cyber_security_channel | News and Media

Telegram-канал cyber_security_channel - Cyber Security News

42585

Be Cyber Aware. Our vacancies channel: @CyberSecurityJobs Our chat: t.me/cybersecuritynewschat LinkedIn: https://www.linkedin.com/company/securitynews/ Facebook: https://www.facebook.com/BreakingCyberSecNews 📩 Cooperation: @cybersecadmin

Subscribe to a channel

Cyber Security News

BlackDice: Pioneering AI-Powered Cybersecurity

BlackDice's solution is being deployed globally via integration partners, embedded directly into their routers and optical network termination ("ONT").

"Our solutions cater to SMBs and personal users, often overlooked by traditional network providers, Retina, BlackDice's operator insight technology, deploys Unsupervised Learning Models deriving data directly from the network, discovering hidden patterns of behavior and uncovering anomalies that the human eye could never see.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Data Breach May Have Affected Almost 4,000 University of Utah Health Plan Members

U. Health Plans is working with TMG Health to prevent incidents in the future, and law enforcement is also investigating this incident, the statement said.

The organization is offering one year of complimentary personal identity and privacy protection monitoring to protect its members from adverse impacts due to the data breach.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

The Forrester Consulting TEI of Guardium Data Protection study: 5 Data Security Lessons

Forrester Consulting Total Economic Impact (TEI) study commissioned by IBM for its IBM Security Guardium Data Protection product.

The TEI study focuses specifically on Guardium Data Protection, but its interviews with security professionals reveal common concerns that data security analysts (DSAs) face.

- Visibility
- Compatibility
- Automated monitoring
- Easier audits
- Adapting to changing regulations

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

AI Hallucinations Could Be a Cybersecurity Risk

AI is trained from massive data sets, often containing flaws like thought gaps, content saliency variance, or harmful biases.

Any training from these incomplete or inadequate data sets could be the root of hallucinations, even if later iterations of the data set received curation from data scientists.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

EY Breach Exposes Bank of America Customer Credit Card Numbers

Experts warn that even seemingly insignificant pieces of leaked personal information can be collated to have a devastating impact.

Victims whose data has been leaked often don’t realize they’ve been compromised and therefore take no action to mitigate the outcome.

EY said that Bank of America will provide exposed clients with a “complimentary two-year membership in an identity theft protection service.”

The letter urges potential victims to be vigilant and cautiously review account statements and credit reports for suspicious activity.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Your Data Protection Checklist

Under certain criteria, regulations such as the GDPR mandate a DPO’s appointment.

However, even if it is optional, you may consider appointing an independent and impartial advisor that will supervise data protection governance in the organization.

They should have expertise in data privacy and security practices and a solid grasp of business processes and industry specifics.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

DARPA, White House launch $20M AI, Cybersecurity Challenge

Dubbed the “AI Cyber Challenge,” or AIxCC, the effort aims to “challenge competitors across the United States, to identify and fix software vulnerabilities using AI,” the White House announced today.

Google, Microsoft, OpenAI and Anthropic will lend expertise and technologies for the challenge.

DARPA will host an open competition for AIxCC where up to 20 teams will advance to the semifinals next August at the DEF CON 2024 conference, followed by up to five teams advancing to the finals, according to the agency’s website.

In August 2025, three winners will be chosen at DEF CON 2025. AIxCC will feature almost $20 million in prizes, according to the White House.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

AmiViz and Darktrace Announce Cybersecurity Partnership

Darktrace’s Cyber AI Loop prevents, detects, responds, and heals from cyber-attacks, all at once, at all times, everywhere an organization touches data and people, whether that’s outside on the attack surface or inside the organization.

AmiViz is the first B2B enterprise marketplace focused on the cybersecurity industry in the Middle East, designed specially to serve the interests of enterprise resellers and vendors.

Driven by innovation and AI-powered technology, the platform provides a unique collaboration platform through a mobile application on iOS and Android, as well as a web-based platform to enterprise resellers, consultants, system integrators, channel partners, and vendors.

AmiViz and Darktrace will work closely to roll out several new channel initiatives to enhance collaboration and drive greater customer value.

AmiViz will help conduct technical and sales workshops, support proof of concept, and extend pre-sales, implementation, and first-line support to its partners across the region.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

IBM Researchers Easily Trick ChatGPT Into Hacking

Researchers at IBM released a report Tuesday detailing easy workarounds they've uncovered to get large language models (LLMs) — including ChatGPT — to write malicious code and give poor security advice.

All it takes is knowledge of the English language and a bit of background knowledge on how these models were trained to get them to help with malicious acts.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Royal, Hive, Black Basta Ransomware Gangs ‘Collaborating on Cyber Attacks’

There were “distinct similarities” between techniques employed during four different incidents at the beginning of 2023, analysis showed, raising questions over whether the gangs have been collaborating.

