Author: rescue@crimefire.in

Israel and Cyber Security: 2023 Forecast  Grey Dynamics
source

The Mumbai police’s Crime Branch on Saturday issued an advisory for citizens to prevent the increasing cyber-related crimes.
As per the notification, “Recently, fake text messages are going viral, asking to update KYC/PAN details in the name of the bank and sending links to customers stating that their bank account is blocked/ disabled/ suspended due to not updating their KYC/PAN Card.” The notification adds that these types of frauds have increased and have asked citizens to not click on any such links. The advisory was issued by Deputy Commissioner of Police (cybercrime, Crime Branch) Dr Balsing Rajput.
Don’t click on unknown, unverified links: Police
Once a customer clicks on the URL or link provided, she/he is routed to a fake website in the name of the bank where the customer will be asked to fill in confidential details like customer ID, user ID, password/PIN and mobile number. Once the details are submitted, fraudsters get a hold of the customer’s confidential banking information, which is used to steal money from bank accounts.
As per the advisory, the police have suggested that citizens should not click on unknown, unverified links, emails, or SMS and immediately delete them. “Always visit your bank’s official website or service provider for customer care support. Verify the website details, especially if it requires entering financial, confidential credentials,” the advisory said.
‘Don’t share personal and financial info’
It added, “Do not share personal or financial information like card details, PIN, OTP, password, etc, with anyone or over any link. The bank will never ask for your confidential banking details.”
The advisory also suggested that citizens add a strong password or biometric authentication to protect their mobile phone, adding that any such instances if the citizens experience or witness, the matter should be reported at www.cybercrime.gov.in or call at 1930, while also reporting the matter to the respective bank.
(To receive our E-paper on WhatsApp daily, please click here.  To receive it on Telegram, please click here. We permit sharing of the paper's PDF on WhatsApp and other social media platforms.)

source

The High-Stakes Blame Game in the White House Cybersecurity Plan  WIRED
source

Publisher – Hyderabad News | Local News | India Breaking Latest News | Hyderabad Urdu news | City News | Hyderabad Local News | IND TODAY
Cyber Security | Hyderabad,  Mar 10 (Maxim News): Keeping in view that there is a sharp rise in cybercrime, the State Universities have decided to prepare cyber warriors to tackle and prevent cyber crimes, towards this, the universities will be offering cyber security course at the undergraduate (degree) level from the next academic year 2023-24. 
This new course designed and developed by experts from Osmania University and NALSAR University of Law can be chosen by any undergraduate student irrespective of their coursework.  Students pursuing B.Sc or BA Courses in the degree colleges can also take up this new elective, which will have two credits. 
The decision to introduce a course on cyber security in degree colleges has been taken during a meeting convened by Telangana State Council of Higher Education (TSCHE)  Chairman Prof. R. Limbadri with Revenue Principal Secretary, Commissioner of Technical and Collegiate Education Navin Mittal and Vice Chancellors of six conventional universities in the State.
“Not just creating awareness on cybercrimes, the new cyber security course will help students with employability opportunities, Prof. Limbadri said. Apart from cyber security, the university will also be offering B.Sc (Honours) in Computer Science as a major and artificial intelligence and machine learning as minor subjects from the next academic year.  
Another decision was that private affiliated degree colleges will be granted generic affiliation instead of course-wise affiliation from the next academic year.  This meant all the B.Sc Life Sciences or Physical Sciences will be given a single affiliation instead of course-wise as is being done now.  The affiliation process will be through the university management system. 
During the meeting, officials reviewed the bucket system that enables students to choose their subject as per their interest.  To ensure standards in the higher education system, it was also decided to encourage all higher educational institutions in the state to go for National Assessment and Accreditation Council (NAAC)  grading.  The TSCHE will be providing a seed fund of Rs. 1 lakh to the colleges desirous to go for the grading.  It will also hold workshops and seminars with resource persons from the NAAC Bangalore on creating awareness of the grading system.  (Maxim News)
Demand for the implementation of mask-wearing is being raised by Health Experts after an increase in the Covid positive cases in different States. They feel that the situation is like in the middle of the wave as the Telangana state is also witnessing an upsurge in Covid-positive cases.
54 Infantry Division (Bison Division) wins Southern Command volleyball Championship 2023-24 with a set score of 3:1 (25-18, 25-21, 23-25, 26-24) in a competitively concluded finals between 54 Infantry Division and 12 Rapid Division.
Salim Durani, one of the finest all-rounders, passed away at his home here after a prolonged battle with cancer, on Sunday. He was 88, according to a family source.
Prime Minister Narendra Modi will inaugurate the diamond jubilee celebrations of the Central Bureau of Investigation (CBI) on April 3 in the national capital.
India reported 3,824 new Covid cases in a span of 24 hours, which is a spike of 27 percent from the previous day, said the Union Ministry of Health and Family Affairs on Sunday.
Now you can get the latest stories from Indtoday on Telegram every day. Click the link to subscribe.  Click to follow Indtoday’s Facebook page and Twitter and Instagram. For all the latest Hyderabad News updates
Prev Post
Kavitha’s Dharna Is To Escape From Liquor Scam: Bandi Sanjay
Next Post
CM KCR Inspects The New Secretariat Complex
Your email address will not be published.




