Norway Imposes Heavy Fines on Meta Platforms for Privacy Violations
The specific breach in question involves Meta’s practice of collecting user data, such as their physical locations in Norway, and subsequently using this data for targeted behavioral advertising, a model commonly adopted across the tech industry.
@Cyber_Security_Channel
Cyberinsurance Firm Resilience Raises $100 Million to Expand Its Cyber Risk Platform
The Series D round was led by Intact Ventures, an affiliate of Resilience’s primary capacity provider, Intact Insurance’s underwriting companies, with participation by Lightspeed Venture Partners, as well as General Catalyst and Founders Fund.
With headquarters in San Francisco, Resilience’s team has offices in New York, Chicago, London, Toronto, Baltimore, and Los Angeles.
Resilience offers insurance coverage through its network of insurance agents and security services through its security team.
@Cyber_Security_Channel
DNV and KIRIA Extend Collaboration in Cybersecurity and Artificial Intelligence for Robotics
The European Commission has recently implemented new legislation, the Machinery Regulation and the Artificial Intelligence Act, to enhance the safety and performance of machinery, including robots.
Manufacturers of machinery, including robots, will need to comply with stricter product safety and sustainability requirements to access the European market.
They will also need to address emerging risks in areas such as cybersecurity, human-machine interaction, and traceability of safety components and software behavior.
@Cyber_Security_Channel
Signal: AI Tops Cybersecurity in UK Defence, Security and Aerospace Hirings
AI hirings have increased by more than 60% over the past six months, coinciding with the spread of the disruptive technology.
Direct military operations have been significantly affected, from the development of AI-enabled drones to “AI pilots” themselves.
In the UK, domestic security service MI5 entered into a partnership with the Alan Turing Institute “to apply AI research to confront national security challenges”.
Along with GCHQ and MI6, MI5 are lobbying the government to soften surveillance laws that place a “burdensome” limit on training artificial intelligence models with large amounts of personal data.
@Cyber_Security_Channel
Notorious Spyware Maker LetMeSpy Shuts Down After Data Breach
It was discovered that LetMeSpy had sensitive information from over 13,000 compromised Android devices worldwide, according to leaked data obtained by DDoSecrets, a transparency collective.
Surprisingly, the company had previously claimed control over more than 236,000 devices before the breach.
Further investigation into LetMeSpy revealed that it was developed by a tech company called Radeal, located in Krakow.
Despite attempts to contact the CEO for comment, no response was received.
@Cyber_Security_Channel
How To Deal With the Vagueness in New Cyber Regulations
"Also, let's be frank. The reason these standards are vague is often [because] industry demands for flexibility," he adds.
"If we're having trouble because the standards are too open-ended, we should bring that to our industry groups and lobbyists."
Katz, an attorney and former tech executive, agrees it's up to the cybersecurity community to help educate and shape rulemaking discussions.
Without technical guidance, regulatory bodies like the SEC are left with little influence beyond punishment, she adds.
@Cyber_Security_Channel
Union Govt to Pocket Data Breach Penalties Under Digital Personal Data Bill
This provision, as mentioned earlier, provides for compensation for failure to protect data.
However, in the absence of it, “the simple remedy of approaching an authority would also stand deleted without alternatives being provided in the DPDP,” analysts told the newspaper.
“Section 43A of the IT Act provides for damages payable by compensation to the affected person.
Nonetheless, the DPDP Bill has not touched on compensation payable to the affected person.
This approach taken under the DPDP Bill is a deviation from several data protection legislations across the world,” Supratim Chakraborty, partner at Khaitan and Co, told the Telegraph.
@Cyber_Security_Channel
Instagram Settles Illinois Biometric Privacy Law Case for $68.5 Million
The suit alleges that a facial recognition feature introduced by Instagram in 2015 violated the law, by collecting biometrics to find other pictures and videos the user might appear in that were hosted on Instagram and Facebook.
