Cyber Security News

02 Sep 2023 18:16

Speaking Up About Data Privacy in Ed Tech

A large majority of those vendors actually want to hear from education users who find something in those policies they don't like, or need clarification on part of a vendor's privacy policy.

We did truly amazing things with that data privacy program. We got kids involved, we got them excited.

We partnered with external organizations like the Future of Privacy Forum to provide different incentives for kids, as well as educational and awareness videos called Think Privacy, to really embrace a culture of privacy, safety, and security.

@Cyber_Security_Channel

Cyber Security News

02 Sep 2023 00:48

The 7 Best Encryption Apps for Windows, According to MUO

To cut down your search time, we went through a host of options and have listed down the best encryption tools for Windows.

1. 7-Zip
2. VeraCrypt
3. Age
4. Gpg4win
5. BitLocker
6. Cryptomator
7. AxCrypt

Encryption, and cybersecurity in general, is no more just a passion for a select few hobbyists.

With almost everything going digital, it’s of utmost importance to keep up with the best cybersecurity practices; using an encryption app is one such practice.

@Cyber_Security_Channel

Cyber Security News

01 Sep 2023 20:06

Case from one week ago: Telegram Ban in Iraq Due to “National Security Concerns” Lifted

The national security ban of Telegram appeared to be touched off by the discovery of channels that shared the names, addresses and family relationships of residents of Iraq.

The Ministry of Communications reportedly asked the messaging app to remove these channels, but received no response.

The ban was in place for a little over a week, lifted on August 14 with a post from the Ministry indicating that Telegram had responded to its requests.

@Cyber_Security_Channel

Cyber Security News

01 Sep 2023 15:29

Newer, Better XLoader Signals a Dangerous Shift in macOS Malware

The new XLoader has no such flaw — it's written natively in C and Objective C.

It's packaged in an application file with the legitimate-sounding name "Office Note," the macOS Microsoft Word logo, and an Apple developer signature. Apple has since revoked the signature, but "it won't make much difference," Stokes says.

"All it means is that the developers will have to pivot to another signature. Developers' signatures are bought and sold on the Dark Net, or they're fakes.

They can even ad hoc sign, which means it doesn't actually have a developer signature, but it will still get past Apple's gatekeeper detection."

@Cyber_Security_Channel

Cyber Security News

01 Sep 2023 10:56

FBI Finds 1,580 Bitcoin in Crypto Wallets Linked to North Korean Hackers

Previously, the hackers stole crypto assets in attacks against Harmony’s Horizon bridge and Sky Mavis’ Ronin Bridge.

“Private sector entities should examine the blockchain data associated with these addresses and be vigilant in guarding against transactions directly with, or derived from, the addresses,” the FBI says.

@Cyber_Security_Channel

Cyber Security News

01 Sep 2023 04:33

'Cuba' Ransomware Group Uses Every Trick in the Book

Once inside the network, Cuba deployed BUGHATCH, its own custom downloader.

BUGHATCH establishes a connection to a command-and-control (C2) server, then downloads attacker payloads (It can also execute files and commands).

One of BUGHATCH's downloads this time, for example, was Metasploit, which it used to cement its foothold in the target environment.

@Cyber_Security_Channel

Cyber Security News

31 Aug 2023 22:55

Energy One Investigates Cyberattack

The company said it took immediate steps to limit the impact of the incident, engaged specialists CyberCX, and alerted the Australian Cyber Security Centre and UK authorities.

As part of the investigation, Energy One has disabled links between its corporate and customer-facing systems as a precaution.

@Cyber_Security_Channel

Cyber Security News

31 Aug 2023 19:24

AI’s Personalization Paradox: Tailored Experiences vs Data Privacy

The power of AI-driven personalization is alluring - but first, we need to solve how it clashes with data privacy.

Balancing tailored experiences with ethical considerations is going to be closely watched in the years to come.

Prioritizing privacy while empowering users - these are the challenges to navigate for a responsible AI landscape.

