Data and Security - ReadWrite IoT and Technology News Fri, 19 Jan 2024 14:05:41 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.2 https://readwrite.com/wp-content/uploads/cropped-rw-32x32.jpg Data and Security - ReadWrite 32 32 Vans maker VF Corp hit by cyber attack, personal data 35.5 million compromised https://readwrite.com/vans-maker-vf-corp-hit-by-cyber-attack-personal-data-35-5-million-compromised/ Fri, 19 Jan 2024 14:05:41 +0000 https://readwrite.com/?p=250199 An image depicting the Vans cyber attack featuring a digital security breach alert with the VF Corporation logo, against a backdrop of a digital lock and binary code.

VF Corp, the parent company of popular sneaker brand Vans, has disclosed a significant data breach impacting approximately 35.5 million […]

The post Vans maker VF Corp hit by cyber attack, personal data 35.5 million compromised appeared first on ReadWrite.

]]>
An image depicting the Vans cyber attack featuring a digital security breach alert with the VF Corporation logo, against a backdrop of a digital lock and binary code.

VF Corp, the parent company of popular sneaker brand Vans, has disclosed a significant data breach impacting approximately 35.5 million consumers, according to a recent Reuters report. The breach, which stemmed from a cyber attack detected on Dec. 13, led to disruptions in the company’s e-commerce operations and affected global customer orders.

In a recent regulatory filing, VF Corp revealed that the cyber attack caused delays in order fulfillment and resulted in the cancellation of some product orders. Despite these operational challenges, the company has assured stakeholders that it does not anticipate any material impact on its financials.

One of the key concerns arising from the incident is the breach of personal data. VF Corp clarified that while a substantial number of consumer records were compromised, the company does not store sensitive information such as social security numbers, bank account details, or payment card information in its IT systems. This limitation in data storage has potentially mitigated the severity of the breach.

Furthermore, VF Corp stated that there is currently no evidence suggesting that consumer passwords were acquired during the cyber attack. This information provides some reassurance to affected consumers regarding the security of their accounts.

In response to the incident, VF Corp has taken steps to restore its IT systems and data. The company reported that it has substantially recovered the systems impacted by the cyber attack. However, it is still addressing minor operational issues that have arisen in the aftermath.

The post Vans maker VF Corp hit by cyber attack, personal data 35.5 million compromised appeared first on ReadWrite.

]]>
Pexels
Cyberattack: Clearview loses $1.1m https://readwrite.com/cyber-attack-clearview-loses-11m/ Tue, 16 Jan 2024 23:50:32 +0000 https://readwrite.com/?p=249680 Cyberattack at Clearview

Canadian energy producer Clearview Resources Ltd announced findings surrounding the cyber attack that cost the company $1.1m. The company released […]

The post Cyberattack: Clearview loses $1.1m appeared first on ReadWrite.

]]>
Cyberattack at Clearview

Canadian energy producer Clearview Resources Ltd announced findings surrounding the cyber attack that cost the company $1.1m.

The company released an earlier press statement flagging the events on December 6, 2023.

”Clearview is in the process of assessing the impact on the Company’s operations. We are not aware of any evidence that customer, supplier or employee data has been compromised or misused due to the situation. “

The company brought in Independent security experts to investigate the incident, leading to today’s information on the cyber-attack.

$1.1 million lost

It has now been disclosed that a cybersecurity incident was perpetrated through a compromised email address, which was then used to funnel company funds to a third-party account.

According to the most recent update from the company, Clearview ”experienced a cybersecurity incident whereby an internal email address was compromised and used by fraudulent actors to redirect the transfer of certain Company funds to a third-party account. The crime resulted in the loss of $1.5 million.”

The technology partner of the energy company was contacted immediately, and Clearview restricted several functions. Still, luckily, “no material impact to operations” was recorded once these key business systems were restored.

The company has said it will continue to investigate the events that took place in December last year and hopes to recover the lost funds alongside third-party experts and members of law enforcement.

However the energy provider is realistic that “due to the nature of the cybersecurity

incident, these efforts may not result in the return of all or some of the stolen funds.”

North American data and security

In other data and security news, the Biden Administration has announced new cybersecurity requirements for hospitals.

The Centers for Medicare & Medicaid Services, a branch of the Department of Health and Human Services, is expected to propose these rules within the next month.

This should lead to further jobs in this sector. In a recent post, we looked at the top Cybersecurity roles across the United States, detailing the best places to work in this emerging American market.

Image Credit: Pixabay; Pexels

The post Cyberattack: Clearview loses $1.1m appeared first on ReadWrite.

]]>
Pexels
Biden administration to introduce cybersecurity requirements for hospitals https://readwrite.com/biden-administration-to-introduce-cybersecurity-requirements-for-hospitals/ Tue, 09 Jan 2024 20:14:56 +0000 https://readwrite.com/?p=248544 Hospital building with cybersecurity symbols, depicting digital security in healthcare.

The Biden administration is set to unveil new cybersecurity requirements for hospitals, as per a recent report by The Messenger. […]

The post Biden administration to introduce cybersecurity requirements for hospitals appeared first on ReadWrite.

]]>
Hospital building with cybersecurity symbols, depicting digital security in healthcare.

The Biden administration is set to unveil new cybersecurity requirements for hospitals, as per a recent report by The Messenger. These forthcoming regulations aim to fortify digital defenses in healthcare facilities, ensuring federal funding is contingent on the implementation of basic security measures.

The Centers for Medicare & Medicaid Services, a branch of the Department of Health and Human Services, is expected to propose these rules within the next month. These regulations will mandate hospitals to establish fundamental digital security protocols to qualify for federal funding. A senior administration official, speaking on the condition of anonymity, indicated that these requirements are anticipated to be enforced before the year’s end.

Hospitals have long been prime targets for cybercriminals due to their reliance on technology for both administrative and medical purposes. Recent incidents, such as the cyberattack on Tennessee-based Ardent Health Services, have highlighted the vulnerabilities in the healthcare system. These attacks have led to the diversion of ambulances, rescheduling of procedures, and even the cancellation of surgeries, underscoring the critical need for enhanced cybersecurity measures.

Striking a balance: Cybersecurity and healthcare operations

In response to these growing threats, the Biden administration has been actively deliberating on strategies to improve security standards in the healthcare industry. The new cyber rules will add to the extensive list of requirements hospitals must meet to receive reimbursement from Medicare and Medicaid programs.

Key elements of the new requirements include the implementation of multi-factor authentication and the establishment of a program to promptly address software vulnerabilities. These basic security practices are expected to significantly mitigate the risk of cyber incidents.

This move by the Biden administration marks a shift in the government’s approach to cybersecurity. Traditionally, the government has refrained from imposing specific cybersecurity mandates on critical industries. However, the administration has recently adopted a more proactive stance. Following the May 2021 Colonial Pipeline ransomware attack, the Transportation Security Administration introduced cyber rules for pipeline operators, which later influenced similar regulations for the aviation and rail industries.

