How mobile network automation will drive success for operators

Mobile Network Operators (MNOs) are under huge pressure from enterprises and consumers to deliver fast and efficient services – but meeting these expectations in the face of exploding data demands is not an easy task.

Fortunately, automation has emerged as a potential game-changer, holding the key for MNOs to meet end user demands and maintain a competitive edge.

In this blog, we explore four ways MNOs can harness the power of automation to not only deliver standout experiences, but to achieve their own growth and profitability objectives:

• Scaling 5G: Network upgrades require significant investments from MNOs, so they need to identify efficiencies at every single stage – from network/service planning, to deployment, maintenance and operations. The application of automation at every single stage will be critical to make sure 5G can scale in a timely, reliable and cost-effective manner.
• Tackling complexity: Networks, services and ecosystems are getting complicated. Indeed, MNOs are grappling with multiple technology generations and spectrum bands, at the same time as implementing new core architectures that embrace cloud, edge and virtualisation. Networks increasingly decoupling software from hardware is also adding additional complexity to operations and maintenance. Simplifying processes should therefore be a key focus area for automation to improve service offerings and delivery.
• Supporting sustainability and security: Sustainability and security have long been top priorities for MNOs, and suppliers have already been responding to this through the use of automation. Product updates ranging from network sleep to energy efficient user management, threat mitigation and detection, feature rollout support to guard against threats. Innovation must continue in this space to accelerate progress towards these goals – helping to both protect confidential information and reduce our impact on the planet.
• Increasing spectrum: The intersection of spectrum and networks represents a complex network dynamic with plenty of room for automated support, including multi-band operations, antenna and cell parameter optimisation and spectrum-aware radio planning – all alongside traditional self-optimising network (SON) functions. This should therefore be a key focus area for MNOs looking to drive efficiencies.

Despite the huge potential of network automation, internal issues are proving to be some of the most significant obstacles to adoption. Some of the biggest challenges include a lack of automation expertise, automation project ownership and administration, and an inherent bias against automated processes. It’s therefore crucial to garner C-level support to drive these initiatives forward and reap the benefits.

By embracing automation, MNOs will position themselves for success in the fast-changing telecommunications industry, ensuring they deliver exceptional experiences and stay ahead of the competition.

Find out more about why mobile network automation matters in the latest report by GSMA Intelligence: https://www.thalesgroup.com/sites/default/files/database/document/2023-02/tel-global-mobile-trends-2023.pdf

The post How mobile network automation will drive success for operators appeared first on Cybersecurity Insiders.

December 01, 2023 at 09:09AM

Read More

Unlocking the Full Potential of Unified SASE: An Interview with HPE’s Chris Hines

As organizations pivot toward more distributed and fragmented models of work, cybersecurity measures must adapt to keep pace with the evolving threat landscape and expanding attack surface.

In an in-depth interview with Chris Hines, VP of Strategy and Global Marketing at Axis Security, a recent acquisition by HPE, we explored the evolution of unified SASE as the next step in adaptive, integrated security solutions that address today’s complex challenges.

The Evolving Landscape of Remote and Hybrid Work

The COVID-19 pandemic, coupled with technological progress, has reshaped modern work environments. As organizations grapple with the change toward fragmented and dynamic work environments, the threat landscape and attack surface have expanded alongside, emphasizing the need for nimble and adaptive cybersecurity solutions that can address risks that originate both internally and externally: from malicious admins, end users, devices and threat actors aiming to exploit any weakness.

In this rapidly evolving landscape, traditional security architectures are no longer sufficient. Secure Access Service Edge (SASE) has emerged as a strategic imperative for businesses aiming to cope with new challenges and thrive in this new world. Notably, unified SASE offers an effective, streamlined approach to achieving robust security and efficient networking. This article explores the core aspects of unified SASE, why it’s essential for modern cybersecurity and how to get started on the SASE journey.

From Siloed Solutions to Unified Platforms

Historically, cybersecurity technologies such as Cloud Access Security Broker (CASB), Secure Web Gateway (SWG), and Zero Trust Network Access (ZTNA) were implemented to address distinct challenges. But as both IT environments and cybersecurity threats grow in complexity, there’s a clear shift towards integrated solutions.

Chris Hines underscores this transition, highlighting the complexity, cost and security challenges businesses face when managing multiple solutions, especially in a remote and hybrid work era. Moreover, vulnerabilities and user experience issues associated with traditional remote access technologies such as VPNs further exacerbate these challenges.

“There are three key factors driving the need for SASE adoption today: ineffective legacy security, unnecessarily complex networks, and obsolete solutions,” notes Chris Hines.

Enter Unified SASE

Introduced by Gartner in 2019, Secure Access Service Edge (SASE) emerged as a groundbreaking concept. It blends networking and security functionalities into a holistic policy-based platform, facilitating seamless collaboration between networking and security teams. Gartner predicts that “by 2025, 50% of new SD-WAN purchases will be part of a single-vendor SASE offering, up from 10% in 2022.”

Unified SASE converges the functions of network and security into a single, cloud-native platform, significantly reducing the complexities and inefficiencies associated with disjointed point solutions. It is based on two core technology sets:

1. WAN Edge Services (SD-WAN): Software-Defined Wide Area Networking offers robust, flexible network connectivity. It automates the routing of network traffic to improve application performance and deliver a better user experience.
2. Security Service Edge: Includes Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and Digital Experience Monitoring (DEM). This provides a comprehensive security layer by governing user access, filtering web content, managing cloud application use, and monitoring end-user experience.

Benefits of Unified SASE

By integrating WAN Edge Services and Security Service Edge into a single-vendor solution, unified SASE offers numerous advantages:

• Enhanced Security Posture: Universal security policies paired with centralized access controls heighten threat detection and response capabilities.
• Operational Efficiency: Merging networking and security functionalities minimizes complexities, promoting cross-functional collaboration.
• Improved User and Admin Experience: With automatic routing of traffic and enforcement of Zero Trust policies, both user and administrator experiences are optimized without compromise to security.
• Cost-Efficiency: A unified model inherently reduces capital and operational expenses, scaling seamlessly with evolving business requirements.

How to Begin Your Unified SASE Journey

Though implementing a unified SASE framework may seem daunting, with the right strategy and a reliable partner, you can make the transition to SASE smoothly and securely without disrupting existing operations.

Here are five key steps Chris Hines outlines that successful SASE implementations follow:

Step 1: Establish SASE Goals and Requirements

Determine your organization’s specific goals, needs, and criteria for a SASE framework. Evaluate your existing network and security infrastructure to identify any gaps, challenges, and available resources.

Step 2: Choose a Single-Vendor SASE Solution

Compare and assess different SASE vendors based on factors such as capabilities, coverage, performance metrics, scalability, reliability, customer support, and cost structure. Choose a well-architected, single-vendor SASE solution that is integrated, unified and easy to use.

Step 3: Formulate Your SASE Implementation Strategy

Collaborate with your chosen SASE provider to outline your network topology, security policies, user groups, app profiles, and connectivity options based on best practices. This step should be a joint effort with your SASE provider to ensure success.

Step 4: Initiate SASE Deployment in Phases

Start SASE implementation by deploying essential elements like agents, connectors, SD-WAN devices, or private PoPs via a central management dashboard. Migrate users, devices, physical locations, and applications to your new SASE architecture in a phased or batched manner. SASE’s flexibility allows it to work alongside existing solutions, offering you the pace of deployment that suits your team’s readiness.

Step 5: Unlock the Full Potential of SASE

As the deployment progresses, utilize the tools and dashboards provided by your SASE provider to gain operational insights and real-time visibility. This will allow you to fine-tune your SASE implementation and even discover new areas where SASE could add more value to your business.

By following these steps, you’ll be well on your way to leveraging the full potential of unified SASE, thereby strengthening your security posture and improving network performance.

Conclusion – Two Paths to Unified SASE

If you’re in the market for a powerful, single-vendor SASE solution that delivers both enhanced security and reliable connectivity from any location, you should consider the newly expanded offerings from HPE Aruba Networking, enhanced by its recent acquisition of Axis Security.

Already a leader in SD-WAN, the addition of Security Service Edge (SSE) to HPE Aruba Networking capabilities now provides the foundation for an even more comprehensive, unified approach to SASE suitable for today’s dispersed and dynamic business environments.

The acquisition of Axis Security amplifies HPE’s commitment to integrated network and security solutions. Axis Security’s expertise in Zero Trust Network Access (ZTNA) further enriches HPE Aruba Networking’s SASE capabilities through Adaptive Trust, adding advanced, granular access controls, superior threat detection, and real-time adaptive responses.

