If you are in the market for a smartphone but want to break away from the Apple-Google duopoly, look no further: these alternative smartphones are based on various Linux variants and custom hardware.
Threat actors are bypassing Google's security measures and using fingerprinting techniques to ensure successful execution of malicious downloads, pointing to a potential "malvertising as a service" model.
Researchers have discovered a new multi-platform threat called NKAbuse that uses a decentralized network connectivity protocol called NKN to communicate. NKAbuse leverages blockchain technology to conduct DDoS attacks and function as an implant.
The ongoing downtime of the National Payments System has made it impossible for local banks in Lesotho to honor inter-bank transactions, requiring alternative measures to facilitate payments.
The attack on the library, along with recent ransomware incidents at other major libraries, underscores the need for improved cybersecurity measures and data protection in the library sector.
Delta Dental of California and its affiliates have suffered a data breach, affecting almost seven million patients. The breach occurred through a vulnerability in the MOVEit Transfer software, allowing unauthorized access by threat actors.
The cybersecurity industry, particularly in the banking sector, is an ever-evolving domain, constantly challenged by new threats and technologies. In an exclusive interview, Augustin Kurian, Editor-in-Chief The Cyber Express, engaged with Roman Medina, the Senior Vice President and Chief Information Security Officer show more ...
(CISO) at Jefferson Bank, to delve into these challenges and the strategies employed to combat them. Medina’s tenure at Jefferson Bank, starting in 2014, coincides with a period of significant technological evolution and increasing cyber threats, positioning him perfectly to provide insights into the changes and adaptations in bank security strategies over the years. Looking ahead to 2024 Roman Medina anticipates a continued focus on specific cybersecurity threats, notably social engineering and impersonation attacks. These methods, which exploit human psychology rather than technological vulnerabilities, have proven to be highly effective for cybercriminals. Medina’s insights suggest a trend where fraudsters, recognizing the heightened security measures at financial institutions, are increasingly targeting bank customers directly. The modus operandi involves sophisticated tactics like fake SMS messages and deceptive phone calls, designed to trick customers into divulging sensitive information or clicking on malicious links. These attacks are particularly challenging to combat as they bypass traditional security measures like firewalls and antivirus software by targeting the end-user directly. Medina emphasizes that the battle against such threats is not solely technological; it also requires a strong focus on customer education and awareness. Customers need to be informed about the types of attacks they might encounter, how to recognize them, and the appropriate actions to take in response. This approach is crucial in creating a first line of defense against social engineering tactics. The rise of these threats also signals a shift in the threat landscape for the banking sector. As banks fortify their digital defenses, cybercriminals adapt by finding new vulnerabilities, often in the form of human error or oversight. This cat-and-mouse game between security professionals and fraudsters is likely to intensify, with both sides continuously evolving their tactics. Strategies Against Fraud and Attacks In the battle against fraud and cyber-attacks, Roman Medina highlights the importance of a multifaceted strategy that goes beyond conventional security measures. Central to this approach is customer education and awareness. As fraudsters target bank customers directly, understanding and recognizing potential threats become crucial in preempting fraud. Medina emphasizes the role of educating customers about typical fraudulent activities, such as deceptive SMS and phone calls, and instructing them on how to respond to such situations. This proactive approach in customer education forms a critical component of the bank’s defensive strategy. Medina also discusses the need to adapt and enhance technological defenses, especially against sophisticated attacks like those targeting multi-factor authentication systems. Jefferson Bank is exploring additional methods to strengthen its defenses against such threats, reflecting an understanding that technology and tactics used by cybercriminals are constantly evolving. Another significant concern highlighted by Medina is the persistent threat of ransomware. Financial institutions continue to be prime targets for ransomware attacks, necessitating robust backup systems and incident response plans. However, Medina notes a shift in ransomware tactics, with cybercriminals now often resorting to extortion. This change means that simply having good backups is no longer sufficient; banks also need to be prepared for scenarios where sensitive information is threatened to be leaked unless a ransom is paid. Medina’s insights into combating fraud and attacks demonstrate the need for a dynamic and evolving cybersecurity strategy in the banking sector. It involves not only keeping up with technological advancements but also ensuring that customers are well-informed and prepared to play their part in preventing fraud. Threat Intelligence and Risk Mitigation Roman Medina underlines the significance of threat intelligence in the cybersecurity framework of Jefferson Bank. The bank’s approach to threat intelligence began about four years ago and has been evolving ever since. A key focus of their strategy is proactivity – being ahead of potential threats rather than merely reacting to them. This involves monitoring for brand impersonation or spoofing websites and taking swift action to mitigate these threats, such as taking down malicious sites and informing both customers and employees of potential risks. Another critical aspect of their threat intelligence strategy is the monitoring of the dark web for indications that the bank’s data or that of its customers might be compromised. For instance, if an email associated with the bank is found on the dark web, proactive steps are taken to ensure that the potentially compromised credentials are not used within the bank’s network. This approach also extends to educating employees about good password security practices. Approach to Legacy Systems and BYOD Policies Roman Medina addresses two critical aspects of cybersecurity in the banking sector: managing legacy systems and policies regarding Bring Your Own Device (BYOD). He acknowledges the challenges posed by legacy systems, which often become vulnerable over time. Medina emphasizes the importance of having a clear plan for dealing with these systems, whether through upgrades or transitions to newer, more secure platforms. In cases where legacy systems are unavoidable, Jefferson Bank implements stringent security measures, such as increased monitoring and restricted access, to mitigate potential risks. An interesting approach adopted by the bank involves turning off legacy systems that are not in regular use and only powering them on when necessary. This strategy significantly reduces the exposure of these systems to potential cyber threats. Medina’s handling of legacy systems demonstrates a pragmatic approach, balancing the need to maintain certain outdated systems with the imperative of ensuring robust security. Selecting Cybersecurity Tools In discussing the selection of cybersecurity tools, Roman Medina sheds light on the intricate process behind choosing the right solutions for Jefferson Bank. He explains that there isn’t a one-size-fits-all checklist for selecting these tools; instead, the process is highly tailored to the bank’s specific needs and objectives. A