'Cactus' Ransomware Strikes Schneider Electric
Still, the company faces potential repercussions if its clients' business data gets leaked. According to Bleeping Computer, the Cactus ransomware gang — a relatively young yet prolific group — has claimed the attack.
(When Dark Reading reached out to Schneider Electric for corroboration, the company did not confirm nor deny this attribution).
@Cyber_Security_Channel
New NJ Law Says Websites Must Ask About Using Your Data. Businesses, News Orgs Worry About Lawsuits
New Jersey’s law is considered one of the strictest in the nation, according to state Sen.
Raj Mukherji, a Jersey City Democrat, who sponsored the bill in the last legislative session, when he was an assemblymember.
“It has the strongest universal opt-out mechanism of any data privacy law in the country,” Mukherji said. “And it just puts consumers back in control of their own data.”
@Cyber_Security_Channel
Canadian Man Sentenced to Prison for Ransomware Attacks
Named by the Canadian authorities the “most prolific cybercriminal” identified in the country, Philbert admitted in court in October 2023 to launching cyberattacks targeting over 1,000 entities, including a municipality, police departments, and a school.
@Cyber_Security_Channel
⚡️Trello Data Breach Exposes 15 Million Users' Details on Dark Web
Richard Bird, Chief Security Officer at Traceable AI, commented on Atlassian's response: "Atlassian's reaction to the recent successful Trello scraping attack is a further confirmation that we've officially entered the gaslighting era of cybersecurity.
Companies seem to prefer blaming or minimising the impact on victims as their chosen approach to their conspicuous failure in responsibly managing their customers' data."
@Cyber_Security_Channel
⚡️1.5M Affected in Insurance Broker Breach
The company claims to provide insurance and budgetary solutions to various sectors, including healthcare, education, and public organizations.
In the breach notice, the company disclosed that it accesses the personal information provided by its clients to perform certain operations.
@Cyber_Security_Channel
The Consumer Data Privacy Laws Are HERE! New Jersey Officially Joining The Pack
Similar to most states the controller has 45 days to respond to a consumer request and may extend by an additional 45 days so long as it is reasonably necessary and informs the consumer within the initial 45-day response period.
If the controller declines to take action on the consumer’s request they must respond without delay and within 45 days of the request, along with instructing the consumer on how to appeal the decision.
@Cyber_Security_Channel
Data Privacy Week 2024: The Definitive Roundup of Expert Quotes
Depending on what you find, you may need to review what you’re posting on social media.
A simple solve would be to make as much of your profile private, withholding the attacker’s ammo during their data scrapes.
With the rise of deepfakes, videos posted on social media can be used to clone a user’s voice, so depriving threat actors of this valuable resource is crucial.
@Cyber_Security_Channel
DJI’s Rebuttal to National Security Concerns Surrounding Chinese Drones
Despite geopolitical challenges and accusations, DJI advocated for the development of a clear technology-based standard for drone security, applicable to all manufacturers regardless of their country of origin.
The company urged industry-wide adherence to such standards to enhance overall drone and data security.
@Cyber_Security_Channel
First-ever Utah Privacy Audit Finds 66% of Government Entities Failed to Meet Compliance Requirements
According to the Governmental Internet Information Privacy Act, an organization’s privacy policy statement should include: the identity and contact information of the website operator.
the personal information that is being collected; a summary of how it is used; practices related to the sharing of personal information; the procedures — if any — of how users may request access to or correct their information, and security measures to protect the information from unintended sharing.
@Cyber_Security_Channel
Hong Kong Finance Sector on Pace in AI Deployment, With Data Availability, Security and Skills Gap Among Concerns: Survey
Hong Kong’s current pace of AI development in financial services is on par with other financial hubs, according to about 40 per cent of the respondents.
AI has made inroads into several aspects of financial services, with virtual chatbots, fraud detection and biometric authentication being the most prominent application areas, according to the survey, conducted online in December with 86 senior executives based in Hong Kong.
One in four professionals also said Hong Kong is not adequately prepared for future AI adoption in terms of workforce availability and readiness, according to the survey.
@Cyber_Security_Channel
HubSpot Joins the EU Cloud Code of Conduct
As the leading customer platform for scaling businesses, HubSpot recognizes the pivotal role of data protection practices in delivering secure and reliable services.
