Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Beyond the Firewall: ...

 Features

In a domain traditionally lauded for its technical prowess, the emergence of soft skills as a critical factor might seem counterintuitive. Yet, as cyber threats continue to evolve in sophistication, industry experts are acknowledging the indispensable role these skills play. Cybersecurity is no longer solely about   show more ...

firewalls and encryption. It’s a critical defense against sophisticated attacks that exploit human vulnerabilities. As technology intertwines more deeply with daily life, the interconnectedness of systems amplifies the impact of such attacks. Protecting against these threats demands a comprehensive approach that includes not only technical measures but also education, awareness, and the development of strong human-centric security practices. Let’s lay the groundwork with a simple hypothetical scenario. Adam, a cybersecurity analyst with impressive technical expertise, found a vulnerability in the company’s network infrastructure with the potential to expose sensitive client data if exploited. However, Adam struggled to streamline his technical findings into a non-technical format. His inability to convey the severity of the vulnerability to key decision-makers led to the dismissal of the issue as a routine technical glitch, assuming it could wait for a more convenient time to address. In the following weeks, the overlooked security flaw was exploited by a cyber adversary, resulting in a data breach that compromised sensitive customer information. The fallout was immediate and damaging loss of customer trust, legal repercussions, and a significant blow to the company’s reputation. A cybersecurity analyst, brilliant with code but lacking in communication skills, failed to effectively explain a critical security update to key decision-makers. His lack of effective communication and soft skills hindered his ability to convey the urgency of the situation, leading to dire consequences that could have been mitigated with clearer, more persuasive communication. While the above example might slightly overstate the situation, it does reflect a significant transformation in the cybersecurity sector. Although technical skills are indispensable for the protection of digital systems, they alone are increasingly inadequate to address the complexities of modern cyber threats. What are Soft Skills in Cybersecurity? Soft skills, also known as interpersonal or people skills, encompass a collection of personal attributes and qualities that empower individuals to engage effectively in various personal and professional scenarios. Unlike technical or hard skills, which are specific to a particular job and often tied to one’s expertise in a particular domain, soft skills have gained increasing importance in cybersecurity. They work in tandem with technical proficiency to establish more robust defenses and responses to cyber threats. Field Chief Information Security Officer (CISO) for the Public Sector at Presidio, Dan Lohrmann, stressed to The Cyber Express the pivotal role of soft skills in cybersecurity. According to him, strong soft skills play a crucial role in facilitating effective teamwork and coordinated communication during emergency incidents. “In an emergency incident, strong soft skills enable a team to work together well and communicate in coordinated ways.  You don’t want to be meeting someone in person for the first time during a major incident or misunderstand directions, expected actions, etc. Strong soft skills build trust and better outcomes,” stated Lohrmann. However, before diving into why soft skills are essential in cybersecurity it is essential to understand the key soft skills for cybersecurity professionals and what they are. Communication Skills In cybersecurity, the ability to convey complex technical concepts in clear, understandable language is crucial. Professionals must translate jargon-heavy security information into layman’s terms for non-technical stakeholders, enabling informed decision-making and support. Communication is key, and this principle is equally important in cyberspace. The Equifax data breach in 2017, a significant event in cybersecurity history, highlights the critical importance of communication in cyberspace. This breach exposed the personal information of nearly 150 million Americans, primarily due to the failure to patch a known software vulnerability. Despite the availability of a patch, internal miscommunication and bureaucratic delays between IT and security teams led to its non-implementation. “Ability to communicate technical details in a clear and concise manner is a critical communication skill that should be innate. Comprehension of problem statements and addressing those for easily understandable solutions is important to team success,” Senior Research and Intelligence Manager at Cyble told The Cyber Express Critical Thinking The capacity to analyze, evaluate, and solve complex problems or challenges by using logical and creative thinking. Critical thinking skills are vital for making informed decisions and adapting to various situations. Cybersecurity experts must possess acute critical thinking skills to recognize and analyze potential threats. This includes identifying subtle indicators of phishing attempts, assessing risk scenarios, and swiftly making informed decisions under pressure. Critical thinking allows professionals to anticipate vulnerabilities and proactively implement security measures to mitigate risks. Problem-solving The skill of identifying issues, evaluating possible solutions, and selecting the most appropriate course of action to resolve problems or overcome obstacles. Problem-solving skills can play a crucial role in resolving cybersecurity incidents efficiently. The cybersecurity space is dynamic and constantly evolving. Strong problem-solving skills enable professionals to adapt to emerging threats, devise innovative strategies, and respond effectively to security breaches. This involves thinking on one’s feet, creatively finding solutions, and implementing measures to contain and resolve incidents efficiently. Having individuals on the team who possess not only technical expertise but also the ability to extract valuable insights from past incidents and apply them to current situations is of great importance. It highlights that safeguarding the future is as crucial as defending against present threats. Cyble Senior Reseracher also highlighted the importance of Conflict Resolution Skills. “In a cybersecurity environment, conflicts may arise, the skill to mitigate the conflicts and come to a resolution is a skill that can be developed through experience and practice under good mentors in an organization,” he told The Cyber Express. Active Listening Lack of active listening can lead to ignoring critical feedback from team members, as seen in various incidents where employee concerns about security vulnerabilities were overlooked. Building trust and rapport with stakeholders—whether they’re clients, colleagues, or end-users—is facilitated through active listening. Understanding their concerns, challenges, and security needs helps in tailoring solutions that address specific vulnerabilities. By actively listening to feedback and concerns, cybersecurity