significant criterion in their selection process is compatibility with existing security architecture. Medina emphasizes the importance of integrating new tools seamlessly into the bank’s existing security ecosystem. This includes compatibility with their single sign-on and multi-factor authentication systems, especially since many of the bank’s solutions are cloud-based. Another key factor is the cloud hosting provider’s security posture, assessed through their business continuity plans, disaster recovery capabilities, and independent security audits. Medina particularly values the Service Organizational Control (SOC) reports, which provide detailed insights into the provider’s security controls and practices. Additionally, Medina stresses the importance of actionable alerts in cybersecurity tools. The bank looks for solutions that not only detect threats but also provide clear, actionable intelligence to respond effectively. This approach reflects a proactive stance in cybersecurity, focusing on tools that not only alert but also guide the response team in mitigating threats. The Rise of AI in Cybersecurity The integration of Artificial Intelligence (AI) in cybersecurity is a topic of particular interest to Roman Medina. He acknowledges the growing presence of AI in various cybersecurity applications and the potential benefits it can offer. Medina points out two key areas where AI is making its mark in the banking sector: enhancing employee productivity and being embedded within cybersecurity solutions. Medina mentions AI tools like ChatGPT, which are being used by bank employees to assist in various aspects of their work. This utilization of AI reflects a broader trend in the industry where AI is increasingly seen as a tool to augment human capabilities, improving efficiency and accuracy. However, Medina also highlights the need for a cautious approach, ensuring that these AI tools are used responsibly and align with the bank’s security policies. On the cybersecurity front, Medina notes that many security solutions are beginning to incorporate AI modules or frameworks. This trend is changing how cybersecurity is approached, with AI offering more sophisticated and automated threat detection and response capabilities. However, he emphasizes the importance of understanding how these AI models work, especially in terms of learning and data privacy. Medina’s approach to AI in cybersecurity is both open-minded and cautious, recognizing the potential of AI while being acutely aware of the need to maintain control and oversight over these powerful tools. In conclusion, this interview with Roman Medina offers valuable lessons and guidance for cybersecurity professionals and stakeholders in the banking industry. It underscores the critical need for resilience, adaptability, and proactive strategies in safeguarding the financial sector against the ever-evolving landscape of cyber threats.
The year 2023 stands as a pivotal moment in the ongoing evolution of cyber threats. Witnessing the emergence of new threat actors and the resurgence of previously banned groups targeting global organizations, the cyber landscape in 2023 has borne the brunt of a relentless onslaught. Given the widespread reliance on show more ...
digital technologies, this era has provided an ideal environment for cybercriminals and state-sponsored hackers to exploit vulnerabilities. Faced with this escalating threat landscape, the cybersecurity industry has been compelled to take decisive action in order to mitigate these risks. The Cyber Express delves deep into the significant cyberattacks of 2023, unraveling the tactics employed, and the industries affected, and drawing critical lessons that will shape future cybersecurity efforts. 2023: The Gargantuan of Cyberattacks and Data Breaches In 2023, the world experienced a concerning surge in cyberattacks, with data breaches and security lapses becoming frequent headline fodder. The sheer scale and sophistication of these attacks presented formidable challenges for organizations, governments, and individuals alike. The widespread dependence on digital technologies created an ideal environment for cybercriminals to exploit vulnerabilities, resulting in a global upswing in cyberattacks. This surge has already left a noticeable mark on cyberspace and security. The Saga of MOVEit Cyberattacks One of the most notorious cyberattacks of 2023 was the series of breaches leveraging Progress Software’s MOVEit Transfer file management program. The attacks, carried out by a group known as “cl0p,” compromised data over hundreds of organizations globally, affecting nearly 40 million people. MOVEit Transfer, a widely used file management tool, became the entry point for hackers to access sensitive data such as social security numbers, medical records, and billing information. The ripple effect of the MOVEit cyberattacks extended across diverse sectors, emphasizing the interconnected nature of digital systems. Educational institutions, government agencies, healthcare providers, financial institutions, and media organizations fell victim to the breaches. The widespread impact, unfortunately, led to a global privacy disaster resulting from a single software flaw. Following the disclosure of the breaches, organizations and cybersecurity firms mobilized to mitigate the damage and prevent further exploitation. Progress Software issued patches to address the vulnerabilities in MOVEit Transfer, and many organizations were able to deploy these patches before falling victim to the attacks. Incident response firms and cybersecurity outlets played a crucial role in helping organizations detect, respond to, and recover from breaches. However, the hackers, cl0p, continued to be aggressive in their data extortion tactics, posing an ongoing threat to the affected organizations. Here is a quick look at some other major cybersecurity incidents we faced this year: The notorious hacking group KelvinSecurity Team claimed to have acquired and offered for sale on the darknet a database containing the information of 384,319 BMW car owners in the UK. Kathmandu police arrested eight individuals who hacked bank accounts by distributing a fake app, Nepali Keti, via WhatsApp and subsequently stole money from those who downloaded it. The U.S. Marshals Service, the oldest U.S. federal law enforcement agency, disclosed being targeted in a cyberattack, resulting in the theft of sensitive data. T-Mobile reported a breach exposing the personal data of 37 million customers, with an unidentified intruder accessing and stealing information, including addresses, phone numbers, and dates of birth, in late November. Microsoft has warned of a zero-day vulnerability affecting all Windows OS versions, posing a risk of enabling attackers to bypass a browser sandbox and attain system-level privileges. An unauthorized actor executed a social engineering attack on Mailchimp staff, gaining access to specific accounts using compromised employee credentials; the incident, as per current investigations, is confined to 133 Mailchimp accounts. The PayPal hack occurred through credential-stuffing attacks, where hackers used bots to try combinations of usernames and passwords obtained from data leaks, including the dark web, to access user accounts. The LockBit ransomware group, linked to Russia, claimed responsibility for a cyberattack on an ION Group division, impacting 42 clients in Europe and the United States, leading to manual processing of trades by affected banks and brokers. The hacktivist group ‘KillNet,’ known for targeting the U.S. healthcare industry, actively focusing on the health and public health sector, utilizing DDoS attacks, and maintaining public channels for recruitment and attention. JD Sports revealed that potentially accessed information by hackers encompassed names, billing and delivery addresses, phone numbers, order details, and the final four digits of payment cards for approximately 10 million