Hackers Compromised Dropbox eSignature Service
Even users who only received or signed a document through Sign without creating an account had names and email addresses compromised.
However, there is no indication that payment information or customers’ files (signed documents and agreements) were accessed.
Cyber_Security_Channel
Why Your VPN May Not Be As Secure As It Claims
VPNs work by creating a virtual network interface that serves as an encrypted tunnel for communications.
But researchers at Leviathan Security say they’ve discovered it’s possible to abuse an obscure feature built into the DHCP standard so that other users on the local network are forced to connect to a rogue DHCP server.
Cyber_Security_Channel
Don't Have a Modern Antivirus? Learn Why You Shouldn't Be Taking This Risk!
If the modern-day threats bother you and make you worried about safeguarding yourself against online threats then You need not!
Quick Heal Total Security offers a robust defense against modern threats.
Cyber_Security_Channel
Prompt Hacking, Private GPTs, Zero-Day Exploits and Deepfakes: Report Reveals the Impact of AI on Cyber Security Landscape
Pascal Geenens, Radware’s director of threat intelligence and the report’s editor, told TechRepublic in an email, “The most severe impact of AI on the threat landscape will be the significant increase in sophisticated threats.
AI will not be behind the most sophisticated attack this year, but it will drive up the number of sophisticated threats.
Cyber_Security_Channel
Mastercard Takes AI-Driven Fraud Defense to Next Level
Mastercard is launching Scam Protect with a two-pronged product approach.
Mastercard Identity verifies an individual’s authenticity from the moment an account-to-account or card-based payment is initiated.
Mastercard is also collaborating with organizations in other verticals to “tackle scams, mitigate their impact, and educate consumers.
It will collaborate with Verizon on new solutions to protect consumers from scams across multichannel attack vectors.
Cyber_Security_Channel
5 Hard Truths About the State of Cloud Security 2024
The problem is that while hyperscale cloud providers may be very good at protecting infrastructure, the control and responsibility they have over their customers' security posture is very limited.
Cyber_Security_Channel
Zero Trust Takes Over: 63% of Orgs Implementing Globally
These practices potentially can make the transition to zero trust more successful and beneficial to organizations.
While 35% of organizations reported failures that interrupted their implementation of zero-trust strategies, Watts added that "organizations should have a zero-trust strategic plan outlining operational metrics and measure the effectiveness of zero-trust policies in order to minimize delays."
Cyber_Security_Channel
MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days
Following the discovery of the breach, MITRE took the NERVE environment offline and launched an investigation.
The organization determined that the attack involved exploitation of two Ivanti Connect Secure VPN device vulnerabilities for initial access.
Cyber_Security_Channel
Personal Information of Parents, Staff at 127 Schools Accessed in Data Security Breach
Mobile Guardian is a device management app (DMA) installed on personal learning devices used by students, like iPads and Google Chromebooks.
The app enables parents to manage students’ device usage by restricting applications or websites and screen time.
Cyber_Security_Channel
Quantum-Proof Encryption May not Actually Stop Quantum Hackers
Quantum computers threaten to one day crack the widely used encryption algorithms that keep banking, email and other data safe, so researchers having been working to develop “post-quantum” algorithms to replace them.
Many of these are based on “lattice problems”, an area of mathematics that involves regular patterns, or lattices, in space.
Cyber_Security_Channel
3 Steps Executives and Boards Should Take to Ensure Cyber Readiness
A company's response to a crisis is a direct reflection of its preparedness.
Rather than focus solely on what happens during and after a cyber incident, executives and leadership teams must first understand that the period preceding an event is most critical.
Cyber_Security_Channel
Web3 Game Developers Targeted in Crypto Theft Scheme
"The targeted nature of this campaign suggests that threat actors may perceive Web3 gamers as having a more acute vulnerability to social engineering, due to an assumed trade-off in cyber hygiene — meaning that Web3 gamers may have fewer protections in place against cybercrime — in the pursuit of profit," according to the report.
Cyber_Security_Channel
Critical Infrastructure Security: Observations From the Front Lines
However, as someone who works on the front lines of critical infrastructure security, I believe that, rather than panicking about Volt Typhoon and the threats the group represents, we should focus on several positives.
Cyber_Security_Channel
Google Cloud Unveils Custom Arm AI Chip. Nvidia Stock Falls
Google Cloud offers our AI Hypercomputer, an architecture that combines our powerful TPUs, GPUs, AI software and more to provide an efficient and cost effective way to train and serve models.
Cyber_Security_Channel
LastPass Users Hit by Major Phishing Scam: Master Passwords Breached
One of LabHost’s main services was to help hackers create a fake website that looked just like the legitimate one so that users could be tricked into entering their login credentials.
That’s exactly what happened in this scenario with LastPass.
Cyber_Security_Channel
Why Remote Desktop Tools are Facing an Onslaught of Cyber Threats
Over 99% of the attack attempts leveraging VNC were aimed at HTTP ports, and the other 1% targeted the transfer control protocol (TCP).
Tanner suggested this is probably due to the fact that HTTP does not require specific authentication, unlike TCP.
Cyber_Security_Channel
City of Wichita Shuts Down Network Following Ransomware Attack
It is unclear whether personal information was compromised in the attack, but Wichita said details on the matter will be provided as the investigation into the incident advances.
