cyber_security_channel | News and Media

Telegram-канал cyber_security_channel - Cyber Security News

42585

Be Cyber Aware. Our vacancies channel: @CyberSecurityJobs Our chat: t.me/cybersecuritynewschat LinkedIn: https://www.linkedin.com/company/securitynews/ Facebook: https://www.facebook.com/BreakingCyberSecNews 📩 Cooperation: @cybersecadmin

Subscribe to a channel

Cyber Security News

Bucharest to Host DefCamp 2023: A Key Gathering for Cybersecurity Professionals Amid Rising Threats

“Ongoing economic and geopolitical events are changing the world at a rapid pace, and the challenges to cybersecurity are unpredictable.

That’s why our infosec expert community needs a framework to discuss ideas, get informed, and interact with people sharing the same interests, generating new connections and exchanges of ideas that will benefit the development of this field,” said Andrei Avadanei, founder of DefCamp.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Data Privacy Discussions Need A Reality Check

Since the rollout of GDPR, consumers have been getting used to individual sites and companies asking them if they consent to tracking. One of two scenarios tends to play out, neither ideal.

One is clicking “yes” just to dismiss the pop-up.

Surely, many consumers who click “yes” actually approve of the value exchange of data for mostly free services.

But almost no one can say they haven’t said “yes” just to bypass the pop-up.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Global Authentication Services Market Forecast Report 2023-2030: A Review of Data Protection Laws by Country

The Authentication Services market in the U.S. is estimated at US$244.9 Million in the year 2022.

China, the world's second largest economy, is forecast to reach a projected market size of US$603.4 Million by the year 2030 trailing a CAGR of 18.9% over the analysis period 2022 to 2030.

Among the other noteworthy geographic markets are Japan and Canada, each forecast to grow at 17.8% and 16.7% respectively over the 2022-2030 period. Within Europe, Germany is forecast to grow at approximately 13.3% CAGR.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

⚡️World's Biggest Bank ICBC Hit By Cyber Attack

The Industrial and Commercial Bank of China’s US arm was hit by a ransomware attack that disrupted trades in the US Treasury market.

The attack, which was first reported by the Financial Times, is suspected to have been carried out by underground organisation LockBit, one of the active ransomware groups globally, Bloomberg reported, citing sources.

China’s foreign ministry said on Friday that the lender was striving to minimise risk impact and losses after the attack.

“ICBC has been closely monitoring the matter and has done its best in emergency response and supervisory communication,” the ministry spokesperson Wang Wenbin said.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Virtual Kidnapping: AI Tools Are Enabling IRL Extortion Scams

If a perpetrator doesn't already have targets in mind, Gibson posits, some social media or Dark Web data harvesting might help identify prime candidates.

Just as one would for an advertising campaign, "if you already have vast bodies of data that have previously been hacked," Gibson says.

"You can then populate software like those which do advertising analytics to define the best target for a particular kind of attack."

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Ace Hardware Still Reeling From Weeklong Cyberattack

"Specifically, one involves a criminal sending a spoof email asking the retailer to send electronic payments meant for Ace Hardware Corporation to an alternate bank while we work to restore our systems.

The email looks legitimate and appears to be coming from someone in the Ace Finance Department," the letter explained.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Oracle Enables MFA by Default on Oracle Cloud

Cloud administrators should also use Oracle Cloud Guard to monitor configuration policies and to detect and alert teams on changes to buckets and access policies, Oracle said.

"The benefits of MFA are so impactful that we've decided to implement it by default across all OCI tenants," Oracle said.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

CISA Awards Nonprofits $3 Million to Bolster Cyber Workforce

“CISA is looking forward to working with both recipients to help recruit and train tomorrow’s cybersecurity leaders,” CISA Director Jen Easterly said in a press release.

“These organizations are such valuable partners and assets in building a diverse cybersecurity workforce that strengthens our nation’s cyber defense capabilities and enhances safety and security in our communities.”

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

DOJ and Pentagon Email Breach Impacted Around 632,000 Federal Employees

According to CNN, Clop (aka C10p) – a ransomware gang – was allegedly responsible for the attacks, and it is known to demand multimillion-dollar ransoms.

The group appears to have used the MOVEit hack, which was first disclosed last month by Progress Software after it warned that hackers had found a way to break into its MOVEit Transfer tool.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Seiko Confirms Data Breach Resulted From a Ransomware Attack

Additionally, the cyber group threatened to publish the stolen information online unless Seiko paid a ransom. BlackCat/ALPHV ransomware eventually leaked the stolen data after Seiko refused to pay the ransom.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Arid Viper Camouflages Malware in Knockoff Dating App

The malware can also disable security notifications, collect users' sensitive information, and deploy additional malicious applications on compromised devices.

The researchers determined that the malware campaign has been active since at least April 2022.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Microsoft Exposes Octo Tempest, One of the Most Dangerous Financial Threat Actors to Date

The group might also use smishing, sending SMS containing a PHISHING LINK to employees leading to a fake login page with an AitM toolkit, or initiate a SIM swap attack on employees’ phone numbers, to be able to reset their password once they are in control of the phone number.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

White House Executive Order on AI Provides Guidelines for AI Privacy and Safety

Principles and best practices will be developed to reduce harm from AI in terms of job displacement, labor equity, collective bargaining and other potential labor impacts.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

New Cyberattack From Winter Vivern Exploits a Zero-Day Vulnerability in Roundcube Webmail

The JavaScript injection worked on fully patched Roundcube instances at the time of Faou’s discovery.