unique customers. Connectivity Source experienced a breach in April, with an unknown attacker obtaining employee data, including names and social security numbers, totaling around 17,835 records from across the U.S., as Connectivity operates exclusively as a white-labeled T-Mobile US retailer. In January 2023, a Twitter data breach occurred, leading to the publication of a database containing information on over 200 million Twitter users on a prominent hacker forum. In March 2023, AT&T reported a data breach, notifying 9 million customers that their data had been exposed due to an attack on a third-party vendor. The Kodi Foundation forum experienced a data breach, revealing the personal information of over 400,000 users; the non-profit organization, known for developing the Kodi media center, a free and open-source software entertainment hub, and media player, was affected. Luxottica confirmed a data breach after online reports, attributing it to a security incident with a third-party contractor handling customer data, which exposed information such as names, email IDs, phone numbers, addresses, and dates of birth. On July 21, 2023, the University of Minnesota discovered that someone claimed to have posted admissions, race, and ethnicity information from a university database on the internet in July 2023. The UK Electoral Commission disclosed it had fallen victim to a “complex cyber-attack,” leading to hackers accessing reference copies of electoral registers, containing the names and addresses of 40 million people. The MOVEit attack exploited a flaw in the MOVEit managed file transfer service, a tool widely used by organizations for securely transferring sensitive files. 23andMe, a major U.S. biotechnology and genetic testing firm, had data from over 1.3 million Ashkenazi Jew and Chinese users compromised in a data-scraping incident. Capital One, a major U.S. bank holding firm, confirmed that data from over 16,500 customers was exposed in the February cyberattack targeting the Pennsylvania-based debt purchasing company NCB Management Services. PharMerica reported a data breach to the Office of the Maine Attorney General, stating that hackers infiltrated their system on March 12th, 2023, and stole personal information, including full names, addresses, dates of birth, social security numbers (SSNs), medications, and health insurance details of 5,815,591 individuals. Which Industries Felt the Burnt Most Throughout 2023, several high-profile cyberattacks made headlines, showcasing the adaptive tactics and techniques employed by cybercriminals. Let’s explore some of the most influential breaches that occurred during this period. The finance sector bore the brunt of cyberattacks in 2023, with hackers targeting banks and financial institutions worldwide. One notable breach occurred when a sophisticated hacking group gained access to a major global bank’s network, compromising customer data and causing widespread panic. The healthcare industry was not spared either with relentless cyberattacks, exposing sensitive patient information and disrupting medical services. Hackers exploited weaknesses in healthcare systems, causing significant disruptions and compromising patient privacy. The ramifications of these attacks were far-reaching, with hospitals and healthcare providers struggling to recover from the financial and reputational damage. Government entities became prime targets for cyberattacks in 2023, as hackers sought to exploit vulnerabilities for political gain. These attacks aimed to compromise sensitive government data, disrupt operations, and undermine public trust. The breach of a government agency’s network exposed classified information, raising concerns about the security of critical infrastructure and national security. Cyberattacks targeting manufacturing and industrial systems also posed a significant threat in 2023. Hackers exploited vulnerabilities in supply chain networks, gaining unauthorized access to production systems and disrupting operations. These attacks had severe consequences, resulting in financial losses, reputational damage, and potential safety hazards. Government Involvement in Cyber Defense Governments around the world faced the challenge of defending critical infrastructure in the wake of newer state-sponsored cyber threats. The Russian invasion of Ukraine showcased the use of cyber operations for wartime advantage, with government-backed attackers targeting Ukraine’s government, military, and civilian infrastructure. The invasion also triggered a notable shift in the Eastern European cybercriminal ecosystem, with some groups splitting over political allegiances and others adapting their tactics to the evolving geopolitical powers. The dynamic cyberspace demanded continuous adaptation and innovation in cybersecurity measures. The COVID-19 pandemic and remote work arrangements created new vulnerabilities, exploited by ransomware-as-a-service gangs like Doppelpaymer and REvil. These groups employed various tactics, including ransomware attacks and data exfiltration, to extort victims and disrupt operations. State-sponsored actors engaged in information operations (IO) and propaganda campaigns to shape public perception and achieve their strategic objectives. Russia, in particular, utilized a range of tactics, from overt state-backed media to covert platforms and accounts, to undermine the Ukrainian government, fracture international support for Ukraine, and maintain domestic support for the war. The economic repercussions of cyberattacks cannot be understated either. The estimated loss to cybercrimes in 2023 was projected to reach $8 trillion, a staggering amount that surpassed the GDP of many countries, reported Cybercrime Magazine. The financial impact extended beyond the immediate costs of recovering from breaches and securing systems. The loss of customer trust, regulatory fines, and reputational damage were significant consequences faced by organizations affected by cyberattacks. The interconnected nature of the global economy meant that a single breach could have far-reaching consequences for multiple stakeholders. Extracting Insights, Enhancing Preparedness The cyberattacks of 2023 served as a wake-up call for organizations, governments, and individuals to prioritize cybersecurity. Timely patching, multi-factor authentication, employee training, and incident response planning became imperative. Collaboration between governments, companies, and security stakeholders became essential for sharing threat intelligence and coordinating defense efforts. Businesses, regardless of size or industry, must proactively safeguard their digital assets against cyber threats. Implementing robust cybersecurity measures, such as network segmentation, encryption, regular vulnerability assessments, and employee awareness training, can significantly enhance resilience. Collaborating with reputable cybersecurity firms and staying informed about emerging threats are critical components of an effective strategy. The year 2023 witnessed a surge in cyberattacks, with the MOVEit cyberattacks being among the most notable. These breaches highlighted vulnerabilities in interconnected systems and underscored the need for enhanced cybersecurity measures. By prioritizing cybersecurity, investing in advanced technologies, and fostering collaboration, we can strive to create a safer digital space. Moving forward, lessons learned from the cyberattacks of 2023 should guide the development of robust cybersecurity strategies to address the sophisticated techniques of threat actors and enemies. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
As the sun sets on 2023, the cybersecurity space bears the scars and triumphs of a year unlike any other. The domain witnessed a collapse as organizations of every scale- multinational corporations to humble startups — and individuals alike navigated the repercussions of numerous security incidents. The year saw show more ...
