Cyber Security News

20 Aug 2023 13:08

Average Cost of a Data Breach Has Reached an All-Time High: IBM Report

Involving law enforcement in a ransomware attack also saved money and shortened the lifecycle of the breach.

Organizations that didn’t involve law enforcement in a ransomware attack incurred an additional $470,000 in expenses on average.

About 63% of respondents said they involved law enforcement.

The 37% that didn’t involve law enforcement paid 9.6% more and experienced a 33-day longer breach lifecycle.

@Cyber_Security_Channel

Cyber Security News

20 Aug 2023 08:55

When Your Teammate is a Machine: 8 Questions CISOs Should be Asking About AI

AI will effectively become an extension of automation processes and can uncover a vastly expanded breadth and span of information, helping to evaluate complexities at greater and greater speeds.

1. Did comprehensive testing to ensure the AI algorithm works as intended occur?

2. From where did the data used to train the AI come?

3. How was the AI algorithm designed to prevent, or mitigate as much as possible, bias in the results?

4. How was the algorithm designed to mitigate the new and challenging risks that emerge almost daily related to generative AI?

5. Has the vendor comprehensively addressed security concerns related to machine learning and if so, how?

6. Has the AI been engineered to account for the complexity of AI systems attack surfaces and if so, in what ways?

7. How have supply chain and third-party AI components been reviewed for security and privacy risk, and then mitigated?

8. Has the AI manufacturer or vendor developed their AI products to meet data protection compliance for the areas in which they will be sold?

@Cyber_Security_Channel

Cyber Security News

20 Aug 2023 03:59

KnowBe4 PhishER Plus Uses Triple-Validated Phishing Threat Feed

PhishER Plus users are trained to spot and report phishing attacks, KnowBe4 stated.

The information these users gather about phishing attacks is incorporated into the PhishER Plus Global Blocklist.

KnowBe4 provides a security awareness training and simulated phishing platform used by more than 60,000 organizations, the company said.

It also offers a partner program for MSSPs, MSPs and other technology providers.

@Cyber_Security_Channel

Cyber Security News

19 Aug 2023 22:40

Norway Imposes Heavy Fines on Meta Platforms for Privacy Violations

The specific breach in question involves Meta’s practice of collecting user data, such as their physical locations in Norway, and subsequently using this data for targeted behavioral advertising, a model commonly adopted across the tech industry.

@Cyber_Security_Channel

Cyber Security News

19 Aug 2023 17:17

Cyberinsurance Firm Resilience Raises $100 Million to Expand Its Cyber Risk Platform

The Series D round was led by Intact Ventures, an affiliate of Resilience’s primary capacity provider, Intact Insurance’s underwriting companies, with participation by Lightspeed Venture Partners, as well as General Catalyst and Founders Fund.

With headquarters in San Francisco, Resilience’s team has offices in New York, Chicago, London, Toronto, Baltimore, and Los Angeles.

Resilience offers insurance coverage through its network of insurance agents and security services through its security team.

@Cyber_Security_Channel

Cyber Security News

19 Aug 2023 12:03

DNV and KIRIA Extend Collaboration in Cybersecurity and Artificial Intelligence for Robotics

The European Commission has recently implemented new legislation, the Machinery Regulation and the Artificial Intelligence Act, to enhance the safety and performance of machinery, including robots.

Manufacturers of machinery, including robots, will need to comply with stricter product safety and sustainability requirements to access the European market.

They will also need to address emerging risks in areas such as cybersecurity, human-machine interaction, and traceability of safety components and software behavior.

@Cyber_Security_Channel

Cyber Security News

19 Aug 2023 07:19

Signal: AI Tops Cybersecurity in UK Defence, Security and Aerospace Hirings

AI hirings have increased by more than 60% over the past six months, coinciding with the spread of the disruptive technology.

Direct military operations have been significantly affected, from the development of AI-enabled drones to “AI pilots” themselves.

In the UK, domestic security service MI5 entered into a partnership with the Alan Turing Institute “to apply AI research to confront national security challenges”.

Along with GCHQ and MI6, MI5 are lobbying the government to soften surveillance laws that place a “burdensome” limit on training artificial intelligence models with large amounts of personal data.

@Cyber_Security_Channel

Cyber Security News

19 Aug 2023 01:38

Notorious Spyware Maker LetMeSpy Shuts Down After Data Breach

It was discovered that LetMeSpy had sensitive information from over 13,000 compromised Android devices worldwide, according to leaked data obtained by DDoSecrets, a transparency collective.

