Tag: training

First-ever Linux UEFI bootkit turns out to be research project

Dec 3, 2024 11:48 PM

Tags: antivirus, attack, authentication, awareness, computer, conference, cybersecurity, firmware, linux, malicious, malware, microsoft, risk, software, technology, threat, training, update, windows

Bootkitty, a recently discovered boot-level UEFI rootkit for Linux, was evidently created by students participating in a cybersecurity training program at the South Korean Information Technology Research Institute (KITRI).The bootkit, found and analyzed by researchers from antivirus vendor ESET last week, showed signs of being a proof of concept rather than production-ready malware. Nevertheless, the…
PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts

Dec 3, 2024 5:48 PM

Tags: attack, cyber, exploit, malicious, privacy, risk, training

Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated learning (FL) to improve the efficiency and privacy of training large language models (PLMs) on specific tasks. However, this approach introduces a new security risk called >>PEFT-as-an-Attack
10 most critical LLM vulnerabilities

Dec 3, 2024 8:49 AM

Tags: access, ai, api, application-security, attack, authentication, automation, awareness, backdoor, breach, business, compliance, control, corporate, credit-card, cybersecurity, data, data-breach, email, exploit, guide, injection, intelligence, jobs, leak, least-privilege, LLM, malicious, privacy, RedTeam, risk, sans, service, social-engineering, spam, strategy, supply-chain, technology, theft, threat, tool, training, unauthorized, update, vulnerability, zero-trust

Enterprise adoption of generative AI technologies has exploded in 2024 due to the rapid evolution of the technology and the emergence of a variety of business use cases. According to Menlo Ventures, AI spending surged to $13.8 billion this year, up six-fold from 2023, and 72% of US decision makers say they are expanding their…
Want to be a cybersecurity pro? Use generative AI to get some simulated training

Dec 3, 2024 8:49 AM

Tags: access, ai, application-security, attack, authentication, awareness, backup, business, chatgpt, compliance, control, cve, cyber, cybercrime, cybersecurity, data, defense, detection, encryption, endpoint, firewall, group, guide, healthcare, HIPAA, infrastructure, intelligence, jobs, law, lockbit, mitigation, mitre, network, phishing, ransomware, risk, service, siem, skills, social-engineering, strategy, threat, tool, training, update, vulnerability

I often get approached by young, ambitious people looking to start a cybersecurity career. Some are studying cybersecurity in college, some are looking to jump from IT, and some believe that the field is synergistic with past experiences in law enforcement or the military.Regardless, all are looking for guidance as they struggle to find an…
Working in critical infrastructure? Boost your effectiveness with these cybersecurity certifications

Dec 2, 2024 8:30 AM

Tags: attack, automation, awareness, china, cisa, communications, compliance, control, cyber, cybersecurity, defense, finance, germany, governance, government, healthcare, HIPAA, incident response, infrastructure, international, jobs, network, PCI, privacy, ransomware, resilience, risk, risk-management, russia, sans, service, skills, soc, supply-chain, technology, training, ukraine, update, warfare

Hybrid warfare between nation-states is imperilling critical infrastructure around the world, both physically and electronically. Since the start of the Ukraine-Russia conflict, hybrid cyber/physical attacks on satellite and communications, energy, transportation, water, and other critical sectors have spread across Europe and beyond.Chinese perpetrators are actively infiltrating telecommunications networks in the US and abroad, according to…
Fighting cybercrime with actionable knowledge

Dec 1, 2024 10:28 PM

Tags: cyber, cybercrime, sans, training

A reason to celebrate SANS and its 35 years of cyber security training First seen on theregister.com Jump to article: www.theregister.com/2024/11/29/fighting_cybercrime_with_actionable_knowledge/
SANS Institute baut seine Präsenz in der DACH-Region aus

Dec 1, 2024 4:26 PM

Tags: sans, training

Inzwischen hat sich München als Stützpunkt mit bis zu vier Trainings jedes Jahr fest etabliert. Weitere Präsenzschulungen in Amsterdam, Frankfurt, Lon… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sans-institute-baut-seine-praesenz-in-der-dach-region-aus/a38183/
DoD: Notice of Proposed Rulemaking on Privacy Training

Dec 1, 2024 1:24 PM

Tags: defense, government, privacy, training

tment of Defense and two other government agencies have issued a proposed rule designed to help ensure that government contractors provide adequate pr… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/agency-releases/dod-notice-proposed-rulemaking-on-privacy-training-r-2575
Mitarbeiter Mit eigenen Psycho-Tricks schlagen? So geht diese deutsche Firma gegen Hacker vor

Dec 1, 2024 3:20 AM

Tags: cyber, hacker, startup, training

Cyber-Kriminalität verursacht in der deutschen Wirtschaft jedes Jahr einen Schaden in Milliardenhöhe. Das Start-up Sosafe hilft Unternehmen wie Aldi N… First seen on welt.de Jump to article: www.welt.de/wirtschaft/gruenderszene/article247654720/Cyber-Kriminalitaet-Mit-eigenen-Psycho-Tricks-schlagen-So-geht-diese-deutsche-Firma-gegen-Hacker-vor.html
Phishing Simulations for Cybersecurity Awareness Training