Despite being notorious for internet shutdowns and developing government-run email and messaging services, the small Central Asian nation has a data protection law on the books that regards biometric data as sensitive personal information and strictly limits the use of it.
@Cyber_Security_Channel
Cynomi and Grant Thornton Partner to Enhance Cybersecurity Services for SMBs
Cynomi’s multitenant platform automatically generates everything a vCISO needs to enhance efficiency: risk and compliance assessments, tailored security policies, actionable remediation plans with prioritized tasks, task management tools for ongoing management and customer-facing reports.
@Cyber_Security_Channel
Cloud Data Protection: Top Tips for Unified Communications
Cloud data protection is something no company can afford to overlook when moving into the new age of unified communications.
The shift to the cloud presents an excellent opportunity for company-wide digital transformation. But like every significant change, moving to the cloud has its risks.
The rising popularity of cloud communications and UC systems has prompted an increase in vendors implementing stronger security standards in their tools.
Systems must be designed with secure access controls to ensure the wrong people can’t leverage specific tools and resources.
@Cyber_Security_Channel
A Cyberattack Has Disrupted Hospitals and Health Care in Five States
In Connecticut, the emergency departments at Manchester Memorial and Rockville General hospital were closed for much of Thursday and patients were diverted to other nearby medical centers.
“We have a national Prospect team working and evaluating the impact of the attack on all of the organizations,” Jillian Menzel, chief operating officer for the Eastern Connecticut Health Network, said in a statement.
@Cyber_Security_Channel
Case from a few weeks ago: VALIC Retirement Services Company Experiences PBI Data Breach Exposing Approximately 798,000 Social Security Numbers
On July 27, 2023, VALIC Retirement Services Company filed a notice with the Attorney General of Maine describing a third-party data breach affecting consumers nationwide.
However, the attached data breach letter was written by PBI and explained that the PBI's MOVEit servers were accessed by an unauthorized party after they were able to exploit a vulnerability within the software.
The data breach affected an estimated 798,000 VALIC Retirement Services Company customers.
The list of sensitive information that was exposed includes:
- Names
- Social Security numbers
- Policy or account numbers
- Dates of birth
- Addresses
@Cyber_Security_Channel
Innovations in AI Embedded Cybersecurity to be Featured on Advancements Series
Cybercriminals have taken away our confidence and freedom to navigate the online space.
No matter the size or budget, organizations continue to fall victim to cyberattacks because external defenses are too reactive and rely heavily on human intervention.
A mindset reset towards a security-by-design approach is needed.
@Cyber_Security_Channel
Multi-Modal Data Protection With AI’s Help
Cybersecurity, on the other hand, must deal with second order chaos and risk: a chaotic system with threats that intelligently adapt to defenses and countermeasures much like in warfare or espionage, but also like in other less martial conflict like sales, legal battles, and soon AI-assisted adversarial domains.
@Cyber_Security_Channel
Top 10 Data Center Security Stories of 2023 (So Far)
By staying informed and proactive on the latest trends and best practices, data center professionals can ensure the safety and integrity of their critical assets.
1. How ChatGPT Can Help and Hinder Data Center Cybersecurity
2. Top 5 Data Center Security Risks for 2023
3. Time to Double Check Those Data Center Deadbolts: 2023 Security Review
4. Why Is Blockchain Important? Is It Still Relevant? Or Was It Ever?
5. How ISO, CIS, MITRE, and CSA Impact Your Cloud Security Architecture
6. 7 Ways to Secure Sensitive Data in the Cloud
7. How Security Architects Fit Into Organizations
8. Authentication Patterns for Securing Technical Accounts in the Cloud
9. Network Zoning in 2023: How AI and Automation Change Things
10. When To Go Cloud-Native and When To Buy a Security Vendor Solution
📸 Photo: Analytics Insight
@Cyber_Security_Channel
How an 8-Character Password Could be Cracked in Just a Few Minutes
A hacker aiming to crack complex yet short passwords quickly enough would need the latest and most advanced graphics processing technology.
