Security
DeepSeek-R1 Red Teaming Report: Alarming Security and Ethical Risks Uncovered
A recent red teaming evaluation conducted by Enkrypt AI has revealed significant security risks, ethical concerns, and vulnerabilities in DeepSeek-R1. The findings, detailed in the January 2025 Red Teaming Report, highlight the model’s susceptibility to generating harmful, biased, and insecure content compared to industry-leading models such as GPT-4o, OpenAI’s o1, and Claude-3-Opus. Below is a…
FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang – Krebs on Security
The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The proprietors of the service, who use the collective nickname “The Manipulaters,” have been the subject of three stories published here since 2015. The FBI said the…
3 Questions: Modeling adversarial intelligence to exploit AI’s security vulnerabilities
If you’ve watched cartoons like Tom and Jerry, you’ll recognize a common theme: An elusive target avoids his formidable adversary. This game of “cat-and-mouse” — whether literal or otherwise — involves pursuing something that ever-so-narrowly escapes you at each try. In a similar way, evading persistent hackers is a continuous challenge for cybersecurity teams. Keeping…
_Elena_Uve_Alamy.jpg?disable=upscale&width=1200&height=630&fit=crop&w=600&resize=600,400&ssl=1 "Adapt Third-Party API Security to Three Specific Use Cases")
Adapt Third-Party API Security to Three Specific Use Cases
COMMENTARY API security often involves third-party, rather than first-party, APIs, and each use case can have different requirements. Rather than trying to make one technological approach work for all instances, security and risk management leaders must adapt their approach to the specific use case. According to a recent Gartner survey, 71% of IT leaders report…
MasterCard DNS Error Went Unnoticed for Years – Krebs on Security
The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security researcher spent $300 to register the domain and prevent…
Australian Cyber Security Centre Targets Bulletproof Hosting Providers To Disrupt Cybercrime Networks
Overview The Australian Cyber Security Centre (ACSC) has issued a detailed warning regarding Bulletproof Hosting Providers (BPH). These illicit infrastructure services play a critical role in supporting cybercrime, allowing malicious actors to conduct their operations while remaining largely undetectable. The Australian government’s growing efforts to combat cybercrime highlight the increasing difficulty for cybercriminals to maintain…
How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?
Recent data breaches have highlighted the critical need to improve guest Wi-Fi infrastructure security in modern business environments. Organizations face increasing pressure to protect their networks while providing convenient access to visitors, contractors, temporary staff, and employees with BYOD. Implementing secure guest Wi-Fi infrastructure has become essential for authenticating access, protecting data, maintaining compliance across…
How CISOs can elevate cybersecurity in boardroom discussions – Help Net Security
Ross Young is the CISO in residence at Team8 and the creator of the OWASP Threat and Safeguard Matrix (TaSM). In this interview, he shares his perspective on how cybersecurity professionals can tailor their presentations to the board, aligning security strategies with business priorities. He also discusses common misconceptions that boards have about cybersecurity and…
A Day in the Life of a Prolific Voice Phishing Crew – Krebs on Security
Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety…
The ongoing evolution of the CIS Critical Security Controls – Help Net Security
For decades, the CIS Critical Security Controls (CIS Controls) have simplified enterprises’ efforts to strengthen their cybersecurity posture by prescribing prioritized security measures for defending against common cyber threats. In this article, we’ll review the story of the CIS Controls before taking a closer look at the current version. A brief history of the CIS…