Save my name, email, and website in this browser for the next time I comment.


Δ
Latest News
Hyderabad: More Than 3,000 Runners Participated in JITO Ahimsa Run
Telangana is Witnessing an Upsurge in Covid Cases
Bison Division Wins Southern Command Volleyball Championship
Indian Cricket Legend Salim Durani No More
PM Modi to Inaugurate Diamond Jubilee Celebrations of CBI on April 3

source

Become your business’s cybersecurity expert
Your email has been sent
Learn a wide variety of topics for a lifetime with this eclectic bundle.
Despite some occasional good news on the cybersecurity front, cyber attacks continue to move even faster and get more nefarious all the time. For business owners, it’s imperative to make cybersecurity a priority. However, that’s not always in the budget.
Rather than hire a complete IT or security team, or pay for outside consultation, why not learn the skills to protect your business yourself? The Ultimate Lifetime Bundle of StackSkills + Infosec4TC + Stone River gives you a comprehensive collection of cybersecurity training courses to build and fortify your skill set, no matter how much previous experience you have.
With a Platinum membership to Infosec4TC (4.8/5-star Trustpilot rating), you’ll have lifetime access to online, self-paced certification courses covering some of today’s most important cybersecurity topics and exams. You’ll cover ethical hacking, GSEC, CISSP and many other internationally-recognized IT certifications, with access to the latest exam questions and course materials to help you pass exams on your first attempt.
Lifetime subscriptions to Stone River eLearning and StackSkills Unlimited will help you expand upon your cybersecurity foundations and cover a range of additional topics. Stone River offers more than 800 courses and 4,800 hours of training covering web and mobile programming, web design, app development, 3D animation and much more. You’ll have access to unlimited free certification exams, a personal learning guide and e-books, too.
StackSkills Unlimited (4.5/5-star Trustpilot rating) gives you instant access to more than 1,000 courses from 350 of the web’s top instructors. Whether you want to learn about cybersecurity, IT, graphic design, marketing or practically anything else, StackSkills Unlimited will help you do it — with more than 50 new courses added every month.
Learn more about cybersecurity and practically anything else. Right now, you can get The Ultimate Lifetime Bundle of StackSkills + Infosec4TC + Stone River for just $119.99.
Prices subject to change.
Stay up to date on the latest in technology with Daily Tech Insider. We bring you news on industry-leading companies, products, and people, as well as highlighted articles, downloads, and top resources. You’ll receive primers on hot tech topics that will help you stay ahead of the game.
Become your business’s cybersecurity expert
Your email has been sent
Your message has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
With a lot of choices in the market, we have highlighted the top six HR and payroll software options for 2023.
Microsoft’s latest Windows 11 allows enterprises to control some of these new features, which also include Notepad, iPhone and Android news.
Salaries for remote roles in software development were higher than location-bound jobs in 2022, Hired finds.
With so many agile project management software tools available, it can be overwhelming to find the best fit for you. We’ve compiled a list of 10 tools you can use to take advantage of agile within your organization.
With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to ‘eliminate’ passwords entirely.
Stay up to date on the latest in technology with Daily Tech Insider. We bring you news on industry-leading companies, products, and people, as well as highlighted articles, downloads, and top resources. You’ll receive primers on hot tech topics that will help you stay ahead of the game.
PURPOSE This Media disposal policy from TechRepublic Premium provides specific instructions for ensuring organization data is properly protected when disposing of old storage media. From the policy: POLICY DETAILS When disposing of damaged, unusable, obsolete, off-lease, decommissioned, old, or end-of-service-life equipment and media, the organization requires that the guidelines outlined herein be followed: Hard drives, …
PURPOSE To take some of the effort out of writing (and rewriting) emails to share with company staff and executives, TechRepublic Premium has assembled basic templates to handle the most common types of communications. Simply copy the text into your favorite word processor and customize it to fit your needs. Then, paste it into an …
PURPOSE The purpose of this policy from TechRepublic Premium is to provide guidelines for developing mobile applications from a security, procedural and best practices standpoint. While it contains technical guidelines, it is not intended to serve as a programming guide but as a framework for operations. This policy can be customized as needed to fit …
PURPOSE This checklist from TechRepublic Premium provides a method for auditing and documenting a client site and assembling an inventory of systems and software, as well as giving you a framework for developing recommendations, applying costs to them, and storing all that information in one file. Tracking client contact details, circuit information, network equipment, cloud …

