UAE sets cyber security vision for next 50 years
September 20 – In the UAE, senior officials are developing a cyber security vision that is intended to strengthen action against digital crime for the next 50 years.
The initiative will provide the country with a high level of resilience, boosting its ability to address “growing digital challenges.”
“As the UAE looks forward to its centennial in 2071, we...
U.S. leaders call for stronger open-source security
September 18 – In a recent two-day summit that included technology companies, banks and industry groups, the White House pushed for stronger standards on behalf of open-source software development.
The Biden administrations wants to see companies expand use of inventories, known as software bill of materials, which include information about open source components, licensing and version information for...
CISA panel wants national cyber security alert system
September 15 – According to a panel that advises the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. need a national cyber security alert system that would provide actionable insights into threats and risks.
Without providing details around the development of such a system or how it would operate, the panel noted that “there is a genuine need...
Zero-click iMessage exploit hits iPhones
September 11 – Last week, Apple revealed that two security bugs were being exploited within a zero-click campaign designed to distribute the NSO Group’s Pegasus spyware. Apple resolved the bugs shortly thereafter.
Targets included those connected with government organizations. In the past, NSO spyware has been used to target journalists, lawyers, activists and government officials.
Device updates
Researchers encourage Apple...
This country just banned iPhones in select areas of gov’t & economy
September 08 – In China, the government plans to extend a ban on the use of iPhones within government-backed agencies and companies. If China moves ahead with the ban, the unprecedented event will be the culmination of a multi-year effort to eliminate foreign technology use in sensitive environments.
No iPhones
A number of agencies have already instructed staff not...
MITRE and CISA reveal new OT security approach
Sept. 05 – The MITRE Corporation and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have announced a new extension for the open source Caldera platform, which emulates adversarial attacks against operational technology (OT).
The latest Caldera for OT extension stems from a collaboration between the Homeland Security Systems Engineering and Development Institute (HSSEDI) and CISA as part...
Airbnb accounts hacked with new tactics
Sept. 01 – An increasing number of cyber criminals are exploiting the Airbnb platform in order to profit from user accounts and stolen data.
A household name in the travel industry, Airbnb has become a target due to its global popularity. However, cyber security researchers have explained that the platform’s accessibility has also enabled cyber criminals to manipulate...
NCSC warns of ChatGPT prompt injection attacks
Aug 30 – The U.K’s National Cyber Security Centre (NCSC) has stated that there is a growing risk of chatbot “prompt injection” attacks.
As implied in the name, in these attacks cyber criminals manipulate prompts, forcing language models like ChatGPT and Bard to behave in unexpected ways.
Because chatbots may share data with third-party applications and services, the NCSC...
Spyware hack shows 76,000 phones breached
Aug 28 – A spyware maker’s servers and databases have been hacked. By exploiting flaws in the group’s web dashboard, the adversaries were able to download every dashboard record, including every customer’s email address.
Access to the dashboard enabled hackers to delete victims’ devices from the spyware network, severing the connection at the server level to prevent the...
NIST shares post-quantum cryptography standards
Aug 25 – Draft copy of post-quantum cryptography (PQC) standards has been published by the U.S. National Institute of Standards and Technology (NIST). The framework will enable organizations to protect themselves from future quantum-based cyber attacks. The draft documents encompass three draft Federal Information Processing Standards (FIPS).
PQC standardization process
Starting in December of 2016, NIST began to collect...
CISA says 1,300 new hires in two years
Aug 23 – This week, U.S. Cybersecurity and Infrastructure Security Agency (CISA) Director, Jen Easterly, announced that the agency has substantially increased its staffing, reaching 3,161 employees after an extensive two-year recruitment campaign.
More than 1,300 individuals have been hired, translating to more than 18M additional hours of labor every year.
CISA talent
CISA has explained that not only does...
This new Chrome feature can increase security
Aug 21 – A new Chrome feature aims to proactively alert users when a recently installed extension is no longer available on the Chrome Web Store. The feature, known as the “Safety Check,” is intended to address three scenarios.
In the first one, it will send out an alert to users in the event that an extension has...
Cyber threats turn real for industry professionals
Aug 18 – Earlier this year, the CEO of a small, well-known cyber security company received a disturbing message from cyber criminals stating that the company’s data would be leaked, unless a ransom payment were made.
