Cyber Security News

20 Aug 2023 06:32

Understanding the Role of Runtime Application Self-Protection (RASP) in Cybersecurity

The primary function of RASP is to identify and block attacks in real-time.

It does this by continuously monitoring the behavior of an application, identifying malicious activities, and preventing them from causing harm.

This is particularly important in today’s digital landscape where attacks are becoming more sophisticated and harder to detect with traditional security tools.

RASP’s real-time response capability is another significant advantage. In the event of an attack, RASP can immediately take action to prevent the attack from progressing.

This could involve terminating a user’s session, stopping an application’s execution, or alerting the security team.

This immediate response can significantly reduce the potential damage caused by an attack.

@Cyber_Security_Channel

Cyber Security News

20 Aug 2023 01:45

Cybersecurity: What the Defense Industry Needs to Unlock to Stay Ahead

Cybersecurity is a key requirement for supporting software infrastructure across the entire military supply chain due to the recent increase in cyber warfare.

Organizations’ systems must be pen-tested and have enough built-in protection to avert and react to attempted data breaches or cyberattacks.

@Cyber_Security_Channel

Cyber Security News

19 Aug 2023 20:49

How an 8-Character Password Could be Cracked in Just a Few Minutes

A hacker aiming to crack complex yet short passwords quickly enough would need the latest and most advanced graphics processing technology.

The more powerful the graphics processing unit, the faster it can perform such tasks as mining cryptocurrencies and cracking passwords.

For example, one of the top GPUs around today is Nvidia’s GeForce RTX 4090, a product that starts at $1,599.

But even less powerful and less expensive GPUs can crack passwords of a small length and low complexity in a relatively short amount of time.

@Cyber_Security_Channel

Cyber Security News

19 Aug 2023 14:56

Post Quantum Encryption Cannot Wait for Standard Processes to Unfold

Quantum computers, which are expected to become viable in the next several years, use subatomic particles and quantum mechanics to execute calculations faster than today’s highest-performing conventional supercomputers.

This computing power comes with the ability to crack encryption methods that are based on factoring large prime numbers.

An algorithm introduced by Peter Shor, back in 1994, provides a method for the factorization of large prime numbers in polynomial time instead of exponential time.

While a conventional computer might take trillions of years to break a 2,048-bit asymmetric encryption key, a quantum computer powered by 4,099 quantum bits, or “qubits,” using Shor’s algorithm would need about 10 seconds to accomplish the task.

@Cyber_Security_Channel

Cyber Security News

19 Aug 2023 09:55

Why Agencies Need Backup as a Service for Data Protection

Data backups can be complicated, but they’re essential for agencies as they shift more data and applications to the cloud.

IT leaders can either handle the tooling and manage the processes themselves or bring in a third party to relieve the burden.

BaaS providers invest in the mission-critical security that’s needed to fight today’s increasingly dangerous threats.

Agencies can rest easy knowing encryption will protect data that’s either in transit across the network or at rest.

Copies of the data are lodged behind air gaps and kept separate from other data.

BaaS providers also protect against unauthorized access and offer advanced detection to spot ransomware and suspicious file behavior.

@Cyber_Security_Channel

Cyber Security News

19 Aug 2023 04:25

The Dark Web Is Expanding (As Is the Value of Monitoring It)

These logs are then used for account takeover attacks, stealing cryptocurrency, or as initial access for ransomware attacks.

Flare monitors more than 20 million infostealer logs and is adding 1 million new logs per month, many of which contain credentials to multiple corporate applications.

We believe that somewhere between 2% and 4% of logs contain access to corporate IT environments that could pose significant risk if compromised.

To detect malicious actors distributing stealer logs across the Dark Web and Telegram, companies can monitor for any logs that contain an internal corporate domain access, such as sso.companyname.com.

@Cyber_Security_Channel

Cyber Security News

18 Aug 2023 22:31

Securing the Skies: Cybersecurity Challenges and Solutions for Global Satellite IoT Systems

Another significant challenge is the lack of standardized security protocols for IoT devices.

The diversity of these devices, each with its unique operating system and software, makes it difficult to implement a one-size-fits-all security solution.

This lack of standardization not only complicates the task of securing these devices but also creates loopholes that cybercriminals can exploit.

Despite these challenges, several solutions are being explored to enhance the cybersecurity of global satellite IoT systems.

