Cyber Security News

Companies Line Up to Undercut Key Data Privacy Law The law allows law enforcement officials such as judges, police officers and prosecutors to request companies stop sharing information such as their home address and phone number. It also allows the officials to sue companies that don’t comply. Data brokers have come under fire by privacy advocates and lawmakers in recent years, but the New Jersey law is one of the few laws passed to regulate them, and perhaps the toughest. While some states now require data brokers to delete people’s information upon request, the lack of enforcement and the difficulty for consumers to opt out often allows data brokers to maintain the status quo. Cyber_Security_Channel

The Real Battle for Data Privacy Begins When You Die The people we love will die, but their data will continue to live indefinitely, digital ghosts in the cloud. At the moment, there’s nothing stopping the Metas and Googles of the world from exploiting them—or perhaps worse, erasing them permanently. Facebook turns death reported account as “memorialized account.”According to the company’s policy at the time, no one could access memorialized accounts, even with a password. Facebook’s “memorialized” accounts, which turn the profile into a tribute page where friends can visit and post, are designed to be static. In 2015 the company added a feature that allows a user to arrange for a “legacy contact” to manage the page after the account holder’s death. But the contact can’t log in or read messages; they are able to curate tribute posts or request that accounts be removed. Cyber_Security_Channel

Apple Could Get Its Wish for a Federal Privacy Law by the End of This Year US companies can collect and store any personal data about you they like, provided they disclose this fact in their privacy policy – which can be worded in extremely general terms. A key compromise on the Democrat side is that small businesses are exempt from the law, so long as they don’t sell customer data to third parties. Cyber_Security_Channel

Why Hub Cyber Security Shares Are Skyrocketing Today Hub Cyber Security said in a press release that this strategic financing is part of the company’s ongoing effort to fortify its financial foundation and strategically invest in its future. The company announced the successful acquisition for cash of Qpoint Technologies. “Acquiring QPoint is not just a transaction; it’s a strategic move deeply embedded in our long-term vision,” Hershcoviz (CEO) added. There is a significant cross-selling opportunity between QPoint and Hub Cyber Security’s expanded offerings, with customers spanning the healthcare, government, energy, defense, and financial sectors. Cyber_Security_Channel

The 20 Hottest AI Cybersecurity Companies: The 2024 CRN AI 100 GenAI is making a particularly big splash for providers of security operations tools, where the ability to replace manual processes with natural language queries promises to offer a huge boost to productivity and effectiveness. Cyber_Security_Channel

Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies The disclosure comes more than two months after the GrapheneOS team revealed that forensic companies are exploiting firmware vulnerabilities that impact Google Pixel and Samsung Galaxy phones to steal data and spy on users when the device is not at rest. ----- 📷 Image Credit: The Independent Cyber_Security_Channel

AI's Dual Role in SMB Brand Spoofing However, AI is not just a tool in the attacker arsenal. Security architects are fighting back by designing security tools that use AI to detect and block impersonation attacks. This gives organizations, especially SMBs with limited budgets and resources, a boost in their abilities to fight back. Cyber_Security_Channel

Authy vs Google Authenticator: Two-Factor Authenticator Comparison Twilio’s Authy is a mobile two-factor authentication app that strengthens online security by sending a one-time password to your mobile or desktop device. It directly syncs with websites and services to grant user access and is completely free. Cyber_Security_Channel

Bethel School District Data Breach Causes Stress, Financial Issues for Community “The computer system was down at Bethel and the phone systems were down at Bethel and I’m thinking that’s what it was at that time but they didn’t tell anybody that this was going on,” said the parent who talked with KOMO. Cyber_Security_Channel

What to Know About Protecting Your Car Data Privacy Some car companies do allow consumers to adjust connectivity settings, and drivers can read about how in their car's privacy policy. But opting out of all data sharing isn't always possible. ----- 📌 Want to ensure your digital safety? Become HACKPROOF: → Learn how to beat fraudsters, prevent identity theft, and say goodbye to cybercrime! ----- Cyber_Security_Channel

