Contrast Responsible AI Policy Project | Keeping your business safe in the AI era | Contrast Security
AI is no longer just a concept. It is embedded in our everyday lives, powering a vast array of systems and services, from personal assistants to financial analytics.
The Contrast Responsible AI Policy Project is a testament to our belief in transparency, cooperation and shared growth. As AI continues to evolve, we need to ensure that its potential is harnessed in a responsible and ethical manner.
@Cyber_Security_Channel
What is Data Anonymization? Importance, Tools and Use Cases
The surge in the adoption of advanced technologies such as artificial intelligence, large language models, and growing adoption of cloud-based services, especially by different scale enterprises and mitigating the risk of data breaching, can be considered as attributable factors to the growth of the data masking market.
Data anonymization is critical in many industries where sensitive information is collected and analyzed to gain business insights and comply with regulations
@Cyber_Security_Channel
Abyss Locker Ransomware Looks to Drown VMware's ESXi Servers
Several ransomware collectives, including new kid on the block Akira, Black Basta, Cl0p, HelloKitty, IceFire, Hive, LockBit, MichaelKors, Royal, REvil, and others have all made the move to Linux and locking up ESXi machines.
Stoking the trend is the release of the VMware-focused Babuk source code, which as of mid-May had spawned at least 10 EXSi-ready ransomware variants, according to a SentinelOne report at the time.
Ransomware hunter Michael Gillespie told BleepingComputer that Abyss Locker's Linux encryptor appears to be based on the older HelloKitty ransomware, which was behind a string of high-profile attacks such as the Cyberpunk 2077 gaming attack two+ years ago.
@Cyber_Security_Channel
A New Era of Transatlantic Data Privacy: Implications for Emerging Markets Within Europe
The adoption of the adequacy decision for the EU-US Data Privacy Framework by the European Commission signals that the US data protection standards meet the rigorous requirements of the EU General Data Protection Regulation (GDPR).
This allows for a seamless flow of data between the EU and the US, providing a high level of protection for European citizens’ data being transferred across the Atlantic.
@Cyber_Security_Channel
SEC Demands Four-Day Disclosure Limit for Cybersecurity !reaches
Simply put, if you’re running a company that offers shares to the public, you need to comply with the rules and regulations of the SEC, which are supposed to give your investors some sort of protection against unsubstantiated claims that disingenuously talk up a proposal, or that sneakily misrepresent the level of risk involved.
@Cyber_Security_Channel
Best Practices for Enterprise Private 5G Security
It's clear there is a shared responsibility in 5G networks, and this isn't going to be the same for every organization. 5G networks are likely to be deployed in different ways, as depicted in the figure below.
No matter the deployment model, the enterprise will likely be working with service providers and system integrators at some point throughout their journey, whether that be planning, deployment, or operation.
@Cyber_Security_Channel
'ScarletEel' Hackers Worm Into AWS Cloud
ScarletEel also continues to refine its tactics, according to the latest analysis from the firm — evading cloud security detection mechanisms and reaching into the little-touched AWS Fargate compute engine.
And it has expanded its arsenal by adding DDoS-as-a-service to its list of exploitation techniques.
"So, compared to their prior activity, we see that they're more aware of the victim environment, and they enhanced their abilities in terms of where to go, how to exploit it, and how to evade the defensive security measures that the customers have already begun to implement," says Alessandro Brucato, threat research engineer for Sysdig.
@Cyber_Security_Channel
Choice Hotels: Radisson Guest Info Breached in MOVEit Attacks
“Choice Hotels takes cybersecurity and privacy very seriously. The integrity of our customers’ information is of the utmost importance, and significant resources are dedicated to continuously monitor the cyber landscape, including guidance from regulators, so that we can evaluate and adjust as needed,” it said.
@Cyber_Security_Channel
Former Security Engineer Arrested for $9 Million Crypto Exchange Hack
After stealing the funds, Ahmed, who at the time was a senior security engineer at an international technology company, specialized in smart contracts and blockchain audits, contacted the crypto exchange and returned most of the funds, except for roughly $1.5 million he kept as a bounty.
While the indictment does not name the impacted crypto exchange, the description of the attack suggests that Ahmed defrauded Crema Finance, which announced on July 4, 2022, that hackers had used this mechanism to steal roughly $8.8 million worth of assets.
@Cyber_Security_Channel
Ten years on, Snowden Has Had Tremendous Impact – Good and Bad – on Corporate Security
Snowden’s leaks also made us more aware of the lack of data privacy, and it took many years before states began to formulate better laws to protect our privacy.
Some circumstances, such as fighting malware attacks, haven’t changed much, although they have gotten more sophisticated.
