room where its contents belong and put everything away. Here is where you'll call on some organizational techniques, making sure everything has a designated place and you're storing similar items together.

Even though it starts out with a big mess in the middle of the room, this technique is ultimately much less overwhelming than trying to go around the room and pick up items, bring them to their proper place, and return to the scene of the crime over and over again.


from LifeHacker https://ift.tt/98oJi6n

The Sonos Roam 2 is an ultra-portable speaker that weights 0.9 pounds and can be positioned either vertically or horizontally (for better stability), and right now it's on sale for $143 (regularly $179). A PCMag review mentions that the speaker's orientation impacts more than just its appearance, even though its Trueplay feature promises to automatically adjust the audio for the best sound. For connectivity, the Roam 2 offers Bluetooth, wifi, and AirPlay2, but skips Google Assistant. You can use it as a regular Bluetooth speaker without the app or with Alexa for hands-free voice control. Just keep in mind, that Alexa can't manage its music and radio playback—you'll need to use Sonos Voice Control for that, which could get a bit annoying.

This portable speaker comes with a charging cable and is said to last about 10 hours per charge, just like the original Roam. However, the Roam 2 includes a battery-saving feature that lets the speaker shut down faster when not in use, plus a wifi power save option to extend battery life when on wifi. You can also charge the Roam 2 wirelessly using a wireless charger. Additionally, the Roam 2 has an IP67 rating, meaning it's dust-proof and can handle being underwater up to a meter for 30 minutes—great for poolside or beach use.

Compared to other models, the Roam 2 offers mono audio, unlike the pricier Sonos Move 2, which provides superior stereo sound and is currently priced at $359, down from $449. Alternatively, the Anker Soundcore Motion 300 offers better Bluetooth connectivity, a speakerphone, and high-resolution audio streaming at a more affordable price of $79.99.


from LifeHacker https://ift.tt/VrHIEGY