South African Department of Defence Denies Stolen Data Claims
Charl van der Walt, head of security research at Orange Cyberdefense, says the security services provider was able to discover the leaked data via automated processes it conducts for research and customer assistance.
Carl Morris, senior lead research manager for Orange Cyberdefense, says there had been 16,922 views of the posted leaked data and 782 downloads of the 1.6TB file at the time of publishing.
Morris says these numbers are quite low compared with some of the other leaks uploaded previously by the same group.
@Cyber_Security_Channel
Here's What Your Breach Response Plan Might Be Missing
Connecting with a breach counsel is vital because most cyberattacks are not one-off events.
Threat actors target many organizations simultaneously, meaning you are likely not alone. A breach counsel can identify information about the attack, notify law enforcement, and check local regulations.
This way, you can spend your energy and focus on dealing with the attack, restoring your data, and getting your business back up and running.
@Cyber_Security_Channel
VMware Patches Major Security Flaws in Network Monitoring Product
he VMware Aria Operations for Networks product, formerly vRealize Network Insight, is used by enterprises to monitor, discover and analyze networks and applications to build secure network infrastructure across clouds.
The company said the Aria Operations for Networks collectors are impacted by the vulnerability but advised customers that upgrading the platform appliance will remediate the issue.
@Cyber_Security_Channel
Authentication Outage Underscores Why 'Fail Safe' Is Key
A failure in an authentication service can disrupt operations, says Andras Cser, vice president and principal analysis at Forrester Research.
"Anytime two-factor or multifactor authentication does not have alternative or backup login methods and form factors — biometrics, offline one-time password generators, etc. — MFA can become a bottleneck, regardless of whether it's on-prem or cloud-hosted.
When there is no authentication, the company essentially stops working."
@Cyber_Security_Channel
Meta Refreshes Promise to Roll Out Default End-to-End Encryption in Messenger This Year
Meta first reaffirmed this commitment in a letter sent to Fight for the Future earlier this month, which was viewed by The Verge, responding to a pro-encryption campaign launched by the digital rights group last year.
In the letter, Meta’s deputy privacy officer, Rob Sherman, said that adding the additional layer is currently being tested in both Messenger and Instagram chats.
Messenger users can already encrypt messages but must opt in to the service since it isn’t on by default.
@Cyber_Security_Channel
London's Met Police on Alert After IT 'hack'
"We share that sense of fury... this is a staggering security breach that should never have happened," said vice chair Rick Prior.
It follows an admission this month by the Police Service of Northern Ireland (PSNI) that personal data on all serving members was mistakenly published in response to a Freedom of Information (FOI) request.
@Cyber_Security_Channel
Better SaaS Security Goes Beyond Procurement
SaaS audits and checklists such as vendor questionnaires, SOC2 audits, and penetration test reviews are longstanding, reasonable components of the procurement process.
Security and IT teams partner with finance to enforce extensive due diligence and procurement controls upfront.
These vetting activities generally fall under the domain of third-party risk management.
This partnership is meant to get ahead of potential SaaS cybersecurity risks, which typically rise during vendor onboarding and operationalization.
@Cyber_Security_Channel
Less Is (Not) More: The Need for Adequate Data Protection Practices When Monetizing Personal
In light of Softmedia’s failure to address the loophole in its requirement of borrowers’ authorization which was being exploited by the companies using the database, the PCPD concluded that Softmedia had contravened Data Protection Principle 4(1) of the PDPO.
In addition, the PCPD discovered that Softmedia had also breached Data Protection Principle 2(2) of the PDPO by retaining more than 50,000 credit records of borrowers who had completed their repayments over five years ago. In reaching the conclusion above, the PCPD made reference to its Code of Practice on Consumer Credit Data (COP), which sets out the maximum period a credit reference agency should retain account repayment data in its database5.
@Cyber_Security_Channel
XLoader Malware Variant Targets MacOS Disguised as OfficeNote App
The first versions of XLoader needed the Java Runtime Environment to be executed successfully.
Since Apple stopped shipping JRE on macOS years ago, it has been less effective than other malware, although many users on macOS still need JRE for different purposes and have it installed on their systems.
@Cyber_Security_Channel
Is Bias in AI Algorithms a Threat to Cloud Security?
We refer to AI bias as a hidden threat to cloud security because we often don't know that bias is present unless we specifically look for it — or until it is too late and a data breach has happened.
@Cyber_Security_Channel
What Is Data Privacy? The Secret to Safe Surfing
Data privacy is the control an individual or organization has over sensitive information stored or collected about them.
It is the ability to determine who has access to this data, how it’s used and the safeguards in place to protect it from unauthorized exposure.
Personal data associated with data privacy includes sensitive information like names, addresses, Social Security numbers and financial data.
It also extends to less overtly personal data like browsing history, location data, IP addresses and online purchases. Further, it may encompass biometric data, health care records and employment details.
