Cyber Security News

26 Aug 2023 22:56

Tenable Releases Generative AI-Based Cybersecurity Platform

The ExposureAI platform offers preventive security tools that facilitate natural language search queries, exposure data-based mitigation guidance and risk action recommendations, Tenable said Wednesday.

A Snowflake-powered data lake powers ExposureAI, offering a repository of over 1 trillion assets, exposures and security findings across IT, operational technology and public cloud environments.

Generative AI and related tools will be the focal point of discussion at an upcoming ExecutiveBiz event, themed “Trusted AI and Autonomy”.

@Cyber_Security_Channel

Cyber Security News

26 Aug 2023 19:58

Google Releases Security Key Implementation Resilient to Quantum Attacks

Proof-of-concept (PoC) source code has been released as part of Google’s OpenSK project.

The OpenSK project was announced in early 2020 and its goal is to provide open source code for hardware security keys.

As part of the project, the tech giant also provides the resources necessary to 3D print a security key enclosure

@Cyber_Security_Channel

Cyber Security News

26 Aug 2023 15:18

Jefferson Cherry Hill Warns of Possible Data Breach. What Info May Have Been Exposed?

The statement did not provide the number of patients that may have been impacted there, but said the potential breach was recognized by a maintenance technician working on the machine.“

The service technician noticed the portable backup device was missing from the larger DEXA scan machine.

Upon a full investigation, it cannot be determined if the device was lost or stolen," said Jefferson media spokesman Damien Woods.

@Cyber_Security_Channel

Cyber Security News

26 Aug 2023 10:30

Data Privacy Meets Sports Betting in the Bay State

Operators are also prohibited from using any computerized algorithm, automated decision-making, artificial intelligence, machine learning or similar system that is known or reasonably expected to make the gaming platform more addictive under the rule.

Sports wagering operators must only retain patrons’ confidential information and personally identifiable information as necessary to operate a sports wagering area, sports wagering facility or sports wagering platform, or to comply with Massachusetts law.

@Cyber_Security_Channel

Cyber Security News

26 Aug 2023 03:47

Czech Data Protection Authorities Question Police Use of Facial Recognition

The facial recognition system relies on images from government identity card and travel document registers.

In its report, the organization warns about the system’s privacy implications, adding that it could also be used for monitoring people’s activities, including those online.

The Czech Office for Personal Data Protection has asked the local police for information on the facial recognition system that has been in trial operation for almost a year.

One of the main issues highlighted is that the police did not bother to consult the data protection office during its testing, according to the office spokesperson Milan Řepka.

@Cyber_Security_Channel

Cyber Security News

25 Aug 2023 21:44

How & Why Cybercriminals Fabricate Data Leaks

Lesser-known cybercriminals also want to grab a piece of the attention, which pushes them to create fake leaks.

These leaks not only generate hype and provoke a worried reaction from the targeted business but also serve as a fruitful way to deceive "colleagues" on the black market and sell other cybercriminals something that is not actually a leak.

Novice cybercriminals are much more likely to fall for this trick.

@Cyber_Security_Channel

Cyber Security News

25 Aug 2023 16:15

At Black Hat, Splunk, AWS, IBM Security and Others Launch Open Source Cybersecurity Framework

When OCSF was first announced at Black Hat 2022, 18 organizations were on board.

Now, OCSF comprises 145 security companies including AWS and IBM and 435 individual contributors.

Splunk describes OCSF as an open and extensible framework that organizations can integrate into any environment, application or solution to complement existing security standards and processes.

@Cyber_Security_Channel

Cyber Security News

25 Aug 2023 10:39

AI and Cybersecurity - Culmination of Digital Security Measures to Protect Organizational Infrastructure

The future of cyber security will be more dependent on AI, especially when data is seeing an expansion across industries like automotive, metaverse, education, etc.

AI is being used in traditional ways to improve the quality of cybersecurity but tools like top hacking apps are also using the technology to simulate and counter the way hacking attempts work.

@Cyber_Security_Channel

Cyber Security News

25 Aug 2023 05:56

Companies Are Collecting Your Personal Data. Here's What You Need to Know

Personal data includes details like a person’s name, age, or email address among other things, and can be used to identify an individual.

