Cyber Security News

16 Aug 2023 06:47

Why Some Experts Are Concerned About Threads’ Data Collection

Data privacy experts say that, though this level of data collection is not unique to Threads, users do risk handing over even more personal information to a company that already knows a lot about account holders.

And as Meta looks towards turning Threads into a decentralized service, which would allow users to view Threads content across other apps and theoretically give them more control over their data, experts warn that the move could expand the company’s reach across the internet.

@Cyber_Security_Channel

Cyber Security News

16 Aug 2023 01:39

CISA Calls Urgent Attention to UEFI Attack Surfaces

The government agency used the example of the BlackLotus bootkit to call attention to major gaps in the way layers below the operating system are protected.

“Based on recent incident responses to UEFI malware such as BlackLotus, the cybersecurity community and UEFI developers appear to still be in learning mode,” CISA said, noting that BlackLotus exploits a failure in secure update distribution – an issue at the intersection of Secure by Design and PSIRT maturity.

@Cyber_Security_Channel

Cyber Security News

15 Aug 2023 20:30

Utilities Face Security Challenges as They Embrace Data in New Ways

The risk is real, and there is a lot at stake, especially when it comes to critical infrastructure.

One successful breach could cut power or water supply to thousands of residents.

The age of operational technology (OT) — much of which is more than 25 years old — is a concern for utilities.

Aging technology is harder to update, making it easier for hackers to exploit.

Also, many devices that collect real-time data are third-party technologies, such as smart thermostats, and are outside the direct control of utilities.

The combination of a larger attack surface and less control equals greater risk.

@Cyber_Security_Channel

Cyber Security News

15 Aug 2023 16:33

Firefox 116 Patches High-Severity Vulnerabilities

“In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis.

This resulted in incorrect compilation and a potentially exploitable crash in the content process,” Mozilla notes.

The browser update also resolves CVE-2023-4047, a permission request bypass via clickjacking.

A page could trick users into clicking on a carefully placed item but instead register the input as a click on a security dialog that was not displayed to the user.

@Cyber_Security_Channel

Cyber Security News

15 Aug 2023 11:21

European Commission Seeks Input on DMA User Profiling Complaint Template

Practice shows that gatekeepers collect and accumulate large amounts of data from end users, which makes it difficult for potential entrants and start-ups to compete with them.

Transparency should help avoiding that deep consumer profiling will become the de facto industry standard and allow competitors to differentiate themselves through the use of superior privacy guarantees.

The objective of the consultation is to gather comments on the draft template relating to the description of profiling techniques of consumers and audit of such descriptions to be submitted by gatekeepers under Article 15 of the DMA (Digital Markets Act).

@Cyber_Security_Channel

Cyber Security News

15 Aug 2023 06:48

Data Driven Compliance: eCom Surveillance and Cybersecurity Data Management

Data Driven Compliance is back with another exciting episode The intersection of law, compliance, and data is becoming increasingly important in the world of cross-border transactions and mergers.

@Cyber_Security_Channel

Cyber Security News

15 Aug 2023 00:55

Is Worldcoin a Dystopian Attempt to Steal Identities?

Worldcoin, co-founded by OpenAI's Sam Altman, aims to create a global digital identification system, using iris-scanning technology.

However, the trade-off of personal biometric data for its cryptocurrency, WLD, raises critical questions about data privacy, valuation, and potential exploitation.

The technology used by Worldcoin derives from cryptographic and blockchain tools that have become mainstays in the cryptocurrency arena. An integral part of the system is its cryptocurrency, WLD, and its associated payment platform.

@Cyber_Security_Channel

Cyber Security News

14 Aug 2023 20:03

New WikiLoader Malware Targets Italian Organizations

WikiLoader is “a sophisticated downloader” whose primary goal is to install another malicious payload on victims’ devices, including malware called Ursnif, according to researchers at Proofpoint.

The malware is called WikiLoader because when it is active on a system, it sends a request to Wikipedia to check if the content of the response includes the string "The Free."

The activity is likely a signal or identifier used by the malware to quietly verify its connection to the public internet.

