Cyber Security News

18 апреля 2024 00:55

2024 Expectations From the SEC on AI, Cybersecurity and ESG

Organizations will likely remain hesitant to publicize at an early stage whether an incident has a significant impact on current or future revenues and it may take time for them to factor in reputation risk and loss of customer or investor trust into their determinations.

It is possible that the SEC will continue to interpret poorly considered or excessively risk-averse communications strategies as misrepresentations, meaning that organizations must have effective strategies in place ahead of an incident.

The SEC’s new climate disclosure rule has attracted legal and political challenges,8 given the current politicization of ESG.

These challenges will test how much climate information the SEC can require from companies under their existing legal authority.

Cyber_Security_Channel

Cyber Security News

17 апреля 2024 07:43

Google Survey: 63% of IT and Security Pros Believe AI Will Improve Corporate Cybersecurity

The advent of AI in cybersecurity marks a transformative era in the realm of digital defense, bringing a blend of promising breakthroughs and intricate challenges," the researchers wrote in their survey.

"AI has the potential to be a vital ally in bolstering security defenses, identifying emerging threats, and facilitating swift responses.

Cyber_Security_Channel

Cyber Security News

16 апреля 2024 08:37

GDPR, EU AI Act Will Overlap as Businesses Face Enforcement

DPAs function as independent public authorities that monitor and enforce the EU's data protection law, which governs data privacy and security and grants data rights to individuals.

While the GDPR focuses on data, DPAs can pursue investigations tied to technology such as artificial intelligence.

The newly adopted EU AI Act provides more comprehensive AI regulation, asking companies to categorize their AI systems into different risk levels and produce impact assessments.

The EU AI Act also asks member states to establish governing bodies to oversee the law's implementation.

Meanwhile, DPAs have already brought multiple AI-related enforcement actions against companies under the GDPR, and some DPA members are advocating that the DPAs should serve as EU AI Act enforcers as well, given how the GDPR and the EU AI Act could overlap in some ways.

Cyber_Security_Channel

Cyber Security News

15 апреля 2024 07:34

SentinelOne® Revolutionizes Cybersecurity with Purple AI

SentinelOne is the leader in AI-powered security.

SentinelOne’s Singularity™ Platform detects, prevents, and responds to cyber attacks at machine speed, empowering organizations to secure endpoints, cloud workloads, containers, identities, and mobile and network-connected devices with speed, accuracy and simplicity.

Leading enterprises including Fortune 10, Fortune 500, and Global 2000 companies, as well as prominent governments, trust SentinelOne to secure tomorrow.

Cyber_Security_Channel

Cyber Security News

14 апреля 2024 08:38

Google Cloud, AI Event Kicks Off With Expanded Palo Alto Cybersecurity Pact

Amid the emergence of generative AI — which can generate text, images, sounds and video — tech companies are racing to build training models that use proprietary company data.

Google aims to license its Gemini large language model to enterprises and governments globally.

Microsoft's (MSFT) generative AI partnership with startup OpenAI has given its cloud computing business a boost.

Amazon Web Services, part of Amazon[com] (AMZN), is the biggest provider of cloud services.

Cyber_Security_Channel

Cyber Security News

13 апреля 2024 07:57

The Real Battle for Data Privacy Begins When You Die

The people we love will die, but their data will continue to live indefinitely, digital ghosts in the cloud.

At the moment, there’s nothing stopping the Metas and Googles of the world from exploiting them—or perhaps worse, erasing them permanently.

Facebook turns death reported account as “memorialized account.”According to the company’s policy at the time, no one could access memorialized accounts, even with a password.

Facebook’s “memorialized” accounts, which turn the profile into a tribute page where friends can visit and post, are designed to be static.

In 2015 the company added a feature that allows a user to arrange for a “legacy contact” to manage the page after the account holder’s death.

But the contact can’t log in or read messages; they are able to curate tribute posts or request that accounts be removed.

Cyber_Security_Channel

Cyber Security News

12 апреля 2024 10:26

Why Hub Cyber Security Shares Are Skyrocketing Today

Hub Cyber Security said in a press release that this strategic financing is part of the company’s ongoing effort to fortify its financial foundation and strategically invest in its future.

The company announced the successful acquisition for cash of Qpoint Technologies. “Acquiring QPoint is not just a transaction; it’s a strategic move deeply embedded in our long-term vision,” Hershcoviz (CEO) added.

There is a significant cross-selling opportunity between QPoint and Hub Cyber Security’s expanded offerings, with customers spanning the healthcare, government, energy, defense, and financial sectors.

Cyber_Security_Channel

Cyber Security News

11 апреля 2024 15:58

Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies

The disclosure comes more than two months after the GrapheneOS team revealed that forensic companies are exploiting firmware vulnerabilities that impact Google Pixel and Samsung Galaxy phones to steal data and spy on users when the device is not at rest.

-----

📷 Image Credit: The Independent

Cyber_Security_Channel

Cyber Security News

10 апреля 2024 14:35

Authy vs Google Authenticator: Two-Factor Authenticator Comparison

Twilio’s Authy is a mobile two-factor authentication app that strengthens online security by sending a one-time password to your mobile or desktop device.

