Cyber Security News

13 августа 2023 02:35

What Is the Difference Between Encryption, Compression, and Archiving?

Encryption transforms data into an unreadable format using mathematical algorithms that convert data into a cipher-like form. Encryption is a reversible process.

Compression is a process of minimizing data size for efficient storage and faster transmission. Compression maximizes resources by reducing the size of files, often by eliminating redundant or unnecessary information.

Archiving consolidates multiple files or directories into a single file, an archive. This approach allows for the efficient storage and management of related files while preserving their original structure and content.

@Cyber_Security_Channel

Cyber Security News

12 августа 2023 18:53

How to Build Consumer Trust in Your Data Privacy

This provides companies with both risk and opportunity.

The risk is that, if you do nothing to bolster your data privacy reputation, your customers will abandon you for more secure competitors. But there’s an opportunity, too.

If you clearly demonstrate your commitment to data privacy, you can strengthen your relationship with existing customers as well as gain new ones.

Plus, as swathes of new data privacy regulations come into play in 2023, there’s no harm in staying ahead of the lawmaking curve.

@Cyber_Security_Channel

Cyber Security News

12 августа 2023 11:49

How to Check If Someone Else Accessed Your Google Account

The system will show you information about the last 10 times your Gmail account has been accessed, along with the access type (browser, POP, mobile), location (IP address), and the date and time of access.

This can help you identify if any of this access is from an unexpected device, place or time.

Note: If you use a virtual private network (VPN) or a hosted desktop, the location data may reflect information related to your service provider, instead of your physical address.

@Cyber_Security_Channel

Cyber Security News

12 августа 2023 02:46

Ransomware, From a Different Perspective

There may be confidence that ransom demands can be spurned, organizations secure in the knowledge there is a good set of data accessible from a backup location, but who has the last laugh if the attacker has managed to infiltrate this data as well? For this very reason, a part of a ransomware attack can be focused on seeking out and disabling backup data to remove an organization’s ability to combat the attack.

Backup data, therefore, needs equivalent focus and protection to that of operational data. It is very dangerous to assume anything else and failure to extend cybersecurity strategy in this way exposes a vital defense.

@Cyber_Security_Channel

Cyber Security News

11 августа 2023 20:14

Data Breach Exposes Personal Information of 612K Medicare Recipients

Specific information that may have been compromised includes names, phone numbers, email addresses, Social Security numbers, healthcare provider and prescription information as well as health insurance claims, CMS said.

No CMS or Department of Health and Human Services systems were impacted, the agency added.

CMS and Maximus are sending letters to Medicare beneficiaries who may be impacted by the incident and both are offering free credit monitoring services for two years.

@Cyber_Security_Channel

Cyber Security News

11 августа 2023 17:03

Nearly All Modern CPUs Leak Data to New Collide+Power Side-Channel Attack

Collide+Power is a generic software-based attack that works against devices powered by Intel, AMD or Arm processors and it’s applicable to any application and any type of data.

The chipmakers are publishing their own advisories for the attack and the CVE-2023-20583 has been assigned.

However, the researchers pointed out that Collide+Power is not an actual processor vulnerability — it abuses the fact that some CPU components are designed to share data from different security domains.

@Cyber_Security_Channel

Cyber Security News

11 августа 2023 13:50

DARPA Program Aims to Strengthen Cybersecurity Via Automation

DARPA says that the INGOTS program will last three years and have two phases: Phase 1 will focus on exploring, designing, developing, and demonstrating tools and techniques;

While Phase 2 will focus on maturing and refining these tools and techniques and expanding their coverage across vulnerability and exploitation classes.

@Cyber_Security_Channel

Cyber Security News

11 августа 2023 07:39

Cyberattacks Are a War We'll Never Win, but We Can Defend Ourselves

Data has never been more valuable or more vulnerable than it is today.

Ransomware has evolved from taking data hostage to new and malicious ways of monetizing and exploiting businesses and personal data.

