Author: rescue@crimefire.in

Three U.S. data breaches show varied healthcare exposure risks  Reuters
source

Let Cybersecurity Dive’s free newsletter keep you informed, straight from your inbox.

A series of high-profile and damaging cyberattacks has underscored the critical role cybersecurity teams play, and top brass are taking notice.
Layoffs are imminent at organizations of all types and widely viewed as a necessity as economic difficulty looms, but cybersecurity professionals will be the least impacted, according to (ISC)2.
Only 1 in 10 executives anticipate job cuts to cybersecurity teams this year, according to a survey released Thursday by the non-profit cybersecurity training and certification organization.
“This is probably the most elevated importance that’s been placed on cybersecurity that we’ve ever seen,” (ISC)2 CEO Clar Rosso said.
Professionals in HR, finance, operations, sales, marketing, IT and research and development are all expected to face steeper job cuts this year, the survey found. HR, operations and finance teams were tapped as the most likely to be impacted by layoffs.
A series of high-profile and damaging cyberattacks has underscored the critical role cybersecurity teams play, and top brass is taking notice, according to (ISC)2.
“I believe that reflects in part the value they put on the strategic importance of information systems security within their organization,” Rosso said.
Nearly 9 in 10 respondents said reductions in cybersecurity staff would increase risk, the survey Found. But 4 in 5 expect threats to rise in 2023 regardless of staffing levels.
When organizations eliminate cybersecurity positions, they are often slower to assess and manage the threat landscape and patch critical systems, according to Rosso. Smaller teams are more likely to make errors in process and procedures, which can create vulnerabilities in their system.
“Those are also tied very directly to the reasons that organizations have cyber incidents and they have data breaches,” Rosso said.
The vast majority of respondents, 9 in 10, said their organizations have increased cybersecurity hiring since 2020, and about half said cybersecurity professionals would be prioritized for hiring when the economy improves.
(ISC)2 surveyed 1,000 C-suite executives in the U.S., U.K., Japan, Germany and Singapore in December 2022. The organization purposefully excluded CIOs and CISOs from the survey to gain perspective from individuals most responsible for headcount.
Respondents represented organizations in IT services, manufacturing, retail, finance, software, healthcare, construction and telecommunications.
The view into how the cybersecurity workforce will weather economic difficulties leaned heavily on a widely anticipated recession, but data pointing to a recession remains mixed.
“We’ve had people whispering recession in our ear for a couple of years now,” Rosso said. “Recession? Not sure. A lot of economic uncertainty and maybe some global instability? You can’t argue against that.”
(ISC)2 hasn’t heard about significant layoffs impacting cybersecurity professionals and notes hiring remains robust.
At least three cybersecurity firms — Sophos, Okta and SecureWorks — announced staff cuts so far this year, and some cybersecurity staff at the world’s biggest tech companies have been impacted by massive layoffs.
“This is my invitation to all those tech workers who’ve been laid off. Come on over. We’ve got jobs for you in cybersecurity,” Rosso said. “Historically the individuals who are best suited to move into cybersecurity come from IT backgrounds and we have millions of jobs, so come on over.”
Get the free daily newsletter read by industry experts
Chief Product Officer Josh Prewitt said the company restored email access to more than three-quarters of its Hosted Exchange customers. But Rackspace officials pushed back on alleged connections to ProxyNotShell.
The password manager warned customers to lookout for brute force attacks, phishing or credential stuffing.
Keep up with the story. Subscribe to the Cybersecurity Dive free daily newsletter
Keep up with the story. Subscribe to the Cybersecurity Dive free daily newsletter
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Chief Product Officer Josh Prewitt said the company restored email access to more than three-quarters of its Hosted Exchange customers. But Rackspace officials pushed back on alleged connections to ProxyNotShell.
The password manager warned customers to lookout for brute force attacks, phishing or credential stuffing.
The free newsletter covering the top industry headlines