We have gotten better tools to defend ourselves and our privacy, and the pace of development was hastened by what Snowden did and how he did it.
@Cyber_Security_Channel
Guardz Identifies New 'ShadowVault' macOS Stealer Malware
Guardz's research team first identified the 'ShadowVault' info-stealer in the underground XSS forum in June 2023.
The malicious software is designed to secretly collect sensitive information from compromised systems – like login credentials, financial information, personal identification details, cryptocurrency wallet seed phrases, and more, with the potential to wreak havoc on systems and disrupt operations.
The Guardz team of experts has long maintained anonymous avatars on the dark web to fuel its research in protecting SMEs from rising cyber threats such as this. In doing so, Guardz was able to obtain access to the exclusive forum and identify the new macOS stealer, originally available for rent at $500/month.
@Cyber_Security_Channel
Amazon Prime Day Draws Out Cyber Scammers
Currently Trend Micro is tracking an Amazon Prime Day-themed SMS-text phishing lure asking shoppers to click a malicious link to fix an issue with their account, claim a gift card, or receive free shipping and other deals, prompting targets to share details like emails, phone numbers of other personal information, the company said.
@Cyber_Security_Channel
Personal Information of 11 Million Patients Stolen in Data Breach at HCA Healthcare
“The investigation is ongoing and we cannot confirm the number of individuals whose information was impacted".
HCA Healthcare believes that the list contains approximately 27 million rows of data that may include information for approximately 11 million HCA Healthcare patients” - the company says.
The information was extracted from “an external storage location exclusively used to automate the formatting of email messages”.
@Cyber_Security_Channel
Razer Data Breach: Alleged Database and Backend Access Sold for $100k
In exchange for the stolen data, ‘Nationalist’ requested a payment of US$100,000 in Monero (XMR) cryptocurrency, but also indicated a willingness to negotiate offers below the asking price.
Monero, unlike Bitcoin, Ethereum or other cryptocurrencies, prioritizes privacy and anonymity, making it challenging to track the movement of funds and identify those involved.
“I have stolen the source code, encryption keys, database, backend access logins etc for razer.com & its products. I do not waste my time with non-serious buyers.
I will be selling this one time. I am looking for $100K in XMR for the entire set of data, including access. MM only. I am looking for offers, not just $100k, can be less,” said the threat actor.
@Cyber_Security_Channel
Suncor Reports Data Breach Affected Petro-Points Members’ Basic Contact Data
“We are notifying Petro-Points members and the appropriate privacy regulators. If we discover additional information was obtained, we will notify affected parties as appropriate,” Suncor said.
Suncor’s operations cover oil sands development, production, offshore oil and gas, petroleum refining in Canada and the U.S.
The company noted that the cyber security incident has not impacted the safety and reliability of its field operations.
@Cyber_Security_Channel
Data Breach Exposes Personal Information of 612K Medicare Recipients
Specific information that may have been compromised includes names, phone numbers, email addresses, Social Security numbers, healthcare provider and prescription information as well as health insurance claims, CMS said.
No CMS or Department of Health and Human Services systems were impacted, the agency added.
CMS and Maximus are sending letters to Medicare beneficiaries who may be impacted by the incident and both are offering free credit monitoring services for two years.
@Cyber_Security_Channel
Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack
Collide+Power is a generic software-based attack that works against devices powered by Intel, AMD or Arm processors and it’s applicable to any application and any type of data.
The chipmakers are publishing their own advisories for the attack and the CVE-2023-20583 has been assigned.
However, the researchers pointed out that Collide+Power is not an actual processor vulnerability — it abuses the fact that some CPU components are designed to share data from different security domains.
@Cyber_Security_Channel
DARPA Program Aims to Strengthen Cybersecurity Via Automation
DARPA says that the INGOTS program will last three years and have two phases: Phase 1 will focus on exploring, designing, developing, and demonstrating tools and techniques;
While Phase 2 will focus on maturing and refining these tools and techniques and expanding their coverage across vulnerability and exploitation classes.
@Cyber_Security_Channel
Cyberattacks Are a War We'll Never Win, but We Can Defend Ourselves
Data has never been more valuable or more vulnerable than it is today.
Ransomware has evolved from taking data hostage to new and malicious ways of monetizing and exploiting businesses and personal data.
But whatever the motivation of an attacker — hackers showing their prowess, hostile governments attacking perceived enemies, criminal greed — the key to being a guardian of one's data is recognizing that security must be built into a data system, not bolted on.