“Despite Royal being a notoriously closed off group that doesn’t openly solicit affiliates from underground forums, granular similarities in the forensics of the attacks suggest all three groups are sharing either affiliates or highly specific technical details of their activities,” Sophos said.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Google Awards USD 15,000 to Apple Security Team for Finding Bug in Chrome Web Browser

The collaboration between tech companies in identifying and addressing security vulnerabilities is crucial for maintaining the safety and privacy of users’ data and ensuring the overall security of online platforms.

The ‘CVE-2023-4072’ vulnerability is a critical security flaw identified in Google Chrome’s WebGL implementation. It is classified as an “out of bounds read and write” bug, which means that an attacker could potentially access and modify memory areas beyond the allocated space, leading to potential security exploits.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

GDPR Fines Just 6% of the Total Cost of Data Breaches

The most common causes of the breaches in the research weren’t cyber attacks.

Only a third (33%) of breaches reported were due to malware or phishing, with all breaches caused by threats from outside an organization accounting for 35% of reports. Insider threats, however, came to 40%.

Human error accounted for more – 23% were caused by data being shared with the wrong person, while 11% was due to lost or stolen data.

This includes, for example, stolen devices or paperwork being left in an unsecured location.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Downfall: New Intel CPU Attack Exposing Sensitive Information

Daniel Moghimi, the Google senior research scientist who discovered the flaw.

“I discovered that the Gather instruction, meant to speed up accessing scattered data in memory, leaks the content of the internal vector register file during speculative execution.

To exploit this vulnerability, I introduced Gather Data Sampling (GDS) and Gather Value Injection (GVI) techniques,” Moghimi added.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Protection is No Longer Straightforward – Why More Cybersecurity Solutions Must Incorporate Context

Think of it like making a trip to the Emergency Room.

The admitting ER physician is not likely to make a diagnosis and prescribe treatment based solely on the symptoms presented by the patient.

Doing so could lead to complications or further injury.

Instead, the physician must also consider additional context, such as past illnesses, medications, allergies, surgeries, and other relevant information. In many cases, it would be life-threatening if the physician had to take the time to make calls to previous doctors, pharmacies, etc., to gather this information.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

How to Get Unlimited Airline Miles: Researchers Find the Cheat Codes

Vulnerabilities in the Points.com API could have been exploited to expose customer data, steal customers’ “loyalty currency” (like miles), or even compromise Points global administration accounts to gain control of entire loyalty programs.

An encrypted cookie assigned to each user had been encrypted with an easily guessable secret—the word “secret” … the researchers could decrypt their cookie, reassign themselves global administrator privileges for the site … and essentially assume god-mode-like capabilities

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Data breach impacting millions of Oregon Health Plan members

“We’re urging OHP members to activate credit monitoring as a precaution,” said Dave Baden, interim director at OHA.

“It’s disheartening that bad actors are looking to exploit people in our state and that their actions create a burden for others, who have more than enough to manage already.

However, there are important steps that OHP members can take to further protect their data.”

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Cybernetics Pursue Exceptional Contributions to Privacy and Data Protection in Crypto Recovery

Cybernetics has invested significant resources into research and development to create cutting-edge technologies that bridge the gap between crypto recovery and privacy concerns.

The company's team of world-class experts in cryptography, cybersecurity, and data protection have collaborated to develop revolutionary techniques that enable seamless recovery of crypto assets while adhering to the highest standards of privacy in helping those impacted by crypto trading platform crimes.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

BlackBerry: AI Cybersecurity Pioneer, BlackBerry Introduced Major Update to Next-Generation AI Engine

BlackBerry pioneered the field of AI for predictive cyber defense, and today delivers the highest efficacy scores against the competition whether an endpoint is online or offline.

Cylance AI enables organizations to stay ahead of cyberattacks without sacrificing operational efficiency.

Rolled out automatically to all BlackBerry customers currently using CylanceENDPOINT™, CylanceEDGE™ and CylanceGUARD®, the new engine builds upon previous iterations that stop attacks 12 times faster and with 20 times less resources than other cybersecurity solutions.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Black Hat USA: Cybersecurity Community Can Help with National Security Policy

The CrowdSec Partner Program operates on three different tiers: silver, gold and platinum.

Each partner receives free training and certification through the CrowdSec Academy, and will have the opportunity to grow through the tiers, which offer different business benefits, such as revenue sharing, dedicated training and exclusive access to product features.

With a partner-first approach, CrowdSec’s primary goal is to elevate existing and future partners, and boost their revenue by providing them with comprehensive marketing resources, training and support.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

'Sufficient Protections Not in Place' to Prevent Data Breach, Regulator Admits

The Electoral Commission expressed its “regret that sufficient protections were not in place to prevent this cyberattack” and indicated that, working with its security providers and experts from the National Cyber Security Centre, it has taken steps since the breach to improve its security systems and processes.