AI-powered personalization employs AI and machine learning to create customized customer experiences by analyzing extensive data such as browsing history, purchases, interactions, and demographics

@Cyber_Security_Channel

Cyber Security News

31 Aug 2023 15:12

Motherboard Mishaps Undermine Trust, Security

As of Aug. 28, neither Microsoft nor MSI has uncovered the cause of the issue, and neither company returned a request for comment.

"Both MSI and Microsoft are aware of the 'UNSUPPORTED_PROCESSOR' error and have begun investigating the root cause," MSI wrote in its statement.

"While the investigation is underway, we recommend that all users temporarily refrain from installing the KB5029351 Preview update in Windows".

@Cyber_Security_Channel

Cyber Security News

31 Aug 2023 10:25

Privacy, Data and Cybersecurity Quick Clicks

The Securities and Exchange Commission (SEC) adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy and governance.

The SEC also adopted rules requiring foreign private issuers to make comparable disclosures.

@Cyber_Security_Channel

Cyber Security News

31 Aug 2023 04:34

Why Browser Security Is Crucial

Tall identified two approaches to ensure secure browser adoption: the complete "rip and replace" of existing browsers, which could warrant changes in customer behavior, and the extension of security to current browsers.

But in the realm of cybersecurity tools, secure browsing is still nascent.

Barriers to the adoption of secure browsing, Tall said, stem from the fact that these security tools are often influenced by distribution players, and "it's just a little bit of inertia.

@Cyber_Security_Channel

Cyber Security News

30 Aug 2023 23:39

How to Hire Cybersecurity Professionals

"Hiring and retaining talent can often feel like an uphill battle, but there are a number of things that leaders can be doing to make more strides in this area," said Rob Rashotte, vice president of global training & technical field enablement at Fortinet.

Cybersecurity professionals "should also be offered a little space to experiment," Brown said. "Like many tech people, cyber professionals like to learn by doing and to continually optimize solutions.

Give them room to do this, even just a little, in terms of time and resources."Rashotte and other experts outline four things that employers can do to build their cybersecurity workforces.

@Cyber_Security_Channel

Cyber Security News

30 Aug 2023 20:47

Why Online Choice Architecture is a Data Protection Priority

Online Choice Architecture (OCA) is defined as the way that companies present information and choices to users of websites and other online services.

It can include the way prices are displayed on a website, personal recommendations presented to consumers and the options available to consumers.

OCA practices can also be used to exploit behavioural biases of consumers and lead them to make riskier decisions.

OCA has an impact on individual's privacy rights, an impact on how businesses compete and how consumers are treated.

@Cyber_Security_Channel

Cyber Security News

30 Aug 2023 15:04

“Snakes In Airplane Mode” – What If Your Phone Says it’s Offline But isn’t?

The bad news, however, is that the software shenanigans used aren’t the typical tricks associated with malware or date exfiltration code.

That’s because “fake airplane” mode doesn’t itelf snoop on or try to steal private data belonging to other apps, but works simply by showing you what you hope to see, namely visual clues that imply that your device is offline even when it isn’t.

@Cyber_Security_Channel

Cyber Security News

30 Aug 2023 10:57

📩 Our partners at Hacklido released a new version of their newsletter: Cyber Security Round Up - August 15th, 2023

It includes materials on the following topics:

• XXE attack
• Blockchain
• API security
• IOT Hacking
• OpenredireX
• SQL injection
• DNS Takeover
• C2 server Hacking
• Web race conditions

And more...

You can find the full version of the newsletter here.

——

✨ If your company / project / community is willing to become a partner of Cyber Security News, feel free to contact us: @cybersecadmin

——

@Cyber_Security_Channel

Cyber Security News

02 Sep 2023 02:52

University of Minnesota Confirms Data Breach, Says Ransomware Not Involved

The university also said that scans it has performed revealed no ongoing activity related to the incident and there were no system disruptions.

“Our investigation is continuing, but our security professionals have not detected any system malware (including ‘ransomware’), encrypted files or fraudulent emails related to the incident.

There have been no known disruptions to current University operations as a result of this data security incident,” the university said.