The CEO refused to negotiate. In a never-before-seen move, the hackers dug up an electronic copy of the CEO's son's passport, the...
LinkedIn accounts hacked in hijacking campaign
Aug 16 - In recent months, many LinkedIn users have been locked out of accounts for security reasons or ultimately, had their accounts hijacked by cyber attackers.
And LinkedIn users have become vocal about the recent account takeovers and lockouts. An inability to solve the issue through LinkedIn support has compounded users' negative experiences.
According to cyber security researchers,...
This ransomware attack disrupted U.S. hospitals
Aug 11 – Starting last week, a ransomware attack affecting 16 different hospitals, all of which are run by Prospect Medical Holdings, resulted in multi-day disruptions to patient services across facilities in four different states.
Hospitals were forced to divert ambulances to other care centers, cancel appointments, and close connected satellite clinics. Some had to use paper records...
AI can eavesdrop while you’re on Zoom
Aug 9 – In your average workday, do you take Zoom calls and simultaneously work on other projects in the background? If so, this software could pose a threat...
A new study reveals that AI-powered software can “eavesdrop” on people by working out which keys are being pressed while typing occurs. The software has an accuracy rate of...
A new ‘superconductor’ could change the world
Aug 7 – The world of material sciences generally doesn’t receive much public spotlight, but after scientific discovery of a new superconductor material, dubbed LK-99, the discipline is receiving Barbenheimer-level attention.
In late July, a group of researchers claimed to have discovered a superconductor that works at normal temperatures and pressure. As with conventional superconductors, this superconductor can...
FCC fines robocallers $300 million
Aug 4 –The FCC has issued one of its largest fines ever. After an investigation spanning many months, the FCC decided to issue a record-setting $300 million fine on one of the largest illegal robocall operations the agency has ever faced.
The operation, comprised of an international network of companies, made more than five billion robocalls to 500...
White House plan for cyber workforce
Aug 2 – The Biden administration and the Office of the National Cyber Director have a plan to improve the nation's cybersecurity skills. They want to build up the workforce and make sure all working Americans are prepared for the digital world.
This is the first government plan of its kind to accomplish one goal: meet the increasing...
What is FraudGPT?
Jul 28 -- A new cyber criminal tool, known as FraudGPT, has appeared on various dark web marketplaces and Telegram channels. As the name implies, the tool is intended to promote malicious activity. It's been in circulation since at least July 22nd of this year.
"This is an AI bot, exclusively targeted for offensive purposes, such as crafting...
Companies have 4 days to report breaches
Jul 26 – Under controversial new rules that the U.S. Securities and Exchange Commission is expected to adopt, companies hit by cyber attacks will have four days to publicly disclose any significant impact.
At a meeting today, the agency’s commissioners will vote on the details of the reporting rules, which were proposed last year. Trade organizations and enterprises...
Twitter logo officially changed to ‘X’
Jul 25 -- Twitter's iconic blue bird logo has been replaced. Now, the Twitter website sports an 'X' as its logo. World's richest billionaire and Twitter CTO Elon Musk announced the change over the weekend. It's already live on the website.
What happened
In a tweet from early Sunday morning, Musk wrote that "soon we shall bid adieu to...
MOVEit breaches affect supply chain partners
Jul 21 – News about the MOVEit transfer vulnerability began to pour in just after the long U.S. Memorial Day holiday this year. Numerous corporate groups and federal agencies were breached amidst the incident, with data stolen. Now, analysts report that corresponding breach fallout is affecting companies that don’t even use the file sharing product.
Although awareness of...
U.S. rolls out new IoT labeling program
Jul 19 – In the U.S., government officials have launched a much-awaited Internet of Things (IoT) cyber security labeling program, which is intended to protect Americans from the security and data privacy risks associated with internet-connected devices.
Named “U.S. Cyber Trust Mark,” the program aims to help Americans ensure that they purchase IoT devices that have strong cyber...
Generative AI WormGPT: Black hat capabilities
Jul 17 -- Cyber criminals are now developing generative AI tools that function similarly to ChatGPT and that are easy to use for nefarious purposes. In addition to creating these tools, cyber criminals are also advertising them to criminal colleagues and peers.
One of these tools is known as WormGPT. The tool styles itself as a black hat...