@Cyber_Security_Channel

Cyber Security News

13 Aug 2023 22:50

⚡️This Resource is Claiming to Make You an Expert in Web Development and Programming

Do you want to get into web development and become better at it?

Then “The Frontend Bundle + Programming Notes and Flashcards” is for you!

This bundle provides you with:

— 210+ pages
— 1175+ flashcards
— 5 languages & frameworks

Become a Master at Frontend starting from today!

You will definitely profit from having a well-organised system where you can learn and look up everything you need.

It’s time to unlock your growth:

Do it here → https://gumroad.com/a/94518995/hpyma

Cyber Security News

13 Aug 2023 13:53

Universal Identity: Connecting and Automating Cybersecurity Responses for States

The Universal Identity presents a centralized identity store that seamlessly links individual LEAs (Local Education Agencies) to the state, facilitating secure data sharing and portability across a connective identity fabric.

This solution allows institutions to avoid redundant data entry and discrepancies and embrace efficient decision-making between centralized and local organizational units, while significantly reducing administrative burden.

@Cyber_Security_Channel

Cyber Security News

13 Aug 2023 08:57

Using Snapshots to Improve Data Security

As well as augmenting traditional backups, snapshots can also be used as an additional safeguard against ransomware, according to Jerry Rozeman, an analyst at Gartner.

This should not be interpreted as saying that snapshots take the place of other security measures that are designed to reduce the chances of a ransomware infection.

Firewalls, intrusion detection, ransomware protection systems and other cybersecurity tools remain vital.

But regular snapshots of databases and storage can provide another, and perhaps a last, line of defense in case other cybersecurity protections are breached.

@Cyber_Security_Channel

Cyber Security News

13 Aug 2023 02:35

What Is the Difference Between Encryption, Compression, and Archiving?

Encryption transforms data into an unreadable format using mathematical algorithms that convert data into a cipher-like form. Encryption is a reversible process.

Compression is a process of minimizing data size for efficient storage and faster transmission. Compression maximizes resources by reducing the size of files, often by eliminating redundant or unnecessary information.

Archiving consolidates multiple files or directories into a single file, an archive. This approach allows for the efficient storage and management of related files while preserving their original structure and content.

@Cyber_Security_Channel

Cyber Security News

12 Aug 2023 18:53

How to Build Consumer Trust in Your Data Privacy

This provides companies with both risk and opportunity.

The risk is that, if you do nothing to bolster your data privacy reputation, your customers will abandon you for more secure competitors. But there’s an opportunity, too.

If you clearly demonstrate your commitment to data privacy, you can strengthen your relationship with existing customers as well as gain new ones.

Plus, as swathes of new data privacy regulations come into play in 2023, there’s no harm in staying ahead of the lawmaking curve.

@Cyber_Security_Channel

Cyber Security News

12 Aug 2023 11:49

How to Check If Someone Else Accessed Your Google Account

The system will show you information about the last 10 times your Gmail account has been accessed, along with the access type (browser, POP, mobile), location (IP address), and the date and time of access.

This can help you identify if any of this access is from an unexpected device, place or time.

Note: If you use a virtual private network (VPN) or a hosted desktop, the location data may reflect information related to your service provider, instead of your physical address.

@Cyber_Security_Channel

Cyber Security News

12 Aug 2023 02:46

Ransomware, From a Different Perspective

There may be confidence that ransom demands can be spurned, organizations secure in the knowledge there is a good set of data accessible from a backup location, but who has the last laugh if the attacker has managed to infiltrate this data as well? For this very reason, a part of a ransomware attack can be focused on seeking out and disabling backup data to remove an organization’s ability to combat the attack.

Backup data, therefore, needs equivalent focus and protection to that of operational data. It is very dangerous to assume anything else and failure to extend cybersecurity strategy in this way exposes a vital defense.

@Cyber_Security_Channel

Cyber Security News

16 Aug 2023 03:57

Cyber-Insurance Underwriting Is Still Stuck in the Dark Ages

Offering expensive policies that exclude common risks such as ransomware or nation-state attacks is simply not a sustainable approach.

This has helped insurers become more profitable for now, but these are only short-term fixes to the real problem at hand.

