Google Play Protect, its Chrome $5 billion lawsuit and replacing 30K jobs with AI

Google, the ubiquitous web search giant deeply ingrained in our daily lives, has unveiled plans to usher in a new era by replacing over 30,000 jobs with Artificial Intelligence (AI) technology. This strategic move aims to enhance operational efficiency and improve customer service on a global scale. Anticipated to roll out by November 2024, this transformative shift towards AI integration is poised to trigger significant workforce changes, resulting in mass layoffs.

The revelation surfaced through internal channels within the internet behemoth and was reported by First Post yesterday. While the specific individuals facing job displacement remain undisclosed, employees in administrative, marketing, and partially in sales roles are slated to receive pink slips by March of this year.

In a parallel development, Google has entered into a settlement agreement to resolve a class-action lawsuit, committing to pay a substantial $5 billion. The legal dispute stemmed from allegations that Google breached user privacy by monitoring individuals utilizing the Incognito Mode in Chrome Browsers, contradicting its claim of providing a highly private browsing experience.

As part of the settlement, affected users who employed the browser feature between 2016 and 2020 are entitled to $5,000 each. However, legal analysts caution that Alphabet Inc’s subsidiary, responsible for YouTube, may impose stringent guidelines on users seeking compensation. The details of the settlement are pending finalization by the court before February 24, 2024, with a formal announcement to follow.

Shifting focus to Google Play Protect, the tech giant has introduced enhanced performance features for the application dedicated to conducting security checks and thwarting potential threats. Noteworthy functionalities include scanning for malicious applications, deactivating and removing harmful apps from devices, placing unused apps in sleep mode, preventing unwanted software from operating in the Android ecosystem, user permission alerts, permission resets, and more.

The Play Protect feature extends its capabilities to track billing fraud, detect trojans and backdoors, block spyware, defend against DDOS attacks, prevent harmful codes from running within the Android ecosystem, thwart phishing and ransomware attempts, and block spyware and spam for device users. This robust suite of security measures underscores Google’s commitment to providing a secure and protected user experience within the Android environment.

The post Google Play Protect, its Chrome $5 billion lawsuit and replacing 30K jobs with AI appeared first on Cybersecurity Insiders.

January 01, 2024 at 11:11AM

Read More

China arrests 4 people who developed ChatGPT based ransomware

Microsoft-owned ChatGPT, developed by OpenAI, remains officially inaccessible in China. However, an intriguing turn of events reveals that hackers within the country have managed to exploit the service through VPNs. These cyber criminals successfully deployed ransomware, encrypting servers within a Hangzhou-based firm in Zhejiang Province.

In a surprising twist, China has arrested four individuals linked to this incident. Strikingly, the charges do not pertain to the creation of a file-encrypting malware or the disruption of IT services; rather, the arrests focus on the fraudulent use of a foreign AI-based online service within the region.

Initially reported by the South China Morning Post, this story has gained traction on various social media platforms like Twitter and Facebook, capturing the attention of the Western audience since Wednesday of this week.

The cyber-criminals behind the ransomware attack demanded a ransom of 20,000 Tether, a cryptocurrency currently valued at $1 in the international crypto markets.

OpenAI has implemented restrictions on access to its service in specific regions, including Iran, North Korea, Hong Kong, China, Russia, and Singapore. Despite these limitations, tech enthusiasts and individuals with malicious intent are circumventing the restrictions using Virtual Private Networks to access the conversational chatbot.

According to cybersecurity sources, three of the four arrested individuals were apprehended in a commercial area in Beijing, while the remaining individual was taken into custody in Mongolia, a region situated between Russia and China. Notably, three of the detainees were also implicated in other criminal activities, such as leveraging deep fake technology to spread misinformation and selling CCTV footage pilfered from the internet.

It is worth highlighting that this arrest report is a rarity in Chinese media, typically constrained by the strict information control policies of the Xi Jinping government.

The post China arrests 4 people who developed ChatGPT based ransomware appeared first on Cybersecurity Insiders.

December 29, 2023 at 08:33PM

Read More

Navigating Cloud Security: A Comparative Analysis of IaaS, PaaS, and SaaS

In the era of digital transformation, businesses are increasingly leveraging cloud computing services to enhance agility, scalability, and efficiency. However, the paramount concern for organizations considering a move to the cloud is the security of their data and operations. This article delves into the security aspects of the three primary cloud service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).

I. Infrastructure as a Service (IaaS): IaaS provides the fundamental building blocks of computing infrastructure, such as virtual ma-chines, storage, and networking. While IaaS offers a high level of control over the underlying infrastructure, security responsibilities are shared between the cloud provider and the customer.

1. Security Control: Customers are responsible for securing their operating systems, applications, and data. Cloud providers manage the security of the physical infrastructure, hypervisor, and network.

2. Customization: IaaS allows organizations to implement their security measures based on specific requirements. Greater control over security configurations and policies.

II. Platform as a Service (PaaS): PaaS abstracts the underlying infrastructure, offering a plat-form that allows developers to build, deploy, and manage applications. The security landscape in PaaS is characterized by shared responsibilities and automated services.

1. Shared Responsibility: Cloud providers manage the security of the underlying infrastructure. Customers are responsible for securing their applications and data.

2. Automated Security Features: PaaS platforms often include built-in security features, such as authentication and encryption. Automatic updates and patches enhance overall system security.

III. Software as a Service (SaaS): SaaS delivers fully functional applications over the internet, eliminating the need for users to manage the underlying infrastructure or application stack. Security in SaaS is a collaborative effort between the provider and the end-users.

1. Provider-Managed Security: Cloud providers handle security measures for the application, data, and infra-structure. Customers rely on the provider’s security protocols.

2. Limited Customization: Security configurations are predefined by the SaaS provider. Customers have minimal control over the underlying security architecture.

Conclusion:

The security of cloud services depends on various factors, including the service model, provider, and the specific security measures implemented by both parties. Ultimately, the choice be-tween IaaS, PaaS, and SaaS should align with the organization’s security requirements, level of control desired, and the resources available for managing security responsibilities. While each model has its strengths and considerations, a comprehensive and well-implemented security strategy is crucial regardless of the chosen cloud service model.

The post Navigating Cloud Security: A Comparative Analysis of IaaS, PaaS, and SaaS appeared first on Cybersecurity Insiders.

December 29, 2023 at 10:24AM

Read More

Beware of this Instagram trend that compromise Data Privacy

In today’s modern era, the concept of privacy in our daily lives seems elusive, given the widespread sharing of personal details on various social media platforms. From Facebook and Instagram to WhatsApp, Twitter, and even the notorious Telegram, users often divulge extensive aspects of their lives, only to later express concerns about privacy.

A notable trend on Instagram, a popular platform for sharing photos and videos, is the “Get to Know Me” phenomenon. Users willingly disclose intimate details such as age, phobias, tattoos, piercings, birthmarks, preferences, height, and various personal likes and dislikes.

Eliana Shiloh, a cybersecurity expert at Deloitte, has raised a red flag regarding this trend, labeling it a threat to privacy. Ms. Shiloh expressed her concerns in a TikTok video, sparking 72 instances of privacy concerns and prompting over 100 Instagram users to consider filing complaints against this potential threat with the Facebook-owned subsidiary.

The issue is particularly noticeable among female users who share videos and photos meant to be private but inadvertently expose themselves to a wider audience. Disclosing additional information like age and personal preferences poses a significant risk, potentially attracting the attention of hackers who, with minimal effort, can exploit this information through phishing to uncover more sensitive details.

So, what’s the solution to mitigate this risk?

The solution is straightforward: only disclose necessary details and keep everything else private. Sharing information like age may inadvertently enable hackers to deduce the date of birth, providing a potential entry point for accessing an individual’s private life by navigating through security questions designed to protect online accounts.

It is essential for online users to refrain from sharing critical information such as account credentials, bank details, contact numbers, and personal details about family or children on the internet. Such revelations can draw the unwarranted attention of hackers, who are always on the lookout for digital activities to exploit and invade private lives.

The post Beware of this Instagram trend that compromise Data Privacy appeared first on Cybersecurity Insiders.