The researcher could establish that this zero-day vulnerability was located in the server-side script rcube_washtml.php, which failed to ”… properly sanitize the malicious SVG document before being added to the HTML page interpreted by a Roundcube user,” as stated by Faou.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Critical Mirth Connect Vulnerability Could Expose Sensitive Healthcare Data

Horizon3.ai also points out that Mirth Connect appears to be deployed mostly on Windows machines, where it typically runs with System privileges, suggesting that the impact of a successful attack would be critical.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Using LLM’s for Heightened Cybersecurity: Supercharging Automated Takedowns With GPT

Working on the integration into custom platforms has also opened up ways for us to learn more and more about the possibilities of pushing the limits of ChatGPT’s versatility.

Our community of AI and researchers have started to realize that it is much more than just a chatbot which can talk like a human.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

AI, Cloud & Cybersecurity: Accenture’s Bill Marion Shares Cyber Landscape Insights

People are starting to invest in AI, but what’s really grabbing most of the attention within the AI space are the data mesh, data analytics environment, and ethics surrounding AI.

Our Department of Defense data is all over the place; we have so much of it and we’re still learning what’s important.

The leap to AI/machine learning is being done in some cases, but it’s not the norm yet. 

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

SentinelOne® Sets New Standard for Cybersecurity with Singularity™ Platform Unity Release

The Singularity Unity Release is a unique series of enhancements that SentinelOne will incrementally roll out over the next 12 months to revolutionize Security Operations Centers (SOCs).

The platform will provide a new user experience and function as their command post and comprehensive system of record.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

NTT Unveils Five Trends That Will Dominate the Cybersecurity Landscape in 2024

"Zero Trust is no longer a buzz word, but a core concept that organizations will implement to improve their cybersecurity measures," said Taro Hashimoto, CSIS Visiting Fellow & Senior Manager of Cybersecurity, NTT.

"The concept of Zero Trust is all about risk-based management and continuous process.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Aqua Security Introduces Industry-First Kubernetes Vulnerability Scanning With Trivy KBOM

Kubernetes vulnerability scanning is the latest capability added to Trivy, the industry’s most popular vulnerability and risk scanner.

With nearly 20,000 GitHub stars, Trivy has a thriving community of users and contributors.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Federal Trade Commission Expands Rule Regarding Reporting of Data Security Breaches

While parts of the Safeguards Rule already apply to non-banking financial institutions such as mortgage brokers, motor vehicle dealers, accountants, tax preparation services, and payday lenders, the recent amendment expands the data breach reporting requirements to these entities.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Spyware Designed for Telegram Mods Also Targets WhatsApp Add-Ons

Upon discovering the spyware in the WhatsApp mods, Kaspersky researchers' analysis showed that Telegram was the primary source in various channels.

"Just the most popular of these had almost two million subscribers," Kalinin notes.

"We alerted Telegram to the fact that the channels were used for spreading malware."

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Safeguarding Healthcare Supply Chains with Cybersecurity

“It’s the easiest way for attackers to compromise systems en masse and to get more bang for their buck,” said Dearing.

“In healthcare, one of the biggest gaps in supply chain security is the absence of regular, rigorous, cybersecurity audits. 

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Tech Matters: New Data Breach Reporting Rules Start in December

Further, the new rules require publicly traded companies to describe their processes to secure their data and operations from cyber threats, as well as their expertise in assessing and managing these risks.

This part will be done in a company’s annual report filing to the SEC.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

FBI Director Warns of Increased Iranian Attacks

However, Wray did say the FBI is able to "outpace our adversaries" and that the agency had disrupted 40% more cyber operations than last year and arrested 60% more cybercriminals than in 2021.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

'Elektra-Leak' Attackers Harvest AWS Cloud Keys in GitHub Campaign

Palo Alto researchers discovered the Elektra-Leak campaign via a honey trap the company implemented for gathering threat intelligence on new and emerging cloud security threats.

Their investigation of the campaign showed the threat actor is likely using automated tools to continuously clone public GitHub repositories and to scan them for exposed AWS keys.

Many organizations clone their GitHub repositories so that they have a local copy of the repository within their development environment.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Getting Smart With Cybersecurity: AI Can Help the Good Guys, Too

To be effective, most security technologies today require a lot of manual fine-tuning, often through sophisticated parameter tweaks.

Depending on the tool, these can affect what incidents are reported, what vulnerabilities a tool finds, or how issue priorities are determined.

All these manual tweaks are time-consuming and can leave you exposed to threats until the right configurations are in place.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Advanced ‘StripedFly’ Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools

“Such an approach is by no means common among APT and crimeware developers, and this notable example underscores the sophistication of this malware against the background of many others.

Its functional complexity and elegance remind us of the elegant code implementing delay tolerant Equation communications networking and other libraries, reinforcing its classification as a highly advanced threat,” Kaspersky notes.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Longer Support Periods Raise the Bar for Mobile Security

The update support period is therefore crucial, as well as the frequency of updates and the ability for security-specific updates to be rolled out independent of wider software updates — which is now offered by many of the leading smartphones.

@Cyber_Security_Channel

Читать полностью…

Cyber Security News

Do Small Companies Need Fractional AppSec Teams Akin to Virtual CISOs?

"Experienced application security people are in short supply, and they're getting hoovered up by the big companies, by the Microsofts, Amazons, Apples, and Googles of the world, and if you are a smaller company, you're just not competing on that playing field," explains Kymberlee Price, who has led product security and AppSec teams, worked as a security researcher, and run red team and incident response operations for the likes of Microsoft, Amazon, and Bugcrowd.

@Cyber_Security_Channel

Читать полностью…
Subscribe to a channel