This week's TCE Cyberwatch delves into a range of pressing cybersecurity issues impacting the world today. From the rise of malicious AI manipulation in elections to the ever-present threat of data breaches and ransomware attacks, no sector is immune. TCE Cyberwatch explores these concerns and more, along with show more ...
groundbreaking advancements in the tech industry like Microsoft's new lightweight AI model. Whether you're a seasoned cybersecurity professional or simply someone navigating the digital world, staying informed is crucial. TCE Cyberwatch Weekly Update Let's dive into the latest developments and equip ourselves with the knowledge to stay safe online. Samourai Wallet Founders Sentenced to Prison Over Money Laundering Charges Samourai Wallet, a popular crypto app founders, Keonne Rodriguez and William Lonergan Hill, were recently arrested with serious charges regarding money laundering and unlicensed money transmitting. The allegations address over $2 billion in transactions and laundering more than $100 million in criminal proceeds. The transactions originated from dark web markets like Silk Road and Hydra Market, and the charges seem to be amounting to a maximum of 20 years in prison for Rodriguez and five years for Hill. Along with this, the company's web servers were seized, and prevention of further downloads of the Samourai mobile app in the U.S. was implemented. Read More China Cracks Down on Messaging Apps: WhatsApp, Threads Removed from App Store The Chinese government, pushed by concerns over censorship, recently ordered Apple to remove WhatsApp and Threads from their App Store in China. Reportedly, Telegram and Signal have also been removed. China’s Cyberspace Administration had asked Apple to remove the apps because they apparently contained political content that included negative comments and posts about President Xi Jinping. Apple is known to work alongside the Chinese government's wishes as in 2021, Apple had supposedly agreed to store the personal data of Chinese users in servers accessible by the government. Apple addressed in a statement that, “We are obligated to follow the laws in the countries where we operate, even when we disagree.” Read More Cybersecurity Nonprofit MITRE Breached by Nation-State Actor MITRE reports that they have recently been exposed to breaches and cyber threats despite working to safeguard themselves from them. A foreign nation-state threat actor was confirmed on their Networked Experimentation, Research, and Virtualization Environment, or NERVE, network. MITRE immediately took the network offline, making sure to start an investigation to find out the extent of the damages as well as contacting those affected. Jason Providakes, president and CEO, MITRE, shared his response to the incident stating that, “The threats and cyber-attacks are becoming more sophisticated and require increased vigilance and defence approaches. As we have previously, we will share our learnings from this experience to help others and evolve our own practices.” Read More Google Fires Employees Over Pro-Palestine Protest Against Israeli Contract Google recently terminated 28 staff members after they had protested against the company’s contract with the Israeli government. The pro-Palestine employees had protested by staging hour-long sit-ins at their offices. In a statement, Google employees’ part of the “No Tech for Apartheid” campaign, revealed that some employees who had not directly participated in the protests had also been fired. Gabriel Schubiner, an ex-Google employee, revealed that he knew of co-workers who had to provide training on how to use Google Cloud directly to Israel’s national intelligence agency and that the contracts were not primarily meant for t civil services and society as claimed, but rather the military. Furthermore, he says that Palestinian and Muslim employees faced “the most intense retaliation bias” when speaking out against the contracts. Read More Paris Olympics Braces for Cyber Siege: Millions of Hacking Attempts Expected Paris Olympic organizers are preparing for a hoard of cyberattacks during this year’s events, as officials expect millions of hacking attempts. These attacks could entail minor issues like inconveniencing processes, or major damages that could result in the event being stunted. The organizers are preparing themselves by offering bug bounties to those who can scope out vulnerabilities in systems; Additionally, they are training staff to be able to recognize and respond to phishing scams. While fans and spectators are potential victims, there are also issues with smart equipment like CCTV cameras, alarm systems, badges, etc. The 2021 Tokyo Olympics reportedly faced about 450 million hacking attempts, and this year is predicted to be almost 8 to 12 times that number. Read More PayPal Appoints Shaun Khalfan as New CISO PayPal, a famous digital payments company, has recently appointed Shaun Khalfan as their new Senior Vice President and Chief Information Security Officer. Khalfan has over 20 years of experience in information security and risk management, and his presence in the company cements their cybersecurity