Health and Human Services is now set to follow TSA’s lead with its own set of cybersecurity rules for hospitals. While some requirements will be clearly defined, others will offer more flexibility, allowing hospitals to tailor certain aspects, such as the timeframe for software patches, to their specific needs.

The administration anticipates negotiations during the public comment period following the rule’s release. Drawing from the TSA experience, the official noted that starting with more prescriptive requirements could facilitate easier adjustments based on industry feedback.

The reaction of the hospital industry to these impending rules remains uncertain. The American Hospital Association previously criticized the government’s plan to link cybersecurity requirements to federal funding. HHS has not yet commented on the potential for legal challenges to these new regulations.

This development could potentially lead to a standoff between the Biden administration and the hospital industry, reminiscent of the Environmental Protection Agency’s withdrawal of cybersecurity rules for water facilities following legal challenges. As the administration gears up to implement these critical cybersecurity measures, the healthcare sector braces for impactful changes in its operational landscape.

The post Biden administration to introduce cybersecurity requirements for hospitals appeared first on ReadWrite.

]]>
Pexels
From Chaos to Clarity: The Power of Cloud Governance https://readwrite.com/from-chaos-to-clarity-the-power-of-cloud-governance/ Fri, 05 Jan 2024 15:56:35 +0000 https://readwrite.com/?p=246761

It’s no secret that embracing cloud technology is no longer a groundbreaking move; it’s just the next logical step in […]

The post From Chaos to Clarity: The Power of Cloud Governance appeared first on ReadWrite.

]]>

It’s no secret that embracing cloud technology is no longer a groundbreaking move; it’s just the next logical step in the IT evolution. Most progressive companies are already riding the high wave of advanced cloud services. Yet, there’s a catch: Maintaining robust governance and ensuring data security is a lot like trying to solve an ever-changing, complex puzzle. Maintaining data security is similar to working on a puzzle that constantly evolves. It requires ongoing attention and adjustments to stay ahead. This field demands a high level of alertness and the ability to quickly adapt to threats and changing regulations.

Stakeholders often fall into the trap of thinking the cloud works just like their familiar on-premise environments. But the reality is, it’s a whole new world up there.

It’s not just about moving to the cloud; it’s about reshaping the way we think about IT governance and security.

Just like an explorer in uncharted territory, we need a new map to navigate this complicated cloud landscape.

The Importance of Cloud Governance

Cloud governance is all about setting up a control center for managing your company’s cloud journey. It involves specific processes, rules, and management strategies that help transition to and maintain a cloud environment. Think of a cloud governance committee as your cloud control team. Their job includes:

  • Designing cloud management processes.
  • Selecting the right tools and vendors.
  • Providing overall supervision.
  • Managing costs.

Effective cloud governance leads to increased productivity, enhanced security, easier compliance with regulations, and, ultimately, improved innovation and business growth.

Risks of Neglected Cloud Governance

That all sounds great, right? But what are the risks if you fail to incorporate governance into your cloud strategy?

Let’s break it down: skipping out on cloud governance is like sailing a ship without a rudder. It’s a risky move that can lead organizations into stormy waters, both reputationally and financially.

Without proper governance, your cloud journey could take a turn for the worse. In the fast-paced world of tech, keeping your ship steady and on course is crucial. That’s why cloud governance isn’t just a “nice to have.” It’s your lifeline to safe and successful digital sailing. Without proper governance, you might encounter:

1. Security Vulnerabilities and Data Breaches

No matter how sophisticated software becomes, there are always bad actors threatening cloud platform security. Cloud governance establishes rules and protections that prevent cybercriminal activity.

2. Unexpected Cost Overruns

Cloud sprawl, the uncontrolled growth in cloud technology spending, occurs when businesses fail to monitor their cloud environment. Duplicate tool purchases across teams can lead to inefficient spending and uncontrolled scaling without proportional value.

For instance, in building automation, if each team chooses a different method, companies end up with dozens of paths to solve the same problem. Multiply this by 10, 20, or 100, and it becomes clear how this can snowball into a much larger problem.

3. Compliance Violations

Playing fast and loose with the Payment Card Industry Data Security Standards (or PCI DSS) can hit your wallet hard. Think fines ranging from $5,000 to $100,000 every month.

When it comes to data security, the stakes are high — even large corporations aren’t immune to the fallout.

Consider the case of the DNA testing company 23andMe. Hackers accessed ancestry data of 6.9 million users, resulting in damage repair costs between $1 million and $2 million for the company. Another example is Managed Care of North America, a provider of dental benefits and services for state Medicaid and Children’s Health Insurance Programs. This breach affected almost 9 million individuals, with stolen information including names, addresses, Social Security numbers, health insurance details, and government-issued ID numbers.

4. Inefficiencies

Companies that don’t have oversight often struggle to determine priorities and goals and develop strategies. Without a governance committee to implement and oversee processes, your company might miss critical targets and key performance indicators, ultimately leading to a loss of profit.

5. Difficulty Updating Tech

Lack of cloud governance also makes it difficult come time for a technology consolidation or turnover, as each “technology island” has different support needs.

Poor Governance Next Steps

According to a survey of IT professionals and engineers, 86% of respondents said that “enforcing cost, compliance, and security policies tends to be a pivotal inhibitor to cloud adoption.” If you are feeling the effects of poor governance or cloud chaos, you’re in the right place. Here are some practical steps forward:

Create Independent Committees

Shifting to the cloud requires many decisions because, just like any business process, it is constantly changing. To stay optimized, you need an independent committee to own cloud migration and maintenance processes.

Carefully Consider Your Cloud Governance Committee

Cloud governance committees are instrumental in developing and enforcing security protocols, compliance standards, and operational guidelines. As such, cloud experience and knowledge should be a prerequisite for members.

Focus Your Cloud Governance Committee on Specific Objectives

Organizations transferring to the cloud may have existing governance or architecture review boards. Despite the potential overlap, your cloud governance committee must function autonomously or as a sub-committee to ensure key objectives are prioritized.

Get Outside Help

Moving to cloud computing demands considerable expertise and experience, as each organization often adopts a unique approach. Without skilled guidance, you may encounter unexpected and costly setbacks. Seeking external expertise can offer fresh perspectives, moving the business away from the traditional “we’ve always done it this way” mindset.

Implement a Strong Executive Sponsor

A governance committee needs a pragmatic and decisive executive sponsor with authority to enforce decisions. Unless a committee can act, everything they put forward will be suggestions. The goal is for everyone to move quickly in the same direction.

Don’t Wait to Implement Cloud Governance

Many times, we see new leaders brought into organizations to rectify the above issues, when in reality, implementing cloud governance earlier would prevent disruptive financial and organizational overhauls.