New U.S. Cyber Security Strategy Emphasizes Resilience
Jul 14 – In Washington D.C., White House officials have published implementation plans pertaining to a new National Cybersecurity Strategy, which aims to strengthen the software supply chain and to advance public-private partnerships.
Increasing the resilience of the market overall is a key focus. Efforts are underway to establish a long-term software liability framework and to reduce gaps...
Deepfake quantum AI investment scams
Jul 10 – Financial journalist and broadcaster Martin Lewis was recently impersonated in a deepfake video, which showed him promoting a fraudulent Quantum AI investment opportunity.
Lewis quickly took to the internet to explain that he was not behind the video. He also urged the government to take action to protect people from these types of scams.
“This is...
New malware hits U.S. and Canadian firms
Jul 7 – Cyber attackers are now using new Truebot malware variants to execute attacks against organizations in the U.S. and Canada, multiple cyber security agencies have warned. Attackers are stealing data from victims for financial gain.
According to the Cybersecurity and Infrastructure Security Agency (CISA), along with the Canadian Centre for Cyber Security and the Multi-State Information...
Major shipping port suffers ransomware attack
Jul 5 – On Tuesday, Japan's largest maritime port was hit by a cyber attack, resulting in shipment delays and disrupted regional business operations.
Specifically, the ransomware created a temporary outage of a Port of Nagoya container terminal. According to authorities, operations are expected to resume on Thursday at 8:30 a.m. local time.
As an increasing number of ports...
CISA warns of DDoS attacks
June 30 – Just ahead of the U.S. holiday weekend, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of ongoing distributed denial-of-service (DDoS) attacks.
Organizations across numerous industry sectors have been hit. All U.S. organizations are advised to take proactive measures to ensure that security teams are prepared to subdue the effects of such attacks.
Preparing for...
This technique could help malware evade detection
June 28 – According to cyber security experts, a new process technique dubbed “Mockingjay” could be exploited by threat actors to bypass security solutions. In so doing, hackers could execute malicious code on corporate systems.
The injection is executed without space allocation, setting permissions or starting a thread, said researchers. This technique requires a vulnerable DLL and copying...
Suncor Energy, cyber security incident
June 26 – Over the weekend, Suncor Energy experienced a “cyber incident” that has rendered numerous Petro-Canada gas stations unable to process credit cards or debt cards. The incident has forced the enterprises to become cash-only.
On Sunday, Suncor stated that it was partnering with third-party experts to investigate and address the issue. “At this time, we are...
Google announces cyber security clinics
June 23 – In the U.S. and around the world, free medical clinics and legal aid clinics, where university students assist the local community while learning about professional opportunities in the field, are now relatively commonplace. Google aims to add cyber security clinics to the list.
On Thursday, Google CEO Sundar Pichai pledged $20 million in funding to...
Zuckerberg accepts Musk’s challenge to a cage match
June 22 – In a cage match between Mark Zuckerberg and Elon Musk, who would win? If it sounds too crazy to think about, believe it or not, you might actually have the opportunity to see it play out. Maybe. Here's what happened on the internet this week...
The Wild Wild West
In Silicon Valley, world’s richest person and...
ChatGPT credentials for sale on dark web
June 20 – In the last year, more than 100,000 ChatGPT account credentials were compromised. The credentials are now on the dark web. White hat professionals discovered the credentials when exploring information stealer logs that are listed for sale through underground forums.
Last month, the number of available logs containing compromised ChatGPT credentials reached 26,802 – a number...
Russian hackers breach U.S. agencies
June 16th – Government officials are working quickly to reduce the impact of a global cyberattack affecting U.S. government agencies and their NATO allies.
The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that it is helping affected agencies.
How did the attack occur? Anne Neuberger, a deputy national security advisor for the National Security Council, explained that the...
Thousands of records stolen in global data breach
June 14 — A new worldwide data hack has affected thousands more people, according to Nova Scotia's cyber security minister.
However, it's difficult to offer an accurate estimate of the number of targets affected by breach - which involved occured when hackers targeted the MOVEit file transfer service - due to the large number of duplicate files connected...
Have you seen this leading email security solution?
June 12 -- Happy National Email Week! In emerging email security news, Check Point Software Technologies (NASDAQ: CHKP), a leading provider of cyber security solutions globally, has been named a Leader in The Forrester Wave: Enterprise Email Security Q2 2023 report. The company has received the highest possible scores in the innovation criterion.