fields further. PayPal is one step closer to ensuring the security and defence of the company’s digital infrastructure and everyone involved digital assets, data and payments. Khalfan stated, “I am excited to embark on a new challenge as SVP, Chief Information Security Officer at PayPal! I am inspired by the leadership team, growth strategy, and look forward securing a digital company on a global scale.” Read More AI Deepfakes and Foreign Interference: Challenges in India's Elections With India currently holding general elections to select members of Parliament, there seem to be a plethora of cybersecurity challenges present. There seems to be a large amount of AI-generated content and deepfakes by political entities and foreign agents against one another to manipulate the game and cause tensions amongst the public and the politicians. Cybersecurity experts and Industry leaders, such as IBM and McAfee have already predicted a treacherous voting season, but the use of AI generated content adds to the stilted integrity of the election. Foreign interference also seems to be an issue for the Indian voting process. Chinese hackers are an example of those identified to try to manipulate public opinion and influence election outcomes. Read More Australia Fines Social Media Platform for Refusing to Remove Stabbing Videos On April 15, a bishop and a priest were stabbed in Sydney, with the entire event being live-streamed. Graphic footage of the attack has been circulating online, leading to riots and the government calling the stabbing an act of terrorism. Due to this, Australia eSafety Commissioner Julie Inman Grant asked social media companies X and Meta to take down the videos due to the country’s Online Safety Act. Meta abided but X argued that some posts “did not violate X’s rules on violent speech,” and are now being threatened with a fine of AUD 785,000 (USD 500,000) if the posts aren’t taken down. Anthony Albanese, the Australian Prime Minister showed disapproval of Elon Musk and X’s actions by stating, “This isn’t about freedom of expression… Social media has a social responsibility.” Read More TikTok Faces US Ban: Bill Demands App Sale or Removal Over Security Concerns Lawmakers in the U.S. recently passed a bill that will ban the app in the country if TikTok’s Chinese owner, ByteDance, refuses to sell their stake in the American business. TikTok’s head of public policy for the U.S. stated that the bill was unconstitutional, going against the First Amendment and that TikTok would fight it in the courts. TikTok has always denied any affiliation with Beijing authorities and them having any access to user data. They have also stated they would always refuse if asked to do so. Yet, TikTok still faces scrutiny and pressure from lawmakers in the US, and other Western politicians including in the UK, over suspicion that users’ data is accessible by the Chinese government. The Bill is now headed toward President Joe Biden, who has stated that “I will sign this bill into law and address the American people as soon as it reaches my desk.” Read More Tesla Cybertruck Woes Mount with Recalls and Rust Teslas Cybertrucks have started mass malfunctioning recently, with the company receiving many complaints regarding faulty loose accelerator pedestals. This has led to future orders of the Cybertrucks being canceled as the company asks for their product to be recalled by the US National Highway Traffic Safety Administration (NHTSA). Elon Musk’s claims of the car being bulletproof, and the “best off-road vehicle” are shown to be untrue as users are unable to drive them properly through sand or snow, windows are broken by balls and windshields by hailstorms, rust occurs, along with some peoples cars just stopping to work at all. This doesn’t help Tesla as they currently face low earnings, having to cut staff by 10% globally, amounting to around 14,000 jobs. Read More U.K. Phone Maker "Nothing" Faces Data Breach Nothing, a U.K.-based phone manufacturer recently admitted to facing a data breach where 2,250 peoples information and privacy was endangered. While no sensitive information like passwords seemed to be accessed, user emails themselves being exposed caused concerns surrounding the security of the community members. Nothing traced the breach back to a vulnerability first known from December 2022, and immediately responded and took action against the vulnerability during this event. However, there seems to be no indication that the company reached out to the people affected regarding the situation which causes concerns surrounding communication and transparency. Read More UnitedHealth Group Pays Ransom After Change Healthcare Data Breach After Change Healthcare recently experienced a data breach, UnitedHealth has admitted to paying the ransom to retrieve patient information. The company stated, "A ransom was paid as part of the company’s commitment to do all it could to protect patient data from disclosure." Wired magazine, analyzing forum posts and other sources, estimates that the company likely paid around $22 million. The breached files, containing health information and personally identifiable