Especially for companies under the watchful eye of compliance and regulatory standards, governance isn’t just a good idea — it’s essential. It’s the key to dodging risks and keeping operational performance in top gear. Proper governance is the core component of a well-oiled cloud computing machine.

The post From Chaos to Clarity: The Power of Cloud Governance appeared first on ReadWrite.

]]>
Pexels
E-Commerce and AI: A Perfect Match — If Done Right https://readwrite.com/e-commerce-and-ai/ Thu, 04 Jan 2024 19:58:17 +0000 https://readwrite.com/?p=246150 e-commerce and AI shopping online

As Thanksgiving Day’s record-breaking $5.6 billion in online sales heralds a new era in e-commerce, it also underscores an urgent need for businesses […]

The post E-Commerce and AI: A Perfect Match — If Done Right appeared first on ReadWrite.

]]>
e-commerce and AI shopping online

As Thanksgiving Day’s record-breaking $5.6 billion in online sales heralds a new era in e-commerce, it also underscores an urgent need for businesses to embrace advanced technologies like AI.

With consumers increasingly turning to digital solutions, there is an opportunity for e-commerce to leverage AI for enhanced customer experiences and operational efficiencies.

This shift represents not just a trend but a forward-thinking imperative for those looking to stay at the forefront of the digital marketplace revolution.

One of the hottest e-commerce technology trends is AI, but some AI adoption challenges hinder implementation. AI applications in e-commerce must contend with a complex tech ecosystem of diverse tools, resources, and personnel. This complexity includes inventory management, demand forecasting, marketing, customer acquisition, retention, and customer experience. Adding AI tools to the mix adds more complexity, resource intensity, and execution risk.

The Benefits Are Worth the Effort

Yet, e-commerce is booming, and the risk is worth it because AI tools offer significant advantages. Whether a business seeks to enhance its marketing efforts, improve the customer experience, or even glean customer insights, AI offers exciting possibilities.

But e-commerce businesses must be ready to use it properly. For example, they must train AI tools on historical data for them to work effectively, but not all e-commerce stores have that data. Even if the stores do, they must safeguard the data to conform with privacy policies. This protects businesses from regulatory problems and reduces the likelihood of exposing sensitive information. Companies also need new personnel to integrate AI tools — particularly in data analytics, data science, and engineering.

Overcoming the Trust Barrier

Despite the benefits, it’s difficult for leadership in the e-commerce sector to have sufficient trust to green-light all these steps. If they don’t, however, their businesses will be at a disadvantage.

To bring e-commerce stakeholders around to adoption, it’s important to focus on solutions and benefits rather than just fancy features.

One benefit is delighting customers. AI can deliver personalized shopping experiences, and customers love that. It can even perform customer service via chatbots and virtual assistants, an aspect of shopping that a growing number of online customers expect. AI tools can also optimize inventories and prevent fraud. Additionally, AI systems are being used for marketing to predict trends, allowing business owners to plan effectively.

Streamlining the Path to AI Adoption

The best way to encourage AI adoption is to help stakeholders make informed choices. This can include offering tactics for data management and tips for recruitment and retention of experts.

E-commerce leaders must also consider due diligence. Testing is critical; no one should authorize an AI tool to go live without it. Collecting performance metrics on the AI system and reviewing them regularly is essential. Diligence also applies to legal and ethical matters, so leaders should prioritize this.

4 Key Strategies to Successfully Bring AI Into E-Commerce

For all the above reasons, AI is an excellent choice for many e-commerce businesses, but it’s often difficult to know how to get started. Here are several AI implementation strategies that can help:

1. Walk — Don’t Run

You don’t have to have a grand initiative at first. Just start with smaller AI integrations with minimal risks and clear benefits to customers. This way, you can get a wedge in the AI door without disrupting operations or worrying about major issues.

For example, AI-powered personalized recommendations are a great way to begin the process simply. Start with a single product category or customer segment to tune the AI service. Once you’re confident it works well in this limited case, you can start using it more widely.

2. Commit to Excellent Data Management

We live in a marketplace in which data is king and can accelerate your business decisions, so don’t ever skimp on robust data collection and management. This practice is critical in e-commerce generally, but AI can also help you leverage quality data in new and exciting ways.

More importantly, training AI tools on bad data will result in erroneous “insights” based on a false picture of your business and customers. These can lead to damaging executive decisions. In this way, you should use AI as an amplifier of whatever raw materials you start with, being vigilant to provide it with excellent data.

3. Build a Great Data Team

E-commerce leadership must consider their data teams as the pillars of their operations. Having a data analyst, data scientist, or data engineer on staff is becoming table stakes to running a successful e-commerce business.

The data team should be in place before the AI implementation strategy gets off the ground because data issues need to be fully worked out before AI systems can ingest the data. So, don’t rush this step. Make sure your business has scaled up to the point where you are generating quality data that gets into the hands of your data experts. Then, you can transition to bringing AI into the picture.

4. Keep a Customer-Centric Approach

AI is a general-purpose approach to computing. Because it can potentially do anything, it can feel overwhelming to know what you should be doing with it specifically. To simplify things, always think in terms of the fundamentals of customer needs and wants.

By mapping potential AI integrations back to their impact on your core customer experience and prioritizing those with the most direct effect on customers, you can ensure better ROI on AI investments.

Get Started on Your AI Journey Now

AI in e-commerce is an exciting new opportunity, but it can only benefit your company if you employ it effectively.

By starting slowly, emphasizing quality data management and security, and always focusing on the customer, you can give your business the best chance of success. So, start now — you’ll be glad you did.

The post E-Commerce and AI: A Perfect Match — If Done Right appeared first on ReadWrite.

]]>
Pexels
Cybersecurity jobs: The highest salary roles in the US https://readwrite.com/cybersecurity-jobs-the-highest-salary-roles-in-the-us/ Mon, 01 Jan 2024 17:00:39 +0000 https://readwrite.com/?p=247053 Cybersecurity in private Sector

Cybersecurity is an industry of growing opportunities and one with plenty of job openings. There is a demand for qualified, […]

The post Cybersecurity jobs: The highest salary roles in the US appeared first on ReadWrite.

]]>
Cybersecurity in private Sector

Cybersecurity is an industry of growing opportunities and one with plenty of job openings. There is a demand for qualified, skilled staff, a solid pipeline of work and top salaries to reward those who enter the sector.

As cyberattacks grow in frequency and seriousness, the need for diligent professionals is acute. From governments to big tech companies, the online world, our data and information need to be protected and that gets to the heart of what cybersecurity is.

Our important infrastructure like water, electricity, transport, and even healthcare rely on the IT systems to allow them to function. As part of this, the networks and data systems must be updated, protected, and supported.

What is cybersecurity?