professionals can effectively align security measures with organizational goals and user requirements. Empathy Empathy in cybersecurity refers to the ability of cybersecurity professionals to understand and consider the perspectives, emotions, and experiences of both colleagues and end-users affected by security measures or incidents. While empathy may not be the first trait that comes to mind in the context of cybersecurity, it plays a vital role in various aspects of the field. Professionals who practice empathy are better equipped to create user-friendly security solutions, provide support during incidents, and foster a culture of security awareness and cooperation. Teamwork and Collaboration This skill involves the ability to work effectively with others, both within and outside the organization, to achieve common goals. It includes communicating clearly, sharing responsibilities, and integrating diverse perspectives and skills. Teamwork is paramount in cybersecurity, and its effectiveness in preventing cyberattacks. Adaptability and Flexibility The rapid shift to remote work, especially post 2020 led to increased phishing attacks, showing the need for adaptable security strategies. Being flexible in security strategies is crucial to staying ahead of cybercriminals. Every organization’s security posture is different, and professionals may require coaching on adaptability to perform their roles optimally in a new environment. Attention to Detail Minor oversights in code or security protocols have led to numerous breaches. A prime example of this is the Heartbleed bug discovered in 2014. This bug was a security flaw in the OpenSSL cryptography library, which is widely used for the SSL/TLS protocol to secure internet communication. The oversight in OpenSSL allowed attackers to read sensitive information from the memory of systems protected by the vulnerable versions of OpenSSL, leading to the exposure of private keys, usernames, passwords, and other sensitive data. Attention to detail is essential in code development and security protocols to prevent such vulnerabilities. Leadership and Management Skills Leadership plays a pivotal role in establishing a security-focused culture. Failures in this aspect have been at the root of many data breaches, emphasizing the need for strong leadership and management in cybersecurity teams. Emotional Intelligence Ransomware attacks often rely on psychological tactics. Having emotional intelligence enables professionals to better understand and defend against these tactics, enhancing cybersecurity resilience. In the context of ransomware, attackers frequently use tactics designed to create urgency, fear, or confusion, prompting victims to act impulsively, such as by paying a ransom. In such situations, cybersecurity professionals with high EI can better understand these manipulative tactics, allowing them to educate and prepare users and organizations to respond appropriately. Ethical Judgment and Integrity Insider threats, often stemming from ethical lapses, have been responsible for corporate espionage cases. Ethical judgment and integrity are critical in maintaining trust and security within organizations. Honesty towards designated portfolio stakeholders and maintaining highest moral standards is critical to securing any enterprise. Continuous Learning and Curiosity The evolving nature of cyber threats necessitates continuous learning and curiosity among cybersecurity experts. Staying updated and adaptive is essential to effectively combat emerging risks. Emphasizing the importance of staying informed and adaptable in the field of cybersecurity, Lohrmann stressed the need for a proactive approach in keeping abreast of the latest technological advancements and hacker tactics. “Being curious with a thirst for knowledge and hunger to learn more. We need to be life-long learners with tech changing so rapidly. Also, good communicator – with the more modes the better (writing, speaking, listening). Also, humble but bold at the same time. Don’t be afraid to ask questions,” he said. Decoding Cybersecurity Decisions Tim Pappa, a certified former FBI profiler with expertise in cyber deception and online influence from the Behavioral Analysis Unit, highlighted the importance of naturalistic decision-making in cybersecurity during his discussion with The Cyber Express. He drew upon Gary Klein’s research to emphasize his points. “There have been a few researchers over the past several decades who have developed various models of naturalistic decision making. Gary Klein, for instance, explored how fire commanders make crisis decisions, uncovering that many rely on what he termed the ‘recognition-primed model.’ This approach is rooted in experiential learning, allowing for quick decisions that seem instinctive but are actually informed by past experience and an understanding of what’s likely to succeed,” Pappa said. Gary Klein’s study, titled “Rapid Decision Making on the Fire Ground,” investigates how fire commanders make quick decisions during emergencies. The research introduces the “Recognition-Primed Decision” (RPD) model, demonstrating that these rapid decisions are informed by commanders’ extensive experience and knowledge. This study significantly contributes to the understanding of naturalistic decision-making in critical situations. This is particularly relevant to the cybersecurity sector, which frequently demands rapid and high-pressure decision-making. Pappa suggests that this model can be applied to cybersecurity, considering the dynamic nature of human lives and the complex variables influencing decision-making. “Naturalistic decision-making challenges traditional models by recognizing the dynamic nature of human lives and decisions. It understands that decisions are influenced by various unknown factors in a person’s life, like relationships and organizational constraints, and these factors can change over time,” he added. “In criminology and cybersecurity, the distinction isn’t always black and white. It raises questions about whether automated software can identify and follow patterns in a cyber threat actor’s campaign over time and if threat actors consider these factors when exploiting vulnerabilities in network defense, he added further. Pappa argues for a focus on soft skills, recognizing the necessity for a more humanistic model in cybersecurity. This approach acknowledges the diverse motivations and circumstances of individuals, including cybercriminals. Bridging the Soft Skills Gap in Cybersecurity The recognition of soft skills’ significance in cybersecurity is on the rise within the cyber sector. According to the ISACA’s State of Cybersecurity 2023 report, soft skills have emerged as a significant gap in the cybersecurity field, highlighting that 54% of cybersecurity professionals rated soft skills as the greatest skills gap. These skills are not merely additional qualities but are becoming central in the complex digital space, especially with the advent of AI and evolving global regulations. The top soft skills identified as crucial for security professionals include communication, critical thinking, problem-solving, teamwork, and attention to detail. The rise of social engineering attacks—a tactic that preys on human psychology and exploits interpersonal vulnerabilities