December 29, 2023 at 10:17AM

Read More

Trending Ransomware news headlines on Google

During the holiday season of Christmas 2023, a ransomware attack targeted the Ohio Lottery, causing disruptions to its operations. The gaming company is currently in the process of recovering its encrypted data and is consulting with security experts to expedite the recovery. As a result of the attack, services such as prize and cash claims exceeding $599 are temporarily unavailable. Customers are advised to use alternative digital channels to access their winnings. The newly identified ransomware group, DragonForce, has claimed responsibility for the attack, revealing its ability to extract sensitive information, including social security numbers and dates of birth.

Eagers Automotive, an Australia-based company specializing in the sale of internationally renowned car brands, experienced a malware attack on December 27, 2023. The hackers managed to siphon a small portion of data, leading to severe disruptions in the company’s servers. With over 300 branches across various locations, including Queensland, Adelaide, Darwin, Melbourne, Perth, Sydney, Tasmania, Auckland, and NSW, the company’s digital operations were temporarily inaccessible to both staff and customers.

Yakult Australia, a well-known probiotic brand, faced a cyber attack, likely a ransomware variant, resulting in the exposure of sensitive files such as employee passport details on the dark web. Despite the company’s refusal to meet the hackers’ demands, its IT staff is actively working to mitigate the risks associated with the data breach. Yakult Australia has a robust data continuity plan, and the restoration of IT systems is expected by the first week of January 2024. The recently identified DragonForce Ransomware openly claimed responsibility for breaching the company’s servers.

In Germany, the LockBit Ransomware group targeted a hospital chain, leading to the cancellation of emergency services and ambulance diversions. The impacted hospitals, including Sankt Vinzenz Hospital, Mathilde Hospital Herford, and Franziskus Hospital Bielefeld, issued a press statement acknowledging the disruption to their IT services. The Katholische Hospitalvereinigung Ostwestfallen (KHO) has issued a press statement that its hospital chain’s IT services were impacted on the eve of this Christmas 2023 and its doctors and staff were doing their best in providing the emergency care to the needy.

EasyParkGroup, a prominent European parking app, fell victim to a cyber attack, likely a ransomware incident. The attackers gained access to personal details of users, including names, phone numbers, addresses, email addresses, and credit card numbers, which were then copied to foreign servers. Users are urged to monitor their credit card statements for any suspicious activity. The company has committed to implementing enhanced security measures to mitigate the risks associated with the breach.

In Jordan, the Rhysida Ransomware group targeted Abdali Hospital, employing a double extortion tactic. The group has given the hospital a seven-day ultimatum to pay 10 BTC, after which it threatens to disclose the stolen data on the dark web and auction it to the highest bidder.

The post Trending Ransomware news headlines on Google appeared first on Cybersecurity Insiders.

December 28, 2023 at 08:45PM

Read More

Vietnam hacked CCTV videos selling like hotcakes on Telegram

The Telegram messaging app has emerged as a hub for criminal activities, serving as a platform for data exchange among various illicit networks. Criminals, ranging from drug and child traffickers to cybercriminals, are increasingly utilizing Telegram to facilitate their nefarious operations.

One recent instance of cybercrime involves the distribution of hacked intimate CCTV videos, which are being sold on the platform. These videos, featuring content from bedrooms, are in high demand, with a dedicated Telegram channel named Vnexpress offering them for sale. The videos are priced at $3 per clip, and subscription options for quarterly, half-yearly, and annual plans are available at a cost-effective rate of $29.

Particularly disturbing is the demand for videos containing intimate moments from bedrooms, shedding light on the perverse interests of those purchasing such content. The Vnexpress channel, operating out of Russia, specializes in selling these compromising videos, exposing the private lives of families and businesses in Vietnam.

Notably, certain videos showcase bedroom footage of couples from countries like Canada, the United States, Australia, and Britain. The content is allegedly hacked from CCTV cameras installed in hotels and resorts, commanding prices ranging from $16 to $19 per clip.

Hackread.com, an online news resource, has highlighted that surveillance camera footage from homes in Vietnam is contributing to the content available to these criminal groups. The public is urged to refrain from installing CCTV cameras in sensitive areas like changing rooms, trial rooms, bedrooms, and bathrooms, as this footage becomes a valuable resource for criminals. Despite global prohibitions on the installation of cameras in such private spaces due to privacy concerns, it seems that individuals continue to neglect these regulations.

In light of these developments, there is a growing call for Telegram to implement stringent measures to monitor and control illicit activities on its platform. Major social media platforms such as Facebook, Twitter, and Google employ AI technology to combat the spread of various crimes, and it is hoped that Telegram will follow suit to effectively curb criminal activities within its user base.

The post Vietnam hacked CCTV videos selling like hotcakes on Telegram appeared first on Cybersecurity Insiders.

December 28, 2023 at 10:26AM

Read More

Ransomware attack leads to identity theft of an Oakland Man

In recent times, we’ve been inundated with countless stories about ransomware attacks and the extortion demands posed by cyber-criminals. However, a new facet of cyber-crime has emerged, taking the form of a twist in the aftermath of a ransomware assault on a government network.

A resident of Oakland, Dedrick Warmack, has come forward, alleging that the ransomware attack not only compromised a government network but also resulted in his identity being stolen. This, in turn, paved the way for the creation of fraudulent bank accounts, the acquisition of high-value properties, and an onslaught of millions of dollars’ worth of credit card payments flooding his email inbox.

While this may initially sound sensationalized, investigations into the matter have substantiated Mr. Warmack’s claims. According to him, multiple newly opened bank accounts now bear his name, boasting credit balances ranging from $17,000 to $30,000. The Oakland native believes that cybercriminals likely accessed his sensitive information during a city computer network hack several months ago, leading to identity theft and fraudulent activities, including deceptive phone calls concerning overdue credits, water and sewage bills totaling $2,000, and home loans.

Further probing revealed that an unidentified individual had, without Warmack’s knowledge, purchased a property in New England using his credentials, such as his Social Security Number, through a smart finance scheme. As a result of loan and bill payment defaults, Warmack’s credit score plummeted by a staggering 180 points.

Traditionally, we’ve witnessed companies grappling with the aftermath of file-encrypting malware attacks. Now, a new chapter unfolds as individuals find themselves ensnared in the nightmare of ransomware breaches, enduring consequences that extend beyond the digital realm.

The question of culpability arises: Should the blame be placed on the administrators of the City of Oakland, tasked with safeguarding sensitive data, or does responsibility lie with the individual who failed to monitor his credit score promptly, now grappling with remorse?

 

The post Ransomware attack leads to identity theft of an Oakland Man appeared first on Cybersecurity Insiders.

December 27, 2023 at 08:37PM

Read More

Remote encryption based ransomware attacks on rise

Over the past year, criminal organizations such as Alphv, LockBit, Akira, Black Basta, and Royal have increasingly engaged in remote encryption attacks. In these cyber assaults, perpetrators target the most vulnerable devices with minimal security, using them as entry points to compromise entire networks.

Due to the remote nature of the encryption process, in-house threat detection solutions find it challenging to identify and counteract such attacks. Recognizing the severity of this issue, cybersecurity firm Sophos has classified it as a significant cyber threat, warranting immediate attention from defenders.

Sophos, a UK-based security company, underscored in its report a notable 62% surge in intentional remote encryption attacks since September 2022, with projections indicating a further escalation in the coming years.

What adds a layer of complexity is the adoption of artificial intelligence (AI) tactics by cybercriminals. Utilizing AI, these malevolent actors scan billions of devices for vulnerabilities, making their campaigns remarkably effective—up to 73% success rates—and lucratively profitable, yielding millions for the hackers.

In light of the approaching holiday season, Sophos has issued a cautionary alert, pointing out that prominent ransomware groups are expected to target both large and small companies. The firm particularly urges organizations in the technology, manufacturing, and healthcare sectors to maintain heightened vigilance against potential threats. Furthermore, they recommend keeping IT staff on high alert to promptly respond to any unforeseen situations.

It is crucial to note that hackers commonly infiltrate networks through phishing or brute force attacks. Once inside a network, they initially steal information and subsequently encrypt it, demanding a ransom for its release. In the case of remote ransomware encryption, criminal groups actively seek out vulnerable devices as entry points, bypassing traditional security measures and posing an escalating threat to cybersecurity.