Dec 1, 2024 1:19 AM

Tags: awareness, cybersecurity, phishing, training

First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/phishing-simulations-cybersecurity-awareness-training
Study: 92% of Healthcare Firms Hit by Cyberattacks This Year

Nov 29, 2024 3:26 PM

Tags: awareness, cyber, cyberattack, healthcare, threat, training

Healthcare organizations should rethink some of their approach to security, enhancing focus on insider threats, improving cyber awareness training and… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/study-92-healthcare-firms-hit-by-cyberattacks-this-year-i-5419
The CSO guide to top security conferences

Nov 29, 2024 7:46 AM

Tags: access, cio, cloud, compliance, conference, cyber, cybersecurity, email, germany, guide, identity, india, intelligence, international, jobs, law, resilience, risk, risk-management, threat, tool, training, update

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts. Fortunately, plenty of great conferences are coming up in the months ahead.…
Microsoft says it’s not using your Word, Excel data for AI training

Nov 27, 2024 8:11 PM

Tags: ai, data, intelligence, microsoft, training

Microsoft has denied claims that it uses Microsoft 365 apps (including Word, Excel, and PowerPoint) to collect data to train the company’s artificial intelligence (AI) models. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-says-its-not-using-your-word-excel-data-for-ai-training/
Barings Law plans to sue Microsoft and Google over AI training data

Nov 27, 2024 4:11 PM

Tags: ai, data, google, intelligence, law, microsoft, training

Microsoft and Google are using people’s personal data without proper consent to train artificial intelligence models, alleges Barings Law, as it prepares to launch a legal challenge against the tech giants First seen on Jump to article: /www.computerweekly.com/news/366616407/Barings-Law-plans-to-sue-Microsoft-and-Google-over-AI-training-data
Microsoft 365: Nutzen Word und Excel Kundendaten für KI-Trainings?

Nov 27, 2024 10:11 AM

Tags: ai, microsoft, training

Auf X wird die Annahme verbreitet, dass Microsoft Dokumenteninhalte für KI-Trainings sammeln soll. Das Unternehmen hat das offiziell verneint. First seen on golem.de Jump to article: www.golem.de/news/microsoft-365-nutzen-word-und-excel-kundendaten-fuer-ki-trainings-2411-191177.html
Cybersecurity’s oversimplification problem: Seeing AI as a replacement for human agency

Nov 27, 2024 8:10 AM

Tags: access, ai, awareness, business, ciso, computer, cyber, cybersecurity, data, election, infrastructure, intelligence, Internet, jobs, technology, threat, tool, training

There’s a philosophical concept called the Great Man Theory that suggests history is all about how significant individuals act as centers of gravity for society as a whole, think Alexander the Great, Napoleon Bonaparte, Queen Elizabeth I, or the founding fathers of the American Revolution.Recent research suggests that cybersecurity and related professions are developing a…
8 Tips for Hiring and Training Neurodivergent Talent

Nov 27, 2024 8:10 AM

Tags: cybersecurity, jobs, training

Neurodivergent talent can add so much to a cybersecurity team. How can companies ensure they have the right hiring and onboarding practices in place to ensure their success? First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-careers/8-tips-hiring-training-neurodivergent-talent
6 Best Cybersecurity Training for Employees in 2025

Nov 25, 2024 8:47 PM

Tags: cybersecurity, skills, threat, training

Employee cybersecurity training equips staff with skills to recognize threats and practice safe online habits. Use these training courses to empower y… First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/products/cybersecurity-training/
Top challenges holding back CISOs’ agendas

Nov 25, 2024 6:51 PM

Tags: ai, attack, authentication, awareness, breach, business, ceo, cisa, ciso, compliance, control, cyberattack, cybersecurity, data, deep-fake, defense, detection, framework, grc, group, insurance, intelligence, jobs, malicious, monitoring, network, password, phishing, privacy, regulation, risk, skills, soc, social-engineering, strategy, threat, tool, training, vulnerability, zero-trust

In the past decade, every CISO knew the question awaiting them in the boardroom: Can we survive the next cyberattack? Now, as the turbulent 2024 draws to a close, the concerns have multiplied, says Don Gibson, the CISO at Kinly. Board members are often asking: Can we survive these economic times? Or are we prepared…
17 hottest IT security certs for higher pay today

Nov 25, 2024 6:51 PM

Tags: access, ai, attack, automation, blockchain, business, ceo, cisa, ciso, cloud, communications, conference, container, control, credentials, cryptography, cyber, cybersecurity, data, defense, detection, encryption, exploit, finance, fortinet, google, governance, group, guide, hacker, incident response, infosec, infrastructure, intelligence, Internet, jobs, monitoring, network, penetration-testing, privacy, reverse-engineering, risk, risk-management, skills, software, technology, threat, tool, training, windows

