Google Employee Charged With Stealing AI Trade Secrets
The suspect has been charged with soliciting trade secrets regarding Google’s artificial intelligence technology, specifically information surrounding supercomputing data centers, to AI companies affiliated with the People’s Republic of China.
@Cyber_Security_Channel
AI-driven Attacks Expected to Surge in 2024: Trend Micro
The report underscores that in 2024, a growing number of enterprises will adopt artificial intelligence and machine learning (AI/ML) technologies.
It notes that approximately 69% of IT leaders view the integration of machine learning as a critical operational priority.
Although these technological advancements are anticipated to drive organizational growth, they also pose substantial risks, with bad actors exploiting these innovations to orchestrate attacks.
The report underscores that in 2024, a growing number of enterprises will adopt artificial intelligence and machine learning (AI/ML) technologies.
It notes that approximately 69% of IT leaders view the integration of machine learning as a critical operational priority.
Although these technological advancements are anticipated to drive organizational growth, they also pose substantial risks, with bad actors exploiting these innovations to orchestrate attacks.
@Cyber_Security_Channel
AI Revolutionizes Consumer Tech in 2024: TVs, Cybersecurity, and Beyond
The digital realm is no stranger to the threats posed by sophisticated cyber-attacks.
Biz Bahrain reports a surge in AI-driven cyber-attacks, necessitating the evolution of cybersecurity measures.
AI and machine learning technologies are being harnessed to bolster defenses, predict potential threats, and counteract phishing scams with unprecedented efficiency.
The incorporation of Generative AI and Generative Adversarial Networks marks a proactive approach towards securing digital assets in an increasingly vulnerable cyber landscape.
@Cyber_Security_Channel
IBM Expands Technology Expert Labs In India To Accelerate AI, Cloud, Cybersecurity Adoption
IBM’s India Centre is looking to build capacity and competency in generative AI, data, automation, sustainability, security, cloud and software.
Located in Bengaluru and Kochi, the team of technical experts will help advise, design and deploy technologies for global clients in an attempt to increase return on investment and minimise implementation risks.
According to the Global AI Adoption Index 2023 conducted on behalf of IBM, 33% of surveyed companies reported that limited AI skills and expertise are hindering successful AI adoption, and 22% said that AI projects are too difficult to integrate and scale.
In addition, 35% said that a lack of skills for implementation is a big inhibitor for adopting generative AI.
@Cyber_Security_Channel
Advancing Cybersecurity In Digital Education
The digital realm of education is a treasure trove of personal information, making it a prime target for cybercriminals.
Data privacy concerns are at the forefront of cybersecurity challenges in EdTech, with risks ranging from identity theft to financial fraud,' Manit asserts.
'Protecting the personal and financial information of students and educators is not just a matter of privacy but of trust and safety within the educational system.
EdTech platforms are susceptible to various cyber threats, including phishing attacks, ransomware, and data breaches.
Phishing attacks deceive individuals into providing sensitive information, while ransomware locks access to vital data, demanding payment for its release.
📷: Jagran Josh
@Cyber_Security_Channel
Rise in Deceptive PDF: The Gateway to Malicious Payloads
This emerging infection chain involving, among others, Agent Tesla, initiates from an email containing a PDF attachment, which subsequently facilitates the dissemination of the ultimate payload.
In the outdated and unpatched version of Acrobat Reader, PDFs directly execute embedded JavaScript using MSHTA, subsequently launching PowerShell, which facilitates process injection.
Conversely, in the latest version of Acrobat Reader, PDFs are unable to execute JavaScript directly.
Instead, they redirect to a malicious website, from which the script is downloaded.
The subsequent process remains consistent with the previous case. The kill chain for the delivery of Agent Tesla unfolds as follows:
@Cyber_Security_Channel
SafeGuard Cyber Integrates AI-Powered FirstSight Platform with Slack
Powered by Contextual AI, the SafeGuard Cyber FirstSight platform alerts security teams to high frequency and costly attacks such as credential theft, impersonation, phishing, malware, policy violations, and insider threats across the expanding communication attack surface.
The platform enables security and compliance teams to have visibility across all employee communications, while maintaining privacy, to keep organizations secure and compliant.
@Cyber_Security_Channel
Industry Reactions to NIST Cybersecurity Framework 2.0: Feedback Friday
Industry professionals have commented on various aspects of the Cybersecurity Framework 2.0.
Some have praised its improvements, while others have pointed to elements that are still missing from the widely used framework.
@Cyber_Security_Channel
NIST Releases Cybersecurity Framework 2.0
The National Institute of Standards and Technology (NIST) has updated the widely used Cybersecurity Framework (CSF), its landmark guidance document for reducing cybersecurity risk.