source

China has accused the US of exaggerating national security fears about TikTok to suppress the Chinese company. US government agencies have been ordered to wipe the Chinese app from all staff devices within 30 days, because of concern over cyber-security. Similar steps have been taken by Canada and the EU, with some politicians calling for nationwide bans.
Spare a thought for TikTok executives.
In 2020, they narrowly escaped seeing their smash-hit app banned in the US by former president Donald Trump, and faced a daily storm of questions about the cyber-security risks posed by TikTok.
Thanks to numerous complex legal challenges, the debate largely fizzled out – and was eventually put to rest in 2021, when President Joe Biden overturned Trump's proposal.
You could almost hear a collective sigh of relief, both from TikTok itself and the millions of influencers who rely on the social media app to earn a living.
But now, in an irony which mirrors the video app's trademark looping format, we're back to where we started.
Except now the stakes are even higher.
Around the time of Trump's proposed ban nearly three years ago, TikTok had been downloaded around 800 million times worldwide. Currently it numbers 3.5 billion downloads, according to app analyst company Sensor Tower.
Add to that a rise in geopolitical tensions between China and Western countries, and it's clear TikTok's global future is more precarious than ever.
So what are the three chief cyber-security concerns about TikTok which keep being flagged, and how does the company respond to them?
A TikTok spokeswoman told the BBC that the app's data collection is "In line with industry practices".
Critics frequently accuse TikTok of harvesting huge amounts of data. A cyber-security report published in July 2022 by researchers at Internet 2.0, a Australian cyber company, is often cited as evidence.
Researchers studied the app's source code and reported the app carries out "excessive data harvesting". Analysts said TikTok collects details such as location, what specific device is being used and which other apps are on the device.
However, a similar test carried out by Citizen Lab concluded "in comparison to other popular social media platforms, TikTok collects similar types of data to track user behaviour".
Similarly, a recent report by the Georgia Institute of Technology in January stated: "The key fact here is that most other social media and mobile apps do the same things."
TikTok's spokeswoman told the BBC that the company is fully independent and "has not provided user data to the Chinese government, nor would we if asked".
Although it irks privacy experts, most of us accept that handing over swathes of private data is the deal we make with social networks.
In exchange for giving us their services free of charge they gather knowledge about us and use it to sell advertising on their platform, or sell our data to other firms trying to advertise to us elsewhere on the internet.
The issue that critics have with TikTok is that it's owned by Beijing-based tech giant ByteDance, making it unique as a non-American mainstream app. Facebook, Instagram, Snapchat and YouTube, for example, all collect similar amounts of data but are all US-founded companies.
For years, US lawmakers, along with most of the rest of the world, have assumed a level of trust: that the data collected by these platforms won't be used for nefarious reasons which might put national security at risk.
Donald Trump's 2020 executive order alleged TikTok's data collection could potentially allow China to "track the locations of federal employees and contractors, build dossiers of personal information for blackmail, and conduct corporate espionage".
So far, evidence points to this being only a theoretical risk – but fears are stoked by a vague piece of Chinese law passed in 2017.
Article seven of China's National Intelligence Law states that all Chinese organisations and citizens should "support, assist and co-operate" with Chinese intelligence efforts.
This sentence is often cited by people suspicious not just of TikTok, but all Chinese companies.
However, researchers from the Georgia Institute of Technology argue this sentence is taken out of context, and note that the law also includes caveats protecting the rights of users and private companies.
Since 2020, TikTok executives have repeatedly tried to reassure people that Chinese staff can't access the data of non-Chinese users.
But in December ByteDance admitted that several of its Beijing-based employees did access the data of at least two US journalists, and a "small number" of others, to track their locations and check whether they were meeting TikTok employees suspected of leaking information to the media.
TikTok's spokeswoman says the employees who accessed the data were dismissed in December.
The firm insists user data is held in the US and Singapore and has never been stored in China. It says it is in the process of creating data stores elsewhere too, for example in Ireland where it plans to process all UK and EU data by 2024.
TikTok's spokeswoman said: "Our community guidelines prohibit misinformation that could cause harm to our community or the larger public, which includes engaging in co-ordinated inauthentic behaviour."
In November 2022, Christopher Wray, director of the Federal Bureau of Investigation, told US lawmakers: "The Chinese government could… control the recommendation algorithm, which could be used for influence operations."
Those concerns are further inflamed by the fact that TikTok's sister app, Douyin – which is only available in China – is heavily censored and reportedly engineered to encourage educational and wholesome material to go viral.
All social networks are heavily censored in China with an army of internet police deleting content which criticises the government or excites political unrest.
At the start of TikTok's ascendancy, there were high-profile cases of censorship on the app: a user in the US had her account suspended for discussing Beijing's treatment of Muslims in Xinjiang; after a fierce public backlash, TikTok apologised and reinstated the account.
Since then there have been few cases of censorship, other than the sort of controversial moderation decisions that all platforms have to deal with.
Researchers at Citizen Lab carried out a comparison of TikTok and Douyin. They concluded that TikTok does not employ the same political censorship.
"The platform does not enforce obvious post censorship," researchers said.
Georgia Institute of Technology analysts also searched for topics such as the independence of Taiwan or jokes about Chinese Premier Xi Jinping, and concluded: "Videos in all of these categories can easily be found on TikTok. Many are popular and widely shared."
The overall picture, then, is one of theoretical fears – and theoretical risk.
Critics argue TikTok is a "Trojan horse" – although it looks harmless it could prove to be a powerful weapon during times of conflict, for example.
The app is already banned in India, which took action in 2020 against the app and dozens of other Chinese platforms.
But a US ban on TikTok could have a huge impact on the platform, since typically US allies often fall in step with such decisions.
That was apparent when the US successfully led calls to block Chinese telecom giant Huawei from being deployed in 5G infrastructure – again, based on theoretical risks.
It's worth noting, of course, that these risks are a one-way street. China doesn't have to worry about US apps because access for Chinese citizens has been blocked for many years.
India bans TikTok and dozens more Chinese apps
Wagner boss suggests 'betrayal' in Bakhmut battle
S Korea to pay victims of Japan WW2 forced labour
Huge fire investigated at world's largest refugee camp
How Korean dramas took over Bollywood-mad India
Twitter insiders: We can't protect users from trolling under Musk
Quake survivors living in fear on Turkey's streets
The island paradise held prisoner by heroin
An Irish Goodbye tackles male grief in bid for Oscar glory
Why do we value gold so much? VideoWhy do we value gold so much?
The Murdaugh trial is over, but infamy lingers for town
What is the plan to protect the high seas?
After Afghan TV fame, a new life in Ohio
The university that changed the world
11 of the best films to watch in March
Why scraping burnt toast may be wise
© 2023 BBC. The BBC is not responsible for the content of external sites. Read about our approach to external linking.

