Reading view
TCE Cyberwatch: Weekly Roundup Highlights AI Risks, Data Breaches, and Legal Battles
TCE Cyberwatch: A Weekly Round-Up
AI's Dark Side: Experts Warn of Cybercrime, Election Attacks at Congressional Hearing
At a U.S. congressional hearing on AI misuse, data security and privacy experts discussed AI’s diverse threats, including cybercrime, election interference, and nation-state attacks. The House Committee on Homeland Security announced their aim of incorporating AI into upcoming legislation, and panelists emphasized that AI has empowered cybercriminals, making it crucial to integrate AI into cybersecurity measures. The spokesperson from Palo Alto Networks stressed the need for secure AI development and oversight. Concerns about election security were raised, and the Centre for Democracy and Technology proposed guidelines for responsible AI use, emphasizing proper training data, independent testing, and human rights safeguards. They warned against the hasty deployment of AI, advocating for a careful approach to ensure long-term benefits. Read MoreCourtroom Recording Software Hit by Supply Chain Attack, Thousands Potentially Affected
Hackers compromised Justice AV Solutions (JAVS), a widely-used courtroom recording platform, by inserting a backdoor in a software update. JAVS software, installed in over 10,000 locations globally, was affected when hackers replaced the Viewer 8.3.7 software with a compromised file. JAVS responded by removing the affected version from its website, resetting passwords, and auditing its systems. The company assured that current files are malware-free and urged users to verify their software is digitally signed. Cybersecurity firm Rapid7 identified the backdoor as linked to the GateDoor and Rustdoor malware families, often used by the ShadowSyndicate cybercrime group. They advised users to reimage affected systems and reset credentials, as merely uninstalling the software is insufficient. Read MoreAustralian Regulator Sues Optus Over Massive Data Breach of 10 Million Customers
Australia's media regulator is suing telecom carrier Optus, owned by Singapore Telecommunications, over a massive data breach in September 2022. The breach exposed the personal information of 10 million Australians, including addresses, passports, and phone numbers. Following the breach, Prime Minister Anthony Albanese advocated for stricter privacy laws to ensure companies notify banks quickly in such incidents. The Australian Communications and Media Authority claims Optus failed to protect customer data from unauthorized access. Optus, which has been cooperating with authorities, stated it cannot yet determine potential penalties and plans to defend itself in court. The company has been under scrutiny recently due to a separate 12-hour network blackout affecting over 10 million customers. Read MoreCritical WordPress Vulnerabilities: Update Plugins Immediately!
The Cyber Security Agency of Singapore has issued an urgent alert regarding critical vulnerabilities in several WordPress plugins. These vulnerabilities pose significant security risks, potentially allowing unauthorized access and exploitation. To address these issues, security updates have been released. SingCERT has identified nine critical vulnerabilities, including those allowing arbitrary file uploads and SQL injection, and has provided mitigation strategies. Users are strongly advised to update to the latest plugin versions immediately. Additional measures, such as virtual patching, can offer temporary protection. Regular updates and monitoring are essential for safeguarding WordPress websites against potential threats. For more details, users should consult the respective plugin documentation and developer updates. Read MoreRansomware Attack on Spanish Bioenergy Plant Highlights ICS Vulnerabilities
A ransomware attack by the Ransomhub group on the Industrial Control Systems (ICS) of a Spanish bioenergy plant underscores the risks of cyberattacks on critical infrastructure. The attack targeted the SCADA system, crucial for managing the plant's operations, encrypting over 400 GB of data and disrupting essential functions. Organizations must fortify defenses by implementing robust network segmentation, regular software updates, secure remote access, and diligent monitoring. Developing and testing incident response plans are essential to minimize the impact of such attacks. This incident highlights the need for heightened vigilance and proactive measures to protect critical infrastructure from cyber threats. Read MoreIslamabad's Safe City Project Exposed: Hack Highlights Security Failures
Islamabad’s Safe City Authority faced a severe disruption after hackers breached its online system, forcing an immediate shutdown. The project, launched with Chinese financial support, aimed to enhance security with advanced technology, including CCTV cameras and facial recognition. The hack exposed vulnerabilities, as hackers accessed sensitive databases and compromised crucial systems like criminal records and human resources. Despite a firewall alert, the lack of backup servers necessitated a complete shutdown. The breach affected key services, revealing weak security practices, such as simple login credentials and outdated software. The isolated camera management system remained secure. Police confirmed the breach and have taken steps to improve security. The project, controversial due to transparency issues and cost overruns, has faced criticism for not achieving its security goals. Financial difficulties and operational setbacks further marred its effectiveness, and the recent hack has intensified scrutiny of the initiative. Read MoreMassive Data Breach at Pharma Giant Cencora Exposes Millions
The Cencora data breach has impacted more than a dozen pharmaceutical companies, including Novartis and GlaxoSmithKline, leaking personal and health data of hundreds of thousands. Cencora, formerly AmerisourceBergen, and its Lash Group affiliate revealed the breach to the SEC, indicating data exfiltration from its systems. With operations in 50 countries and significant revenue, Cencora did not initially detail the breach's scope but later notifications identified 15 affected companies. At least 542,000 individuals' data, including names, addresses, birthdates, health diagnoses, and prescriptions, were compromised. Despite the breach, no misuse or public disclosure of the data has been reported. The company has offered affected individuals credit monitoring and identity theft protection services and is enhancing its security measures. This incident highlights ongoing vulnerabilities in the healthcare sector, which has seen several recent cyberattacks. Read MoreMediSecure Ransomware Breach: 6.5 TB of Patient Data Listed for Sale on Dark Web
MediSecure, an Australian digital prescription service provider, confirmed that data stolen in a recent ransomware attack is for sale on the dark web. The breach, originating from a third-party provider, exposed personal and health information of patients and healthcare providers up to November 2023. The hacker, Ansgar, began selling the data for $50,000 on May 23, claiming to possess 6.5 terabytes of sensitive information. MediSecure alerted the public, urging them not to seek out the stolen data, which includes names, addresses, emails, phone numbers, insurance numbers, prescriptions, and login details. Australia's National Cyber Security Coordinator and police are investigating. MediSecure emphasized that the breach does not affect the Australian healthcare system's ongoing operations or access to medication. They are working to notify affected individuals and assure them of measures to protect against further risks. Read MoreOpenAI Backtracks on Voice Assistant After Scarlett Johansson Raises Concerns
OpenAI's new voice assistant debuts with a voice similar to actress Scarlett Johansson's, who expresses shock and anger, as she had previously declined an offer to voice ChatGPT, especially given her role in the 2013 film *Her*. OpenAI's CEO, Sam Altman, seemingly acknowledged this connection in a social media post. Despite OpenAI's claim that the voice belonged to another actress, Johansson's concerns highlight broader tensions between AI and the creative industries. OpenAI has since dropped the controversial voice and is working on tools for content creators to manage their work's use in AI training. The incident underscores the need for stronger legal protections, like the No Fakes Act, to safeguard personal likenesses. Legal experts believe Johansson might have grounds for a lawsuit, referencing similar past cases like Bette Midler's against Ford. As AI technology advances, such legal disputes are expected to increase. Read MoreTo Wrap Up
Here at TCE, we hope these weekly roundups continue to keep you informed about the latest in the cybersecurity industry. Our coverage not only includes cyberattacks but also developments in the legal aspects of AI, which are becoming increasingly important as technology evolves. We aim to keep you updated on new developments in the industry, including impacts on companies and the general public, such as recent events involving Medicare. Our goal is to ensure everyone stays safe and knows the appropriate responses if affected by these situations.Industry Leaders at World CyberCon Share Insights on Cyber Risk Management
Understanding Cyber Risk Scoring at World CyberCon META Cybersecurity Conference