Surprisingly, the company had previously claimed control over more than 236,000 devices before the breach.

Further investigation into LetMeSpy revealed that it was developed by a tech company called Radeal, located in Krakow.

Despite attempts to contact the CEO for comment, no response was received.

@Cyber_Security_Channel

Cyber Security News

18 Aug 2023 20:44

How To Deal With the Vagueness in New Cyber Regulations

"Also, let's be frank. The reason these standards are vague is often [because] industry demands for flexibility," he adds.

"If we're having trouble because the standards are too open-ended, we should bring that to our industry groups and lobbyists."

Katz, an attorney and former tech executive, agrees it's up to the cybersecurity community to help educate and shape rulemaking discussions.

Without technical guidance, regulatory bodies like the SEC are left with little influence beyond punishment, she adds.

@Cyber_Security_Channel

Cyber Security News

18 Aug 2023 16:05

Union Govt to Pocket Data Breach Penalties Under Digital Personal Data Bill

This provision, as mentioned earlier, provides for compensation for failure to protect data.

However, in the absence of it, “the simple remedy of approaching an authority would also stand deleted without alternatives being provided in the DPDP,” analysts told the newspaper.

“Section 43A of the IT Act provides for damages payable by compensation to the affected person.

Nonetheless, the DPDP Bill has not touched on compensation payable to the affected person.

This approach taken under the DPDP Bill is a deviation from several data protection legislations across the world,” Supratim Chakraborty, partner at Khaitan and Co, told the Telegraph.

@Cyber_Security_Channel

Cyber Security News

18 Aug 2023 11:55

Instagram Settles Illinois Biometric Privacy Law Case for $68.5 Million

The suit alleges that a facial recognition feature introduced by Instagram in 2015 violated the law, by collecting biometrics to find other pictures and videos the user might appear in that were hosted on Instagram and Facebook.

Despite being notorious for internet shutdowns and developing government-run email and messaging services, the small Central Asian nation has a data protection law on the books that regards biometric data as sensitive personal information and strictly limits the use of it.

@Cyber_Security_Channel

Cyber Security News

17 Aug 2023 22:52

Cynomi and Grant Thornton Partner to Enhance Cybersecurity Services for SMBs

Cynomi’s multitenant platform automatically generates everything a vCISO needs to enhance efficiency: risk and compliance assessments, tailored security policies, actionable remediation plans with prioritized tasks, task management tools for ongoing management and customer-facing reports.

@Cyber_Security_Channel

Cyber Security News

17 Aug 2023 18:51

Cloud Data Protection: Top Tips for Unified Communications

Cloud data protection is something no company can afford to overlook when moving into the new age of unified communications.

The shift to the cloud presents an excellent opportunity for company-wide digital transformation. But like every significant change, moving to the cloud has its risks.

The rising popularity of cloud communications and UC systems has prompted an increase in vendors implementing stronger security standards in their tools.

Systems must be designed with secure access controls to ensure the wrong people can’t leverage specific tools and resources.

@Cyber_Security_Channel

Cyber Security News

17 Aug 2023 14:11

A Cyberattack Has Disrupted Hospitals and Health Care in Five States

In Connecticut, the emergency departments at Manchester Memorial and Rockville General hospital were closed for much of Thursday and patients were diverted to other nearby medical centers.

“We have a national Prospect team working and evaluating the impact of the attack on all of the organizations,” Jillian Menzel, chief operating officer for the Eastern Connecticut Health Network, said in a statement.

@Cyber_Security_Channel

Cyber Security News

17 Aug 2023 09:48

Case from a few weeks ago: VALIC Retirement Services Company Experiences PBI Data Breach Exposing Approximately 798,000 Social Security Numbers

On July 27, 2023, VALIC Retirement Services Company filed a notice with the Attorney General of Maine describing a third-party data breach affecting consumers nationwide.

However, the attached data breach letter was written by PBI and explained that the PBI's MOVEit servers were accessed by an unauthorized party after they were able to exploit a vulnerability within the software.

The data breach affected an estimated 798,000 VALIC Retirement Services Company customers.

The list of sensitive information that was exposed includes:

- Names
- Social Security numbers
- Policy or account numbers
- Dates of birth
- Addresses

@Cyber_Security_Channel

Cyber Security News

20 Aug 2023 11:44

How to Get Unlimited Airline Miles: Researchers Find the Cheat Codes

Vulnerabilities in the Points.com API could have been exploited to expose customer data, steal customers’ “loyalty currency” (like miles), or even compromise Points global administration accounts to gain control of entire loyalty programs.

