Cyber Security News

09 августа 2023 06:55

Serious Security: Rowhammer Returns to Gaslight Your Computer

The giveaway to his criminality is that, in his nightly visits, he not only makes noises that can be heard downstairs, but also needs to turn on the gas lights to see what he’s doing.

Because the entire building is connected to the same gas supply (the play is set in 1880s London, before household electricity replaced gas for lighting), opening and igniting a gas burner in any room causes a temporary pressure drop in the whole system, so that the murderer’s wife notices a brief but telltale dimming of her own lights every time he’s upstairs.

@Cyber_Security_Channel

Cyber Security News

08 августа 2023 22:28

Demystifying Cyber Threats: A Deep Dive Into Lesser-Known Dangers

Trojans, ransomware, phishing, spear phishing, whaling, and social engineering have become household terms. However, there are many more cyber threats – equally potent, if not more – that often go unnoticed.

Form jacking Attacks,IoT Attacks,Deepfake Technology,Side-Channel Attacks,Cloud Jacking,AI-Powered Cyberattacks are some of these threats .

@Cyber_Security_Channel

Cyber Security News

08 августа 2023 17:36

36% of Europeans Don’t Even Have an IoT Device

More than 9 out of 10 Europeans who have voice assistants use them, although only 25% use them frequently.

More than half of Europeans (55%) believe that such Internet-connected devices do NOT respect their privacy.

Nearly 70% of respondents are aware of the amount of data being shared via voice assistants even when they are not in use.

62% of respondents are very concerned that these devices collect information and audio on them.

@Cyber_Security_Channel

Cyber Security News

08 августа 2023 13:55

Oblivious: Unlocking Sensitive Data Without Compromising Privacy

Data is the building block of the modern digital economy.

However, one of the biggest challenges around data is walking the tightrope between using valuable information to gain business insights and respecting the privacy rights of individuals.

@Cyber_Security_Channel

Cyber Security News

08 августа 2023 09:30

Zero Trust Keeps Digital Attacks From Entering the Real World

Critical infrastructure is a prime target for bad actors, which is why the federal government is taking strides to better secure critical infrastructure through new policies, tactics, and dedicated committees.

An attack could cause widespread blackouts, make national transportation systems grind to a halt, and put lives at risk.

Such was the case during the Colonial Pipeline cyberattack two years ago.

Not to mention, attackers expect their victims to pay their ransom demands to restore encrypted systems.

@Cyber_Security_Channel

Cyber Security News

08 августа 2023 02:47

The Future of Cybersecurity: Embracing Cloud Workload Protection Strategies

The future of cybersecurity is intrinsically tied to the evolution of cloud computing.

As cloud technologies continue to advance, so too will the sophistication of cyber threats.

Cybercriminals are becoming more adept at exploiting vulnerabilities in cloud environments, necessitating the development of more robust and dynamic cloud workload protection strategies.

One of the key trends shaping the future of cloud workload protection is the increasing adoption of artificial intelligence (AI) and machine learning (ML) technologies.

These technologies are being leveraged to enhance threat detection and response capabilities.

AI and ML can analyze vast amounts of data in real-time, identifying patterns and anomalies that could indicate a potential security threat.

This allows for quicker detection and mitigation of threats, reducing the potential damage to businesses.

@Cyber_Security_Channel

Cyber Security News

07 августа 2023 20:39

The Dotted – And Blurry – Line Between Data Privacy And Antitrust

The conflicts between Google’s Privacy Sandbox proposals and regulator concerns about Chrome removing third-party cookies is another classic example of the interrelationship between privacy and antitrust.

Regardless of any purported consumer privacy benefits, the proposed changes to Chrome could incentivize advertisers to concentrate even more of their budgets with Google ad tech, at the expense of Google’s competitors.

@Cyber_Security_Channel

Cyber Security News

07 августа 2023 17:01

Data Breach Reported in Arizona's School Voucher Program

He also says the breach had nothing to do with the resignations this week of two top administrators overseeing the ESA program, including operations director Linda Rizzo and Christine Accurso, Horne's pick to oversee the school voucher program.