source

JAMMU : Chief Secretary, Dr Arun Kumar Mehta launched the Centre of Excellence (CoE) in Cyber Security established by the IT Department in collaboration with National Institute of Electronics & Information Technology (NIELIT), J&K. The Centre is slated to be a learning Centre for the officers/officials of the government to know about the latest trends and techniques for ensuring important cyber security of official web portals and websites. On the occasion the Chief Secretary enjoined upon the IT Department to make the training mandatory for the employees of the Department besides creating separate modules for imparting the basic level training to all the employees designated by the departments and a high level skill course for the technically proficient people who would look after the cyber security of government websites and its portals. Dr Mehta also stressed on making best use of this centre by providing requisite training to the government workforce for the safety of all the cyber assets in view of increased risk and vulnerability. He asked them to keep upgrading the skills of the employees with advancement in technology and techniques. Commissioner Secretary, IT, Prerna Puri during the event also apprised that the centre is taking 60 officers/officials each as first batch in Jammu and Srinagar campuses of the NIELIT for their 15-day training/capacity building programme in cyber security. She also maintained that more such batches are going to be given training in the centre in the days a head to enhance the security of our websites and data available over the internet.
She also revealed that the training course would cover significant topics like cyber crimes, network security, cyber hygiene, cyber forensics, mobile & end user security, Web security & Information security audit etc. She also made out that at the end of the training the trainees would be evaluated about their learning and aptitude gained during this programme. It was further given out that the successfully trained personnel shall be able to protect the computer systems and networks from cybersecurity attacks, characterize privacy, legal and ethical issues of information security, identify vulnerabilities critical to the information assets of an organization.
They shall also be able to understand the employability of security controls for confidentiality and integrity of systems and networks, propose solutions including development, modification, and execution of incident response plans, besides applying critical thinking and problem-solving skills to detect cyber attack.

source

By Christopher Brown
PayPal Inc. is facing a proposed class action alleging its negligence led to a December 2022 data breach that exposed the personal financial information of nearly 35,000 people.
Ashley Pillard and Destiny Rucker alleged that PayPal failed to implement basic security practices or comply with industry data-protection standards or Federal Trade Commission guidelines.
Information exposed in the breach included names, addresses, Social Security numbers, tax identification numbers, and dates of birth, according to the complaint filed Thursday in the US District Court for the Northern District of California.
The lawsuit brings claims of negligence, negligence per se, breach of contract, …
To read the full article log in.
Learn more about a Bloomberg Law subscription.

source

Hi, what are you looking for?
Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.
By
Flipboard
Reddit
Pinterest
Whatsapp
Whatsapp
Email

The world’s largest software maker is putting ChatGPT to work in the cybersecurity trenches.
Microsoft on Wednesday rolled out an AI-powered security analysis tool to automate incident response and threat hunting tasks, showcasing a security use-case for the popular chatbot developed by OpenAI.
The new tool, called Microsoft Security Copilot, is powered by OpenAI’s newest GPT-4 model and will be trained on data from Redmond’s massive trove of telemetry signals from enterprise deployments and Windows endpoints.
Cybersecurity experts are already using generative AI chatbots to simplify and enhance software development, reverse engineering and malware analysis tasks and Microsoft’s latest move adds several new use-cases for defenders.
Microsoft is already raking in about $20 billion a year from the sale of cybersecurity protection products and industry watchers expect the push into AI automation will create new revenue streams and drive new levels of innovation among cybersecurity startups.
SecurityWeek sources expect to see similar offerings from the likes of Cisco, Palo Alto Networks and Google as rivals rush to embrace the use of generative AI to automate complex and time-consuming security tasks.
Microsoft is positing the Security Copilot chatbot as a tool that works seamlessly with security teams to allow defenders to see what is happening in their environment, learn from existing intelligence, correlate threat activity, and make better decisions at machine speed.
From Microsoft’s documentation:

“Security Copilot will simplify complexity and amplify the capabilities of security teams by summarizing and making sense of threat intelligence, helping defenders see through the noise of web traffic and identify malicious activity.