One such solution is the development of advanced encryption algorithms.

Encryption plays a crucial role in securing data transmission, ensuring that even if data is intercepted, it remains unintelligible to unauthorized users.

By constantly updating and improving these algorithms, we can stay one step ahead of cybercriminals.

@Cyber_Security_Channel

Cyber Security News

18 Aug 2023 18:22

Case from 2 weeks ago: Colorado Department of Higher Education warns of massive data breach

The stolen data is then used in double-extortion attacks, where they threaten to publicly leak data unless a ransom is paid.

According to the CDHE, this tactic was used on its network, with their investigation revealing that the threat actors had access to their systems between June 11th and June 19th.

During this time, the threat actors stole data from the Department's systems that spanned 13 years between 2004 and 2020.

@Cyber_Security_Channel

Cyber Security News

18 Aug 2023 14:33

Technologists Are The New Superheroes On Corporate Boards In The Age Of AI, Blockchain And Cybersecurity

The speed at which technology is advancing poses challenges for companies across all sectors.

AI, with its potential to revolutionize decision-making and automate processes, requires expert guidance to ensure ethical and responsible integration.

Cybersecurity expertise among new board members rose to 17%, up from a mere 8% in the previous year, while 41% had digital or social media experience.

@Cyber_Security_Channel

Cyber Security News

18 Aug 2023 09:15

The Role of Software Defined Networking in Enhancing Cybersecurity

SDN is a networking technology that separates the control plane from the data plane in network devices, allowing network administrators to have programmable central control of network traffic without requiring physical access to the network’s hardware devices.

This centralized control provides a holistic view of the entire network, making it easier to identify and mitigate potential security threats.

SDN offers a promising approach to enhancing cybersecurity. Its centralized control, programmability, and improved network visibility can help to effectively counter the evolving landscape of cyber threats.

@Cyber_Security_Channel

Cyber Security News

17 Aug 2023 20:01

Vericast Goes Deep on Data Privacy with Qonsent Partnership

Vericast’s new zero-party data capture and consent solution will record, store, and manage all of a brand’s consented data.

Zero-party data is data that consumers actively and intentionally share with brands.

“Consumer trust is integral to loyalty and has a direct impact on the bottom line,” said Jesse Redniss, chief executive officer and co-founder of Qonsent.

“The crux of our technology is offering consumers transparency and the ability to provide consent.

@Cyber_Security_Channel

Cyber Security News

17 Aug 2023 16:35

How Malicious Android Apps Slip Into Disguise

Eremin said Google flagged their initial May 9, 2023 report as “high” severity.

More recently, Google awarded them a $5,000 bug bounty, even though it did not technically classify their finding as a security vulnerability.

“This was a unique situation in which the reported issue was not classified as a vulnerability and did not impact the Android Open Source Project (AOSP), but did result in an update to our malware detection mechanisms for apps that might try to abuse this issue,” Google said in a written statement.

@Cyber_Security_Channel

Cyber Security News

17 Aug 2023 11:57

Credentials Account For Over Half of Cloud Compromises

The report also revealed how threat actors are trying to bypass Google Play Store malware detections to get their malicious apps listed on the official marketplace. An increasingly popular tactic is “versioning.”

“Versioning occurs when a developer releases an initial version of an app on the Google Play Store that appears legitimate and passes our checks, but later receives an update from a third-party server changing the code on the end user device that enables malicious activity,”

@Cyber_Security_Channel

Cyber Security News

17 Aug 2023 07:37

Google’s AI Red Team: Advancing Cybersecurity on the AI Frontier

Some of the tactics, techniques and procedures (TTPs) that we use in exercises to target AI deployments, and are mentioned in the report, require specific internal access that an external attacker would not have.

This is when our AI Red Team is collaborating with the security red team to get in that position.

The security and privacy of our users is always our top priority. If we cannot launch a new feature safely, we don’t launch it, regardless of how cool it might be.

Where there is no simple solution to an identified issue, the AI Red Team collaborates closely with internal research teams that work hard to research new approaches to address these gaps.

@Cyber_Security_Channel

Cyber Security News

17 Aug 2023 01:44

Jericho Security Uses AI to Fight AI in New Frontier of Cybersecurity

Jericho Security’s approach marks a new frontier for cybersecurity, using machine-learning capabilities to essentially “fight AI with AI.”

