Category: Information

Sharing information about cyber attacks provides several benefits to individuals, organizations, and the broader cybersecurity community. Here are some key advantages:

1. Early Threat Detection: Information sharing enables early detection of cyber threats. When organizations share details about the attacks they’ve experienced, others can learn and proactively defend against similar tactics, techniques, and procedures.

2. Incident Response Improvement: Collaborative information sharing helps organizations enhance their incident response capabilities. Learning from the experiences of others allows for more effective strategies in responding to and mitigating cyber attacks.

3. Community Awareness: Shared information raises awareness within the cybersecurity community about evolving threats. This collective awareness fosters a stronger, more informed defense against common and emerging cyber threats.

4. Trend Analysis: Analyzing shared cyber attack information helps identify trends and patterns. This insight is valuable for understanding the evolving nature of cyber threats, allowing organizations to adapt and improve their security postures accordingly.

5.  Vulnerability Mitigation: Information sharing facilitates the prompt identification and mitigation of vulnerabilities. Organizations can apply patches and security updates more quickly when they are aware of potential weaknesses that have been exploited elsewhere.

6. Regulatory Compliance: In some industries, sharing cyber attack information is required for regulatory compliance. Compliance with these regulations helps ensure that organizations follow best practices and maintain a certain level of cybersecurity preparedness.

7. Global Collaboration:  Cyber attacks often transcend borders. Sharing information globally fosters international collaboration in combating cyber,crime. It allows for a united front against cyber threats that affect multiple countries and regions.

8. Threat Intelligence Enhancement:  Shared information contributes to the overall pool of threat intelligence. This collective intelligence enhances the accuracy and efficacy of threat intelligence platforms, making them more valuable for all users.

9. Security Innovation: Knowledge about various cyber attacks stimulates innovation in cybersecurity solutions. The collective wisdom gained from shared information can inspire the development of new tools, technologies, and strategies to better protect against evolving threats.

10. Reduced Duplication of Effort: Information sharing helps prevent redundancy in efforts to address similar threats. Organizations can learn from each other’s experiences, avoiding the repetition of mistakes and optimizing the allocation of resources for cybersecurity.

In summary, sharing cyber-attack information promotes a more resilient and collaborative cybersecurity ecosystem, empowering organizations to collectively defend against a constantly evolving threat landscape.

The post Benefits on sharing cyber attack information appeared first on Cybersecurity Insiders.

Microsoft is actively engaged in the development of a glass-based data storage medium slated for integration into its data centers that facilitate Azure Cloud services. This innovative ceramics-based storage solution is specifically designed for archival purposes and is touted to be impervious to ransomware attacks. In contrast to conventional SSD and Hard Disk drives, this technology is resistant to infiltration by cybercriminals seeking to deploy file-encrypting malware.

The Windows OS giant showcased its advancements in a 16-page white paper during the 29th ACM Symposium, drawing considerable attention from the tech community. Referred to as ‘Cerabyte,’ this new technology utilizes quartz glass as its foundation for information storage, presenting itself as a virtually eternal storage solution with the remarkable capability to store 1TB of information in just 1 square centimeter.

Cerabyte consists of square glass platters, and the process involves the use of high-speed Femtosecond lasers to inscribe information across the surface. These platters are then vertically stacked using a distinct procedure. Polarized microscopic technology is applied to image the platter in Z patterns, and an AI tool processes and decodes the information into analog signals, seamlessly converting between digital and analog data.

Microsoft asserts that this ransomware-resistant medium holds great potential for application in critical sectors such as healthcare, finance, and research, making cloud data centers more resilient against malware attacks.

It’s crucial to note that while this technology is still in the early stages of development and requires significant research and development efforts to become practical, the use of quartz glass, AI tools for data encoding and decoding, and related technologies may pose economic challenges. As of now, tape storage remains a more economically viable option for archival needs.

The post Microsoft to offer glass based storage tech that is ransomware proof appeared first on Cybersecurity Insiders.