Essentially, cybersecurity is keeping our online, connected world safe and secure. The “cyber” refers to the internet and “security” is self-explanatory.

Cybersecurity professionals ensure that hackers and others with malicious intent are unable to exploit or compromise your computers and to build a defence, to prevent attacks or to identify weaknesses in the system.

The highest salary cybersecurity roles in the US

In the USA, the average cyber security salary is $119,997 or $57.69 per hour.

According to talent.com, this rate of pay ranges from $155, 250 in West Virginia to $80, 000 in Louisiana.

The ten highest cybersecurity professional salaries, per state are as follows: 

West Virginia – $155, 250

Maryland – $145, 463

Wisconsin – $143, 325

Virginia – $142, 922

Massachusetts – $135, 150

Washington – $134, 941

California – $134, 762

Georgia – $132, 667

Hawaii – $132, 500

New Mexico –  $130, 450

Some of the best, highest-paying roles relating to cybersecurity include security engineer, network engineer, security analyst, systems analyst, systems, administrator, and programme analyst.

What are entry-level cybersecurity jobs?

Companies need to nurture new talent, train and retain staff as well as strive to meet the contemporary demand for cybersecurity professionals.

In terms of entry-level cybersecurity jobs, there are different ways to get into the industry depending on your age and current career status.

A formal degree offers a route into cybersecurity but this pipeline of workers is not enough to cover the entire industry meaning there are further opportunities to exploit. Some companies like ThreatX have collaborated with others to provide cybersecurity training, citing a workforce gap of 3.4 million people as part of its initiative.

Additionally, there are introductory courses for re-training or intense boot camp-type environments to get your foot in the door.

You can pursue basic online cybersecurity certificates as a foundation of knowledge and training but this should be backed up further by making contacts, networking, maybe finding a mentor or seeking a side hustle or project in addition to your current main role until a time when you are ready to make the step into a professional cybersecurity job.

Featured Image: Pexels

The post Cybersecurity jobs: The highest salary roles in the US appeared first on ReadWrite.

]]>
Pexels
Meet Scamio, Bitdefender’s new free AI scam detector https://readwrite.com/meet-scamio-bitdefenders-new-free-ai-scam-detector/ Fri, 15 Dec 2023 11:18:55 +0000 https://readwrite.com/?p=245771

Bitdefender, the global cybersecurity firm, has launched a free, web-based scam detection tool called Scamio. In today’s modern, interconnected world, […]

The post Meet Scamio, Bitdefender’s new free AI scam detector appeared first on ReadWrite.

]]>

Bitdefender, the global cybersecurity firm, has launched a free, web-based scam detection tool called Scamio.

In today’s modern, interconnected world, there’s always a new scam to be aware of, and it is increasingly difficult to keep track of them all. That’s where Scamio comes in. A user can open a conversation with the artificial intelligence (AI) tool and get real-time feedback on whether something is a scam.

How does the AI scam detector Scamio work?

There are three ways users can input data into Scamio:

  • Text – users can either paste in text from the suspicious source to get feedback from Scamio, or treat Scamio like any other AI and describe the threat conversationally.
  • Check an image – users can paste images into Scamio to have them checked. This could be a dodgy QR code that Scamio will scan for you, or a picture of a text message or email that it will read.
  • Check a link – users can paste in a dodgy link, including links from URL shorteners, and Scamio will determine whether they are trustworthy or not.

Scamio will analyze the data users provide and let them know whether they are being scammed or not, all within the web browser, or even through a Facebook Messenger chat with the AI. It’s completely free, all users need is a Bitdefender account.

Will people trust Scamio?

There are so many scams out there, particularly those that target vulnerable people, that folk might be understandably suspicious of an AI scam detector. The reputation that other AI chatbots such as ChatGPT have for getting things wrong could be offputting, alongside reports of people using AI in their scams.

However, Bitdefender is an extremely reputable cybersecurity company that has been around since 2001. They have over 20 years of data to use to train their AI and ensure it has the best chance of success. As it is web-based and does not require a download of any kind, it is safe to use and better than blindly trusting suspicious links.

Featured image credit: Marc Mueller/Pexels

The post Meet Scamio, Bitdefender’s new free AI scam detector appeared first on ReadWrite.

]]>
Pexels
GCHQ Christmas puzzle: Can you solve puzzle from Britain’s top cybersecurity agency? https://readwrite.com/gchq-christmas-puzzle-can-you-solve-puzzle-from-britains-top-cybersecurity-agency/ Thu, 14 Dec 2023 11:15:54 +0000 https://readwrite.com/?p=245565 GCHQ Christmas Puzzle has been launched

The United Kingdom’s (UK) Government Communications Headquarters (GCHQ) has released a cryptic Christmas puzzle for those aged between 11 and […]

The post GCHQ Christmas puzzle: Can you solve puzzle from Britain’s top cybersecurity agency? appeared first on ReadWrite.

]]>
GCHQ Christmas Puzzle has been launched

The United Kingdom’s (UK) Government Communications Headquarters (GCHQ) has released a cryptic Christmas puzzle for those aged between 11 and 18, testing their minds in a series of festive challenges.

More than 1,000 secondary schools signed up for the event this year as the third annual edition of the challenge gets underway. It was designed after a Christmas card sent by Anne Keast-Butler, the director of the UK intelligence agency.

GCHQ, similar to the USA’s National Security Agency (NSA), is a British intelligence agency that focuses on gathering and analyzing information from communications to help protect national security and counter threats.

Challenges enclosed in the card are designed to test valuable skills such as codebreaking, maths, and analysis. They get progressively harder as the challenges go on and each has a connection to Christmas in some shape or form.

There are seven questions in total, some focused on word problems and others on numerical challenges. Here’s a look at the first question.

This is the first question and therefore the easiest. It asks participants to place the nine green gift tags in three groups of three. Each group is defined by a single word that links all three of the tags. When combined, those three answers are linked by another word that can follow ‘Christmas’. We’ll leave you to work out the answer…

How to take part in the 2023 GCHQ Christmas puzzle

If you head to the GCHQ website, you can find the full PDF of all seven questions, as well as hints, a blank worksheet to hand out to classes, and a teaching pack for educators. Children are encouraged to work in groups, pooling their knowledge to succeed in the various different challenges.

All of the resources are free to download, as well as the challenge from 2022. The GCHQ encourages participants to share their results on social media and even ask for help from online communities as needed, with the GCHQ itself offering tips online.

Featured image: GCHQ

The post GCHQ Christmas puzzle: Can you solve puzzle from Britain’s top cybersecurity agency? appeared first on ReadWrite.

