Cyber Security News

30 Sep 2023 13:59

Encrypted Email Provider Proton has Built its Own CAPTCHA Service

“If our CAPTCHA observes a high number of failures on the visual challenges, it’s designed to increase the difficulty level of the proof of work (computational) challenge accordingly,” Maguire wrote.

“In this manner, a botnet that can bypass the initial proof of work but struggles with the visual challenges will be met with increasingly complex computations.

This escalating difficulty makes the process more costly for the botnet but normal people will be able to pass quickly.”

@Cyber_Security_Channel

Cyber Security News

29 Sep 2023 16:09

TikTok Is Hit With $368 Million Fine Under Europe’s Strict Data Privacy Rules

The company pointed out that the regulator’s criticisms focused on features and settings dating back three years.

TikTok said it had made changes well before the investigation began in September 2021, including making all accounts for teens under 16 private by default and disabling direct messaging for 13- to 15-year-olds.

@Cyber_Security_Channel

Cyber Security News

28 Sep 2023 22:01

Smartphone Utilizes 3D Information Encryption With Dual-Light-Emitting Materials

“Since our polymer composites with dual-light-emitting materials is readily moldable with conventional 3D printers, a high-security and cost-effective optical encoding/decoding system can be achieved.” they added.

@Cyber_Security_Channel

Cyber Security News

28 Sep 2023 04:05

Workforce, AI Among Key Tech Challenges, Says Wisconsin CIO

Security is obviously another area that I don’t feel like you can ever do enough in that space, from managing day-to-day, but then also thinking about the state as a whole.

And how do we educate? How do we communicate?

How do we make sure people have resilient pieces and parts in place?

Certainly the federal grants opportunities that are out there, we’re helping to manage that and waiting for approval of year-one funding.

We’re just waiting for final CISA and FEMA approval, and then we’ll deep dive into implementation for years one through four.

@Cyber_Security_Channel

Cyber Security News

27 Sep 2023 15:42

International Criminal Court Suffers Cyberattack

"The International Criminal Court (ICC) is a high-profile organization that investigates and tries individuals," said Jelle Wieringa, Security Awareness Advocate for EMEA KnowBe4, in a statement.

"This makes the ICC a prime target for cyber attacks, as it has information on criminal cases.

Access to this information for the purpose of tampering with it, or for intelligence, is a powerful way for bad actors to influence and disrupt the proceedings of the international criminal justice system".

@Cyber_Security_Channel

Cyber Security News

26 Sep 2023 06:12

Cybersecurity Dominates 2024 Concerns for IT Leaders: Report

The notable challenges driving the cybersecurity priority include the high costs associated with network breaches and an ongoing shortage in security talent.

This deficit underscores the importance for organizations to select appropriate vendors to fortify their defense mechanisms.

@Cyber_Security_Channel

Cyber Security News

25 Sep 2023 17:09

The Next Frontier of Retail: Contactless Kiosks and Robots

Not only did the proliferation of eligible payment solutions improve customers’ unattended retail experience, but it also allowed vending operators to vastly expand their product inventory to include items worth more than peoples’ average pocket change.

This expansion has transformed vending machines from mere snack dispensers into versatile stores in compact form. 

Alongside vending machines packed with the familiar on-the-go essentials like non-perishable snacks and beverages are now those that supply fresh food, cosmetics, personal care items, consumer electronics, and much more. 

@Cyber_Security_Channel

Cyber Security News

25 Sep 2023 04:41

DHS Publishes New Recommendations on Cyber Incident Reporting

Developed in coordination with the Cyber Incident Reporting Council (CIRC), the document also outlines actions that the cybersecurity agency CISA should take to harmonize cyber incident reporting as it implements the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), and proposes legislative changes regarding incident reporting.

@Cyber_Security_Channel

Cyber Security News

24 Sep 2023 18:50

White House Official Tees Up AI Executive Order

Speaking during the Chamber of Commerce’s GlobalAI discussion Wednesday morning, Deputy National Security Advisor Anne Neuberger discussed the “promise and peril” of rapidly-evolving AI systems, and how federal officials are attempting to thread the needle between innovation and mitigation.

The marriage of AI algorithms to aid and improve cybersecurity is one step the executive branch is investigating. 

@Cyber_Security_Channel

Cyber Security News

24 Sep 2023 06:49

Healthcare Organisations At Risk as BYOD and Mobile Devices Escalate Cybersecurity Concerns

While apps and mobile devices are highly effective, affordable and convenient ways for medical facilities to manage a diverse range of components throughout the patient care continuum.

Unfortunately, the ease of use on mobile devices and apps, as well as the confidential patient information they store, make healthcare organisations that much more vulnerable to attackers.