To mitigate privacy and security concerns, it’s advisable to refrain from storing certain types of data on your mobile devices. While smartphones are indispensable for staying connected and managing various aspects of our lives, safeguarding personal information should be a top priority. Here are some steps to help protect your privacy and security:

a.) Password Management: While apps like Keep Notes can be convenient for storing passwords, they can also pose security risks. Avoid storing passwords for email, social media, and banking applications on your mobile phone. If you must store them, consider changing them regularly, ideally on a weekly or monthly basis.

b.) Home Address: Although storing your home address can be helpful in certain situations, it can also be exploited by cyber-criminals. Avoid saving this information, as it can be accessed from bills or bank statements and used to threaten you physically.

c.) Contact Information: Storing contact numbers under familiar names like “Mom” and “Dad” can create vulnerabilities. Hackers may use these names to impersonate your loved ones and send phishing messages to your contacts. Consider adopting a different approach to storing such information on your device to enhance your cyber hygiene.

d.) Sensitive Documents: Never store images of your credit or debit cards, social security numbers, or driver’s licenses directly on your device. If you must keep these details, use a password-protected folder that only you can access via fingerprint or a PIN.

e.) Social Media Accounts: In the wrong hands, your device can provide access to your social media accounts. This can lead to the theft of personal information for use in social engineering attacks.

f.) Biometric Authentication: To protect sensitive folders or applications from hackers, use biometric authentication methods like fingerprint scans or facial recognition.

g.) Bank Account Details: Avoid storing bank account details in plain text or image formats on your device, as this can expose them to cyber-criminals. Instead, consider memorizing them or keeping a printed copy in your wallet. Modern smartphones often offer reliable fingerprint scans and facial recognition as additional security measures.

h.) Intimate Content: Refrain from storing intimate images or videos on your smartphone, as these can have severe consequences if they fall into the wrong hands, such as when your phone is given for repair or borrowed by someone you trust.

i.) Email Management: Be vigilant about the content you store in your email. If you find sensitive information, consider deleting it or transferring it to a secure storage device or cloud. Never click on links sent by unknown senders, as they can lead to malware-infected websites or espionage.

j.) Upgrade Regularly: Smartphone manufacturers continually release more advanced models. Consider upgrading your phone every couple of years to benefit from improved hardware and software, which often offer enhanced security features compared to older versions.

By following these precautions, you can better safeguard your privacy and security in an increasingly connected world.

The post Avoid storing this data on mobile to curb privacy and security concerns appeared first on Cybersecurity Insiders.

Nowadays, those interested can sieve some of the sensitive to very sensitive information from the dark web and that includes banking and email credentials of individuals and businesses. And according to a report compiled and released by Crossword Cybersecurity, information related to over 2.2 million students and staff from UK’s 100 top universities is now available on the dark web. And concernedly about 54% of the information belongs to 24 leading UK Universities representing Russell Group.

If the figures are dissected further, most of the info belongs to over 2.2 million students studying in UK of which 680,000 belongs to international students and the rest belongs to natives, apart from an additional 234,000 staff members.

When a representative from the company contacted a source on the dark web, the data of 1000 students was available for a purchase just for a meager £30 and sometimes the price might go as low as £6 and might to a high of £80. The price volatility depends on the type of information and the data timeliness.

So, educational institutions should start monitoring their data storage practices and watch for any leaks. Also implementing multi-factor authentication makes sense as protecting PII of staff and students from prying eyes makes complete sense.

Security analysts suggest that hackers are always behind information that can fetch them great monetary benefits and so it cannot be restricted to a specific sector, and can spread to other sec-tors such as manufacturing, automotive, finance and such.

The post Breached credentials of UK top universities available on dark web appeared first on Cybersecurity Insiders.

The rise of cloud computing has provided individuals and businesses with a convenient way to store and access their data. However, with this convenience comes a concern about data security. Cloud storage services have become a target for hackers, and the theft of personal and sensitive information can have serious consequences. So, how is information stored in the cloud secured from hacks?

One way to secure information in the cloud is through encryption. Encryption is the process of converting information into a code that only authorized parties can access. Cloud providers use encryption to protect data at rest, which means when the data is stored on the provider’s servers. They also use encryption to protect data in transit, which means when the data is being transferred between the user and the cloud provider. Encryption ensures that even if a hacker gains access to the data, they will not be able to read it.

Another way to secure information in the cloud is through access controls. Access controls are mechanisms that limit access to data and systems based on a user’s identity and privileges. Cloud providers implement access controls through authentication and authorization. Authentication is the process of verifying a user’s identity, while authorization is the process of granting or denying access based on the user’s identity and privileges. By implementing access controls, cloud providers can prevent unauthorized access to data.

Cloud providers also employ security measures such as firewalls, intrusion detection systems, and antivirus software to prevent attacks. Firewalls are barriers that prevent unauthorized access to a network or system. Intrusion detection systems monitor the network for signs of unauthorized access or malicious activity. Antivirus software scans files for known viruses and malware.

