As State Supreme Court Weighs Biometrics Lawsuit, Lawmakers Mull Child data privacy
Several major advocacy and trade groups filed amicus briefs in the case, generally supporting the exclusion of health care workers from Biometric Information Privacy Act protections.
These include the Illinois Health and Hospital Association, the Advanced Medical Technology Association and a coalition of private hospitals including Springfield-based Memorial Health, Northshore University Health System and Rush University System for Health in the Chicago area.
@Cyber_Security_Channel
Commentary: Maryland Student Data, Privacy Need More Protection
A parent, for example, should be able to find out what kind of data is being collected on his or her child and how his or her child’s personally identifiable information is being used by state education officials and private companies contracted with the state or local school systems.
The education department should also ensure that personally identifiable information is encrypted at rest and in flight, and not just at the department, but between it and school systems and school systems with one another.
@Cyber_Security_Channel
Remote Work and GenAI: Spanners in the Cybersecurity Engine?
Echoing these challenges brought by the proliferation of remote work, Sarah Armstrong-Smith, chief security advisor at Microsoft for EMEA, says that the pandemic changed everything: “We saw a mass acceleration with cloud adoption and the use of collaboration tools.
We saw lots of companies investing in smart technologies. We’re now seeing companies invest in AI and so cybercriminals are going to keep evolving their tactics too, utilizing the latest technologies to bypass security measures”.
@Cyber_Security_Channel
SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
When asked about their penetration testing efforts, more than half of respondents said they target Level 3 and the DMZ of the Purdue Model. Level 3 includes customized OT devices that manage production, and the DMZ includes firewalls, patch management servers, application servers, and remote access servers.
@Cyber_Security_Channel
Pro-Iranian Attackers Claim to Target Israeli Railroad Network
The Cyber Avengers group also boasted via its Telegram channel that it has carried out several cyberattacks on the railroad infrastructure of Israel since 2020, and it claimed to take down the website of Israel's largest oil refinery, BAZAN Group in July.
The attackers also released what it said were screenshots of the company's SCADA systems.
All of those claims were dismissed by the company and debunked by researchers from Check Point, who told Bleeping Computer that the materials were complete fabrications.
@Cyber_Security_Channel
Palo Alto’s John Davis Underscores the Role of AI in Cybersecurity and Enhanced Public Service
AI, including machine learning and behavioral analytics, aids in identifying and thwarting cyber threats efficiently.
@Cyber_Security_Channel
Cybersecurity Firm Salvador Technologies Secures $2.2M BIRD Grant
Salvador Technologies' patented rapid recovery technology offers three essential layers of defence, ensuring the operational continuity of workstations and servers of critical infrastructures and manufacturing systems.
The innovation stems from the expertise of the company's founders, Alex Yevtushenko and Oleg Vusiker, both of whom have served over ten years in the National Cyber Unit and elite Intelligence Corps of the Israel Defense Forces (IDF).
@Cyber_Security_Channel
Intel Launches New Attestation Service as Part of Trust Authority Portfolio
The attestation service can be used with Intel confidential computing, including on premises, in multi-cloud or hybrid environments, and at the edge.
“Intel Trust Authority will also become an integral capability to enable confidential AI, helping ensure the trustworthiness of confidential computing environments in which sensitive intellectual property (IP) and data are processed in machine-learning applications, particularly inferencing on current and future generations of Intel Xeon processors,” Intel explained.
@Cyber_Security_Channel
CapraRAT Impersonates YouTube to Hijack Android Devices
Two of the packages aim to trick users into downloading what they think is the legitimate YouTube app, and a third uses romance-based social engineering by reaching out to a YouTube channel belonging to a persona called "Piya Sharma," which includes uploads of several short clips of a woman in various locations.
@Cyber_Security_Channel
Storage and Data Protection News for the Week of September 22; Updates from Alcion, Arcserve, Veeam & More
The findings reveal gaps, vulnerabilities, and misconceptions in the healthcare sector, potentially hindering its ability to effectively safeguard and recover data in the event of malicious attacks and accidental data outages stemming from human error or natural events.
@Cyber_Security_Channel
Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data
Microsoft has rectified a security breach that exposed 38 terabytes of private data on its AI GitHub repository.
The leak was discovered when publishing a bucket of open-source training data.