The post Remote encryption based ransomware attacks on rise appeared first on Cybersecurity Insiders.

December 27, 2023 at 11:50AM

Read More

China stealing AI feed data from America for Spying

As per a report featured in the Wall Street Journal, there has been a notable surge in China’s illicit acquisition of extensive datasets designated for training Artificial Intelligence (AI) tools in the United States. The apparent objective behind this activity is to conduct mass surveillance on millions of Americans by constructing detailed profiles based on their economic, political, and social inclinations.

The article underscores the escalating trend of espionage and substantial data thefts from both American corporations and federal entities over the past five years. China’s interest lies in utilizing this pilfered data to conduct thorough analyses, gather intelligence, launch cyber-attacks, and enhance its competitive prowess across various domains.

In essence, every AI platform relies on large datasets to amass intelligence and effectively respond to human queries. The leadership of Xi Jinping has strategically targeted these technological feeds, engaging in information theft and espionage. This encompasses the coercion of corporate employees to purloin and surrender data and trade secrets pertaining to their respective companies.

An illustrative incident supporting these claims involves the arrest of an Apple employee named Xiaolang Zhang in July 2018. Zhang was apprehended in the act of stealing and transmitting information related to Apple’s automated cars to servers located in Beijing.

The scope of data theft extends to incidents such as the compromise of Microsoft Exchange Servers, the Marriott Data Breach, and the Equifax data breach, all conducted under the guise of Project Typhoon, revealing a broader pattern of Chinese involvement in pilfering AI training data.

According to the FBI, China’s penchant for pilfering trade secrets is not a recent development, as the nation has been involved in systematic “information gathering” for an extended period. The Biden administration has taken decisive measures to address this threat by instructing the Pentagon to fortify vulnerable data access points in both public and private entities. These efforts have borne fruit since 2022, with government intelligence resources not only thwarting fraudulent access attempts but also possessing evidence to identify and address adversaries involved in these activities.

It is evident that China, as the world’s most populous nation, continues to excel in diverse fields. Its predominant trade asset, electronic production, has proliferated globally, particularly in the Western hemisphere. Imposing a trade ban may prove ineffective, as China appears impervious to external pressures on its development. The only conceivable restraint could be in controlling its diminishing population growth, a factor that currently appears to be the only limitation on its expansive trajectory.

The post China stealing AI feed data from America for Spying appeared first on Cybersecurity Insiders.

December 26, 2023 at 08:31PM

Read More

Ransomware threat rises in November 2023

The month of November 2023 witnessed a surge in ransomware victims, with criminal gangs taking advantage of the holiday season. The combination of a thin IT staff and the Christmas holidays created an opportune environment for companies to fall prey to hackers, especially those lacking in-house cybersecurity solutions to monitor their IT assets.

A report from Corvus Insurance revealed alarming statistics for November 2023, indicating a 39.08% increase in new victims compared to October 2023. This spike represented a staggering 100% surge compared to the same period last year, underscoring the growing threat of ransomware attacks.

Throughout the year, ransomware variants such as LockBit, Clop, Play, BlackCat (ALHPV), and Akira remained highly active. The top contender alone raked in a substantial $393 million from its victims, highlighting the lucrative nature of these cyber crimes.

The efficiency of ransomware-spreading gangs raises concerns about the factors contributing to their success. Many companies mistakenly believe that they are less likely to be targeted by cyber -criminals, assuming that only large firms are at risk. However, the reality has shifted, with hackers becoming increasingly sophisticated and innovative in their approaches. A staggering 73% of attacks prove to be financially rewarding for the hackers.

These malicious actors employ double or triple extortion tactics, ensuring financial gains through various means. They may threaten victims and coerce them into payment, or alternatively, sell stolen data on the dark web for profit. Valuable information such as bank credentials, email IDs, call records, contact numbers, and social security numbers can be used by cyber crooks to construct detailed online user profiles.

To mitigate the risk of falling victim to ransomware attacks, individuals and organizations must exercise caution when sharing sensitive information online. Vigilance against phishing and other social engineering attacks is crucial. Importantly, it is advised never to pay a ransom to criminal gangs, as there is no guarantee of receiving a decryption key, and the fate of the stolen information on their servers remains uncertain.

The post Ransomware threat rises in November 2023 appeared first on Cybersecurity Insiders.

December 26, 2023 at 11:33AM

Read More

UK to allow facial recognition on 50m drivers

Britain is poised to conduct facial recognition checks on its 50 million drivers in the upcoming year, with the aim of leveraging this initiative to apprehend criminals based on images captured in the CCTV surveillance database. The Home Office and Driver Vehicle and Licensing Agency (DLVA) have introduced a legal proposal exclusively targeting adults.

Chris Phillip, the Minister of State for Crime, expressed that this new law would be a game changer, operating in harmony with existing data privacy laws. The primary focus is to apprehend individuals involved in crimes such as burglary, theft, shoplifting, and terrorism.

According to information available to Cybersecurity Insiders, facial recognition cameras will compare images from the police criminal database with those from the passport and immigration database, aiding in the creation of a suspect profile. If scanned motorists are identified as criminals, they will be apprehended through legal channels.

While comparing the driving license database with criminal records may be perceived as an invasion of privacy for licensed users, proponents argue that it fosters trust among the public, showcasing the government’s capability to combat crime in the interest of national security.

The implementation of such comparisons between crime and driving license databases is not new, with countries like China and the United States already utilizing similar systems. The effectiveness of such initiatives remains uncertain and only time will reveal their true impact.

Typically, these technologies prove beneficial in solving minor crimes such as theft and burglary. However, their efficacy in addressing more serious crimes like murder has been limited, solving only a handful of cases. Despite this, proponents argue that even partial success is a step in the right direction, as technology continues to exceed expectations.

The post UK to allow facial recognition on 50m drivers appeared first on Cybersecurity Insiders.

December 25, 2023 at 08:43PM

Read More

Safeguarding Your Data: Strategies to Protect Against Information Stealers

In today’s digital age, the security of personal and sensitive information is of utmost importance. Cyber Threats, such as information stealers, pose a significant risk to individuals and businesses alike. Information stealers are malicious software designed to surreptitiously gather and transmit sensitive data, including login credentials, personal details, and financial information. In this article, we will explore effective strategies to protect your data from these insidious threats.

1. Install Reliable Antivirus and Anti-Malware Software: The first line of defense against information stealers is robust antivirus and anti-malware software. Regularly update and run scans to detect and remove any potential threats. Ensure that your chosen security software offers real-time protection to actively block malicious activities.

2. Keep Operating Systems and Software Updated: Regularly updating your operating system and software is crucial for maintaining a secure digital environment. Software updates often include security patches that address vulnerabilities exploited by information stealers. Enable automatic updates whenever possible to ensure you are protect-ed against the latest threats.

3. Use Strong and Unique Passwords: Strengthen your defense by using strong, unique passwords for each of your accounts. Avoid using easily guessable passwords and consider incorporating a mix of uppercase and lowercase letters, numbers, and special characters. Password managers can assist in generating and securely storing complex pass-words.

4. Implement Two-Factor Authentication (2FA): Enhance your security posture by enabling two-factor authentication where available. This adds an extra layer of protection, requiring users to provide a second form of verification, such as a temporary code sent to a mobile device, in addition to the password.

5. Exercise Caution with Emails and Links: Information stealers often spread through phishing emails and malicious links. Be cautious when opening emails from unknown senders, and avoid clicking on suspicious links. Verify the legitimacy of emails, especially those requesting sensitive information or containing unexpected attachments.

6. Secure Your Internet Connection: Use a secure and encrypted internet connection, especially when accessing sensitive data. Avoid using public Wi-Fi networks for confidential transactions, as these are often targeted by information stealers. Consider using a virtual private network (VPN) for added security.

7. Regularly Back Up Your Data: In the event of a security breach, having regularly up-dated backups of your data can be a lifesaver. Schedule automated backups and store them in a secure, offline location to prevent unauthorized access.

8. Educate Yourself and Your Team: Stay informed about the latest cybersecurity threats and educate yourself and your team about best practices. Training programs can help raise awareness and empower individuals to recognize and respond effectively to potential threats.