rather than technical weaknesses is a growing concern. With AI playing a bigger role, these attacks are only going to get harder to detect. These attacks often leverage trust, persuasion, and psychological manipulation to bypass traditional security measures. Phishing emails, pretexting phone calls, and impersonation scams are common examples of social engineering techniques. According to the 2023 Ponemon Institute’s Cost of Phishing Study, a staggering 83% of organizations experienced a phishing attack in the past year. A key finding of this study is the identification of poor employee awareness and training as a major contributing factor to these incidents. No firewall or encryption can fully protect against an unsuspecting employee falling victim to a well-crafted phishing email or a convincing social engineering ploy. Cyber defenders now need a holistic skill set that includes not just technical prowess but also strong communication, critical thinking, and awareness of human behavior. Identifying and Cultivating Soft Skills Challenges The challenges in identifying and developing soft skills within the cybersecurity workforce are multifaceted, as highlighted by both industry insights and academic research. Cyble’s Senior Researcher observations align closely with findings from broader industry studies, shedding light on the nuanced difficulties organizations face in this area. He points out that the common assessment criteria in cybersecurity hirings are heavily focused towards technical skills, often based on certifications. This approach leaves the assessment of soft skills to team leads or managers, which can burden the organizational structure. The need for a more comprehensive and trait-specific soft skills hiring assessment model is crucial for organizational success. This observation is substantiated by an ISACA report, which shows that while technical skills like identity and access management and cloud computing are heavily sought after, soft skills such as communication and critical thinking are not emphasized to the same extent, despite their recognized importance. According to the report, the most significant skill gaps identified in today’s cybersecurity professionals include soft skills (55%), followed by cloud computing expertise (47%), knowledge in security controls (35%), and abilities in coding (30%) and software development (30%). Additionally, Cyble’s Senior Researcher discusses the ‘Talent Crunch & Skill Combo’ issue, highlighting the rarity of finding cybersecurity professionals with both technical and soft skills. “The industry as it is having a critical shortage of skilled cybersecurity professionals and its rare to find both technical and soft skills, hence organizations have to make do by compromising on either of them and more so on soft skills to keep up with business operations pressure,” he told The Cyber Express. This forces organizations to compromise, often on soft skills, to maintain business operations. This is echoed in the broader industry context where 59% of cybersecurity leaders say their teams are understaffed, leading to a focus on filling roles with a primary emphasis on technical skills. The impact of strong soft skills on cybersecurity risk management and incident response efforts is significant. Cyble’s Senior Researcher mention of the need for cybersecurity professionals to evolve their focus beyond IT security to encompass risk management, governance, and compliance is particularly relevant. As cybersecurity challenges intensify, effective collaboration with various stakeholders becomes critical for audits, legal compliance, business risk assessments, and business continuity planning, necessitating strong soft skills. Dan Lohrmann, addressing challenges in the modern work environment, particularly emphasizes the difficulties posed by a shift to a largely virtual setting. Speaking to The Cyber Express, he notes, “Moving meetings and so much conversation online makes it hard to really know someone well. We used to be almost 100% in-person, and we are not going back to those days, but it is harder than ever to learn by osmosis (just being around people).” This shift has particularly affected the learning and development of younger workers. Lohrmann highlights their unique challenge, stating, “Younger workers can’t see their senior colleagues ‘in-action’ as much – unless the inclusion is very intentional, which is much harder to do consistently on a wide scale.” His observations point to the need for more deliberate and structured approaches to mentoring and knowledge sharing in remote or hybrid work environments. This is crucial for fostering the same level of learning and professional development that was more naturally facilitated in traditional, in-person settings. Soft Skills in the Future of Cybersecurity The future of cybersecurity is increasingly recognizing the vital role of soft skills. As noted by experts, these skills are becoming crucial due to the evolving nature of cyber threats and the integration of technologies like AI and GenAI. “As cybersecurity challenges intensify, so would the collaboration with various stakeholder to maintain flow of information for audits, legal, Business Risk Assessment, and BCP planning and management. Hence, the soft skills will be more than ever essential for maintaining team collaborations and high level of security in the organization,” Cyble Senior Researcher adds. While technical skills remain a cornerstone in cybersecurity, the development and integration of soft skills into the workforce are vital for addressing current and future challenges in the field. The concept of ‘human-centric AI’ highlights the need for skills that distinguish humans from machines. “The ‘human-centric’ part is all about building those soft skills that differentiate humans from robots and machines. I only see the importance of building stronger soft skills growing in the years ahead within cybersecurity,” concluded Lohrmann while stressing upon the need for soft skiils, especially with the way AI is being integrated in day-to-day life, and the tasks involving cybersecurity. Moreover, organizations need to adapt their hiring and training strategies to create a more balanced skill set in their cybersecurity teams. This balanced approach is essential for the overall effectiveness and resilience of cybersecurity operations within organizations. Professionals with strong interpersonal skills can play a pivotal role in educating and empowering teams to recognize and resist these attacks. Training programs focused on cybersecurity awareness, incident response, and social engineering simulations can significantly reduce the susceptibility of individuals within an organization. Furthermore, cybersecurity professional’s adept at understanding and communicating across departments—bridging the gap between technical teams, management, and end-users—can implement comprehensive security protocols and create a culture of vigilance against social engineering attacks. In essence, the evolution of cybersecurity demands a shift towards recognizing the human element as a critical factor in defense. Combining technical expertise with strong interpersonal skills is the new frontier in fortifying organizations against the ever-growing sophistication of social engineering threats.