The issue was caused by an overly permissive SAS token, an Azure feature that allows users to share data in a hard-to-track and hard-to-revoke manner.
The token was misconfigured to allow "full control" permissions instead of read-only, allowing attackers to view all files in the storage account and delete and overwrite existing files.
Microsoft has revoked the SAS token and blocked external access to the storage account.
📸 Photo: Analytics Insight
@Cyber_Security_Channel
MA Sports Betting Operators Concerned Over Landmark Data Privacy Rules
“I’m concerned, becase my guess is that you’ll have a low level of opt in, so any data that you get would be highly biased,” Wohl said.
“Most players that play problematically understand that they’re playing problematically and wouldn’t want to provide that data.
So my preference would be to have an opt out as opposed to an opt in.”
He suggested a carveout for data exclusively used to track and address problem gambling, which commissioners agreed to explore.
@Cyber_Security_Channel
⚡️Popular Social Media Platform TikTok Has Been Fined €345 Million by European Regulators for a Series of Lapses in Its Settings That Could Put Children At Risk
Used by 134 million people monthly in Europe alone, TikTok is one of the world’s most popular social media platforms.
@Cyber_Security_Channel
CISA Says Owl Labs Vulnerabilities Requiring Close Physical Range Exploited in Attacks
The remaining four vulnerabilities added by CISA to its KEV list impact Owl Labs’ Meeting Owl video conferencing product.
The device, shaped like an owl, features a 360° conference camera, a mic, and a speaker, and the vendor says it gets smarter over time.
The Meeting Owl vulnerabilities were discovered last year by researchers at Swiss cybersecurity firm Modzero.
They include inadequate encryption, missing authentication, hardcoded credentials, and improper authentication issues.
@Cyber_Security_Channel
Companies Explore Ways to Safeguard Data in the Age of LLMs
"Data loss prevention became much more of an issue because there's suddenly... these large language models with the capability to index data in a very, very efficient manner," he says.
"People who were just sending documents around ... now, the chances of that data landing into a large language model are much higher, which means it's going to be much easier to find the sensitive data".
@Cyber_Security_Channel
Encrypted Email Provider Proton has Built its Own CAPTCHA Service
“If our CAPTCHA observes a high number of failures on the visual challenges, it’s designed to increase the difficulty level of the proof of work (computational) challenge accordingly,” Maguire wrote.
“In this manner, a botnet that can bypass the initial proof of work but struggles with the visual challenges will be met with increasingly complex computations.
This escalating difficulty makes the process more costly for the botnet but normal people will be able to pass quickly.”
@Cyber_Security_Channel
TikTok Is Hit With $368 Million Fine Under Europe’s Strict Data Privacy Rules
The company pointed out that the regulator’s criticisms focused on features and settings dating back three years.
TikTok said it had made changes well before the investigation began in September 2021, including making all accounts for teens under 16 private by default and disabling direct messaging for 13- to 15-year-olds.
@Cyber_Security_Channel
Smartphone Utilizes 3D Information Encryption With Dual-Light-Emitting Materials
“Since our polymer composites with dual-light-emitting materials is readily moldable with conventional 3D printers, a high-security and cost-effective optical encoding/decoding system can be achieved.” they added.
@Cyber_Security_Channel
Workforce, AI Among Key Tech Challenges, Says Wisconsin CIO
Security is obviously another area that I don’t feel like you can ever do enough in that space, from managing day-to-day, but then also thinking about the state as a whole.
And how do we educate? How do we communicate?
How do we make sure people have resilient pieces and parts in place?
Certainly the federal grants opportunities that are out there, we’re helping to manage that and waiting for approval of year-one funding.
We’re just waiting for final CISA and FEMA approval, and then we’ll deep dive into implementation for years one through four.
@Cyber_Security_Channel
International Criminal Court Suffers Cyberattack
"The International Criminal Court (ICC) is a high-profile organization that investigates and tries individuals," said Jelle Wieringa, Security Awareness Advocate for EMEA KnowBe4, in a statement.
"This makes the ICC a prime target for cyber attacks, as it has information on criminal cases.
Access to this information for the purpose of tampering with it, or for intelligence, is a powerful way for bad actors to influence and disrupt the proceedings of the international criminal justice system".
@Cyber_Security_Channel
Cybersecurity Dominates 2024 Concerns for IT Leaders: Report
The notable challenges driving the cybersecurity priority include the high costs associated with network breaches and an ongoing shortage in security talent.
