Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label User Priavcy. Show all posts
User Priavcy
Australian Data Breach Digital Age FBI Malicious actor Online Library Sensitive data User Priavcy

Cybersecurity Breach Shakes Sydney's Woollahra Council Libraries

Sydney's Woollahra Council Libraries were the target of a cyberattack that sent shockwaves across the community, demonstrating how susceptible information is in the digital age. Concerns regarding protecting personal data and the possible repercussions of such breaches have been raised in response to the occurrence, which was covered by several news sources.

The attack, which targeted libraries in Double Bay, Paddington, and Watsons Bay, has left thousands affected, with the possibility of personal information being stolen. The breach has underscored the importance of robust cybersecurity measures, especially for institutions that store sensitive data.

Woollahra Council has not disclosed the nature of the information compromised, but the potential risks to affected individuals are substantial. Cybersecurity experts are emphasizing the need for swift and comprehensive responses to mitigate the fallout from such breaches. As investigations unfold, users are advised to remain vigilant and monitor their accounts for suspicious activity.

This incident is a stark reminder that cybersecurity is an ongoing challenge for organizations across the globe. As technology advances, so do the methods employed by malicious actors seeking to exploit vulnerabilities. In the words of cybersecurity expert Bruce Schneier, "The user's going to pick dancing pigs over security every time." This emphasizes the delicate balance between user experience and safeguarding sensitive information.

The attack on Woollahra Council Libraries adds to the growing list of cyber threats institutions worldwide face. It joins a series of high-profile incidents that have targeted government agencies, businesses, and educational institutions. The consequences of such breaches extend beyond the immediate loss of data; they erode public trust and raise questions about the effectiveness of existing cybersecurity protocols.

In response to the incident, the Woollahra Council has assured the public that it is working diligently to address the issue and enhance its cybersecurity infrastructure. This event serves as a call to action for organizations to prioritize cybersecurity measures, invest in cutting-edge technologies, and educate users on best practices for online security.

The Sydney incident serves as a timely warning for people and businesses to stay vigilant in the face of emerging cyber dangers, even as the investigation is ongoing. Former FBI director Robert Mueller once said, "There are only two types of companies: those that have been hacked and those that will be hacked." Proactive steps are essential to reduce the effects of these breaches and safeguard everyone's access to the digital world.
Read more »
User Priavcy
AI Chatbot AI Tool CIA CISA & FBI Cyber Security NSA Open Source Software Spies US-China USA officials User Priavcy

CIA's AI Chatbot: A New Tool for Intelligence Gathering

The Central Intelligence Agency (CIA) is building its own AI chatbot, similar to ChatGPT. The program, which is still under development, is designed to help US spies more easily sift through ever-growing troves of information.

The chatbot will be trained on publicly available data, including news articles, social media posts, and government documents. It will then be able to answer questions from analysts, providing them with summaries of information and sources to support its claims.

According to Randy Nixon, the director of the CIA's Open Source Enterprise division, the chatbot will be a 'powerful tool' for intelligence gathering. "It will allow us to quickly and easily identify patterns and trends in the data that we collect," he said. "This will help us to better understand the world around us and to identify potential threats."

The CIA's AI chatbot is part of a broader trend of intelligence agencies using AI to improve their operations. Other agencies, such as the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI), are also developing AI tools to help them with tasks such as data analysis and threat detection.

The use of AI by intelligence agencies raises several concerns, including the potential for bias and abuse. However, proponents of AI argue that it can help agencies to be more efficient and effective in their work.

"AI is a powerful tool that can be used for good or for bad," said James Lewis, a senior fellow at the Center for Strategic and International Studies. "It's important for intelligence agencies to use AI responsibly and to be transparent about how they are using it."

Here are some specific ways that the CIA's AI chatbot could be used:

  • To identify and verify information: The chatbot could be used to scan through large amounts of data to identify potential threats or intelligence leads. It could also be used to verify the accuracy of information that is already known.
  • To generate insights from data: The chatbot could be used to identify patterns and trends in data that may not be apparent to human analysts. This could help analysts to better understand the world around them and to identify potential threats.
  • To automate tasks: The chatbot could be used to automate tasks such as data collection, analysis, and reporting. This could free up analysts to focus on more complex and strategic work.

The CIA's AI chatbot is still in its early stages of development, but it has the potential to revolutionize the way that intelligence agencies operate. If successful, the chatbot could help agencies to be more efficient, effective, and responsive to emerging threats.

However, it is important to note that the use of AI by intelligence agencies also raises several concerns. For example, there is a risk that AI systems could be biased or inaccurate. Additionally, there is a concern that AI could be used to violate people's privacy or to develop autonomous weapons systems.

It is important for intelligence agencies to be transparent about how they are using AI and to take steps to mitigate the risks associated with its use. The CIA has said that its AI chatbot will follow US privacy laws and that it will not be used to develop autonomous weapons systems.

The CIA's AI chatbot is a remarkable advancement that might have a substantial effect on how intelligence services conduct their business. To make sure that intelligence services are using AI properly and ethically, it is crucial to closely monitor its use.

Read more »
User Priavcy
API Data Leak Financial Data Mobile Security Payment Faud User Priavcy

Countering Financial Data Leak in the Era of Digital Payments

 

Over the past five years, there has been a huge surge in the usage of financial services technologies and with that, the risk of a financial data breach has also increased. Multiple financial services technologies use screen scraping to access the private banking data of consumers.

 Screen scraping is a technology by which a customer provides its banking app login credentials to a third-party provider (TTP). The TTP then sends a software robot to the bank’s app or website to log in on behalf of the user and access data.