By joining the EU Cloud CoC General Assembly, HubSpot contributes to the collective effort of promoting solutions to the cloud while actively advancing the harmonization of best practices across the cloud market.
@Cyber_Security_Channel
☄️ The One and Only — JavaScript, Essential Skill for any Web Developer!
This bundle provides you with over 60+ pages and 350+ flashcards on every major concept of JavaScript.
One time investment of 4$ gets you all of this:
The Basics
• Setup
• Buttons
• Variables
• Functions
• Mathematics
• Value vs. Reference
• Strings and Numbers
• Reassigning and Incrementing
Advanced
• ES6
• OOP
• JSON
• Loops
• HTTP Client
• Error Handling
• Array-Methods
• Event Listeners
• Asynchronous JS
& Much More
Tonnes of material for just under 5$!
Try it out for yourself 🚀
→ https://gumroad.com/a/94518995/hppst
VF Corp Reports Significant Cyber Attack, 35.5 Million Customers’ Data Breached
The ransomware group known as ALPHV, also referred to as BlackCat, has claimed responsibility for the attack.
Known for its ransomware and extortion activities, this group has a notorious reputation in the cybercrime world.
The attack involved encrypting some of VF Corp’s IT systems, indicative of a calculated ransomware attack.
@Cyber_Security_Channel
Zero Trust, AI, Capital Markets Drive Consolidation in Cloud Security
"Cybersecurity's focus is shifting to more dynamic solutions that can adapt to the ever-evolving landscape of threats in the cloud age," VanKirk said.
"For years, firewalls have been the cornerstone of cybersecurity defenses.
However, with the rise of cloud computing and secure access service edge (SASE), the industry is shifting its focus to more comprehensive and flexible approaches."
@Cyber_Security_Channel
Australia Cyber Attacks Torrent Prompts Release of New Guidance as Authorities Shore Up National Defenses
The new guidance from Australia’s cyber security agency comes right after the full list of institutions affected by the country’s largest ever government data breach was published.
@Cyber_Security_Channel
Data Privacy Week: Companies are Banning Generative AI Due to Privacy Risks
Most respondents (92%) viewed generative AI as a fundamentally different technology with novel challenges and concerns requiring new techniques to manage data and risk.
The biggest concerns cited were that these tools could hurt the organization’s legal and intellectual property rights (69%), the information entered could be shared publicly or with competitors (68%), and that the information it returns to the user could be wrong (68%).
@Cyber_Security_Channel
Data Privacy Will Be a Critical Enterprise Focus in 2024 — and Generative AI Has Torn Up the Rulebook
Across 2024, industry experts predict that both security threats and breaches will continue to escalate, prompting increased investment from enterprises and a sharpened focus among IT leaders on data privacy and security, according to Greg Clark, director of product management at OpenText.
@Cyber_Security_Channel
⚡️Dutch Data Protection Authority fines Uber €10M Over Privacy Regulations Infringement
The DPA discovered that Uber made it difficult for drivers to access their personal data.
The access request form was buried in the app, spread across menus, and could have been placed more logically.
Uber’s handling of requests resulted in unclear organisation of personal data, complicating interpretation.
The DPA calculated the fine by considering the organisation’s size and the severity of the infringements.
At the time of the violations, approximately 120,000 drivers were working for Uber in Europe.
@Cyber_Security_Channel
Calif. AG Launches Sweep Into Streaming Apps’ Compliance With CCPA
The proposed rule aims to make canceling subscriptions as simple as signing up, saving consumers time and money.
Additionally, sellers would be required to seek consumer consent before making additional offers when canceling subscriptions and provide annual reminders for automatic renewals.
@Cyber_Security_Channel
How AI Is Unlocking the Potential for Real Human Creativity in the Workplace
In customer service, for example, customer support chatbots have replaced humans in resolving commonly asked questions.
Support centers can be overwhelmed with untold thousands of cases per day, most of which are repetitive and unchallenging, leading to agent burnout and attrition.
Chatbots help reduce these problems by handling simple inquiries so that support teams can focus on the more complex cases that require human empathy and creativity for solutions.
@Cyber_Security_Channel
State Lawmaker's Take on New Hampshire Comprehensive Privacy Bill's Impacts
"The focus was really on the smaller state population. We're smaller than a lot of the other states that we were looking at.