Namely, that the underwriting process for cyber-insurance policies is still not that sophisticated.

Most underwriters are poorly equipped to effectively measure the cyber-risk exposure of new or renewing customers.

@Cyber_Security_Channel

Cyber Security News

15 Aug 2023 22:36

Data Breach Costs: Businesses Lose 73% of Their Income in the Year Following an Incident

In one example, a company’s stock price dipped nearly 21% the day after a breach was disclosed.

In this same incident, net income dropped 27% year-over-year in the quarter that the breach occurred.

These income-related losses are compounded by the fact that companies also encounter a domino effect of costs in the wake of a breach, ExtraHop said.

@Cyber_Security_Channel

Cyber Security News

15 Aug 2023 18:58

Unified XDR and SIEM Alleviate Security Alert Fatigue

This means that every moment counts when it comes to defending against cybercrime.

However, security teams cannot reasonably be expected to respond to the overwhelming number of alerts they receive on a daily basis.

That's where XDR and SIEM can help.

Unified XDR and SIEM counters alert fatigue by reducing the billions of individual XDR signal data into fewer alerts and incidents.

This works in two key ways. First, XDR enables security teams to collect security alerts across the entire enterprise — pulling from endpoints, networks, and applications, as well as cloud workloads and the organization’s identity infrastructure.

XDR can then connect these disparate alerts and analyze the data to help security teams prioritize which alert to address first based on its potential risk to the enterprise.

This also enables teams to more easily visualize how attackers can move throughout their networks.

@Cyber_Security_Channel

Cyber Security News

15 Aug 2023 14:46

What Implementing Biometrics for Authentication Looks Like

An enterprise using biometrics as a routine authentication approach could ultimately hurt the enterprise's security, along with the security of all employees, contractors, and partners who need access to enterprise systems, Booth adds.

"As somebody whose fingerprints are on file in a CCP database somewhere thanks to the OPM hack in 2015, I've accepted that I've lost control of my biometrics," he says.

"But that doesn't mean I want to use them everywhere and risk losing further control for low-reward use cases. They should be reserved for meaningful scenarios."

@Cyber_Security_Channel

Cyber Security News

15 Aug 2023 09:33

KLAS: AI, Market Consolidation Impact Patient Privacy Monitoring Vendor Trends

Patient privacy monitoring tools help healthcare organizations prevent and detect unauthorized access to sensitive patient data.

KLAS researchers examined responses from healthcare professionals about the solutions their organizations use and how they measure up to six customer experience pillars:

- Culture
- Operations
- Loyalty
- Product
- Relationship
- Value.

@Cyber_Security_Channel

Cyber Security News

15 Aug 2023 03:01

Thailand Releases Draft Notification on Data Protection Officer Appointment

The term “core activity” denotes an essential and integral activity directly related to the primary operations of the data controller or data processor and does not include any supplementary business activities.

DPOs (data protection officer) may undertake other duties or tasks, provided that the data controller or data processor certifies with the Office of the PDPC (Personal Data Protection Committee) that these duties do not conflict with or violate the legal obligations outlined in the PDPA (Personal Data Protection Act), which is similar to the current requirement under Section 42 of the PDPA.

@Cyber_Security_Channel

Cyber Security News

14 Aug 2023 22:46

Air-Gapped ICS Systems Targeted by Sophisticated Malware

"The malware, designed explicitly to exfiltrate data from air-gapped systems by infecting removable drives, consist of at least three modules, each responsible for different tasks, such as profiling and handling removable drives, capturing screenshots, and planting second-step malware on newly connected drives," the report says.

@Cyber_Security_Channel

Cyber Security News

14 Aug 2023 18:18

Millions Stolen From Crypto Platforms Through Exploited ‘Vyper’ Vulnerability

Vyper — one of the most popular Web3 programming languages — is used to create blockchain smart contracts, but its developers warned that versions 0.2.15, 0.2.16 and 0.3.0 are vulnerable to an issue in which hackers manipulate smart contracts in order to drain account funds.

North Korea’s Lazarus hacking group has been one of the primary drivers of attacks on cryptocurrency platforms, using billions in stolen crypto to allegedly fund its nuclear weapons program.