But whatever the motivation of an attacker — hackers showing their prowess, hostile governments attacking perceived enemies, criminal greed — the key to being a guardian of one's data is recognizing that security must be built into a data system, not bolted on.

@Cyber_Security_Channel

Cyber Security News

11 августа 2023 03:48

Clop Crime Group Adds 62 Ernst & Young Clients to Leak Sites

Most of the recently named victims are from Canada and include Air Canada, Altus, Amdocs, Constellation Software, EY-Continental Transition, Laurentian Bank of Canada, LendLease, Sierra Wireless, SSC Fraud Risk Assessment, St. Mary's General Hospital Surgical Services Review, Staples Canada, Sun Life Assurance of Canada, United Parcel Service Canada Ltd. and more.

@Cyber_Security_Channel

Cyber Security News

10 августа 2023 22:37

Summer Documentary Watch Party: 8 Sizzling Cybersecurity Tales

The first on the Dark Reading list is so fresh that it hasn't even been released yet.

You'll be able to rent it starting Aug. 15, so it'll be perfect for when you're unpacking or otherwise recovering back home.

@Cyber_Security_Channel

Cyber Security News

10 августа 2023 18:15

Case from Mid- July: Apple fixes critical zero-day hole in iPhones, iPads and Macs

That’s because Apple doesn’t want users to be able to downgrade on purpose to reintroduce old bugs that they now know can be used for jailbreaking devices or installing an alternative operating system, even on devices that Apple itself it no longer supports.

Even if you completely wipe and reinstall your iDevice from scratch via a USB cable, using the built-in DFU (direct firmware update) utility, Apple’s servers know what version you were using before the reinstall, and won’t let you activate an old firmware image onto a device that’s already been upgraded past that point.

@Cyber_Security_Channel

Cyber Security News

10 августа 2023 14:33

How to Enable or Disable Bitlocker Encryption in Windows

Just as when you encrypted the drive, this process will take a while to complete, but you can keep using your computer as normal with the possibility of slightly worse performance.

Most modern computers should have no noticeable performance differences with BitLocker switched on, so there’s little downside to using the feature unless you lose your recovery key, but then your most important data should always be backed up in more than one location, such as cloud storage.

@Cyber_Security_Channel

Cyber Security News

10 августа 2023 06:35

Case Study: Spain. New Regulation on Commercial Calls

It establishes a set of prohibitions and a series of conditions to be able to make such commercial phone calls in compliance with the General Data Protection Regulation (GDPR).

The rules are more oriented towards B2C (“business to consumers”) commercial campaigns, the circular also regulates the processing of personal data of professionals involved in B2B (“business to business”) commercial phone calls.

@Cyber_Security_Channel

Cyber Security News

09 августа 2023 22:07

Analysts: Cybersecurity Funding Set for Rebound

"While the theme of conservatism and expectations for continued headwinds have remained throughout the first half of the year, we do expect to see strategic activity slowly begin to rebound in the second half of 2023 and into 2024," says Eric McAlpine, founder and managing partner of analyst firm Momentum Cyber.

Financing and M&A activity will both eventually pick up as companies that were able to make do financially so far begin to feel the need for fresh capital to fuel their business, he says.

@Cyber_Security_Channel

Cyber Security News

09 августа 2023 14:45

Data Breach of Android Tracking App “LetMeSpy” Exposes Contact Information, Messages

The tracking app has been available for about 10 years now, and the company boasts of monitoring over 230,000 devices and logging over 100 million calls and text messages during that time.

Security researchers that have pored through the dumped database believe that the data breach contains information from at least 13,000 devices that the app has been installed on, along with contact information for about 26,000 of its customers and location data points for about 13,400 people.

@Cyber_Security_Channel

Cyber Security News

12 августа 2023 21:27

How to Avoid Mobile Data Leakage and Data Breach

One of the leading causes of mobile data leakage is the use of insecure mobile applications.