Importance of email security
Business Email...
Man sues after ChatGPT falsely accuses him
June 9 -- ChatGPT is notorious for generating false and misleading information, an issue that OpenAI and the conversational AI industry have neatly glossed over by calling fabricated narratives "hallucinations." In essence, ChatGPT has no particular commitment to the truth.
After a ChatGPT "hallucination" accused radio host Mark Walters of defrauding and embezzling funds from a non-profit organization,...
Apple just acquired this AR startup…
June 7 -- Apple has acquired the Los Angeles-based augmented reality (AR) startup called Mira. The company produces headsets for corporate groups and the US military, according to a post from the CEO's private Instagram account.
The news emerges just a day after Apple unveiled the Vision Pro, a mixed reality headset that the company bills as a...
Spanish bank Globalcaja, caught by ransomware
June 5 -- On Friday, Spanish Bank Globalcaja confirmed experiencing a cyber incident involving ransomware. Local systems were affected. The Play ransomware group has claimed responsibility for the attack.
An official Twitter statement (in Spanish) says that the the attack prompted the financial institution to activate its security protocols.
Customers received assurance that the ransomware did not compromise accounts...
Artificial general intelligence, it might be banned
June 2 -- In the U.K., government advisors are warning that some artificial general intelligence (AGI) systems may eventually be banned.
CEO of Faculty AI, Marc Warner, says that AGI needs strong transparency, audit requirements and better inbuilt safety technology. In the next six months to a year, tough decisions will need to be made.
Warner's comments follow the...
New voluntary AI code of conduct
May 31 -- In the United States and Europe, government leaders are drawing up a voluntary code of conduct for artificial intelligence. A draft is expected to emerge within weeks. Officials drafting the voluntary AI code of conduct are expected to seek input from industry players.
The voluntary code is expected to bridge key gaps while the 27-nation...
Government websites in Senegal hit by cyber attacks
May 29 -- On Friday night, multiple Senegalese government websites went offline due to a series of Distributed-Denial-of-Service (DDoS) attacks. The attacks have occurred at a time of heightened political tensions in the country. On the same day as the cyber attacks, one person was killed in physical clashes.
In a statement, government spokesperson Abdou Karim Fofana said...
U.S. critical infrastructure, newly targeted
May 25 -- On Wednesday, Microsoft announced that Chinese state-sponsored hackers had compromised critical U.S. cyber infrastructure across a variety of industries.
A Chinese hacking group, dubbed "Volt Typhoon," has been in operation since mid-2021, and aims to disrupt "critical communications infrastructure between the United States and Asia," says Microsoft. The state-sponsored hackers appear interested in compromising communication...
Bill Gates says AI could…
May 23 -- According to Bill Gates, AI could kill search engines (and Amazon) as we know them. During a recent in-person event about artificial intelligence, Gates expressed that a future AI personal assistant will be so powerful that it could radically alter user behaviors. In other words, people may never visit a search engine or shop...
Alarming surge, BEC attacks
May 19 – In recent years, enterprises have seen an alarming surge in business email compromise (BEC) attacks. These threats increased by 38% across the past four years, and the U.S. Federal Bureau of Investigation reported that corresponding losses in 2022 exceeded $590 million.
Research conducted across the past few months indicates that business email compromise attempts are...
Lacroix closes three factories after cyber attack
May 17 -- International electronics manufacturer Lacroix has three factory sites that were recently affected by a cyber attack. In order to analyze the attack's impact, the company temporarily shut down online systems.
In some cases, local infrastructure was encrypted. Investigators are currently assessing whether or not any proprietary data was exfiltrated.
Lacroix's operations
The company may be able to...
Boards should know about these cyber threats…
May 15 -- The role of the CISO has never been more central to the success of an organization. However, cyber security no longer falls under the purview of technology professionals alone. Because cyber risk is a key driver of business growth, business opportunities, and business setbacks, senior executives and board members are expected to weigh in...
Twitter’s account purge may reduce your followers
May 8 -- Twitter is about to start removing accounts that have been inactive for a prolonged period of time. The company's help center page says that Twitter tracks the number of log-ins per account and encourages users to log-in at least once per month.
Due to the inactivity-related purge, people will likely see drops in their follower...