Conclusion

Protecting your data from information stealers requires a proactive and multifaceted approach. By combining reliable security software, good cybersecurity practices, and user education, you can significantly reduce the risk of falling victim to these malicious threats. Stay vigilant, stay informed, and prioritize the security of your digital assets in an increasingly interconnected world.

The post Safeguarding Your Data: Strategies to Protect Against Information Stealers appeared first on Cybersecurity Insiders.

December 25, 2023 at 10:23AM

Read More

Ubisoft ransomware attack gets thwarted

Ubisoft, the France-based video game publisher, recently announced that its in-house threat monitoring software successfully thwarted a ransomware attack that occurred on December 20th of this year. Despite this security success, the company is actively investigating a potential data breach that coincided with the aforementioned attack. An unidentified hacker group exploited this breach by publishing internal software information on VX-Underground.

Curiously, this data leak occurred concurrently with a security incident at another company, Insomniac, resulting in the unauthorized disclosure of game development details related to the Sony-affiliated company.

Ubisoft, currently engrossed in developing the latest installment of Avatar: Frontiers of Pandora, confirmed that this incident may have exposed over 900GB of information, and the extent of the damage is yet to be fully assessed.

This isn’t the first time Ubisoft has faced cybersecurity challenges. In 2020, the company fell victim to the Egregor Ransomware, leading to the leakage of its source code. Subsequently, in 2021-22, a data leak caused by misconfiguration disrupted games, systems, and services. The repercussions of the recent attack are still unfolding.

Over the past three years, cybercriminals have increasingly exploited the holiday season when many Western companies operate with reduced staff, creating an opportune environment for attacks. Industries such as healthcare, finance, gaming, and manufacturing are prime targets during this period. It has become imperative for companies to establish efficient backup plans to sustain operations during such incidents.

Implementing robust security measures, including encrypting data at rest and in transit, maintaining multiple copies of backed-up data for recovery purposes, and deploying vigilant threat monitoring solutions for IT assets, is crucial in mitigating the impact of such cyber threats.

The post Ubisoft ransomware attack gets thwarted appeared first on Cybersecurity Insiders.

December 25, 2023 at 10:11AM

Read More

What do CISOs need to know about API security in 2024?

[By Andy Grolnick, CEO, Graylog]

In the past couple of years, there has been explosive growth in API usage as API-related solutions have enabled seamless connectivity and interoperability between systems. From facilitating data exchange to cross-platform functionality, companies with an API-first approach have more performant financial outcomes. According to Postman’s 2023 State of the API Report, roughly 66% of participants indicated that their APIs contribute to generating revenue. Among this group, 43% specifically mentioned that APIs account for over a quarter of their company’s total revenue. Moreover, the rise of the API economy has spurred organisations to open up their services, fostering collaboration, and enabling the creation of new products and services through third-party integrations.

As the popularity of APIs has grown, so have the security risks they pose to organisations. A recent ESG survey on API security showed that 92% of organisations using APIs have experienced a breach in the past 12 months. APIs hold valuable data such as personal user data, financial details, or business-critical information. In sectors such as financial services, APIs can be exploited to manipulate financial transactions or steal credentials for direct financial gain. What makes API attacks increasingly concerning is their low barrier to entry. APIs have publicly accessible documentation. Exploiting vulnerabilities is not a complicated task for hackers, granting them unauthorised entry to manipulate endpoints, leading to potential data breaches and gaining control over systems.

That is why it’s strange that for many CISOs, APIs remain a critically under-protected attack surface as API security falls into no-man’s land. API Security is usually the remit of security teams, but the APIs themselves are developed by product teams who tend to prioritise speed and time-to-market. Hence security teams have relied on developers to address issues as the products are being built. 

Unfortunately, we anticipate that this achilles heel will be exploited by bad actors in 2024. It is important that CISOs and their teams understand their organisation’s API risk posture when developing an API security strategy for the next 12 months. It will be up to CISOs to drive initiatives between security and product teams to ensure visibility into APIs and devise strategies to mitigate potential threats. 

All is not lost. Enterprises are now waking up to the dire need for API security, and CISOs have a significant role to play in safeguarding their environment.  

We delve into the top challenges we expect CISO to face in 2024 in securing APIs and how they can overcome these growing concerns to bolster their organisations’ security posture.

Authenticated Attacks

Protecting against API threats will be a major challenge CISOs should be ready to face as traditional, perimeter-based solutions are ineffective at identifying such threats.

Hackers are finding innovative ways to gain authenticated user access and with low-cost APIs, hackers can pose as real customers or partners. Additionally, as nation-state-backed cybercriminal groups are on the rise, criminals have more access to resources to pay and become customers. Insiders will deliberately exploit their authorised access to steal sensitive data, manipulate API endpoints, or perform unauthorised actions, leading to data breaches, service disruptions, or system compromise. 

As WAFs only monitor HTTP requests, new perimeter-based API security solutions tracking user requests, not responses, do not provide full-fidelity of the API traffic. The actions of malicious customers or partners will appear legitimate because they come from authenticated users. Securing APIs in a modern threat landscape requires a threat detection and incident response (TDIR) approach that prioritises inside-the-perimeter defences to ensure even if malicious actors gain access, the threat is rapidly identified, and privileges are revoked. 

CISOs will need to ensure their API security strategy takes a multi-layered approach that supplements perimeter defences with application-level security. Full fidelity of APIs is necessary to isolate unknown attacks as hackers find innovative ways to remain undetected by traditional solutions.

Executive buy-in

The API security market is in its infancy as the threat of API attacks has become more accentuated over the past year, which means there is a significant education gap when it comes to API security. The truth is that most organisations don’t have full visibility into their API environment or their API risk posture. API inventories are changing at an exceptionally rapid rate which makes tracking changes and risks a challenge.  

This makes it hard to communicate to budget holders and other C-suite members why they should invest in an API security solution. Getting company buy-in for API security is just as big a challenge for CISOs as defending APIs from attackers.

CISOs play a crucial role in ensuring comprehensive visibility within their API environment to identify the extent of API exposure in real time promptly. This visibility is pivotal in aligning security objectives with business goals. 

By having a clear view of their APIs in real time, CISOs can accurately measure the potential business risks associated with insecure APIs. An API attack can significantly impact a company’s financial health, causing reputational damage, and revenue loss due to disrupted services or the necessity to pay for data access restoration. Having real-time API visibility enables CISOs to quantify risks and strategise security measures effectively, understanding the direct implications on the company’s bottom line.

Finding the right security tool for compliance 

General Data Protection Regulation (GDPR), The Payment Card Industry Data Security Standard (PCI-DSS), and Health Insurance Portability and Accountability Act (HIPAA) are just some of the regulations organisations must adhere to, to protect personal data from being exposed through APIs. As organisations conduct international business, they must ensure their API security meets multiple regional regulatory frameworks.

When it comes to APIs, third-party risks are more acute due to the sensitive nature of the information APIs handle. SaaS security solutions require a lengthy and complicated process to be compliant, as data has to be filtered, redacted, and anonymised before it can be uploaded into a cloud environment. Organisations in sectors such as financial services, are particularly wary of sharing data with third parties of the potential for this data to be misused. 

However, API endpoints are growing at a scale we have never seen before, and traditional on-prem solutions do not have the capacity to process such a massive amount of data. The challenge for CISOs will be to find security tools that don’t make compliance a hindrance to efficiency and operations. An option is to prioritise on-premise tools that eliminate the need to process data before it can be analysed. These tools can also be up and running within days, as there is no need to ensure data processing meets third-party risk requirements. 

Shifting to a proactive approach to securing APIs

With threats of AI-powered attacks and the increasing sophistication of hackers, proactive threat hunting has become central to all TDIR strategies. CISOs will have to rethink their TDIR strategies to incorporate real-time API traffic scanning to ensure early detection of API threats. Relying on guides such as the OWASP Top 10 API Security Risks is no longer enough, as attackers can easily evade known threat detection. CISOs should build their API security strategies on full observability of API traffic. A proactive approach to APIs will ensure that even sophisticated, or insider threats are flagged as malicious traffic before they can disrupt application behaviours. 