Arizona Treasurer Kimberly Yee says her office contracts financial service firms for state agencies, including the ESA program.

Her office reportedly learned of the breach earlier this month and notified the Arizona Department of Homeland Security right away.

According to Yee, the agency confirmed the breach did not originate with the vendor.

@Cyber_Security_Channel

Cyber Security News

07 августа 2023 12:34

Second Ivanti EPMM Zero-Day Vulnerability Exploited in Targeted Attacks

Late last week, Ivanti published an advisory and CISA issued an alert to inform organizations about this second vulnerability and warn them of active exploitation. Organizations have been urged to immediately patch their devices.

EPMM, formerly known as MobileIron Core, is a mobile management software engine used by IT teams to set policies for mobile devices, applications, and content.

Ivanti noted that CVE-2023-35081 can be exploited in conjunction with CVE-2023-35078 to bypass admin authentication and access control list (ACL) restrictions.

@Cyber_Security_Channel

Cyber Security News

07 августа 2023 08:09

The Role of GANs in AI-Powered Cybersecurity Solutions

GANs are essentially two neural networks contesting with each other in a zero-sum game framework.

They consist of a generator network that creates new data instances, and a discriminator network that evaluates them for authenticity.

The role of Generative Adversarial Networks (GANs) in AI-powered cybersecurity solutions is rapidly gaining prominence in the world of technology.

@Cyber_Security_Channel

Cyber Security News

07 августа 2023 03:25

CISA’s Security-By-Design Initiative is at Risk: Here’s a Path Forward

CISA director Jen Easterly’s announcement of these efforts appears to put CISA at the forefront of this rebalancing, addressing technology vendors’ incentives to underinvest in security through changes in how those firms design and deploy the products they sell.

As the first substantive proposal from President Biden’s administration to effectuate this rebalancing since the launch of the strategy, the success or failure of the SbD initiative could be a bellwether for one of the strategy’s two fundamental ideas

@Cyber_Security_Channel

Cyber Security News

06 августа 2023 22:48

How IoT Can Fortify Fraud Detection

Artificial intelligence (AI) and machine learning programs are the greatest weapons in the fight against digital fraud.

Software can detect unlawful and high-risk online activities by monitoring user behaviors and calculating the probability of whether transactions are fraudulent.

IoT is a revolutionary technology that has a wide range of applications.

Connecting digital devices and programs can minimize the vulnerabilities hackers can take advantage of — dramatically lowering the fraud rate for financial institutions and boosting a company’s reputation in the eyes of consumers.

@Cyber_Security_Channel

Cyber Security News

06 августа 2023 19:40

Google Addressed 3 Actively Exploited Flaws in Android

A remote attacker who has taken over the renderer process can trigger the flaw escape the sandbox and execute arbitrary code on Android devices.

Google released two patch levels, the first one released on July 1 addressed 22 vulnerabilities in the Framework and System components.

The second patch level, released on July 5, fixed 20 vulnerabilities in the kernel and closed source components.

@Cyber_Security_Channel

Cyber Security News

06 августа 2023 15:47

How to Safely Architect AI in Your Cybersecurity Programs

Because of such worries about ChatGPT's compliance with the EU's General Data Protection Regulation (GDPR), which mandates strict guidelines for data collection and usage, Italy has imposed a nationwide ban on the use of ChatGPT.

Rapid advancements in AI and generative AI applications have opened up new opportunities for accelerating growth in business intelligence, products, and operations.

But cybersecurity program owners need to ensure data privacy while waiting for laws to be developed.

@Cyber_Security_Channel

Cyber Security News

06 августа 2023 13:42

Another Top Biglaw Firm's Ransomware Attack Shows The Importance Of Cybersecurity

Cyber attacks are a real threat to firm security, and even large firms like Quinn Emanuel need to be wary of them.

The firm told Reuters it retained cyber and forensic experts to understand the scope of the attack and has worked with law enforcement authorities "to prevent further breaches and to recover the electronic discovery material.