Google is changing Chrome’s HTTPS lock icon
May 5 – The padlock icon that indicates the presence of website security is largely unrecognized outside of the tech and cyber security communities. That’s why Google is planning to retire it from Chrome later this year.
On Tuesday, the search giant stated that the lock icon will be replaced with a new icon, as part of a...
Italian water supplier hit with ransomware attack
May 03 -- Last week, the Italian company known as Alto Calore Servizi SpA, which provides water for 125 different municipalities across two Italian provinces, experienced a ransomware attack that disrupted services.
The company manages 58 million cubic meters of water per year. After the recent incident, all IT systems were non-functional. As of this writing, they remain...
‘Godfather of AI’ quits Google for unbelievable reason…
May 1 -- Dr. Geoffrey Hinton's pioneering innovation in the field of computer-based neural networks has provided a foundation for the systems that tech companies believe are keys to the future.
On Monday, Hinton joined a chorus of critics who say that tech companies are playing with fire in pursuing aggressive campaigns to develop products based on generative...
Many public Salesforce sites exposing private data
April 28 -- Recent research has revealed that a shocking number of organizations — including banks and healthcare providers — are leaking private and personal information from their public Salesforce Community websites.
The data exposure is due to a misconfiguration in Salesforce Community that enables an unauthenticated user to access records that should only be accessible after going...
OpenAI announces new ChatGPT guardrails
April 26 -- ChatGPT's incredible capabilities can augment how we work, streamlining workflows and processes. Most business leaders are impressed with ChatGPT, but data privacy concerns have grown among CIOs and CISOs, leaving leaders with unanswered questions.
The forthcoming release of ChatGPT Business offers enhanced data privacy controls. Keep reading to see what's on the horizon...
ChatGPT data privacy...
3CX hackers also breached critical infrastructure
April 24 -- In late March, security threat intelligence analysts uncovered a supply chain attack that targeted the communications software provider known as 3CX. The attack also targeted the company's customers.
The hackers responsible for said breach also disrupted two energy sector critical infrastructure organizations and two financial trading organizations that use the trojanized X_TRADER application.
Cyber security researchers...
ChatGPT vs. Auto-GPT
April 18 -- You're likely well acquainted with the powerful language model that is ChatGPT. Former crypto enthusiasts and hustle bros are now fawning over the technically remarkable AutoGPT, a tool that can complete projects for you and automate processes in a few easy clicks.
What is Auto-GPT?
Auto-GPT is an open source application created by developer Toran Bruce...
New Discord malware doesn’t target who you think…
April 14 – Cyber security researchers have uncovered a new malware that’s distributed via the popular social media platform known as Discord, which retains over 300 million active users. The malware is known as Vare and it uses Discord’s infrastructure for the backbone of its operations.
Vare malware, Discord
The malware has been connected to a new band of...
CISOs weigh in on ChatGPT risks
April 12 -- ChatGPT promises to make employees more productive than ever before and many enterprise leaders have embraced the technology as a transformative business enabler.
"The smarter and faster-growing companies are leveraging AI tools to improve their competitive advantages; from using ChatGPT to quickly create good Python code, to writers improving their documents by using ChatGPT to...
Privacy under threat at Paris Olympics 2024?
April 7 -- In France, lawmakers have approved plans to use smart surveillance cameras during the Paris 2024 Olympic Games over objections from privacy advocates, who believe that the technology is intrusive for area residents, especially if it remains in use after the games.
France's national assembly recently approved a bill that authorizes enterprises to test computer vision...
Rorschach ransomware’s record-breaking speed
April 5 -- A previously unknown ransomware strain, dubbed Rorschach, is now considered one of the fastest ransomware strains ever discovered. The ransomware is "technically unique," as the malware boasts an ultra-fast encryption capability.
To be specific, Rorschach can encrypt 220,000 local drive files in just four and a half minutes. By comparison, LockBit 3.0 needed roughly double...
Major e-Commerce app caught spying
April 3 -- A Chinese shopping app created with the help of an ex-Google employee, Pinduoduo gained marketplace traction quickly and seemed to have a smart digital strategy. The e-Commerce exchange offers steep discounts, an interface that looks more like a newsfeed than an e-Commerce site, and popular social media integration capabilities. More than 750 million people...