It will also help security teams catch what others miss by correlating and summarizing data on attacks, prioritizing incidents and recommending the best course of action to swiftly remediate diverse threats, in time.“
For incident response teams, Microsoft says the chatbot can be used to identify an ongoing attack, assess its scale, and get instructions to begin remediation based on proven tactics from real-world security incidents.
For threat hunting practitioners, the company says Security Copilot can help determine whether an organization is susceptible to known vulnerabilities and exploits by using AI to examine the environment one asset at a time for evidence of a breach.
The tool can also be used to summarize any event, incident, or threat in minutes and prepare information in a ready-to-share, customizable report.
The company said the tool will integrate natively with products like Microsoft Sentinel, Microsoft Defender and Microsoft Intune to provide an “end-to-end experience across their entire security program.”
Related: ChatGPT and the Growing Threat of Bring Your Own AI to the SOC
Related: Microsoft to Acquire Threat Intelligence Vendor RiskIQ
Related: Microsoft Flexes Security Vendor Muscles With Managed Services
Related: For Microsoft, Security is a $10 Billion Business 

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.
Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.
Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.
When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own security. (Torsten George)
While there are likely many different approaches, here are a few points that are important for enterprises to consider when evaluating bot solutions. (Joshua Goldfarb)
Making threat intelligence actionable requires more than automation; it also requires contextualization and prioritization. (Marc Solomon)
Many of the most successful cybercriminals are shrewd; they want good ROI, but they don’t want to have to reinvent the wheel to get it. (Derek Manky)
Compliance and ZTNA are driving encryption into every aspect of an organization’s network and enterprise and, in turn, forcing us to change how we think about protecting our environments. (Matt Wilson)
Flipboard
Reddit
Pinterest
Whatsapp
Whatsapp
Email
LastPass DevOp engineer’s home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud…
GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.
A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the…
GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.
Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.
Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of…
Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that…
Implementation of security automation can be overwhelming, and has remained a barrier to adoption
Got a confidential news tip? We want to hear from you.
Reach a large audience of enterprise cybersecurity professionals
Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.
Copyright © 2023 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

