Cyber Security News

19 Oct 2023 11:28

Don’t Overlook US State Law Protecting Collection of Genetic Data – Legal Insiders

The 23andMe situation is more nuanced. It actually is a story about a credential-stuffing attack, according to IT trade publication BleepingComputer.

But the data stolen includes photos, gender and genetic ancestry, valuable information that cannot be changed once exposed.

@Cyber_Security_Channel

Cyber Security News

18 Oct 2023 18:31

Ransomware Crisis, Recession Fears Leave CISOs in Tough Spot

With cybercriminals capitalizing on crises for exploitation, any compromise of an organization's security posture or a potential ransomware attack amid recession fears could leave them vulnerable to greater risks and in a dire financial position or, worse, out of business.

@Cyber_Security_Channel

Cyber Security News

18 Oct 2023 06:11

Old-School Attacks Are Still a Danger, Despite Newer Techniques

In many situations, threat actors are obtaining these credentials through social engineering.

That tactic continues to be successful because it relies on human error, which is much harder to fix with technology.

And from a bad actor's standpoint, why create new and/or complex threat vectors when the old, easier ones work just fine?

@Cyber_Security_Channel

Cyber Security News

17 Oct 2023 22:57

Trustifi’s Solutions Named Cybersecurity Breakthrough Awards’ “Email Security Software of the Year”

“It’s our mission to deliver superior security that exceeds the capabilities of traditional solutions, which surprisingly include many established brands that rely solely on blacklisting and whitelisting of known malicious IP addresses. 

Without a more aggressive, AI-based approach to security technology, this SEG-based method is not an adequate line of defense in today’s escalating environment,” said Rom Hendler, CEO and co-founder of Trustifi.

“We’re delighted that the prestigious Cybersecurity Breakthrough Award program has recognized that a born-in-the-cloud solution like Trustifi’s protection suite is a high-caliber, industry-leading email security software package.”

@Cyber_Security_Channel

Cyber Security News

17 Oct 2023 13:25

Sustainable Funding, Workforce Challenge Whole-Of-State Cybersecurity Transition

Officials said securing sustainable funding for tools and services is also a challenge.

Both Crass and Murray disagreed with the notion that grants will solve their IT problems. 

“The reality is it’s not,” Crass said.

“Most of the grants are set up so it’s one time you get to use the grant money to establish the tool or the service that you’re looking at and then it’s up to the local, the county, the state to sustain after the initial infusion of capital.” 

@Cyber_Security_Channel

Cyber Security News

16 Oct 2023 19:21

TD Synnex CEO Rich Hume: AI A ‘Massive Opportunity’ For The Channel

“I think approximately 35 percent of the channel now is either active or has the aspiration to be engaged in AI,” he said.

“So a very profound shift has taken place with the emergence of ChatGPT.

But make no mistake, AI is going to be a major inflection point in technology. It’s going to create a lot of great business opportunity moving forward. I like it to mobile phones and the cloud. It is going to be a titanic opportunity for everybody in it.”

@Cyber_Security_Channel

Cyber Security News

16 Oct 2023 09:20

In a Nutshell: Data Protection, Privacy and Cybersecurity in Switzerland

The most important recent event in terms of data protection law has been the entry into force of the fully revised DPA on 1 September 2023, together with the DPO and the Federal Ordinance on Data Protection Certification (DPCO).

In short, the revision leads to stricter constraints and requirements.

For example, the DPA now requires organisations to create and maintain an inventory of processing activities, and private controllers with a domicile or residence outside Switzerland are, under certain circumstances, required to appoint a representative in Switzerland if personal data of individuals in Switzerland is processed.

@Cyber_Security_Channel

Cyber Security News

15 Oct 2023 17:36

Email Encryption Market worth $16.3 billion by 2028

The healthcare vertical is anticipated to have the highest CAGR in the Email Encryption market, primarily driven by stringent regulatory compliance demands worldwide, particularly concerning patient data protection.

In many countries, such as the US, with the Health Insurance Portability and Accountability Act (HIPAA), healthcare institutions are mandated to safeguard patient health information, especially when transmitted via Email.