3CX supply chain attack: Top 5 things to know
March 31 -- A supply chain attack affecting the company known as 3CX is of a comparable magnitude to that of the SolarWinds and Kaseya supply chain attacks. 3CX reports a client list that includes more than 600,000 different organizations. SolarWinds had merely half that number of customers when the company experienced a supply chain attack and...
Global leaders call for moratorium on AI research
March 29 – Over 1,000 technology leaders and researchers, including Steve Wozniak, are calling for a moratorium in regards to the development of powerful artificial intelligence systems, warning in an open letter that AI presents "profound risks to society and humanity."
AI software engineers are embattled in an "...out-of-control race to develop and deploy ever more powerful digital...
AI might make human art more valuable
March 27 – The anxiety over generative AI has stoked fears around artists' and musicians’ eventual obsolescence. Some speculators contend that AI will eventually make better art than most humans, sparking debates over the future of creativity and human ingenuity.
While some argue that AI-generated art lacks the emotional depth and nuance of human-created art, others believe that...
Landmark UK-Israel cyber security agreement
March 22 -- As of today, the UK and Israeli governments have signed an agreement that will reshape bilateral relations between the two countries, and that will enhance mutual cyber security advancement. The agreement will remain in effect until 2030.
The 2030 Roadmap for Israel-UK Bilateral Relations reflects mutual interest in collaborating on security, technology, trade and defense....
Tesla owners drove away in wrong cars
March 20 -- Have you ever unlocked your car only to realize that's not actually your car? It could happen to anyone. And that's exactly what happened to Rajesh Randev, and immigration consultant in Vancouver, Canada.
A case of mistaken Teslas
On Tuesday, Randev believed that he was getting into his Tesla on Tuesday, having opened the door with...
CISA’s new ransomware prevention initiative
March 15 – On Monday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the creation of a new Ransomware Vulnerability Warning Pilot (RVWP) program.
The program will proactively track common cyber vulnerabilities that are under exploit by ransomware attackers, and will alert exposed organizations to risks.
Shortly after the program’s initial launch, it notified 93 organizations of vulnerability...
The latest AI-powered chatbot hacks
March 13 – Hackers are quick to capitalize on anything that’s trending, and ChatGPT is no exception. In November of 2022, the AI-powered chatbot launched with zero fanfare, but it rapidly gained worldwide attention and popularity.
ChatGPT can write presentable student essays, summarize research papers, answer questions well enough to pass medical exams, provide code for software development,...
BlackLotus malware: Sneaks past Windows boot function
March 10 – Cyber security experts are sounding the alarm in regards to a potent new form of malware, which can circumvent an essential security protocol that typically initiates when Microsoft Windows users power on their computers.
BlackLotus malware
This “bootkit” malware, called BlackLotus, enables hackers to bypass UEFI Secure Boot – the security measure that scrutinizes the firmware...
Surprising study: Women flourish in cyber crime
March 8 – The information security (InfoSec) world moves at a “glacial pace” when it comes to gender equity, according to The Register.
But that doesn’t seem to hold true in the cyber criminal underground. A recent study shows that at least 30%, if not more, of cyber criminal forum users are women.
Women in cyber
For this study, researchers...
Ransomware warning, critical infrastructure groups
March 6 – The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint warning pertaining to the dangers of Royal Ransomware, which threatens critical infrastructure groups both in the U.S. and abroad.
Royal Ransomware warning
The warning emerges after an advisory from the U.S. Department of Health and Human Services (HHS),...
U.S. unveils new cyber security strategy
March 2 – Today, the Biden-Harris administration released a new national cyber security strategy that emphasizes shifting the burden of defense for the country onto software vendors and software service providers.
“We must rebalance the responsibility to defend cyberspace by shifting the burden for cybersecurity away from individuals, small businesses, and local governments and onto the organizations that...
Australia completely overhauls cyber security rules
Feb 27 – The Australian government is planning an overhaul of its cyber security rules. Legislators intend to establish an agency that will manage government investments in cyber security and that will help coordinate national responses to cyber attacks.
AU’s new rules
This decision occurs in the wake of numerous large-scale data breaches that have shocked the country. Last...
EU Commission bans TikTok, citing cyber security
Feb 23 – The European Commission has banned TikTok from employee phones, citing cyber security. Owned by Chinese company ByteDance, in recent months, the app has come under increased international scrutiny, especially as political tensions have heated up.
Chinese national security laws can force both foreign and domestic businesses within the country to share data with the government...