“The way consumers traditionally connect to their bank accounts is facilitated through screen scraping, where providers require internet banking login information,” explained Joe Pettersson, Chief Technology Officer at Banked. 

One safer alternative to screen scraping is APIs, which let two systems work together. Here are the three benefits of using API: 

Easier for developers 

APIs come with inbuilt documentation, which helps developers code between two systems with a common language. So, they don’t have to learn the details of a full fraud prevention engine’s code, they only need to look at the documentation to understand exactly how quickly they can access certain functions. Once again, this saves time and effort for the whole IT team and helps in making the fraud system more cost-effective. 

Good for Scaling

 Regardless of how efficient a person is, there’s simply no way to review all the user data manually. This is where APIs play an important role by offering fast queries and responses for hundreds of thousands of user logins, transactions, or signups. 

Automates everything 

Because APIs are linked to web apps, there’s no need to regularly tweak them or wait for IT updates. All the fixes and improvements are made from the server side, so individuals can focus on their business instead. It’s not only cheaper in terms of IT resources, but also much more efficient and faster.

Conclusion 

To mitigate fraud risk, propagating knowledge and awareness of new payment technologies, channels, and products, and the risks involved — to both customers and employees — is a crucial part of a fraud prevention strategy. Embedding the fraud management process into overall customer engagement and experience should be the first step forward.
Read more »
User Priavcy
Cyber Security MFA Microsoft Azure Multi-factor authentication Outlook User Priavcy

Microsoft Now Permits IT Administrators to Evaluate and Deactivate Inactive Azure AD users

 

Azure Active Directory has received a handful of security updates from Microsoft. In preview, the business has unveiled a new access reviews tool that allows enterprises to delete inactive user accounts which may pose a security concern. Users who created the new Azure AD tenant after October 2019 received security defaults, however, customers who built Azure AD tenants before October 2019 did not receive security defaults. 

According to Microsoft, the Azure AD security defaults are utilized by around 30 million companies today, and the defaults will be rolled out to many more organizations, resulting in the settings protecting 60 million more accounts. IT admins could now terminate Azure AD accounts that haven't signed in for a certain number of days. 

The Azure Active Directory Identity Governance service now includes the new access review feature. It's useful for companies who don't want contractors or former employees to have access to sensitive data. Azure Active Directory (Azure AD) is a Microsoft cloud service that manages identification and authentication for on-premise and cloud applications. In Windows 2000, it was the advancement of Active Directory Domain Services. 

"The term "sign-in activity" refers to both interactive and non-interactive sign-in activities. Stale accounts may be automatically removed during the screening process. As a result, your company's security posture increases," Microsoft explained. 

According to Alex Weinert, Microsoft's director of identity security, the defaults were implemented for new tenants to ensure that they had "minimum security hygiene," including multi-factor authentication (MFA) and contemporary authentication, independent of the license. He points out that the 30 million firms which have security defaults in place are significantly less vulnerable to intrusions.

This month, Microsoft will send an email to all global admins of qualified Azure AD tenants informing them of security settings. These administrators will receive an Outlook notification from Microsoft in late June, instructing them to "activate security defaults" and warning of "security defaults will be enforced automatically for respective businesses in 14 days." All users in a tenant will be required to register for MFA using the Microsoft Authenticator app after it has been activated. A phone number is also required of global administrators.
Read more »
User Security
Android Trojans Mobile Security User Credentials User Priavcy User Security

Android Trojan Spotted in Multiple Applications on Google Play Harvesting User Credentials

 

Cybersecurity researchers at Dr. Web monitoring the mobile app ecosystem have spotted a major tip in trojan infiltration on the Google Play Store, with one of the applications having over 500,000 installations and available to download. 

The majority of these applications belong to a family of trojan malware used in a variety of scams, resulting in money losses as well as the theft of sensitive private details. Additionally, a new Android trojan called ‘Android.Spy.4498’ designed as a WhatsApp mod has been discovered in the wild. The trojan is spreading via malicious websites promoted by social media posts, forums, and SEO poisoning.

According to Dr. Web's report published in January 2022, the ‘Android.Spy.4498’ was identified in some of the unofficial WhatsApp applications (mods) named GBWhatsApp, OBWhatsApp, or WhatsApp Plus. These mods provide Arabic language support, home screen widgets, separate bottom bar, hide status options, call blocking, and the ability to auto-save received media. These mods are popular in the online communities because they offer additional features not available in the vanilla WhatsApp.

The Trojan is also capable of downloading apps and offering users to install them in order to display dialog boxes with the content it receives from malicious actors. During the attack, Android.Spy.4498 requests access to manage notifications and read their content. 

Additionally, the threats identified on the Play Store include cryptocurrency management applications, social benefit aid tools, Gasprom investment clones, photo editors, and a launcher themed after iOS 15. The majority of fake investment apps trick the victims to design a new account and deposit money supposedly for trading, which is simply transferred to the fraudster’s bank account. Other apps attempt to trick the user into signing up for expensive subscriptions. 

The user reviews under the app describe tactics that resemble subscription scams, charging $2 per week for verification or ad removals, yet offering nothing in return. As the report details, apps discovered by security analysts will load affiliate service sites and enable paid subscriptions through the Wap Click technology after tricking the user into entering their phone number.  

To mitigate the risks, researchers advised installing the apps from trustworthy sources, checking user reviews, scrutinizing permission requests upon installation, and monitoring battery and internet data consumption afterward. Also, to monitor the status of Google Play Protect regularly and add a second layer of protection by using a mobile security tool from a reputable vendor.
Read more »
Subscribe to: Posts (Atom)