@Cyber_Security_Channel

Cyber Security News

23 Sep 2023 19:36

Israeli-Founded Cybersecurity Startup Raises $40m to Help Mitigate Threats to AI Apps

The startup said it will use the Series B funds to expand “sales, marketing and R&D, as well as address the emerging threat of Artificial Intelligence and Large Language Models (LLMs) in the development of new applications”.

Software development teams are increasingly leveraging AI-generated code and embedding LLMs in their applications, “but these AI technologies are also introducing a rapidly expanding class of new security threats,” Legit Security said in a statement.

@Cyber_Security_Channel

Cyber Security News

23 Sep 2023 05:31

MobileCoin, Which Powers Signal’s Anonymous Crypto Payments, Appoints New CEO

In 2021, Signal, the end-to-end messenger popular among privacy-conscious users, launched the beta version of the MobileCoin-powered payments solution.

The feature has officially come out of the testing phase, allowing any user around the world to instantly send MobileCoin’s native Mob token to other Signal users with negligible network fees — all without leaving any identifiable trails behind.

@Cyber_Security_Channel

Cyber Security News

22 Sep 2023 16:26

Q&A: Survey Sheds Light On Why Automation Is a Key Solution for the Cyber Skills Gap

North America [survey] responders said: ‘We’re automating more, we’re using more AI, we’re using more process automation to make sure we do the heavy lifting with machines and then only present to the people with what they’re very good at… making judgments,” she said.

“In the other parts of the world, the top answer to that question of how you’re tackling cybersecurity skill shortage was: ‘We’re trying to provide higher wages and better benefits to the existing people.’ 

I think the world is moving towards the former, which is let’s do as much as we can with AI and machines and automation.”

@Cyber_Security_Channel

Cyber Security News

21 Sep 2023 22:24

What Does Closed-Door Meeting With AI Industry Leaders Mean for Business?

“There was a lot of care to make sure the room was a balanced conversation, or as balanced as it could be,” Deborah Raji, a researcher at the University of California, Berkeley who specialized in algorithmic bias and attended the meeting, told the AP.

Note: "TechRepublic contacted Senator Schumer’s office for a comment about this AI summit, and we have not received a reply by the time of publication".

@Cyber_Security_Channel

Cyber Security News

21 Sep 2023 11:45

Delaware Joins States With Comprehensive Consumer Data Privacy Laws

While not entirely dissimilar from other recently enacted consumer data privacy laws, the Delaware law does create another set of procedures for businesses to comply with in connection with their collection and use of consumer personal information.

If you have concerns about your business and its use of personal information or how the Delaware Personal Data Privacy Act affects you or your business, please contact the data privacy professionals at Clark Hill, PLC.

@Cyber_Security_Channel

Cyber Security News

30 Sep 2023 02:15

Commentary: Maryland Student Data, Privacy Need More Protection

A parent, for example, should be able to find out what kind of data is being collected on his or her child and how his or her child’s personally identifiable information is being used by state education officials and private companies contracted with the state or local school systems.

The education department should also ensure that personally identifiable information is encrypted at rest and in flight, and not just at the department, but between it and school systems and school systems with one another.

@Cyber_Security_Channel

Cyber Security News

29 Sep 2023 07:07

Remote Work and GenAI: Spanners in the Cybersecurity Engine?

Echoing these challenges brought by the proliferation of remote work, Sarah Armstrong-Smith, chief security advisor at Microsoft for EMEA, says that the pandemic changed everything: “We saw a mass acceleration with cloud adoption and the use of collaboration tools.

We saw lots of companies investing in smart technologies. We’re now seeing companies invest in AI and so cybercriminals are going to keep evolving their tactics too, utilizing the latest technologies to bypass security measures”.

@Cyber_Security_Channel

Cyber Security News

28 Sep 2023 14:37

SANS Survey Shows Drop in 2023 ICS/OT Security Budgets

When asked about their penetration testing efforts, more than half of respondents said they target Level 3 and the DMZ of the Purdue Model. Level 3 includes customized OT devices that manage production, and the DMZ includes firewalls, patch management servers, application servers, and remote access servers.

@Cyber_Security_Channel

Cyber Security News

27 Sep 2023 21:50

Pro-Iranian Attackers Claim to Target Israeli Railroad Network

The Cyber Avengers group also boasted via its Telegram channel that it has carried out several cyberattacks on the railroad infrastructure of Israel since 2020, and it claimed to take down the website of Israel's largest oil refinery, BAZAN Group in July.

The attackers also released what it said were screenshots of the company's SCADA systems.

All of those claims were dismissed by the company and debunked by researchers from Check Point, who told Bleeping Computer that the materials were complete fabrications.

@Cyber_Security_Channel

Cyber Security News

26 Sep 2023 21:33

Palo Alto’s John Davis Underscores the Role of AI in Cybersecurity and Enhanced Public Service

AI, including machine learning and behavioral analytics, aids in identifying and thwarting cyber threats efficiently.