source

“Bloomberg ETF IQ” focuses on the opportunities, risks and current trends tied to the trillions of dollars in the global exchange traded funds industry. Bloomberg’s Matt Miller, Katie Greifeld and Eric Balchunas are joined by leaders in this market, providing critical intelligence to finance advisers and investors of ETFs.
Bloomberg Chief Washington Correspondent Joe Mathieu delivers insight and analysis on the latest headlines from the White House and Capitol Hill, including conversations with influential lawmakers and key figures in politics and policy.
Series focused on the designers, artists, and craftspeople behind some of the world’s most impressive bespoke creations
JetBlue-Spirit Deal Faces DOJ Antitrust Suit as Soon as Tuesday
Brenntag Considers Buying Back At Least 5% of Stock
Dutch Greenhouses to Ease Europe’s Vegetable Shortage Next Month
ECB Battle Lines Form for March Decision as Future Hikes Debated
Spain’s Falling Deposit Rates Highlight Uneven Impact of Interest Rate Hikes
Red Bull’s Horner Likens F1’s TV Fame to ‘Kardashians on Wheels’
JetBlue-Spirit Deal Faces DOJ Antitrust Suit as Soon as Tuesday
Goldman Says Buy Apple After Years on Sidelines of 300% Advance
Twitter Faces Second Outage in a Week as Users Receive Error Messages on Links
BTS Label Hybe Falls Far Short in Bid to Take Over K-Pop Pioneer
Quiet Politician Steps Up to Challenge Erdogan in Turkish Election
N. Ireland’s DUP Sets Up Group to Assess New UK-EU Brexit Plan
A Nation’s Heavily Indebted Consumers Face a Painful Margin Call
Goldman’s Top Stock Trader Whose Pay Rivaled CEO’s Makes Surprise Exit
Red Bull’s Horner Likens F1’s TV Fame to ‘Kardashians on Wheels’
Shoppers Are Cooling on Luxury Purchases, Saks Fifth Avenue Says
Blackstone CMBS Default Presages Bad Times for Property Owners
ESG Investing Fight Is Less Than Meets the Eye
Women in Tech Are Forever Cast as ‘Adults’ But Rarely as CEO
Yellowstone Backers Wanted to Cash Out—Then the Streaming Bubble Burst
How Countries Leading on Early Years of Child Care Get It Right
Female Execs Are Exhausted, Frustrated and Heading for the Exits
‘Fences’ Producer Gets $90 Million in Funding From Investors Including Goldman Sachs
Only 22% of Speakers at Top Oil Conference Are Women
Tesla Offers an Unprecedented Look at the Bench Behind Elon Musk
UK Grid Readies Reserve Coal Unit for Tuesday’s Cold Snap
How San Francisco Is Making Small Businesses More Accessible
Last ‘Frigo’ in Paris: Urban Plan Threatens Piece of City’s History
This Former Factory Is Now New Taipei’s Edgiest Project
How The FTX Collapse Shook The Bahamas
This Week in Crypto: Ukraine War, Marathon Digital, FTX
AI Hype Comes to Crypto
Jen Easterly
Katrina Manson
Subscriber Benefit
Subscribe
A senior US cybersecurity official described adoption of some of Microsoft Corp. and Twitter Inc.’s security protocols as “disappointing” as part of a broadside against large technology companies’ approach to protecting user accounts. 
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, said in a speech Monday that bad software and unsafe practices are facilitating ransomware attacks that are crippling the nation’s most essential services, spanning energy supply, food production, hospitals and schools.