In the evolving landscape of API security in 2024, CISOs face a myriad of challenges. The exponential growth of APIs brings financial benefits but also heightens security risks, especially concerning insider threats and evolving attack methodologies. Addressing these challenges demands a multi-layered security approach, inside-the-perimeter defences, and proactive strategies to detect and respond swiftly to potential breaches. Securing executive buy-in, meeting compliance standards, and balancing security with operational efficiency are critical hurdles. Prioritising real-time API visibility and adopting proactive measures against evolving threats will be pivotal for CISOs in fortifying API security and safeguarding organisational integrity in the years ahead.

The post What do CISOs need to know about API security in 2024? appeared first on Cybersecurity Insiders.

December 23, 2023 at 01:32AM

Read More

First American becomes victim to a ransomware attack

The initial American entity providing title and other insurance services recently experienced a cyber attack believed to be a variant of ransomware. While the insurance company acknowledged service disruptions on its website, it refrained from explicitly stating that the incident involved ransomware, citing ongoing investigations.

According to an undisclosed source within the company who spoke anonymously, certain servers were impacted by malware. In a swift response to contain the situation, these affected servers were promptly isolated and taken offline.

Ransomware operates by encrypting a database and withholding access until a ransom is paid. In some instances, those behind the malicious software employ double or triple extortion tactics to increase pressure on the victim.

First American, known for providing real estate-related services to loan seekers, mortgage lenders, and investors, has committed to keeping its customers, employees, and the public informed about the attack through regular updates on social media.

Interestingly, the Santa Ana, California-based company had recently agreed to pay $1 million to the state of New York for its failure to safeguard customer information during a data breach in April-May 2019. Remarkably, as the resolution of this case was underway through an amicable settlement, the latest cyber incident unfolded this week on Wednesday.

The post First American becomes victim to a ransomware attack appeared first on Cybersecurity Insiders.

December 22, 2023 at 11:13AM

Read More

Cybersecurity for Remote Work: Securing Virtual Environments and Endpoints

[By Greg Hatcher, Founder & CEO — White Knight Labs]

Remote work surged in popularity out of necessity during the COVID-19 pandemic but seems to be here to stay, thanks to its unique advantages. One study by Upwork estimates that 22% of the American workforce will be working remotely by 2025. However, with the rise in remote work also comes an increase in cybersecurity challenges spurned by the circumstances of remote work.

Cybersecurity in an office setting is relatively straightforward, as the IT department can manage a firewall that can help protect on-network devices from threats. Of course, some threats — such as email scams — may still filter through, but the office setting is generally much more controlled. Many more endpoints must be secured when dealing with remote employees, as they represent potential vulnerabilities for the organization and its data.

Cybersecurity challenges in a remote work environment

While some cybersecurity threats of the in-person workplace remain after transitioning to a hybrid or remote environment, others are more specific to remote work settings. A few common cybersecurity threats include:

• Weak passwords: Whether in-office or working remotely, weak passwords remain one of the most common threats to an individual’s cybersecurity. Reused passwords are particularly dangerous for remote workers. If their online behavior for personal use compromises one of their passwords, and the employee reuses this password for one of their work accounts, the hacker could access the organization’s sensitive data.
• Ransomware: Ransomware attacks gain access to critical systems and extort money out of the victim to return the data. Due to the increase in the use of software like virtual private networks (VPNs), virtual desktop infrastructure (VDI), remote desktop protocol (RDP), and cloud storage in the light of remote work, bad actors have more targets for their ransomware attacks. Remote workers must remain hyper-vigilant of potential ransomware attacks — such as phishing scams or trojan horses — to protect their and their company’s data.
• File sharing: To better enable collaboration, many companies have begun using software like Dropbox or Google Drive to share files, but these cloud-based file-sharing services present a cybersecurity risk to companies because they offer an easy route for wrongdoers to disseminate malware to the entire organization. Virus-scanning software can help users detect corrupted or infected files before downloading them.
• Unsecured Wi-Fi: In the era of remote work, many individuals have turned to public spaces, such as coffee shops or restaurants, to provide a change of scenery from their home office. However, with public places come unsecured Wi-Fi networks, which can pose a substantial cybersecurity risk. Hackers can take advantage of public Wi-Fi’s lack of security measures to steal information like passwords or even take over accounts entirely, though this can be resolved by requiring employees to work only from secured personal networks.
• Personal devices: Another substantial cybersecurity risk companies face during remote work is using personal devices for work purposes. Although individuals tend to be more careful with work-issued devices by only visiting safe, work-related sites, they visit a wider variety of websites on their personal devices. When there is a cross-over, employees’ work accounts could be compromised by their personal activities. At a minimum, employees should set up separate user profiles on their devices for work and personal use.

Endpoint security for remote workers

Endpoint security is the practice of securing the network endpoints, which are the devices used to access the organization’s data, including laptops, tablets, smartphones, and any other device. In an office setting, many of these endpoints are company-owned and managed, but when dealing with remote workers, these devices are owned and managed by the individual.

Still, employers may institute specific requirements to ensure their data is secure despite devices being owned by the user. Some of the most common methods of protecting endpoints in remote work ecosystems include:

• Strong passwords: The first and most crucial step employees should take to protect their data in a remote work environment is always using strong passwords. Regardless of whether the account is for work or personal use, it is essential that passwords are not reused and that they have an adequate level of complexity to make it more difficult for hackers to get into their accounts.
• Home networking: Remote employees should take care only to work from networks they know are secure, such as their homes or family’s homes. Furthermore, proper security measures should be put in place on these networks to protect them from outside threats. For example, the password on the Wi-Fi network should be strong and not something that can be guessed by someone else, such as a phone number or pet’s name.
• Antivirus and internet security software: Employees using personal computers and other personal devices must use sufficient antivirus and internet security software. These programs offer a line of defense when a user makes a mistake and accidentally leaves themselves vulnerable to malware attacks.
• Email security: Implementing robust email security practices can also help protect remote workers’ cybersecurity. A strong spam filter can flag any suspicious emails an employee may receive, ensuring they do not accidentally open attachments, and many email hosts offer features that let users scan files for viruses before downloading them.
• Identity management and authentication: Companies transitioning to hybrid and remote work environments should also invest in identity management and authentication procedures. For example, two-factor authentication (2FA) requires users to authenticate their identity before accessing sensitive data. This ensures that even if a user’s passwords are compromised, a hacker cannot access the accounts without physically possessing the user’s device.

However, the most effective method of cybersecurity is a proactive approach. Educating employees about best practices is the best way to ensure that data remains secure. For example, employees should be taught about safe email practices and how to vet if an email is legitimate — even if it comes from a seemingly trustworthy source, as it could be a hacker impersonating someone known to the user.

Remote work has offered numerous benefits for workers and organizations alike, but just because employees are no longer in the office and are not using company-owned devices does not mean the responsibility for cybersecurity goes away. Organizations must protect their data by implementing proper security measures and educating employees about responsible practices.

The post Cybersecurity for Remote Work: Securing Virtual Environments and Endpoints appeared first on Cybersecurity Insiders.

December 22, 2023 at 07:47AM

Read More

5 Ways to Conquer Your Certification Exam Fears

“I’ve missed more than 9,000 shots in my career. I’ve lost almost 300 games. Twenty-six times, I’ve been trusted to take the game-winning shot and missed. I’ve failed over and over and over again in my life. And that is why I succeed.” ― Michael Jordan

Words of wisdom from the athlete the National Basketball Association calls the greatest basketball player of all time. The fact is, you can’t win if you don’t play. But sometimes the worry of missing that first, second or third shot can keep you from jumping in the game.

Don’t let fear hold your back. Cybersecurity certification is a career game-changer, one that opens new possibilities wherever your goals take you.

Get the Confidence Boost You Need
We’ve all experienced the fear of failure. When it comes to pursuing a rigorous cybersecurity certification, like the CISSP from ISC2, that anxiety can be even more intense, thanks to the high stakes involved. But remember, even the most accomplished cyber professionals have to stand up to uncertainty — not only in their pursuit of certification but in the work they do every day.

You can do this, and we’re here to help. Use these five proven strategies to help build confidence leading up to exam day.

1. Set realistic expectations. No one becomes a cybersecurity expert overnight. Set an achievable goal and focus on steady progress instead of immediate perfection. Celebrate every milestone along the way, no matter how small.