Bryan Cave Leighton Paisner also recently experienced a data breach.

Food giant Mondelez International, a client of the law firm, in June disclosed that there was unauthorized access to BCLP's systems between Feb. 23 and March 1, 2023.

@Cyber_Security_Channel

Cyber Security News

09 августа 2023 02:03

Personal Information of 11 Million Patients Stolen in Data Breach at HCA Healthcare

“The investigation is ongoing and we cannot confirm the number of individuals whose information was impacted".

HCA Healthcare believes that the list contains approximately 27 million rows of data that may include information for approximately 11 million HCA Healthcare patients” - the company says.

The information was extracted from “an external storage location exclusively used to automate the formatting of email messages”.

@Cyber_Security_Channel

Cyber Security News

08 августа 2023 19:09

Razer Data Breach: Alleged Database and Backend Access Sold for $100k

In exchange for the stolen data, ‘Nationalist’ requested a payment of US$100,000 in Monero (XMR) cryptocurrency, but also indicated a willingness to negotiate offers below the asking price.

Monero, unlike Bitcoin, Ethereum or other cryptocurrencies, prioritizes privacy and anonymity, making it challenging to track the movement of funds and identify those involved.

“I have stolen the source code, encryption keys, database, backend access logins etc for razer.com & its products. I do not waste my time with non-serious buyers.

I will be selling this one time. I am looking for $100K in XMR for the entire set of data, including access. MM only. I am looking for offers, not just $100k, can be less,” said the threat actor.

@Cyber_Security_Channel

Cyber Security News

08 августа 2023 15:26

Suncor Reports Data Breach Affected Petro-Points Members’ Basic Contact Data

“We are notifying Petro-Points members and the appropriate privacy regulators. If we discover additional information was obtained, we will notify affected parties as appropriate,” Suncor said.

Suncor’s operations cover oil sands development, production, offshore oil and gas, petroleum refining in Canada and the U.S.

The company noted that the cyber security incident has not impacted the safety and reliability of its field operations.

@Cyber_Security_Channel

Cyber Security News

08 августа 2023 11:47

What Happens to Your Personal Info After a Data Breach?

Cybercriminals get their hands on a host of your data through hacks, leaks, physical theft, human error, phishing attacks, ransomware, and other means.

That includes Social Security numbers, bank account and credit card details, health records, passwords, device info and lots more.

Companies and institutions are legally required to disclose data breaches, so if you’ve been involved, you’ll get some kind of communication informing you what was accessed (if that info is available at the time).

@Cyber_Security_Channel

Cyber Security News

08 августа 2023 07:56

Free VPN Data Breach Exposes 360M User Records

SuperVPN has a troubling track record of security vulnerabilities and data leaks.

In previous instances, the app was found to have vulnerabilities that could enable man-in-the-middle (MITM) attacks and expose users’ credit card details.

Moreover, SuperVPN has been flagged as a malware-rigged app in the past, leading to warnings for users to delete the app.

@Cyber_Security_Channel

Cyber Security News

07 августа 2023 22:44

ChatGPT to ThreatGPT: Generative AI Impact in Cybersecurity and Privacy

Generative AI, the latest frontier of technology, employs deep neural networks to learn patterns and structures from extensive training data, which enables the creation of similar new content.

OpenAI’s ethical policy prevents LLMs like ChatGPT from aiding the threat actors with malicious information. However, the threat actors can bypass these restrictions using various malicious techniques, such as:

- Jailbreaking
- Reverse psychology
- Prompt Injection Attacks
- ChatGPT-4 Model escaping

@Cyber_Security_Channel

Cyber Security News

07 августа 2023 18:10

Critical Vulnerability Can Allow Takeover of Mastodon Servers

Of the remaining three bugs addressed in Mastodon last week, two are high-severity vulnerabilities leading to denial-of-service (DoS) and information leaks, while the third is a medium-severity flaw allowing attackers to create visually misleading links for phishing.

All five vulnerabilities were resolved with the release of Mastodon versions 4.1.3, 4.0.5, and 3.5.9. All administrators are advised to update their Mastodon instances as soon as possible.