IT teams can now implement WAN and cloud security measures directly at the network edge through HPE Aruba Networking EdgeConnect SD-WAN, while also benefiting from Axis Security’s advanced ZTNA functionalities. This ensures that robust Zero Trust security controls can be extended to all users and devices, regardless of location.

Choosing a unified SASE solution from a single vendor can accelerate this digital transformation. The only remaining question is: How will you begin your SASE journey?

Two Entry Points for Your SASE Strategy

1. Initiating with SSE and ZTNA: The recent Axis Security acquisition fortifies HPE Aruba Networking’s already robust security If ZTNA is your starting point, consider replacing your VPN with ZTNA from HPE Aruba Networking to enable additional layers of security for your private applications, whether they reside in a data center, the cloud, or in between.
2. Starting with SD-WAN: If you prefer to begin your SASE journey by focusing on SD-WAN and completing your secure edge portfolio, then the full array of options powered by HPE Aruba Networking EdgeConnect SD-WAN is available.

According to a 2023 Ponemon Institute report, about 46% of organizations are expected to have a SASE architecture in place within a year. SASE is not just a fleeting tech trend; it’s a strategic imperative for any enterprise looking to thrive in the digital age. Adopting a unified SASE framework not only improves your organization’s security posture but also enhances operational efficiency and cost-effectiveness for the future.

For more information and to take a test drive of HPE Aruba Networking unified SASE, visit https://www.arubanetworks.com/connect-and-protect/.

The post Unlocking the Full Potential of Unified SASE: An Interview with HPE’s Chris Hines appeared first on Cybersecurity Insiders.

December 01, 2023 at 02:55AM

Read More

Tips to Get Certified in Cybersecurity in 30 Days

Cybersecurity is a constantly expanding field. At the same time, there simply aren’t enough qualified people to fill the available jobs out there. Research shows the world needs an influx of 4 million more cybersecurity professionals to meet demand.

Now’s the perfect time to pursue a career in cybersecurity. Whether you’re just starting out in your professional career or looking to do something new, here are four reasons to enter this exciting and rewarding field.

1. Work where life lands you with near limitless job opportunities. Whether you feel the itch to travel and experience different cultures or want to stick closer to home, cybersecurity will take you there.
2. Choose any industry that intrigues you. Every sector, public and private, needs skilled cybersecurity professionals to protect their networks, data and online transactions.
3. Work in the area of cybersecurity that interests you most. There are many different career pathways. This dynamic, rapidly evolving field offers the opportunity to model your career to match your interests.
4. Find job security in a field that’s future-proof. Cybersecurity is forecast to see continued job growth. And with technological advances showing no sign of slowing, the need for cyber professionals will continue into the foreseeable future.

Entry-Level Certification Opens Doors

How can you get started in the field? Certified in Cybersecurity (CC) — the entry-level certification from ISC2, the world’s leading cybersecurity professional organization known for the CISSP® — gives you the knowledge and skills you need for your first role.

When you pass the CC exam, you’ll gain:

• Respect – Validate your knowledge and build credibility.
• Job offers and advancement – Advance your career with the solid foundation of cybersecurity knowledge employers are looking for, from an association they trust.
• Growth and learning – Develop new skills you can apply in your day-to-day work.

Challenge yourself to complete the free CC training and pass the free exam in 30 days. Read the blog series for valuable resources and tried-and-tested tips and tricks to help you reach your goals.

Read the first article in ISC2’s blog series on getting Certified in Cybersecurity for five steps to move your goals forward.

The post Tips to Get Certified in Cybersecurity in 30 Days appeared first on Cybersecurity Insiders.

December 01, 2023 at 01:34AM

Read More

WEBINAR: Vulnerability Risk Management – The Lynchpin of Proactive Security

Join our friends at Forrester and Brinqa on Dec 5 for a live webinar to learn how vulnerability risk management is the foundation for proactive security [register here]

At this virtual event, you will learn how companies like Nestle, GitHub, VMWare & others are applying a risk-based approach to vulnerability management, including how to:

💥 Provide strong visibility of assets by unifying vulnerability and asset data silos
💥 Prioritize remediation efforts to lower the most business risk given available resources
💥 Complement remediation response in a way that works for security teams and their stakeholders

The post WEBINAR: Vulnerability Risk Management – The Lynchpin of Proactive Security appeared first on Cybersecurity Insiders.

December 01, 2023 at 12:26AM

Read More

CrowdStrike CEO suggests to use AI to curb ransomware spread

George Kurtz, the CEO of Crowd-Strike, has proposed a strategy for leveraging Artificial Intelligence (AI) to combat ransomware attacks. During an interview with CNBC’s Jim Cramer, Kurtz emphasized that AI could play a crucial role in identifying novel ransomware variants developed for the first time.

Despite the potential benefits of using AI for cybersecurity, Kurtz acknowledged that hackers are also harnessing this technology to create sophisticated tools, such as the recent emergence of FraudGPT. This malicious online tool has gained prominence in the realm of DarkAI, showcasing the dual-edge nature of technological advancements.

Kurtz stressed the importance of preventive measures, asserting that early identification of threats could safeguard the global community from online vulnerabilities. He reiterated the adage that prevention is better than cure, emphasizing the proactive role AI can play in fortifying digital defenses.

Elon Musk, CEO of Tesla and SpaceX, previously issued warnings about the potential risks of AI in both February and September of this year. Musk expressed concerns about AI posing a threat to humanity, particularly with the rise of deepfakes on social media, contributing to the spread of hatred and misinformation.

Microsoft CEO Satya Nadella echoed similar sentiments, acknowledging the potential threats posed by AI but emphasizing that the real danger arises when this technology falls into the wrong hands.

Meanwhile, cyber-criminal groups specializing in ransomware are utilizing AI tools to develop malware with not only data-encrypting capabilities but also the potential to wipe entire servers if deemed necessary for their criminal activities.

The question arises: should the development of Artificial Intelligence be halted or paused? It’s a complex dilemma, as innovation is essential for propelling humanity into the future. Fears about the future should not hinder present progress, though cautious considerations are necessary to strive for a more secure future, albeit to a certain extent.

The post CrowdStrike CEO suggests to use AI to curb ransomware spread appeared first on Cybersecurity Insiders.

November 30, 2023 at 09:31AM

Read More

What is Advanced Threat Protection in Office 365 and How Does it Work?

Cyber threats are becoming more common by the day. However, we live in an era where digital threats are becoming increasingly sophisticated. When that’s the case, the importance of robust cybersecurity measures cannot be overstated.

Office 365 Advanced Threat Protection (ATP) stands out as a pivotal solution, offering comprehensive protection against a range of cyber threats. This article delves into the intricacies of ATP in Office 365, shedding light on how it fortifies digital environments against the ever-evolving landscape of cyber threats.

Understanding Advanced Threat Protection (ATP)

Advanced Threat Protection in Office 365 represents a critical line of defense in the fight against cyber threats. It’s not just a single tool but a suite of tools designed to provide comprehensive protection against various forms of digital attacks. This suite includes mechanisms to detect, prevent, and respond to advanced threats, safeguarding users from all kinds of malware, including phishing, ransomware, and more. The key to ATP’s effectiveness lies in its ability to adapt to the constant tactical changes cybercriminals employ to breach systems.

How ATP Protects Against Cyber Threats

Advanced Threat Protection (ATP) in Office 365 is a comprehensive security solution designed to safeguard against a wide range of cyber threats. Its effectiveness lies in its multi-faceted approach, combining several key strategies to ensure robust digital protection. Let’s delve into how ATP achieves its goal of securing users and organizations from various cyber risks.

Sophisticated Threat Detection Techniques

At the heart of ATP’s defense mechanism is its sophisticated threat detection capabilities. This involves a detailed analysis and filtering of every email that enters the system, searching for indications of phishing, malware, or other malicious content.

This process isn’t just about scanning attachments and links; it extends to scrutinizing email headers, sender information, and the content itself for any suspicious elements. The system employs advanced algorithms and machine learning techniques to understand user behavior patterns. By monitoring these patterns, ATP can quickly identify anomalies that may signify a security breach, such as unusual login locations or times, which are often early indicators of a cyber attack.

Preventive Measures for Enhanced Security

Prevention is a critical aspect of ATP’s strategy. The Safe Links feature is a prime example of this preventive approach. It protects users from malicious links in emails and documents by verifying the safety of each URL in real time. If a user clicks on a link that ATP identifies as dangerous, they are redirected to a warning page, thus preventing access to potentially harmful content.