@Cyber_Security_Channel

Cyber Security News

01 Sep 2023 22:47

3 Data Privacy Principles to Adopt Now, Even While Governments Still Debate

The good news is brands don’t have to be in a bad position. Yes, these issues are extremely complex and legislation will take time.

But it’s more important than ever to design your own systems to protect individuals and – as a result – to protect your own brand’s future.

Three low-risk, high-reward practices around data privacy and security:

1. Build a foundation of fairness
2. Maximize data transparency
3. Stop hoarding data.

@Cyber_Security_Channel

Cyber Security News

01 Sep 2023 17:16

Adobe Patches Critical Deserialization Vulnerability, but Exploits Persist

Adobe recommends that customers apply the security configuration settings "as outlined on the ColdFusion Security page as well as review the respective Lockdown guides".

It also recommends "updating your ColdFusion JDK/JRE to the latest version of the LTS releases for JDK 11."

This is because applying the ColdFusion update without a corresponding JDK update will not allow for a secure server.

@Cyber_Security_Channel

Cyber Security News

01 Sep 2023 13:43

US Government Publishes Guidance on Migrating to Post-Quantum Cryptography

According to the document, existing cryptographic products, protocols, and services, which rely on public key algorithms, will likely be updated or replaced to become quantum-resistant and protect against future threats.

CISA, NSA, and NIST encourage organizations to proactively prepare for migrating to products that adhere to post-quantum cryptographic standards and to implement measures to reduce the risks posed by a ‘cryptanalytically-relevant quantum computer’ (CRQC).

@Cyber_Security_Channel

Cyber Security News

01 Sep 2023 07:42

Smart Light Bulbs Could Give Away Your Password Secrets

For better or for worse (the authors of the paper don’t say whether any disclosure dates were agreed with TP-Link, so we don’t know how long the company has been working on its patches), the researchers have now revealed how their attacks work, albeit without providing any copy-and-pastable attack code for wannabe home-hackers to exploit at will.

@Cyber_Security_Channel

Cyber Security News

01 Sep 2023 01:40

Tesla Data Breach Investigation Reveals Inside Job

In a subsequent investigation of the breach, Tesla found that two former employees "misappropriated the information in violation of Tesla's IT security and data protection policies and shared it with the media outlet."

Handelsbatt has informed Tesla that it does not intend to publish the compromised information, nor would it legally be allowed to.

@Cyber_Security_Channel

Cyber Security News

31 Aug 2023 20:53

Ivanti Ships Urgent Patch for API Authentication Bypass Vulnerability

The vulnerability, tagged as CVE-2023-38035, affects Ivanti Sentry versions 9.18 and prior, and could be exploited by malicious hackers to change configuration, run system commands, or write files onto the system, Ivanti said in an advisory.

“If exploited, this vulnerability enables an unauthenticated actor to access some sensitive APIs that are used to configure the Ivanti Sentry on the administrator portal (port 8443, commonly MICS),” the company said.

While the issue carries a 9.8/10 CVSS severity score, Ivanti notes there is low risk of exploitation for enterprise administrations who do not expose port 8443 to the internet.

@Cyber_Security_Channel

Cyber Security News

31 Aug 2023 17:53

Ad Firm Plans to Use People’s Data in a Maneuver to Sink Data Privacy Bill

SB 362, known as the Delete Act, would require companies to delete all data on individuals upon request — including data purchased or acquired from third parties.

This would shrink the trove of personal information they hold, such as browsing history, birthdates and past purchases.

Data brokers compile this information to build profiles of people, which can be used to craft advertisements tailored to an individual’s preferences.

But that also grants them access to some of people’s most sensitive details, such as whether they are pregnant or suffering from mental illness.

@Cyber_Security_Channel

Cyber Security News

31 Aug 2023 13:02

Metabase Q Bags $3m Funding to Bolster Cybersecurity in Latin America

Metabase Q, through the recently raised funds, aims to strengthen and expand its capital-efficient operations.