The B2B economy is witnessing the emergence of $25 trillion of new revenue streams that are substituting existing revenue streams in this decade alone.

We work with clients on growth programs, helping them monetize this $25 trillion opportunity through our service lines - TAM Expansion, Go-to-Market (GTM) Strategy to Execution, Market Share Gain, Account Enablement, and Thought Leadership Marketing.

@Cyber_Security_Channel

Cyber Security News

15 Oct 2023 02:46

Is Your State’s Child Safety Law Unconstitutional?

Courts have issued preliminary injunctions blocking laws in Arkansas, California, and Texas because they likely violate the First Amendment rights of all internet users.

EFF has warned that such laws were bad policy and would not withstand court challenges. Nonetheless, different iterations of these child safety proposals continue to be pushed at the state and federal level.

The answer is to re-focus attention on comprehensive data privacy legislation, which would address the massive collection and processing of personal data that is the root cause of many problems online.

@Cyber_Security_Channel

Cyber Security News

14 Oct 2023 17:35

⚡️Hacker Leaks Data of 8,000 Decathlon Employees and Customers; Previous Breach Confirmed

The potential impacts of this recent breach are substantial.

The exposed information can be misused in elaborate phishing campaigns to extract further sensitive data.

Malicious actors may impersonate official representatives of Bluenove or Decathlon to manipulate affected individuals into providing social security numbers or other sensitive personal identifiable information (PII).

This information could then fuel identity theft and fraudulent financial or government transactions.

@Cyber_Security_Channel

Cyber Security News

14 Oct 2023 03:52

Recently Patched TagDiv Plugin Flaw Exploited to Hack Thousands of WordPress Sites

The threat actor typically hijacks websites in an effort to redirect their visitors to fake tech support, lottery and other scam sites.

Sucuri estimated in April that more than one million WordPress sites had been infected as part of the Balada Injector campaign since 2017.

In the recently observed attacks, Sucuri saw over 17,000 websites infected by Balada, including 9,000 related to exploitation of the TagDiv plugin vulnerability.

@Cyber_Security_Channel

Cyber Security News

13 Oct 2023 07:23

Omni DataSafe Reviews: Is This Encrypted USB Drive Worth My Dime?

Traditional USB devices don't have the essential security features to fully protect your data, despite being useful for transferring files.

An unencrypted USB stick would have complete access to all the data on it if you lost it or it ended up in the wrong hands.

The information stored on encrypted devices is extremely impossible to access without the encryption key.

In addition to a password, encryption provides an additional level of security.

@Cyber_Security_Channel

Cyber Security News

12 Oct 2023 16:57

A Deep Dive Into US Cross-Industry Group Looking to Probe AI Risks

Emphasising a comprehensive approach, the working group will not solely spotlight generative AI, but scrutinise AI technologies at large, entailing a thorough investigation into their use cases, currently proposed regulatory and legislative measures, and deducing best practices applicable for both corporations and legislative entities.

Despite the prevailing apprehensions related to risks, technology companies are progressively unveiling AI products, particularly within the cybersecurity industry.

@Cyber_Security_Channel

Cyber Security News

12 Oct 2023 04:16

South Korea's PIPC launches AI privacy unit

The enforcement regulations for the Personal Information Protection Committee establishing a new AI Privacy Team (hereinafter referred to as the ‘Artificial Intelligence Team’) dedicated to privacy issues will be promulgated and put into full operation.

Chairman Koh Hak-soo said, “The Personal Information Commission has taken the first step in establishing an artificial intelligence (AI) personal information disciplinary system and securing a promotion system to lead global norms.”

@Cyber_Security_Channel

Cyber Security News

11 Oct 2023 17:04

Turnkey Rootkit for Amateur Hackers Makes Supply Chain Attacks Easy

When ReversingLabs researchers first came upon the copycat package — suspiciously uploaded on Aug.

25 by a new account and not connected to any other npm projects — they discovered unobfuscated malicious code inside of its "index.js" file.

Upon running, the malicious file downloaded an executable file: a copy of DiscordRAT 2.0.