Similarly, the Safe Attachments feature adds another layer of defense by meticulously scanning email attachments for malware and other threats. Attachments are examined in a secure, isolated environment to detect any hidden malicious activity before they can reach the user’s inbox.

Robust Anti-Phishing Capabilities

Phishing attacks are among the most common and damaging cyber threats today, and ATP addresses this challenge head-on with its advanced anti-phishing capabilities. ATP’s anti-phishing policies are meticulously crafted to identify and block sophisticated phishing attempts.

These policies employ complex algorithms that can detect signs of phishing, including spoofed domains or email addresses that mimic legitimate ones. Another critical component in ATP’s anti-phishing arsenal is its impersonation detection algorithms. These algorithms are designed to identify attempts at impersonation, a typical tactic used in phishing and business email compromise schemes. By analyzing email patterns and comparing them against known baselines, ATP can spot inconsistencies that may indicate an impersonation attempt, thereby thwarting potential attacks.

Real-Time Response and Adaptive Reporting

The real-time response capability of ATP is vital in mitigating threats as soon as they are detected. Upon identifying a potential threat, ATP acts immediately to neutralize it, ensuring minimal impact on the user or organization.

This instant response is coupled with a comprehensive reporting system, which not only informs the IT team of the nature and scale of the threat but also provides insights for future prevention. The adaptive reporting feature of ATP offers an in-depth analysis of threat patterns, helping organizations better understand the risk and tailor their security measures accordingly.

Integration of ATP with Office 365 Applications

Since ATP is the flagship security measure in Office 365, users should know that it offers excellent integration capabilities with other Office 365 apps. One of these is Microsoft Teams. Deemed as one of the most popular video conferencing apps, ATP’s integration with Microsoft Teams enhances its effectiveness.

Apart from that, ATP also integrates with SharePoint Online and OneDrive. Its ability to work seamlessly with these applications provides a layer of security that is both unobtrusive and robust. This integration ensures that whether in emails, team collaborations, or document sharing, security is always a priority.

Challenges and Drawbacks of Office 365 Advanced Threat Protection

While Office 365 Advanced Threat Protection (ATP) offers robust security features, it’s not without its drawbacks. One significant limitation is its reliance on user awareness and compliance; even the most advanced systems can be undermined by user error or negligence. Additionally, ATP can sometimes generate false positives, leading to legitimate emails being incorrectly flagged as threats, which can disrupt business communications.

There’s also the aspect of complexity in setup and management; smaller organizations without dedicated IT teams may find configuring and maintaining ATP challenging. Moreover, ATP is predominantly focused on threats within the Office 365 environment, potentially leaving other aspects of an organization’s digital infrastructure less protected. These limitations highlight the need for a balanced and comprehensive approach to cybersecurity, one that integrates ATP with broader security strategies and user education programs.

The Future of ATP in Cybersecurity

As cyber threats evolve, so too will Office 365 ATP. Future developments are likely to include enhancements in areas like machine learning-based impersonation detection algorithms and deeper integration with other security solutions like Microsoft Defender.

Conclusion

Advanced Threat Protection is essential for organizations and individuals relying on the Office 365 suite for day-to-day business operations and collaboration. Its comprehensive approach to protecting against threats like phishing attacks, malicious files, and business email compromise. As we move forward, the role of ATP in cybersecurity will only grow, making it an indispensable asset for organizations looking to safeguard their digital assets.

 

Image by Freepik

The post What is Advanced Threat Protection in Office 365 and How Does it Work? appeared first on Cybersecurity Insiders.

November 30, 2023 at 06:44AM

Read More

Reflecting on Generative AI One-Year Post ChatGPT Launch

On November 30, 2022, the technology world as we knew it changed with the launch of ChatGPT. In honor of the one-year anniversary of its debut, the below experts shared their perspectives on the impact the technology has had on the industry, as well as what comes next for Generative AI.

Chris Denbigh-White, CSO, Next DLP

“Since ChatGPT entered the public’s consciousness, it has been cited as both a dream for employees and a nightmare for organizations that are trying to protect sensitive data. For example, while it might be fine for a marketing executive to jazz up a LinkedIn post, the same cannot be said for a CFO putting poor quarterly results through ChatGPT and sugarcoating bad performance. Understanding these data flows and not losing control of what data to input is a line that has still not been found for many companies.

One of the biggest conversations has been around ChatGPT swallowing up jobs and leaving a vast proportion of the population unemployed. I find this fanciful. In the same way that calligraphy experts in the 19th century lamented the printing press as print didn’t have the ability to create beautiful characters, Large Language Models (LLMs) – the foundation of ChatGPT – will be embraced sooner or later. People will learn to repurpose their current skill set to complement LLMs and find opportunities to work alongside this technology very quickly.

The question is: do we trust LLMs? Just like the friend in the pub quiz who is totally convinced of an answer even though there’s no guarantee he’s right, LLMs are still a black box – and the regulation that surrounds it is still a bone of contention and unlikely to be solved anytime soon. This is particularly tricky if you’re using these models for industries such as healthcare and patient prioritization, as errors like these can have wide-ranging consequences. For cyber security professionals, it’s essential to collaborate closer on AI and LLMs and adopt a repeatable framework across the board.”

Matt Rider, VP of Security Engineering EMEA at Exabeam

“Artificial Intelligence (AI) is the buzzword of 2023 – indeed, it was awarded the Collins ‘word of the year’ for 2023 – but as a term, it’s incredibly broad and often misused or misinterpreted. ‘True’ AI doesn’t exist. At the moment, there is certainly some level of intelligence (small ‘i’) to be found in ‘AI-powered’ technologies, but there is certainly no sentience there. It’s also not a new innovation – machine learning has been in use since the 1950s. However, due to the widespread availability of Generative AI powered by large language models (LLMs), the phrase ‘AI’ is back with a vengeance and it seems every enterprise has embraced it and the software vendor’s solution is powered by it.

Chat-GPT and its Generative AI counterparts have been the truly innovative ‘AI’ development to have occurred over the last year. We no longer need to carefully structure our data, we can simply chuck a load of information at Chat-GPT without much thought and still gain value from the output. Instead of carefully researching a topic on Google for hours, constructing search-engine-friendly queries, and flipping through numerous websites, we now only need to type one question into a Generative AI-powered chatbot and it seems to finally understand us.

However, while generative AI-powered LLMs are making life easier in numerous ways, we need to be acutely aware of their limitations. For a start, they’re not accurate: GPT-4 Turbo has the most up-to-date data since its inception, but still only contains world knowledge up to April 2023. These systems also hallucinate and have a clear tendency to deliver biased responses. In fact, numerous reports have demonstrated these tools’ ability to be sexist, racist, or just generally discriminatory.  Rubbish in, rubbish out.

These limitations are not unique to generative AI-powered LLMs, though. Gaining inaccurate or biased knowledge is a risk we all take simply skimming through Google or Wikipedia. However, the real concern with Chat-GPT is the way these LLMs are presented. They give a ‘human-like’ interaction which inclines us to trust them more than we should. To stay safe navigating these models, we need to be much more skeptical of the data we are given. Employees need in-depth training to keep them up to date with the security risks posed by generative AI and what its limitations are.”

Joel Martins, CTO at Calabrio

“As we mark the first anniversary of the introduction of ChatGPT, it’s a suitable moment to reflect on the transformative impact AI technology continues to have throughout the customer service industry. Over the past year, ChatGPT has proven to be more than just a tool; it’s a catalyst for Large Language Model (LLM) integration, offering new possibilities across industries.

Earlier in 2023, ChatGPT and GPT-3 were integrated into innovative technologies to tremendously streamline contact center operations. LLM integration can bring more automated agent workflows with useful analytics, allowing agents to focus on customer experiences. The potential for AI in contact centers will continue to amplify the agent experience and deliver strategic customer support.

As we look forward, the next phase of AI holds even more promise. Companies should remain committed to utilizing this technology to empower their clients with the best contact center experience to delight their customers and drive innovation.”

There is no question that a year later, ChatGPT’s presence has revolutionized several aspects of our society, not only in our everyday lives but also in offices, hospitals, schools and more. As AI technology continues to develop, we must realize the collective responsibility held by everyone to leverage ChatGPT and similar AI technologies in an ethical and fair manner, emphasizing the need for controlled use and responsible development moving forward.”

Whatever your stance on Generative Artificial Intelligence, it’s clear it is here to stay. Businesses now need to decide how, or if, to integrate these tools into their workflows and what safety precautions to take.