Jericho pits an AI red team against an AI blue team in simulations to uncover vulnerabilities and develop more robust defenses.

Jericho Security is the result of decades of collective observation of the evolution of cybersecurity threats by its founders.

Wohns is a veteran AI technologist and former CEO of Agolo, a natural language processing (NLP) company.

Tim Hwang is the cofounder and CEO of FiscalNote, a government relations management platform.

Dan Chyan is a cybersecurity expert and founding partner of PKC Security, a cybersecurity consulting firm.

@Cyber_Security_Channel

Cyber Security News

20 Aug 2023 03:59

KnowBe4 PhishER Plus Uses Triple-Validated Phishing Threat Feed

PhishER Plus users are trained to spot and report phishing attacks, KnowBe4 stated.

The information these users gather about phishing attacks is incorporated into the PhishER Plus Global Blocklist.

KnowBe4 provides a security awareness training and simulated phishing platform used by more than 60,000 organizations, the company said.

It also offers a partner program for MSSPs, MSPs and other technology providers.

@Cyber_Security_Channel

Cyber Security News

19 Aug 2023 22:40

Norway Imposes Heavy Fines on Meta Platforms for Privacy Violations

The specific breach in question involves Meta’s practice of collecting user data, such as their physical locations in Norway, and subsequently using this data for targeted behavioral advertising, a model commonly adopted across the tech industry.

@Cyber_Security_Channel

Cyber Security News

19 Aug 2023 17:17

Cyberinsurance Firm Resilience Raises $100 Million to Expand Its Cyber Risk Platform

The Series D round was led by Intact Ventures, an affiliate of Resilience’s primary capacity provider, Intact Insurance’s underwriting companies, with participation by Lightspeed Venture Partners, as well as General Catalyst and Founders Fund.

With headquarters in San Francisco, Resilience’s team has offices in New York, Chicago, London, Toronto, Baltimore, and Los Angeles.

Resilience offers insurance coverage through its network of insurance agents and security services through its security team.

@Cyber_Security_Channel

Cyber Security News

19 Aug 2023 12:03

DNV and KIRIA Extend Collaboration in Cybersecurity and Artificial Intelligence for Robotics

The European Commission has recently implemented new legislation, the Machinery Regulation and the Artificial Intelligence Act, to enhance the safety and performance of machinery, including robots.

Manufacturers of machinery, including robots, will need to comply with stricter product safety and sustainability requirements to access the European market.

They will also need to address emerging risks in areas such as cybersecurity, human-machine interaction, and traceability of safety components and software behavior.

@Cyber_Security_Channel

Cyber Security News

19 Aug 2023 07:19

Signal: AI Tops Cybersecurity in UK Defence, Security and Aerospace Hirings

AI hirings have increased by more than 60% over the past six months, coinciding with the spread of the disruptive technology.

Direct military operations have been significantly affected, from the development of AI-enabled drones to “AI pilots” themselves.

In the UK, domestic security service MI5 entered into a partnership with the Alan Turing Institute “to apply AI research to confront national security challenges”.

Along with GCHQ and MI6, MI5 are lobbying the government to soften surveillance laws that place a “burdensome” limit on training artificial intelligence models with large amounts of personal data.

@Cyber_Security_Channel

Cyber Security News

19 Aug 2023 01:38

Notorious Spyware Maker LetMeSpy Shuts Down After Data Breach

It was discovered that LetMeSpy had sensitive information from over 13,000 compromised Android devices worldwide, according to leaked data obtained by DDoSecrets, a transparency collective.

Surprisingly, the company had previously claimed control over more than 236,000 devices before the breach.

Further investigation into LetMeSpy revealed that it was developed by a tech company called Radeal, located in Krakow.

Despite attempts to contact the CEO for comment, no response was received.

@Cyber_Security_Channel

Cyber Security News

18 Aug 2023 20:44

How To Deal With the Vagueness in New Cyber Regulations

"Also, let's be frank. The reason these standards are vague is often [because] industry demands for flexibility," he adds.

"If we're having trouble because the standards are too open-ended, we should bring that to our industry groups and lobbyists."

Katz, an attorney and former tech executive, agrees it's up to the cybersecurity community to help educate and shape rulemaking discussions.