a dramatic surge in cyberattacks, data breaches, and the emergence of sophisticated cybercriminal groups, laying bare our collective digital vulnerabilities. However, 2023 was not just about the attacks; it was also about resilience and response. As threats multiplied, so did efforts to fortify digital fortresses. Governments and regulatory bodies, recognizing the escalating stakes, tightened their grips with strict cybersecurity penalties. New policies were drafted, and existing ones were enforced with renewed keeping in mind the latest development in the cybersecurity space. The message was clear: the era of lax digital oversight was over. Amidst this backdrop of heightened vigilance, cybersecurity penalties and fines emerged as critical tools in the regulatory arsenal. They were no longer just punitive measures but vital instruments of change, compelling organizations to rethink their approach to data protection and cybersecurity. For instance, the General Data Protection Regulation (GDPR), once a mere buzzword, became a tangible force, reshaping how companies across the globe handle personal data. The Biggest Cybersecurity Penalties in 2023 This article delves into the heart of this seismic shift, focusing on the most significant cybersecurity penalties of 2023. Each fine, a story in itself, reveals not just the cost of non-compliance but also the evolving expectations in our digital age. From Meta’s record-breaking €1.2 billion GDPR fine to the stringent cybersecurity penalties imposed on TikTok and Spotify, these cases exemplify the growing rigor in data protection and privacy. These fines serve as both a warning and a guidepost. As 2023 draws to a close, it leaves in its wake a clearer, albeit sterner, path forward for digital compliance and security, shaping the future of our interconnected world. Meta GDPR Fine – €1.2 Billion In May 2023, the Irish Data Protection Commission (DPC) issued a groundbreaking fine of €1.2 billion to Meta Platforms, Inc., the parent company of social media giants like Facebook, Instagram, and WhatsApp. This fine marked a watershed moment in the enforcement of the General Data Protection Regulation (GDPR), being the largest penalty imposed since the regulation’s inception in 2018. The crux of the DPC’s decision centered on Meta’s handling of European users’ personal data. Specifically, the issue was Meta’s transfer of this data to the United States without ensuring adequate levels of protection, a requirement under the GDPR. This regulation mandates that companies must provide robust safeguards for personal data when it is transferred outside the European Economic Area (EEA), ensuring the privacy and protection of user data against unauthorized access and misuse. The fine against Meta in 2023 was not the company’s first brush with GDPR-related issues. In the years leading up to this decision, Meta had faced multiple investigations and fines for various privacy infringements under the GDPR. For instance, in 2021, WhatsApp, a Meta-owned entity, was fined €225 million by the DPC for failing to conform with GDPR transparency requirements. This penalty was, at the time, one of the largest fines under GDPR. Similarly, in 2020, the DPC had imposed a fine of €450,000 on Twitter for a breach that involved a delay in reporting a data leak and inadequate documentation. These fines, while significant, were considerably lower than the 2023 penalty against Meta, indicating a trend towards stricter enforcement and higher penalties for data protection violations. TikTok GDPR Fine – €345 Million TikTok came under fire in 2023 and faced a substantial €345 million fine for violating the General Data Protection Regulation (GDPR), marking one of the most significant penalties. This fine was specifically tied to the platform’s handling of accounts belonging to children, an area of growing concern in the digital age. The Irish Data Protection Commission (DPC) concluded its investigation into TikTok’s practices in September 2023, focusing on a period in 2020. The probe uncovered several critical areas of non-compliance with GDPR. Notably, TikTok was found to have inadequate mechanisms for age verification, which is crucial for protecting minors online. Additionally, the DPC highlighted issues with the platform’s clarity and transparency in communicating with its younger user base, a key requirement under GDPR for any entity handling personal data. This penalty was not TikTok’s first encounter with GDPR fines. Prior to 2023, the platform had faced scrutiny and smaller fines for various privacy issues in different European countries. However, the 2023 fine was unprecedented in its size, reflecting a growing trend towards stricter enforcement of data protection laws, especially concerning vulnerable users like children. CRITEO Fine – €40 Million In June 2023, CRITEO, a prominent figure in the online advertising world, was hit with a €40 million fine by France’s National Commission on Informatics and Liberty (CNIL). This penalty was a direct result of several breaches of the General Data Protection Regulation (GDPR). Key violations included the use of tracking technologies without obtaining explicit user consent, maintaining privacy policies that lacked clarity and transparency, and employing questionable data management practices. This fine is part of a growing trend of regulatory actions against digital advertising companies for GDPR non-compliance. Prior to CRITEO’s case, there have been instances where other firms in the digital advertising sector faced scrutiny and penalties for similar reasons. TIM SpA – €7.6 Million Fine In a significant regulatory action, Italy’s Data Protection Authority levied a €7.6 million fine against TIM SpA, a major player in the telemarketing sector, in 2023. This penalty was imposed for the company’s failure to effectively oversee its call centers, which were found to be engaging in abusive practices, and for inadequate protection of personal data. TIM SpA was fined for two major lapses: the failure to supervise call centers engaging in abusive practices and insufficient measures to protect personal data. The company’s call centers were found not only to be engaging in aggressive telemarketing tactics but also mishandling sensitive personal information. These practices were in direct violation of established data