The post Reflecting on Generative AI One-Year Post ChatGPT Launch appeared first on Cybersecurity Insiders.

November 30, 2023 at 04:39AM

Read More

Stop Expecting Developers to Write Secure Code

[By Eitan Worcel, CEO and co-founder, Mobb.ai]

While it is expected that organizations do as much as possible to secure their software applications, expecting developers to write secure code only sets both up for failure. The root of the issue is that secure coding isn’t typically taught at schools where developers learn the basics, and when companies focus on speed above everything else, processes and well planned security architecture get kicked to the side in order for developers to deliver fast, secure architecture. Even if organizations provide security training or require third-party certificates, it’s not enough to override the core focus of why developers are hired in the first place – to create and build the technology we rely on to advance our society.

Coding is an artform as much as it is a computer science. The creative nature of code paired with the rigidness of security brings to light a crucial oversight in the industry: expecting developers to excel in secure coding from the get-go without a foundational emphasis is not just impractical—it’s unrealistic. For secure coding to become the norm, organizations need to take on the responsibility of making security an organic part of the development process which also means investing time in proper threat modeling and building good security architecture. Only then can organizations ensure that innovation isn’t stifled by security concerns.

The Reality of Secure Coding Expectations

The industry’s long-standing belief that on-the-job training is sufficient for developers to master writing secure code and incorporate the skill into their day-to-day workload overlooks several key realities. Firstly, as I mentioned above, secure coding is often not included in the standard educational curriculum for developers, which means it isn’t a skill they become deeply familiar with during their early learning phases. Secondly, the day-to-day demands of their roles do not typically require a continuous engagement with secure coding practices.

This creates a disconnect where embedding secure coding into a developer’s routine, even with multiple training sessions, remains an ambitious and unlikely goal. Training, while valuable, doesn’t necessarily transform developers into security experts. This gap between expectations and reality is highlighted in Secure Code Warrior’s ‘The challenges (and opportunities) to improve software security’ 2022 whitepaper. The findings are telling: 33% of developers are uncertain about what makes their code vulnerable, and 63% find the art of writing secure code challenging.

Where Companies Miss the Mark

The ‘State of Developer-Driven Security’ 2022 survey has indicated a glaring gap in the industry. Despite 75% of managers acknowledging the need for more training in security frameworks and encouraging developers to learn or adopt secure coding practices, many companies still fail to incorporate these standards into their hiring practices or job descriptions. If secure coding isn’t identified as a key hiring criterion or a defined responsibility within roles, employers can’t then expect developers to make it a priority.

However, the industry is beginning to recognize this discrepancy. A notable 82% of managers have started showing a preference for hiring developers who already possess secure coding skills, but only 66% of managers look at secure coding skills when assessing new hires and only 44% evaluate those skills via a written test. This shift points to a broader issue: the divergence between industry expectations and the practical reality of software development. Secure coding is a specialized skill that demands ongoing practice and support beyond theoretical knowledge.

Embracing a New Standard in Software Development

The evolution of software development hinges on effectively integrating security into its development core processes. Educational institutions have a pivotal role in this transformation, as they are responsible for instilling foundational skills in future developers. This approach aims to nurture a new generation of developers for whom security is a natural and essential element of software creation, thereby establishing a foundation where innovation intrinsically includes security considerations.

In parallel with these educational efforts, businesses have a crucial role in shaping a conducive environment for secure coding. This responsibility extends beyond integrating security into operational and recruitment strategies; it also involves conducting a threat modeling process, adopting tools that make securing code simple and aligned with developers’ core skill sets and workflows. By embedding security technology into processes instead of expecting and relying on human compliance allows businesses to align their pursuit of creative innovation with a steadfast commitment to security. This balance is needed to achieve a future in which technological breakthroughs are not only pioneering, but also securely engineered by design.

The post Stop Expecting Developers to Write Secure Code appeared first on Cybersecurity Insiders.

November 30, 2023 at 12:54AM

Read More

CompTIA achieves place in National Cyber Security Hall of Fame

The Computing Technology Industry Association, better known as CompTIA, has earned a distinguished place in the National Cyber Security Hall (NCSH) of Fame, recognizing its pivotal role in empowering IT professionals to unlock their potential in the realms of security and technology.

The inclusion of CompTIA in the National Cyber Security Hall of Fame is a testament to the widespread impact of its certifications, which have been acquired by over 3.1 million individuals, propelling them towards advancements in their careers.

Expressing gratitude to the NCSH for this prestigious honor, CompTIA is eager to share and celebrate this achievement with its partners, members, and certification alumni within the non-profit organization dedicated to providing professional IT industry certifications.

Delving into its history, CompTIA traces its roots back to 1982 when it was established as an association for enhancing the capabilities of computer dealers. In 2005, the organization underwent a name change, becoming the Computing Technology Industry Association.

It’s worth noting that the National Cyber Security Hall of Fame, founded in 2012 by Larry Letow and Rick Gritz, serves the purpose of identifying and honoring the contributions of individuals in the field of cybersecurity. Operating with the mission to “Respect the Past – Protect the Future,” the NCSH recognizes and celebrates the innovations of individuals and organizations in the cybersecurity domain.

For individuals aspiring to build a career in companies specializing in managed services, obtaining the CompTIA Cybersecurity Trustmark certification can serve as a valuable catalyst, providing a significant boost to their career trajectory.

The post CompTIA achieves place in National Cyber Security Hall of Fame appeared first on Cybersecurity Insiders.

November 29, 2023 at 10:52AM

Read More

The Evolution of AI in Cybersecurity

Nima Baiati, Executive Director & GM, Commercial Cybersecurity Solutions, Lenovo

Perhaps not since the invention of the printing press has any technology been poised to revolutionize every aspect of life and business, at least from a promise standpoint. The potential for disruption and increased productivity in cybersecurity is immense, as enterprises continue to face rising pressures internally and externally.

Cybersecurity has always been a challenging game, and it won’t get any easier. One concerning aspect is the potential for Generative AI (GAI) to empower malicious individuals with advanced capabilities. This may lead to easier compromise of passwords, exploitation of vulnerabilities through deepfakes in social engineering, and greater ingenuity in malware creation, resulting in an acceleration of cyberattacks.

However, there is a silver lining. The same AI tools available to potential attackers can also be utilized by defenders. This means that an increasing number of cybersecurity activities can be automated, making them more efficient. AI is being leveraged for improved risk analysis, threat detection, and automating alerts and responses. It also plays a role in balancing security and user experience (UX) by analyzing behavioral data and simplifying verification processes, as an overly secure gate becomes impractical.

The efficiency gains from AI-enabled cybersecurity tools can help address the critical shortage of skilled labor in the field. Even smaller organizations, such as small to medium-sized businesses (SMBs) and educational institutions lacking the resources of larger enterprises, can automate more security solutions and become more resilient targets. While technology advances, the foundational infrastructure of every organization’s security system will remain constant.

Train the Humans, Not Just AI

Even the best security defenses can be foiled by simple human mistakes. We talk about training AI models, but we often forget that people are the most crucial components of a robust cybersecurity strategy, not technology alone. For hackers, a misappropriated key is always more potent than a brute force attack.

In today’s world, organizations must prioritize building robust security cultures, particularly since the greatest challenge in securing systems and companies lies with people. Equipping employees with the necessary training and support is essential to maintain constant awareness of threats and remain observant against attacks. For example, the sophistication of social engineering phishing attacks, fueled by deepfakes, can be countered when employees adhere to proper protocols.

Security by design is even more critical than end-user vigilance. It is not enough for software to undergo security reviews; it should be built with security embedded throughout. Both device manufacturers and purchasers must make informed decisions based on security outcomes, rather than purely considering form, function, and cost. Original equipment manufacturers (OEMs) should ensure device protection throughout its lifecycle, including a transparent and secure supply chain, defending against threats like BIOS attacks, and ensuring data protection from the operating system to the cloud. Buyers who overlook security by design and rely too heavily on after-market or bolted-on security solutions should be aware of the risks they assume.

AI for the Future

The potential impact of AI knows no bounds. The ability to process vast amounts of data and make informed decisions at an exponential rate will revolutionize everything for everyone, similar to how the invention of the internal combustion engine and electricity propelled us forward.

This development is positive because there are significantly more individuals striving for positive outcomes than there are malicious actors seeking to steal data or cause harm. However, safeguarding our organizations and harnessing the benefits of AI requires good decision-making and an attentive approach.

Incorporating security intrinsically at every stage of development and deployment is crucial. Each organization will have its unique security needs, frameworks and specific threats that require a tailored approach. When evaluating devices, it becomes vital to integrate security across all layers including the supply chain, below the operating system and above the operating system.