Only paid Twitter users can now deploy 2FA
Feb 21 – The Twitterverse is on fire once again. Twitter users are calling out Elon Musk following a new company announcement saying that Twitter will now charge for text-based two-factor authentication. The paywall in exchange for a universal security measure represents the latest in a series of controversial decisions made by Musk.
Twitter 2FA security
Two-factor authentication will...
How U.S. taxes can improve cyber security
Feb 16 – Despite a series of newly developed federal and state policies, and individual corporate efforts, U.S. networks and critical infrastructure systems require significant additional cyber security advances and investments in order to thwart the most menacing of modern cyber adversaries.
It’s well-known that tax credits and penalties can motivate businesses to reshape and revise cyber security...
Alphabet spinoff raises $500M for cyber security
Feb 15 – On Tuesday, Sandbox AQ, a startup spun off from Alphabet Inc (GOOGL.O), said that it raised $500 million to help customers prepare for a quantum computing future.
Quantum computers run on processors that can make calculations millions of times more quickly than today’s fastest supercomputers. However, they remain years away from leading to major changes,...
U.S. intelligence uses psychology to stop attacks
Feb 13 – In the U.S., the main research group that’s connected to the U.S. intelligence community is searching for ways to leverage psychology in order to thwart cyber attacks.
There hasn’t been adequate focus on “…understanding how cyber attackers behave, make decisions, select strategies, how their cognition works,” said Kimberly Ferguson-Walter, manager of the program at the...
The best interactive security report of 2023
Feb 8 -- Prepare for and mitigate global risk. Read Check Point's latest cyber security report, which covers sophisticated adversaries, cloud security threats, and disruptive malware. It also provides practical takeaways and recommendations for reducing your risk liabilities.
Cyber security has expanded into a bigger enterprise issue than ever before. Reviewing eye-opening trends, along with new security strategies,...
What IT leaders fear, ChatGPT
Feb 3 – U.K. Information Technology (IT) leaders believe that some nations are already using ChatGPT maliciously.
ChatGPT attacks
In the U.K., 76% of IT leaders believe that other nations are using ChatGPT in order to enact cyber attacks. Nearly 50% of IT leaders think that a successful cyber attack will be credited to the technology within a year.
...
AWS CTO slams ChatGPT
Feb 1 – Amazon Web Services CTO Werner Vogels recently took to social media in order to express his concerns surrounding ChatGPT, the new artificial intelligence technology that has taken the world by storm. Vogel slammed ChatGPT in relation to cyber security. Here’s an excerpt of what he said…
AWS CTO on ChatGPT
“Security has become one of the...
Addressing data privacy concerns
Jan 30 – Data privacy is important, but it's becoming increasingly difficult for organizations to tackle. A new report by the professional IT governance association known as ISACA indicates that there is a general lack of qualified cyber security labor available to assess risk mitigation and compliance initiatives.
Technical privacy and legal/compliance teams are understaffed. Making matters worse,...
U.S. shuts down Hive ransomware network
Jan 27 – According to U.S. documents, the Hive ransomware network extorted over $100M from over 1,500 victims who spanned 80 countries around the globe. Victims included hospitals, financial institutions, critical infrastructure groups and educational entities.
In a statement on Thursday, U.S. Attorney General Merrick Garland stated, “Cybercrime is a constantly evolving threat. But as I have said...
The data breach epidemic
Jan 25 – According to a new report, the number of data breaches that affected the American public increased by 42% in 2022, as compared to the prior year’s numbers. The total number of people affected by data breaches climbed to 422.1 million by end-of-year.
More information
The number of publicly disclosed breaches that listed a direct cause of...
Phishing: See the most frequently imitated brands
Jan 23 – Email enables us to coordinate, project manage, ensure continuous productivity, deliver positive customer experiences and to grow initiatives quickly, among other things. It’s arguably one of our most valuable tools in the modern workplace. That’s also why email-based phishing attacks are extremely dangerous.
Despite awareness training, employees are still human and still fall for basic...
Jail time for tech bosses who flout new UK rule
Jan 17 – In the UK, lawmakers are vying to make the country the safest place for children to learn, grow and flourish online. At present, a number of lawmakers contend that the only way to guarantee a safe online future for children is by holding tech leaders fully accountable.
In so doing, lawmakers have developed an Online...