Beenu Arora, the CEO of Cyble, delivered a global perspective that resonated profoundly with the audience. He highlighted the staggering statistics regarding data breaches over the past few years. According to statistics, over the past thousand days, more than 50,000 companies worldwide have fallen victim to data breaches. “In the last two and a half years, let’s say, the last thousand days. Can anybody guess how many companies have reportedly been breached? The number we have exactly at the moment is 50 thousand! So 50 thousand companies, globally, have been breached, in the last thousand days”, said Beenu Arora at The Cyber Express META Cybersecurity Conference in Dubai. Azhar Zahiruddin emphasized the importance of understanding the evolving nature of cyber threats and the necessity of robust data protection frameworks. He stressed that organizations must stay ahead of threat actors by continuously updating their security measures and protocols. Suhaila Hareb provided insights into the regulatory landscape and the role of compliance in enhancing cybersecurity defenses. She highlighted the significance of adhering to international standards and the need for regular audits to ensure that security measures are effective and up-to-date. Ankit Satsangi discussed practical strategies for improving cyber risk scoring mechanisms. He recommended a multi-layered approach to cybersecurity that integrates advanced technologies, employee training, and proactive threat intelligence. The panelists collectively underline the importance of cyber risk scoring as a tool for organizations to assess and manage their cybersecurity risks. Effective risk scoring enables companies to identify vulnerabilities, prioritize their security investments, and respond more swiftly to potential threats. Moreover, throughout the discussion, a common theme emerged: the need for better defense mechanisms to fight against online threats. The experts agreed that while technological advancements are crucial, human factors such as employee awareness and training play an equally vital role in maintaining enhanced cybersecurity. [caption id="attachment_71349" align="aligncenter" width="2800"] (L-R: Suhaila Hareb - ISR Auditor, Dubai Electronic Security Center; Ankit Satsangi - Director, Beeah Group; Waqas Haider - CISO, HBL Microfinance Bank (Moderator), Azhar Zahiruddin - Director of Data Protection - Group DPO, Chalhoub Group and Beenu Arora - Co-founder and CEO, Cyble)[/caption]A Call for Enhanced Defense Mechanisms
The World CyberCon 3.0 META Cybersecurity conference showcased the latest advancements and strategic insights in the field of cybersecurity. The panel on cyber risk scoring highlighted the critical role of this practice in helping organizations navigate the complex threat landscape. As cyber threats continue to evolve, the insights shared by these industry leaders provide valuable guidance for organizations seeking to bolster their cybersecurity defenses. By adopting comprehensive risk scoring mechanisms and staying informed about emerging threats, businesses can better protect their digital assets and maintain resilience in an increasingly interconnected world. Apart from this, the META edition of World CyberCon holded several interesting sessions on cybersecurity in the Middle East. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.Women Take Center Stage at World CyberCon: Panel Explores AI for Threat Detection
World CyberCon META Edition: Transforming Threat Detection and Response
AI and ML are redefining the landscape of cybersecurity through various applications. Behavioral analytics, anomaly detection, and automated incident response are now integral to modern cybersecurity strategies. AI's ability to analyze vast datasets and identify patterns that elude traditional methods enables organizations to preemptively address potential threats. Irene Corpuz reinforced this notion, stating, "AI isn't a replacement, it's a force multiplier for cybersecurity. Leveraging AI and machine learning strengthens our defenses by automating threat detection, freeing us to focus on strategic security initiatives." [caption id="attachment_71219" align="aligncenter" width="1024"] (L-R: Sithembile (Nkosi) Songo – Chief Information Security Officer, ESKOM; Afra Mohammed Almansoori – Business Analyst, Digital Dubai; Dina Alsalamen, VP, Head of Cyber and Information Security Department, Bank ABC; Irene Corpuz – Co-Founder, Women in Cyber Security Middle East and Jo Mikleus – Senior Vice President, Cyble Inc.)[/caption]Enhanced Accuracy and Speed
The panel discussed notable use cases where AI and ML have significantly enhanced the accuracy and speed of threat detection. In one instance, Bank ABC utilized AI-driven analytics to thwart a sophisticated phishing attack that traditional security measures failed to detect. By rapidly identifying and responding to anomalies, AI systems have proven to be a vital asset in the fight against cybercrime. However, the integration of AI and ML into cybersecurity is not without challenges. The panel emphasized the importance of adopting applicable policies and standards to mitigate risks associated with these technologies. Regulatory frameworks must evolve to address issues such as data privacy, ethical use of AI, and the potential for AI-generated threats.Integration with Existing Infrastructure
Integrating AI and ML capabilities with existing security infrastructure is another critical consideration. Organizations must ensure seamless integration to maximize the benefits of AI without disrupting their current operations. This involves upgrading legacy systems, training staff on new technologies, and continually assessing the performance of AI tools. Best practices in reorienting strategic investments were also discussed. Companies are increasingly allocating resources towards AI capabilities to stay ahead of emerging threats. By investing in AI and ML, businesses can enhance their threat detection and response mechanisms, thereby safeguarding their digital assets more effectively.Overcoming Implementation Challenges
The panel acknowledged the challenges and limitations of implementing AI and ML in cybersecurity, especially for small and medium-sized enterprises (SMEs). Resource constraints, lack of expertise, and integration issues are common hurdles. To overcome these challenges, organizations should consider collaborative approaches, such as partnering with cybersecurity firms and leveraging cloud-based AI solutions. A key theme was the envisioned collaboration between humans and machines in cybersecurity operations. AI and ML technologies can augment the capabilities of human analysts by handling routine activities, thus allowing experts to focus on more strategic tasks. This symbiotic relationship enhances overall security posture and operational efficiency. The reception from key stakeholders, including Boards, CEOs, and CFOs, was noted as increasingly positive. As cyber threats become more sophisticated, there is growing recognition of the need for enhanced cybersecurity measures. Business leaders are supporting CISOs in making the necessary investments to protect their organizations.Delivering ROI
Finally, the panel discussed how to position business cases for AI in cybersecurity to deliver ROI. Demonstrating the tangible benefits of AI investments, such as reduced incident response times and minimized breach impact, is crucial for securing buy-in from stakeholders. [caption id="attachment_71215" align="aligncenter" width="1024"] Jo Mikleus, Senior Vice President at Cyble Inc.[/caption] Jo Mikleus summed up the session by stating, "It was a privilege to moderate the World CyberCon panel, discussing AI as a critical strategic investment for cybersecurity and managing threat intelligence."The Middle East's Cybersecurity Imperative
As digitalization surges across the Middle East, the importance of strong cybersecurity measures cannot be overstated. The region's rapid technological advancement necessitates a proactive approach to combat the escalating cyber threat landscape. Leveraging AI and ML to complement traditional cybersecurity defenses is advantageous, but proactive measures are essential to mitigate AI-related risks. Shadow AI in the workplace is growing, with an alarming 156% increase in employees inputting sensitive corporate data into chatbots like ChatGPT and Gemini. The World CyberCon Meta Edition 2024 underlines the critical role of AI and ML in modern cybersecurity strategies. As cyber threats continue to evolve, strategic investments in these technologies will be pivotal in safeguarding the digital future.World Cybercon 3.0 META Awards Celebrate Champions of Cybersecurity in the Middle East
The Cyber Express Cybersecurity Person of 2024 (META): Man
- Thomas Heuckeroth, SVP IT Infrastructure & Digital Platforms, Emirates Group
The Cyber Express Cybersecurity Person of 2024 (META): Woman
- Dr. Hoda A Alkhzaimi, EMaratsec
The Cyber Express Cybersecurity Diversity and Inclusion Advocates of 2024
- Yana Li, WebBeds
- Dina AlSalamen, Bank ABC (Jordan)
- Rudy Shoushany, DxTalks
- Aus Alzubaidi, MBC Group
- Saltanat Mashirova, Honeywell
The Cyber Express Infosec Guardians of 2024 (BFSI)
- Anthony Sweeney, Deribit
- Bipin Mehta, HSBC Bank
- Syed Muhammad Ali Naqvi, HBL Bank
- Kiran Kumar PG, Alpheya
- Ahmed Nabil Mahmoud, Abu Dhabi Islamic Bank
The Cyber Express Infosec Guardians of 2024 (Government & Critical Entities)
- Talal AlBalas from Abu Dhabi Quality and Conformity Council (ADQCC)
- Abdulwahab Abdullah Algamhi, UAE ICP
- Vinoth Inbasekaran, Dubai Government Entity - Alpha Data
- Dr Hamad Khalifa Alnuaimi, Abu Dhabi Police
- Dr Saeed Almarri, Dubai Police