information, have the potential to affect a large portion of the U.S. population if not reclaimed by the health group. Consequently, restoring pharmacy software, claims management, etc., along with financial assistance, has been a priority for the company. However, it seems that paying the ransom was the only way they could protect their members and their information from the hackers. Read More Russian Malware "GooseEgg" Targets Government Networks: Microsoft Sounds Alarm Microsoft recently discovered a new malware named GooseEgg being used by Russian hackers to gain elevated access, steal credentials, and facilitate lateral movement within compromised networks. The malware is attributed to a group called "Forest Blizzard," believed by the U.S. and U.K. governments to be associated with Unit 26165 of Russia’s military intelligence agency, the GRU. According to Microsoft, Forest Blizzard has been using GooseEgg since around June 2020. The group has targeted various sectors including state, non-governmental, educational, and transportation institutions in Ukraine, Western Europe, and North America. GooseEgg is deployed after gaining access to a device, enhancing the hackers' capabilities within the network. Read More This week's TCE Cyberwatch has painted a sobering picture of the current cybersecurity landscape. From data breaches and ransomware attacks to government censorship and social media manipulation, no corner of the digital world seems immune. Yet, there's also reason for hope. Advancements in AI offer potential solutions, while increased awareness empowers individuals and organizations to fight back. Stay vigilant, stay informed, and remember – together, we can build a more secure digital future. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
By Lakshmi Mittra, SVP and Head, Clover Academy In the rapidly changing and dynamic tech environment of today, future-proofing the workforce is more essential than ever. With industries constantly innovating and adapting to new technologies, the demand for next-gen tech talent professionals capable of leading change show more ...
and driving innovation is on the rise. This is where skilling steps in, acting as a key player in nurturing the next generation of tech talent. The concept of future-proofing the workforce revolves around equipping employees with the necessary skills and knowledge to adapt to new technologies and industry trends. With rapid advancements in technology, traditional job roles are evolving, and new roles are emerging. Therefore, it is essential for organizations to invest in continuous learning and development to ensure their workforce remains relevant and competitive. The Role of Skilling in Cultivating Next-gen Tech Talent Skilling plays a pivotal role in nurturing the next-gen tech talent through its tailored learning paths and hands-on experience. It offers industry-relevant courses and collaborates with experts to ensure up-to-date and practical training. Here’s how skilling equips learners to meet the demands of the evolving tech landscape and drive innovation: Tailored Learning Paths One of the key strengths of skilling is its ability to offer tailored learning paths that cater to the unique needs and aspirations of each learner. Whether it's data science, artificial intelligence, cybersecurity, or software development, skilling provides a range of courses and programs designed to develop the specific skills required in today's tech-driven world. Hands-on Experience: Skilling emphasizes hands-on learning, allowing learners to gain practical experience and apply their skills in real-world scenarios. Through projects, case studies, and practical assignments, learners not only acquire theoretical knowledge but also develop problem-solving and critical thinking skills essential for success in the tech industry. Industry Collaboration Skilling collaborates with industry leaders and experts to develop up-to-date and relevant content that is aligned with industry standards and practices. Fostering Innovation and Growth By empowering learners with hands-on and industry-relevant training, skilling promotes a culture of continuous learning. It provides learners with the tools and resources to explore and develop creative solutions, cultivating a workforce capable of driving innovation and sustainable growth. Enhanced Employability Skilling enhances the employability of learners by equipping them with industry-relevant skillsets and knowledge. This increased employability not only benefits the learners by opening up new career opportunities but also provides organizations with access to a pool of skilled and qualified talent. Conclusion Future-proofing your workforce is essential in today's rapidly evolving tech landscape. It benefits not only the employees but also provides organizations with a competitive edge by ensuring they have a skilled and adaptable workforce capable of driving innovation and growth. In this digital age, skilling is not just about acquiring new skills, but fostering a culture of continuous learning, adaptability, and achieving sustainable growth. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.