protection laws, which mandate strict protocols for consumer consent and data security. This fine highlighted the growing concerns around data privacy in telemarketing and the imperative for stringent data protection measures, particularly in industries involving direct consumer interactions. TIM SpA’s history with regulatory fines for data protection violations is not new. Before this incident, the company had faced several penalties for similar issues. In 2020, TIM was fined €27.8 million by the same Italian Authority for unsolicited marketing calls without proper consent, showcasing a pattern of data privacy concerns. WhatsApp Penalty – €5.5 Million In a significant regulatory decision, Ireland’s Data Protection Commission (DPC) imposed a €5.5 million fine on WhatsApp in 2023 for violations of the General Data Protection Regulation (GDPR). This action specifically targeted the messaging giant’s data processing operations, reflecting growing concerns over how technology companies handle user information. The crux of the DPC’s finding was WhatsApp’s failure to comply with GDPR’s transparency and lawful processing requirements. The investigation revealed that WhatsApp did not provide clear, accessible information to users about how their data was being processed, particularly in the context of service improvements and security. This lack of transparency directly contravenes GDPR mandates, which require companies to clearly communicate the purpose and methods of data processing to users. Furthermore, the DPC’s decision included a stipulation that WhatsApp must bring its data processing practices into compliance within a six-month timeframe. Prior to the 2023 fine, WhatsApp, a subsidiary of Meta Platforms, Inc., had faced other significant GDPR-related fines and scrutiny. One of the notable instances was in September 2021, when the DPC imposed a then-record fine of €225 million on WhatsApp for failing to meet the transparency requirements of GDPR. This penalty stemmed from the company’s inadequate disclosure to users and non-users about the collection and use of their data. CLEARVIEW AI Penalty – €5.2 Million In April 2023, Clearview AI, a company specializing in facial recognition technology, was fined €5.2 million by French data protection authorities. This penalty was levied due to Clearview AI’s non-compliance with a prior order related to its data handling practices, particularly in regard to the processing and use of personal data without proper consent. The French authorities’ decision highlighted Clearview AI’s use of a vast database of images scraped from various online sources, including social media platforms, without the knowledge or consent of the individuals in those images. This practice raised significant concerns about privacy and consent, especially in the context of GDPR, which mandates explicit consent for the processing of personal data. Moreover, the authorities found that Clearview AI did not provide adequate information to individuals about the collection and use of their data. This lack of transparency is a critical issue under GDPR, which requires clear communication to data subjects about the use of their personal information. In 2021, the French data protection authority, CNIL, fined Clearview AI over its facial recognition software, ordering the company to cease collecting and using data of individuals in France and to delete the collected data. The total penalty included a fine of 20 million euros and an additional daily penalty of 100,000 euros for delays beyond a two-month compliance period. Clearview AI has also faced scrutiny and legal challenges in other jurisdictions as well. In February 2021, Canada’s privacy commissioner declared the company’s technology illegal under Canadian privacy laws, citing similar concerns about consent and data scraping practices. In the UK and Australia, investigations into Clearview AI’s practices have also been initiated, reflecting a global concern over the company’s operations. Spotify Fine – $5.4 Million In a significant regulatory action, Spotify, the renowned music streaming service, was fined SEK 58 million (approximately $5.4 million) by Swedish authorities for violating the General Data Protection Regulation (GDPR), specifically concerning data access rights. This fine arose from Spotify’s failure to adequately comply with GDPR’s ‘right to access’ provisions. The Swedish Authority for Privacy Protection (IMY) identified that Spotify, while providing users access to their personal data upon request, fell short in sufficiently explaining the usage of this data. Users reportedly faced difficulties in accessing their personal data, a fundamental right under GDPR, which mandates that individuals should be able to obtain their data easily and understand how it is being used. This gap in compliance with GDPR’s transparency requirements led to the substantial fine. The authority emphasized the need for clarity, particularly in how Spotify processes and utilizes the extensive data it collects, ranging from contact and payment information to users’ listening habits and preferences. Curtains draw on 2023 Data privacy is not a mere consideration, but a fundamental right. The record cybersecurity penalties levied across diverse sectors, from the bustling alleys of social media to the intricate networks of advertising and telemarketing, serve as reminders of the weight of responsibility in the digital domain. Digital responsibility and accountability are not just buzzwords, but the very pillars upon which businesses are expected to stand. As we step into 2024, the echoes of 2023’s lessons resonate, guiding a journey towards more ethical data practices, more transparent user interactions, and a deeper respect for the sanctity of personal information. In the dance of digits and data that paints our modern existence, each step toward privacy and protection is a step toward honoring the human element at the heart of technology. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
In a comprehensive exploration of the dynamic cybersecurity terrain, Abul Kalam Azad, Head of Information Security at Eastern Bank, shares invaluable insights in an interview with Augustin Kurian, Editor-in-Chief of The Cyber Express. With over two decades of expertise in IT audit, risk management, and cybersecurity, show more ...