The Cyber Express Top Cybersecurity Influencers of 2024
- Dr. Mohammad Al Hassan, Abu Dhabi University
- Maryam Eissa Alhammadi, Ministry of Interior
- Hadi Anwar, CPX
- Waqas Haider, HBL Microfinance Bank
- Chenthil Kumar, Red Sea International
- Nishu Mittal, Emirates NBD
- Nisha Rani, Emirates Leisure Retail
The Cyber Express Top InfoSec Leaders 2024
- Mohamad Mahjoub, Veolia Near and Middle East
- Ankit Satsangi, Beeah Group
- Gokul Vasudev, Dubai Health Authority
- Ashish Khanna, SHARAF GROUP
- Abhilash Radhadevi, Oq Trading
- Prashant Nair, Airtel Africa PLC
The Cyber Express Top Infosec Entrepreneurs 2024
- May Brooks Kempler, Helena
- Illyas Kooliyankal, CyberShelter
- Kazi Monirul, Spider Digital
- Muneeb Anjum, AHAD
- Craig Bird, CloudTech24
- Zaqiuddin Khan, Tech Experts LLC
- Alireza Shaban ghahrod, Diyako Secure Bow
Insightful Discussions and Networking
The awards set a celebratory tone that carried through the rest of the conference. The day commenced with a vibrant atmosphere as attendees gathered for registration and explored the exhibition area, setting the stage for a day of insightful discussions and networking opportunities. Augustin Kurian, Editor-in-Chief of The Cyber Express, extended a warm welcome, emphasizing the importance of collaborative efforts in cultivating a secure cyber environment.Keynote and Panel Sessions
Irene Corpuz, Co-Founder of Women in Cybersecurity Middle East, delivered the opening keynote, shedding light on the imperative of incubating security and nurturing a cyber-aware culture, particularly within startup ecosystems. Corpuz's address highlighted the significance of proactive measures in addressing cybersecurity challenges from the outset. Panel discussions served as focal points for in-depth exploration of key cybersecurity issues. From navigating cyber threats to leveraging innovative approaches for threat detection, industry experts provided valuable insights into emerging trends and strategic investments in cybersecurity. Notable panelists included Waqas Haider of HBL Microfinance Bank, Beenu Arora of Cyble, and Azhar Zahiruddin of Chalhoub Group, among others.Diversity and Inclusion
The Cyber Express's World CyberCon Meta Edition event also celebrated diversity and inclusion in cybersecurity, honoring advocates who have championed these principles within their respective domains. Yana Li of WebBeds and Dina AlSalamen of Bank ABC were among the esteemed recipients of The Cyber Express Cybersecurity Diversity and Inclusion Advocates of 2024 award, acknowledging their efforts in fostering an inclusive cyber community. Strategic insights were further highlighted during panel discussions focusing on fortifying against ransomware and the role of AI and ML in enhancing threat detection. Expert moderators facilitated engaging conversations, addressing critical challenges and sharing best practices for prevention, mitigation, and swift recovery.Conclusion
The Cyber Express World Cybercon 3.0 META Cybersecurity Conference successfully raised the bar for the collective dedication of cybersecurity professionals in the META region. By fostering dialogue, sharing insights, and recognizing excellence, the event played an important role in advancing cybersecurity resilience and shaping the future of cybersecurity across industries. The Cyber Express awards recognized the hard work and innovative solutions of the finest brains in cybersecurity, emphasizing the message that collaborative and proactive actions are critical to protecting our digital future. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.Decoding the Primary Devils Behind Data Breaches
Critical weaknesses behind Data Breaches
Weak and stolen credentials
Although hacking attacks are frequently cited as the leading cause of data breaches, it's often the vulnerability of compromised or weak passwords or personal data that opportunistic hackers exploit. Statistics show that four out of five breaches are partially attributed to the use of weak or stolen passwords. To mitigate the risk of hackers executing an account takeover on sensitive accounts, businesses should consider deploying fraud protection tools. These act as proactive defenses, significantly reducing the likelihood of unauthorized access and enhancing the overall security of your accounts. Bot Managers also address challenges associated with bot traffic on websites and applications. It’s designed to identify, manage, and mitigate both malicious and non-malicious bot traffic, ensuring a more secure and efficient online experience. To further protect your organization, it’s also advisable to implement enterprise single sign-on (SSO), establish strong password hygiene, and set up phishing-resistant multi-factor authentication (MFA) across computer systems — this way, you can prevent personally identifiable information from getting into the wrong person’s hands.Backdoor and application vulnerabilities
Exploiting backdoor and application vulnerabilities is a favored strategy among cybercriminals. When software applications are poorly written or network systems are inadequately designed, hackers will continuously probe for weaknesses to find open doors that grant them direct access to valuable data and confidential information. Ensuring your web application firewall (WAF) is regularly updated and well-managed helps mitigate these vulnerabilities. Due to constantly shifting attack techniques, organizations should also use advanced artificial intelligence (AI) powered security solutions to identify vulnerabilities and protect against unauthorized access. The WAF should be a robust security solution designed to protect web applications from a variety of cyber threats, including data breaches. It can serve as a barrier between web applications and the internet, scrutinizing and filtering HTTP traffic to identify and mitigate potential vulnerabilities and attacks.Malware
The prevalence of both direct and indirect malware is increasing. Malware (inherently malicious software) is loaded onto a system by unsuspecting victims, providing hackers with opportunities to not only exploit the affected system but also potentially spread to other connected systems. This type of malware poses a significant security threat as it allows malicious insiders access to confidential information and provides the ability to steal data for financial gain. Implementing an advanced malware protection solution at multiple ingress points in the network can significantly enhance your security posture, reducing the risk that employees will fall victim to malicious software. By leveraging cutting-edge data security in malware detection and prevention, organizations can fortify their data protection defenses against evolving cyber threats and security breaches.Social Engineering
Cybercriminals and hackers can shorten the effort of establishing unauthorized access by persuading individuals with legitimate data access to do it for them. Phone calls, phishing scams, malicious links (often sent via email, text, or social media), and other forms of social engineering such as deep fakes are now commonly used to manipulate individuals into unwittingly granting access or divulging sensitive information like login credentials to cybercriminals. Such information can result in a data leak, in which hackers recycle, reuse, and trade-sensitive data like Social Security numbers or personal data for the purpose of identity theft and other illicit activities. Exercising vigilance in sharing sensitive information with external parties is quintessential. Awareness of the information being shared, and verification of legitimacy can serve as a simple yet effective defense against social engineering tactics.Ransomware
Ransomware is a type of malicious software designed to restrict access to a computer system or files until a sum of money, or ransom, is paid. It typically encrypts the victim's files or locks their system, rendering it inaccessible, and then demands payment (often in cryptocurrency) in exchange for restoring access. Ensuring the safety and protection of your infrastructure against external threats is paramount. Organizations must be confident that attackers haven’t gained access to their systems and aren’t using them for malicious activities. Implementing a robust visibility and protection solution, such as microsegmentation will be helpful in this scenario. Microsegmentation offers a straightforward, fast, and intuitive approach to enforce Zero Trust principles within your network. This solution is designed to prevent lateral movement by visualizing activity in your IT environments, implementing precise microsegmentation policies, and swiftly detecting potential breaches.Improper configuration and exposure via APIs
Misconfigured settings or parameters encompass various issues such as default passwords, open ports, or weak encryption. Such inadequacies can create vulnerabilities that hackers may exploit to gain unauthorized access to systems or data, leading to security breaches and other malicious activities. Inadequate configuration settings and vulnerabilities in APIs can expose them to a large number of security risks. Addressing and rectifying these issues is crucial to prevent unauthorized access and potential data breaches. Consider implementing proper API security and governance from code time to runtime, including regularly auditing API security measures, which are critical steps to enhance overall protection. To address misconfiguration and exposure via APIs, businesses must rely not just on their WAF but also on deploying an advanced API security solution to protect against evasive API abuses. This solution can offer comprehensive visibility, identifying vulnerabilities and detecting potential threats and abuses related to APIs. Moreover, it assists in helping organizations establish a more proactive approach to security by lowering the overall attack surface of critical APIs from secure development to runtime protection, effectively reinforcing their overall API security posture.DNS attacks