This data can be made "pseudonymous" – meaning that all explicit personal data is removed to make it harder to identify a person – or "anonymous" – where all personal identifiers are removed so that an individual can no longer be identified.

There are many ways in which data can be collected online, whether through IP addresses, navigation data, cookies, or information we provide when filling out forms.Enforcing such tough laws though is tricky.

Across the EU states, there are 27 national data protection authorities (DPAs) for each country.

The DPAs work together within the European Data Protection Board (EDPB) and are managed by the European Data Protection Supervisor in Brussels. 

@Cyber_Security_Channel

Cyber Security News

25 Aug 2023 01:35

Downfall Attacks Can Gather Passwords, Encryption Keys From Intel Processors

“[CVE-2022-40982] is caused by memory optimization features in Intel processors that unintentionally reveal internal hardware registers to software.

This allows untrusted software to access data stored by other programs, which should not be normally be accessible,” Daniel Moghimi, a research scientist at Google, explained.

He devised two exploitation techniques: Gather Data Sampling (GDS) and Gather Value Injection (GVI), and demonstrated how they can be used to do things like stealing AES keys, data from the Linux kernel, and more.

@Cyber_Security_Channel

Cyber Security News

24 Aug 2023 21:22

US law firm Orrick Hit With Lawsuit Over March Data Breach

The breach involved Orrick client data, including people who have dental plans with Delta Dental of California and people who have vision plans with EyeMed Vision Care, according to sample notification letters posted by the California attorney general.

Orrick represented EyeMed following a 2020 data breach that compromised the personal information of 2.1 million people.

In May, EyeMed struck a $2.5 million settlement with Florida, New Jersey and Oregon over the breach.

@Cyber_Security_Channel

Cyber Security News

24 Aug 2023 16:19

Colorado Health Agency Says 4 Million Impacted by MOVEit Hack

Those files contained the personal information of both Health First Colorado (Medicaid) and Child Health Plan Plus members.

The exposed information, the organization says, includes names, addresses, birth dates, Social Security numbers, demographic or income information, medical information, treatment information, and health insurance information.

@Cyber_Security_Channel

Cyber Security News

24 Aug 2023 12:37

Don’t Expect Quick Fixes in ‘Red-Teaming’ of AI Models. Security Was an Afterthought

Michael Sellitto of Anthropic, which provided one of the AI testing models, acknowledged in a press briefing that understanding their capabilities and safety issues “is sort of an open area of scientific inquiry.”

Conventional software uses well-defined code to issue explicit, step-by-step instructions.

OpenAI’s ChatGPT, Google’s Bard and other language models are different.

Trained largely by ingesting — and classifying — billions of datapoints in internet crawls, they are perpetual works-in-progress, an unsettling prospect given their transformative potential for humanity.

@Cyber_Security_Channel

Cyber Security News

24 Aug 2023 07:46

BlackDice: Pioneering AI-Powered Cybersecurity

BlackDice's solution is being deployed globally via integration partners, embedded directly into their routers and optical network termination ("ONT").

"Our solutions cater to SMBs and personal users, often overlooked by traditional network providers, Retina, BlackDice's operator insight technology, deploys Unsupervised Learning Models deriving data directly from the network, discovering hidden patterns of behavior and uncovering anomalies that the human eye could never see.

@Cyber_Security_Channel

Cyber Security News

24 Aug 2023 02:33

Data Breach May Have Affected Almost 4,000 University of Utah Health Plan Members

U. Health Plans is working with TMG Health to prevent incidents in the future, and law enforcement is also investigating this incident, the statement said.

The organization is offering one year of complimentary personal identity and privacy protection monitoring to protect its members from adverse impacts due to the data breach.

@Cyber_Security_Channel

Cyber Security News

26 Aug 2023 21:47

Microsoft Defender for Cloud Gets More Multicloud

To help with that, Microsoft turned its Azure Security Benchmark into a cross-platform tool, renaming it the Microsoft cloud security benchmark.