]]>
Pexels
Ukraine cyber attack: Telecom giant Kyivstar hit by blackout https://readwrite.com/ukrainian-telecom-giant-kyivstar-hit-with-damaging-cyber-attack/ Tue, 12 Dec 2023 14:57:45 +0000 https://readwrite.com/?p=245280 Hooded figure types at desk. Ukraine has been hit by a cyber attack

The largest cyber attack of the Russia-Ukraine War so far has hit a Ukrainian telecom giant, causing a cellular blackout […]

The post Ukraine cyber attack: Telecom giant Kyivstar hit by blackout appeared first on ReadWrite.

]]>
Hooded figure types at desk. Ukraine has been hit by a cyber attack

The largest cyber attack of the Russia-Ukraine War so far has hit a Ukrainian telecom giant, causing a cellular blackout for millions.

Kyivstar is Ukraine’s largest broadband and mobile network operator. The attack left over 24.3 million mobile subscribers without a stable connection in the country.

CEO of Kyivstar, Oleksandr Komarov told a television newscast “War is also happening in cyber-space. Unfortunately, we have been hit as a result of this war,” as reports Reuters.

Kyivstar’s infrastructure partially destroyed

“(The attack) significantly damaged (our) infrastructure, limited access, we could not counter it at the virtual level, so we shut down Kyivstar physically to limit the enemy’s access,” Komarov said.

Veon, the parent company of Kyivstar released a statement on the incident stating “The network of its Ukrainian subsidiary Kyivstar has been the target of a widespread hacker attack in the morning of 12 December 2023, causing a technical failure.” Via the Veon website.

Veon also stated that Kyivstar technical teams are “working in close cooperation with Ukrainian law enforcement agencies to determine the circumstances and consequences of the interference in the Kyivstar network. At the time of this release, the personal data of subscribers has not been compromised, to the best of Kyivstar’s knowledge.”

Cyber attacks hit other services in Ukraine

Kyivstar was not the sole target of the cyber attacks taking place as Monobank, one of Urkaine’s largest banks was also affected.

A massive denial of service (DDoS) attack was also reported by Monobank’s CEO Oleh Horokhovskyi via their social channels.

He announced “ Massive DDoS attack on mono. Target of attack: entry points to Amazon (Banks, website). Everything is under control.”

Image credit: Anete Lusina, Pexels.

The post Ukraine cyber attack: Telecom giant Kyivstar hit by blackout appeared first on ReadWrite.

]]>
Pexels
The Evolution of Cybersecurity in the Age of IoT and Cloud Computing https://readwrite.com/the-evolution-of-cybersecurity-in-the-age-of-iot-and-cloud-computing/ Sat, 09 Dec 2023 00:24:30 +0000 https://readwrite.com/?p=244901 Evolution of Cybersecurity

The widespread spread of the Internet of Things (IoT) and cloud computing has become obvious in this continually developing tech […]

The post The Evolution of Cybersecurity in the Age of IoT and Cloud Computing appeared first on ReadWrite.

]]>
Evolution of Cybersecurity

The widespread spread of the Internet of Things (IoT) and cloud computing has become obvious in this continually developing tech world. Everyone is embracing the potential of these transformative technologies to improve daily life activities.

Let’s take a look at the advantages and difficulties that come with the prevalent adoption of IoT and cloud computing, revealing insights into the dynamics of modern digital connectivity.

The Rise of IoT

IoT has changed how the world interacts. It has smoothly integrated into almost every aspect of our daily lives, from smart homes and wearable devices to autonomous vehicles and industrial sensors. However, this has also paved the way for cyber threats. There has been a larger avenue for threat actors due to the magnitude of interconnected devices, making traditional measures incompetent.

Cybersecurity has started concentrating on data encryption, device-level security, and robust authentication mechanisms to address security challenges. Presently, manufacturers emphasize that security is incorporated into the plan of IoT devices from the onset. This includes executing secure boot processes, regular firmware updates, and traceability and accountability enhancement using unique devices.

Cloud Computing’s Universality

Business operations have changed from traditional on-premises infrastructure to scalable and flexible cloud-based solutions since the advent of cloud computing. According to Statista, the worldwide public cloud computing market was worth 478 billion dollars in 2022 and is estimated to reach 679 billion dollars in 2024. That’s a whopping 201 billion increase in the space of 2years.

Although Cloud computing brings evident benefits such as availability and cost savings, it also has cyber security challenges. Cloud services are centralized in nature; which implies that a breach could expose a tremendous amount of sensitive data. To tackle these threats, advanced cybersecurity measures focus on data encryption, multi-factor authentication, and strong access controls.

Cloud service providers now invest greatly in advanced security measures, like real-time monitoring, threat intelligence, and automated incident response systems. The shared responsibility model emphasizes the collaboration between cloud providers and their clients –  which has become a foundation of cybersecurity to ensure a comprehensive security posture.

Confluence of IoT and Cloud Computing

The merging of IoT and Cloud Computing has created a mutual relationship that increases both the risks and benefits. The cloud provides the necessary infrastructure for storing, processing, and analyzing the vast amount of data produced by IoT devices. Even so, this connection also presents a complex security landscape.

In the end, cybersecurity aims to create a consistent and secure data flow, so it has evolved to provide end-to-end protection that involves securing the communication channels between devices and the cloud.

For the benefit of the IoT and Cloud Computing ecosystem, cybersecurity solutions apply improved identity and access management and use AI for anomaly detection and to predict threat analysis.

Challenges in the Changing Landscape

Despite the developments in cybersecurity, there are difficulties in the changing landscape of IoT and Cloud Computing.

Different IoT devices each have its own specifications and security protocols, which is a major challenge. In security practices across the industry, standardization is vital for guaranteeing a uniform and robust security posture.

The ever-changing nature of cyber threats is another challenge. As technology changes, so do the techniques employed by cybercriminals; they keep finding new ways to breach security. Cybersecurity Ventures states that global cybercrime costs will grow by 15 percent annually over the next five years, from $3 trillion in 2015 to reaching $10.5 trillion year-over-year by 2025.

Cybersecurity measures need continuous monitoring, regular updates, and joint effort between cybersecurity experts, device manufacturers, and network security providers  – to remain dynamic and versatile in front of rising threats.

The Human Factor

The human factor is an essential component of cybersecurity. While the focus is on technological solutions, users must also be educated on the risks and best practices for maintaining a secure digital environment.

Ransomware attacks, insider threats, and phishing attacks are major concerns. Phishing email statistics show that 1.2 percent of all emails sent are malicious, which translates into 3.4 billion phishing emails daily.

Education and awareness programs are very important. People should be taught to recognize and report these threats, attend cybersecurity forums and events, and they should stay informed about safe online practices, including using strong passwords or password managers.

Also, organizations must hold regular training sessions and conduct strict cybersecurity policies to keep employees informed on the most recent cyber threats and precautions. According to Cybersecurity Ventures, in 2023, global spending on security awareness training for employees is up from around $5.6 billion and is predicted to exceed $10 billion by 2027 – a whole 15 percent yearly increase.