Domain Name System (DNS) attacks are malicious activities that target the DNS infrastructure to disrupt or manipulate the resolution of domain names into IP addresses. These attacks can have various objectives, including causing service disruptions using distributed denial of service (DDoS), redirecting users to malicious websites, or gaining unauthorized access to sensitive information. Organisations must deploy a strong cloud-based authoritative DNS Service ensuring 100% availability and protection against multi-vector DNS attacks like flooding and water torture attacks. Implementing best practices and deploying security countermeasures that are able to withstand the attack volume, are crucial steps to take when mitigating these attacks.Conclusion
Data breaches continue to pose a pervasive risk across various sectors, affecting organizations of all sizes and types — from healthcare and finance to e-commerce and retail. By proactively identifying potential vulnerabilities, organizations can reduce the likelihood of successful cyberattacks. Investing in robust security measures that enforce a Zero Trust Security model and ensuring their applications, APIs, and DNS services are continuously protected against cyber threats, helps mitigate financial risks associated with breaches, such as regulatory fines, legal fees, and revenue loss. By minimizing the impact of breaches, organizations can also maintain business continuity — and avoid disruptions to normal operations or damaged reputations. Overall, a comprehensive understanding of breach causes, and the implementation of appropriate security measures are vital for protecting data, minimizing risk, and ensuring the long-term success of all organizations. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.This week on TCE Cyberwatch: Snapchat AI to political unrest in Kyrgyzstan
TCE Cyberwatch Weekly Update
Explore the newest updates and empower yourself with the information needed with TCE Cyberwatch.USDoD announces plans to resurrect BreachForum’s community
The FBI's takedown of BreachForums, a key cybercrime marketplace, marked a significant victory against cybercrime. However, less than 24 hours later, the cybercriminal known as USDoD announced plans to resurrect the forum’s community. BreachForums had been central for trading stolen data and hacking tools, and its removal was a major achievement, but USDoD and another administrator, ShinyHunters, claimed that they would revive the site. USDoD vowed to launch a new forum, Breach Nation, with domains breachnation.io and databreached.io, which is set to go live on July 4, 2024. Robust infrastructure, enhanced security, and upgraded memberships to the first 200,000 users were some of the things that were offered. Read MoreGenerative AI and its impact on the insurance industry
Generative AI has become a major topic in AI discussions, especially with advanced models like OpenAI’s GPT-4 and Google’s Gemini 1.5 Pro. Bloomberg predicts that the Generative AI market will reach USD 1.3 trillion by 2032, holding potential across industries, but specifically insurance. In insurance, Generative AI is expected to revolutionize operations, streamline claims by analyzing images and documents, speed up settlements and enhance customer satisfaction, improve decision-making, and reduce errors and cases of fraud through its data analysis capabilities. Generative AI can also provide tailored recommendations and engage with customers in conversations. While Generative AI offers significant advantages, its adoption must address concerns about data privacy and ethical AI usage. Read MoreKyrgyzstan faces cyberattacks on government entities as mob violence occurs against foreign students
Bishkek, the capital of Kyrgyzstan, is currently experiencing severe mob violence and cyberattacks. The turmoil began with a viral video showing a fight between Kyrgyz and Egyptian medical students, which led to widespread violence against foreign students. Simultaneously though, Kyrgyzstan is facing severe cyberattacks from various hacktivist groups. The attackers, calling themselves Team Insane PK, have allegedly attacked multiple governmental platforms, including the Ministry of Agriculture and the Education Portal of the Ministry of Emergency Situations, as well as private entities like Saima Telecom and several universities. Additionally, Silent Cyber Force, another Pakistan-based group, has allegedly targeted Kyrgyzstan’s Ministry of Defence and Ministry of Agriculture. Read MoreU.S. election causes worry surrounding several cyberattacks, specifically those of foreign interference
With the 2024 U.S. elections approaching, foreign interference, particularly through cyberattacks, has intensified. Democratic Senator Mark Warner noted the involvement of both state and non-state actors, including hacktivists and cybercriminals, who find it increasingly easy to disrupt U.S. politics. The Cybersecurity and Infrastructure Security Agency (CISA) is at the forefront of defending against these threats. CISA Director Jen Easterly emphasized that while election infrastructure is more secure than ever, the threat environment has become more complex, with foreign adversaries and generative AI capabilities posing significant risks. In response, CISA has ramped up its efforts, offering cybersecurity assessments, physical security evaluations, and training sessions to election stakeholders. Read MoreNew Vulnerability Llama Drama spotted in Python package widely used by AI application developers
A critical vulnerability, CVE-2024-34359, dubbed Llama Drama, was recently discovered in a Python package widely used by AI application developers. Discovered by researcher Patrick Peng, the vulnerability affects the llama_cpp_python package, which integrates AI models with Python and is related to the Jinja2 template rendering tool used for generating HTML. Checkmarx, a cybersecurity firm, explained that the issue arises from llama_cpp_python using Jinja2 for processing model metadata without implementing proper security measures like sandboxing. This oversight enables template injection attacks, allowing for arbitrary code execution on systems using the affected package. More than 6,000 AI models that use llama_cpp_python and Jinja2 are impacted by this. Read MoreEuropol investigating a black hat hacker who claims to have stolen classified data from their systems
Europol is investigating a black hat hacker, IntelBroker, who claims to have stolen classified data from their system. The hacker allegedly accessed classified information, like employee data and source codes, from various branches of Europol, like the Europol Platform for Experts (EPE). IntelBroker posted screenshots as proof and later claimed to have sold the data. Europol confirmed the incident and assured that no operational data was compromised. The agency has taken initial actions, and the EPE website is temporarily down for maintenance. Additionally, IntelBroker claimed to have hacked Zscaler, a cybersecurity firm, offering to sell access to their systems. Zscaler is investigating but has not found evidence of impact, other than a test environment exposed to the internet, though it's unclear if it was involved in the breach. Read MorePalo Alto Networks' forecast falls short of investor expectations
Palo Alto Networks' fourth-quarter billings forecast fell short of investor expectations, signaling restrained corporate spending on cybersecurity amid economic uncertainty and persistent inflation. This caution has driven companies to diversify their cybersecurity investments to avoid reliance on a single vendor, leading to a reduced growth outlook for firms like Palo Alto Networks. The company projected fourth-quarter billings between $3.43 billion and $3.48 billion, aligning closely with analysts' estimates but reflecting broader concerns about slowed growth in the sector. Analysts highlighted the lack of significant positive momentum in the revised forecasts put out by Palo Alto following this. However, the forecasts follow similar cautionary predictions from rivals like Fortinet, which hint at a broader trend of cautious spending in the cybersecurity industry. Read MoreAustralia passes its first legislation for a national digital ID
Australia has passed its first legislation for a national digital ID, called myGovID, set to come into effect in November. This eliminates the need for multiple forms of physical ID. Lauren Perry from the UTS Human Technology Institute explains that the digital ID will streamline the cumbersome process of collecting and verifying multiple ID documents. The system acts as an intermediary between the user and organizations requiring identity verification. Users will interact with organizations through an app, inputting a government-registered number to confirm their identity. Currently, the myGovID app serves this purpose, but private providers like MasterCard or Visa could join the system, enhancing security and reducing fraud risks. Read MoreWestern Sydney University faces a cybersecurity breach affecting 7,500 individuals.