By Roman Faithfull, Cyber Intelligence Lead, Cyjax 2024 will see more elections than any other year in history: the UK, the US, Russia, India, Taiwan and more. According to AP, at least 40 countries will go to the polls this year, and some of these contests will have ramifications way beyond their national borders. show more ...
This will also make 2024 a year of misinformation, as groups both within and outside these countries look to exert their influence on the democratic process. As the US presidential election draws near, specialists caution that a combination of factors domestically and internationally, across conventional and digital media platforms, and amidst a backdrop of increasing authoritarianism, profound mistrust, and political and social turbulence, heightens the severity of the threats posed by propaganda, disinformation, and conspiracy theories. There are two terms that are frequently conflated. Disinformation is deliberately false content crafted to inflict harm, whereas misinformation is inaccurate or deceptive content shared by individuals who genuinely believe it to be true. It can be difficult to establish if people are acting in good faith or not, so the terms are often used interchangeably—and misinformation often starts out as carefully crafted disinformation. The overall outlook appears bleak, with governments already experiencing the effects of misinformation. The groundwork has been laid, evidenced by past initiatives that aimed to influence elections in favor of certain parties. In 2022, the BBC launched an investigative project, creating fake accounts to follow the spread of misinformation on platforms such as Facebook, Twitter, and TikTok, and its potential political impact. Despite attempts by social media platforms to tackle this problem, it was found that false information, particularly from far-right viewpoints, remains prevalent. Today, just two years on, the techniques and tools to manipulate information are even more advanced. The Deceptive Side of Tech AI is dominating every discussion of technology right now, as its uses are explored for good and ill. Spreading fake news and disinformation is one of those uses. In its 2024 Global Risks report, the World Economic Forum noted that the increasing worry regarding misinformation and disinformation primarily stems from the fear that AI, wielded by malicious individuals, could flood worldwide information networks with deceptive stories. And last year, the UK’s Cyber Security Center released a report exploring the potential for nations like China and Russia to employ AI for voter manipulation and meddling in electoral processes. Deepfakes have grabbed a lot of attention, but could they disrupt future elections? It’s not a future problem—we’re already here. Deepfake audio recordings mimicking Keir Starmer, the leader of the Labour Party, and Sadiq Khan, the mayor of London, have surfaced online. The latter of these was designed to inflame tensions ahead of a day of protest in London. One of those responsible for sharing the clip apologized but added that they believed the mayor held beliefs similar to the fake audio. Even when proven false, deepfakes can remain effective in getting their message across. Many would argue that the responsibility now falls on governments to implement measures ensuring the integrity of elections. It's a cat and mouse game—and unfortunately, the cat is not exactly known for its swiftness. There are myriad ways to exploit technology for electoral manipulation, and stopping all of it could simply be impossible. Regulation is out-of-date (the Computer Misuse Act was passed in 1990, though it has been updated a few times) and the wheels of government turn slowly. Creating and passing new laws is a long process involving consultation, amendment processes, and more. But is it solely the responsibility of governments, or do others need to step up?. Is There a Solution? Combating technology with technology is essential, there is simply too much misinformation out there for people to sift through. Some of the biggest tech companies are taking steps: Two weeks ago, a coalition of 20 tech firms including Microsoft, Meta, Google, Amazon, IBM, Adobe and chip designer Arm announced a collective pledge to tackle AI-generated disinformation during this year's elections, with a focus on combating deepfakes. Is this reassuring? It’s good to know that big tech firms have this problem on their radar, but tough to know how effective their efforts can be. Right now, they are just agreeing on technical standards and detection mechanisms—starting the work of detecting deepfakes is some way