2. Embrace a growth mindset. Understand that your knowledge and skills will grow with dedication and hard work. Embrace challenges as opportunities rather than seeing them as potential failures.

3. Break down your goals. The journey to certification can feel overwhelming at times. Break down your exam prep into smaller, manageable tasks. By tackling them one step at a time, you’ll build confidence and chip away at the larger goal.

4. Find a support system. Surround yourself with people who will support you with encouragement, guidance and accountability. Join the ISC2 Community and attend your local ISC2 Chapter meetups.

5. Learn from mistakes. Analyze what went wrong, identify areas for improvement and adjust your approach accordingly.

Now move forward with confidence and embrace the exciting world of cybersecurity!

Preparing for the CISSP, CCSP or another ISC2 exam? Watch ISC2 Exam Ready webinars, where expert panels answer common questions about training course content and exams. Another great webinar to check out for last-minute study tips: Exam Prep Hacked.

The post 5 Ways to Conquer Your Certification Exam Fears appeared first on Cybersecurity Insiders.

December 22, 2023 at 07:03AM

Read More

The Cyber Threat Intelligence Paradox – Why too much data can be detrimental and what to do about it

[By Gabi Reish, Chief Business Development and Product Officer, Cybersixgill]

In today’s rapidly expanding digital landscape, cybersecurity teams face ever-growing, increasingly sophisticated threats and vulnerabilities. They valiantly try to fight back with advanced threat intelligence, detection, and prevention tools. But many security leaders admit they’re not sure their actions are effective.

In a recent survey¹, 79 percent of respondents said they make decisions without insights into their adversaries’ actions and intent, and 84 percent of them worry they’re making decisions without an understanding of their organization’s vulnerabilities and risk.

What’s causing this uncertainty? The skills shortage is certainly one factor. There’s no getting away from this long-standing reality. According to a 2022 report², some 3.4 million security jobs are unfilled due to a lack of qualified applicants. But there’s far more to the story than a staffing shortage.

The Cyber Threat Intelligence Paradox

Cyber threat intelligence (CTI) attempts to understand adversaries and their potential actions before they occur and prepare accordingly. CTI gathers information about threat actors, their intentions, mechanisms, intended targets and means for doing so as comprehensively as possible.

The reason why cybersecurity teams lack confidence in their actions is due to what I term The CTI Paradox: The more you have, the less you know. These teams are flooded with information that they can’t easily act upon because they can’t distinguish what’s relevant to their organization and what’s not. Additionally, they often have an overabundance of security tools designed to detect vulnerabilities, threats, intrusions and the like – firewalls, access management, endpoint protection, SIEM, SOAR, XDR, etc. – that they can’t operate them efficiently without a clear set of priorities.

To illustrate the point, my company, Cybersixgill, recently conducted a survey of more than 100 CTI practitioners and managers from around the globe. We learned that almost half the respondents said that they are still challenged, even with CTI tools at their disposal. Among the issues are the overwhelming volumes and irrelevance of data, the difficulty of gaining access to useful sources, and the complexity of integrating intelligence from different solutions.

It’s no surprise then that 82 percent of surveyed security professionals³ view their CTI program as an academic exercise. They buy a product but have no strategy or plan for using it.

While this scenario may sound grim, there are options to help CISOs and their teams make effective use of CTI data and strengthen their cyber defense. Here are some suggestions for getting out of the CTI Paradox and gaining confidence that your organization is foiling cyberattackers effectively and efficiently.

The Four Pillars of Effective CTI 

Fundamentally, a well-functioning security department needs two things: Timely, accurate insights about threats that are relevant to their organization, and the capacity to quickly respond to those threats. The first order of business is devising an overall strategy that reflects the organization’s unique security concerns. Next you need effective CTI that recognizes those concerns. And finally, you need the detection and prevention tools that allow you to take action in response to the relevant insights.

More specifically, resolving the CTI paradox means using CTI tools that provide support through four pillars:

• Data – information about cyberthreats that matter to the organization
• Skill sets – tools that match the team’s level of expertise in responding to those threats
• Use cases – tools that match the types of intelligence that the security team is interested in
• Compatibility – the fit between a CTI solution and the rest of the security stack

Let’s look at the four pillars, how and why organizations may be experiencing problems, and the best ways to solve them.

Data

Problem: It’s one thing to collect massive amounts of data. It’s another thing to refine that data so that security teams know what is relevant and what is peripheral. While it is fine to be aware of security threats on a global level – both literally and figuratively – companies need to zero in on the threats and vulnerabilities most relevant to their attack surface and prioritize them accordingly.

Solution: Focus on products that analyze and curate information rather than dumping everything on users and expecting them to filter out what is relevant and what’s noise.

If you’re shopping for a solution, be sure that the vendor has first compiled an exhaustive list of potential threats by accessing a wide range of sources, including underground forums and marketplaces and that the information is continuously updated in real time. But the vendor should further allow you to cull down the list to a manageable level, using the tool to automatically contextualize and prioritize those threats and thus respond quickly and efficiently.

Skill sets

Problem: Security teams sometimes find themselves working with tools that do not match their cybersecurity skills. A tool that provides access to raw, highly detailed information may be too complex for a more junior practitioner. Another tool may be too simplistic for a security team operating at an advanced level and fail to provide sufficient information for an adequate response.

Solution: Teams need to use CTI tools that match or complement their skill sets. You also want to select tools that match your organization’s security maturity and appetite for data – neither too high nor too low for your needs. Ideally, the tool you use incorporates generative AI geared specifically to threat intelligence data.

Use cases

Problem: Organizations may receive information irrelevant to their primary use cases. CTI vendors typically address a dozen or more intelligence use cases such as brand protection, third-party monitoring, phishing, geopolitical issues, and more. Receiving intelligence to address a use case irrelevant to your organization’s security concerns isn’t helpful.

Solution: Find a solution that matches your use-case needs and provides information that is clear, relevant, and specific to those use cases. For example, if your organization is particularly subject to ransomware, find one that offers the best, most up-to-date information about ransomware threats.

Compatibility

Problem: To adequately handle cyber threat intelligence, an organization needs to be able to consume incoming data,  integrate it with other elements of its security stack (SIEM, SOAR, XDR, and whatever other tools that are useful for the organization), and take action rapidly. Without this compatibility among tools, organizations may not be able to mitigate threats quickly enough. Additionally, manually porting information from one area to another may become onerous enough that the CTI tool eventually is ignored.

Solution: In this environment, you need to rely on automated responses to threats as much as possible, so make sure whatever CTI tool you acquire integrates seamlessly with your security ecosystem. You’ll want a tool that has the APIs needed to share information readily with the rest of your security stack. Check the vendor’s compatibility list to be certain that the CTI tool will sync with the security tools most important to your organization.

The CTI Paradox does not have to go unsolved. Curated, contextualized threat intelligence, relevant to an organization’s use cases, eliminates the paralysis that comes from too much data. Well-integrated tools, appropriate for the security teams implementing them, give organizations the defense mechanisms required to detect and respond rapidly and efficiently.

By being smart about threat intelligence and your organizational status and requirements, you can move from doubt and uncertainty to clarity, focus, and effective direction.

Gabi Reish, the chief business development and product officer of Cybersixgill, has more than 20 years of experience in IT/networking industries, including product management and product/solution marketing.

The post The Cyber Threat Intelligence Paradox – Why too much data can be detrimental and what to do about it appeared first on Cybersecurity Insiders.

December 22, 2023 at 06:52AM

Read More

Ransomware Attacks: Are You Self-Sabotaging?

[By Andy Hill, Executive Vice President, Nexsan]

No IT professional is unaware of the staggering risk of ransomware. In 2023, recovering from a ransomware attack cost on average $1.82 million—not including paying any ransom—and some organizations get hit more than once.

If you’re hit, you generally have to choose between paying that ransom or restoring your data yourself. Nearly every expert advises you not to pay up, for a variety of reasons, most importantly, the cybercriminal may not honor their promise to release your data. (So much for ‘honor among thieves.’) In some cases, once they know the victim is willing to pay, they increase the ransom amount.

Secondly, criminals can take their sweet time giving victims the encryption keys, meaning you don’t get immediate access to your data even after paying.