Not all data can be protected equally, and the goal of achieving zero cybersecurity breaches is an unrealistic aspiration given the vast threat landscape. Therefore, business leaders and security experts must make strategic decisions regarding their primary concerns and how best to protect their assets. Ultimately, AI tools that support security-focused cultures and prioritize the right aspects will lead to more robust defenses.

The post The Evolution of AI in Cybersecurity appeared first on Cybersecurity Insiders.

November 29, 2023 at 06:06AM

Read More

Design Flaw in Domain-Wide Delegation Could Leave Google Workspace Vulnerable for Takeover, Says Cybersecurity Company Hunters

A severe design flaw in Google Workspace’s domain-wide delegation feature discovered by threat hunting experts from Hunters’ Team Axon, can allow attackers to misuse existing delegations, enabling privilege escalation and unauthorized access to Workspace APIs without Super Admin privileges. Such exploitation could result in theft of emails from Gmail, data exfiltration from Google Drive, or other unauthorized actions within Google Workspace APIs on all of the identities in the target domain. Hunters has responsibly disclosed this to Google and worked closely with them prior to publishing this research. 

Domain-wide delegation permits a comprehensive delegation between Google Cloud Platform (GCP) identity objects and Google Workspace applications. In other words, it enables GCP identities to execute tasks on Google SaaS applications, such as Gmail, Google Calendar, Google Drive, and more, on behalf of other Workspace users.

The design flaw, which the team at Hunters has dubbed “DeleFriend,” allows potential attackers to manipulate existing delegations in GCP and Google Workspace without possessing the high-privilege Super Admin role on Workspace, which is essential for creating new delegations. Instead, with less privileged access to a target GCP project, they can create numerous JSON web tokens (JWTs) composed of different OAuth scopes, aiming to pinpoint successful combinations of private key pairs and authorized OAuth scopes which indicate that the service account has domain-wide delegation enabled. 

The root cause lies in the fact that the domain delegation configuration is determined by the service account resource identifier (OAuth ID), and not the specific private keys associated with the service account identity object. 

Additionally, no restrictions for fuzzing of JWT combinations were implemented on the API level, which does not restrict the option of enumerating numerous options for finding and taking over existing delegations.

This flaw poses a special risk due to potential impact described above and is amplified by the following:

• Long Life: By default, GCP Service account keys are created without an expiry date. This feature makes them ideal for establishing backdoors and ensuring long-term persistence.
• Easy to hide: The creation of new service account keys for existing IAMs or, alternatively, the setting of a delegation rule within the API authorization page is easy to conceal. This is because these pages typically host a wide array of legitimate entries, which are not examined thoroughly enough.
• Awareness: IT and Security departments may not always be cognizant of the domain-wide delegation feature. They might especially be unaware of its potential for malicious abuse.
• Hard to detect: Since delegated API calls are created on behalf of the target identity, the API calls will be logged with the victim details in the corresponding GWS audit logs. This makes it challenging to identify such activities. 

“The potential consequences of malicious actors misusing domain-wide delegation are severe. Instead of affecting just a single identity, as with individual OAuth consent, exploiting DWD with existing delegation can impact every identity within the Workspace domain,” says Yonatan Khanashvili of Hunters’ Team Axon.

The range of possible actions varies based on the OAuth scopes of the delegation. For instance, email theft from Gmail, data exfiltration from the drive, or monitor meetings from Google Calendar.

In order to execute the attack method, a particular GCP permission is needed on the target Service Accounts. However, Hunters observed that such permission is not an uncommon practice in organizations making this attack technique highly prevalent in organizations that don’t maintain a security posture in their GCP resources. “By adhering to best practices, and managing permissions and resources smartly, organizations can dramatically minimize the impact of the attack method” Khanashvili continued. 

Hunters has created a proof-of-concept tool (full details are included in the full research) to assist organizations in detecting DWD misconfigurations, increasing awareness, and reducing DeleFriend’s exploitation risks. Using this tool, red teams, pen testers, and security researchers can simulate attacks and locate vulnerable attack paths of GCP IAM users to existing delegations in their GCP Projects to evaluate (and then improve) the security risk and posture of their Workspace and GCP environments. 

Hunters’ Team Axon has also compiled comprehensive research that lays out exactly how the vulnerability works as well as recommendations for thorough threat hunting, detection techniques, and best practices for countering domain-wide delegation attacks.

Hunters responsibly reported DeleFriend to Google as part of Google’s “Bug Hunters” program in August, and are collaborating closely with Google’s security and product teams to explore appropriate mitigation strategies. Currently, Google has yet to resolve the design flaw.

Read the full research here, and follow Hunters’ Team Axon on Twitter.

About Hunters

Hunters delivers a Security Operations Center (SOC) Platform that reduces risk, complexity, and cost for security teams. A SIEM alternative, Hunters SOC Platform provides data ingestion, built-in and always up-to-date threat detection, and automated correlation and investigation capabilities, minimizing the time to understand and respond to real threats. Organizations like Booking.com, ChargePoint, Yext, Upwork and Cimpress leverage Hunters SOC Platform to empower their security teams. Hunters is backed by leading VCs and strategic investors including Stripes, YL Ventures, DTCP, Cisco Investments, Bessemer Venture Partners, U.S. Venture Partners (USVP), Microsoft’s venture fund M12, Blumberg Capital, Snowflake, Databricks, and Okta.

Contact

Yael Macias – yael@hunters.security 

The post Design Flaw in Domain-Wide Delegation Could Leave Google Workspace Vulnerable for Takeover, Says Cybersecurity Company Hunters appeared first on Cybersecurity Insiders.

November 29, 2023 at 04:00AM

Read More

Ardent Health Services hit by ransomware

Numerous hospitals affiliated with Ardent Health Services have fallen victim to a ransomware variant, forcing patients and staff to reschedule appointments or redirect those in need to alternative medical facilities. The affected healthcare institutions include Hillcrest Healthcare Systems in Oklahoma, Lovelace Health System in Mexico, and UT Health in Texas.

Adding to the growing list of impacted medical centers are Hackensack Meridian Mountainside Medical Center and Pascack Valley Medical Center, currently grappling with a network outage resulting from a malicious malware attack.

According to the latest update from the United States Computer Emergency Readiness Team (US-CERT), the cyber-attack occurred on November 22, 2023, just before Thanksgiving. Initial estimates suggest that the infiltration may have taken place around November 20, 2023.

Interestingly, cybercriminals have expanded their reach beyond the United States, affecting healthcare networks in Canada. A recent incident involved diverting an emergency case across the U.S. border due to a server outage in Ontario, causing disruptions and emergency diversions.

In response to these cyber threats, Europol, in collaboration with law enforcement agencies from various countries, initiated a sting operation resulting in the arrest of six individuals responsible for victimizing more than 1800 people globally.

Ukraine Cyber Police, in coordination with Europol, conducted a search operation targeting two criminals utilizing tools associated with LockerGaga and Mega Cortex Ransomware. Unfortunately, as law enforcement focuses on dismantling one cybercriminal organization, others quickly emerge. The complexity and sophistication of cyber-crimes seem to present an ongoing challenge, unlike traditional crimes where cessation of demand can lead to effective prevention.

The post Ardent Health Services hit by ransomware appeared first on Cybersecurity Insiders.

November 28, 2023 at 08:32PM

Read More

Iran launches cyber attack on water authority in the United States

Iran-backed hackers are alleged to have successfully breached the IT infrastructure serving the Water Authority of Pennsylvania in the United States. Disturbing reports indicate that their objective was to disrupt the water supply, potentially causing chaos and panic among the populace.

This attack underscores not only the criminal lengths to which these hackers are willing to go for financial gain but also highlights a glaring absence of humanitarian ethics in their actions. The Iranian hacking group, Cyber Av3ngers, has claimed responsibility for targeting the water facility, proudly broadcasting their actions on Twitter as if it were a noteworthy achievement.

However, what these hackers seem to overlook is the potential for a crisis that could result in the loss of innocent lives. The reckless nature of their activities raises concerns about the lack of consideration for the broader consequences of their actions.

Geopolitically, nations like Iran, North Korea, Russia, and China, finding themselves at odds with the West, resort to adversarial tactics. These include attempts to create chaos in various spheres, such as the economy, politics (as seen in the US 2016 election controversy), or health (as evidenced by the global impact of Covid-19). In this particular instance, it appears that a pro-Iranian cyber squad orchestrated the attack due to the Biden administration’s support for Israel.