In addition to these technical measures, cloud providers also implement physical security measures. Cloud providers store their servers in data centers that are physically secure. Data centers have security guards, surveillance cameras, and other measures to prevent unauthorized access. Cloud providers also perform regular audits and assessments to ensure that their security measures are effective.

In conclusion, information stored in the cloud is secured from hacks through a combination of technical and physical security measures. Cloud providers use encryption, access controls, firewalls, intrusion detection systems, antivirus software, and physical security measures to protect data. However, it is important for users to also take precautions such as using strong passwords and two-factor authentication to further enhance the security of their data in the cloud.

The post How is information stored in cloud secure from hacks appeared first on Cybersecurity Insiders.

According to research and understanding carried out by UEA’s School of Psychology, people tend to reveal more personal details when they are targeted with the same question twice. This means that when a person is asked the same question repeatedly, they tend to over-disclose information, leading to identity theft and cybercrimes.

Personal data can be mined from online users in a simple way, whether it’s completing a survey or subscribing to an online news magazine. The dugout information might prove to be a world’s valuable resource, more valuable than oil and precious metals. From online users’ point of view, this can push them into deep trouble, as security risks will follow, leading them to a financial crisis.

The UEA’s School of Psychology survey took details from over 72 participants, including the pupils’ physical information such as height, weight, and phone number, along with some intrusive topics such as immigration, abortion, and politics.

The study also replicated the fact that users start building trust when asked a question, and if the same question is repeated, they tend to over-disclose without worrying that it can lead to privacy concerns. This is a classic example of the “foot in the door effect.”

Dr. Piers Fleming, the lead researcher from the institute, came to the conclusion that people share more details when they are better understood, and such thinking behavior can prove mutually beneficial, only when they are well-protected against oversharing of details.

So, the research team suggests that businesses and consumers should share information to an acceptable level that can benefit them mutually. Anything more should be forewarned well in advance by the business to protect the privacy of users.

Who’s listening then…?

 

The post People disclose more personal info when question is repeated appeared first on Cybersecurity Insiders.

All the ministers and government employees working in the UK were issued a warning when their official contact details were publicly available online until March 2020. The Government Communication Service website was publicly displaying information of about 45k Govt employees and details include email address, phone numbers and job titles, along with the social media account handles of some ministers and civil servants, including their Twitter and LinkedIn profiles.

Hackers and advertising agencies are always on a hunt for such details as they can sell the data to interested parties for a fair price that could go up to $2000 for info of just 1000 contacts.

Currently, the information was removed from the website because of some maintenance issues and news resource The Times newspaper reported that the website will re-display the details soon.

Often such info can cause phishing and social engineering attacks launched on officials to gather intelligence and so the tech heads of government agencies should follow basic cybersecurity hygiene while posting such details public.

NOTE 1- In October last year, after Liz Truss submitted a resignation, a news resource revealed that her phone number was publicly available while she held a foreign secretary post.

NOTE 2- It is a known fact that UK’s Ex- Prime Minister Boris Johnson’s phone number was publicly available on the web for over a decade and no one from the British parliament bothered to figure out the consequences and warn the British Politician on his contact information being displayed on public platforms.

 

The post Data Security Threat to UK Government Ministers and Civil Servants appeared first on Cybersecurity Insiders.

To all the millions of android users, here’s some news that needs your attention on an immediate note. According to a research conducted by Douglas Leith, a Computer Science Professor working at Trinity College of Dublin, Google Phone and Messages app have been sending data to Google servers without the consent of its users.

“The practice of sending information to remote servers has been taking place from the past few years and it is against the GDPR regulations, the data protection law that protects European Users against companies indulging in data abuse”, says Douglas.

Evidence related to the data send to remote servers was made available in a white paper released by Douglas and the title of the technical paper is “What Data do the Google Dialer and Message apps send to Google?”

As per the analysis available in the paper, information such as call time, duration, phone numbers between the call was established, and all log info was being sent to the servers of the Alphabet Inc’s subsidiary.

Internet Juggernaut reacted to the news on an immediate note and agreed that some app info such as technical data like logs were being sent to the servers to keep the apps functioning properly and to debug any service issues with the app, if any. The web search giant also agreed that the phone numbers not saved on the user’s device were being sent to remote servers to keep the device protected from unwanted spam calls.

Note– The web link providing evidence that Google Dialer and Messages app on android are sending information to Google servers without the user’s consent is:

https://www.scss.tcd.ie/doug.leith/privacyofdialerandsmsapps.pdf

 

The post Google SMS and phone app, sending user data to remote servers appeared first on Cybersecurity Insiders.