Western Sydney University faced a cybersecurity breach that affected around 7,500 individuals. The breach, first identified in January 2024, was traced back to May 2023 and involved unauthorized access to the university’s Microsoft Office 365 platform, including SharePoint files and email accounts., and their Solar Car Laboratory infrastructure. WSU swiftly shut down its IT network and implemented security measures upon discovering the breach. The university has assured that no ransom demands have been made for the compromised information. The NSW Police and Information and Privacy Commission are helping to investigate the incident. The NSW Supreme Court has issued an injunction to prevent the unauthorized use of the compromised data, highlighting the legal implications of such breaches. Read MoreICO releases warning about data protection risks associated with generative AI for Snapchat
The UK's Information Commissioner’s Office (ICO) has warned about the data protection risks associated with generative AI. The ICO found that the company that owned Snapchat, Snap, had not adequately assessed the data protection risks for its chatbot, which interacts with Snapchat’s 414 million daily users. The ICO issued a Preliminary Enforcement Notice to Snap-on October 6, highlighting a failure to properly evaluate privacy risks, especially for users aged 13 to 17. This led to Snap undertaking a comprehensive risk assessment and implementing the necessary steps, which the ICO then deemed to fit data protection laws. Snapchat has integrated prevention of harmful responses from the chatbot and is working on additional tools to give parents more control over their children’s use of 'My AI'. The ICO will continue to monitor Snapchats generative AI developments and enforce compliance to protect public privacy rights. Read MoreNew malware named GhostEngine to exploit vulnerable drivers and install crypto mining software
A novel malware campaign dubbed "REF4578" uses a malware called GhostEngine to disable endpoint detection and response (EDR) solutions and install crypto mining software. The malware exploits vulnerable drivers to terminate EDR agents, ensuring the persistence of the XMRig miner, which is used to mine Monero cryptocurrency without detection. The malware also installs a backdoor and includes an EDR agent controller and miner module to tamper with security tools and enable remote command execution via a PowerShell script. Researchers at Antiy Labs, despite extensive analysis, were unable to identify specific targets or the threat actor behind the campaign. To detect GhostEngine, organizations should monitor for initial suspicious activities such as unusual PowerShell execution, execution from uncommon directories, privilege elevation, and vulnerable driver deployment. Key indicators include abnormal network traffic, DNS lookups pointing to mining pool domains, and specific behavior prevention events like unusual process execution and tampering with Windows Defender. Read MoreWrap Up
The ever-evolving landscape of cybersecurity requires constant vigilance. By staying informed about the latest threats and taking proactive measures, we can minimize the impact of cyberattacks and protect ourselves online. As always, we can see that there is unrest present everywhere and cybercrimes play a huge role in that. TCE Cyberwatch is committed to keeping you informed about the latest developments in cybersecurity. Stay tuned for more in-depth analysis and actionable advice. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.Unlocking Tomorrow’s Data: Exploring the Future of Database Management
The Future Ahead: Challenges and Opportunities
Despite the transformative potential of these emerging trends, the future of database management is not without challenges. Concerns around data privacy, security, and regulatory compliance continue to loom large, necessitating robust governance frameworks and encryption standards. However, amidst these challenges lie immense opportunities for innovation and growth. The convergence of diverse technologies, from blockchain and AI to quantum computing, promises to usher in a new era of data management, characterized by agility, intelligence, and security. Organizations that embrace these advancements stand to gain a competitive edge in an increasingly data-driven world, unlocking new possibilities for innovation and value creation. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.10 Cybersecurity Tips for Safe Online Shopping
10 Tips for Safe Online Shopping
1. Safe passwords
Ensuring that your password is unique and strong is essential. Refraining from using obvious words in relation to you like your name or personal information isn’t the way to go! Ensuring the use of multiple different types of characters such as (@#_$%!&), along with not using the same passwords regularly on different sites is recommended. Changing passwords on individual sites also helps as it allows for less easily guessed instances.2. Debit cards over credit cards
It’s recommended that when it comes to safe online shopping, using payment gateways like PayPal, Venmo, or Stripe is better. Other than those, credit cards should be preferred over debit as debit cards are linked to your bank account whilst credit cards can be protected better. Debit cards create higher risk events of personal and sensitive data being obtained.3. Enable multi-factor authentication
Multi-factor authentication is an added utility which means that there is another safety layer added before anyone can access your account after knowing your username or password. Multi-factor authentication protects in 3 layers: first your passwords, or then something personal to only you like your fingerprint, or facial recognition. The 3rd way is through MFA apps, or getting a code sent through your messages or your email, to make sure you can do safe online shopping and the purchase you’re making is actually coming from you.4. Check bank statements
This one is much simpler. Turning on automatic payment notifications to track every payment made will help you track when your money was spent and if it has gone somewhere genuine. If the charge seems fraudulent, you can then take the necessary steps to contact your bank and have them pause or shut your card so that further fraudulent purchases can be stopped.5. Wi-Fi: Make sure it’s at home or secure instead of publicly available
When not using your own Wi-Fi, ensure you’re using secure, private networks for safe online shopping. Public Wi-Fi networks are much easier to access for scammers as poorly protected connections allow any information you find, very easily retrievable for them. This is especially dangerous if the public Wi-Fi network you’re using is at a mall while you try to access banking or payment sites for any purchases you will be making.6. Use secure websites
The key to safe online shopping is to use a secure website. The padlock icon near the URL and the URL itself starting with HTTPS means you’re on the right track- The S in the end stands for secure. If that final S isn’t visible, it means that you’re dealing with a site that isn’t encrypted. Search engines like Google tend to flag sites that don’t have a valid Secure Sockets Layer (SSL) certificate as unsecure. It’s better to not input your payment details into sites like these.7. Be wary of emails
Email scams known as phishing have become the most common forms of scamming nowadays. Your inbox may contain an email that may present you with deals, discounts, and sales through names and links which are close misspellings of popular websites. They are easy to fall for and may be hard to detect if the email somehow automatically fails to end up in your spam folder.8. Don’t buy from links that seem malicious/ don’t come from a trusted source
Other than e-mails, social media is also a place where links that can’t be trusted would be presented to you. Be wary of TikTok advertisements or ads shown between your Instagram stories which present you with deals and offers that seem too good to be true. Now, it becomes harder to tell with the use of deepfakes and AI to show the promotion of these scam products by influential people.9. Data backup
Ensuring that personal information and data are regularly backed up on your device or saved on the external hard disk is essential now due to ransomware attackers that can access your device and close off your access to important files or delete them entirely. Ensuring you have completed software updates is essential too as they help in ensuring fewer ransomware attacks and vulnerabilities on your devices to invasions.10. Protect your device/connect securely
Some other ways to protect your device through your connection is: One, with a VPN, or two, by ensuring no details are saved on your browsers. VPN or Virtual Private Network encrypts your data and masks your IP addresses. This makes your identity, location, and browser activity hidden from potential attackers. Secondly, make sure that your device forgets your credit card details or password details. If these are remembered by your browsers, it makes these pieces of information immensely easy for attackers to obtain as they are all stored in one place when accessed by them. While some of these may seem more easily achievable and accessible than others, they’re all a step in making sure your information is protected. We recommend regularly practicing all the above tips. These steps work even better together. So make sure to update your passwords and data backups, apply VPNs, stay wary of phishing emails, and practice safe online shopping.FAQs on Safe Online Shopping
What is the most trusted safe online shopping site?
Determining the most trusted online shopping site involves considering several key factors. Reputation is crucial, with established brands like Amazon and Flipkart often ranking high due to their track record of customer satisfaction. Security is paramount, with HTTPS encryption and clear data privacy policies being essential indicators. Customer reviews on platforms like Trustpilot offer valuable insights into user experiences. Additionally, convenient payment options and positive personal experiences play a significant role in establishing trust.Which online shopping practice is safest?
For a safe online shopping experience, it's crucial to implement multiple security measures and exercise caution throughout the process. Begin by verifying the authenticity of the website and remain wary of deals that appear too good to be true. Stay vigilant against phishing scams and opt for credit cards over debit cards, as they typically offer better fraud protection. Ensure your passwords are strong and unique, and consider enabling multi-factor authentication for added security. Avoid using public Wi-Fi networks for shopping, and for an extra layer of protection, consider using a VPN. By following these steps, you can enhance your online safety and protect yourself against potential threats while shopping online.What is a safe online shopping site?
A safe online site uses HTTPS encryption, signified by a padlock symbol and "HTTPS" in the URL bar. It should also have a clear and concise privacy policy.What are fake shopping websites?
Fake shopping websites are designed to look legitimate but steal your personal information or payment details. They often offer deals that seem too good to be true.Which websites can I trust?
Amazon offers an extensive range of products with fast shipping. eBay, the largest online auction site, offers both new and used items, but it's essential to check seller reviews. AliExpress provides diverse products at budget-friendly prices, backed by seller ratings. Dealextreme offers competitive pricing, urging buyers to check reviews for confidence. In Fashion, Asos offers a wide range of clothing, footwear, and accessories for diverse preferences. Farfetch specializes in luxury fashion, featuring exclusive brands for discerning shoppers. Notino, a European-based online store, offers fragrances and cosmetics from popular brands at attractive prices. For Discounts, Cashback World provides benefits and discounts on purchases from partnered companies, online and offline, enabling savings across various products and services.How to check a fake website?