Azad illuminates the cybersecurity challenges, trends, and transformative potential in today’s times, particularly within the financial sector. From the escalating threats of ransomware attacks to the pivotal role of Artificial Intelligence (AI) and the imperative of compliance and risk management, Azad’s discourse uncovers the complex array of cybersecurity challenges and strategies molding today’s landscape. Azad began by highlighting the vulnerability of the financial sector to cyber-attacks, noting that attackers often target these institutions for financial gain. He pointed out that in recent years, there has been a significant increase in attempts to hack customer accounts and manipulate financial transactions. He discussed a troubling trend: the surge in ransomware attacks. These attacks not only aim to extort money but also disrupt services by rendering systems inoperable. Another critical issue Azad touched upon was the breach of customer data. He noted that several large organizations had faced severe consequences, including bankruptcy, due to the loss of customer data. The conversation then shifted to the role of artificial intelligence (AI) in tackling cybersecurity challenges. Azad expressed optimism about the integration of AI in cybersecurity tools, noting that AI-enhanced systems offer more accurate and timely detection of threats. He emphasized that traditional security tools are often inadequate in detecting sophisticated cyber-attacks, making AI an essential component in modern cybersecurity strategies. However, Azad also acknowledged the double-edged sword that AI represents in cybersecurity. He pointed out that the effectiveness of AI depends on how it is used – whether by cybersecurity professionals for defense or by attackers for more sophisticated breaches. This raises important questions about the balance of power in cybersecurity and the ongoing arms race between cyber attackers and defenders. In discussing the broader implications of AI in cybersecurity, Azad highlighted the significant investments being made by companies in AI-driven security solutions. He cited the example of Cyble Vision, leveraging AI to detect and index banking cyber threats. Azad’s insights reveal complex and rapidly evolving cybersecurity challenges. The financial sector’s vulnerability to cyber-attacks, the rise of ransomware, the critical importance of protecting customer data, and the potential of AI in cybersecurity are all key themes that define the current challenges in the field. The Role of AI in Tackling Cybersecurity Challenges and the Importance of Compliance in the Financial Sector The discussion delved into the critical role of Artificial Intelligence (AI) in cybersecurity and the significance of compliance and auditing in the financial sector. Azad emphasized the transformative impact of AI on cybersecurity. He pointed out that AI is not just beneficial but essential for detecting and responding to cyber threats more accurately and promptly. This technology has become a cornerstone in the cybersecurity strategies of many organizations, particularly in the financial sector, where the stakes are exceptionally high. The integration of AI into traditional cybersecurity tools like firewalls, Intrusion Detection Systems (IDS), and Security Information and Event Management (SIEM) systems has markedly improved their efficiency and detection rates. Azad predicted a continued rise in the adoption of AI technologies by cybersecurity companies, suggesting a future where AI plays a dominant role in cyber defense mechanisms. Moving on to threat intelligence, Azad highlighted its critical importance for financial institutions. He stressed that these organizations must be proactive in understanding potential cyber threats, including identifying indicators of compromise (IOCs) and staying informed about emerging attack vectors. Additionally, monitoring the dark web is crucial for financial institutions to gather intelligence and prevent data breaches and other cyber incidents. Azad then addressed the importance of compliance and auditing in the financial industry. He outlined the various standards and regulations that financial institutions must adhere to, such as PCI DSS, ISO 27001, GDPR, HIPAA, and SOC, depending on their geographic location and business nature. To maintain compliance, organizations need to identify relevant regulations and establish checklists for regular monitoring and assessment. He also mentioned the utility of Governance, Risk Management, and Compliance (GRC) tools in aiding organizations to stay compliant. These tools can automate certain aspects of compliance, making it easier for companies to meet regulatory requirements and generate reports. Azad’s insights underscore cybersecurity’s evolving nature, highlighting AI’s growing importance in enhancing cyber defense capabilities. Furthermore, his emphasis on the necessity of threat intelligence and the critical role of compliance and auditing in the financial sector provides a comprehensive overview of the current cybersecurity landscape. As cyber threats become more sophisticated, the integration of advanced technologies like AI and a strong focus on compliance will be key to safeguarding digital assets and maintaining customer trust. Navigating the Future of Cybersecurity: Perspectives from a Seasoned Expert Azad acknowledged the dynamic nature of cyber threats, emphasizing that strategies effective today might not suffice tomorrow. This constant evolution requires organizations to be adaptive and agile. He observed that while companies are becoming more aware of cybersecurity risks and are proactive in their approach, challenges such as budget constraints and technological limitations can impede their efforts. However, he remained positive about the industry’s commitment to mitigating cyber threats and keeping up with the latest trends. Looking ahead to 2024, Azad speculated on the potential changes in cyber threats. He noted the recent increase in ransomware attacks and data breaches, particularly involving sensitive customer data. He predicted that attacks on data would become more frequent, driven by the high value of customer information. Azad also cautioned that entirely new forms of attacks, currently unimaginable, might emerge, highlighting the need for continuous vigilance and preparedness in cybersecurity. Azad then touched upon the importance of basic cyber hygiene and employee awareness, especially in financial institutions. He stressed that simple measures, like complex passwords and two-factor authentication, can prevent many attacks. Employee training and awareness are crucial in bolstering cybersecurity defenses without significant technological investment. This approach not only enhances security but also builds resilience against a wide range of cybersecurity challenges. He emphasized the need for organizations to identify potential risks and act swiftly to mitigate them. He pointed out that understanding and responding to risks promptly is key to creating a safe cyber environment. He also highlighted the interconnected nature of cybersecurity, where a single breach or loophole can have devastating effects on the entire ecosystem. Azad provided valuable insights into the current state and future of cybersecurity, particularly in the financial sector. His emphasis on adaptability, proactive risk management, employee awareness, and the potential impact of AI in cybersecurity paints a picture of a field that is constantly evolving and requires continuous attention and innovation. To conclude, Azad underscored the transformative role of AI in enhancing cybersecurity measures, predicting its growing dominance in future cyber defense strategies. The importance of threat intelligence and compliance was also stressed, pointing to the need for financial institutions to stay vigilant and proactive in monitoring potential cybersecurity challenges and adhering to various regulatory standards. Azad’s discussion revealed the dynamic nature of cyber threats, where strategies effective today might be obsolete tomorrow, necessitating adaptive and agile approaches from organizations. He speculated on the future of cyber threats, foreseeing an increase in sophisticated attacks, particularly targeting customer data. The importance of basic cyber hygiene and employee awareness was also highlighted as key in preventing many attacks, with simple measures like complex passwords and two-factor authentication playing a crucial role. Concluding the interview, Azad emphasized proactive risk management as essential for creating a safe cyber environment. The interconnected nature of cybersecurity means that a single breach can have far-reaching effects, making it imperative for organizations to identify and mitigate cybersecurity challenges swiftly. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
China's Ministry of Industry and Information Technology (MIIT) on Friday unveiled draft proposals detailing its plans to tackle data security events in the country using a color-coded system. The effort is designed to "improve the comprehensive response capacity for data security incidents, to ensure timely and effective control, mitigation and elimination of hazards and losses caused
Microsoft is warning of an uptick in malicious activity from an emerging threat cluster it's tracking as Storm-0539 for orchestrating gift card fraud and theft via highly sophisticated email and SMS phishing attacks against retail entities during the holiday shopping season. The goal of the attacks is to propagate booby-trapped links that direct victims to adversary-in-the-middle (AiTM
We will focus on exploring diverse techniques to modify the etc/passwd file, enabling us to create or alter a user and grant them root privileges. It becomes crucial to understand how to edit your own user within the /etc/passwd file when dealing with privilege escalation on the compromised system. If you’re show more ...
interested, we have previously […] La entrada Linux privilege Escalation Writable passwd File se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.govinfosecurity.com – Author: 1 Government , Industry Specific , Legislation & Litigation Defense Bill Includes Many Critical Cybersecurity Components, CSC Says Chris Riotta (@chrisriotta) • December 15, 2023 A sweeping defense bill includes key cybersecurity provisions, the CSC says. show more ...
