cyber_security_channel | News and Media

Telegram-канал cyber_security_channel - Cyber Security News

42585

Be Cyber Aware. Our vacancies channel: @CyberSecurityJobs Our chat: t.me/cybersecuritynewschat LinkedIn: https://www.linkedin.com/company/securitynews/ Facebook: https://www.facebook.com/BreakingCyberSecNews 📩 Cooperation: @cybersecadmin

Subscribe to a channel

Cyber Security News

4 Strategies to Safeguard the Finance Industry Against Deepfake Onslaught

Deepfakes can manifest in many ways within the realm of digital deception.

Deepfake technology allows fraudsters to pose as high-ranking executives or CEOs, changing their voices and appearances to trick investors or employees into carrying out transactions or disclosing sensitive information.

These deepfake-driven impersonation frauds cause huge financial losses and harm to individuals' and companies' reputations.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Energy Department Offering $9M in Cybersecurity Competition for Small Electric Utilities

The competition has three phases, focusing on commitment, planning and implementation.

In the planning phase, competitors need to describe their current resources and their need for improving their cybersecurity posture.

The deadline for the first phase of the project is November 29, 2023.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Abnormal Security: Microsoft Tops List of Most-Impersonated Brands in Phishing Exploits

Abnormal’s threat unit also tracked how generative AI is increasingly being used to build social engineering attacks.

The study examines how AI tools make it far easier and faster for attackers to craft convincing phishing emails, spoof websites and write malicious code.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

8 Best Identity and Access Management (IAM) Solutions for 2023

Identity and Access Management software and solutions are used to verify identities and only permit authorized users to access organizational resources.

Such tools typically reside between systems and target resources.

They establish a framework of security policies and technologies to prevent unauthorized access.

They form the backbone of user authentication and access and are used in both local and remote scenarios.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

5 Ways to Prepare for Google's 90-Day TLS Certificate Expiration

Certificate life-cycle management (CLM) is an ongoing challenge for admins, especially those large organizations that may have hundreds or thousands of certificates to manage.

One survey found the average was more than 50,000, and the number went up more than 43% annually.

Today's enterprises, which rely heavily on cloud-based assets and automation, can't skimp on certificate management if they want to keep operating smoothly.

A number of best practices to achieve crypto-agility are imperative to face this challenge.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

10 Million Likely Impacted by Data Breach at French Unemployment Agency

According to cybersecurity firm Emsisoft, the data breach was the result of the May 2023 MOVEit hack, which has impacted roughly 1,000 organizations and more than 60 million people.

Data collected by Emsisoft from various sources shows that roughly 10 million individuals might have been affected by the Pole Emploi data breach.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Enabling Microsoft Purview Message Encryption

Microsoft Purview Message Encryption is an online service built on the Azure Rights Management framework.

It enhances the existing encryption capabilities of Microsoft Office solutions, such as the Microsoft Outlook mailbox.

While Microsoft does offer encryption for employee messages by default, Purview allows businesses to take their security standards to the next level.

Using the Purview platform, business leaders can configure security policies that allow email users to send and receive encrypted messages.

These messages can be delivered securely to people inside and outside an organization.

Microsoft Purview administrators can create mail flow or transport rules that set the specific conditions for each encryption.

When a user of the Microsoft client sends a message matching the conditions of these rules, the information is automatically encrypted.

The Purview Message Encryption solution combines identity, authorization, and encryption policies for more secure emails and even provides access to valuable rights templates.

For instance, users can implement specific templates for “do not forward” and “encrypt only”.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

French Employment Agency PÔLE EMPLOI Data Breach Impacted 10M People

The security breach exposed the surname and first name and social security number of the impacted individuals.

Email addresses, phone numbers, passwords and financial data are not exposed.

The agency recommends job seekers remain vigilant on any potential fraudulent activity, it also added that there is no risk on the compensation and support offered by the agency, nor on access to the personal space of pole-emploi.fr.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Vendors Training AI With Customer Data is an Enterprise Risk

One big mistake is to assume that data a technology company might collect for AI training is not very different from data the company might collect about service use, says Claude Mandy, chief evangelist, data security at Symmetry Systems.

"Technology companies have been using data about their customer’s use of services for a long time," Mandy says.

"However, this has generally been limited to metadata about the usage, rather than the content or data being generated by or stored in the services."

In essence while both involve customer data, there's a big difference between data about the customer and data of the customer, he says.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Cisco Talos Research: New Lazarus Group Attack Malware Campaign Hits UK & US Businesses

Once the malware has been executed, it starts sending initial information about the system to its command-and-control server and waits for an answer, which might be a direct command to the malware or a Microsoft Windows command line to be executed via the cmd.exe process.