YouTube Video Game ‘Hacks’ Contain Malware Links Many of the games used as lures were deliberately chosen because they are popular among children, Proofpoint said, indicating that the threat actors are trying to trick those less likely to follow online safety best practices. Cyber_Security_Channel

ℹ️ Timeline of the xz Open Source Attack You have probably already heard about Malicious Code in XZ Utils for Linux Systems. Over a period of over two years, an attacker using the name “Jia Tan” worked as a diligent, effective contributor to the xz compression library, eventually being granted commit access and maintainership. Using that access, they installed a very subtle, carefully hidden backdoor into liblzma, a part of xz that also happens to be a dependency of OpenSSH sshd on: - Ubuntu - Debian - Fedora And other systemd-based Linux systems that patched sshd to link libsystemd. That backdoor watches for the attacker sending hidden commands at the start of an SSH session, giving the attacker the ability to run an arbitrary command on the target system without logging in — leading to unauthenticated, targeted remote code execution. You can find the timeline of this long-term story (2 years!) here. ----- 📷 Image Credit: Securing Society 5.0 @Cyber_Security_Channel

Beware of Encrypted PDFs as the Latest Trick to Deliver Malware to You The attack itself is pretty simple. As previously mentioned, attackers will send an encrypted PDF and then a malware-loaded “encryption tool” once the victims respond. That “encryption tool” will even display a fake PDF document to really sell the ruse. However, it’s really backdooring a piece of malware called Spica into your device. Cyber_Security_Channel

Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others It chiefly entailed setting up a clever typosquat of the official PyPI domain known as "files.pythonhosted[.]org," giving it the name "files.pypihosted[.]org" and using it to host trojanized versions of well-known packages like colorama. Cloudflare has since taken down the domain. 📷 Image Credit: SheCodes Cyber_Security_Channel

New Tycoon 2FA Phishing Kit Raises Cybersecurity Concerns Initially, victims are directed via email attachments or QR codes to a page featuring a Cloudflare Turnstile challenge designed to thwart unwanted traffic. Upon successful completion, users encounter a fake Microsoft authentication page, where their credentials are harvested. Cyber_Security_Channel

3 Ways Businesses Can Overcome the Cybersecurity Skills Shortage Also, there is a shortage of high-quality cybersecurity programs in schools and higher education institutions. While there are good examples, many programs have limited course offerings and outdated curricula. The result is a shallow pool of candidates who can identify, assess, and mitigate cyber threats such as phishing attacks. Similarly, many current cybersecurity programs are not up to date with the latest cyber threats, leaving a gap between the skills taught and those required in real-time scenarios. Cyber_Security_Channel

Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working n 2023, Google said its teams monitored 97 zero-day vulnerabilities exploited in-the-wild in 2023, a 50 percent jump over the 62 bugs exploited the year before. Crunching the numbers, the researchers found that attackers have shifted focus to third-party components and libraries that provide broad access to multiple targets of choice. Cyber_Security_Channel

🎊 Today, Thursday, 4th of April, is Gumroad Day! Gumroad first went live on April 4, 2011, and the platform is celebrating its 13th birthday by lowering fees from 10% to 0%. That means for the full day of April 4, 2024 – according to your timezone, set within Gumroad settings – there will be no Gumroad fees. This is a great opportunity to purchase some of your favorite digital products with beneficial discounts. ⭐️ Here are a few suggestions curated by Cyber Security News: → 2024 GDPR & Cyber Security Epic Bundle — click here. → The Essential Cyber Security Playbook — click here. → Internet Security Fundamentals — click here. Happy shopping! ----- 📷 Image Credit: Gumroad & Kyle T Webster @Cyber_Security_Channel

Air Europa Alerts Customers to Possible Data Breach After Cyber Attack This disclosure comes after Air Europa experienced a cyber attack on its online payment system last October, resulting in some customers’ credit card details being exposed. At the time, the airline assured that no other information was compromised, although it did not specify the number of affected customers. Cyber_Security_Channel