@Cyber_Security_Channel

Cyber Security News

07 августа 2023 15:49

CISA Warns About SUBMARINE Backdoor Employed in Barracuda ESG Attacks

In Mid-June, Mandiant researchers linked the threat actor UNC4841 behind the attacks that exploited the recently patched Barracuda ESG zero-day vulnerability to China.

“Through the investigation, Mandiant identified a suspected China-nexus actor, currently tracked as UNC4841, targeting a subset of Barracuda ESG appliances to utilize as a vector for espionage, spanning a multitude of regions and sectors.” reads the report published by Mandiant.

“Mandiant assesses with high confidence that UNC4841 is an espionage actor behind this wide-ranging campaign in support of the People’s Republic of China.

@Cyber_Security_Channel

Cyber Security News

07 августа 2023 10:03

Provider for Meta’s File-Storage Needs Suggests Path Forward for Web3 Data Management

The scale of this trade raises significant concerns about privacy violations and the erosion of personal agency.

This is evidenced by regulators in the European Union defining rules around the right of access known as the General Data Protection Regulation (GDPR), which makes it a right for each person to own their data and use it as an asset.

@Cyber_Security_Channel

Cyber Security News

07 августа 2023 05:35

Barbie's Data Privacy Scandal

Hello Barbie doll could remember up to three different WiFi locations and did not require a smart device after WiFi configuration.

Once the set up had been completed when a child held down the doll’s belt buckle and spoke to Barbie, the audio was sent to ToyTalk’s servers to perform speech recognition using artificial intelligence.

In one case a ‘hacker’ opened the doll, de-soldered the chip from the circuit board, and placed the chip into a reader so they can look at the memory.

In the second, they accessed the interface on the doll that the mobile app uses to configure it.

@Cyber_Security_Channel

Cyber Security News

07 августа 2023 01:39

US Finalizes EU-US Data Privacy Framework Requirements, Awaits EU Adequacy Decision

The designations take effect upon finalization of the European Commission's adequacy decision with the U.S.

Meanwhile, the ODNI released the policies and procedures the U.S. intelligence community will follow as part of the executive order.

@Cyber_Security_Channel

Cyber Security News

06 августа 2023 21:15

Embracing ChatGPT? Pay Attention To These Cybersecurity Concerns

ChatGPT poses such a massive risk to privacy and data security is its vulnerability to data breaches, particularly because it is built on open-source code.

As a result, anyone with the proper technology and equipment can inspect, modify and enhance the code.

Although ChatGPT and other chatbots are valuable tools, as is the case with any other technological advancement, users must beware of the data they put into this program.

@Cyber_Security_Channel

Cyber Security News

06 августа 2023 17:44

What Role Does AI Play In Enhancing Aviation Cybersecurity?

AI-driven systems can analyze vast amounts of data to identify potential security breaches and anomalies, while automation streamlines air traffic management, reducing the risk of human error.

As the industry continues to embrace emerging technologies, the implementation of a robust zero-trust approach becomes indispensable to safeguarding our skies against cyberattacks and ensuring the safety of air travel for all passengers.

@Cyber_Security_Channel

Cyber Security News

06 августа 2023 13:52

Ensuring Transparency and Control for Personal Data

DataGrail is addressing these concerns and providing a platform that empowers organizations to address privacy risk concerns and deliver the brand trust and transparency that customers demand.

DataGrail will need to adapt and innovate as the emergence of new data protection regulations, increased sophistication of cyber threats, and evolving customer expectations change the data privacy landscape.

@Cyber_Security_Channel

Cyber Security News

06 августа 2023 11:59

OpenAI, Microsoft, Google, Anthropic Launch Frontier Model Forum to Promote Safe AI

Additionally, the forum says it will “establish trusted, secure mechanisms for sharing information among companies, governments, and relevant stakeholders regarding AI safety and risks”.

The forum will follow best practices in responsible disclosure in areas such as cybersecurity.

@Cyber_Security_Channel