The Future of Cybersecurity

As the world relies on digital networks daily, there is a need to strengthen and improve cybersecurity. Marsh’s U.S. Cyber Purchasing Trends report states that during the first quarter of 2023, insurance for cyber security pricing increased by 11 percent in the U.S. compared to 28 percent in 2022, and the cost is still on the rise.

The future of cybersecurity will be shaped by technologies such as artificial intelligence (AI) – which has an important role to play in threat detection and solutions, quantum computing which might present new decryption challenges and solutions, and 5G networks.

Although the spread of 5G networks will result in faster speed and connectivity, it can also give way to cyber threats. Therefore, getting the right foundation of 5G networks on vital systems and services is necessary to get ahead of attacks.

Conclusion

The evolution of cybersecurity is a continuous ride and is constantly changing. With the emergence and merging of technologies like IoT and Cloud Computing, there has been an increase in the risks of cyber threats, and cybercriminals find new ways to breach security daily.

Managing these challenges requires teamwork and an extensive security strategy. This strategy should aim to improve the digital ecosystem’s connection and make the digital future secure. It should also involve education, regular monitoring, a combination of all the latest technologies, and the creation of cybersecurity awareness.

Featured Image Credit: Tima Miroshnichenko; Pexels

The post The Evolution of Cybersecurity in the Age of IoT and Cloud Computing appeared first on ReadWrite.

]]>
Pexels
AI Regulation: Striking the Balance Between Innovation, Self-Regulation, and Governance https://readwrite.com/ai-regulation-striking-the-balance-between-innovation-self-regulation-and-governance/ Mon, 04 Dec 2023 18:05:53 +0000 https://readwrite.com/?p=241008 AI Regulation and Governance

  As the conversation around the future of AI grows, the debate concerning AI governance is heating up. Some believe […]

The post AI Regulation: Striking the Balance Between Innovation, Self-Regulation, and Governance appeared first on ReadWrite.

]]>
AI Regulation and Governance

 

As the conversation around the future of AI grows, the debate concerning AI governance is heating up. Some believe that companies using or procuring AI-powered tools should be allowed to self-regulate, while others feel that stricter legislation from the government is necessary.

The pressing need for some governance in the rapidly growing AI landscape is evident.

The Rise of AI: A New Generation of Innovation

There are numerous applications of AI, but one of the most innovative and well-known organizations in the field of artificial intelligence is OpenAI. OpenAI gained notoriety after its natural language processor (NLP), ChatGPT, went viral. Since then, several OpenAI technologies have become quite successful.

 

Many other companies have dedicated more time, research, and money to seek a similar success story. In 2023 alone, spending on AI is expected to reach $154 billion (rsm dotglobal), a 27% increase from the previous year. Since the release of ChatGPT, AI has gone from being on the periphery to something that nearly everyone in the world is aware of.

 

Its popularity can be attributed to a variety of factors, including its potential to improve \ the output of a company. Surveys show that when workers improve their digital skills and work collaboratively with AI tools, they can increase productivity, boost team performance, and enhance their problem-solving capabilities.

 

After seeing such positive publishing, many companies in various industries — from manufacturing and finance to healthcare and logistics — are using AI. With AI seemingly becoming the new norm overnight, many are concerned about rapid implementation leading to technology dependence, privacy issues, and other ethical concerns.

The Ethics of AI: Do We Need AI Regulations?

With OpenAI’s rapid success, there has been increased discourse from lawmakers, regulators, and the general public over safety and ethical implications. Some favor further ethical growth in AI production, while others believe that individuals and companies should be free to use AI as they please to allow for more significant innovations.

 

If left unchecked, many experts believe the following issues will arise.

  • Bias and discrimination: Companies claim AI helps eliminate bias because robots can’t discriminate, but AI-powered systems are only as fair and unbiased as the information fed into them. AI tools will only amplify and perpetuate those biases if the data humans use when coding AI is already biased.
  • Human agency: Many are they’ll build a dependence on AI, which may affect their privacy and power of choice regarding control over their lives.
  • Data abuse: AI can help combat cybercrime in an increasingly digital world. AI has the power to analyze much larger quantities of data, which can enable these systems to recognize patterns that could indicate a potential threat. However, there is the concern that companies will also use AI to gather data that can be used to abuse and manipulate people and consumers. This leads to whether AI is making people more or less secure (forgerock dotcom).
  • The spread of misinformation: Because AI is not human, it doesn’t understand right or wrong. As such, AI can inadvertently spread false and misleading information, which is particularly dangerous in today’s era of social media.
  • Lack of transparency: Most AI systems operate like “black boxes.” This means no one is ever fully aware of how or why these tools arrive at certain decisions. This leads to a lack of transparency and concerns about accountability.
  • Job loss: One of the biggest concerns within the workforce is job displacement. While AI can enhance what workers are capable of, many are concerned that employers will simply choose to replace their employees entirely, choosing profit over ethics.
  • Mayhem: Overall, there is a general concern that if AI is not regulated, it will lead to mass mayhem, such as weaponized information, cybercrime, and autonomous weapons.

 

To combat these concerns, experts are pushing for more ethical solutions, such as making humanity’s interests a top priority over the interests of AI and its benefits. The key, many believe, is to prioritize humans when implementing AI technologies continually. AI should never seek to replace, manipulate, or control humans but rather to work collaboratively with them to enhance what is possible. And one of the best ways to do this is to find a balance between AI innovation and AI governance. T

AI Governance: Self-Regulation vs. Government Legislation

When it comes to developing policies about AI, the question is: Who exactly should regulate or control ethical risks of AI (lytics dotcom)?

Should it be the companies themselves and their stakeholders? Or should the government step in to create sweeping policies requiring everyone to abide by the same rules and regulations?

In addition to determining who should regulate, there are questions of what exactly should be regulated and how. These are the three main challenges of AI governance.

Who Should Regulate?

Some believe that the government doesn’t understand how to get AI oversight right. Based on the government’s previous attempts to regulate digital platforms, the rules they create are insufficiently agile to deal with the velocity of technological development, such as AI.

So, instead, some believe that we should allow companies using AI to act as pseudo-governments, making their own rules to govern AI. However, this self-regulatory approach has led to many well-known harms, such as data privacy issues, user manipulation, and spreading of hate, lies, and misinformation.

Despite ongoing debate, organizations and government leaders are already taking steps to regulate the use of AI. The E.U. Parliament, for example, has already taken an important step toward establishing comprehensive AI regulations. And in the U.S. Senate, Majority Leader Chuck Schumer is leading in outlining a broad plan for regulating AI. The White House Office of Science and Technology has also already started creating the Blueprint for an AI Bill of Rights.

 

As for self-regulation, four leading AI companies are already banning together to create a self-governing regulatory agency. Microsoft, Google, OpenAI, and Anthropic all recently announced the launch of the Frontier Model Forum to ensure companies are engaged in the safe and responsible use and development of AI systems.