With the New Year on the horizon, many IT professionals may be looking to improve their careers in 2025 but need direction on the best way. The latest data from Foote Partners may provide helpful signposts.Analyzing more than 638 certifications as part of its 3Q 2024 “IT Skills Demand and Pay Trends Report,” Foote Partners…
Job termination scam warns staff of phony Employment Tribunal decision

Nov 25, 2024 6:51 PM

Tags: access, awareness, ciso, computer, country, cybersecurity, data, defense, detection, email, intelligence, jobs, login, malicious, malware, microsoft, phishing, scam, service, social-engineering, software, threat, training, zero-trust

Creators of phishing messages usually want to create anxiety in their targets so they’ll unwittingly download malware. And nothing gets stomachs churning more than the possibility of losing your job.One of the latest examples of this was detected by Cloudflare, which issued a report Thursday on a recent job termination phishing scam that included some…
Act fast to snuff out employee curiosity over ‘free’ AI apps

Nov 25, 2024 6:51 PM

Tags: access, ai, authentication, awareness, chatgpt, ciso, computer, crypto, cybercrime, cybersecurity, data, email, hacking, infection, intelligence, malware, mfa, monitoring, network, phishing, russia, scam, service, skills, strategy, threat, tool, training, windows

The word “free” has always tempted employees who are looking for an app or template to make their work easier. These days, combine “free” with “AI” and the lure is almost irresistible.Since the release of ChatGPT in late 2022, free AI-themed apps have exploded. Unfortunately, some are created by threat actors. One of the latest…
Breach Roundup: Russia Suspected of Severing Undersea Cables

Nov 21, 2024 10:53 PM

Tags: ai, breach, hacker, mail, mfa, microsoft, ransomware, russia, training, vpn, vulnerability

Also: VPN Vulnerabilities Attract Hackers, Hackers Use Swiss Mail to Send Malware. This week, Russia suspected in Balctic Sea cable sabotage, VPNs draw ransomware attackers and Swiss snail mail malware. An AI training company reported a cybertheft of $250,000 and a U.S. space firm reported a breach. Microsoft said it will pay $$$ for AI…
Security awareness and training is a method, not an outcome

Nov 21, 2024 5:53 PM

Tags: awareness, risk, risk-management, training

In 2024, the idea of human risk management shifted from concept to reality as;frustrated CISOs;looked;for solutions;beyond security awareness and training;to make real change.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/security-awareness-training-strategy/733468/
How businesses can prepare for the 47-day certificate lifecycle: What it means and recent updates

Nov 21, 2024 1:53 PM

Tags: apple, compliance, infrastructure, risk, tool, training, update, vulnerability

Apple’s proposal to shorten SSL/TLS certificate lifespans to 47 days by 2028 emphasizes enhanced security and automation. Shorter cycles reduce vulnerabilities, encourage automated certificate management, and push businesses to adopt efficient tools like ACME protocols. While the proposal isn’t yet mandatory, businesses must prepare by modernizing infrastructure, automating renewal processes, and training teams. Adapting early…
Ukrainian cyberwar experience becomes blueprint for TRYZUB cyber training service

Nov 21, 2024 10:53 AM

Tags: communications, computer, cyber, service, training, ukraine

The Computer Emergency Response Team of Ukraine (CERT-UA), part of the State Service of Special Communications and Information Protection (SSSCIP), has joined forces with the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/21/ukrainian-cyberwar-tryzub-cyber-training-service/
Let’s Give Thanks for How Far We’ve Come – and Forge Ahead!

Nov 20, 2024 10:53 PM

Tags: cybersecurity, training

Cybersecurity Training and Education Must Evolve to Keep Pace With the Profession Over the past few decades, cybersecurity has evolved from a niche concern into a global priority, creating a vast and dynamic career field. While we celebrate the journey, let’s also focus on how today’s cybersecurity professionals will shape the future. First seen on…
Kaseya exposes ongoing need for user security training

Nov 20, 2024 9:50 PM

Tags: training

First seen on computerweekly.com Jump to article: www.computerweekly.com/microscope/news/366614272/Kaseya-exposes-ongoing-need-for-user-security-training
SWEEPS Educational Initiative Offers Application Security Training

Nov 20, 2024 6:58 AM

Tags: application-security, training

The secure coding curriculum was developed by University of California, Davis; University of Maryland Baltimore County; Worcester Polytechnic Institute; California Polytechnic State University-San Luis Obispo; Cosumnes River College; DARK Enterprises; and StrongAuth. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/sweeps-educational-initiative-application-security-training
Join in the festive cybersecurity fun

Nov 19, 2024 9:53 PM

Tags: cybersecurity, training

Get hands-on cybersecurity training this seasonal challenge First seen on theregister.com Jump to article: www.theregister.com/2024/11/19/join_in_the_festive_cybersecurity/