@Cyber_Security_Channel

Cyber Security News

25 Sep 2023 22:56

Cybersecurity Firm Salvador Technologies Secures $2.2M BIRD Grant

Salvador Technologies' patented rapid recovery technology offers three essential layers of defence, ensuring the operational continuity of workstations and servers of critical infrastructures and manufacturing systems.

The innovation stems from the expertise of the company's founders, Alex Yevtushenko and Oleg Vusiker, both of whom have served over ten years in the National Cyber Unit and elite Intelligence Corps of the Israel Defense Forces (IDF).

@Cyber_Security_Channel

Cyber Security News

25 Sep 2023 10:30

Intel Launches New Attestation Service as Part of Trust Authority Portfolio

The attestation service can be used with Intel confidential computing, including on premises, in multi-cloud or hybrid environments, and at the edge.

“Intel Trust Authority will also become an integral capability to enable confidential AI, helping ensure the trustworthiness of confidential computing environments in which sensitive intellectual property (IP) and data are processed in machine-learning applications, particularly inferencing on current and future generations of Intel Xeon processors,” Intel explained.

@Cyber_Security_Channel

Cyber Security News

24 Sep 2023 22:37

CapraRAT Impersonates YouTube to Hijack Android Devices

Two of the packages aim to trick users into downloading what they think is the legitimate YouTube app, and a third uses romance-based social engineering by reaching out to a YouTube channel belonging to a persona called "Piya Sharma," which includes uploads of several short clips of a woman in various locations.

@Cyber_Security_Channel

Cyber Security News

24 Sep 2023 14:45

Storage and Data Protection News for the Week of September 22; Updates from Alcion, Arcserve, Veeam & More

The findings reveal gaps, vulnerabilities, and misconceptions in the healthcare sector, potentially hindering its ability to effectively safeguard and recover data in the event of malicious attacks and accidental data outages stemming from human error or natural events.

@Cyber_Security_Channel

Cyber Security News

24 Sep 2023 01:46

Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data

Microsoft has rectified a security breach that exposed 38 terabytes of private data on its AI GitHub repository.

The leak was discovered when publishing a bucket of open-source training data.

The issue was caused by an overly permissive SAS token, an Azure feature that allows users to share data in a hard-to-track and hard-to-revoke manner.

The token was misconfigured to allow "full control" permissions instead of read-only, allowing attackers to view all files in the storage account and delete and overwrite existing files.

Microsoft has revoked the SAS token and blocked external access to the storage account.

📸 Photo: Analytics Insight

@Cyber_Security_Channel

Cyber Security News

23 Sep 2023 13:56

MA Sports Betting Operators Concerned Over Landmark Data Privacy Rules

“I’m concerned, becase my guess is that you’ll have a low level of opt in, so any data that you get would be highly biased,” Wohl said.

“Most players that play problematically understand that they’re playing problematically and wouldn’t want to provide that data.

So my preference would be to have an opt out as opposed to an opt in.”

He suggested a carveout for data exclusively used to track and address problem gambling, which commissioners agreed to explore.

@Cyber_Security_Channel

Cyber Security News

22 Sep 2023 22:46

⚡️Popular Social Media Platform TikTok Has Been Fined €345 Million by European Regulators for a Series of Lapses in Its Settings That Could Put Children At Risk

Used by 134 million people monthly in Europe alone, TikTok is one of the world’s most popular social media platforms.

@Cyber_Security_Channel

Cyber Security News

22 Sep 2023 07:33

CISA Says Owl Labs Vulnerabilities Requiring Close Physical Range Exploited in Attacks

The remaining four vulnerabilities added by CISA to its KEV list impact Owl Labs’ Meeting Owl video conferencing product.

The device, shaped like an owl, features a 360° conference camera, a mic, and a speaker, and the vendor says it gets smarter over time.

The Meeting Owl vulnerabilities were discovered last year by researchers at Swiss cybersecurity firm Modzero.

They include inadequate encryption, missing authentication, hardcoded credentials, and improper authentication issues.

@Cyber_Security_Channel

Cyber Security News

21 Sep 2023 17:37

Companies Explore Ways to Safeguard Data in the Age of LLMs

"Data loss prevention became much more of an issue because there's suddenly... these large language models with the capability to index data in a very, very efficient manner," he says.

"People who were just sending documents around ... now, the chances of that data landing into a large language model are much higher, which means it's going to be much easier to find the sensitive data".

@Cyber_Security_Channel

Cyber Security News

21 Sep 2023 01:21

Cybersecurity Tabletop Board Game Pits Hackers vs. Defenders

The game would come with a generic incident response binder – "a playbook detailing exactly what to do to deal with and recover from the disaster".

It addresses malware propagation, file and operations recovery, insurance and payment negotiation advice, and how to communicate with the public and stakeholders, according to the campaign's FAQ.

@Cyber_Security_Channel