The MCSB combines relevant recommendations from the Center for Internet Security, the National Institute of Standards and Technology and the Payment Card Industry Data Security Standard or PCI-DSS, Tamir explained.

@Cyber_Security_Channel

Cyber Security News

26 Aug 2023 17:45

Massachusetts Health Officials Warn of Data Breach Involving More Than 134K People

"This incident was part of a worldwide data security incident involving a file-transfer software program called MOVEit, which has impacted state and federal government agencies, financial services firms, pension funds, and many other types of companies and not-for-profit organizations," it said.

"No UMass Chan or state systems were compromised in this incident".

"Any individual who receives a notice is encouraged to take steps to protect their information, including monitoring their financial account statements and enrolling in free credit monitoring and identity theft protection offered to individuals who had certain sensitive information involved," it added.

@Cyber_Security_Channel

Cyber Security News

26 Aug 2023 13:01

Stellar Cyber and Oracle Cloud Infrastructure Partner to Offer Expanded Cybersecurity Capabilities

“Stellar Cyber is committed to providing the critical capabilities security teams need to deliver consistent security outcomes—all for a single license and price on a single platform,” said Jim O’Hara, Chief Revenue Officer at Stellar Cyber.

“This simple yet comprehensive model makes it easy for customers to measure how our Open XDR platform dramatically impacts their security ROI”.

The Stellar Cyber Open XDR platform delivers comprehensive, unified security without complexity, empowering lean security teams of any skill to secure their environments successfully.

Oracle PartnerNetwork (OPN) is Oracle’s partner program designed to enable partners to accelerate the transition to cloud and drive superior customer business outcomes.

The OPN program allows partners to engage with Oracle.

@Cyber_Security_Channel

Cyber Security News

26 Aug 2023 07:42

Lookout Launches GenAI Tool to Support Cybersecurity Teams

To support cybersecurity professionals, Lookout SAIL's functionalities focus on security education, platform navigation and security telemetry analysis.

This GenAI assistant serves as a valuable companion, offering insights and assistance to users, ultimately streamlining tasks such as administration, policy creation, incident response and threat hunting.

Lookout SAIL allows people to interact naturally with the Lookout platform instead of having to learn from a user manual or guide.

Through its integration into Lookout's existing user experience, Lookout SAIL also enhances workflow and accelerates user interactions, leading to increased productivity and effectiveness.

@Cyber_Security_Channel

Cyber Security News

26 Aug 2023 00:49

Debate Brews as NYPD Rolls Out Radio Encryptions

NYPD transmissions serve not only journalists but also popular scanner phone applications like Broadcastify and Citizen.

These apps provide real-time emergency updates to users. However, the NYPD has started to restrict public access, raising concerns about transparency.

Cotler points out that several precincts in Brooklyn North have gone silent without warning.

@Cyber_Security_Channel

Cyber Security News

25 Aug 2023 18:32

⚡️More than 100,000 Hackers Have Details Exposed Through Malware on Cyber Crime Forums

“Researchers found that a staggering 120,000 infected computers, many of which belong to hackers, had credentials associated with cyber crime forums.”

Researchers said that hackers compromised through their involvement in cyber crime forums had a “substantial amount” of data exposed, which could point to their real-world identities.

@Cyber_Security_Channel

Cyber Security News

25 Aug 2023 13:37

2,000 Citrix NetScaler Instances Backdoored via Recent Vulnerability

Now, NCC Group says it has observed an automated exploitation campaign in which more than 1,950 NetScaler instances were compromised, representing roughly 6.3% of the 31,000 vulnerable appliances identified at the beginning of the exploitation campaign.

The company identified close to 2,500 webshells on the compromised instances, and says that more than 1,800 of them remain infected.

Starting August 10, the Dutch Institute of Vulnerability Disclosure has been notifying the impacted organizations of NCC Group’s findings.

@Cyber_Security_Channel

Cyber Security News

25 Aug 2023 08:15

Trend Micro Highlights Dark Side of Generative AI Tools

Trend is leading the way globally in mitigating these threats through a prolific output of groundbreaking research and its own use of AI to supercharge both ASRM and XDR.