image for Beyond Convenience: ...

 Features

You settle into your cozy armchair for a movie night, your smart lights dimming automatically as you fire up the projector. As the opening credits roll, you reach for your phone to order popcorn, only to be met with a chilling notification: “Unauthorized access detected on your smart kitchen appliances.”   show more ...

Your blood runs cold as you scramble to disconnect everything from the internet, the once comforting hum of your smart home now a menacing drone. This isn’t a scene from a dystopian sci-fi thriller, but a potential reality in the age of smart homes. While these interconnected devices promise convenience and luxury, they also introduce a new frontier of vulnerabilities: smart home cybersecurity risks. From eavesdropping smart speakers to hacked thermostats, the very things designed to make our lives easier can become gateways for unwanted intrusions. This isn’t paranoia; it’s a stark reality. Research from Zscaler ThreatLabz paints a chilling picture: a staggering 400% surge in IoT malware attacks in the first half of 2023 alone, compared to the previous year. As we step into the age of hyper-connected homes, understanding smart home cybersecurity threats and safeguarding our digital sanctuaries is more crucial than ever. In this article, we’ll delve into the dark side of smart homes, exposing the hidden security threats lurking in our everyday devices. We’ll explore the common vulnerabilities, the potential consequences of cyberattacks, and most importantly, the practical steps you can take to fortify your smart home against digital invaders. So, before you plug in that next smart gadget, read on this critical exploration of the smart home cybersecurity risks in everyday devices. Because in the age of smart homes, cybersecurity is no longer optional, it’s essential. Safe Homes, Smart Homes: A Cybersecurity Deep Dive Operating under the expansive umbrella of the Internet of Things (IoT), smart home devices, from thermostats to security cameras, bring automation and remote control to home management. Yet, as we embrace the advantages of these interconnected technologies, it becomes paramount to grasp the critical importance of smart home cybersecurity. Specifically, devices like cameras and printers, designed for connectivity, inadvertently serve as potential entry points for cyber threats. Illuminated by striking statistics, the initial two months of 2023 witnessed a weekly average of 54% of organizations facing targeted attacks—a significant 41% surge from 2022. With nearly 60 attacks per organization per week on IoT devices, this marks a tripling of incidents compared to two years prior. The spectrum of targeted devices spans common IoT elements, including routers, IP cameras, DVRs, NVRs, and printers. Notably, IoT devices like speakers and IP cameras, integral to remote work and learning setups, offer cybercriminals an extensive array of potential entry points. Therefore, understanding the intricate dynamics of smart home cybersecurity emerges as a crucial imperative in our quest for a secure and connected future. Smart Home Devices and their Vulnerabilities Smart Security Cameras Smart security cameras, designed to enhance home surveillance, unfortunately, expose users to various cybersecurity risks ranging from unauthorized access to data decryption in IoT cameras. In 2022, vulnerabilities in at least five models of EZVIZ IoT cameras came to light, allowing threat actors to potentially access, decrypt, and download video footage. As a globally used brand offering numerous IoT security camera models, EZVIZ faced scrutiny from cybersecurity analysts at Bitdefender, who identified these vulnerabilities, highlighting the broader concerns in IoT hardware security. The unsettling incidents extend beyond EZVIZ, as Xiaomi Mijia’s smart security cameras also faced scrutiny. Reports emerged of vulnerabilities that allowed unauthorized access to camera feeds, leading to concerns about user privacy. Notably, a Google Nest Hub owner discovered images from other users’ homes appearing randomly on his camera feed, highlighting the potential risks associated with smart security devices. Even established brands like Ring, a subsidiary of Amazon, have grappled with cybersecurity challenges, leading to a class-action lawsuit. Instances of unauthorized access and hacking incidents on Ring’s security cameras prompted heightened scrutiny. Notably, Bitdefender researchers identified a flaw in Amazon’s Ring Video Doorbell Pro, potentially granting hackers unauthorized access to the user’s Wi-Fi network and other connected devices. While a security patch has been deployed to address the issue, it highlights the inherent vulnerability of widely used smart security systems. Moreover, in March 2023, Ring reportedly fell victim to an alleged data breach orchestrated by the ALPHV ransomware group. While there is no official confirmation of the Amazon Ring data breach, a news report uncovered that the ransomware group claims to possess access to the home security company’s private data and has issued threats to disclose it unless an agreement is reached. The compromised data potentially encompasses sensitive information such as mailing addresses, phone numbers, passwords, and more. The Cyber Express has reached out to Amazon Ring for comment on the incident but is still awaiting a response. Similarly, Tenable researchers uncovered seven critical vulnerabilities in Amazon’s Blink XT2 security camera systems, including the ability for hackers to remotely view camera footage, listen to audio, and launch DDoS attacks. Amazon responded by promptly releasing patches and urging users to update their devices to mitigate the identified vulnerabilities. These incidents collectively highlight the critical need to address and rectify cybersecurity risks associated with smart security cameras, safeguarding user privacy and safety. Smart TV The surge in Over-The-Top (OTT) platform use has led to a significant increase in Smart TV purchases, with an expected value of US$340.8 billion by 2027. Android TV, developed by Google, has experienced rapid growth, doubling its device count annually since 2016, now surpassing 80 million devices. Despite the convenience of Smart TVs storing passwords for various services, especially for popular platforms like Google, Amazon Prime, and Netflix, they face cybersecurity risks. Smart TVs, particularly those using protocols like DIAL, have been vulnerable. A bug in Netflix’s screencast protocol, known as DIALStranger, allowed hackers to manipulate video streams, revealing the potential for credential theft. Purdue University researchers also found vulnerabilities in Smart TVs, enabling attackers to control and access stored data. Google responded to a related vulnerability (CVE-2021-0889) on their Android TV platform. Historical instances, such as the 2019 discovery of vulnerabilities in Sony’s Android-based smart TVs, including their flagship Bravia line, highlighted risks like compromising WiFi passwords and accessing stored images. The FBI has warned about overlooked security issues in smart TVs, emphasizing manufacturers’ neglect of security considerations, making these devices susceptible to various threats. These vulnerabilities extend beyond homes to impact companies and organizations using smart TVs in conference and meeting rooms, broadening the threat surface. As Smart TV adoption rises, addressing and fortifying against diverse cybersecurity risks associated with these devices becomes crucial. Smart Bulbs While smart lights eliminate the need for traditional switches, offering convenient home automation, they too fall prey to cybersecurity risks. Murtuza Jadliwala from the University of Texas at San Antonio reveals a potential vulnerability where hackers can compromise infrared-enabled smart bulbs by exploiting infrared invisible light emitted from the bulbs. This manipulation allows attackers to send commands, potentially compromising other connected IoT devices within the home network. In August 2023, TP-Link’s Tapo smart light bulbs gained popularity for their affordability compared to competitors like Philips Hue. However, recent research uncovered vulnerabilities in both the bulbs and the Tapo app, creating an opportunity for hackers to pilfer the Wi-Fi password of the home network. The most significant issue arises from a lack of authentication between the smart bulb and the Tapo app, allowing attackers to impersonate a smart bulb and authenticate to the application. Another substantial vulnerability involves a hardcoded, short shared secret exposed by code fragments. The remaining issues, rated as ‘medium’ severity, pertain to message transmissions between the app and the smart bulb, using static initialization vectors and lacking freshness checks for received messages. Exploiting these vulnerabilities could enable attackers within the smart bulb’s range to access Tapo credentials and Wi-Fi credentials. While the first vulnerability requires the smart bulb to be in setup mode for exploitation, the