This deficit underscores the importance for organizations to select appropriate vendors to fortify their defense mechanisms.
@Cyber_Security_Channel
The Next Frontier of Retail: Contactless Kiosks and Robots
Not only did the proliferation of eligible payment solutions improve customers’ unattended retail experience, but it also allowed vending operators to vastly expand their product inventory to include items worth more than peoples’ average pocket change.
This expansion has transformed vending machines from mere snack dispensers into versatile stores in compact form.
Alongside vending machines packed with the familiar on-the-go essentials like non-perishable snacks and beverages are now those that supply fresh food, cosmetics, personal care items, consumer electronics, and much more.
@Cyber_Security_Channel
DHS Publishes New Recommendations on Cyber Incident Reporting
Developed in coordination with the Cyber Incident Reporting Council (CIRC), the document also outlines actions that the cybersecurity agency CISA should take to harmonize cyber incident reporting as it implements the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), and proposes legislative changes regarding incident reporting.
@Cyber_Security_Channel
White House Official Tees Up AI Executive Order
Speaking during the Chamber of Commerce’s GlobalAI discussion Wednesday morning, Deputy National Security Advisor Anne Neuberger discussed the “promise and peril” of rapidly-evolving AI systems, and how federal officials are attempting to thread the needle between innovation and mitigation.
The marriage of AI algorithms to aid and improve cybersecurity is one step the executive branch is investigating.
@Cyber_Security_Channel
Healthcare Organisations At Risk as BYOD and Mobile Devices Escalate Cybersecurity Concerns
While apps and mobile devices are highly effective, affordable and convenient ways for medical facilities to manage a diverse range of components throughout the patient care continuum.
Unfortunately, the ease of use on mobile devices and apps, as well as the confidential patient information they store, make healthcare organisations that much more vulnerable to attackers.
@Cyber_Security_Channel
Israeli-Founded Cybersecurity Startup Raises $40m to Help Mitigate Threats to AI Apps
The startup said it will use the Series B funds to expand “sales, marketing and R&D, as well as address the emerging threat of Artificial Intelligence and Large Language Models (LLMs) in the development of new applications”.
Software development teams are increasingly leveraging AI-generated code and embedding LLMs in their applications, “but these AI technologies are also introducing a rapidly expanding class of new security threats,” Legit Security said in a statement.
@Cyber_Security_Channel
MobileCoin, Which Powers Signal’s Anonymous Crypto Payments, Appoints New CEO
In 2021, Signal, the end-to-end messenger popular among privacy-conscious users, launched the beta version of the MobileCoin-powered payments solution.
The feature has officially come out of the testing phase, allowing any user around the world to instantly send MobileCoin’s native Mob token to other Signal users with negligible network fees — all without leaving any identifiable trails behind.
@Cyber_Security_Channel
Q&A: Survey Sheds Light On Why Automation Is a Key Solution for the Cyber Skills Gap
North America [survey] responders said: ‘We’re automating more, we’re using more AI, we’re using more process automation to make sure we do the heavy lifting with machines and then only present to the people with what they’re very good at… making judgments,” she said.
“In the other parts of the world, the top answer to that question of how you’re tackling cybersecurity skill shortage was: ‘We’re trying to provide higher wages and better benefits to the existing people.’
I think the world is moving towards the former, which is let’s do as much as we can with AI and machines and automation.”
@Cyber_Security_Channel
What Does Closed-Door Meeting With AI Industry Leaders Mean for Business?
“There was a lot of care to make sure the room was a balanced conversation, or as balanced as it could be,” Deborah Raji, a researcher at the University of California, Berkeley who specialized in algorithmic bias and attended the meeting, told the AP.
Note: "TechRepublic contacted Senator Schumer’s office for a comment about this AI summit, and we have not received a reply by the time of publication".
@Cyber_Security_Channel
Delaware Joins States With Comprehensive Consumer Data Privacy Laws
While not entirely dissimilar from other recently enacted consumer data privacy laws, the Delaware law does create another set of procedures for businesses to comply with in connection with their collection and use of consumer personal information.
If you have concerns about your business and its use of personal information or how the Delaware Personal Data Privacy Act affects you or your business, please contact the data privacy professionals at Clark Hill, PLC.
@Cyber_Security_Channel