(Image: Shutterstock) Co-chairs of the Cyberspace Solarium Commission praised the annual U.S. National […] La entrada Cyberspace Solarium Commission Hails NDAA Cyber Provisions – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.govinfosecurity.com – Author: 1 Artificial Intelligence & Machine Learning , Cybercrime , Fraud Management & Cybercrime CISO Liability, AI, Ransomware and Shadow IT Anna Delaney (annamadeline) • December 15, 2023 Jonathan Armstrong, partner, Cordery Compliance British attorney show more ...
Jonathan Armstrong examines four cybersecurity legal trends that will shape 2024: heightened personal liability for […] La entrada Legal Trends to Watch in 2024 – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.govinfosecurity.com – Author: 1 Jean-Michel (JJ) Heffron Managing Director, Cyber Risk Services, Deloitte Jean-Michel (JJ) Heffron is a Managing Director in the Deloitte Cloud and Infrastructure Cyber practice, specializing in the area of Cloud Security, Infrastructure Security, Identity, Endpoint show more ...
and Data Protection and Security Architecture. JJ is responsible for helping to lead the delivery […] La entrada Live Webinar | How Deloitte and SailPoint leverage the cloud and AI to build successful identity security programs – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.govinfosecurity.com – Author: 1 Nate Smolenski Head of Cyber Intelligence Strategy, Netskope Nate Smolenski is an experienced CISO, Advisor, and technology leader with over two decades of experience across insurance, financial services, management consulting, and software industry verticals. Nate show more ...
currently serves as Head of Cyber Intelligence Strategy as a member of the CSO team […] La entrada Live Webinar | Hiding in Plain Sight: Combatting Shadow IT and the Importance of Complete Cyber Visibility – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.govinfosecurity.com – Author: 1 Cryptocurrency Fraud , Cybercrime , Fraud Management & Cybercrime Also: Fraud Trends; Cryptocurrency Regulatory Developments Anna Delaney (annamadeline) • December 15, 2023 Clockwise, from top left: Anna Delaney, Mathew Schwartz, Rashmi Ramesh and Suparna show more ...
Goswami In the latest weekly update, editors at Information Security Media Group discuss whether […] La entrada ISMG Editors: Decoding BlackCat Ransomware’s Downtime Drama – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.govinfosecurity.com – Author: 1 Governance & Risk Management , Healthcare , Industry Specific Advice Is Based on Agency’s 2-Week Security Assessment of a Large Entity Marianne Kolbasuk McGee (HealthInfoSec) • December 15, 2023 Image: CISA The U.S. Cybersecurity and Infrastructure show more ...
and Security Agency is urging healthcare sector entities to take critical steps […] La entrada CISA Urges Health Sector to Apply Critical Cyber Measures – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.securityweek.com – Author: Associated Press The court system in Kansas was hit by a cyberattack that caused outages and affected the courts in 104 counties. The post Kansas Courts’ Computer Systems Are Starting to Come Back Online, 2 Months After Cyberattack appeared first on SecurityWeek. Original show more ...
Post URL: https://www.securityweek.com/kansas-courts-computer-systems-are-starting-to-come-back-online-2-months-after-cyberattack/ Category & Tags: Incident Response,cyberattack,ransomware […] La entrada Kansas Courts’ Computer Systems Are Starting to Come Back Online, 2 Months After Cyberattack – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.securityweek.com – Author: SecurityWeek News Noteworthy stories that might have slipped under the radar: Ukraine hacks Russia’s federal tax agency, CVE assigned to PLC exploit, security in new Intel CPU. The post In Other News: Ukraine Hacks Russia, CVE for Water ICS Attacks, New Intel Xeon CPUs show more ...
appeared first on SecurityWeek. Original Post URL: […] La entrada In Other News: Ukraine Hacks Russia, CVE for Water ICS Attacks, New Intel Xeon CPUs – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Hash is a specific type of algorithm that produces an output string of a fixed length. The hash code is always the same length, but it will vary in complexity depending on how it’s used and may produce different hashes for different input strings. SQL Server uses hashing techniques instead of encryption as it show more ...
offers […] La entrada MSSQL for Pentester Hashing se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Microsoft has released a lot of versions for SQL servers. Microsoft has released version 2019 of this server more than twenty times. When you look at the different versions, you quickly get a sense of how their goal continues to be moving towards making improvements and innovations to the product every year. This show more ...
goes on […] La entrada MSSQL for Pentester Command Execution External Scripts se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
ciso2ciso 0 - CT - CISO Strategics - Information S
Microsoft 365 is one of the most commonly used cloud services utilised by businesses. It provides a package of services ranging from Outlook and Teams to SharePoint and OneDrive. While MS365 has security standards in place, businesses are still at risk of data exfiltration and account compromise. La entrada The Importance of Microsoft 365 Monitoring se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
ciso2ciso 0 - CT - Cybersecurity Architecture - IA
Como hemos visto, la IA se constituirá, previsiblemente, como la piedra angular de todo el proceso de digitalización de las organizaciones, sobre todo en sectores como el financiero, salud y movilidad, entre otros. De acuerdo con los beneficios y riesgos de esta tecnología, resulta primordial establecer en las show more ...
organizaciones que quieran hacer desarrollos o uso […] La entrada Modelo de Gobierno IA se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.schneier.com – Author: Bruce Schneier HomeBlog Friday Squid Blogging: Underwater Sculptures Use Squid Ink for Coloring The Molinière Underwater Sculpture Park has pieces that are colored in part with squid ink. As usual, you can also use this squid post to talk about the security stories in the show more ...