second vulnerability can be exploited if the bulb is already connected, necessitating users to reset the bulb. These findings highlight the importance of addressing cybersecurity vulnerabilities in smart bulbs to safeguard the security of connected home networks. Smart Speakers Smart speakers, a common fixture in modern households for their convenience, raise cybersecurity concerns as users must place trust in the companies handling their voice recordings and ambient sounds. This vulnerability isn’t exclusive to specific brands, even extending to Google Home smart speakers. Researchers from the University of Texas at San Antonio (UTSA) and the University of Colorado at Colorado Springs (UCCS) have uncovered a noteworthy sensitivity in most smart speakers. These devices, capable of picking up voice commands beyond the conventional frequency range of human voices, present a potential risk of unintended eavesdropping. In 2019, security researchers at SRLabs brought to light a substantial vulnerability affecting both Google and Amazon smart speakers. This flaw could empower hackers to covertly eavesdrop on users or execute phishing attacks. The researchers demonstrated the risk by disguising malicious software as seemingly innocuous Alexa skills or Google actions, illustrating the potential for smart speakers to surreptitiously record users or solicit sensitive information, such as Google account passwords. This revelation serves as a crucial reminder for users to exercise prudence with third-party software associated with voice assistants. Diligence in monitoring and removing unused or unnecessary applications is vital to mitigate potential security risks, ensuring the privacy and security of smart speaker users. Cracking the Code: Risks Affecting Smart Devices The susceptibility of smart devices to cyberattacks stems from a combination of factors, each contributing to a complex web of vulnerabilities. Weak passwords, often chosen for their simplicity, serve as a gateway for unauthorized access, compounded by the lack of encryption that leaves data vulnerable to interception. The landscape of data privacy concerns deepens with the monetization of personal data, prompting ethical questions about the collection practices employed by smart devices. The inadequacy of data protection measures further exposes user privacy, leaving personal information at risk. Device vulnerabilities introduce another layer of risk, where outdated software and firmware create exploitable security gaps. “ Numerous smart devices exhibit vulnerabilities in their software or firmware that hackers can exploit, potentially leading to unauthorized access, control, or manipulation of the device,” said Rami F. Khawaly, R&D Manager, MindoLife IoT. The delayed implementation of security updates exacerbates this risk, leaving devices exposed to known vulnerabilities. Additionally, Khawaly highlighted that insecure networks, characterized by weak or poorly configured Wi-Fi setups, serve as significant gateways for cybercriminals to compromise smart home devices. “Weak or poorly configured Wi-Fi networks serve as gateways for cybercriminals to access smart home devices. Strengthening network security is imperative,” he explained. Mehul Doshi, CTO at Jainam Technologies, sheds light on the critical role of edge security, especially in the context of home devices reliant on wireless or home gateway connections. “Presently majority of the home devices are connected via wireless, or home gateway, and edge security become as strong as the edge parameters or capability. Indian Corporate and Consumer industry Broadband at home is just started to move upward interest and cellular broadband has been the weak link as well as strength. The reason is the IP pool be it IPv4 or IPv6,” explained Doshi. The dynamic nature of the IP pool, coupled with the OEM nature of devices and a deficiency in lifecycle updates, creates an environment ripe for cyber threats. As users prioritize migrating to newer edge devices over maintaining or upgrading firmware, smart home devices become attractive targets for BOT operators. “We have seen massive scans taking place by varied BOT operators attempting to identify the common weakness or vulnerability. A small brand like Zyxel was the reason for the edge vulnerability exploit in Denmark and India has many such devices in its base. Smart Home devices’ second concern is the TLS session and authorization session for management,” Doshi highlighted further. As the smart home ecosystem expands, a collective commitment to staying ahead of cybersecurity challenges is crucial to ensuring the seamless integration of technology without compromising privacy and security. Smart Moves for a Secure Smart Home Securing your smart home against the dark side of cybersecurity risks demands a strategic and vigilant approach. Strengthening passwords and incorporating robust authentication processes is akin to fortifying the entrance, and preventing unauthorized access to your smart devices. Regularly updating software and firmware is the digital equivalent of installing security reinforcements, patching vulnerabilities, and ensuring the latest defenses are in place. “Ensure that IoT devices have the capability to upgrade firmware over the air (OTA). This functionality must be highly secure to prevent potential exploitation by attackers attempting to inject malicious code, said Khawaly. Think of it as a routine checkup for your smart home’s health. Ensuring the resilience of your home network is equally crucial. Much like securing the perimeter of a physical space, fortifying Wi-Fi setups is essential to thwart unauthorized infiltrations. For instance, adopting advanced encryption protocols, such as WPA3, enhances the security posture of your network. “Smart homes today are Digital Box with too many digital attack surfaces exposed. The biggest threat comes from CCTV cameras fire alarms and door locks. These devices have both digital and physical impacts such as breach of privacy, life threats, etc. It is important to scan and check the security settings and posture of these devices since they do not have any inbuilt anti-virus support Manufacturers must publish the possibility of security threats due to unprotected smart home devices, so that users are aware of risks,” opined Divyanshu Verma, Chief Executive Officer, Redinent Innovation. Further, education has become a powerful weapon in this cybersecurity arsenal. Raising awareness and educating users about potential risks and best practices empowers them to recognize and respond to potential threats. It’s like providing homeowners with a manual on smart living, enabling them to navigate the digital landscape safely. Consider the concept of local data storage as an additional layer of security. By reducing reliance on cloud-based services and minimizing the exposure of sensitive information, you limit potential attack surfaces. It’s akin to keeping valuable possessions in a secure safe within your home rather than entrusting them to an external storage facility. “Discourage the use of technologies that upload and store data in any cloud. Given the sensitivity and value of collected data, it should be stored locally in a gateway and maintained there. This approach ensures that users retain control over their data,” said Khawaly. To streamline the implementation of these security measures, consider the role of widely adopted IoT platforms. These platforms, such as Apple’s HomeKit or Google’s SmartThings, come equipped with built-in security features. Choosing devices that align with such platforms ensures that your smart home is not just connected but also fortified against evolving cyber threats. As you fortify your smart home, remember that a proactive and comprehensive strategy ensures a resilient and secure digital living space. Securing Smart Homes Without Sacrificing Convenience In this exciting era of smart homes, we’re surfing the wave of convenience, letting our homes adapt and respond to our every need. Yet, amidst this tech-driven thrill, it’s crucial to recognize the delicate dance between convenience and security. As we bask in the glow of automation, ensuring our digital fortresses stand strong becomes a personal mission. We shouldn’t let the fear of cyberattacks cripple our enjoyment of the smart home’s many benefits. Instead, let’s view security as an investment, a necessary step to ensure that our havens of comfort remain truly safe. Think of it like installing a sturdy lock on your door – it doesn’t prevent you from enjoying your home, but it gives you peace of mind knowing you’re protected. Ultimately, the future of the smart home lies in our hands. By embracing a security-conscious approach, we can ensure that these interconnected devices continue to enrich our lives without compromising our safety. In this digital adventure, let’s not just chase the ease of living but also safeguard the very essence of what makes a home—a place of comfort, privacy, and security. Finding that perfect balance is the real smart move in the smart home game.