In reality, it’s better to restore the locked files from backups. While this has historically been most effective, today, cybercrime rings are technologically sophisticated organizations, capable of rendering backups unusable. Recent research from Veeam said backups were targeted in 93% of ransomware attacks, and this was successful in 75% of cases.

When backups are disabled prior to or during a ransomware attack, there’s not much you can do besides pay the ransom.

If you are relying on your own ability to recover from a ransomware attack, there are some ways you can better prepared, and issues to watch out for.

The fallout from a ransomware attack on City of Dallas in May this year is still making the news. The city was forced to shut down some of its IT systems, with a number of functional areas including the police and fire department experiencing disruption. It has recently come to light that over 26,000 people were affected by the attack orchestrated by Royal ransomware group. Information including names, addresses and medical information is among the data exfiltrated by the threat actors. Some city employees have already reported identity theft, with some of their children also having personal information stolen. In August, it was announced that the Dallas City Council approved $8.6 million in payments for services relating to the attack, including credit monitoring for potential identity theft victims.

Confusing Data Protection Options

Data protection approaches vary, and there are many of them. For an IT generalist—not a storage specialist—there may be some misunderstandings about how corporate data is really secured. Know the difference between different technologies: backup, replication, business continuity, disaster recovery, archive, failover, air gapping, and many more.

Perhaps the most common, and dangerous, confusion is backups versus redundancy. Your backup is a point-in-time copy of your data that is created and stored in a different location. Backups are effective for recovering from a ransomware attack because you can restore a copy of your data that was created prior to your systems being infected by malware. Your only loss will be very recent data that was created or changed since that last good backup.

Redundancy refers to having your core applications in one or more locations in the event your primary systems are disabled. Redundant systems contain identical copies of all data in all locations. Unfortunately, if malware infects your primary copy, that malware will be very reliably replicated to your redundant copy or copies. If a hacker locks your files in one location, your redundant copy or copies are also locked. Many victims of attacks believed they could restore from a redundant copy and found out they were doubly unprotected.

Human Error

The biggest problem is often us. Human error is usually the cause of ransomware attacks (the downloaded malware, the exposed password, the social engineering scam that coerces us to give away information we shouldn’t). Finding out that you cannot recover data following an attack due to human error is a double-whammy.

Human input is still required for most technologies to function properly, including data protection. To ensure you’re in the best possible position to recover, eliminate as much opportunity for human error as you can. That does not mean automate everything; quite the contrary—manual checks are still necessary to verify that backups and security applications like antivirus software are operating properly.

Over the past five years, major ransomware attacks have been attributed to human errors such as these, as well as accidental deletions, failing to add a new server or system to the backup application, failing to update or patch systems, and failing to validate that third-party integrations are functioning.

Cybercrime has evolved to undermine the methods we rely on for keeping data safe, and it’s up to us to understand how we can be our own worst enemy. While we can’t always prevent a ransomware attack, we can certainly implement the proper defenses, and adjust our behaviors, to ensure a recovery.

The post Ransomware Attacks: Are You Self-Sabotaging? appeared first on Cybersecurity Insiders.

December 21, 2023 at 07:47AM

Read More

To Xfinity’s Breach and Beyond – The Fallout from “CitrixBleed”

On December 18, 2023, Comcast Xfinity filed a notice to the Attorney General of Maine disclosing an exploited vulnerability in one of Xfinity’s software providers, Citrix, that has jeopardized almost 36 million customers’ sensitive information. While the vulnerability was made in August of 2023, the telecommunications solutions provider announced patches in October, but it already had mass exploitation weeks after the patch was reported.   

Kiran Chinnagangannagari, CTO, CPO & co-founder, Securin, shares how a vulnerability like this causes so much damage. 

“CVE-2023-4966, more commonly known as “CitrixBleed,” is a vulnerability within the Citrix NetScaler ADC and Gateway software that could allow a cyber bad actor to take control of an affected system,” Chinnagangannagari elaborated.

He went on to say that “At the time of the patch release, Citrix had no evidence of the vulnerability being exploited in the wild. However, Securin observed exploitation just a week later, including ransomware groups LockBit and Medusa leveraging this vulnerability. Securin also observed mentions of this vulnerability in deep, dark web and hacker forums.”

“Vulnerabilities within commonly used software are extremely dangerous because they can be replicated across other companies that might not have patched it either, which we have seen in the case of CitrixBleed, as it is being linked to many incidents in 2023, including Boeing, ICBC, DP World, Allen & Overy, and thousands of other organizations. These big-name victims emphasize ransomware gangs’ ongoing commitment to crippling and disrupting operations that could affect the security of everyday people and even U.S. critical infrastructures.” 

“While large-scale companies have been facing ever-evolving and continuous threats to their cybersecurity, it’s important to remember that these vulnerabilities are all too common and risk exploiting data like names, contact information, the last four digits of social security numbers, dates of birth, and answers to secret questions on the site. This particular vulnerability leaks the content of system memory to the attacker, allowing the attacker to impersonate a different authenticated user. This exploit poses a grave threat to system security and user integrity, emphasizing the critical need for immediate attention and remediation. CWE-119 is the weakness associated with this vulnerability and Securin is tracking 14,231 additional vulnerabilities associated with this weakness with quite a few of them being exploited by ransomware and APT groups.”

Chinnagangannagari implores companies to look for ways to mitigate risk. 

“Companies must look at leveraging a framework like Continuous Threat Exposure Management (CTEM) to prioritize and mitigate risks. In addition to multi-factor authentication (MFA), cybersecurity teams must implement and update basic security practices with routine scans of their attack surface, consolidating third-party applications, updating access controls, systems, and routine updates to complex passwords.” 

The post To Xfinity’s Breach and Beyond – The Fallout from “CitrixBleed” appeared first on Cybersecurity Insiders.

December 21, 2023 at 07:36AM

Read More

New to Cybersecurity? Use These Career Hacks to Get a Foot in the Door

The need for cybersecurity professionals has been building for years, and nearly exponentially since COVID came on the scene. At this point, it’s painfully evident there’s a wide talent gap in the field, and research proves it — the global workforce needs an influx of 2.7 million cybersecurity professionals to meet demand.¹

In a recent survey of cybersecurity professionals, more than three-quarters said it’s “extremely or somewhat difficult to recruit and hire security professionals.”² A majority (95%) said the cybersecurity skills shortage and its associated impacts have not improved over the past few years, and close of half (44%) say it’s gotten worse.

If the face of today’s pressing need for skilled professionals, there’s never been a better time to launch a career in cybersecurity. The field is ripe with opportunity for all experience levels, from entry-level up.

Lack of IT experience should never be considered a barrier to anyone considering a career in cybersecurity. More than half of cyber professionals today got their start outside of IT.

If you’re thinking of a career in cybersecurity, these tried-and-tested career tips will help you get started.

Tip #1: Sharpen Your Focus

The first question to ask yourself is, “How do I see myself fitting into a cybersecurity career?” What do you bring to the table that’s relevant to the kind of work that’s done in cybersecurity? What elements of cybersecurity do you find interesting, and how can your current skill set and background help you advance? Once you’ve narrowed your target area of focus, start learning all about it by doing your research.

Tip #2: Get Certified

Cybersecurity experts agree, there’s no better way for entry-level professionals to demonstrate their commitment to a career than certification. It not only helps you with foundational education, it can be a door-opener when you’re looking for your first opportunity in the field.

Tip #3: Network

Getting certified can introduce you to like-minded professionals who want to work in cybersecurity or to those who already work in the field. Some certification programs come with a membership to the issuing organizations. Their industry conferences and other events are invaluable for forging connections and learning about open roles.

Social media can also be a helpful place to make contacts and learn about jobs. Many networks, such as LinkedIn, having dedicated cybersecurity forums you can join to stay on top of important industry trends and topics.

Get more tips on how to break into a career in cybersecurity in the ISC2 ebook, Cybersecurity Career Hacks for Newcomers.

 

¹ ISC2 2021 Cybersecurity Workforce Study

² ESG Research Report: “The Life and Times of Cybersecurity Professionals 2021”

The post New to Cybersecurity? Use These Career Hacks to Get a Foot in the Door appeared first on Cybersecurity Insiders.