What Should Be Regulated and How?

There is also the challenge of determining precisely what should be regulated — things like safety and transparency being some of the primary concerns. In response to this concern, the National Institute of Standards and Technology (NIST) has established a baseline for safe AI practices in their Framework for AI Risk Management.

The federal government believes that the use of licenses can help how AI can be regulated. Licensing can work as a tool for regulatory oversight but can have its drawbacks, such as working as more of a “one size fits all” solution when AI and the effects of digital technology are not uniform.

The EU’s response to this is a more agile, risk-based AI regulatory framework that allows for a multi-layered approach that better addresses the varied use cases for AI. Based on an assessment of the level of risk, different expectations will be enforced.

Wrapping Up

Unfortunately, there isn’t really a solid answer yet for who should regulate and how. Numerous options and methods are still being explored. That said, the CEO of OpenAI, Sam Altman, has endorsed the idea of a federal agency dedicated explicitly to AI oversight. Microsoft and Meta have also previously endorsed the concept of a national AI regulator.

However, until a solid decision is reached, it is considered best practice for companies using AI to do so as responsibly as possible. All organizations are legally required to operate under a Duty of Care. If any company is found to violate this, legal ramifications could ensue.

It is clear that regulatory practices are a must — there is no exception. So, for now, it is up to companies to determine the best way to walk that tightrope between protecting the public’s interest and promoting investment and innovation.

Featured Image Credit: Markus Winkler; Pexels

The post AI Regulation: Striking the Balance Between Innovation, Self-Regulation, and Governance appeared first on ReadWrite.

]]>
Pexels
European police make first arrest using Interpol’s Biometric Hub https://readwrite.com/european-police-make-first-arrest-using-interpols-biometric-hub/ Fri, 01 Dec 2023 15:59:48 +0000 https://readwrite.com/?p=243901 taser-police-body-cameras

European police have achieved a significant milestone in law enforcement technology by making their first arrest using Interpol’s advanced Biometric […]

The post European police make first arrest using Interpol’s Biometric Hub appeared first on ReadWrite.

]]>
taser-police-body-cameras

European police have achieved a significant milestone in law enforcement technology by making their first arrest using Interpol’s advanced Biometric Hub. This breakthrough, reported by The Register, marks a new era in international policing, leveraging cutting-edge biometric technology to enhance security and crime prevention efforts.

In Sarajevo, Bosnia and Herzegovina, authorities apprehended a fugitive migrant using a fake identity while en route to Western Europe. Interpol’s recently activated Biometric Hub, developed with French identity and biometrics vendor Idemia, facilitated the suspect’s capture. The Hub utilizes Interpol’s global fingerprint and facial recognition databases to match individuals’ biometric data, providing real-time information to law enforcement agencies.

The Biometric Hub, introduced in October, is now accessible to law enforcement in all 196 member countries of Interpol. It combines Interpol’s existing fingerprint and facial recognition databases, both powered by Idemia’s technology, with a matching system based on the same vendor’s biometric tech. This integration allows for efficient and accurate identification of persons of interest in police investigations.

Interpol and Idemia’s collaboration dates back to 1999, with Idemia developing Interpol’s Automated Fingerprint Identification System. Their partnership was further solidified in 2016 with the integration of Idemia’s facial recognition capabilities into the Interpol Face Recognition System.

The Biometric Hub will undergo a two-year expansion, eventually extending biometric checks to border control points. This expansion will enable the system to perform up to one million forensic searches per day, including fingerprints, palm prints, and portraits. The aim is to streamline biometric searches by allowing officers to submit data through a single interface, reducing the need for human review unless necessary.

Data governance and privacy concerns

To address data governance and privacy concerns, Interpol asserts that the BioHub complies with its data protection framework. The system ensures that uploaded face and hand scans aren’t added to criminal databases or made visible to other users. Data that does not result in a match is deleted after the search.

While the BioHub represents a significant advancement in international law enforcement, it also raises questions about data privacy and security. Similar concerns have been voiced regarding America’s TSA’s facial recognition program, which also uses Idemia’s technology. As these technologies become more prevalent, the balance between security and privacy continues to be a critical topic of discussion.

Interpol’s use of Biometric Hub in making an arrest demonstrates the growing role of technology in law enforcement. As these tools become more integrated into policing efforts worldwide, they offer the promise of enhanced security. However, they also bring challenges and responsibilities, particularly in the realms of data privacy and ethical use. The ongoing development and implementation of such technologies will undoubtedly shape the future of international law enforcement and border security.

The post European police make first arrest using Interpol’s Biometric Hub appeared first on ReadWrite.

]]>
Pexels
Google rolls out critical Chrome update to patch zero-day vulnerability https://readwrite.com/google-rolls-out-critical-chrome-update-to-patch-zero-day-vulnerability/ Thu, 30 Nov 2023 14:10:30 +0000 https://readwrite.com/?p=243746 Google search data

Google has released a critical security update for Chrome users on Mac, Linux, and Windows, addressing a zero-day vulnerability identified […]

The post Google rolls out critical Chrome update to patch zero-day vulnerability appeared first on ReadWrite.

]]>
Google search data

Google has released a critical security update for Chrome users on Mac, Linux, and Windows, addressing a zero-day vulnerability identified as CVE-2023-6345. The Verge reports that this vulnerability, discovered by Google’s Threat Analysis Group on Nov. 24, poses a significant risk, potentially allowing hackers to access personal data and deploy malicious code.

CVE-2023-6345 is an integer overflow weakness within Skia, the open-source 2D graphics library used in Google Chrome’s graphics engine. Attackers could use this vulnerability to escape the sandbox with a malicious file, risking system infection and data theft. Google, like many tech companies, is withholding details about the exploit to prevent further risks.

Immediate action recommended for Google Chrome users

Users with automatic Chrome updates enabled may not need to take further action. For those who update Chrome manually, it’s crucial to install the latest version as soon as possible. The updated versions are 119.0.6045.199 for Mac and Linux, and 119.0.6045.199/.200 for Windows. This update is part of Google’s ongoing efforts to enhance security and protect user data, with the fix rolling out progressively over the next few days and weeks.

Google’s prompt response to this zero-day vulnerability underscores the importance of regular software updates as a defense against cyber threats. Users are advised to keep their systems updated and stay vigilant against potential cyber attacks.

The post Google rolls out critical Chrome update to patch zero-day vulnerability appeared first on ReadWrite.

]]>
Pexels
CrowdStrike earnings: stock falls despite beating expectations https://readwrite.com/crowdstrike-earnings-when-will-firm-report-q3-performance/ Tue, 28 Nov 2023 11:22:33 +0000 https://readwrite.com/?p=243475 The logo for CrowdStrike Holdings

CrowdStrike Holdings ($CRWD), the NASDAQ-listed cybersecurity company, reported earnings for the third fiscal quarter on Tuesday (Nov, 28). The company […]

The post CrowdStrike earnings: stock falls despite beating expectations appeared first on ReadWrite.