It directly syncs with websites and services to grant user access and is completely free.

Cyber_Security_Channel

Cyber Security News

09 апреля 2024 14:17

What to Know About Protecting Your Car Data Privacy

Some car companies do allow consumers to adjust connectivity settings, and drivers can read about how in their car's privacy policy.

But opting out of all data sharing isn't always possible.

-----

📌 Want to ensure your digital safety?

Become HACKPROOF:

→ Learn how to beat fraudsters, prevent identity theft, and say goodbye to cybercrime!

-----

Cyber_Security_Channel

Cyber Security News

08 апреля 2024 08:45

ℹ️ Timeline of the xz Open Source Attack

You have probably already heard about Malicious Code in XZ Utils for Linux Systems.

Over a period of over two years, an attacker using the name “Jia Tan” worked as a diligent, effective contributor to the xz compression library, eventually being granted commit access and maintainership.

Using that access, they installed a very subtle, carefully hidden backdoor into liblzma, a part of xz that also happens to be a dependency of OpenSSH sshd on:

- Ubuntu
- Debian
- Fedora

And other systemd-based Linux systems that patched sshd to link libsystemd.

That backdoor watches for the attacker sending hidden commands at the start of an SSH session, giving the attacker the ability to run an arbitrary command on the target system without logging in — leading to unauthenticated, targeted remote code execution.

You can find the timeline of this long-term story (2 years!) here.

-----

📷 Image Credit: Securing Society 5.0

@Cyber_Security_Channel

Cyber Security News

06 апреля 2024 21:46

Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others

It chiefly entailed setting up a clever typosquat of the official PyPI domain known as "files.pythonhosted[.]org," giving it the name "files.pypihosted[.]org" and using it to host trojanized versions of well-known packages like colorama.

Cloudflare has since taken down the domain.

📷 Image Credit: SheCodes

Cyber_Security_Channel

Cyber Security News

05 апреля 2024 14:02

3 Ways Businesses Can Overcome the Cybersecurity Skills Shortage

Also, there is a shortage of high-quality cybersecurity programs in schools and higher education institutions.

While there are good examples, many programs have limited course offerings and outdated curricula.

The result is a shallow pool of candidates who can identify, assess, and mitigate cyber threats such as phishing attacks.

Similarly, many current cybersecurity programs are not up to date with the latest cyber threats, leaving a gap between the skills taught and those required in real-time scenarios.

Cyber_Security_Channel

Cyber Security News

04 апреля 2024 05:29

🎊 Today, Thursday, 4th of April, is Gumroad Day!

Gumroad first went live on April 4, 2011, and the platform is celebrating its 13th birthday by lowering fees from 10% to 0%.

That means for the full day of April 4, 2024 – according to your timezone, set within Gumroad settings – there will be no Gumroad fees.

This is a great opportunity to purchase some of your favorite digital products with beneficial discounts.

⭐️ Here are a few suggestions curated by Cyber Security News:

→ 2024 GDPR & Cyber Security Epic Bundle — click here.

→ The Essential Cyber Security Playbook — click here.

→ Internet Security Fundamentals — click here.

Happy shopping!

-----

📷 Image Credit: Gumroad & Kyle T Webster

@Cyber_Security_Channel

Cyber Security News

03 апреля 2024 05:37

Deloitte Launches CyberSphere Platform to Simplify Cyber Operations for Clients

CyberSphere will offer clients the ability to leverage a curated set of modular capabilities supported by an ecosystem of third-party technology providers augmented by Deloitte services.

Modules initially powered by CyberSphere will include digital identity management, managed extended detection and response (MXDR), attack surface management (ASM), managed secure access services edge (MSASE) and incident response. Future iterations of CyberSphere will include additional modules.

Cyber_Security_Channel

Cyber Security News

17 апреля 2024 21:02

Misconfigured SaaS Applications Led to the Home Depot Data Breach, and Experts Say it’s no Surprise

Tim Bach, senior VP of security engineering at AppOmni, said while the rapid identification of the incident as the result of a SaaS misconfiguration was impressive, the fact this was the source of the breach was far from surprising.

Cyber_Security_Channel

Cyber Security News

16 апреля 2024 20:55

Palo Alto Networks and Google Cloud Expand Partnership to Revolutionize Cybersecurity with AI

Palo Alto Networks is the world's cybersecurity leader. We innovate to outpace cyber threats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally across all sectors.

Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation.

Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we're committed to helping ensure each day is safer than the one before. It's what makes us the cybersecurity partner of choice.

Cyber_Security_Channel

Cyber Security News

15 апреля 2024 22:16

IHG Develops Travel Planner Powered by Google Cloud AI

Google Cloud became IHG’s cloud provider in 2022, when IHG migrated components of its data to BigQuery, a fully managed, serverless data warehouse.