The initial information is being encrypted and sent to the C2; it consists of network configuration information (i.e., IP address and MAC address) and the currently logged in user name (Figure A).

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

'Whiffy Recon' Malware Transmits Device Location Every 60 Seconds

Drew Schmitt, lead analyst on GuidePoint Security Research and Intelligence Team (GRIT), says that insights into the movements of individuals may establish patterns in behavior or locations which may allow for more specific targeting to occur.

"It could be used for tracking individuals belonging to a specific organization, government, or other entity," he says.

"Attackers could selectively deploy malware when the infected system is physically located in a sensitive location or at specific times that would give them a high probability of operational success and high impact".

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Securing Optical Networks: How Encryption Helps Keep Your Data Safe

Even the biggest brands are not immune to cyber security threats.

In 2021 LinkedIn was hacked in an attack that saw data from around 700 million users posted on a dark web forum.

More recently, social media site Reddit had some 80GB of data stolen by a ransomware gang, which threatened to sell it if the company did not pay $4.5m to delete it.

Optical networks are no less vulnerable.

The convergence of fibre-optic networks with IP-based systems can expose them to a wide range of cyber attacks, including distributed denial of service (DDoS), data interception, and unauthorised access.

The potential consequences of a security breach in an optical network extend beyond data loss, encompassing service disruption, damage to a company's reputation and then the financial impact.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Data Protection: One of These Incidents Is Not Like the Other

There is a chance, however, that any one drive contains an employee’s Social Security number and the tax withheld from that employee’s income.

Importantly, if indeed present, these data elements qualify the incident as a breach under many states’ breach notification statutes.

It will be a challenge to track down all 50 flash drives and it will likely take the organization significant time to fully uncover the facts if they fully uncover them at all.

Ultimately, notice to affected consumers may be required once the incident is confirmed to be a breach.

When assessing notification to regulators, businesses may want to consider a strategy at the incident’s outset of ongoing communication with updates and developments as the matter evolves.

Regulators often include state Attorneys General and/or a primary industry regulator such as a Commissioner of Insurance or State Corporation Commission.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Protecting Government Institutions’ Data: Who Bears the Responsibility?

This breach presents a risk to sensitive public data and how it is manipulated for malicious intent, especially where conversations around societal democracy and the integrity of our elections arise.

Institutions like the electoral commission are a data goldmine, holding vast swathes of highly confidential and personal data relating to the public.

This makes them a key target for cybercriminals, either as part of ransomware initiatives or for tailored scams.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

11 Cybersecurity Trends to Take From Black Hat 2023

To dig deeper into the event, Techopedia reached out to security analysts, CEOs, CISOs, and CTOs following the conference to get their thoughts on the top cybersecurity trends to take note of from Black Hat 2023.

Their comments have been edited for brevity and clarity.

1. Moving Past the Hype of AI
2. Hardening the Software Supply Chain
3. Managing Costs and Showing the Value of Cybersecurity
4. Cyber Insurance and IoT Security Maturity
5. Cloud Security Remains Top of Mind

Read more about the topic here.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Should Senior IT Professionals Be Accountable for Professional Decisions?

Everyone makes mistakes.

But what if your mistakes cost you tens of thousands of dollars in fines, see you facing jail time, or risk the security of millions of other people?

Companies now access and handle more personal data than ever before. And regulators are reexamining the significant responsibility that brings.

Ranging from negligence to deliberate cover-ups, here are two other cases from recent years, involving Uber and TSB.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

South African Department of Defence Denies Stolen Data Claims

Charl van der Walt, head of security research at Orange Cyberdefense, says the security services provider was able to discover the leaked data via automated processes it conducts for research and customer assistance.

Carl Morris, senior lead research manager for Orange Cyberdefense, says there had been 16,922 views of the posted leaked data and 782 downloads of the 1.6TB file at the time of publishing.

Morris says these numbers are quite low compared with some of the other leaks uploaded previously by the same group.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Here's What Your Breach Response Plan Might Be Missing

Connecting with a breach counsel is vital because most cyberattacks are not one-off events.

Threat actors target many organizations simultaneously, meaning you are likely not alone. A breach counsel can identify information about the attack, notify law enforcement, and check local regulations.

This way, you can spend your energy and focus on dealing with the attack, restoring your data, and getting your business back up and running.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

VMware Patches Major Security Flaws in Network Monitoring Product

he VMware Aria Operations for Networks product, formerly vRealize Network Insight, is used by enterprises to monitor, discover and analyze networks and applications to build secure network infrastructure across clouds.