news that I haven’t covered. Read […] La entrada Friday Squid Blogging: Underwater Sculptures Use Squid Ink for Coloring – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.schneier.com – Author: Bruce Schneier In 2016, I wrote about an Internet that affected the world in a direct, physical manner. It was connected to your smartphone. It had sensors like cameras and thermostats. It had actuators: Drones, autonomous cars. And it had smarts in the middle, using sensor show more ...
data to figure out what […] La entrada A Robot the Size of the World – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
ciso2ciso 0 - CT - Cybersecurity Architecture - IA
Over the past ten years, and more visibly over the past six months, artificial intelligence (AI) has gone through tremendous technological advancement. In 2012, advances in graphics processing units (GPUs) enabled the first example of tractably training a deep neural network to outperform more traditional approaches show more ...
to machine learning. In 2017, Google researchers published their […] La entrada A SENSIBLE REGULATORY FRAMEWORK FOR AI SECURITY se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Empower your organisation with the 10 essential steps to building a robust cybersecurity posture using Microsoft 365: La entrada Microsoft 365 :Top 10 security actions with guaranteed improvements se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Privacy and protection of personal data is a key concern for both customers, organizations, and regulators. Customers expect organizations to treat their personal information as private and confidential, to effectively safeguard their personal data, and to use it only to provide and operate financial services, and show more ...
for other purposes as required by law or regulation. […] La entrada A Practical Guide: Establishing a Privacy and Data Protection Framework se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
ciso2ciso 0 - CT - Cybersecurity Architecture - Da
Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation (GDPR)) will become directly applicable in all Member States, including Malta, as from 25 May 2018. It will replace the EU’s Data show more ...
Protection Directive 95/46/EC which […] La entrada Data Protection Guidelines for Banks se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: thehackernews.com – Author: . Dec 16, 2023NewsroomCyber Security / Incident Response China’s Ministry of Industry and Information Technology (MIIT) on Friday unveiled draft proposals detailing its plans to tackle data security events in the country using a color-coded system. The effort is show more ...
designed to “improve the comprehensive response capacity for data security incidents, to […] La entrada China’s MIIT Introduces Color-Coded Action Plan for Data Security Incidents – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: thehackernews.com – Author: . Dec 16, 2023NewsroomOnline Security / Cybercrime Microsoft is warning of an uptick in malicious activity from an emerging threat cluster it’s tracking as Storm-0539 for orchestrating gift card fraud and theft via highly sophisticated email and SMS phishing show more ...
attacks against retail entities during the holiday shopping season. The goal of […] La entrada Microsoft Warns of Storm-0539: The Rising Threat Behind Holiday Gift Card Frauds – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.cyberdefensemagazine.com – Author: News team By George Gerchow, CSO and SVP of IT, Sumo Logic Corporate security and compliance teams are scrambling to understand the implications of the U.S. Security and Exchange Commission’s (SEC) recently announced cybersecurity disclosure and reporting show more ...
regulations. While the need to report ‘material cybersecurity incidents’ within four days (and the […] La entrada Understanding The Impact of The SEC’s Cybersecurity Disclosure Regulations – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.cyberdefensemagazine.com – Author: News team Exploring the Future of Cybersecurity at BlackHat 2023 By Kylie M. Amison, Technical Reporter, Cyber Defense Magazine In our ever-evolving world, where digital threats loom larger and more diverse than ever, I write these trip reports as an opportunity to show more ...
delve deeper into both the present and future landscape […] La entrada Navigating The Cybersecurity Horizon: Insights and Takeaways from Blackhat2023 – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.cyberdefensemagazine.com – Author: News team By Dotan Nahum, Head of Developer-First Security, Check Point Software Technologies Cybersecurity is Changing: Is the Experience Positive or Negative? Unfortunately, cybersecurity and cybercrime represent the age-old Hollywood trope famously conjured up show more ...
in the Batman franchise: bad guys and good guys need one another to survive. Whether cybersecurity has […] La entrada Cybersecurity Is Changing: Is the Experience Positive or Negative? – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.cyberdefensemagazine.com – Author: News team www.cyberdefensemagazine.com is using a security service for protection against online attacks. This process is automatic. You will be redirected once the validation is complete. Reference ID IP Address Date and Time 3dc7dfbd7081283bcc5956880acf9126 68. show more ...
178.221.220 12/16/2023 10:46 PM UTC Protected by StackPath Original Post URL: https://www.cyberdefensemagazine.com/why-its-more-important-than-ever-to-align-to-the-mitre-attck-framework/ Category & Tags: Cyber Security […] La entrada Why It’s More Important Than Ever to Align to The MITRE ATT&CK Framework – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: go.theregister.com – Author: Team Register Cryptocurrency wallet maker Ledger says someone slipped malicious code into one of its JavaScript libraries to steal more than half a million dollars from victims. The library in question is Connect Kit, which allows DApps – decentralized software show more ...
applications – to connect to and use people’s Ledger hardware wallets. […] La entrada Hundreds of thousands of dollars in crypto stolen after Ledger code poisoned – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.bleepingcomputer.com – Author: Bill Toulas A Mirai-based botnet named ‘InfectedSlurs’ is exploiting a remote code execution (RCE) vulnerability in QNAP VioStor NVR (Network Video Recorder) devices to hijack and make them part of its DDoS (distributed denial of service) swarm. The botnet show more ...
was discovered by Akamai’s Security Intelligence Response Team (SIRT) in October 2023, […] La entrada QNAP VioStor NVR vulnerability actively exploited by malware botnet – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Microsoft announced a new Windows Protected Print Mode (WPP), introducing significant security enhancements to the Windows print system. “WPP builds on the existing IPP print stack where only Mopria certified printers are supported, and disables the show more ...
ability to load third-party drivers. By doing this, we can make meaningful improvements […] La entrada Microsoft unveils new, more secure Windows Protected Print Mode – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