source

The tech world is all abuzz over ChatGPT, the AI chatbot trained by OpenAI (founded by Elon Musk, Sam Altman and others). The large language model has exploded on the scene, amassing 1 million users in the first five days of its launch in late 2022. The security community is highly interested in this AI tool — and so are hackers. From writing malware code to generating a never-ending stream of phishing campaigns, many have named ChatGPT a dream platform for cyber actors. But what about the good guys?
Nearly any technology these days is a double-edged sword. So how are security pros looking at ChatGPT to help thwart cyber threats? Let’s find out.
Imagine a Russian-speaking cyber gang trying to write a sophisticated spear phishing message targeting a US-based CEO. The hacker would either have to be a language expert or hire a native writer. But now, in seconds, they can just ask ChatGPT to produce a nearly infinite number of believable phishing messages.
Attackers are already using ChatGPT to write malicious code. From infostealer to ransomware to entire Dark Web marketplaces, actors on underground forums are boasting about how they are using the AI chatbot to accelerate their efforts.
Legitimate research has also explored how ChatGPT could impact security. As reported by SC Media, security researcher Dr. Suleyman Ozarslan stated that he was able to utilize the program for a variety of offensive and defensive cybersecurity tasks. These included crafting a World Cup-related email in fluent English, generating Sigma detection rules to identify cybersecurity anomalies and creating evasion code that could circumvent detection rules.
Experts compare ChatGPT to other software, such as Cobalt Strike and Metasploit, which are popular with security professionals and attackers alike. These tools are useful for legitimate penetration testing and simulating potential adversaries. But hacking groups also use the tools to help them break into their victims’ systems.
Jeff Pollard, vice president and principal analyst at Forrester, said the emergence of ChatGPT has enabled him to consider how companies might practically leverage AI for defensive cybersecurity work, as per SC Media.
“I do think there is an aspect of looking at what it’s doing now, and it’s not that hard to see a future where you could take a SOC analyst that maybe has less experience, hasn’t seen as much and they’ve got something like this sitting alongside them that helps them communicate the information, maybe helps them understand or contextualize it, maybe it offers insights about what to do next,” Pollard said.
The strength and versatility of ChatGPT caught the attention of HackerSploit, who did a variety of tests with the chatbot online. He asked the AI chatbot how to scan for SMB (Server Message Block) vulnerabilities with Nmap. I repeated the question on my own, and the results were striking:

ChatGPT explained the process in detail and even included code snippets. What really caught my attention was the part in the answer that said (emphasis added):
“You can also use the NSE script smb-vuln-ms17-010 to check if the target is vulnerable to the ETERNALBLUE exploit, a SMB vulnerability that was used in the WannaCry attack nmap –script smb-vuln-ms17-010 <target>”
For Red Team cybersecurity teams (and criminals), the implications are massive. And what about Blue Team defensive efforts? HackerSploit asked these questions and received high-level answers:
HackerSploit also asked ChatGPT to find problems in a PHP code with a known vulnerability. ChatGPT not only identified the security weakness but also provided the code to fix it.
As cyberattacks grow in volume and complexity, artificial intelligence is already assisting under-staffed security teams to mitigate threats. Curating threat intelligence from across research sources, blogs and news stories, AI technologies like machine learning and natural language processing (NLP) provide actionable insight that cuts through the clutter. And all this drastically reduces response times.
Meanwhile, cognitive security combines the strengths of AI and human intelligence. Cognitive computing is an advanced type of artificial intelligence that leverages machine-learning algorithms and deep-learning networks. And these systems get stronger and smarter over time.
ChatGPT isn’t without its own bugs. Users have flagged the answers the chatbot provides for errors on numerous occasions. And, of course, you should always thoroughly test any code the AI writes before use. Still, the machine continues to learn as it interacts with the world. By design, it will get better and better at providing accurate answers.
Powerful AI tools are already available for both cyber criminals and security teams. The difference will be in which side learns to use the tools with more precision and efficiency. The worry is that these kinds of tools continue to lower the bar for malicious actors to launch attacks. As time goes on, even the most rudimentary skills might be enough to build dangerous cyber campaigns.
While organizations might be able to defend themselves using similar tools, what about the everyday person? How can the masses hope to outwit criminals armed with advanced AI tech?
Maybe, if ChatGPT-like tools remain accessible to everyone, all we will have to do is ask, “How should I defend myself against the threat of cyberattack?” And the chatbot will give us a detailed answer right away.
Jonathan Reed is a freelance technology writer. For the last decade, he has written about a wide range of topics including cybersecurity, Industry 4.0, AI/ML…
3 min read – The rise in digital technology is creating opportunities for individuals and organizations to achieve unprecedented success. It’s also creating new challenges, particularly in protecting sensitive personal and financial information. Personally identifiable information (PII) is trivial to manage. It’s often spread…
4 min read – Discover how threat actors are waging attacks and how to proactively protect your organization with top findings from the 2023 X-Force Threat Intelligence Index.
12 min read – Dive into the biggest highlights from this year’s X-Force Threat Intelligence Index with report author Michael Worley, a strategic cyber threat analyst at IBM Security. Listen now on Into the Breach.
According to a recent report, the number of attacks on the government sector saw a massive upswing in the second half of 2022 compared to the same period in 2021. The COVID-19 pandemic led to rapid digitization in government organizations, including a significant increase in remote systems access. This expanded the attack surface and further enabled malicious actors to use cyber warfare as a means to target other nations.Cyberattacks continue to affect the entire public sector, including schools and local…
On September 15, 2022, Uber employees logged on to see an unexpected message on the company’s Slack channel. It said, “Hi @here, I announce I am a hacker and Uber has suffered a data breach.” At first, many thought it was a joke. But the reality was not funny in the slightest. The intruder didn’t only infiltrate Slack: Uber’s domain admin, Amazon Web Services admin and GSuite were reportedly among the company’s compromised accounts. As per Group-IB, the hacker gained…
Public safety organizations are common cyberattack targets. But a recent Verizon survey of these organizations reveals that only 15% feel they are “very prepared” against cyberattacks. This survey coincides with a Resecurity report that cites an increase in malicious activity targeting law enforcement agencies during Q2 2022. Any incident can potentially impact community welfare and public safety. The challenge remains in how to improve security on tight public budgets. Luckily, a few simple tactics can begin to make a meaningful…
Technical and non-physical attacks have always been a part of modern warfare. During World War II, the Allies used advanced cryptanalysis to decrypt encoded messages sent by the Axis powers using the Enigma ciphering system. Led by Alan Turing, this breakthrough provided the Allies with valuable military intelligence and helped win the war. Fast forward to present-day warfare, where the cyber front has never been more intense. On February 24, Russia’s computer hackers targeted Ukraine’s satellite communications system, run by…
Analysis and insights from hundreds of the brightest minds in the cybersecurity industry to help you prove compliance, grow business and stop threats.

source

2023-2030 Australian Cyber Security Strategy Discussion Paper  Home Affairs
source

Keep abreast of significant corporate, financial and political developments around the world. Stay informed and spot emerging risks and opportunities with independent global reporting, expert commentary and analysis you can trust.