“We have strengthened our network login requirements, improved the monitoring and alert system for active threats and reviewed and updated our firewall policies,” it said.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Jericho Security Uses AI to Fight AI in New Frontier of Cybersecurity

Jericho Security’s approach marks a new frontier for cybersecurity, using machine-learning capabilities to essentially “fight AI with AI.”

Jericho pits an AI red team against an AI blue team in simulations to uncover vulnerabilities and develop more robust defenses.Jericho Security is the result of decades of collective observation of the evolution of cybersecurity threats by its founders.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

🏹 Get Ready To Hunt 2FA Bugs like a Pro!

Looking for a way to approach Two Factor Authentication Bugs?

Our partners at Hacklido have a digital product that will help you find effective solutions.

↳ It shows you the process of finding 2FA flaws

Grab your copy and improve your skills:

https://gumroad.com/a/631226579/jdvwcd

Читать полностью…

Cyber Security News

Third Parties Can Intervene in Belgian Data Protection Authority Proceedings and Appeal Its Decisions

The Constitutional Court agreed that the lack of remedies for interested third parties against decisions of the Litigation Chamber of the BDPA was not in line with the constitutional principle of equality.

The legislator has now gone one step further by giving appeal as well as intervention possibilities to interested third parties.

A first step to amend the legal framework and to develop a specific provision on appeal possibilities for interested third parties took place on 12 January 2023 as a result of a decision by the Belgian Constitutional Court.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

White House Offers Prize Money for Hacker-Thwarting AI

To boost participation, the Defense Advanced Research Projects Agency (DARPA) running the competition will put $7 million into funding small businesses that want to compete, according to the White House.

DARPA is collaborating with AI tech titans Anthropic, Google, Microsoft, and ChatGPT-maker OpenAI, which will provide expertise and technology for the competition, Prabhakar said.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Case from a few days ago: Tesla's Software Cracked: Offers Free Upgrades That Even Musk Can't Fix

A recent revelationby a security researcher and a trio of PhD students from Germany has sent shockwaves across the automobile industry.

The team has reportedly found a backdoor to Tesla's sophisticated, AMD-based cars. They've managed to devise what could be the world's first unpatchable "Tesla Jailbreak", poised to unlock a trove of paid features – all for free.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Cornell introduces new AI-focused Board Governance program

The program offers presentations, panel discussions and networking events designed specifically for current board members of public and private companies.

Participants will explore matters in AI, data privacy, algorithmic bias and antitrust.

The small cohort size is intended to ensure high-quality peer-to-peer engagement on key issues and solutions that participants can directly apply to their organizations.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

The Importance Of Safeguarding Businesses From Data Privacy And Cybersecurity Risk

Data privacy is handling and safeguarding personal or sensitive information, sometimes by multiple parties.

Businesses collect customer data for different reasons, but their primary purposes are to improve services, understand user behavior, and make efforts toward marketing.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Regtech and Cybersecurity: Strengthening Data Protection in Compliance

Regtech is the application of modern technology to streamline and automate regulatory compliance processes, such as artificial intelligence (AI), machine learning, and big data analytics.

The goal of regtech is to assist financial institutions in staying ahead of regulatory developments, ensuring compliance, and efficiently managing complicated reporting requirements.

Beyond just compliance, regtech offers the ability to improve cybersecurity and data protection policies.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Average Cost of a Data Breach Has Reached an All-Time High: IBM Report

Involving law enforcement in a ransomware attack also saved money and shortened the lifecycle of the breach.

Organizations that didn’t involve law enforcement in a ransomware attack incurred an additional $470,000 in expenses on average.

About 63% of respondents said they involved law enforcement.

The 37% that didn’t involve law enforcement paid 9.6% more and experienced a 33-day longer breach lifecycle.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

When Your Teammate is a Machine: 8 Questions CISOs Should be Asking About AI

AI will effectively become an extension of automation processes and can uncover a vastly expanded breadth and span of information, helping to evaluate complexities at greater and greater speeds.

1. Did comprehensive testing to ensure the AI algorithm works as intended occur?

2. From where did the data used to train the AI come?

3. How was the AI algorithm designed to prevent, or mitigate as much as possible, bias in the results?

4. How was the algorithm designed to mitigate the new and challenging risks that emerge almost daily related to generative AI?

5. Has the vendor comprehensively addressed security concerns related to machine learning and if so, how?

6. Has the AI been engineered to account for the complexity of AI systems attack surfaces and if so, in what ways?

7. How have supply chain and third-party AI components been reviewed for security and privacy risk, and then mitigated?

8. Has the AI manufacturer or vendor developed their AI products to meet data protection compliance for the areas in which they will be sold?

@Cyber_Security_Channel

Читать полностью…
Subscribe to a channel