The more powerful the graphics processing unit, the faster it can perform such tasks as mining cryptocurrencies and cracking passwords.
For example, one of the top GPUs around today is Nvidia’s GeForce RTX 4090, a product that starts at $1,599.
But even less powerful and less expensive GPUs can crack passwords of a small length and low complexity in a relatively short amount of time.
@Cyber_Security_Channel
Post Quantum Encryption Cannot Wait for Standard Processes to Unfold
Quantum computers, which are expected to become viable in the next several years, use subatomic particles and quantum mechanics to execute calculations faster than today’s highest-performing conventional supercomputers.
This computing power comes with the ability to crack encryption methods that are based on factoring large prime numbers.
An algorithm introduced by Peter Shor, back in 1994, provides a method for the factorization of large prime numbers in polynomial time instead of exponential time.
While a conventional computer might take trillions of years to break a 2,048-bit asymmetric encryption key, a quantum computer powered by 4,099 quantum bits, or “qubits,” using Shor’s algorithm would need about 10 seconds to accomplish the task.
@Cyber_Security_Channel
Why Agencies Need Backup as a Service for Data Protection
Data backups can be complicated, but they’re essential for agencies as they shift more data and applications to the cloud.
IT leaders can either handle the tooling and manage the processes themselves or bring in a third party to relieve the burden.
BaaS providers invest in the mission-critical security that’s needed to fight today’s increasingly dangerous threats.
Agencies can rest easy knowing encryption will protect data that’s either in transit across the network or at rest.
Copies of the data are lodged behind air gaps and kept separate from other data.
BaaS providers also protect against unauthorized access and offer advanced detection to spot ransomware and suspicious file behavior.
@Cyber_Security_Channel
The Dark Web Is Expanding (As Is the Value of Monitoring It)
These logs are then used for account takeover attacks, stealing cryptocurrency, or as initial access for ransomware attacks.
Flare monitors more than 20 million infostealer logs and is adding 1 million new logs per month, many of which contain credentials to multiple corporate applications.
We believe that somewhere between 2% and 4% of logs contain access to corporate IT environments that could pose significant risk if compromised.
To detect malicious actors distributing stealer logs across the Dark Web and Telegram, companies can monitor for any logs that contain an internal corporate domain access, such as sso.companyname.com.
@Cyber_Security_Channel
Securing the Skies: Cybersecurity Challenges and Solutions for Global Satellite IoT Systems
Another significant challenge is the lack of standardized security protocols for IoT devices.
The diversity of these devices, each with its unique operating system and software, makes it difficult to implement a one-size-fits-all security solution.
This lack of standardization not only complicates the task of securing these devices but also creates loopholes that cybercriminals can exploit.
Despite these challenges, several solutions are being explored to enhance the cybersecurity of global satellite IoT systems.
One such solution is the development of advanced encryption algorithms.
Encryption plays a crucial role in securing data transmission, ensuring that even if data is intercepted, it remains unintelligible to unauthorized users.
By constantly updating and improving these algorithms, we can stay one step ahead of cybercriminals.
@Cyber_Security_Channel
Case from 2 weeks ago: Colorado Department of Higher Education warns of massive data breach
The stolen data is then used in double-extortion attacks, where they threaten to publicly leak data unless a ransom is paid.
According to the CDHE, this tactic was used on its network, with their investigation revealing that the threat actors had access to their systems between June 11th and June 19th.
During this time, the threat actors stole data from the Department's systems that spanned 13 years between 2004 and 2020.
@Cyber_Security_Channel
Technologists Are The New Superheroes On Corporate Boards In The Age Of AI, Blockchain And Cybersecurity
The speed at which technology is advancing poses challenges for companies across all sectors.
AI, with its potential to revolutionize decision-making and automate processes, requires expert guidance to ensure ethical and responsible integration.
Cybersecurity expertise among new board members rose to 17%, up from a mere 8% in the previous year, while 41% had digital or social media experience.
