36% of Europeans Don’t Even Have an IoT Device
More than 9 out of 10 Europeans who have voice assistants use them, although only 25% use them frequently.
More than half of Europeans (55%) believe that such Internet-connected devices do NOT respect their privacy.
Nearly 70% of respondents are aware of the amount of data being shared via voice assistants even when they are not in use.
62% of respondents are very concerned that these devices collect information and audio on them.
@Cyber_Security_Channel
Oblivious: Unlocking Sensitive Data Without Compromising Privacy
Data is the building block of the modern digital economy.
However, one of the biggest challenges around data is walking the tightrope between using valuable information to gain business insights and respecting the privacy rights of individuals.
@Cyber_Security_Channel
Zero Trust Keeps Digital Attacks From Entering the Real World
Critical infrastructure is a prime target for bad actors, which is why the federal government is taking strides to better secure critical infrastructure through new policies, tactics, and dedicated committees.
An attack could cause widespread blackouts, make national transportation systems grind to a halt, and put lives at risk.
Such was the case during the Colonial Pipeline cyberattack two years ago.
Not to mention, attackers expect their victims to pay their ransom demands to restore encrypted systems.
@Cyber_Security_Channel
The Future of Cybersecurity: Embracing Cloud Workload Protection Strategies
The future of cybersecurity is intrinsically tied to the evolution of cloud computing.
As cloud technologies continue to advance, so too will the sophistication of cyber threats.
Cybercriminals are becoming more adept at exploiting vulnerabilities in cloud environments, necessitating the development of more robust and dynamic cloud workload protection strategies.
One of the key trends shaping the future of cloud workload protection is the increasing adoption of artificial intelligence (AI) and machine learning (ML) technologies.
These technologies are being leveraged to enhance threat detection and response capabilities.
AI and ML can analyze vast amounts of data in real-time, identifying patterns and anomalies that could indicate a potential security threat.
This allows for quicker detection and mitigation of threats, reducing the potential damage to businesses.
@Cyber_Security_Channel
The Dotted – And Blurry – Line Between Data Privacy And Antitrust
The conflicts between Google’s Privacy Sandbox proposals and regulator concerns about Chrome removing third-party cookies is another classic example of the interrelationship between privacy and antitrust.
Regardless of any purported consumer privacy benefits, the proposed changes to Chrome could incentivize advertisers to concentrate even more of their budgets with Google ad tech, at the expense of Google’s competitors.
@Cyber_Security_Channel
Data Breach Reported in Arizona's School Voucher Program
He also says the breach had nothing to do with the resignations this week of two top administrators overseeing the ESA program, including operations director Linda Rizzo and Christine Accurso, Horne's pick to oversee the school voucher program.
Arizona Treasurer Kimberly Yee says her office contracts financial service firms for state agencies, including the ESA program.
Her office reportedly learned of the breach earlier this month and notified the Arizona Department of Homeland Security right away.
According to Yee, the agency confirmed the breach did not originate with the vendor.
@Cyber_Security_Channel
Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks
Late last week, Ivanti published an advisory and CISA issued an alert to inform organizations about this second vulnerability and warn them of active exploitation. Organizations have been urged to immediately patch their devices.
EPMM, formerly known as MobileIron Core, is a mobile management software engine used by IT teams to set policies for mobile devices, applications, and content.
Ivanti noted that CVE-2023-35081 can be exploited in conjunction with CVE-2023-35078 to bypass admin authentication and access control list (ACL) restrictions.
@Cyber_Security_Channel
The Role of GANs in AI-Powered Cybersecurity Solutions
GANs are essentially two neural networks contesting with each other in a zero-sum game framework.
They consist of a generator network that creates new data instances, and a discriminator network that evaluates them for authenticity.
The role of Generative Adversarial Networks (GANs) in AI-powered cybersecurity solutions is rapidly gaining prominence in the world of technology.
@Cyber_Security_Channel
CISA’s Security-By-Design Initiative is at Risk: Here’s a Path Forward
CISA director Jen Easterly’s announcement of these efforts appears to put CISA at the forefront of this rebalancing, addressing technology vendors’ incentives to underinvest in security through changes in how those firms design and deploy the products they sell.
As the first substantive proposal from President Biden’s administration to effectuate this rebalancing since the launch of the strategy, the success or failure of the SbD initiative could be a bellwether for one of the strategy’s two fundamental ideas
@Cyber_Security_Channel
How IoT Can Fortify Fraud Detection
Artificial intelligence (AI) and machine learning programs are the greatest weapons in the fight against digital fraud.
Software can detect unlawful and high-risk online activities by monitoring user behaviors and calculating the probability of whether transactions are fraudulent.
IoT is a revolutionary technology that has a wide range of applications.
Connecting digital devices and programs can minimize the vulnerabilities hackers can take advantage of — dramatically lowering the fraud rate for financial institutions and boosting a company’s reputation in the eyes of consumers.