Matthew Mottes, Chairman of the Municipal Water Authority Board of Aliquippa, has acknowledged the incident and assured the public that more details will be disclosed as the investigation progresses.

The motives of modern hackers seem to revolve primarily around financial gain, with an increasing trend of targeting companies providing essential or critical services. Victims are often coerced into paying ransom, and in cases where they resist, the stolen credentials or data may be sold on the dark web for monetary gain.

It is noteworthy that, in this specific incident, only the water management facility was affected. Authorities are diligently utilizing backup tools to maintain water supply and pressure, ensuring that there will be zero compromise to the sanctity of the drinking water.

The criminals exploited a vulnerability in Unitronics software, an Israel-based business providing technological support to water facilities, to carry out the cyber attack. The incident serves as a stark reminder of the growing threats to critical infrastructure and the need for robust cybersecurity measures to safeguard against such malicious activities.

The post Iran launches cyber attack on water authority in the United States appeared first on Cybersecurity Insiders.

November 28, 2023 at 04:01PM

Read More

GE servers hacked n DARPA Military Info Leaked

General Electric, commonly referred to as GE, a multinational corporation engaged in the fields of renewable energy, aerospace, and power, has fallen prey to a cyber attack resulting in the leakage of sensitive information related to DARPA Military operations.

The severity of the attack remains uncertain as the American multinational company diligently investigates the incident.

As per information obtained from a Telegram source, a hacking group identifying itself as ‘Cyber Niggers’ has claimed responsibility for the attack and is demanding a substantial ransom for the return of the compromised data.

This incident signifies a ransomware attack, wherein the perpetrators engage in a double extortion strategy.

IntelBroker, a member of the cybercrime group, has asserted the intention to sell the pilfered data on a hacker’s forum for $500. Several screenshots have been posted, revealing information pertaining to the US Government Defense Advanced Research Projects Agency (DARPA). The exposed data encompasses details from SQL databases, military secrets, aviation information, maintenance reports, and more.

CyberNigger is the same hacking group that has previously infiltrated prominent firms such as Volvo, Hilton Hotels, Autotrader, Verizon, AT&T, and the US Immigration Service.

Law enforcement agencies are actively investigating the identity and activities of this group. The criminals, meanwhile, are threatening to release data related to additional victimized companies as the holiday season progresses.

It is essential to note that criminals from such groups often attempt to coerce victims into paying a ransom in exchange for a decryption key and the promise of returning the stolen data. However, the veracity of such assurances remains uncertain, raising concerns about whether the perpetrators might retain a copy of the siphoned data on their servers for future use.

The post GE servers hacked n DARPA Military Info Leaked appeared first on Cybersecurity Insiders.

November 27, 2023 at 08:45PM

Read More

Topics to study for job in Artificial Intelligence

To prepare for a job in artificial intelligence (AI), it’s essential to develop a strong foundation in various relevant topics.

Here’s a list of key areas you should consider studying:

1.Machine Learning (ML): Supervised learning, Unsupervised learning, Reinforcement learning, Deep learning

2. Programming Languages: Python (widely used in AI development),  R (common for statistical analysis), Java, C++, or others as needed for specific applications

3. Mathematics and Statistics: Linear algebra, Calculus, Probability and statistics

4. Data Science: Data preprocessing and cleaning, Feature engineering, Data visualization

5. Neural Networks and Deep Learning: Architectures (e.g., convolutional neural networks, recurrent neural networks), Optimization algorithms, Transfer learning

6. Natural Language Processing (NLP): Tokenization, Named Entity Recognition (NER), Sentiment analysis.

7.Computer Vision: Image processing, Object detection and recognition, Image segmentation

8. Reinforcement Learning: Markov Decision Processes (MDP), Q-learning, Policy gradients

9. Algorithmic Complexity: Big O notation, Efficiency of algorithms

10. Databases and Big Data: SQL and NoSQL databases, Distributed computing (e.g., Apache Hadoop, Apache Spark)

11. Ethics in AI: Bias and fairness in machine learning models, Ethical considerations in AI development

12. Version Control Systems: Git for collaborative development and version control

13. Software Development and Tools: Experience with popular AI frameworks (TensorFlow, PyTorch), Knowledge of development environments (Jupyter Notebooks, VS Code)

14. Cloud Computing: Familiarity with cloud platforms (e.g., AWS, Azure, Google Cloud) for scalable AI solutions

15. Domain-Specific Knowledge: Understanding of the industry or field where you plan to apply AI (e.g., healthcare, finance)

16. Communication Skills: Ability to communicate complex technical concepts to non-technical stakeholders

Continuous learning is crucial in the dynamic field of AI. Stay updated on the latest research, attend conferences, and engage with the AI community to enhance your knowledge and skills. Building a strong portfolio with practical projects can also significantly boost your credibility when applying for AI-related positions.

The post Topics to study for job in Artificial Intelligence appeared first on Cybersecurity Insiders.

November 27, 2023 at 11:06AM

Read More

Windows 11 new update bolsters cybersecurity of healthcare

Windows 11, Microsoft’s latest operating system, has recently introduced an update aimed at enhancing the protection of healthcare IT environments and safeguarding patient data from evolving cyber threats.

While contemporary firewalls, anti-malware tools, and threat monitoring solutions are adept at managing security challenges in the online realm, the constant evolution of threats demands continual innovation. Healthcare companies find themselves grappling with hackers who, despite robust security measures, can compromise well-protected environments for extended periods.

Windows 11 addresses this challenge through upgraded features, including BitLocker, Credential Guard, Config Lock, Hypervisor-Protected Code Integration, Microsoft Defender Smart Screen, Microsoft Pluton, and Smart App Control. These features collectively establish an additional security layer, enabling the isolation of suspicious applications and the lockdown of operational environments when malicious infections are detected, thereby providing a secure hardware and software environment for firms handling patient data. This, in turn, fortifies defenses against social engineering attacks.

Furthermore, the existing Windows Hello feature, previously available to business users, now contributes to the protection of patient data by scanning and encrypting the face or fingerprints of medical professionals.

Inclusivity is also a focus, with the introduction of “Tiny 11,” a Microsoft project designed to extend Windows 11 to smaller and less resourceful environments, especially those accustomed to the hardware-oriented Windows 10. This ensures that even less resourceful environments benefit from the robust security features tailored for healthcare settings.

For those eager to leverage these features, a Cyber Week deal offers Windows 11 Pro and Office Pro 2019 at a discounted price of $50, complete with a lifetime license.

In an additional update, users of AMD Graphics Cards troubled by a persistent bug can now find relief. The November 2023 security update from Microsoft has rolled out a fix for the bug that was causing issues with profile settings, providing a smoother experience for AMD Graphics Card users.

 

The post Windows 11 new update bolsters cybersecurity of healthcare appeared first on Cybersecurity Insiders.

November 27, 2023 at 10:48AM

Read More

Top five things to do in Paris

Welcome to Paris, a city that’s famous for its food, fashion and art. We’re lucky enough to have our head office here, so our team have lots of opportunity to soak up the culture and get inspired.

Next week, on the 28^th – 30^th November, our home city will welcome energy professionals from around the world to Enlit Europe as they come together to meet and make progress towards a greener, decarbonised world.

In the spirit of sharing the magic of Paris, here are some must-see attractions for visitors to the event:

• The Louvre: This is one of Paris’ most striking buildings. The modern glass pyramid stands in stark contrast to the historical surroundings, making this one of the most photographed spots in the city. Inside, immerse yourself in some of the world’s most iconic paintings and sculptures – but don’t forget to book in advance to guarantee entry.
• The Orangerie Museum: Visit The Orangerie to view the iconic ‘Water Lilies’ by Claude Monet. The famous collection of artwork is displayed across a series of rooms and guests are asked to remain silent – providing a tranquil escape from the urban buzz. Other artists on display include Henri Matisse, Pablo Picasso and Henri Rousseau.
• The Eiffel Tower: Paris wouldn’t be Paris without the iconic silhouette of the Eiffel Tower. You’ll catch glimpses of the tower when strolling around the city, but it’s well worth a visit to enjoy the panoramic views from the top.
• The Seine River: The Seine River runs through the centre of Paris, and you can’t go wrong with a gentle walk or boat trip to soak up the city. You’ll enjoy some of the city’s most beautiful architecture, passing landmarks including The Notre-Dame and the Orsay Museum.
• Montmartre: The neighbourhood of Montmartre is known for its artistic history and bohemian atmosphere. Be sure to climb the steps to the Basilique du Sacré-Cœur for a breathtaking view of the city, and wander through the area’s narrow streets filled with artists’ studios and cafes. Don’t forget to visit Place du Tertre, where local artists display their work in an open-air square.