The new 2.0 edition is designed for all audiences, industry sectors and organization types, from the smallest schools and nonprofits to the largest agencies and corporations — regardless of their degree of cybersecurity sophistication.
NIST plans to continue enhancing its resources and making the CSF an even more helpful resource to a broader set of users, Stine said, and feedback from the community will be crucial.
@Cyber_Security_Channel
🔥 Scanning Networks – Pro Guide for Cybersecurity Specialists
→ Our partners at Hacklido have a released a REVAMPED version just for you
More material, the same price!
How Can Synthetic Data Impact Data Privacy in the New World of AI
Collecting data in the real world can bring about further problems, such as needing to attain model releases and consent when filming in public spaces.
Moreover, government regulations and legislative processes like the EU AI Act further complicate real-world data collection.
How companies interpret this ethical landscape can vary case by case – there is no universal understanding of how to approach it.
@Cyber_Security_Channel
Why Are Compromised Identities the Nightmare to IR Speed and Efficiency?
The triggering of an IR process can come in a million shapes.
They all share a resemblance in that you think – or are even sure – that something is wrong, but you don't know exactly what, where, and how.
If you're lucky, your team spotted the threat when it's still building up its power inside but hasn't yet executed its malicious objective.
If you're not so lucky, you become aware of the adversarial presence only after its impact has already broken out – encrypted machines, missing data, and any other form of malicious activity.
@Cyber_Security_Channel
Tech Companies Sign Accord to Combat AI-Generated Election Trickery
The accord is largely symbolic, but targets increasingly realistic AI-generated images, audio and video:
“That deceptively fake or alter the appearance, voice, or actions of political candidates, election officials, and other key stakeholders in a democratic election, or that provide false information to voters about when, where, and how they can lawfully vote.”
@Cyber_Security_Channel
What Is a Passphrase? Examples, Types & Best Practices
A passphrase is a combination of phrases used to safeguard or authenticate access to an online account, computer system or other digital resource.
Passphrases are usually longer than traditional passwords and consist of words that are easy to remember but challenging for potential attackers to decipher.
Think of it as a short sentence of four words or more and a minimum of 15 characters.
@Cyber_Security_Channel
Romanian Hospital Ransomware Crisis Attributed to Third-Party Breach
The scale of the ransomware emergency in Romania is bordering on the unbelievable as now more than 100 hospitals have been either disconnected from the internet or had their files encrypted.
@Cyber_Security_Channel
Biden Acts to Stop Sales of Sensitive Personal Data to China and Russia
The president asked the Justice Department to write rules restricting the sale of information about Americans’ locations, health and genetics to China, Russia, Iran, North Korea, Cuba and Venezuela, as well as any entities linked to those countries.
The restrictions would also cover financial information, biometric data and other types of information that could identify individuals and sensitive information related to the government.
The officials said the countries were using their access to the data for blackmail and surveillance and could employ artificial intelligence to enhance their use of the information.
The White House made the officials available on the condition of anonymity.
@Cyber_Security_Channel
Forget Nvidia: 2 Fantastic Artificial Intelligence (AI) Stocks to Buy Instead
Cyberthreats are a growing concern in the corporate world.
Data breaches not only have severe financial consequences, but they also shatter the trust between companies and their customers.
Attacks are increasing in sophistication with each passing year, and malicious actors are even using tools like generative AI to trick employees into handing over sensitive information through realistic phishing emails and phone calls.
Palo Alto Networks(NASDAQ: PANW) is the world's largest cybersecurity company, and it's applying AI across its product portfolio to deliver advanced protection against modern threats.
DigitalOcean (NYSE: DOCN), on the other hand, is an under-the-radar cloud services provider emerging as an on-ramp to the AI revolution for small and mid-size businesses.
@Cyber_Security_Channel
EDPB Releases Insightful Case Digest on GDPR Security and Data Breach Notifications
The EDPB's thematic case digest not only illuminates the path for improved data protection practices but also fosters a culture of shared learning and cooperation among DPAs and regulated entities.
As organizations digest the rich insights provided, the broader implications for data security and compliance strategies are clear.
This initiative underscores the ongoing commitment to safeguarding personal data and enhancing trust in the digital economy.
@Cyber_Security_Channel
ALPHV/BlackCat Loses Website After Change Healthcare Breach
Continuous prescription processing troubles have prompted Change Healthcare to introduce a new electronic drug prescription service on Mar. 1.
"We are working on multiple approaches to restore the impacted environment and continue to be proactive and aggressive with all our systems, and if we suspect any issue with the system, we will immediately take action," said Change Healthcare in a statement.