@Cyber_Security_Channel
Verizon Executive Joins Quantum-Secure Encryption Company
The appointment of Dixon aligns with Qrypt's commitment to the next level of data protection.
Kevin Chalker, CEO and co-founder of Qrypt, expressed enthusiasm about the new addition, stating, “Providing secure communications is critical to protecting our right to privacy.
Our team at Qrypt is thrilled to welcome Ken Dixon to our board to further our mission of protecting the world’s data in the telecommunications industry.
By bringing together industry experts across telecommunications, financial services, and other highly regulated industries, we can strengthen critical infrastructure and permanently protect data through quantum-secure encryption.”
@Cyber_Security_Channel
QR Code Hacks Are Another Thing to Worry About Now
The phishing emails purported to be from Microsoft, telling receivers to scan the attached QR codes to review security requirements and update their accounts.
In fact, scanning the codes landed targets on sites set up to steal their information. The codes allowed the phishing messages to elude email security filters that search for known malicious links.
@Cyber_Security_Channel
Top 5 Disaster Recovery as a Service Providers for 2023
With Disaster recovery as a service, organizations can use a cloud-based service provider to handle their disaster recovery planning.
DRaaS can provide a quick way for organizations to restore their data and applications, providing business continuity after a natural or man-made disaster has interrupted or halted IT operations.
@Cyber_Security_Channel
More Than Half of Browser Extensions Pose Security Risks
The study showed 51% of all installed extensions were high risk and had the potential to cause extensive damage to the organizations using them.
The extensions all had the ability to capture sensitive data from enterprise apps, run malicious JavaScript, and surreptitiously send protected data including banking details and login credentials to external parties.
@Cyber_Security_Channel
Abnormal Security: Microsoft Tops List of Most-Impersonated Brands in Phishing Exploits
Abnormal’s threat unit also tracked how generative AI is increasingly being used to build social engineering attacks.
The study examines how AI tools make it far easier and faster for attackers to craft convincing phishing emails, spoof websites and write malicious code.
@Cyber_Security_Channel
8 Best Identity and Access Management (IAM) Solutions for 2023
Identity and Access Management software and solutions are used to verify identities and only permit authorized users to access organizational resources.
Such tools typically reside between systems and target resources.
They establish a framework of security policies and technologies to prevent unauthorized access.
They form the backbone of user authentication and access and are used in both local and remote scenarios.
@Cyber_Security_Channel
5 Ways to Prepare for Google's 90-Day TLS Certificate Expiration
Certificate life-cycle management (CLM) is an ongoing challenge for admins, especially those large organizations that may have hundreds or thousands of certificates to manage.
One survey found the average was more than 50,000, and the number went up more than 43% annually.
Today's enterprises, which rely heavily on cloud-based assets and automation, can't skimp on certificate management if they want to keep operating smoothly.
A number of best practices to achieve crypto-agility are imperative to face this challenge.
@Cyber_Security_Channel
10 Million Likely Impacted by Data Breach at French Unemployment Agency
According to cybersecurity firm Emsisoft, the data breach was the result of the May 2023 MOVEit hack, which has impacted roughly 1,000 organizations and more than 60 million people.
Data collected by Emsisoft from various sources shows that roughly 10 million individuals might have been affected by the Pole Emploi data breach.
@Cyber_Security_Channel
Enabling Microsoft Purview Message Encryption
Microsoft Purview Message Encryption is an online service built on the Azure Rights Management framework.
It enhances the existing encryption capabilities of Microsoft Office solutions, such as the Microsoft Outlook mailbox.
While Microsoft does offer encryption for employee messages by default, Purview allows businesses to take their security standards to the next level.
Using the Purview platform, business leaders can configure security policies that allow email users to send and receive encrypted messages.
These messages can be delivered securely to people inside and outside an organization.
Microsoft Purview administrators can create mail flow or transport rules that set the specific conditions for each encryption.
When a user of the Microsoft client sends a message matching the conditions of these rules, the information is automatically encrypted.
The Purview Message Encryption solution combines identity, authorization, and encryption policies for more secure emails and even provides access to valuable rights templates.
For instance, users can implement specific templates for “do not forward” and “encrypt only”.
@Cyber_Security_Channel
French Employment Agency PÔLE EMPLOI Data Breach Impacted 10M People
The security breach exposed the surname and first name and social security number of the impacted individuals.
Email addresses, phone numbers, passwords and financial data are not exposed.
The agency recommends job seekers remain vigilant on any potential fraudulent activity, it also added that there is no risk on the compensation and support offered by the agency, nor on access to the personal space of pole-emploi.fr.
@Cyber_Security_Channel
Vendors Training AI With Customer Data is an Enterprise Risk
One big mistake is to assume that data a technology company might collect for AI training is not very different from data the company might collect about service use, says Claude Mandy, chief evangelist, data security at Symmetry Systems.