Finally, if you’re attending Enlit Europe at Paris Porte de Versaille, you will be able to find us at the GSMA stand 7.2.E162 or in meeting room 7.3MR08. Come and talk to us about how our advanced technologies and innovation around the Internet of Things are shaping the future.

Find out more here: https://www.enlit.world/directory/thales-2/

The post Top five things to do in Paris appeared first on Cybersecurity Insiders.

November 24, 2023 at 09:09PM

Read More

Taj Hotel Data Breach details

Taj Hotels, a subsidiary of Indian Hotels Company Ltd (IHCL), recently fell victim to a cyber-attack that resulted in the compromise of personal details belonging to more than 1.5 million customers. The leaked information encompasses a range of sensitive data, including addresses, membership IDs, mobile numbers, and other Personal Identifiable Information (PII) spanning the period from 2014 to 2020.

The motive behind Taj Hotels, now under the ownership of the Tata Group, holding such PII remains unclear. This is noteworthy given the stringent guidelines from the Indian government, which stipulate that businesses in the hospitality sector should not retain sensitive information such as dates of birth and banking details, including card information.

The Indian Computer Emergency Response Team (CERT-IN) has taken cognizance of the situation and is actively engaged in investigating the cyber breach.

In response to the incident, IHCL has released a statement affirming its commitment to prioritizing the protection of customer details. To this end, the company has enlisted the expertise of forensic specialists to conduct a thorough investigation into the extent of the breach.

A notable aspect of this cyber threat is the involvement of a threat actor named “DNA Cookies,” who has demanded a ransom of $5000 for the release of the stolen data. The threat actor has set a specific timeframe for negotiating the ransom payment. Uniquely, the demand extends to payment for the entire dataset, as opposed to providing a sample to verify the authenticity of the compromised information.

Complicating matters further, the cybercriminal has published a segment of the pilfered data on BreachForums, accessible exclusively through the dark web. In a peculiar twist, DNA Cookies has instructed Taj Hotels’ IT staff to initiate contact through a designated member on the forum, explicitly discouraging communication from external sources.

As the investigation unfolds, additional details regarding the scope and impact of the cyber-attack are eagerly anticipated.

The post Taj Hotel Data Breach details appeared first on Cybersecurity Insiders.

November 24, 2023 at 08:58PM

Read More

Report Phishing and Spam messages on Google in this way

The use of smartphones has surged over the past five years, attributed to the convenience and services they offer to users. Whether it’s booking a hotel or ordering food, app-powered smartphones are a technological marvel in the hands of enthusiasts.

Despite the myriad advantages, smartphone usage is not without its challenges, particularly concerning malware controversies and espionage concerns. One prevalent issue is the invasion of privacy by marketing companies and promoters who obtain users’ contact numbers to send spammy messages and phishing links.

Addressing this concern, Google has implemented a feature in its message settings to empower users against malicious content. Here’s a simple guide on how to report spam and phishing in the Google Messages application on your Android smartphone:

Open the Google Messages application on your Android device. Look for the messaging app, typically represented by a hamburger or bubble-shaped icon, predominantly white with blue in the middle.

• Locate the specific message you want to mark as spam or phishing and long-press on it. This action will prompt a new menu to appear on the right side.
• Tap on the menu, and you’ll find an option labeled ‘Report Spam’ or ‘Report Phishing.’ Select the appropriate option.
• Confirm your decision when prompted by the Google Messages app.

By reporting spam and phishing attempts, Google incorporates these contacts into its advanced AI algorithms designed to detect and block such content in the future. This proactive approach helps safeguard users from unwanted and potentially harmful messages.

It’s essential to exercise caution when sharing contact details, avoiding disclosure at fuel stations or shopping outlets where marketing agents often seek such information. Corporate employees may share acquired contact details with individuals and companies, leading to the unauthorized use of this data.

Given the infrequency of changing contact numbers, taking steps to defend and isolate your mobile device from spam and phishing attempts becomes crucial in securing sensitive information from unwanted solicitation by advertising companies.

The post Report Phishing and Spam messages on Google in this way appeared first on Cybersecurity Insiders.

November 24, 2023 at 11:17AM

Read More

Two Insurance companies come under the influence of Ransomware Attacks

Sabre Insurance, a London-based company specializing in motor insurance services, fell victim to a ransomware attack that resulted in a breach of information and data theft by hackers. Although the company asserts that the accessed information was non-critical and related to archival data, IT experts have been mobilized to conduct a thorough investigation into the incident. Initial findings indicate that the compromise originated at the IT management company providing technological services to the insurance business.

The prime suspects behind the attack are believed to be either the LockBit Ransomware group or the BlackCat, also known as the ALPHV gang. However, concrete evidence linking them to the incident is yet to be recovered.

In a separate incident, Fidelity National Finance (FNF), a Fortune 500 business, reported to the SEC that it had fallen prey to a cyber attack, seemingly involving a variant of ransomware. The company disclosed that certain data systems were compromised, leading to disruptions in applications and downtime.

Typically, in a ransomware attack, hackers encrypt server data and demand a ransom for its release, mirroring the situation with FNF. The common thread between these incidents is the utilization of file-encrypting malware as the primary means of compromise. Addressing this growing threat may require concerted global efforts against nations and governments supporting these criminal activities. Until such measures are taken, the spread of malware may persist unabated.

Law enforcement agencies can respond to instances of ransomware, but their ability to preemptively thwart the intentions of cybercriminals remains limited. As these incidents underscore the need for enhanced cybersecurity measures, businesses and governments alike must collaborate on proactive strategies to counter the evolving tactics of malicious actors in the digital realm.

The post Two Insurance companies come under the influence of Ransomware Attacks appeared first on Cybersecurity Insiders.

November 23, 2023 at 08:49PM

Read More

FBI and CISA warn against Scattered Spider triggered cyber attacks

Law enforcement agencies in North America have issued a warning regarding the Scattered Spider cyber-attacks, citing their adoption of aggressive tactics, including the targeting of victims with violence. Notably, this English-speaking group has aligned itself with ALPHV and BlackCat, leading to speculation that they are now operating as affiliates, potentially receiving compensation akin to corporate structures.

Identified by various aliases such as 0Ktapus, Scatter Swine, UNC3944, and Octo Tempest, these cybercriminals have shifted their focus to large corporations in the western regions. Their modus operandi involves persuading employees to divulge critical details, such as login credentials, and subsequently siphoning sensitive data, including activities from platforms like Microsoft Teams, Exchange, and Slack. The stolen data is then used as leverage to demand ransom payments from the victims.

A comprehensive study by FBI experts reveals that Scattered Spider has also resorted to violence, threatening employees with severe consequences if they fail to comply with their directives. However, no concrete evidence has been presented against the group regarding these alleged acts of violence.

In the event of a Scattered Spider attack on a network, the advised course of action is to promptly inform law enforcement and hope for a positive outcome. Alternatively, implementing threat monitoring solutions on corporate networks is recommended as a proactive measure, though success is not guaranteed. The landscape of cybercrime continues to evolve, with these criminals becoming increasingly sophisticated and bolstered by government support.

Another approach to combat such threats involves instilling fear in the criminals, making them aware that engaging in illegal activities will lead to significant consequences. This deterrent strategy aims to discourage cyber-attacks by creating a sense of apprehension among potential perpetrators.

The post FBI and CISA warn against Scattered Spider triggered cyber attacks appeared first on Cybersecurity Insiders.

November 23, 2023 at 04:59PM

Read More

Australia runs cybersecurity health check on all gov websites and infrastructure

The Australian government has initiated rigorous security measures to safeguard its IT infrastructure from state-sponsored cyber-attacks. As part of this initiative, the Australian Signals Directorate has conducted two cyber security threat hunts on government networks since December of last year, with plans to continue these efforts in the coming months.

This action comes in response to an announcement by Defense Minister Richard Marles, indicating a growing interest from state-funded actors in Australian Critical Infrastructure. The motives behind such interest range from intelligence gathering to disrupting operations and creating chaos.

To address these threats, all small businesses will now receive a free cyber health checkup at least once a month, with a plan to increase the frequency to a fortnight in the coming months. Moreover, the funding allocated in the annual budget to strengthen cybersecurity will be augmented to protect both private and public entities from various malware attacks. Companies will also be mandated to report ransomware attacks within a specified time frame of 4-5 days.