Without technical guidance, regulatory bodies like the SEC are left with little influence beyond punishment, she adds.

@Cyber_Security_Channel

Cyber Security News

18 Aug 2023 16:05

Union Govt to Pocket Data Breach Penalties Under Digital Personal Data Bill

This provision, as mentioned earlier, provides for compensation for failure to protect data.

However, in the absence of it, “the simple remedy of approaching an authority would also stand deleted without alternatives being provided in the DPDP,” analysts told the newspaper.

“Section 43A of the IT Act provides for damages payable by compensation to the affected person.

Nonetheless, the DPDP Bill has not touched on compensation payable to the affected person.

This approach taken under the DPDP Bill is a deviation from several data protection legislations across the world,” Supratim Chakraborty, partner at Khaitan and Co, told the Telegraph.

@Cyber_Security_Channel

Cyber Security News

18 Aug 2023 11:55

Instagram Settles Illinois Biometric Privacy Law Case for $68.5 Million

The suit alleges that a facial recognition feature introduced by Instagram in 2015 violated the law, by collecting biometrics to find other pictures and videos the user might appear in that were hosted on Instagram and Facebook.

Despite being notorious for internet shutdowns and developing government-run email and messaging services, the small Central Asian nation has a data protection law on the books that regards biometric data as sensitive personal information and strictly limits the use of it.

@Cyber_Security_Channel

Cyber Security News

17 Aug 2023 22:52

Cynomi and Grant Thornton Partner to Enhance Cybersecurity Services for SMBs

Cynomi’s multitenant platform automatically generates everything a vCISO needs to enhance efficiency: risk and compliance assessments, tailored security policies, actionable remediation plans with prioritized tasks, task management tools for ongoing management and customer-facing reports.

@Cyber_Security_Channel

Cyber Security News

17 Aug 2023 18:51

Cloud Data Protection: Top Tips for Unified Communications

Cloud data protection is something no company can afford to overlook when moving into the new age of unified communications.

The shift to the cloud presents an excellent opportunity for company-wide digital transformation. But like every significant change, moving to the cloud has its risks.

The rising popularity of cloud communications and UC systems has prompted an increase in vendors implementing stronger security standards in their tools.

Systems must be designed with secure access controls to ensure the wrong people can’t leverage specific tools and resources.

@Cyber_Security_Channel

Cyber Security News

17 Aug 2023 14:11

A Cyberattack Has Disrupted Hospitals and Health Care in Five States

In Connecticut, the emergency departments at Manchester Memorial and Rockville General hospital were closed for much of Thursday and patients were diverted to other nearby medical centers.

“We have a national Prospect team working and evaluating the impact of the attack on all of the organizations,” Jillian Menzel, chief operating officer for the Eastern Connecticut Health Network, said in a statement.

@Cyber_Security_Channel

Cyber Security News

17 Aug 2023 09:48

Case from a few weeks ago: VALIC Retirement Services Company Experiences PBI Data Breach Exposing Approximately 798,000 Social Security Numbers

On July 27, 2023, VALIC Retirement Services Company filed a notice with the Attorney General of Maine describing a third-party data breach affecting consumers nationwide.

However, the attached data breach letter was written by PBI and explained that the PBI's MOVEit servers were accessed by an unauthorized party after they were able to exploit a vulnerability within the software.

The data breach affected an estimated 798,000 VALIC Retirement Services Company customers.

The list of sensitive information that was exposed includes:

- Names
- Social Security numbers
- Policy or account numbers
- Dates of birth
- Addresses

@Cyber_Security_Channel

Cyber Security News

17 Aug 2023 04:32

Innovations in AI Embedded Cybersecurity to be Featured on Advancements Series

Cybercriminals have taken away our confidence and freedom to navigate the online space.

No matter the size or budget, organizations continue to fall victim to cyberattacks because external defenses are too reactive and rely heavily on human intervention.

A mindset reset towards a security-by-design approach is needed.

@Cyber_Security_Channel

Cyber Security News

16 Aug 2023 22:00

Multi-Modal Data Protection With AI’s Help

Cybersecurity, on the other hand, must deal with second order chaos and risk: a chaotic system with threats that intelligently adapt to defenses and countermeasures much like in warfare or espionage, but also like in other less martial conflict like sales, legal battles, and soon AI-assisted adversarial domains.

@Cyber_Security_Channel