Meanwhile, Cybersecurity and Infrastructure Security Agency Executive Assistant Director for Cybersecurity reassured that efforts to remediate the incident, as well as support organizations affected by the Change Healthcare hack, are underway.
@Cyber_Security_Channel
⚡️Top AI Service Hit by Massive Data Breach — 20 Million Users Have Personal Info Leaked, so Change Passwords Now
Samples of the breach obtained by BleepingComputer reveal the extent of the leaked information, including:
- User ID
- Password
- Profile picture
- API access key
- Salt used in hashing
- Mobile phone number
- Account creation date
@Cyber_Security_Channel
HackerGPT 2.0 – A ChatGPT-Powered AI Tool for Ethical Hackers & Cyber Community
This tool utilizes ChatGPT’s advanced features and specialized training data to support a range of cybersecurity activities such as network and mobile hacking.
It also helps comprehend various hacking techniques without the need for unethical methods like jailbreaking.HackerGPT provides prompt responses to user inquiries while following ethical standards.
It offers support for GPT-3 and GPT-4 models, giving users access to various hacking techniques and methodologies.
Various tools powered by ChatGPT, like OSINVGPT, PentestGPT, WormGPT, and BurpGPT, have already been created for the cyber security community, and HackerGPT is now adding to this legacy.
@Cyber_Security_Channel
The New Era of AI and its Impact on Data Centres
The AI market has the potential to grow even more, thanks to the boom in generative AI (Gen AI).
97% of business owners believe that ChatGPT will benefit their organisations, through uses such as streamlining communications, generating website copy, or translating information, but the surge in adoption will undoubtedly require greater investment and infrastructure for AI-powered solutions than ever.
Today sustainable and resilient data centre design hinges on effective cooling.
The demands that AI places on data centres mean powering high-density servers requires new cooling methodologies for both optimal performance and minimised downtime, Garner says.
@Cyber_Security_Channel
New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion
The malware has been put to use by a state-backed hacking group from China tracked as BlackTech (aka Circuit Panda, HUAPI, Manga Taurus, Palmerworm, PLEAD, Red Djinn, and Temp.Overboard), which has a history of striking organizations in Japan, Taiwan, and the U.S.
📷: Emsisoft
@Cyber_Security_Channel
Why Governance, Risk, and Compliance Must be Integrated With Cybersecurity
GRC programs include the processes and technologies that enable organizations to meet business goals, address risk, and comply with government and industry regulations.
Incorporating cybersecurity into organization-wide GRC programs means aligning technology decisions with business objectives while meeting regulatory requirements and defining cyber risks.
GRC roles will need to collaborate with cybersecurity roles to structure a program that coordinates activities from both areas of the organization
@Cyber_Security_Channel
The Compelling Need for Cloud-native Data Protection
The reason for this high cost is not only the penalties paid for the data breaches but also the amount of time (mean time to identify, or MTTI) it takes to discover and remediate the breach.
The typical time in days that it takes to identify a breach is significant across all configurations, with the worst being multi-cloud and hybrid-cloud environments.
@Cyber_Security_Channel
67,000 U-Haul Customers Impacted by Data Breach
Responding to a SecurityWeek inquiry, U-Haul confirmed that the incident affected approximately 67,000 customers in the US and Canada and that it is notifying them by mail.
According to U-Haul, the unauthorized party was able to view names, dates of birth, and driver’s license numbers, but did not access financial information.
@Cyber_Security_Channel
Magika, Google's New AI Security Tool, Helps Users Identify Malware at Rapid Speed — and it's Free to Access on GitHub
Similarly the tool performs well on textual files, including code files and configuration files, which other tools have traditionally struggled with.
@Cyber_Security_Channel
Schneider Electric Confirms Data Was Stolen in Cactus Ransomware Attack
25MB of stolen data was uploaded to the group’s dark web leak site in a bid to prove the veracity of its claims, which included images of US citizens’ passports and scans of non-disclosure agreement documents.
Aside from this snippet, it remains unclear precisely what data has been stolen by the group.
@Cyber_Security_Channel
Senior Executives Affected in Largest Observed Microsoft Azure Data Breach
The variety of accounts compromised has granted the threat actor access to data and resources at multiple levels.
Making matters worse, the attackers have possibly disrupted multifactor authentication (MFA) to ensure that access to the systems is maintained as part of its post-compromise activities.
Groups do this by registering their own MFA methods, such as registering new phone numbers or emails or using their own authenticator app.
@Cyber_Security_Channel
Microsoft Fixes Two Zero-Days in February Patch Tuesday
“In the exploitation scenario, an attacker must send a specifically crafted file to a target user and persuade them to open it, since the attacker cannot compel the user to engage with the malicious content directly,” he explained.
@Cyber_Security_Channel