But in addition, we have so many small businesses and entrepreneurs here in the state. Customer records on 35,000 is still pretty significant to be responsible for".
@Cyber_Security_Channel
Manufacturers' Cybersecurity Concerns Rising As Data Investments Grow
“As continuing global geopolitical conflicts intensify the risk landscape, cybersecurity remains a top priority,” BDO says.
“As a result, in 2024 manufacturers will deprioritize building the digital thread and focus on internal information transparency and security.
AI performs best when it has access to more data — but sharing data with customers and vendors opens manufacturers up to increased cyber and data privacy risk.”
@Cyber_Security_Channel
New Jersey Passes Comprehensive Privacy Law to Lead the 2024 Wave of State Privacy Laws
Notably, like Colorado’s CPA, the NJDPA does not provide a revenue threshold for the percentage of revenue a business must derive from the sale of data.
Most other current state privacy laws generally apply only if the business derives between 25% to 50% of annual revenue from the sale of personal data.
In addition, applicability under the NJDPA does not involve any form of a revenue threshold, meaning businesses with minimal processing of personal data may not be subject to the law, even if they have high revenues.
@Cyber_Security_Channel
Securiti Collaborates With Lacework to Improve Data Protection in the Cloud
Securiti offers contextual data intelligence and unified controls across the hybrid multicloud.
With Securiti’s Data Command Center, customers not only get the functions defined in DSPM and DSP categories, but also get comprehensive visibility for overall Data Security in SaaS, IaaS, data lakes and warehouses, and on-premise data systems.
Lacework offers security coverage from code security all the way through runtime applications, allowing enterprises to correlate risk and threat data to gain greater security insights and drive better security outcomes.
@Cyber_Security_Channel
Exela Technologies and XBP Europe Announce the Launch of Reaktr.ai to Provide Cybersecurity, Data Modernization and Multi-Cloud Management Enabled by AI
"We are thrilled to have Vineet lead these key strategic services and solutions," said Sriram Ramanathan, Exela’s Chief Technology Officer.
"Vineet's expertise and vision will be instrumental in building this business that not only serves our operations but also harnesses the transformative power of AI and data to transform customers on their digital journeys."
@Cyber_Security_Channel
Degree Requirements are Hurting Government’s AI Recruitment Efforts, House Lawmakers and Experts Say
Hadra noted that IBM has a six-month curriculum for its cybersecurity apprenticeship program that trains employees in these disciplines.
She said that the workers are “ready to hit the ground running on those programs, and because they don’t meet those minimum qualifications, we are not able to put them on that contract.”
@Cyber_Security_Channel
Russian Spies Brute Force Senior Microsoft Staff Accounts
Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,” Microsoft said in a post.
@Cyber_Security_Channel
Cyber Attacks Remain the #1 Cause of Downtime for Business in 2024 Reveals Veeam Data Protection Report 2024
“Ransomware continues to be the biggest threat to business continuity,” said Dave Russell, VP of Enterprise Strategy at Veeam.
“It’s the number one cause of outages today, and protecting against it is hampering digital transformation efforts.
Furthermore, although companies are increasing their spend on protection, less than a third of companies believe they can recover quickly from a small attack.
The findings in this year’s Veeam Data Protection Trends Report highlight the need for continued cyber vigilance, and the importance of every organization to ensure they have the right protection and recovery capabilities. It’s why Veeam’s mission in 2024 is to keep businesses running.”
@Cyber_Security_Channel
MFA Spamming and Fatigue: When Security Measures Go Wrong
MFA spamming refers to the malicious act of inundating a target user's email, phone, or other registered devices with numerous MFA prompts or confirmation codes.
The objective behind this tactic is to overwhelm the user with notifications, in the hopes that they will inadvertently approve an unauthorized login.
To execute this attack, hackers require the target victim's account credentials (username and password) to initiate the login process and trigger the MFA notifications.
📷: Corsica Technologies
@Cyber_Security_Channel
CISA: AWS, Microsoft 365 Accounts Under Active 'Androxgh0st' Attack
The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued an alert about a malware campaign targeting Apache webservers and websites using the popular Laravel Web application framework, leveraging known bugs for initial compromise.
@Cyber_Security_Channel