@Cyber_Security_Channel
The Role of Software Defined Networking in Enhancing Cybersecurity
SDN is a networking technology that separates the control plane from the data plane in network devices, allowing network administrators to have programmable central control of network traffic without requiring physical access to the network’s hardware devices.
This centralized control provides a holistic view of the entire network, making it easier to identify and mitigate potential security threats.
SDN offers a promising approach to enhancing cybersecurity. Its centralized control, programmability, and improved network visibility can help to effectively counter the evolving landscape of cyber threats.
@Cyber_Security_Channel
Vericast Goes Deep on Data Privacy with Qonsent Partnership
Vericast’s new zero-party data capture and consent solution will record, store, and manage all of a brand’s consented data.
Zero-party data is data that consumers actively and intentionally share with brands.
“Consumer trust is integral to loyalty and has a direct impact on the bottom line,” said Jesse Redniss, chief executive officer and co-founder of Qonsent.
“The crux of our technology is offering consumers transparency and the ability to provide consent.
@Cyber_Security_Channel
How Malicious Android Apps Slip Into Disguise
Eremin said Google flagged their initial May 9, 2023 report as “high” severity.
More recently, Google awarded them a $5,000 bug bounty, even though it did not technically classify their finding as a security vulnerability.
“This was a unique situation in which the reported issue was not classified as a vulnerability and did not impact the Android Open Source Project (AOSP), but did result in an update to our malware detection mechanisms for apps that might try to abuse this issue,” Google said in a written statement.
@Cyber_Security_Channel
Credentials Account For Over Half of Cloud Compromises
The report also revealed how threat actors are trying to bypass Google Play Store malware detections to get their malicious apps listed on the official marketplace. An increasingly popular tactic is “versioning.”
“Versioning occurs when a developer releases an initial version of an app on the Google Play Store that appears legitimate and passes our checks, but later receives an update from a third-party server changing the code on the end user device that enables malicious activity,”
@Cyber_Security_Channel
Google’s AI Red Team: Advancing Cybersecurity on the AI Frontier
Some of the tactics, techniques and procedures (TTPs) that we use in exercises to target AI deployments, and are mentioned in the report, require specific internal access that an external attacker would not have.
This is when our AI Red Team is collaborating with the security red team to get in that position.
The security and privacy of our users is always our top priority. If we cannot launch a new feature safely, we don’t launch it, regardless of how cool it might be.
Where there is no simple solution to an identified issue, the AI Red Team collaborates closely with internal research teams that work hard to research new approaches to address these gaps.
@Cyber_Security_Channel
Jericho Security Uses AI to Fight AI in New Frontier of Cybersecurity
Jericho Security’s approach marks a new frontier for cybersecurity, using machine-learning capabilities to essentially “fight AI with AI.”
Jericho pits an AI red team against an AI blue team in simulations to uncover vulnerabilities and develop more robust defenses.
Jericho Security is the result of decades of collective observation of the evolution of cybersecurity threats by its founders.
Wohns is a veteran AI technologist and former CEO of Agolo, a natural language processing (NLP) company.
Tim Hwang is the cofounder and CEO of FiscalNote, a government relations management platform.
Dan Chyan is a cybersecurity expert and founding partner of PKC Security, a cybersecurity consulting firm.
@Cyber_Security_Channel
Meta Fined $20 Million in Australia Over Personal Data Usage
The ACCC seems content to ding Meta for what are essentially inaccurate statements to consumers about data usage, however, and in an amount that has seemingly become a cost of doing business for the company.
Despite some recent concerns about its future direction, plans for VR and an ongoing drop in Facebook users, Meta is still pulling down about $120 billion per year in revenue.
@Cyber_Security_Channel
Back-Door Cyber Threat Leaving Supply Chains Exposed
Supply vendors are too often the entry point for malware, ransomware or denial of service attacks, which then work their way upstream or downstream to the larger organisation itself.
Monitoring all these using conventional methods, such as surveys, generates a huge administrative burden and only provides limited assurance of a supplier’s cyber security posture at a single point in time.
@Cyber_Security_Channel