 Malware and Vulnerabilities

A new family of malicious Android Package Kit (APK) files has been discovered targeting Chinese users. The attackers pose as law enforcement officials and claim the victim's phone number or bank account is involved in financial fraud.

 Breaches and Incidents

Lush has taken immediate steps to secure and screen all systems in order to contain the incident and limit its impact on their operations, while also informing relevant authorities about the incident.

 Trends, Reports, Analysis

APIs are being used more than ever by businesses to build and provide better sites, apps, and services to consumers. However, if APIs are not managed or secured properly, they can be exploited by hackers to steal sensitive information.

 Expert Blogs and Opinion

Purple team assessments, where red and blue teams collaborate, can provide a more comprehensive approach to security assessments, but they need to evolve to account for the multitude of attack technique variants.

 Incident Response, Learnings

The settlement includes reimbursement for out-of-pocket losses, credit monitoring, identity theft insurance, and a cash settlement payment for affected individuals, with an additional payment for California residents.

 Features

By Neelesh Kripalani, Chief Technology Officer, Clover Infotech In this increasingly digitized world, cybersecurity has become a critical concern. As cyberattacks have grown in volume and complexity, traditional defense systems are no longer sufficient to protect sensitive information and infrastructure. To combat   show more ...

this challenge, cybersecurity experts are turning to artificial intelligence (AI) as a powerful tool to strengthen defense systems and safeguard against cyber threats. According to a report by MarketsandMarkets, the global AI in cybersecurity market size is expected to grow from $8.8 billion in 2020 to $38.2 billion by 2026, at a CAGR of 23.3% during the forecast period. Here are some ways in which AI can be leveraged to enhance the cybersecurity landscape: AI in Cybersecurity Cyberthreats Identification AI can analyze massive amounts of data from various sources, including network traffic, system logs, and user behavior to identify patterns and anomalies that might indicate cyber threats. Machine learning models can be trained to recognize familiar cyberattacks, and also adapt to new and evolving attack techniques. Continuous Monitoring There is no doubt that AI models are more sophisticated than traditional systems as they can continuously learn and adapt. AI-based systems are trained on vast datasets that encompass diverse threat scenarios and behaviors, enabling them to improve their detection capabilities over time. Security Log Analysis AI significantly enhances security log analysis by automating the processing and analysis of diverse log data, aiding in real-time threat detection, anomaly identification, and pattern recognition. It reduces false positives, helps in behavioral profiling, and supports proactive threat hunting. By providing scalable and efficient analysis of large volumes of data, AI enables early warnings, incident response automation, and advanced analytics. However, human expertise remains vital for validating alerts, investigating incidents, and making critical decisions, while ethical considerations and biases in AI models must be carefully addressed during implementation. Network Detection and Response (NDR) NDR solutions detect abnormal system behavior by applying behavioral analytics to network traffic data. They continuously analyze raw network packets between internal and public networks. These solutions offer comprehensive visibility into network activities, aiding in proactive threat hunting and helping cybersecurity teams investigate and mitigate incidents effectively. NDR systems leverage machine learning for anomaly detection and user behavior analysis, enhancing the detection of insider threats and advanced attacks. Extended Detection and Response (XDR) XDR is a cybersecurity approach that expands upon the capabilities of traditional Endpoint Detection and Response (EDR) solutions. XDR integrates data from various security sources across an organization’s environment, including endpoints, networks, cloud platforms, and applications, to provide a more comprehensive and contextualized view of potential threats. By correlating and analyzing data from multiple sources, XDR aims to improve threat detection, investigation, and response capabilities. In conclusion, the use of AI in cybersecurity aligns well with the organizations’ need for building a pre-emptive and proactive security landscape. AI-based solutions can provide more effective protection against both known and unknown threats – using machine learning and natural language processing algorithms to detect and respond to threats in real time. This helps organizations to better safeguard their sensitive data and critical systems. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

 Feed

A 29-year-old Ukrainian national has been arrested in connection with running a “sophisticated cryptojacking scheme,” netting them over $2 million (€1.8 million) in illicit profits. The person was apprehended in Mykolaiv, Ukraine, on January 9 by the National Police of Ukraine with support from Europol and an unnamed cloud service provider following “months of intensive collaboration.” “A cloud