away. Also, while deepfakes are perhaps uniquely disturbing, they are just one method among many, they represent just a fraction of effective disinformation strategies. Sophistication is not always needed for fake news to spread—rumors can be spread on social media or apps like Telegraph, real photos can be put into new contexts and spread disinformation without clever editing, and even video game footage has been used to make claims about ongoing wars. Fighting Misinformation During Election Fighting against misinformation is extremely difficult, but it is possible. And the coalition of 20 big tech firms has the right idea—collaboration is vital. Be proactive A lie can travel halfway around the world while the truth is putting on its shoes, said… someone (it’s a quote attributed to many different people). By the time we react to disinformation, it’s already out there and debunking efforts are not always effective. As Brandolini’s Law states, the amount of energy needed to refute bullshit is an order of magnitude bigger than that needed to produce it. And often, when people read both the misinformation and the debunking, they only remember the lies. Warning people about what to look for in misinformation can help. Where did it originate? If it claims to be from an authoritative source, can you find the original? Is there a source at all? Inoculate Sander van der Linden, a professor of psychology and an expert on misinformation, recommends a similar approach to vaccinations—a weak dose of fake news to head off the incoming virus. By getting people to think about misinformation and evaluate it, and teaching people the tactics behind its creation, they can better deal with fake news stories they later encounter. Could we create a vaccine program for fake news? Perhaps, but it requires a big effort and a lot of collaboration between different groups. Monitor It’s not only governments and public figures that are attacked by fake news, corporations and businesses can find themselves the target or unwitting bystanders. Telecom companies have been the subject of 5G conspiracy theories, and pharmaceutical companies accused of being part of, rather than helping solve, the pandemic. But the problem can get weirder. A pizza restaurant in Washington DC and a furniture retailer have both had to react to being accused of child trafficking thanks to bizarre rumors circulating online. What are people saying about your business? Can you react before things get out of hand? Misinformation works for a number of reasons—people want to know “the story behind the story”, and it gives people a feeling of control when they have access to “facts” others do not—which is why misinformation spreads so fast during a pandemic that took away that feeling of control from so many of us. Those spreading misinformation know how to tap into these fears. In cybersecurity terms, they know the vulnerabilities and how to exploit them. We can’t distribute software patches to stop these attacks, but we can make them less effective by understanding them. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.
The FBI published a warning on Friday about the scam, noting that it was akin to an offshoot of romance scams and pig butchering schemes that have proliferated in recent years.
An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor.
The operation involves a malicious PPSX file that drops a custom loader for the Cobalt Strike Beacon malware. The loader employs various techniques to slow down analysis and bypass security solutions.
Nearly five months after security researchers warned of the Cactus ransomware group leveraging a set of three vulnerabilities in Qlik Sense data analytics and BI platform, many organizations remain dangerously vulnerable to the threat.
An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors. "During these fraudulent interviews, the developers are often asked
Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems. The attack chain, which took place at the end of 2023 according to Deep Instinct, employs a PowerPoint slideshow file ("signal-2023-12-20-160512.ppsx") as the starting point, with
Source: securityboulevard.com – Author: Matt Palmer Cyber security is often conflated with the term confidentiality, but that is not correct. Traditionally, professionals tend to define it as being about confidentiality, integrity and availability (known as the CIA triad), but that’s not quite right either. show more ...
So what is it? In the process of advising on our […] La entrada Breaking Down Cybersecurity: The Real Meaning Behind the Jargon – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