Cyber_Security_Channel
Mastercard Takes AI-Driven Fraud Defense to Next Level
Mastercard is launching Scam Protect with a two-pronged product approach.
Mastercard Identity verifies an individual’s authenticity from the moment an account-to-account or card-based payment is initiated.
Cyber_Security_Channel
AI Ethics Officer and Cybersecurity Analyst Lead Job Market
An AI Ethics Officer is a professional attending to the issues of ethical undercurrents in the process of developing, applying, and utilizing artificial intelligence (AI) technologies in the organization as a whole.
The role primarily dabbles with promoting responsible AI practices, identifying and rectifying ethical risks and biases, and establishing transparency, fairness, answerability, and inclusivity in AI systems and procedures.
Their role would be to train and oversee the AI work, which will be used as a powerful impetus for social and economic development.
The job market in both the fields of AI ethics officer and cybersecurity analyst reflects the growing demand for ethical governance and cybersecurity.
Both the tech roles offer promising career opportunities.
Cyber_Security_Channel
25 Cybersecurity AI Stats You Should Know
This is what the key points look like:
1. Security pros are cautiously optimistic about AI.
2. AI abuse and misinformation campaigns threaten financial institutions.
3. Enterprises increasingly block AI transactions over security concerns.
4. Scammers exploit tax season anxiety with AI tools.
5. Advanced AI, analytics, and automation are vital to tackle tech stack complexity.
6. Today’s biggest AI security challenges.
7. AI tools put companies at risk of data exfiltration.
Read further in the following article — find the remainder of the list here.
Cyber_Security_Channel
A Thorn in Attackers’ Sides: How Darktrace Uncovered a CACTUS Ransomware Infection
In November 2023, Darktrace observed malicious actors leveraging the aforementioned method of exploiting Qlik to gain access to the network of a customer in the US, more than a week before the vulnerability was reported by external researchers.
Cyber_Security_Channel
Where Hackers Find Your Weak Spots
So how do attackers gather data about their targets?
There are five sources of intelligence cybercriminals can use to gather and analyze information about their targets.
Read about them in the above article.
Cyber_Security_Channel
ARTIFICIAL INTELLIGENCEUS-China Competition to Field Military Drone Swarms Could Fuel Global Arms Race
The world’s only AI superpowers are engaged in an arms race for swarming drones that is reminiscent of the Cold War, except drone technology will be far more difficult to contain than nuclear weapons.
Because software drives the drones’ swarming abilities, it could be relatively easy and cheap for rogue nations and militants to acquire their own fleets of killer robots.
The Pentagon is pushing urgent development of inexpensive, expendable drones as a deterrent against China acting on its territorial claim on Taiwan.
Washington says it has no choice but to keep pace with Beijing. Chinese officials say AI-enabled weapons are inevitable so they, too, must have them.
Cyber_Security_Channel
‘Meta is out of options’: EU Regulators Reject its Privacy Fee for Facebook and Instagram
Meta has tried using various legal justifications for scooping up and processing European users’ personal data over the years since the General Data Protection Regulation (GDPR) came into force in 2018 — with each being successively shot down by regulators as being an unacceptable reading of the privacy law.
Cyber_Security_Channel
DDoS Attacks Are Still Growing and There Are New Threats On the Horizon
In aggregate, HTTP DDoS attacks remain (just about) the leading form of attacks, accounting for 37% of all DDoS attacks.
DNS DDoS attacks make up 33%, and the remaining 30% is left for all other types of L3/4 attacks, such as SYN Flood and UDP Floods.
Cyber_Security_Channel
Growing macOS Adoption Opens the Door to Increasingly Sophisticated TCC-based Attacks
The report noted that growing numbers of businesses are adopting Mac systems and that this increased corporate market share is inviting an increased volume of attacks.
Cyber_Security_Channel
FBI Warns of Massive Toll Services Smishing Scam
The FBI also recommended anyone receiving similar messages to check their account on the legitimate toll service’s website or call its customer service number, to see if they do indeed owe money or not.
Cyber_Security_Channel
AT&T Confirms Data Breach Affecting Over 51 Million Customers
TechCrunch reported a subset of the leaked data had first surfaced online three years ago, but AT&T did not take any significant action at that time.
It was only after the complete dataset was published that the company acknowledged the breach and began taking steps to mitigate the potential risks to its customers.
Cyber_Security_Channel
Apple’s New iOS 18 AI Plans—What To Know About Data Privacy
The iOS 18 rumor mill has been in full swing for months now, with other iPhone features including design changes and a more customizable home screen.
Meanwhile, Apple Maps is adding support for customizable routes and messaging standard RCS will be added to iPhones.
At least one of the new iOS 18 AI features—Encrypted Visual Search—seems to have security at its core and this is very typical of Apple.
I expect to see a bunch of AI features on your iPhone when iOS 18 launches this year, but I do think Apple will carefully consider security and privacy.
After all, it has a reputation to protect.
Cyber_Security_Channel
Simbian Emerges From Stealth With $10 Million to Build Autonomous AI-Based Security Platform
Simbian is focusing on the economic benefit of automated security rather than the full potential benefit of autonomous security.
“Users provide their goal and business context in natural language,” says the firm, “and Simbian’s patent-pending LLM-powered platform provides personalized recommendations and generates automated actions across heterogeneous environments.”
The argument is that human experts will be relieved from tedious tasks, and business will need fewer of those expensive humans.
Cyber_Security_Channel