 Feed

Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. The issue, tracked as CVE-2024-21591, is rated 9.8 on the CVSS scoring system. “An out-of-bounds write vulnerability in J-Web of Juniper Networks Junos OS SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a

 Actors

Source: thehackernews.com – Author: . Jan 12, 2024NewsroomVulnerability / Threat Intelligence As many as five different malware families were deployed by suspected nation-state actors as part of post-exploitation activities leveraging two zero-day vulnerabilities in Ivanti Connect Secure (ICS) VPN   show more ...

appliances since early December 2023. “These families allow the threat actors to circumvent authentication and provide […] La entrada Nation-State Actors Weaponize Ivanti VPN Zero-Days, Deploying 5 Malware Families – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark web in February 2023 to publish sensitive data of victims who are unwilling to agree to their demands. “As part of   show more ...

their multi-extortion strategy, this […] La entrada Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Applying

Source: thehackernews.com – Author: . Picture a cybersecurity landscape where defenses are impenetrable, and threats are nothing more than mere disturbances deflected by a strong shield. Sadly, this image of fortitude remains a pipe dream despite its comforting nature. In the security world, preparedness is not   show more ...

just a luxury but a necessity. In this context, […] La entrada Applying the Tyson Principle to Cybersecurity: Why Attack Simulation is Key to Avoiding a KO – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Jan 12, 2024NewsroomDevSecOps / Software security GitLab has released security updates to address two critical vulnerabilities, including one that could be exploited to take over accounts without requiring any user interaction. Tracked as CVE-2023-7028, the flaw has   show more ...

been awarded the maximum severity of 10.0 on the CVSS scoring system and […] La entrada Urgent: GitLab Releases Patch for Critical Vulnerabilities – Update ASAP – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.techrepublic.com – Author: Cedric Pernet Two zero-day vulnerabilities have been discovered in Ivanti Secure VPN, a popular VPN solution used by organizations worldwide. The vulnerabilities are currently being exploited in the wild by at least one Chinese nation-state threat actor dubbed UTA0178. The   show more ...

chaining of the two vulnerabilities allow any attacker to execute remote […] La entrada Newly Discovered Ivanti Secure VPN Zero-Day Vulnerabilities Allow Chinese Threat Actor to Compromise Systems – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 compromised

Source: go.theregister.com – Author: Team Register Two zero-day bugs in Ivanti products were likely under attack by cyberspies as early as December, according to Mandiant’s threat intel team. The software biz disclosed the vulnerabilities in Ivanti Connect Secure (ICS) – the VPN server appliance   show more ...

previously known as Pulse Connect Secure – and its Policy Secure […] La entrada Number of orgs compromised via Ivanti VPN zero-days grows as Mandiant weighs in – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register Criminals are exploiting a Windows Defender SmartScreen bypass vulnerability to infect PCs with Phemedrone Stealer, a malware strain that scans machines for sensitive information – passwords, cookies, authentication tokens, you name it – to grab and leak.   show more ...

The malware abuses CVE-2023-36025, which Microsoft patched in November. Specifically, the flaw […] La entrada Why we update… Data-thief malware exploits SmartScreen on unpatched Windows PCs – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register Security experts claim ransomware criminals have got their hands on a functional exploit for a nearly year-old critical Microsoft SharePoint vulnerability that was this week added to the US’s must-patch list. Without specifically identifying the gang,   show more ...

researcher Kevin Beaumont said that at least one ransomware group has a working […] La entrada Exploit for under-siege SharePoint vuln reportedly in hands of ransomware crew – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register The criminal thought to be behind a multimillion-dollar cryptojacking scheme is in custody following a Europol-led investigation. Supported by the National Police of Ukraine, Europol arrested a 29-year-old, whose identity is being withheld, this week in   show more ...

Mykolaiv, Ukraine. An unnamed cloud provider worked with Europol et al to bring […] La entrada Secret multimillion-dollar cryptojacker snared by Ukrainian police – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register Webinar Remote working has rapidly become the norm for many organizations and isn’t ever going away. But it still needs to be secure if it’s to be a success. Many enterprise IT infrastructures are overextended and there are quite a few enterprise   show more ...

leaders who continue to believe that remote […] La entrada Secure network operations for hybrid working – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Team Register The popularity of Github has made it too big to block, which is a boon to dissidents ducking government censors but a problem for internet security. GitHub says it is used by more than 100 million developers around the world. Its popularity and utility ensures   show more ...

that the site is […] La entrada So, are we going to talk about how GitHub is an absolute boon for malware, or nah? – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.schneier.com – Author: Bruce Schneier HomeBlog Comments Clive Robinson • January 12, 2024 6:35 PM @ emily’s poat, ALL, “Newfoundland has 1800 or more giant squids” And if memory serves, no giant squids are fit to make calamari from 8( If they did, they would make one heck of a snack, and the   show more ...

beer […] La entrada Friday Squid Blogging: Giant Squid from Newfoundland in the 1800s – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 academic papers

Source: www.schneier.com – Author: Bruce Schneier New law journal article: Smart Device Manufacturer Liability and Redress for Third-Party Cyberattack Victims Abstract: Smart devices are used to facilitate cyberattacks against both their users and third parties. While users are generally able to seek redress   show more ...

following a cyberattack via data protection legislation, there is no equivalent pathway […] La entrada On IoT Devices and Software Liability – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cybertalk.org – Author: slandau EXECUTIVE SUMMARY: With over 4 million unfilled cyber security jobs globally, organizations are not only wrestling with a severe shortage of cyber security workers, but also a paucity of those who possess essential skills. The talent shortage has led to higher   show more ...

workloads for existing cyber security staff, resulting in untenable […] La entrada The state of the cyber security talent shortage – Source: www.cybertalk.org se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Lawrence Abrams Mortgage lenders and related companies are becoming popular targets of ransomware gangs, with four companies in this sector recently attacked. This week, we learned that mortgage lender loanDepot suffered a cyberattack, which the company later confirmed   show more ...