@Cyber_Security_Channel
Clop Crime Group Adds 62 Ernst & Young Clients to Leak Sites
Most of the recently named victims are from Canada and include Air Canada, Altus, Amdocs, Constellation Software, EY-Continental Transition, Laurentian Bank of Canada, LendLease, Sierra Wireless, SSC Fraud Risk Assessment, St. Mary's General Hospital Surgical Services Review, Staples Canada, Sun Life Assurance of Canada, United Parcel Service Canada Ltd. and more.
@Cyber_Security_Channel
Summer Documentary Watch Party: 8 Sizzling Cybersecurity Tales
The first on the Dark Reading list is so fresh that it hasn't even been released yet.
You'll be able to rent it starting Aug. 15, so it'll be perfect for when you're unpacking or otherwise recovering back home.
@Cyber_Security_Channel
Case from Mid- July: Apple fixes critical zero-day hole in iPhones, iPads and Macs
That’s because Apple doesn’t want users to be able to downgrade on purpose to reintroduce old bugs that they now know can be used for jailbreaking devices or installing an alternative operating system, even on devices that Apple itself it no longer supports.
Even if you completely wipe and reinstall your iDevice from scratch via a USB cable, using the built-in DFU (direct firmware update) utility, Apple’s servers know what version you were using before the reinstall, and won’t let you activate an old firmware image onto a device that’s already been upgraded past that point.
@Cyber_Security_Channel
How to Enable or Disable Bitlocker Encryption in Windows
Just as when you encrypted the drive, this process will take a while to complete, but you can keep using your computer as normal with the possibility of slightly worse performance.
Most modern computers should have no noticeable performance differences with BitLocker switched on, so there’s little downside to using the feature unless you lose your recovery key, but then your most important data should always be backed up in more than one location, such as cloud storage.
@Cyber_Security_Channel
Case Study: Spain. New Regulation on Commercial Calls
It establishes a set of prohibitions and a series of conditions to be able to make such commercial phone calls in compliance with the General Data Protection Regulation (GDPR).
The rules are more oriented towards B2C (“business to consumers”) commercial campaigns, the circular also regulates the processing of personal data of professionals involved in B2B (“business to business”) commercial phone calls.
@Cyber_Security_Channel
Analysts: Cybersecurity Funding Set for Rebound
"While the theme of conservatism and expectations for continued headwinds have remained throughout the first half of the year, we do expect to see strategic activity slowly begin to rebound in the second half of 2023 and into 2024," says Eric McAlpine, founder and managing partner of analyst firm Momentum Cyber.
Financing and M&A activity will both eventually pick up as companies that were able to make do financially so far begin to feel the need for fresh capital to fuel their business, he says.
@Cyber_Security_Channel
Data Breach of Android Tracking App “LetMeSpy” Exposes Contact Information, Messages
The tracking app has been available for about 10 years now, and the company boasts of monitoring over 230,000 devices and logging over 100 million calls and text messages during that time.
Security researchers that have pored through the dumped database believe that the data breach contains information from at least 13,000 devices that the app has been installed on, along with contact information for about 26,000 of its customers and location data points for about 13,400 people.
@Cyber_Security_Channel
Serious Security: Rowhammer Returns to Gaslight Your Computer
The giveaway to his criminality is that, in his nightly visits, he not only makes noises that can be heard downstairs, but also needs to turn on the gas lights to see what he’s doing.
Because the entire building is connected to the same gas supply (the play is set in 1880s London, before household electricity replaced gas for lighting), opening and igniting a gas burner in any room causes a temporary pressure drop in the whole system, so that the murderer’s wife notices a brief but telltale dimming of her own lights every time he’s upstairs.
@Cyber_Security_Channel
Demystifying Cyber Threats: A Deep Dive Into Lesser-Known Dangers
Trojans, ransomware, phishing, spear phishing, whaling, and social engineering have become household terms. However, there are many more cyber threats – equally potent, if not more – that often go unnoticed.
Form jacking Attacks,IoT Attacks,Deepfake Technology,Side-Channel Attacks,Cloud Jacking,AI-Powered Cyberattacks are some of these threats .
@Cyber_Security_Channel
36% of Europeans Don’t Even Have an IoT Device
More than 9 out of 10 Europeans who have voice assistants use them, although only 25% use them frequently.
More than half of Europeans (55%) believe that such Internet-connected devices do NOT respect their privacy.
Nearly 70% of respondents are aware of the amount of data being shared via voice assistants even when they are not in use.
62% of respondents are very concerned that these devices collect information and audio on them.
@Cyber_Security_Channel
Oblivious: Unlocking Sensitive Data Without Compromising Privacy
Data is the building block of the modern digital economy.
However, one of the biggest challenges around data is walking the tightrope between using valuable information to gain business insights and respecting the privacy rights of individuals.
@Cyber_Security_Channel