An encrypted cookie assigned to each user had been encrypted with an easily guessable secret—the word “secret” … the researchers could decrypt their cookie, reassign themselves global administrator privileges for the site … and essentially assume god-mode-like capabilities

@Cyber_Security_Channel

Cyber Security News

20 Aug 2023 06:32

Understanding the Role of Runtime Application Self-Protection (RASP) in Cybersecurity

The primary function of RASP is to identify and block attacks in real-time.

It does this by continuously monitoring the behavior of an application, identifying malicious activities, and preventing them from causing harm.

This is particularly important in today’s digital landscape where attacks are becoming more sophisticated and harder to detect with traditional security tools.

RASP’s real-time response capability is another significant advantage. In the event of an attack, RASP can immediately take action to prevent the attack from progressing.

This could involve terminating a user’s session, stopping an application’s execution, or alerting the security team.

This immediate response can significantly reduce the potential damage caused by an attack.

@Cyber_Security_Channel

Cyber Security News

20 Aug 2023 01:45

Cybersecurity: What the Defense Industry Needs to Unlock to Stay Ahead

Cybersecurity is a key requirement for supporting software infrastructure across the entire military supply chain due to the recent increase in cyber warfare.

Organizations’ systems must be pen-tested and have enough built-in protection to avert and react to attempted data breaches or cyberattacks.

@Cyber_Security_Channel

Cyber Security News

19 Aug 2023 20:49

How an 8-Character Password Could be Cracked in Just a Few Minutes

A hacker aiming to crack complex yet short passwords quickly enough would need the latest and most advanced graphics processing technology.

The more powerful the graphics processing unit, the faster it can perform such tasks as mining cryptocurrencies and cracking passwords.

For example, one of the top GPUs around today is Nvidia’s GeForce RTX 4090, a product that starts at $1,599.

But even less powerful and less expensive GPUs can crack passwords of a small length and low complexity in a relatively short amount of time.

@Cyber_Security_Channel

Cyber Security News

19 Aug 2023 14:56

Post Quantum Encryption Cannot Wait for Standard Processes to Unfold

Quantum computers, which are expected to become viable in the next several years, use subatomic particles and quantum mechanics to execute calculations faster than today’s highest-performing conventional supercomputers.

This computing power comes with the ability to crack encryption methods that are based on factoring large prime numbers.

An algorithm introduced by Peter Shor, back in 1994, provides a method for the factorization of large prime numbers in polynomial time instead of exponential time.

While a conventional computer might take trillions of years to break a 2,048-bit asymmetric encryption key, a quantum computer powered by 4,099 quantum bits, or “qubits,” using Shor’s algorithm would need about 10 seconds to accomplish the task.

@Cyber_Security_Channel

Cyber Security News

19 Aug 2023 09:55

Why Agencies Need Backup as a Service for Data Protection

Data backups can be complicated, but they’re essential for agencies as they shift more data and applications to the cloud.

IT leaders can either handle the tooling and manage the processes themselves or bring in a third party to relieve the burden.

BaaS providers invest in the mission-critical security that’s needed to fight today’s increasingly dangerous threats.

Agencies can rest easy knowing encryption will protect data that’s either in transit across the network or at rest.

Copies of the data are lodged behind air gaps and kept separate from other data.

BaaS providers also protect against unauthorized access and offer advanced detection to spot ransomware and suspicious file behavior.

@Cyber_Security_Channel

Cyber Security News

19 Aug 2023 04:25

The Dark Web Is Expanding (As Is the Value of Monitoring It)

These logs are then used for account takeover attacks, stealing cryptocurrency, or as initial access for ransomware attacks.

Flare monitors more than 20 million infostealer logs and is adding 1 million new logs per month, many of which contain credentials to multiple corporate applications.

We believe that somewhere between 2% and 4% of logs contain access to corporate IT environments that could pose significant risk if compromised.

To detect malicious actors distributing stealer logs across the Dark Web and Telegram, companies can monitor for any logs that contain an internal corporate domain access, such as sso.companyname.com.

@Cyber_Security_Channel

Cyber Security News

18 Aug 2023 22:31

Securing the Skies: Cybersecurity Challenges and Solutions for Global Satellite IoT Systems

Another significant challenge is the lack of standardized security protocols for IoT devices.