was ransomware. This comes on the heels of similar attacks against Mortgage giant […] La entrada The Week in Ransomware – January 12th 2024 – Targeting homeowners’ data – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Sergiu Gatlan CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another critical bug for remote code execution. Tracked as CVE-2023-29357, the security flaw enables remote attackers   show more ...

to get admin privileges on unpatched servers by circumventing authentication using spoofed JWT auth […] La entrada CISA: Critical Microsoft SharePoint bug now actively exploited – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BLEEPINGCOMPUTER

Source: www.bleepingcomputer.com – Author: Bill Toulas GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction. The vendor strongly recommends updating as soon as possible all   show more ...

vulnerable versions of the DevSecOps platform (manual update required for self-hosted installations) […] La entrada GitLab warns of critical zero-click account hijacking vulnerability – Source: www.bleepingcomputer.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE Cyabra, the leading counter-disinformation company, is pleased to announce the appointment of 70th Secretary of State Mike Pompeo to its Board of Directors. The appointment follows a number of positive developments for the company, including significant   show more ...

revenue growth and a successful funding round.  Cyabra uncovers threats and provides actionable […] La entrada Former Secretary of State Mike Pompeo Joins Cyabra Board of Directors – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Account

Source: www.darkreading.com – Author: Becky Bracken, Editor, Dark Reading 2 Min Read Source: Louisa Svenson via Alamy Stock Photo Following the Securities and Exchange Commission’s X account, formerly known as Twitter, compromise on Jan. 9, two Senators have issued a statement calling the hack   show more ...

“inexcusable” and urging the Inspector General of the US Securities and […] La entrada SEC X Account Hack Draws Senate Outrage – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Critical

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer 1 Min Read Source: Monticello via Shutterstock On Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) added a privilege escalation vulnerability affecting Microsoft SharePoint servers to its list of Known Exploited   show more ...

Vulnerabilities (KEV). SharePoint is a popular, cloud-based document management and storage system, which is also variously […] La entrada CISA Adds 9.8 ‘Critical’ Microsoft SharePoint Bug to its KEV Catalog – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Dark Reading Staff Source: GmbH & Co. KG via Alamy Stock Photo In a newly released update, GitLab reports that it is releasing versions 16.7.2, 16.6.3, and 16.5.6 for GitLab Community Edition (CE) as well as Enterprise Edition (EE) in order to address a series of   show more ...

critical vulnerabilities. Two critical vulnerabilities, […] La entrada GitLab Releases Updates to Address Critical Vulnerabilities – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Account

Source: www.darkreading.com – Author: Dark Reading Staff Source: poco_bw via Alamy Stock Photo The social media account for Hyundai MEA (Middle East & Africa) was taken over to distribute cryptocurrency promotions. The Hyundai MEA account on X (formerly Twitter) was briefly changed to   show more ...

impersonate Overworld, a role-playing game that is backed by the venture capital and […] La entrada Hyundai MEA X Account Hacked, Followed by Crypto Promotion – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Nicholas Fearn, Contributing Writer Source: 3D generator via Alamy Stock Photo During the past two years, the vast majority of United Arab Emirates-based businesses have experienced a cybersecurity incident. According to research from Kaspersky, 87% of companies in UAE have   show more ...

faced different forms of cyber incidents in the past two years. […] La entrada Cybersecurity Incidents Consistently Increase in UAE – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Critical

Source: thehackernews.com – Author: . Jan 13, 2024NewsroomVulnerability / Network Security Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. The issue, tracked as CVE-2024-21591, is rated 9.8 on the CVSS   show more ...

scoring system. “An out-of-bounds write vulnerability in J-Web of Juniper […] La entrada Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team By Dan Hopkins, VP of Engineering at StackHawk IT modernization and digital transformation initiatives, combined with faster software deployment lifecycles, has caused an exponential increase in the size and scale of API ecosystems within organizations.   show more ...

Designed to rapidly and seamlessly connect consumers and businesses to vital data and services, […] La entrada Zombie APIs: The Scariest Threat Lurking in The Shadows? – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team By Roger Spears – Cybersecurity Project Manager, Schneider Downs One of the primary pillars of cybersecurity is having a “defense in depth” strategy, which means layering defensive security measures to protect your assets from digital intruders.   show more ...

With a defense in depth strategy, even if a digital intruder gets through […] La entrada 7 Steps to Build a Defense in Depth Strategy for Your Home – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Amazon

Source: www.govinfosecurity.com – Author: 1 General Data Protection Regulation (GDPR) , Standards, Regulations & Compliance E-Commerce Giant Accuses Luxembourg Regulators of Attacking the Company Akshaya Asokan (asokan_akshaya) • January 12, 2024     Amazon squared off against the Luxembourg data   show more ...

protection authority in court on Tuesday over a privacy fine. (Image: Shutterstock) Amazon in a […] La entrada Amazon Appeals Privacy Fine of 746 Million Euros – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Chinese

Source: www.govinfosecurity.com – Author: 1 Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Governance & Risk Management ‘Volt Typhoon’ Could Be Preparing for Renewed Burst of Activity Prajeet Nair (@prajeetspeaks) • January 12, 2024     When was the last time you   show more ...

checked your SOHO router? Chinese hackers would like to know. (Image: […] La entrada Chinese Nation-State Hacker Is Exploiting Cisco Routers – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.govinfosecurity.com – Author: 1 Jamie Tomasello Managing Director, Superbloom Jamie Tomasello (she/her and he/him) is a technology and policy leader with a strategic focus on practical, sustainable operations and outcomes aligned with business risk. For over 20 years, she/he has been addressing   show more ...

security, compliance, and operational issues at internet service providers, security companies, law […] La entrada Live Webinar | Cybersecurity Strategies for Resource-Constrained State and Local Governments – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-01
Aggregator history
Saturday, January 13
MON
TUE
WED
THU
FRI
SAT
SUN
JanuaryFebruaryMarch