Some developers may not prioritize security measures, leading to vulnerabilities that attackers can exploit.

These vulnerabilities may allow unauthorized access to sensitive data stored within the application.

@Cyber_Security_Channel

Cyber Security News

12 августа 2023 15:45

Baffle Delivers End-to-End Data Protection for Analytics

Baffle Data Protection for Analytics is the easiest and fastest way to secure analytics while meeting increasingly stringent compliance mandates.

With no code changes, the platform encrypts, tokenizes or masks data as it is ingested into the most popular analytics databases and data warehouses to ensure a strong security posture when data is stored and moved through analytics pipelines.

Baffle Data Protection for Analytics provides end-to-end controls for data ingestion, from applications into data stores, to consumption, from data warehouses for processing and analysis.

Fine-grained access control ensures no unauthorized users, including cloud admins, database administrators, data analysts or data scientists, can access sensitive data in clear text

@Cyber_Security_Channel

Cyber Security News

12 августа 2023 07:46

Truist prepares to use IBM's quantum computers for cybersecurity and AI

The Charlotte-based bank announced Wednesday that it will join the IBM Quantum Accelerator program and welcome IBM to the bank's Innovator in Residence program.

Truist's Innovator in Residence program brings in outside subject matter experts to help the bank innovate. IBM is the newest member; Amazon Web Services and Verizon are existing partners.

@Cyber_Security_Channel

Cyber Security News

11 августа 2023 22:46

Contrast Responsible AI Policy Project | Keeping your business safe in the AI era | Contrast Security

AI is no longer just a concept. It is embedded in our everyday lives, powering a vast array of systems and services, from personal assistants to financial analytics.

The Contrast Responsible AI Policy Project is a testament to our belief in transparency, cooperation and shared growth. As AI continues to evolve, we need to ensure that its potential is harnessed in a responsible and ethical manner.

@Cyber_Security_Channel

Cyber Security News

11 августа 2023 19:31

What is Data Anonymization? Importance, Tools and Use Cases

The surge in the adoption of advanced technologies such as artificial intelligence, large language models, and growing adoption of cloud-based services, especially by different scale enterprises and mitigating the risk of data breaching, can be considered as attributable factors to the growth of the data masking market.

Data anonymization is critical in many industries where sensitive information is collected and analyzed to gain business insights and comply with regulations

@Cyber_Security_Channel

Cyber Security News

11 августа 2023 15:57

Abyss Locker Ransomware Looks to Drown VMware's ESXi Servers

Several ransomware collectives, including new kid on the block Akira, Black Basta, Cl0p, HelloKitty, IceFire, Hive, LockBit, MichaelKors, Royal, REvil, and others have all made the move to Linux and locking up ESXi machines.

Stoking the trend is the release of the VMware-focused Babuk source code, which as of mid-May had spawned at least 10 EXSi-ready ransomware variants, according to a SentinelOne report at the time.

Ransomware hunter Michael Gillespie told BleepingComputer that Abyss Locker's Linux encryptor appears to be based on the older HelloKitty ransomware, which was behind a string of high-profile attacks such as the Cyberpunk 2077 gaming attack two+ years ago.

@Cyber_Security_Channel

Cyber Security News

11 августа 2023 11:50

A New Era of Transatlantic Data Privacy: Implications for Emerging Markets Within Europe

The adoption of the adequacy decision for the EU-US Data Privacy Framework by the European Commission signals that the US data protection standards meet the rigorous requirements of the EU General Data Protection Regulation (GDPR).

This allows for a seamless flow of data between the EU and the US, providing a high level of protection for European citizens’ data being transferred across the Atlantic.

@Cyber_Security_Channel

Cyber Security News

11 августа 2023 05:55

SEC Demands Four-Day Disclosure Limit for Cybersecurity !reaches

Simply put, if you’re running a company that offers shares to the public, you need to comply with the rules and regulations of the SEC, which are supposed to give your investors some sort of protection against unsubstantiated claims that disingenuously talk up a proposal, or that sneakily misrepresent the level of risk involved.