The diversity of these devices, each with its unique operating system and software, makes it difficult to implement a one-size-fits-all security solution.

This lack of standardization not only complicates the task of securing these devices but also creates loopholes that cybercriminals can exploit.

Despite these challenges, several solutions are being explored to enhance the cybersecurity of global satellite IoT systems.

One such solution is the development of advanced encryption algorithms.

Encryption plays a crucial role in securing data transmission, ensuring that even if data is intercepted, it remains unintelligible to unauthorized users.

By constantly updating and improving these algorithms, we can stay one step ahead of cybercriminals.

@Cyber_Security_Channel

Cyber Security News

18 Aug 2023 18:22

Case from 2 weeks ago: Colorado Department of Higher Education warns of massive data breach

The stolen data is then used in double-extortion attacks, where they threaten to publicly leak data unless a ransom is paid.

According to the CDHE, this tactic was used on its network, with their investigation revealing that the threat actors had access to their systems between June 11th and June 19th.

During this time, the threat actors stole data from the Department's systems that spanned 13 years between 2004 and 2020.

@Cyber_Security_Channel

Cyber Security News

18 Aug 2023 14:33

Technologists Are The New Superheroes On Corporate Boards In The Age Of AI, Blockchain And Cybersecurity

The speed at which technology is advancing poses challenges for companies across all sectors.

AI, with its potential to revolutionize decision-making and automate processes, requires expert guidance to ensure ethical and responsible integration.

Cybersecurity expertise among new board members rose to 17%, up from a mere 8% in the previous year, while 41% had digital or social media experience.

@Cyber_Security_Channel

Cyber Security News

18 Aug 2023 09:15

The Role of Software Defined Networking in Enhancing Cybersecurity

SDN is a networking technology that separates the control plane from the data plane in network devices, allowing network administrators to have programmable central control of network traffic without requiring physical access to the network’s hardware devices.

This centralized control provides a holistic view of the entire network, making it easier to identify and mitigate potential security threats.

SDN offers a promising approach to enhancing cybersecurity. Its centralized control, programmability, and improved network visibility can help to effectively counter the evolving landscape of cyber threats.

@Cyber_Security_Channel

Cyber Security News

17 Aug 2023 20:01

Vericast Goes Deep on Data Privacy with Qonsent Partnership

Vericast’s new zero-party data capture and consent solution will record, store, and manage all of a brand’s consented data.

Zero-party data is data that consumers actively and intentionally share with brands.

“Consumer trust is integral to loyalty and has a direct impact on the bottom line,” said Jesse Redniss, chief executive officer and co-founder of Qonsent.

“The crux of our technology is offering consumers transparency and the ability to provide consent.

@Cyber_Security_Channel

Cyber Security News

17 Aug 2023 16:35

How Malicious Android Apps Slip Into Disguise

Eremin said Google flagged their initial May 9, 2023 report as “high” severity.

More recently, Google awarded them a $5,000 bug bounty, even though it did not technically classify their finding as a security vulnerability.

“This was a unique situation in which the reported issue was not classified as a vulnerability and did not impact the Android Open Source Project (AOSP), but did result in an update to our malware detection mechanisms for apps that might try to abuse this issue,” Google said in a written statement.

@Cyber_Security_Channel

Cyber Security News

17 Aug 2023 11:57

Credentials Account For Over Half of Cloud Compromises

The report also revealed how threat actors are trying to bypass Google Play Store malware detections to get their malicious apps listed on the official marketplace. An increasingly popular tactic is “versioning.”

“Versioning occurs when a developer releases an initial version of an app on the Google Play Store that appears legitimate and passes our checks, but later receives an update from a third-party server changing the code on the end user device that enables malicious activity,”

@Cyber_Security_Channel

Cyber Security News

17 Aug 2023 07:37

Google’s AI Red Team: Advancing Cybersecurity on the AI Frontier

Some of the tactics, techniques and procedures (TTPs) that we use in exercises to target AI deployments, and are mentioned in the report, require specific internal access that an external attacker would not have.

This is when our AI Red Team is collaborating with the security red team to get in that position.

The security and privacy of our users is always our top priority. If we cannot launch a new feature safely, we don’t launch it, regardless of how cool it might be.

Where there is no simple solution to an identified issue, the AI Red Team collaborates closely with internal research teams that work hard to research new approaches to address these gaps.

@Cyber_Security_Channel