The company said the Aria Operations for Networks collectors are impacted by the vulnerability but advised customers that upgrading the platform appliance will remediate the issue.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Authentication Outage Underscores Why 'Fail Safe' Is Key

A failure in an authentication service can disrupt operations, says Andras Cser, vice president and principal analysis at Forrester Research.

"Anytime two-factor or multifactor authentication does not have alternative or backup login methods and form factors — biometrics, offline one-time password generators, etc. — MFA can become a bottleneck, regardless of whether it's on-prem or cloud-hosted.

When there is no authentication, the company essentially stops working."

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Meta Refreshes Promise to Roll Out Default End-to-End Encryption in Messenger This Year

Meta first reaffirmed this commitment in a letter sent to Fight for the Future earlier this month, which was viewed by The Verge, responding to a pro-encryption campaign launched by the digital rights group last year.

In the letter, Meta’s deputy privacy officer, Rob Sherman, said that adding the additional layer is currently being tested in both Messenger and Instagram chats.

Messenger users can already encrypt messages but must opt in to the service since it isn’t on by default.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

London's Met Police on Alert After IT 'hack'

"We share that sense of fury... this is a staggering security breach that should never have happened," said vice chair Rick Prior.

It follows an admission this month by the Police Service of Northern Ireland (PSNI) that personal data on all serving members was mistakenly published in response to a Freedom of Information (FOI) request.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Better SaaS Security Goes Beyond Procurement

SaaS audits and checklists such as vendor questionnaires, SOC2 audits, and penetration test reviews are longstanding, reasonable components of the procurement process.

Security and IT teams partner with finance to enforce extensive due diligence and procurement controls upfront.

These vetting activities generally fall under the domain of third-party risk management.

This partnership is meant to get ahead of potential SaaS cybersecurity risks, which typically rise during vendor onboarding and operationalization.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Less Is (Not) More: The Need for Adequate Data Protection Practices When Monetizing Personal

In light of Softmedia’s failure to address the loophole in its requirement of borrowers’ authorization which was being exploited by the companies using the database, the PCPD concluded that Softmedia had contravened Data Protection Principle 4(1) of the PDPO.

In addition, the PCPD discovered that Softmedia had also breached Data Protection Principle 2(2) of the PDPO by retaining more than 50,000 credit records of borrowers who had completed their repayments over five years ago. In reaching the conclusion above, the PCPD made reference to its Code of Practice on Consumer Credit Data (COP), which sets out the maximum period a credit reference agency should retain account repayment data in its database5.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

XLoader Malware Variant Targets MacOS Disguised as OfficeNote App

The first versions of XLoader needed the Java Runtime Environment to be executed successfully.

Since Apple stopped shipping JRE on macOS years ago, it has been less effective than other malware, although many users on macOS still need JRE for different purposes and have it installed on their systems.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Is Bias in AI Algorithms a Threat to Cloud Security?

We refer to AI bias as a hidden threat to cloud security because we often don't know that bias is present unless we specifically look for it — or until it is too late and a data breach has happened.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

What Is Data Privacy? The Secret to Safe Surfing

Data privacy is the control an individual or organization has over sensitive information stored or collected about them.

It is the ability to determine who has access to this data, how it’s used and the safeguards in place to protect it from unauthorized exposure.

Personal data associated with data privacy includes sensitive information like names, addresses, Social Security numbers and financial data.

It also extends to less overtly personal data like browsing history, location data, IP addresses and online purchases. Further, it may encompass biometric data, health care records and employment details.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Verizon Executive Joins Quantum-Secure Encryption Company

The appointment of Dixon aligns with Qrypt's commitment to the next level of data protection.

Kevin Chalker, CEO and co-founder of Qrypt, expressed enthusiasm about the new addition, stating, “Providing secure communications is critical to protecting our right to privacy.

Our team at Qrypt is thrilled to welcome Ken Dixon to our board to further our mission of protecting the world’s data in the telecommunications industry.

By bringing together industry experts across telecommunications, financial services, and other highly regulated industries, we can strengthen critical infrastructure and permanently protect data through quantum-secure encryption.”

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

QR Code Hacks Are Another Thing to Worry About Now

The phishing emails purported to be from Microsoft, telling receivers to scan the attached QR codes to review security requirements and update their accounts.

In fact, scanning the codes landed targets on sites set up to steal their information. The codes allowed the phishing messages to elude email security filters that search for known malicious links.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Top 5 Disaster Recovery as a Service Providers for 2023

With Disaster recovery as a service, organizations can use a cloud-based service provider to handle their disaster recovery planning.

DRaaS can provide a quick way for organizations to restore their data and applications, providing business continuity after a natural or man-made disaster has interrupted or halted IT operations.

@Cyber_Security_Channel

Читать полностью…
Subscribe to a channel