@Cyber_Security_Channel

Cyber Security News

19 Oct 2023 05:26

Quantum Announces New DXi Edge-Core-Cloud Bundles for Comprehensive Data Protection and Ransomware Recovery to Safeguard Business Operations Across the Distributed Enterprise

To simplify purchasing and deployment, DXi Edge-Core-Cloud Bundles are now available with all the components customers need to easily deploy the solution across their enterprise.

The bundles include pre-configured physical and virtual appliances and are available in four standard capacity sizes—Small, Medium, Large and Extra Large—in support of multiple edge locations, central data centers, and cloud-based archiving targets.

Logical capacities range from 400 TB terabytes up to 228 petabytes.

@Cyber_Security_Channel

Cyber Security News

18 Oct 2023 13:53

Patch Confusion for Critical Exim Bug Puts Email Servers at Risk — Again

It's unclear yet whether cyberattackers leapt on the patch-lag opportunity.

But with between 250,000 and 3.5 million Exim servers currently used by organizations to handle email, the potentially vulnerable software poses a risk for a wide swath of companies, even now with patches available.

Mail servers are a popular target for attackers, says Robert Foggia, a senior security researcher with security services firm Trustwave.

@Cyber_Security_Channel

Cyber Security News

18 Oct 2023 00:08

Navigating the Intersection of Cybersecurity, Stress, and Risk

Stress impacts cybersecurity on two fronts.

Cyber professionals are contending with ongoing threats and enduring taxing hours, which lead to errors and compromised judgments.

Simultaneously, strained employees exhibit reduced threat awareness, rendering them susceptible to phishing and social engineering on their company devices.

This underscores the relevance of integrating mental health and mindfulness into best cybersecurity practices.

@Cyber_Security_Channel

Cyber Security News

17 Oct 2023 18:18

📩 In case you missed it: Our partners at Hacklido released a new version of their newsletter, Cyber Security Round Up - September 30th, 2023

It includes materials on the following topics:

• Bug Bounty
• OSINT Guide
• Web Security
• Data Breaches
• Malware Analysis
• Android Pentesting

And more...

You can find the full version of the newsletter here.

——

✨ If your company / project / community is willing to become a partner of Cyber Security News, feel free to contact us: @cybersecadmin

——

@Cyber_Security_Channel

Cyber Security News

17 Oct 2023 01:57

Email Encryption Market worth $16.3 billion by 2028 - Exclusive Report by MarketsandMarkets™

The healthcare vertical is anticipated to have the highest CAGR in the Email Encryption market, primarily driven by stringent regulatory compliance demands worldwide, particularly concerning patient data protection.

In many countries, such as the US, with the Health Insurance Portability and Accountability Act (HIPAA), healthcare institutions are mandated to safeguard patient health information, especially when transmitted via Email.

@Cyber_Security_Channel

Cyber Security News

16 Oct 2023 12:55

⚡️Hackers Abusing Skype and Teams to Deliver the DarkGate Malware

The attacker simply utilized the hijacked Skype account to hijack an existing conversation thread and send a message that looked like a PDF file but was a malicious VBS script.

“The threat actor abused a trusted relationship between the two organizations to deceive the recipient into executing the attached VBA script”, researchers said.

@Cyber_Security_Channel

Cyber Security News

15 Oct 2023 22:38

Spearheading the AI Revolution: Teradata Aims to Help Orgs Navigate the Intersection of Deep Data Analytics and Robust Cybersecurity

“As an AI practitioner of more than two decades, I have done a lot of use cases and solved tough business problems,” he explained.

“As practitioners, we have to be very responsible in approaching how we use data for AI and ML models. 

Teradata has strong governance in place [with] model ops that will monitor the performance and make sure that the data is well-governed and protected.”

@Cyber_Security_Channel

Cyber Security News

15 Oct 2023 09:14

Trustpair: Implementing the Right Cybersecurity Strategies

Implementing automated account validations across your vendor network can ensure you are paying the right bank account every time.

For example, over half of successful fraud attempts are perpetrated through credentials or information changes on legitimate payments.

Frequent fraud awareness and cybersecurity training can help teams understand when cybercriminals have breached their organisation and fallen into the trap of paying the wrong vendor.