source

The human resources (HR) department is an integral part of an organization. They work with all departments with a wider reach than even IT. As a highly visible department, HR can support and improve an organization’s security posture through employee training. Their access to employees at the start of employment is an opportunity to lay a foundation for a culture of risk awareness. HR departments do not typically include cybersecurity risk awareness training with new hire onboarding, but it’s something to consider integrating to help improve overall security for the organization.
As the department responsible for maintaining an organization’s employee recruitment, hiring and retention programs, HR is often the first point of contact for future and current employees. This department reaches every employee through training and other employee-centered activities throughout an employee’s tenure; this makes them a valuable resource. At the current moment, cybersecurity training is often developed and distributed by IT and security operations departments alone. Instead, bringing HR departments into the process may help improve an organization’s security posture.
Human resources has long been responsible for administering regulatory compliance training. Increasingly, data privacy and security training programs are included, along with other mandated education instruction. Regulations that govern data acquisition, usage and storage are becoming increasingly complex. Companies that do business internationally have the added burden of complying with both domestic and international regulations.
The penalties for poor data protection, whether or not it leads to a data breach, can result in steep fines and legal action. Employee actions and attitudes toward data protection and security affect the company’s overall security. HR is often involved in enforcing company policies around data mishandling or abuse.
Good cybersecurity starts with employees. Human resources is often a resource for employees to improve job-related skills, which can include specialized training for internal systems. Not all employees have the same experience or knowledge about the technologies they use every day. This can leave an organization open to threats. As a result, HR departments should make an effort to bring employees up to speed on any company system that could pose a risk.
Hiring new employees is a major responsibility for HR, but this department must also focus on retaining existing employees. Retaining security professionals is a continual challenge for the industry as a whole. Human resources may gather data on what drives employee retention and what drives them to leave. They ensure retention policies are well understood by managers and may also be involved in employee engagement programs as part of an overall retention strategy.
Developing an effective cybersecurity awareness training program requires a balance between providing enough information to be useful and not overwhelming. Human resources’ expertise with employees through the years is an invaluable resource for creating cybersecurity training programs that are engaging and frequent (but not too frequent). The CIO, on the other hand, is an essential partner in training employees on cybersecurity.
The CIO’s role is to work with the human resources department to ensure their technology needs are met and help guide them to more effective solutions. The CIO is also a partner for employee recruitment, hiring and retention, especially for IT and security professionals.
The CIO can affect organizational change by partnering with human resources and IT to develop an integrated cybersecurity awareness training program for employees of all technical proficiencies. Building upon HR’s close connection with every employee, the CIO can lead the way in building a culture of cybersecurity.
Human resources is valuable as a partner in cyber risk assessment and incident response planning. People operations software includes detailed employment records, which are popular targets for cyber criminals. Protecting these assets is essential to cybersecurity for the entire organization.
Cyber risk assessment and business continuity planning committees should include senior leadership across disciplines and departments to help ensure operations can continue after a cyber incident. Human resources can provide perspective from both operational and individual employee angles.
Cybersecurity is everyone’s job, even if it might not seem like it on the surface. The CIO should work closely with the human resources department to communicate the company’s focus on data protection and security. Communications should go beyond broad statements to instead present engaging content which encourages employees to take ownership of cybersecurity within their own role. Working with human resources, the CIO can provide an invaluable perspective on talent retention, especially for technical roles. At the end of the day, this partnership will keep an organization’s cybersecurity posture strong.
Michelle is a freelance technology writer. She has created technical content for a range of brands and publications, including Business Insider, DICE, GE Dig…
4 min read – Discover how threat actors are waging attacks and how to proactively protect your organization with top findings from the 2023 X-Force Threat Intelligence Index.
12 min read – ‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development…
7 min read – In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will…
In this digital age, it is increasingly important for businesses to be aware of their online presence and data security. Many companies have already implemented measures such as two-factor authentication and strong password policies – but there is still a great deal of exposure regarding email visibility. It should come as no surprise that cyber criminals are always looking for ways to gain access to sensitive information. Unfortunately, emails are a particularly easy target as many businesses do not encrypt…
The finance and insurance sector proved a top target for cybersecurity threats in 2022. The IBM Security X-Force Threat Intelligence Index 2023 found this sector ranked as the second most attacked, with 18.9% of X-Force incident response cases. If, as Shakespeare tells us, past is prologue, this sector will likely remain a target in 2023. Finance and insurance ranked as the most attacked sector from 2016 to 2020, with the manufacturing sector the most attacked in 2021 and 2022. What…
Backdoor access was the most common threat vector in 2022. According to the 2023 IBM Security X-Force Threat Intelligence Index, 21% of incidents saw the use of backdoors, outpacing perennial compromise favorite ransomware, which came in at just 17%. The good news? In 67% of backdoor attacks, defenders were able to disrupt attacker efforts and lock digital doorways before ransomware payloads were deployed. The not-so-great news? With backdoor access now available at a bargain price on the dark web, businesses…
According to the Global Cybersecurity Outlook 2023, 93% of cybersecurity leaders and 86% of business leaders think a far-reaching, catastrophic cyber event is at least somewhat likely in the next two years. Additionally, 43% of organizational leaders think it is likely that a cyberattack will affect their organization severely in the next two years. With cybersecurity concerns on everyone’s mind, the topic received top billing at the recent World Economic Forum’s Annual Meeting 2023 in Davos, Switzerland. At the meeting, Matthew…
Analysis and insights from hundreds of the brightest minds in the cybersecurity industry to help you prove compliance, grow business and stop threats.

source

Cybersecurity risks in the manufacturing sector are plentiful and compounded. Image: Unsplash/Lenny Kuhne
Listen to the article

What is the World Economic Forum doing on cybersecurity?
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.
The views expressed in this article are those of the author alone and not the World Economic Forum.
A weekly update of the most important issues driving the global agenda

You can unsubscribe at any time using the link in our emails. For more details, review our

privacy policy.
This energy efficient robot can crawl like a caterpillar
Matt Shipman
March 31, 2023
AI leaders call for pause in systems training, plus other AI stories to read this month
Kay Firth-Butterfield
March 31, 2023
How we create an international framework for privacy-preserving digital ID
Brett McDowell
March 30, 2023
How innovative manufacturing solutions can help fix global supply chains
Theo Saville
March 28, 2023
This Company Wants to Help Feed the World With Vertical Farms
Industry strategy: 5 potential inflexion points on the radar of Chief Strategy Officers
Olivier Woeffray
March 27, 2023
About Us
Events
Media
More from the Forum
Partners & Members
Language Editions
Privacy Policy & Terms of Service
© 2023 World Economic Forum

source