IHG's selection of Google Cloud's AI technology for its upcoming Trip Planner feature was based on a variety of factors, including Google Cloud’s suite of AI technologies that IHG can grow with, and Google’s broad ecosystem of consumer products and services that will enable opportunities to create personalized experiences for travelers.

Google Cloud’s approach to cybersecurity, data governance and privacy also allows IHG to retain control over its data and enables data and applications to meet compliance and security standards, a key priority for IHG.

Cyber_Security_Channel

Cyber Security News

14 апреля 2024 18:09

Elon Musk Faces Brazil Supreme Court Inquiry; US Lawmakers Strike Deal on Data Privacy; Retail Sales Soar in Singapore

Justice Moraes asserted that Musk had launched a disinformation campaign against the Supreme Court.

If X fails to comply with his order, the platform will be fined 100,000 reais per day, equivalent to £15,670.

The bill would not ban targeted advertising, but would give consumers the option to opt out of it.

The lawmakers leading the proposed change hope to advance the legislation soon.

Cyber_Security_Channel

Cyber Security News

13 апреля 2024 21:06

Companies Line Up to Undercut Key Data Privacy Law

The law allows law enforcement officials such as judges, police officers and prosecutors to request companies stop sharing information such as their home address and phone number.

It also allows the officials to sue companies that don’t comply.

Data brokers have come under fire by privacy advocates and lawmakers in recent years, but the New Jersey law is one of the few laws passed to regulate them, and perhaps the toughest.

While some states now require data brokers to delete people’s information upon request, the lack of enforcement and the difficulty for consumers to opt out often allows data brokers to maintain the status quo.

Cyber_Security_Channel

Cyber Security News

12 апреля 2024 22:45

Apple Could Get Its Wish for a Federal Privacy Law by the End of This Year

US companies can collect and store any personal data about you they like, provided they disclose this fact in their privacy policy – which can be worded in extremely general terms.

A key compromise on the Democrat side is that small businesses are exempt from the law, so long as they don’t sell customer data to third parties.

Cyber_Security_Channel

Cyber Security News

12 апреля 2024 05:33

The 20 Hottest AI Cybersecurity Companies: The 2024 CRN AI 100

GenAI is making a particularly big splash for providers of security operations tools, where the ability to replace manual processes with natural language queries promises to offer a huge boost to productivity and effectiveness.

Cyber_Security_Channel

Cyber Security News

11 апреля 2024 08:42

AI's Dual Role in SMB Brand Spoofing

However, AI is not just a tool in the attacker arsenal. Security architects are fighting back by designing security tools that use AI to detect and block impersonation attacks.

This gives organizations, especially SMBs with limited budgets and resources, a boost in their abilities to fight back.

Cyber_Security_Channel

Cyber Security News

10 апреля 2024 00:49

Bethel School District Data Breach Causes Stress, Financial Issues for Community

“The computer system was down at Bethel and the phone systems were down at Bethel and I’m thinking that’s what it was at that time but they didn’t tell anybody that this was going on,” said the parent who talked with KOMO.

Cyber_Security_Channel

Cyber Security News

08 апреля 2024 23:10

YouTube Video Game ‘Hacks’ Contain Malware Links

Many of the games used as lures were deliberately chosen because they are popular among children, Proofpoint said, indicating that the threat actors are trying to trick those less likely to follow online safety best practices.

Cyber_Security_Channel

Cyber Security News

07 апреля 2024 14:49

Beware of Encrypted PDFs as the Latest Trick to Deliver Malware to You

The attack itself is pretty simple. As previously mentioned, attackers will send an encrypted PDF and then a malware-loaded “encryption tool” once the victims respond.

That “encryption tool” will even display a fake PDF document to really sell the ruse.

However, it’s really backdooring a piece of malware called Spica into your device.

Cyber_Security_Channel

Cyber Security News

06 апреля 2024 03:10

New Tycoon 2FA Phishing Kit Raises Cybersecurity Concerns

Initially, victims are directed via email attachments or QR codes to a page featuring a Cloudflare Turnstile challenge designed to thwart unwanted traffic.

Upon successful completion, users encounter a fake Microsoft authentication page, where their credentials are harvested.

Cyber_Security_Channel

Cyber Security News

04 апреля 2024 23:06

Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working

n 2023, Google said its teams monitored 97 zero-day vulnerabilities exploited in-the-wild in 2023, a 50 percent jump over the 62 bugs exploited the year before.

Crunching the numbers, the researchers found that attackers have shifted focus to third-party components and libraries that provide broad access to multiple targets of choice.

Cyber_Security_Channel

Cyber Security News

03 апреля 2024 19:44

Air Europa Alerts Customers to Possible Data Breach After Cyber Attack

This disclosure comes after Air Europa experienced a cyber attack on its online payment system last October, resulting in some customers’ credit card details being exposed.

At the time, the airline assured that no other information was compromised, although it did not specify the number of affected customers.

Cyber_Security_Channel

Cyber Security News

02 апреля 2024 19:53

You've probably already heard about Malicious Code in XZ Utils for Linux Systems.

Here is the timeline of this long-term story (2 (two) years!).

It’s a very interesting read!📖