Given the continuous cyber assaults on the telecom sector, exemplified by the recent Optus cyber-attack, a specialized cybersecurity workforce will be deployed to monitor the infrastructure of such companies. This measure is set to take effect early next year.

The Anthony Albanese-led nation has been confronting severe cyber threats, particularly since expressing support for Ukraine in its conflict with Russia. Despite facing digital attacks from Russia, the Albanese government has reaffirmed its commitment to justice and support for Kyiv, extending its protective measures to secure companies operating within the nation. This commitment aims to thwart potential efforts by Russia to influence Australia’s stance, whether to deter financial support to Ukraine or coerce support for the Russian Federation. The government has also instilled trust in its populace by enhancing security measures for companies, with plans for continued efforts in the near future.

The post Australia runs cybersecurity health check on all gov websites and infrastructure appeared first on Cybersecurity Insiders.

November 22, 2023 at 08:35PM

Read More

Just beware of these 5 Black Friday or thanksgiving Cyber Scams

In a recent survey conducted by Lookout, it has been found that more than 3 out of 5 individuals are expected to take advantage of Black Friday and Cyber Monday deals through their mobile phones this year. However, security experts are cautioning these eager shoppers about potential malware attacks that could lead to serious consequences, including phishing and other social engineering attacks.

While most official shopping websites are legitimate, there is a growing concern about scammers peddling counterfeit products on platforms like Facebook Marketplace or Instagram. Engaging with such fraudulent sellers not only puts online shoppers at risk of receiving substandard products but also increases the likelihood of hackers stealing their banking credentials for financial gain.

Beyond the aforementioned Thanksgiving cyber scams, there are other malicious tactics employed by cyber-criminals to compromise accounts and pilfer sensitive information.

Incorrect Transaction Alerts: During the festive season, individuals may receive calls, messages, or emails claiming that a recent shopping transaction failed, urging victims to provide additional banking details to facilitate the processing of their ordered service or product. However, responding to such communications can be perilous, as criminals may exploit the shared data to drain money from the victims’ accounts.

Fake Promotions: Platforms like Instagram and Facebook Marketplace are rife with fake product promotions promising enticing discounts, cashbacks, or free items. Shoppers are advised to exercise caution, verify the authenticity of offers, and double-check before making transactions to avoid falling prey to counterfeit products, particularly in categories such as sunglasses, watches, smartphones, tablets, and TVs.

Parcel Tracking Scams: Cyber crooks often employ malicious links in scams, enticing individuals to divulge personal details or redirecting them to fake Black Friday deal websites featuring products only in photo format. In reality, the goods will never be delivered to the customer.

Brute Force on Websites: Cyber criminals are increasingly using software to guess passwords on websites. Once they breach the security, they place orders using stolen credit card information and redirect the parcels to temporary addresses, leaving victims with unauthorized charges.

Fake Coupon Codes: Searching for free coupon codes on Google yields hundreds of results, but the vast majority are fake and harbor malicious intentions. It is recommended to rely on coupon codes or discounts provided directly by shopping websites and avoid falling for deceptive platforms claiming to offer Black Friday or Thanksgiving deals or free coupon codes.

The post Just beware of these 5 Black Friday or thanksgiving Cyber Scams appeared first on Cybersecurity Insiders.

November 22, 2023 at 11:26AM

Read More

SOLUTION REVIEW: Enzoic for Active Directory

Compromised credentials stand as the predominant cause of data breaches, underscoring the urgency for organizations to bolster their defenses. It’s crucial to acknowledge that, often, the only barrier separating an attacker from an organization’s most precious resources is the strength and security of its passwords. These compromised passwords not only pose a security risk but also jeopardize regulatory compliance, leading to potential operational and reputational damage.

Enzoic for Active Directory addresses this pressing issue head-on. It enhances initial and ongoing password security to meet compliance standards like NIST 800-63b, thereby mitigating risks and elevating an organization’s overall security stance. This solution review explores how Enzoic serves as a foundational tool for organizations, focusing on an often-underestimated vector of cyber vulnerability.

What negative consequences have organization experienced due to unauthorized access to sensitive data, applications, or systems in the past 12 months? In the State of Authentication Security Report, cybersecurity professionals reported that the reallocation of IT resources for incident response and remediation was the most immediate negative impact (28%), followed by system or service downtime (26%) and increased helpdesk workload (24%).

Enzoic for Active Directory goes beyond traditional password filters and security measures by offering a real-time, dynamic solution for maintaining password integrity within an Active Directory (AD) environment. By integrating directly with your existing AD infrastructure, it offers an additional layer of security that is often missing. What sets it apart is the power of an in-house threat intelligence team backed by machine learning, which continuously updates a massive database of compromised credentials.

Traditional password security solutions, such as Microsoft’s Entra ID, typically focus on enforcing strong password policies at the time of password creation, but they often miss the forest for the trees. The real issue is keeping up with the ever-changing landscape of compromised credentials, and this is where Enzoic shines. Their solutions fills a critical gap by continuously monitoring and validating not just newly set passwords, but also existing ones, thus securing the very foundational layer of your cybersecurity framework. This feature is a prerequisite for meeting leading compliance standards.

KEY FEATURES

Enzoic offers a cutting-edge solution for safeguarding your credentials with a range of exceptional features. Let’s explore how Enzoic stands out with continuous credential security, broad threat intelligence, and a seamless user experience.

1 – Continuous Credential Security: Enzoic sets itself apart by offering continuous screening against a database containing billions of compromised username and password pairs found on the Dark Web. This not only addresses newly created passwords but also identifies and remediates any existing vulnerable passwords that become compromised over time.

2 – Expansive Threat Intelligence: A dedicated in-house threat research team utilizes proprietary, powerful tools to scour the surface internet and Dark Web. This allows Enzoic to capture the most in-depth data sets, making its threat detection one of the most robust in the market. Moreover, this database is continually updated, ensuring that users can remediate swiftly before breaches occur.

3 – Great User Experience: While some solutions add friction at the user and admin level by incorporating more layers of authentication, Enzoic operates invisibly behind the scenes. This not only enables users to select stronger, more secure passwords but also reduces the workload for help desk support.

KEY BENEFITS

Enzoic’s continuous scanning and automated alerting system ensures that compromised or weak passwords are identified in real time. This contributes to a tangible enhancement in the overall security posture, fulfilling both compliance requirements and internal security benchmarks. The real power of Enzoic for Active Directory is in its simplicity and efficiency.

Within minutes of deployment, it starts offering:

• Streamlined Compliance: Companies striving to meet NIST 800-63b, HITRUST, or other leading industry compliance standards can automatically enforce compliance within their environment using Enzoic.

• Proactive ATO Prevention: By continuously monitoring passwords against a live database, Enzoic actively prevents Account Takeover (ATO) attacks, one of the leading causes of data breaches.

• Audit Efficiency: Real-time reports and alerting make it significantly easier to comply with auditing requirements.

• Resource Optimization: By automating the most labor-intensive aspects of password security, IT departments find a significant reduction in the time and resources needed for maintenance.

SOLUTION DELIVERY

The Enzoic solution is offered as a software-based plugin that integrates seamlessly into existing AD Domain Controllers. Optional endpoint agents are also available that provide users with specific instructions during password resets. If a user attempts to set a password that doesn’t meet policy requirements, they are guided on what adjustments need to be made for their password to align with policy, thereby enhancing the user experience and ensuring compliance.

In most cases, Enzoic for Active Directory can be up and running in under an hour, a testament to its userfriendly design. Enzoic for Active Directory operates on a subscription model, including a self-serve option with a free startup plan covering up to 20 users. The subscription cost is directly tied to the number of accounts that need protection. For specific pricing, you can refer to the official pricing page.

FINAL THOUGHTS

In a rapidly evolving cybersecurity landscape, Enzoic for Active Directory offers an agile, robust, and user-friendly solution to the ever-present challenge of compromised credentials. Its standout features like continuous credential security, expansive threat intelligence, and a minimalistic approach to user experience make it a highly recommended choice for any organization looking to fortify its first line of defense—passwords.

ABOUT ENZOIC

Enzoic is an enterprise-focused cybersecurity company committed to preventing account takeover and fraud through threat intelligence monitoring. Organizations can use Enzoic solutions to screen customer and employee accounts for exposed passwords, credentials, and PII to identify accounts at risk and mitigate
unauthorized access.

Learn more about Enzoic at: info@enzoic.com | www.enzoic.com

The post SOLUTION REVIEW: Enzoic for Active Directory appeared first on Cybersecurity Insiders.

November 21, 2023 at 09:38PM

Read More