@Cyber_Security_Channel
Google Addressed 3 Actively Exploited Flaws in Android
A remote attacker who has taken over the renderer process can trigger the flaw escape the sandbox and execute arbitrary code on Android devices.
Google released two patch levels, the first one released on July 1 addressed 22 vulnerabilities in the Framework and System components.
The second patch level, released on July 5, fixed 20 vulnerabilities in the kernel and closed source components.
@Cyber_Security_Channel
How to Safely Architect AI in Your Cybersecurity Programs
Because of such worries about ChatGPT's compliance with the EU's General Data Protection Regulation (GDPR), which mandates strict guidelines for data collection and usage, Italy has imposed a nationwide ban on the use of ChatGPT.
Rapid advancements in AI and generative AI applications have opened up new opportunities for accelerating growth in business intelligence, products, and operations.
But cybersecurity program owners need to ensure data privacy while waiting for laws to be developed.
@Cyber_Security_Channel
Another Top Biglaw Firm's Ransomware Attack Shows The Importance Of Cybersecurity
Cyber attacks are a real threat to firm security, and even large firms like Quinn Emanuel need to be wary of them.
The firm told Reuters it retained cyber and forensic experts to understand the scope of the attack and has worked with law enforcement authorities "to prevent further breaches and to recover the electronic discovery material.
Bryan Cave Leighton Paisner also recently experienced a data breach.
Food giant Mondelez International, a client of the law firm, in June disclosed that there was unauthorized access to BCLP's systems between Feb. 23 and March 1, 2023.
@Cyber_Security_Channel
PokerStars Owner Flutter Confirms Data Breach
So far, 520 organizations have been confirmed to be impacted by Cl0p’s MOVEit Transfer attacks, with over 36 million people having their data exposed.
Cl0p is a Russia-linked ransom group claiming responsibility for exploiting a SQL database injection flaw in the MOVEit Transfer file system, impacting thousands of companies worldwide.
Named victims include American Airlines, TJX off-price department stores, TomTom, Pioneer Electronics, Autozone, and Johns Hopkins University and Health System.
@Cyber_Security_Channel
Spyware Gamed 1.5M Users of Google Play Store
"Often, users install applications they end up not even using," the security alert said.
"For most malware, that means the attack is unsuccessful. To overcome that obstacle, File Manager and File Recovery and Data Recovery can, through the advanced permissions they use, induce the restart of the device.
This then permits the apps to launch and execute themselves automatically at restart".
Pradeo researcher Roxane Suau explained to Dark Reading that in addition to file manager applications, junk cleaner apps are also often spoofed for malicious purposes because of the elevated permissions required for them to perform their tasks.
@Cyber_Security_Channel
Suncor Reports Data Breach Affected Petro-Points Members’ Basic Contact Data
“We are notifying Petro-Points members and the appropriate privacy regulators. If we discover additional information was obtained, we will notify affected parties as appropriate,” Suncor said.
Suncor’s operations cover oil sands development, production, offshore oil and gas, petroleum refining in Canada and the U.S.
The company noted that the cyber security incident has not impacted the safety and reliability of its field operations.
@Cyber_Security_Channel
What Happens to Your Personal Info After a Data Breach?
Cybercriminals get their hands on a host of your data through hacks, leaks, physical theft, human error, phishing attacks, ransomware, and other means.
That includes Social Security numbers, bank account and credit card details, health records, passwords, device info and lots more.
Companies and institutions are legally required to disclose data breaches, so if you’ve been involved, you’ll get some kind of communication informing you what was accessed (if that info is available at the time).
@Cyber_Security_Channel
Free VPN Data Breach Exposes 360M User Records
SuperVPN has a troubling track record of security vulnerabilities and data leaks.
In previous instances, the app was found to have vulnerabilities that could enable man-in-the-middle (MITM) attacks and expose users’ credit card details.
Moreover, SuperVPN has been flagged as a malware-rigged app in the past, leading to warnings for users to delete the app.
@Cyber_Security_Channel
ChatGPT to ThreatGPT: Generative AI Impact in Cybersecurity and Privacy
Generative AI, the latest frontier of technology, employs deep neural networks to learn patterns and structures from extensive training data, which enables the creation of similar new content.
OpenAI’s ethical policy prevents LLMs like ChatGPT from aiding the threat actors with malicious information. However, the threat actors can bypass these restrictions using various malicious techniques, such as:
- Jailbreaking
- Reverse psychology
- Prompt Injection Attacks
- ChatGPT-4 Model escaping
@Cyber_Security_Channel
Critical Vulnerability Can Allow Takeover of Mastodon Servers
Of the remaining three bugs addressed in Mastodon last week, two are high-severity vulnerabilities leading to denial-of-service (DoS) and information leaks, while the third is a medium-severity flaw allowing attackers to create visually misleading links for phishing.
All five vulnerabilities were resolved with the release of Mastodon versions 4.1.3, 4.0.5, and 3.5.9. All administrators are advised to update their Mastodon instances as soon as possible.