"Technology companies have been using data about their customer’s use of services for a long time," Mandy says.
"However, this has generally been limited to metadata about the usage, rather than the content or data being generated by or stored in the services."
In essence while both involve customer data, there's a big difference between data about the customer and data of the customer, he says.
@Cyber_Security_Channel
Cisco Talos Research: New Lazarus Group Attack Malware Campaign Hits UK & US Businesses
Once the malware has been executed, it starts sending initial information about the system to its command-and-control server and waits for an answer, which might be a direct command to the malware or a Microsoft Windows command line to be executed via the cmd.exe process.
The initial information is being encrypted and sent to the C2; it consists of network configuration information (i.e., IP address and MAC address) and the currently logged in user name (Figure A).
@Cyber_Security_Channel
'Whiffy Recon' Malware Transmits Device Location Every 60 Seconds
Drew Schmitt, lead analyst on GuidePoint Security Research and Intelligence Team (GRIT), says that insights into the movements of individuals may establish patterns in behavior or locations which may allow for more specific targeting to occur.
"It could be used for tracking individuals belonging to a specific organization, government, or other entity," he says.
"Attackers could selectively deploy malware when the infected system is physically located in a sensitive location or at specific times that would give them a high probability of operational success and high impact".
@Cyber_Security_Channel
Securing Optical Networks: How Encryption Helps Keep Your Data Safe
Even the biggest brands are not immune to cyber security threats.
In 2021 LinkedIn was hacked in an attack that saw data from around 700 million users posted on a dark web forum.
More recently, social media site Reddit had some 80GB of data stolen by a ransomware gang, which threatened to sell it if the company did not pay $4.5m to delete it.
Optical networks are no less vulnerable.
The convergence of fibre-optic networks with IP-based systems can expose them to a wide range of cyber attacks, including distributed denial of service (DDoS), data interception, and unauthorised access.
The potential consequences of a security breach in an optical network extend beyond data loss, encompassing service disruption, damage to a company's reputation and then the financial impact.
@Cyber_Security_Channel
Data Protection: One of These Incidents Is Not Like the Other
There is a chance, however, that any one drive contains an employee’s Social Security number and the tax withheld from that employee’s income.
Importantly, if indeed present, these data elements qualify the incident as a breach under many states’ breach notification statutes.
It will be a challenge to track down all 50 flash drives and it will likely take the organization significant time to fully uncover the facts if they fully uncover them at all.
Ultimately, notice to affected consumers may be required once the incident is confirmed to be a breach.
When assessing notification to regulators, businesses may want to consider a strategy at the incident’s outset of ongoing communication with updates and developments as the matter evolves.
Regulators often include state Attorneys General and/or a primary industry regulator such as a Commissioner of Insurance or State Corporation Commission.
@Cyber_Security_Channel
Protecting Government Institutions’ Data: Who Bears the Responsibility?
This breach presents a risk to sensitive public data and how it is manipulated for malicious intent, especially where conversations around societal democracy and the integrity of our elections arise.
Institutions like the electoral commission are a data goldmine, holding vast swathes of highly confidential and personal data relating to the public.
This makes them a key target for cybercriminals, either as part of ransomware initiatives or for tailored scams.
@Cyber_Security_Channel
11 Cybersecurity Trends to Take From Black Hat 2023
To dig deeper into the event, Techopedia reached out to security analysts, CEOs, CISOs, and CTOs following the conference to get their thoughts on the top cybersecurity trends to take note of from Black Hat 2023.
Their comments have been edited for brevity and clarity.
1. Moving Past the Hype of AI
2. Hardening the Software Supply Chain
3. Managing Costs and Showing the Value of Cybersecurity
4. Cyber Insurance and IoT Security Maturity
5. Cloud Security Remains Top of Mind
Read more about the topic here.
@Cyber_Security_Channel
5 Steps to Prepare for India's Digital Personal Data Protection Act
It is important to note that understanding exemptions for specific provisions of the Act will require careful analysis.
There are broad exclusions for government agencies, ambiguous definitions for certain exempt processing purposes and, in the future, the central government is also likely to add additional exemptions for specific data fiduciaries (data controllers) or classes of data fiduciaries, e.g., Start-Ups.
1. Determine applicability
2. Build a data inventory and data map
3. Set up consent mechanisms
4. Enable data principal rights
5. Implement technical and organizational measures
@Cyber_Security_Channel
Social Security Numbers Were Exposed in 69% of Breaches in 2023
While a person’s name continues to be the most exposed individual credential, a Social Security Number has passed date of birth as the second most often exposed individual credential in breaches in the first half of 2023.
Social Security Numbers were exposed in 69% of breaches, up from 60% last year.
Driver’s licenses or other state identification information were exposed in 31% in the first half of 2023, more than double last year’s 14% mark.
Checking or savings account numbers also saw their exposure double year-over-year.
@Cyber_Security_Channel