To discern the authenticity of a website, several key indicators can be examined. Firstly, verify the presence of HTTPS encryption and a valid SSL certificate. Next, scrutinize the website's content for any typos or grammatical errors, which can often signal a lack of professionalism. Conduct thorough research into the company behind the website, looking for a physical address and phone number to ensure legitimacy. Additionally, reading online reviews caliasdasdn provide valuable insights into the experiences of previous customers. Finally, consider utilizing website safety checkers like F-Secure Online Shopping Checker for an extra layer of security and assurance. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.Generative AI’s Game-Changing Impact on InsurTech
Automated and Efficient Claims Settlement
Lengthy and complex claims settlement processes have long been a pain point for insurance customers. Generative AI addresses this by streamlining the claims process through seamless automation. AI analyzes images or other visual data to generate damage assessments. It can extract and analyze relevant information from documents such as invoices, medical records, and insurance policies – enabling it to swiftly determine the validity of the claim, as well as the coverage, and expedite the settlement. This serves to improve process efficiency, reduce the administrative burden on staff, and significantly boost customer satisfaction.Optimized Underwriting and Streamlining Risk Assessment
Underwriting is another key area where this technology can create immense value for insurance firms. With their ability to analyze vast amounts of data, Generative AI models build comprehensive risk assessment frameworks that enable them to swiftly identify patterns and highlight potential risks. It automates evaluation of a policy applicant’s data, including medical and financial records submitted, in order to determine the appropriate coverage and premium. Leveraging AI, underwriters are empowered to better assess risks and make more informed decisions. By reducing manual effort, minimizing the possibility of human error, and ensuring both accuracy and consistency in risk assessment, Generative AI is poised to play a pivotal role in optimizing underwriting processes.Empowering Predictive Risk Assessment
Generative AI’s ability to process and analyze complex data is immensely valuable in terms of building capabilities for predictive risk assessment. Analyzing real-time and historical data, and identifying emerging patterns and trends, the technology enables insurers to develop more sophisticated models of risk assessment that factor in a wide range of parameters – past consumer behavior, economic indicators, and weather patterns, to name a few. These models allow insurers to assess the probability of specific claims, for instance, those related to property damage, or automobile accidents. Moreover, the predictive capabilities of Generative AI help insurers offer more tailored coverage and align their pricing strategies with a dynamic environment. The ongoing risk monitoring and early detection of potential issues that the technology facilitates can also prove highly effective when it comes to fraud prevention. Through continuous analysis of data streams, AI identifies subtle changes and anomalous patterns that might be indicative of fraudulent activity. This empowers insurers to take proactive measures to identify possible fraudsters, prevent fraud, and mitigate potential losses. The robust predictive risk assessment capabilities offered by Generative AI thus serve to strengthen insurer’s business models, secure their services against fraud and other risks, and enhance customer trust and confidence in the coverage provided.Unlocking Personalized Customer Service
In a digitally driven world, personalization has emerged as a powerful tool to effectively engage customers and elevate their overall experience. By analyzing vast amounts of consumer data, including interactions across the insurer’s digital touchpoints, Generative AI gains insights into consumer behavior and preferences, which in turn enables it to personalize future customer service interactions. For instance, by analyzing customer profiles, historical data, and various other factors, AI can make personalized policy recommendations, tailored to an individual customer’s specific needs, circumstances, and risk profile. Simulating human-like conversation with near-perfection, Generative AI can also engage with customers across an insurer’s support channels, resolving queries and providing guidance or making recommendations based on their requirements. The personal touch that Generative AI brings to customer engagement, as compared to other more impersonal digital interfaces, coupled with the valuable tailored insights and offerings they provide, will go a long way towards helping insurers build long-term relationships with policyholders.Charting a Responsible Course with Generative AI in Insurance
The outlook for Generative AI across sectors looks bright, and insurance is no exception to the trend. Insurance firms that embrace the technology, and effectively integrate it into their operations, will certainly gain a significant competitive advantage through providing innovative solutions, streamlining processes, and maximizing customer satisfaction. This optimism however must be tempered with an acknowledgment of concerns by industry stakeholders, and the public at large, around data privacy and the ethics of AI-driven decision-making. Given that insurance is a sector heavily reliant on sustained consumer trust, it is essential for leaders to address these concerns and chart a course towards responsible AI adoption, in order to truly reap the benefits of the technology and usher in a bold new era of InsurTech. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.RATs Control: Combating The Menace of Remote Access Trojans
Releasing Remote Access Trojans (RATs) into the Wild
Remote Access Trojans or RAT attacks often involve the deception of users through the distribution of malicious software disguised as legitimate applications. A recent example of this tactic was observed by ThreatLabz in December 2023. In this case, threat actors created fraudulent websites that mimicked well-known video conferencing platforms like Skype, Google Meet, and Zoom, aiming to distribute Remote Access Trojans to unsuspecting users. These websites, hosted on the same IP address and designed in Russian, were specifically crafted to trick users into downloading malicious files. The attackers constructed fake websites that closely resembled legitimate platforms, complete with URLs that closely resembled authentic meeting links. When users visited these fraudulent sites, they were prompted to download files, such as APKs for Android or BATs for Windows. Once these files were downloaded or opened, they initiated the installation of malicious files disguised as legitimate applications, thereby setting up Remote Access Trojan software. By utilizing these RATs, attackers gain complete control over compromised devices, enabling them to access sensitive information, monitor activities, and potentially engage in malicious actions such as data theft and keystroke logging. India has been a prime target for RAT campaigns, with instances like the notorious APT36 group, which specifically targets individuals associated with military or political affiliations in India and Pakistan, utilizing RATs extensively. Another notable example is CapraRAT, a modified version of the open-source RAT called AndroRAT. This malware possesses various data exfiltration capabilities, enabling it to gather sensitive information such as the victims' locations, phone call history, and contact details.Pest Control: Getting Rid of Remote Access Trojans (RATs)
With the adoption of hybrid work models in India, the increased reliance on online meeting platforms has created an ideal environment for cybercriminals utilizing Remote Access Trojans. It is crucial to comprehend the nature of these malicious tools, as they provide attackers with unfettered control over compromised devices, facilitating the theft of sensitive data such as credentials, financial information, and the ability to monitor online activities. As the reliance on online meeting platforms in India is increasing, here are some steps individuals and organizations can take to stay safe:- Promoting security awareness and training: Organizations should prioritize conducting cybersecurity awareness programs to educate employees and users on the risks associated with downloading unfamiliar applications or files. This includes raising awareness about the dangers of phishing scams and social engineering tactics.
- Adopting the Zero Trust security model: Embracing the Zero Trust model can strengthen an organization's resilience against RAT attacks. This approach emphasizes identity verification, reduces the attack surface, and enhances incident response capabilities.
- Implementing network security measures: Deploying robust network security measures, such as endpoint protection and web filtering, can effectively detect and block malicious activities.
- Developing incident response plans: Organizations should establish comprehensive incident response plans to promptly address and mitigate the impact of potential security incidents.
- Maintaining software updates: Regularly updating operating systems, applications, and security software is crucial to address vulnerabilities and patch security holes.
Data Virtualization: Optimising Access and Utilisation in Enterprise AI Systems
Advantages of Data Virtualization
In today's hyper-competitive business landscape, rapid modernization is the key to staying ahead of the curve. Virtualization empowers corporations to unlock a wealth of new opportunities and drive competitiveness through enhanced decision-making and accelerated time-to-market. By furnishing real-time access to actionable insights, it equips businesses to make informed decisions and capitalize on budding trends and emergent opportunities. Among the many advantages that data virtualization offers, a significant one is its ability to optimize resource utilization. By consolidating virtual environments, organizations can realize considerable cost savings whilst simultaneously enhancing operational efficiency. This not only mitigates the complexity of IT infrastructure but also augments scalability, enabling businesses to swiftly adapt to changing demands and market dynamics. In the world of enterprise AI, agility is crucial. By facilitating rapid deployment of such solutions, it allows businesses to capitalize on emerging opportunities and respond swiftly to evolving customer needs. Its inherent flexibility enables businesses to adapt their AI strategies in real-time, ensuring maximum impact and value creation. Centralized management and monitoring capabilities are also essential for effective data governance and control. Simplifying IT operations by providing a unified platform for managing and monitoring data assets is yet another benefit observed. This streamlined approach not only reduces administrative overhead but also enhances visibility and compliance, ensuring data integrity and security across the corporation. Access to timely and accurate data is the lifeblood of AI-driven decision-making. Through this innovation, access to critical data can be accelerated, enabling organizations to derive actionable insights with unmatched speed and accuracy. By breaking down data silos and facilitating seamless integration, it empowers businesses to make informed decisions that drive growth and improvement. It is well-founded that digital transformation thrives on experimentation and iteration. Data virtualization fosters a culture of innovation within AI ecosystems by providing a platform for rapid prototyping and testing. Its flexible architecture enables data scientists and AI developers to explore new ideas and concepts, leading to the development of ground-breaking solutions that drive business value and competitive advantage.The Future of Data
As we embrace the future facilitated by the adoption of enterprise AI, the strategic importance of data virtualization cannot be overstated. By leveraging this technology, businesses can streamline operations, drive efficiency, and unlock new opportunities for growth and competitiveness. Looking ahead, the evolving role of this innovation will continue to shape the future of AI, providing companies with the tools they need to stay ahead of the curve and thrive in the digital age. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.TCE Cyberwatch: This Week’s Cybersecurity Rundown
This week on TCE Cyberwatch, we delve into the recent hackings of major organizations, including the International Baccalaureate, Boeing, and BetterHelp, which have sparked widespread concern online. We also highlight ongoing developments in enhancing cybersecurity measures.