Trend has been working on AI-powered solutions with current and planned AI/ML and generative AI investments since 2005, including tooling designed to detect BEC attacks.

Its Writing Style DNA technology learns normal email writing style from previous messages and flags when emails deviate from this baseline.

Adversaries leverage ChatGPT to filter and fuse large datasets to victim selection, and deepfakes are deployed to deceive victims into believing a close relation has been kidnapped to extort a ransom.

@Cyber_Security_Channel

Cyber Security News

25 Aug 2023 03:24

Will AI Kill Cybersecurity Jobs?

Despite AI technologies being used in cybersecurity for the last decade, it can’t be said that the demand for cybersecurity professionals is decreasing.

We have been using AI to prioritize SIEM alerts, and yet SOCs are severely understaffed.

We have been using AI to detect malware, and yet we cannot fill all the job vacancies in incident response and reverse engineering.

We have been using AI to detect network anomalies, and yet we are craving more blue teamers. In fact, according to 2022 (ISC)² Cybersecurity Workforce Study, the cybersecurity workforce gap is growing year over year, despite deploying AI for cybersecurity-related tasks.

@Cyber_Security_Channel

Cyber Security News

24 Aug 2023 23:53

Wipro report: Cloud & AI Creating Cybersecurity Gaps

The report included responses from the security leadership of 345 organisations across US, Europe and Asia Pacific Middle East and Africa regions, who each responded to 30 questions around trends, governance, security practices, collaboration and best practices.

In the report, Wipro found that 32% of surveyed organisations are spending more than 10% of their IT budget for security, recognising that perhaps businesses are becoming more aware of the dangers of poor cybersecurity measures.

@Cyber_Security_Channel

Cyber Security News

24 Aug 2023 18:50

What's New in the NIST Cybersecurity Framework 2.0

"With this update, we are trying to reflect current usage of the Cybersecurity Framework, and to anticipate future usage as well," NIST's lead developer of the framework, Cherilyn Pascoe, said in the CSF 2.0 release on Aug. 8.

"The CSF was developed for critical infrastructure like the banking and energy industries, but it has proved useful every

@Cyber_Security_Channel

Cyber Security News

24 Aug 2023 14:03

Abnormal Security Recognized as a Leader in AI, Cloud, and Cybersecurity by Industry and Customers Alike

In addition to these awards, the customer value of the Abnormal platform has been peer-recognized, as Abnormal was named a 2023 Customers’ Choice for Email Security on Gartner Peer Insights.

Abnormal was one of only two vendors placed in the upper-right quadrant of the “Voice of the Customer” quadrants, earning the Customers’ Choice distinction as a result of “[meeting or exceeding] both the market average Overall Experience and the market average User Interest and Adoption.”

As of today, Abnormal has an average rating of 4.8 stars in Gartner Peer Insights and a 98% Would Recommend rating from customers.

@Cyber_Security_Channel

Cyber Security News

24 Aug 2023 10:59

Police Officers and Staff not Told About Data Breach for Almost a Month

The force said the laptop and radio were deactivated shortly after the theft and it was "confident no data has been lost from these devices and they are of no use to any third party".

@Cyber_Security_Channel

Cyber Security News

24 Aug 2023 04:58

Data breach impacting millions of Oregon Health Plan members

“We’re urging OHP members to activate credit monitoring as a precaution,” said Dave Baden, interim director at OHA.

“It’s disheartening that bad actors are looking to exploit people in our state and that their actions create a burden for others, who have more than enough to manage already.

However, there are important steps that OHP members can take to further protect their data.”

@Cyber_Security_Channel

Cyber Security News

24 Aug 2023 01:24

Cybernetics Pursue Exceptional Contributions to Privacy and Data Protection in Crypto Recovery

Cybernetics has invested significant resources into research and development to create cutting-edge technologies that bridge the gap between crypto recovery and privacy concerns.

The company's team of world-class experts in cryptography, cybersecurity, and data protection have collaborated to develop revolutionary techniques that enable seamless recovery of crypto assets while adhering to the highest standards of privacy in helping those impacted by crypto trading platform crimes.

@Cyber_Security_Channel