@Cyber_Security_Channel
CISA Warns About SUBMARINE Backdoor Employed in Barracuda ESG Attacks
In Mid-June, Mandiant researchers linked the threat actor UNC4841 behind the attacks that exploited the recently patched Barracuda ESG zero-day vulnerability to China.
“Through the investigation, Mandiant identified a suspected China-nexus actor, currently tracked as UNC4841, targeting a subset of Barracuda ESG appliances to utilize as a vector for espionage, spanning a multitude of regions and sectors.” reads the report published by Mandiant.
“Mandiant assesses with high confidence that UNC4841 is an espionage actor behind this wide-ranging campaign in support of the People’s Republic of China.
@Cyber_Security_Channel
Provider for Meta’s File-Storage Needs Suggests Path Forward for Web3 Data Management
The scale of this trade raises significant concerns about privacy violations and the erosion of personal agency.
This is evidenced by regulators in the European Union defining rules around the right of access known as the General Data Protection Regulation (GDPR), which makes it a right for each person to own their data and use it as an asset.
@Cyber_Security_Channel
Barbie's Data Privacy Scandal
Hello Barbie doll could remember up to three different WiFi locations and did not require a smart device after WiFi configuration.
Once the set up had been completed when a child held down the doll’s belt buckle and spoke to Barbie, the audio was sent to ToyTalk’s servers to perform speech recognition using artificial intelligence.
In one case a ‘hacker’ opened the doll, de-soldered the chip from the circuit board, and placed the chip into a reader so they can look at the memory.
In the second, they accessed the interface on the doll that the mobile app uses to configure it.
@Cyber_Security_Channel
US Finalizes EU-US Data Privacy Framework Requirements, Awaits EU Adequacy Decision
The designations take effect upon finalization of the European Commission's adequacy decision with the U.S.
Meanwhile, the ODNI released the policies and procedures the U.S. intelligence community will follow as part of the executive order.
@Cyber_Security_Channel
Embracing ChatGPT? Pay Attention To These Cybersecurity Concerns
ChatGPT poses such a massive risk to privacy and data security is its vulnerability to data breaches, particularly because it is built on open-source code.
As a result, anyone with the proper technology and equipment can inspect, modify and enhance the code.
Although ChatGPT and other chatbots are valuable tools, as is the case with any other technological advancement, users must beware of the data they put into this program.
@Cyber_Security_Channel
What Role Does AI Play In Enhancing Aviation Cybersecurity?
AI-driven systems can analyze vast amounts of data to identify potential security breaches and anomalies, while automation streamlines air traffic management, reducing the risk of human error.
As the industry continues to embrace emerging technologies, the implementation of a robust zero-trust approach becomes indispensable to safeguarding our skies against cyberattacks and ensuring the safety of air travel for all passengers.
@Cyber_Security_Channel
Ensuring Transparency and Control for Personal Data
DataGrail is addressing these concerns and providing a platform that empowers organizations to address privacy risk concerns and deliver the brand trust and transparency that customers demand.
DataGrail will need to adapt and innovate as the emergence of new data protection regulations, increased sophistication of cyber threats, and evolving customer expectations change the data privacy landscape.
@Cyber_Security_Channel
OpenAI, Microsoft, Google, Anthropic Launch Frontier Model Forum to Promote Safe AI
Additionally, the forum says it will “establish trusted, secure mechanisms for sharing information among companies, governments, and relevant stakeholders regarding AI safety and risks”.
The forum will follow best practices in responsible disclosure in areas such as cybersecurity.
@Cyber_Security_Channel
Meta's Rush to Topple Twitter Sets Up Looming Privacy Debate
Meta has a history of conflict with regulators, owing to its liberal approach to consumer privacy. The EU has already fined the media giant to the tune of nine figures or more on multiple occasions.
Judging by its entry in the Apple app store, it's no wonder that Threads is being shielded from EU scrutiny.
Browsing history, geolocations, health and financial information, and much more are all up for grabs.
There's even a dedicated category for "sensitive information" which, according to Apple's documentation, includes "racial or ethnic data, sexual orientation, pregnancy or childbirth information, disability, religious or philosophical beliefs, trade union membership, political opinion, genetic information, or biometric data".
@Cyber_Security_Channel
CISA and FBI warn of Truebot infecting US and Canada based organizations
Several hours after the initial infection, Truebot has been observed injecting Cobalt Strike beacons into memory.
The beacons remain in a dormant mode for the first few hours prior to initiating additional operations.
“Based on confirmation from open-source reporting and analytical findings of Truebot variants, the authoring organizations assess cyber threat actors are leveraging both phishing campaigns with malicious redirect hyperlinks and CVE-2022-31199 to deliver new Truebot malware variants.” concludes the joint report published by CISA, the FBI and MS-ISAC and the Canadian Centre for Cyber Security".
@Cyber_Security_Channel