National governments are also grappling with cybersecurity challenges. TCE Cyberwatch examines how these issues have affected countries and the proactive steps organizations are taking to stay ahead in the evolving landscape of cybersecurity. Keep reading for the latest updates.TCE Cyberwatch: A Weekly Round-Up
IB Denies Exam Leak Rumors, Points to Student Sharing
The International Baccalaureate Organization (IBO) faced allegations of exam paper leaks, but it denied any involvement in a cheating scandal. Instead, the organization acknowledged experiencing a hacking incident, unrelated to the current exam papers circulating online.
The breach was attributed to students sharing exam materials on social media platforms. Concurrently, the IBO detected malicious activity within its computer networks.
The act of students sharing exam content online is commonly known as "time zone cheating," wherein students who have already completed their exams disclose details about the questions before others take the test. Additionally, the malicious activity targeted data from 2018, including employee names, positions, and emails. Screenshots of this leaked information surfaced online. Read MoreBoeing Hit by $200 Million Ransomware Attack, Data Leaked
The aeronautical and defense corporation, Boeing, recently confirmed that it had been targeted by the LockBit ransomware gang in October 2023. They also acknowledged receiving a $200 million demand from the attackers to prevent the publication of leaked data. On November 10, approximately 40GB of data was leaked by LockBit, though Boeing has not yet addressed the situation. The ransomware group initially identified Dmitry Yuryevich Khoroshev as the principal administrator and developer behind the LockBit ransomware operation. However, this claim has since been denied by the actual developer. Additionally, Boeing has not announced whether it paid the $200 million extortion demand. Read MoreLenovo Pledges Stronger Cybersecurity with "Secure by Design" Initiative
Lenovo recently joined the Secure by Design pledge initiated by the US Cybersecurity and Infrastructure Security Agency (CISA) to enhance its cybersecurity measures. This announcement was made on May 8th, and the initiative covers various areas including multi-factor authentication and vulnerability reduction. Doug Fisher, Lenovo’s Chief Security Officer, emphasized the importance of industry collaboration in driving meaningful progress and accountability in security. "It’s good for the industry that global technology leaders are able to share best practices," he stated. Many other tech companies have also joined this effort to ensure their security. Read More UK’s AI Safety Institute releases public platform which furthers safety testing on AI models. UK’s AI Safety Institute has recently made its AI testing and evaluation platform available publicly. Inspect, the platform that aims to start more safety tests surrounding AI and ensuring secure models. It works by assessing capabilities of models and then producing a score. It is available to AI enthusiasts, start-up businesses and international governments, as it is released through an open-source licence. Ian Hogarth, the Chair of the AI Safety Institute, has stated that, “We have been inspired by some of the leading open-source AI developers - most notably projects like GPT-NeoX, OLMo or Pythia which all have publicly available training data and OSI-licensed training and evaluation code, model weights, and partially trained checkpoints.” Inspect works by evaluating models in areas such as their autonomous abilities, abilities to reason, and overall core knowledge. Read MoreNASA Names First Chief Artificial Intelligence Officer
NASA announced its first Chief Artificial Intelligence (AI) Officer. David Salvagnini, who previously served as the Chief Data Officer, has now expanded his role to incorporate AI. His responsibilities included developing strategic vision and planning NASA's AI usage in research projects, data analysis, and system development.
NASA Administrator Bill Nelson stated, “Artificial intelligence has been safely used at NASA for decades, and as this technology expanded, it accelerated the pace of discovery.” Salvagnini also worked alongside government agencies, academic institutions, and others in the field to ensure they remained up to date with the AI revolution. Read More. Read MoreDDoS Attacks Target Australia Amidst Ukraine Support
The Cyber Army Russia Reborn launched Distributed Denial of Service (DDoS) attacks targeting prominent Australian companies like Auditco and Wavcabs. While the exact motive remains unclear, the timing suggests a political backlash against Australia's solidarity with Ukraine.
Wavcabs experienced disruptions to its online services, while Auditco encountered technical difficulties believed to be linked to these attacks. Despite the cyber onslaught, Australia remained steadfast in its support for Ukraine, announcing a $100 million aid package comprising military assistance and defense industry support. Read MoreBritish Columbia Thwarts Government Cyberattack, Strengthens Defenses
British Columbia’s government recently confirmed an attempt to infiltrate their information systems. The incidents were identified as “sophisticated cybersecurity incidents” by B.C.’s solicitor-general and public safety minister. There is no current evidence suggesting that personal information, such as health records, was compromised. The government's proactive measures in 2022 played a significant role in detecting the breach.
The government ensured to further secure systems, including requiring government employees to change their passwords. Officials and cybersecurity experts continue to work to ensure sensitive information remains secure and to prevent unauthorized access. The country appears to be using this incident to prepare itself for future cyber threats. Read MoreUrgent Chrome Update: Google Patches Sixth Zero-Day of 2024
A new vulnerability in Google Chrome was uncovered, marking their sixth zero-day incident in 2024. Google swiftly released an emergency update to patch the issue, ensuring users' safety. Updates were promptly distributed across Mac, Windows, and Linux platforms.
For those concerned about their security, updating their devices is crucial. Users can navigate to Settings > About Chrome to initiate the update process. While Google has not disclosed specific details about the breach, the urgency conveyed by their release of an "emergency patch" underscores the severity of the situation. Read MoreTo Wrap Up
Cyberattacks continue to dominate headlines, but this week's TCE Cyberwatch report also reveals positive developments. Governments are taking action, with proactive measures in British Columbia and the UK's AI safety testing platform. Organizations are prioritizing security, as seen in Lenovo's "Secure by Design" initiative.
Individuals play a crucial role too. The recent Google Chrome update reminds us to prioritize software updates. While cyber threats persist, these advancements offer a reason for cautious optimism. By working together, we can build a more secure digital future.