@Cyber_Security_Channel

Cyber Security News

13 Aug 2023 21:27

Lawsuit: ByteDance’s CapCut App Secretly Reaps Massive Amounts of User Data

CapCut and sister company TikTok are owned by the Chinese company ByteDance Ltd., which has long been under scrutiny by American officials concerned with how it collects and leverages American users’ personal data, allegedly including biometric data.

CapCut collects not only users’ photos and videos, but also location, gender, and birthday, the lawsuit alleges.

ByteDance developers are accused of building in the ability to suck up technical details about a user’s device and its network information, including its MAC address, IMEI identification information, MEID (Mobile Equipment Identifier), ICCID (Integrated Circuit Card Identifier), and SIM serial number.

@Cyber_Security_Channel

Cyber Security News

13 Aug 2023 11:35

Possible Chinese Malware in US Systems a 'Ticking Time Bomb': Report

The report comes two months after Microsoft warned that state-sponsored Chinese hackers had infiltrated critical US infrastructure networks.

Microsoft singled out Guam, a US Pacific territory with a vital military outpost, as one target but said malicious activity had also been detected elsewhere in the United States.

It said the stealthy attack, carried out since mid-2021, was likely aimed at hampering the United States in the event of a regional conflict.

Authorities in Australia, Canada, New Zealand and Britain warned at the same time that Chinese hacking was likely taking place globally, affecting an extensive range of infrastructure.

@Cyber_Security_Channel

Cyber Security News

13 Aug 2023 05:44

95% of Patients Fear They Will Face Data Breach

Patients trust the government facilitating health data exchange over big tech companies.

Sixty-five percent of patients reported a distrust in big companies, such as Amazon, Apple, Google, Facebook and Microsoft, having access to their health data.

Only 14 percent of patients who trust these companies reported having "full trust," while the other 21 percent described their attitude as having only "slight trust."

Meanwhile, 60 percent of patients would be less concerned if the government facilitated their health data exchange

@Cyber_Security_Channel

Cyber Security News

12 Aug 2023 21:27

How to Avoid Mobile Data Leakage and Data Breach

One of the leading causes of mobile data leakage is the use of insecure mobile applications.

Some developers may not prioritize security measures, leading to vulnerabilities that attackers can exploit.

These vulnerabilities may allow unauthorized access to sensitive data stored within the application.

@Cyber_Security_Channel

Cyber Security News

12 Aug 2023 15:45

Baffle Delivers End-to-End Data Protection for Analytics

Baffle Data Protection for Analytics is the easiest and fastest way to secure analytics while meeting increasingly stringent compliance mandates.

With no code changes, the platform encrypts, tokenizes or masks data as it is ingested into the most popular analytics databases and data warehouses to ensure a strong security posture when data is stored and moved through analytics pipelines.

Baffle Data Protection for Analytics provides end-to-end controls for data ingestion, from applications into data stores, to consumption, from data warehouses for processing and analysis.

Fine-grained access control ensures no unauthorized users, including cloud admins, database administrators, data analysts or data scientists, can access sensitive data in clear text

@Cyber_Security_Channel

Cyber Security News

12 Aug 2023 07:46

Truist prepares to use IBM's quantum computers for cybersecurity and AI

The Charlotte-based bank announced Wednesday that it will join the IBM Quantum Accelerator program and welcome IBM to the bank's Innovator in Residence program.

Truist's Innovator in Residence program brings in outside subject matter experts to help the bank innovate. IBM is the newest member; Amazon Web Services and Verizon are existing partners.

@Cyber_Security_Channel

Cyber Security News

11 Aug 2023 22:46

Contrast Responsible AI Policy Project | Keeping your business safe in the AI era | Contrast Security

AI is no longer just a concept. It is embedded in our everyday lives, powering a vast array of systems and services, from personal assistants to financial analytics.

The Contrast Responsible AI Policy Project is a testament to our belief in transparency, cooperation and shared growth. As AI continues to evolve, we need to ensure that its potential is harnessed in a responsible and ethical manner.

@Cyber_Security_Channel