December 21, 2023 at 02:23AM

Read More

7 Cybersecurity Tips for Small Businesses

Keeping customer, employee, and company information secure can mean the difference between staying in business and going under. That’s why the importance of cybersecurity can’t be understated.

But exactly how do you keep your systems secure? Here are seven tips that will help you get started.

Work With the Right Data Center

Having an in-house data center is always an option, but it requires a lot of maintenance. You have to be extremely savvy about security too. Otherwise, it’s only a matter of time before your data is compromised.

It’s much easier to work with a data center that is digitally secure, but it is equally as important to work with a data center that is committed to creating a secure physical environment for cloud data centers.

Important information can be compromised over the internet, but it can also be compromised in person. A good data center has digital protections in place, and they are also careful about things like:

• Access provisioning, so only the appropriate people have access to the appropriate systems
• Business continuity and disaster recovery, so extreme weather is never an issue
• Properly locked rooms so servers can’t be removed
• Regular threat assessments that prevent attacks that are designed to sabotage the data center

Install a Security System

Cybersecurity involves physical security at a data center, but surprisingly, it also includes physical security at your physical location.

Make sure your business has a modern security system and be mindful of how it is set up. You’ll want cameras that focus on the register and the entrance if you have a retail shop, but there are other areas that should be monitored.

Monitor areas where data is stored and secure certain devices, like laptops, by locking them up each night. You can also add trackers to devices so they can be found, should they ever be lost or stolen.

Train Your Employees

Employee training is important for many reasons, but it is especially important when it comes to cybersecurity, as even the most intelligent people can fall prey to cybersecurity threats.

A few ways to train your staff to avoid potential cyber threats include:

• Educate your staff on how to identify potential phishing attempts
• Create mock cyberthreats and see how your employees react
• Train employees on what to do if they think they have received or reacted to a phishing attempt

Make sure employees are being continuously trained on cybersecurity threats. Hackers and criminals are always changing their techniques, so it is important to keep your employees up-to-date on the latest scams.

Limit Access to Information

Not everyone needs access to everything. It’s actually much better from a cybersecurity standpoint to be very selective about who has access to what.

That means password-protecting certain systems and changing those passwords anytime someone changes roles within your organization or leaves to work for another company.

It also means cracking down on password sharing. Employees need to know that they should never give out their password. If another employee needs access to protected information, the information itself should be passed on without compromising the entire system.

Have a Plan for Mobile Devices

Work doesn’t always take place on a desktop computer in the office. Work can be done from anywhere on any device. That’s extremely convenient, but it can be dangerous, as other devices aren’t likely to have the same protections in place as the devices at work.

Make sure you have a mobile security plan. If employees want to be able to store sensitive information or access the corporate network on their phone, make sure that their devices are password protected, the right security apps are installed, and data is encrypted.

If you want greater control over mobile devices, like laptops, cell phones, and tablets, consider providing these devices to your employees. That way you have complete control over the setup of those devices.

It’s also important to have a procedure in place for lost or stolen devices. For example, make sure remote wiping is installed on every device so data can be deleted remotely if the device goes missing.

Upgrade Hardware

Most business owners are always looking for ways to save money. One way to do that is to get the most use out of expensive technology as possible. Just make sure you don’t stretch the lifespan of that technology too far.

Hardware gets outdated relatively quickly. Security patches are only released for newer hardware that can handle the updates. If your hardware is too old, it doesn’t get the update, and it opens you up to cybersecurity threats.

It’s a good idea to update important hardware, like your wireless routers and computer hard drives, every few years so that you know those devices are getting all of the latest updates.

Backup Your Files

Even the most prepared companies can fall prey to cyberattacks. It’s important to have a backup plan, which means regularly backing up your files.

There’s nothing wrong with storing important information locally, but that information also needs to be located somewhere else. Schedule regular backups to be stored on an external hard drive or back up your information to the cloud online.

Fortunately, this is something you no longer have to do manually. You can set up automatic backups that store your information in multiple places without you having to do it manually. Just make sure you double check that the program is backing up the right information at the right intervals to the right location.

Cybersecurity is one of those things that business owners are always thinking about, but it’s often something that gets pushed to the bottom of the to-do list in the name of completing more pressing tasks. That is, until your business experiences a data breach.

Prioritize the cybersecurity of your business by following the tips on this list. When you do, you can work confidently knowing that you’re doing everything in your power to keep your important information as safe and secure as possible.

The post 7 Cybersecurity Tips for Small Businesses appeared first on Cybersecurity Insiders.

December 21, 2023 at 01:51AM

Read More

Top 5 Lucrative Careers in Artificial Intelligence

For individuals possessing a professional engineering degree and harboring a passion for artificial intelligence, the most promising career paths of the future await your exploration. This article outlines the top 5 highest-paying careers in the field of Artificial Intelligence to assist you in making informed decisions about your professional trajectory.

Data Scientist: Average Salary: $170,600 per year (United States). Essential Skills: Proficiency in programming languages, a strong foundation in mathematics, statistics, and probability. Career Advancement: Success in optimizing deep learning models and developing tools for machine learning algorithms is pivotal. Acquiring relevant certifications further enhances career prospects.

AI Software Engineer: Average Salary: $160,500 per year . Key Requirements: Proficient in developing software for AI applications, with a focus on continuous learning and adapting to emerging technologies. Career Growth: Possession of certifications in AI or data science expands job opportunities, contributing to the attainment of a higher salary range.

AI Robotics Engineer: Average Salary: $12,000 per month. Expertise Needed: Proficiency in Computer-Aided Design (CAD) and Computer-Aided Manufacturing (CAM), a visionary approach to automation, and an engineering degree in Computer Science. Career Outlook: With the increasing prevalence of robotics in various industries, AI robotics engineers are poised for significant career growth and substantial financial rewards.

Business Intelligence Developer: Average Salary: $110,580 per year. Qualifications: Engineering degree coupled with certifications in data analysis. Job Role: Business intelligence developers in AI focus on identifying meaningful correlations between data sets, contributing to informed decision-making within organizations.

Big Data Engineer: Average Salary Range: $134,000 – $138,000 per year. Qualifications: Holders of Ph.D. degrees in mathematics, computer science, or related fields.    Proficiency in programming languages such as C++, Java, Python, or Scala is crucial. Career Path: The exponential growth of data necessitates professionals adept at handling, storing, and analyzing vast datasets. Expertise in data mining, data visualization, and data migration adds value to career progression.

Note: The salary figures mentioned are sourced from a recruiting platform and may vary from practical industry offerings. However, they provide a general idea of the potential compensation in these careers, offering valuable insights for aspiring individuals.

The post Top 5 Lucrative Careers in Artificial Intelligence appeared first on Cybersecurity Insiders.

December 20, 2023 at 08:46PM

Read More

How to retrieve data from google account if user dies

Certainly, dealing with digital assets and accounts after someone passes away can be a complex and sensitive matter. When it comes to retrieving data from a deceased user’s Google account, the process involves several steps and considerations.

Google has a process in place for handling the accounts of deceased users, known as the “Inactive Account Manager.” Here’s what you can do:

1.  Set up Inactive Account Manager: Go to the Inactive Account Manager page on Google: https://ift.tt/Xq9H6Fu. Sign in to the Google Account. Follow the instructions to set up a timeout period. If your account is inactive for the specified duration, Google will consider it as inactive.

2. Choose Trusted Contacts: You can choose up to 10 trusted contacts who will be notified if your account becomes inactive.

3. Decide on Data Sharing: You can choose to share your data with trusted contacts. This can include your Google photos, Google Drive files, Gmail, etc.

4. Notify Google of a Deceased User: In case someone has passed away and you need to access their account, you can contact Google. However, Google may require certain documents to verify the death, and they are likely to be strict about privacy.

5. Legal Process: In some cases, you may need to go through a legal process. Google may ask for a court order before providing access to a deceased person’s account.

Keep in mind that the policies and procedures may change, so it’s a good idea to check the latest information on Google’s support pages or contact Google directly for guidance.

It’s crucial to respect privacy and legal considerations when dealing with a deceased person’s online accounts. Always follow the procedures outlined by the service provider and consult legal professionals if /when needed.

The post How to retrieve data from google account if user dies appeared first on Cybersecurity Insiders.

December 20, 2023 at 11:23AM

Read More