Remember, vigilance is key. Update your software regularly and follow best practices to minimize vulnerabilities. TCE Cyberwatch remains committed to keeping you informed.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.The Cyber Express Sets the Stage to Host World CyberCon META Edition 2024 in Dubai
- Sithembile (Nkosi) Songo, CISO, ESKOM
- Dina Alsalamen, VP, Head of Cyber and Information Security Department, Bank ABC
- Anoop Kumar, Head of Information Security Governance Risk & Compliance, Gulf News
- Irene Corpuz, Cyber Policy Expert, Dubai Government Entity, Board Member, and Co-Founder, Women in Cyber Security Middle East (WiCSME)
- Abhilash Radhadevi, Head of Cybersecurity, OQ Trading
- Ahmed Nabil Mahmoud, Head of Cyber Defense and Security Operations, Abu Dhabi Islamic Bank
The World CyberCon META Edition 2024
[caption id="attachment_68285" align="alignnone" width="1140"] Highlights from the 2023 World CyberCon in Mumbai.[/caption] A Comprehensive Platform for Learning & Innovation The World CyberCon META Edition 2024 promises a rich agenda with topics ranging from the nuances of national cybersecurity strategies to the latest in threat intelligence and protection against advanced threats. Discussions will span a variety of crucial subjects including:- Securing a Digital UAE: National Cybersecurity Strategy
- Predictive Cyber Threat Intelligence: Anticipating Tomorrow’s Attacks Today
- Navigating the Cyber Threat Terrain: Unveiling Innovative Approaches to Cyber Risk Scoring
- Fortifying Against Ransomware: Robust Strategies for Prevention, Mitigation, and Swift Recovery
- Strategic Investments in Cybersecurity: Leveraging AI and ML for Enhanced Threat Detection
CBSE Results 2024 Under Threat: Database Vulnerability Could Compromise Student Scores
CBSE Results 2024: Student Data Risk Explained
[caption id="attachment_68160" align="alignnone" width="2648"] The error message also includes connection string details, which are critical for connecting to the database but should never be exposed as they can lead to security risks.[/caption] The code message displayed on the website originates from a database query related to retrieving data concerning CBSE (Central Board of Secondary Education) Class 10 results for the year 2024. 'Getcbse10_All_2024' refers to a stored procedure in the database. A stored procedure is a prepared SQL code that you can save and reuse. In this case, it's likely a procedure intended to retrieve all data related to the CBSE Class 10 results for the year 2024. The procedure 'Getcbse10_All_2024' is expecting a parameter named '@admid', but it was not provided in the call to the procedure. The '@admid' likely stands for "Administrator ID" or a similar identifier that should be passed to the procedure to execute properly. The absence of this parameter means the procedure cannot run as intended, leading to an error. The error message also includes connection string details, which are critical for connecting to the database but should never be exposed as they can lead to security risks. provider=MSOLEDBSQL: This specifies the provider used for SQL Server. MSOLEDBSQL is a Microsoft OLE DB provider for SQL Server. server=10.***.10.***: This is the IP address of the server where the database is hosted. Knowing the server address can allow unauthorized users to attempt connections to the database. Database=****results**: This is the name of the database. Knowing the database name helps in directing queries and commands to the correct database. uid=cbseresults24; pwd=****************** : These are the credentials (username 'uid' and password 'pwd') used to authenticate to the database. With these credentials, an unauthorized user could potentially gain full access to the database, allowing them to view, modify, or delete data. Although the exposed data presents a significant risk, a researcher from the AI-powered threat intelligence platform, Cyble, noted that the threat potential is somewhat mitigated by incomplete information disclosure. “The IP address is internal and not public, which means that for a threat actor to extract information or gain access, they would need to engage in offensive actions like SQL injections or other methods. However, this does not diminish the seriousness of the exposed ID and password, which could still be exploited if the correct server address is discovered,” the researcher explained. The error message not only indicates a technical issue in the database query execution but also highlights a potential vulnerability. If exploited by an individual skilled in database management and privilege escalation, this vulnerability could allow unauthorized access to the database. Such unauthorized access could lead to various security risks, including data manipulation, deletion, or use for malicious purposes such as phishing or blackmail. Immediate steps should be taken to secure the database, which include changing the database credentials, reviewing logs to check for unauthorized access, and implementing better security practices like not exposing sensitive information in error messages or logs.Why CBSE Matters
The Central Board of Secondary Education (CBSE) is a prominent national education board in India, overseeing both public and private schools. It is under the direct purview of the Ministry of Education, Government of India. The CBSE administers comprehensive examinations for students completing their 10th and 12th grades, which are crucial for advancing to higher education and professional pathways. The board is recognized for its rigorous curriculum and is influential in setting educational standards across the country. The Cyber Express has contacted officials at the Central Board of Secondary Education (CBSE) to notify them of a detected vulnerability. We inquired if they are aware of the issue, the causes of this glitch, and the steps they intend to take to address it. We are currently awaiting a response from the organization.Technical Aspect of the CBSE Data Exposure: Potential Risks
The exposure of the admin database ID and password in the CBSE data leak opens up several potential risks. While none of these events have occurred, the exposure of such critical credentials could lead to severe consequences if not addressed promptly. 1. Unauthorized Access and Control: With the admin credentials exposed, there is a potential for unauthorized users to gain full access to the CBSE's SQL database. This would allow them to view, copy, and manipulate sensitive data, including examination results and student personal information. 2. Risk of Data Manipulation: The ability to alter data is a significant risk. Although no data has been reported as altered, the possibility exists. Unauthorized changes could include tampering with examination results or modifying student records, which could severely undermine the integrity of the CBSE's educational assessments. 3. Threat of Data Theft: The exposed credentials could potentially be used to access and extract sensitive information. This data, which could include personal details of students and staff, is at risk of being used for malicious purposes such as identity theft or fraud. 4. Potential for Operational Disruption: While no disruptions have occurred, the exposed credentials could be used to damage data integrity or lock out legitimate users, potentially causing significant disruptions to CBSE's operations and affecting educational activities. 5. Foundation for Further Attacks: The leak itself could facilitate further attacks. With administrative access, attackers could deploy additional malicious software, establish backdoors for continued access, or leverage the compromised database to launch attacks on connected systems. The situation remains fluid, and updates are expected as more information becomes available. Stay subscribed to The Cyber Express to learn more about the story as it proceeds. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.Major Changes in NIST Cybersecurity Framework 2.0: Enhancements and Adoption Strategies
The NIST Cybersecurity Framework
Overview
The NIST Cybersecurity Framework (NIST CSF) was first introduced in 2014 by the National Institute of Standards and Technology to bolster the security of infrastructure within the United States. By establishing a common set of standards, goals, and terminology to reduce the risk and impact of cyberattacks. By promoting the shared framework, the NIST CSF aids in better decision-making and encourages security standards to address threats such as phishing and ransomware. The initial version was updated to Version 1.1 in 2018, adopting major changes such the inclusion of the Identify core function, additional sub-categories and improved clarity. The draft copy for version 2.0 of the framework was released with the intention of receiving public feedback in August 2023 and closed for comments in November 2023, the final release of Version 2.0 was released in February 2024. Since the new framework demonstrates increased flexibility to various situations, the NIST has recommended its voluntary self-adoption by organizations of all sizes.Target Audience
The primary audience for the framework comprises of individuals responsible for developing and overseeing cybersecurity planning and strategization within organizations. It is also relevant for other roles involved in risk management, such as executives, board of directors, acquisition professionals, technology experts, risk managers, legal professionals, human resource specialists, and auditors who specialize in cybersecurity and risk management. Additionally, the CSF can serve as a useful asset to those involved with the making and influencing of private and public policy (e.g., associations, professional organizations, regulators) who establish and communicate priorities for cybersecurity risk management.Major Changes in NIST Cybersecurity Framework 2.0
Released in February 2024, the NIST Cybersecurity Framework 2.0 is the latest revision to the framework.Inclusion of 'Govern' Core Function
While the previous framework stated 'Identify, Protect, Detect, Respond, and Recover' as its core functions in implementation, the new framework includes 'Govern.' Govern seeks to addresses the establishment of cybersecurity strategy, cybersecurity supply chain risk management, roles, responsibilities, authorities, policy, and the oversight of cybersecurity strategy within the organizational context.More Extensive Sub-categories and References within Core Functions
CSF version 2.0 includes additional categories and subcategories of cybersecurity goals and standards within the listed core functions, as well as hundreds of other helpful references to assist readers. The new framework is much more extensive with its definitions and resources.Expanded Scope
The new framework’s scope has expanded beyond just the protection of critical infrastructure, such as water facilities and power plants, to providing safety standards for all organizations regardless of sector or size. This expanded scope is reflected in the change of the CSF’s official title to “The Cybersecurity Framework,” from the earlier “Framework for Improving Critical Infrastructure Cybersecurity.” This reflects an earlier request from the US Congress for the framework to expand its guidance to aid small businesses.Framework Tiers
The new tiers define how a company handles cybersecurity risks, allowing them to adopt the tier that best fulfills their objectives, decrease cyber risk to a desirable level while accounting for difficulties in implementation. The tiers offer progress starting from 1 ('Partial') to 4 (‘Adaptive’) with rising level of sophistication but additional efforts in implementation.Framework Profiles
The CSF profiles aid companies in finding the right path that’s right for them to reduce cybersecurity risks. Each profile lays out an organization’s “current” and “target” positions and in meeting the criteria in transforming from one profile to the other.Focus on Supply-Chain and Third-Party Risk
The framework incorporates new supply chain guidelines as part of the core 'Govern' function, and expects that cybersecurity risks within software supply chains should be considered while an organization carries out its functions. Moreover, the NIST framework reminds organizations to plan and conduct due diligence to reduce risks prior to entering agreements with supplier or other third-party contractors. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.Global Infosec Awards 2024: Cyble Wins Nine Accolades, Recognized Among the Best in Cybersecurity
Global Infosec Awards 2024: Cyble Clinches 9 Honors
Shortly thereafter, Cyber Defense Magazine also published a list of Global Infosec Awards for 2024 Winners by category -- Company. Among the standout recipients, AI-based cyber threat intelligence firm Cyble has notably excelled, securing multiple accolades in key cybersecurity arenas. Renowned for their proactive and visionary approach, Cyble has been honored with:- Cyble: Editor's Choice – Account Takeover Protection
- Cyble: Trailblazing – Attack Surface Management
- Cyble: Pioneering – Continuous Threat Exposure Management (CTEM)
- Cyble: Pioneering – Cyber Exposure Management
- Cyble: Pioneering – Data Loss Prevention (DLP)
- Cyble: Pioneering – Digital Risk Protection
- Cyble: Pioneering – Third Party Cyber Risk
- Cyble: Trailblazing – Threat Intelligence
- Cyble: Trailblazing – Vulnerability Intelligence