Their objective is to redefine the methodologies modern enterprises adopt to manage, gauge, and advance their cybersecurity endeavours.

The company’s traction is evident, with an impressive 403% quarter-over-quarter surge in new bookings, underscoring Metabase Q’s innovative approach as the cybersecurity industry’s future trajectory.

@Cyber_Security_Channel

Cyber Security News

31 Aug 2023 07:50

Experts Believe AI Could Help Prevent Some Cybersecurity Attacks in Schools

One of the benefits of AI is that they can be that set of virtual eyes on the school networks when the IT staff are not able to do that,” he said.

He explains that some vendors are incorporating AI into tools that schools are already using.

“Not only can [AI] keep their eyes on the network, they can actually take proactive steps to help defend those networks from cyber criminals who are trying to penetrate their systems and steal valuable data about students and teachers,” said Levin.

But he warns some of these high-tech upgrades may come at a major cost.“In some ways, it’s going to save schools for having to invest maybe in more IT professionals dedicated to security,” he said.

“At another level, I wouldn’t be surprised to see the prices for these solutions to continue to rise.

@Cyber_Security_Channel

Cyber Security News

31 Aug 2023 01:35

Paperclip SAFE® Adds Data Masking to its Breakthrough Searchable Encryption Solution

Data masking, also referred to as de-identification or anonymization, is the process of modifying sensitive data in such a way that it is of no or little value to unauthorized intruders while still being usable by software or authorized personnel.

The addition of data masking to SAFE was driven by user feedback and changing compliance requirements.

Data masking is required by many compliance frameworks such as GDPR, CCPA, HIPAA and ISO 27002:2022 (Control 8.11) and is recognized by Gartner as a growing category within data security technology.

@Cyber_Security_Channel

Cyber Security News

30 Aug 2023 22:18

Why Ransomware Gangs Opt for Encryption-Less Attacks

Attackers have shifted their strategies in the face of increased law enforcement attention and the desire to encourage ransom payments.

This strategy to minimize business disruption helps keep the victim's business functional while pressuring them to pay the ransom discreetly.

They also want to increase the chance of a victim paying ransom because in many of the cases - and this is not in large numbers - the victim will not even report it.

They will pay it off and keep it under the wrap. It's a win-win situation if you think about it from their perspective.

@Cyber_Security_Channel

Cyber Security News

30 Aug 2023 17:45

CISA Posts Remote Monitoring & Management Systems Cyber Defense Plan

The Cybersecurity and Infrastructure Security Agency (CISA) published the Cyber Defense Plan for Remote Monitoring and Management (RMM), the first proactive plan developed by industry and government partners through the Joint Cyber Defense Collaborative (JCDC) as part of their 2023 Planning Agenda.

Part of the 2023 Planning Agenda, the RMM Cyber Defense Plan provides a roadmap to advance security and resilience of this critical ecosystem, including RMM vendors, managed service providers (MSPs), managed security service providers (MSSPs), small and medium sized businesses (SMBs) and critical infrastructure operators.

@Cyber_Security_Channel

Cyber Security News

30 Aug 2023 12:12

DEF CON's AI Village Pits Hackers Against LLMs to Find Flaws

"We will be going through the anonymized data and finding patterns of vulnerabilities that participants discovered during the challenge and produce a report that will hopefully help ML and security researchers gain better insights into LLMs and policymakers make more informed regulations about AI," Ghosh says.

While he won't answer questions directly about any of the winning LLM hacks, Ghosh says he was able to use the LLMs to generate discriminatory code, credit card numbers, misinformation, and more.

@Cyber_Security_Channel

Cyber Security News

30 Aug 2023 08:21

⚡️Duolingo Suffers Massive Data Breach; Scrapped Data Lands on Hacking Forum

The hacker was able to verify active Duolingo users by feeding millions of email addresses to the vulnerable API.

The verified email IDs were then used by the hacker to create a dataset containing both public and non-public information.

Alternatively, it is also possible to feed a username to the API to retrieve JSON output, containing sensitive user data.

@Cyber_Security_Channel