Android TV arrived pre-loaded with malware
Jan 13 – In Canada, a security consultant discovered that an Android TV box, which was purchased from Amazon, arrived pre-loaded with malware baked into its firmware.
The malware was identified by Daniel Milisic, who created a script and instructions that assisted users in stopping the payload.
The untrustworthy TV is known as the T95 Android TV box and...
Top SaaS cyber security threats in 2023
Jan 11 – This year will bring new challenges and new opportunities in relation to SaaS security. As we move into the year, it's becoming increasingly clear that SaaS organizations will need to take great care in implementing the processes, policies, tools and best practices that will prevent next-generation threats from disrupting the flow of business. In...
$1.7 BN company: Data breach & lawsuit
Jan 09 – American fast food chain Five Guys has reported a data breach that compromised the personal details belonging to job applicants.
Five Guys initially discovered “unauthorized access to files on a file server” in mid-September, but the precise information that the documents contained was not confirmed until early December.
“This is yet another incident where attackers have...
200M Twitter users’ information leaked online
Jan 5 – On a popular hacker forum, the data belonging to over 200 million Twitter users has been leaked. Hackers are selling and circulating data sets from scraped Twitter profiles.
The data sets were initially developed in 2021. At that point in time, hackers managed to exploit a Twitter API vulnerability that allowed users to input email...
4 cyber security concerns for the new year
Jan 03 -- In recent years, cyber attacks have proliferated, evolved and disrupted organizations worldwide. The year 2022 is considered the worst year on record for ransomware attacks, which were 80% more frequent than in the year prior. In the first half of the year alone, there over 270,000 new malware variants emerged, and data shows that...
AI-assisted code, inherently insecure says study
Dec 29 – Right now, machine learning algorithms are all the rage when it comes to generating “original” content, after being trained on pre-existing datasets. However, code-generating AI could present issues for software security.
AI-assisted code and software security
Select AI systems, like GitHub Copilot, intend to simplify the work of programmers’ by creating entire blocks of “new” code...
Blackouts, power cuts and security failures
Dec 27 – In October, cyber criminals managed to steal data from multiple U.S. electric utilities, stoking fears around power service disruptions. At present, agencies are continuing to monitor the incident for potential large-scale impact. The stolen data has not yet appeared on the dark web, although some power company executives believe that it might.
What happened
This previously...
LastPass data breach, worse than we initially thought
Dec 23 – A LastPass cyber security breach that occurred last August may have been more severe than the company previously anticipated or acknowledged, according to recent media reports.
On Thursday, the popular password management service indicated that hackers obtained a selection of personal information belonging to its customers. The information included encrypted password vaults. These details were...
IT expert arrested after hacking 400,000 cameras
Dec 21 – On Tuesday, after a hack affecting over 400,000 home security cameras, South Korean police arrested a man. The individual had not only accessed the camera footage, but had also attempted to sell it online, providing personal visual data to nefarious persons in nations around the world.
What happened
The man deployed his knowledge of IT and...
5 trends showing why you need threat intelligence
Dec 19 – On account of a confluence of factors, cyber attacks are becoming increasingly complex and sophisticated. Cyber attacks are among the fastest-growing types of crime worldwide, costing the global economy over $2M per minute, according to The Telegraph. Organizations and corporate entities need to identify and implement strategic means of cyber protection, otherwise risk devastating...
The end of the Google Maps monopoly?
Dec 16 – Google Maps has always had a distinct group of quiet competitors, but now it’s about to see fierce competition. The Linux Foundation has introduced Overture Maps, which is intended as an effort to develop interoperable open map data as a shared asset “that can strengthen mapping services worldwide.” The product is open source and...
Apple resolves vulnerability affecting most iPhones
Dec 14 – Two weeks ago, Apple released a software update designed to fix a zero day vulnerability, which the company now says that hackers attempted to exploit. The update, iOS 16.1.2 was released on November 30th. All supported iPhones -including iPhone 8 and later- received it.
What happened
According to a disclosure on the company’s security updates page,...
Amazon intends to do away with barcodes
Dec 12 – On account of computer vision, Amazon’s cameras can recognize products easily – without the use of barcodes. Amazon says that the system will eventually support robots.
According to Nontas Antonakos, an applied science manager in Amazon’s computer vision group, enabling robotic arms to pick up items and process them without requiring them to identify and...