@Cyber_Security_Channel

Cyber Security News

11 августа 2023 01:35

Best Practices for Enterprise Private 5G Security

It's clear there is a shared responsibility in 5G networks, and this isn't going to be the same for every organization. 5G networks are likely to be deployed in different ways, as depicted in the figure below.

No matter the deployment model, the enterprise will likely be working with service providers and system integrators at some point throughout their journey, whether that be planning, deployment, or operation.

@Cyber_Security_Channel

Cyber Security News

10 августа 2023 20:01

'ScarletEel' Hackers Worm Into AWS Cloud

ScarletEel also continues to refine its tactics, according to the latest analysis from the firm — evading cloud security detection mechanisms and reaching into the little-touched AWS Fargate compute engine.

And it has expanded its arsenal by adding DDoS-as-a-service to its list of exploitation techniques.

"So, compared to their prior activity, we see that they're more aware of the victim environment, and they enhanced their abilities in terms of where to go, how to exploit it, and how to evade the defensive security measures that the customers have already begun to implement," says Alessandro Brucato, threat research engineer for Sysdig.

@Cyber_Security_Channel

Cyber Security News

10 августа 2023 16:31

Choice Hotels: Radisson Guest Info Breached in MOVEit Attacks

“Choice Hotels takes cybersecurity and privacy very seriously. The integrity of our customers’ information is of the utmost importance, and significant resources are dedicated to continuously monitor the cyber landscape, including guidance from regulators, so that we can evaluate and adjust as needed,” it said.

@Cyber_Security_Channel

Cyber Security News

10 августа 2023 12:58

Former Security Engineer Arrested for $9 Million Crypto Exchange Hack

After stealing the funds, Ahmed, who at the time was a senior security engineer at an international technology company, specialized in smart contracts and blockchain audits, contacted the crypto exchange and returned most of the funds, except for roughly $1.5 million he kept as a bounty.

While the indictment does not name the impacted crypto exchange, the description of the attack suggests that Ahmed defrauded Crema Finance, which announced on July 4, 2022, that hackers had used this mechanism to steal roughly $8.8 million worth of assets.

@Cyber_Security_Channel

Cyber Security News

10 августа 2023 01:53

Ten years on, Snowden Has Had Tremendous Impact – Good and Bad – on Corporate Security

Snowden’s leaks also made us more aware of the lack of data privacy, and it took many years before states began to formulate better laws to protect our privacy.

Some circumstances, such as fighting malware attacks, haven’t changed much, although they have gotten more sophisticated.

We have gotten better tools to defend ourselves and our privacy, and the pace of development was hastened by what Snowden did and how he did it.

@Cyber_Security_Channel

Cyber Security News

09 августа 2023 18:32

Guardz Identifies New 'ShadowVault' macOS Stealer Malware

Guardz's research team first identified the 'ShadowVault' info-stealer in the underground XSS forum in June 2023.

The malicious software is designed to secretly collect sensitive information from compromised systems – like login credentials, financial information, personal identification details, cryptocurrency wallet seed phrases, and more, with the potential to wreak havoc on systems and disrupt operations.

The Guardz team of experts has long maintained anonymous avatars on the dark web to fuel its research in protecting SMEs from rising cyber threats such as this. In doing so, Guardz was able to obtain access to the exclusive forum and identify the new macOS stealer, originally available for rent at $500/month.

@Cyber_Security_Channel

Cyber Security News

09 августа 2023 11:59

Amazon Prime Day Draws Out Cyber Scammers

Currently Trend Micro is tracking an Amazon Prime Day-themed SMS-text phishing lure asking shoppers to click a malicious link to fix an issue with their account, claim a gift card, or receive free shipping and other deals, prompting targets to share details like emails, phone numbers of other personal information, the company said.

@Cyber_Security_Channel