With the right approach, companies can mitigate and manage the risk of payment fraud.

@Cyber_Security_Channel

Cyber Security News

14 Oct 2023 22:39

Cybersecurity Talent in America: Bridging the Gap

Let's face it: Not everyone has the luxury to undertake a master's program, spend thousands on certifications, or can afford to take an unpaid internship when starting their careers.

This barrier has led to a paradoxical scenario where despite the surging demand for cybersecurity professionals, many entry-level positions remain unfilled.

And we can't rely solely on those who can afford an expensive education because we need a diversity of both perspective and lived experiences.

Those interested in career changes can bring practical expertise to cybersecurity.

In 2022, ISC2 reported that only 23% of C-level cybersecurity executives identified as being nonwhite, and that women are under-represented in advanced, nonmanagerial positions.

@Cyber_Security_Channel

Cyber Security News

14 Oct 2023 10:34

'Looney Tunables' Linux Flaw Sees Snowballing Proof-of-Concept Exploits

The Qualys write-up noted that in addition to successfully exploiting the vulnerability and obtaining full root privileges on the default installations of Fedora 37 and 38, Ubuntu 22.04 and 23.04, Debian 12 and 13, other distributions were also likely vulnerable and exploitable.

@Cyber_Security_Channel

Cyber Security News

13 Oct 2023 18:36

Encryption Services Are Sending the Right Message to the Quantum Codebreakers

Existing computers are based on manipulating digital bits that can be either 1 (on) or 0 (off).

Quantum machines, in contrast, work with qubits, which can be on and off simultaneously. (And, yes, I know that seems nuts, but then so does much of subatomic physics to the average layperson.

The key tool for providing that protection is a technology called public-key cryptography.

It was originally conceived by British engineer and cryptographer James Ellis at GCHQ in 1970, but only broke into the public domain in 1976, when his US counterparts Whitfield Diffie and Martin Hellman came up with a practical method for establishing a shared key over an open communications channel without using a previously shared secret code.

This approach was then formalised by three Massachusetts Institute of Technology scientists, Ronald Rivest, Adi Shamir and Leonard Adleman, and became the RSA algorithm (based on the first letters of their respective surnames).

@Cyber_Security_Channel

Cyber Security News

12 Oct 2023 21:05

Sustainability is a Pivotal Element in Shaping the Future of IT

Today’s workforce demands a more user-friendly and efficient IT experience.

We’re investing in new technologies, such as cloud computing and AI, to help meet those needs.

Cyberattacks are becoming more sophisticated and frequent, and they can have a devastating impact on businesses.

We’re investing in advanced security solutions to overcome this challenge, training our employees on cybersecurity best practices and working with our customers to develop tailored security solutions.

@Cyber_Security_Channel

Cyber Security News

12 Oct 2023 10:30

The Texas Data Privacy and Security Act (TDPSA): All the Basics

The Texas Data Privacy and Security Act regulates the collection, use, processing, and treatment of consumers’ personal data.

Businesses subject to the law who violate its regulations are subject to civil penalty.

If violators don’t cure the violation within the cure period and provide the attorney general with evidence of the cure, they can be fined $7,500 per violation.

@Cyber_Security_Channel

Cyber Security News

11 Oct 2023 22:12

Hacktivists Enter Fray Following Hamas Strikes Against Israel

"Given the intricate dynamics of modern warfare, where physical and digital realms are deeply intertwined, dismissing these groups as mere symbols would be an oversight," says Callie Guenther, senior manager of threat research for Critical Start.

"Their operations can provide tactical advantages, serve as distractions, or even be used for strategic intelligence gathering.

As the Israel-Palestine conflict progresses, the role of Anonymous Sudan and Killnet could become even more pronounced, potentially influencing the trajectory of events on both the ground and in cyberspace."

@Cyber_Security_Channel

Cyber Security News

11 Oct 2023 13:10

⚡️Spanish Airline Air Europa Hit By Credit Card System Breach

An email received by an Air Europa customer and seen by Reuters on Tuesday advised that the card used to pay on the Air Europa website should be cancelled and replaced "to prevent possible fraudulent use of your information" following the incident.

@Cyber_Security_Channel