]]>
The logo for CrowdStrike Holdings

CrowdStrike Holdings ($CRWD), the NASDAQ-listed cybersecurity company, reported earnings for the third fiscal quarter on Tuesday (Nov, 28).

The company surpassed Wall Street estimates but this wasn’t enough to impress investors as the stock price slipped.

Crowdstrike Q3 earnings results at a glance

  • In the third fiscal quarter, the company reported a net income of $26.7 million, or 11 cents per share, in contrast to a net loss of $55.0 million, or 24 cents per share, during the same period the previous year.
  • On an adjusted basis, CrowdStrike demonstrated earnings per share of 82 cents, marking an increase from 40 cents the previous year and surpassing analysts’ expectations of 74 cents.
  • CrowdStrike’s revenue experienced a substantial surge, reaching $786 million, compared to $581 million a year earlier. This performance exceeded the analysts’ consensus of $777 million.
  • The company reported $3.15 billion in ending annual recurring revenue (ARR), up 35% on a year-over-year basis. Analysts had been looking for $3.14 billion in ARR.
  • Net new annual recurring revenue was $223.1 million.

In a statement CEO George Kurtz said: “Our single-platform architecture and unique data advantage unites security and IT teams in solving cybersecurity’s mission-critical challenges, driving increased win rates and record pipeline.”

Crowdstrike’s full Q3 financial results can be found here.

When is CrowdStrike’s earning call for Q3?

CrowdStrike held an earnings call when the US markets closed on Tuesday, Nov 28 at 5pm EST. The call took place via a webcast which can be accessed through the company’s event page here.

What was expected?

Analysts expected CrowdStrike’s revenue to grow by 34% year on year to $777.4 million, a slight slowdown from the 53% increase in revenue the company had recorded in the same quarter last year, reports Yahoo Finance.

Much of the analysis from Wall Street this week has suggested Crowdstrike – which is still a relatively small company with a $50 billion market cap – will announce another solid set of results. As reflected in the rise of CrowdStrike’s stock price growth in recent years, the company has a history of surpassing expectations. It did again today, but not enough to excite investors.

CrowdStrike is a popular stock with institutional and retail investors thanks to its strong position in the burgeoning online security sector, its cloud-based security modules that utilize machine learning, and its market-beating returns over the last five years. In five years the Austin, Texas-based organization has seen the stock price increase by 227%, comfortably beating the S&P 500 which grew by 64% over the same period.

In its previous quarter (the three months ending on July 31), CrowdStrike generated $2.6 billion in revenue over the last 12 months. The company’s quarterly revenue grew by 37% and it remains a market-leading endpoint protection platform (EPP)

As a result of the increasing sophistication of online threats and their frequency, the demand for cloud-native cybersecurity is skyrocketing. CrowdStrike benefits from this tailwind, and it has garnered a lot of attention due to its dominant position in the sector. However, the big increase in the stock price creates valid questions about the firm’s valuation. CrowdStrike’s forward price-to-earnings ratio of 73 makes it a pricey stock and one likely to make value investors balk.

Readwrite does not provide investment advice.

Feature image: CrowdStrike logo via WikiCommons

The post CrowdStrike earnings: stock falls despite beating expectations appeared first on ReadWrite.

]]>
Pexels
Chinese-linked hackers breach NXP, Europe’s largest chipmaker https://readwrite.com/chinese-linked-hackers-breach-nxp-europes-largest-chipmaker/ Mon, 27 Nov 2023 16:53:55 +0000 https://readwrite.com/?p=243378 hacker

NXP, Europe’s largest semiconductor manufacturer, fell victim to a sophisticated cyberattack by Chimera, a hacker group with ties to China. […]

The post Chinese-linked hackers breach NXP, Europe’s largest chipmaker appeared first on ReadWrite.

]]>
hacker

NXP, Europe’s largest semiconductor manufacturer, fell victim to a sophisticated cyberattack by Chimera, a hacker group with ties to China. According to Tom’s Hardware, the breach, which lasted from late 2017 to early 2020, was only discovered following a related attack on the Dutch airline Transavia.

For over two years, Chimera hackers covertly accessed NXP’s network, undetected. Their presence came to light only after an investigation into a cyberattack on Transavia’s reservation systems in September 2019, which revealed communications with NXP IPs. This breach is characterized by the use of Chimera’s signature hacking tool, ChimeRAR.

The hackers initially exploited credentials from previous data leaks on platforms like LinkedIn or Facebook. They then launched brute force attacks to decipher passwords and ingeniously bypassed double authentication by altering phone numbers. Demonstrating patience, they periodically checked for new data to steal, discreetly exfiltrating it via encrypted files uploaded to cloud storage services like Microsoft’s OneDrive, Dropbox, and Google Drive.

NXP’s role in the global market

NXP, a pivotal player in the global semiconductor industry, gained significant influence after acquiring the American company Freescale in 2015. The company has earned renown for developing secure Mifare chips for the Netherlands’ public transportation and secure elements for Apple’s iPhone, especially for Apple Pay.

Despite acknowledging the intellectual property theft, NXP minimized the breach’s impact, claiming the stolen data’s complexity hinders design replication. Consequently, the company did not feel compelled to inform the public. Following the breach, NXP strengthened its network security, upgrading monitoring systems and tightening internal data access and transfer controls.

This incident highlights semiconductor industry IP security risks and possible undisclosed breaches in other firms. The theft’s scope and long-term impact are unclear, underscoring the need for stronger industry-wide cybersecurity.

The post Chinese-linked hackers breach NXP, Europe’s largest chipmaker appeared first on ReadWrite.

]]>
Pexels
Russian hackers unleash new USB-based cyber threat LitterDrifter https://readwrite.com/russian-hackers-unleash-new-usb-based-cyber-threat-litterdrifter/ Thu, 23 Nov 2023 18:41:06 +0000 https://readwrite.com/?p=243096 hackers exploit WinRAR

The Russian state-affiliated hacker group, known by various aliases including Gamaredon, Primitive Bear, ACTINIUM, Armageddon, and Shuckworm, has broadened its […]

The post Russian hackers unleash new USB-based cyber threat LitterDrifter appeared first on ReadWrite.

]]>
hackers exploit WinRAR

The Russian state-affiliated hacker group, known by various aliases including Gamaredon, Primitive Bear, ACTINIUM, Armageddon, and Shuckworm, has broadened its cyber espionage efforts beyond its initial focus on Ukraine, as per reporting by Computing. This expansion has been marked by the global spread of a USB-based malware known as LitterDrifter.

Historically linked to Russia’s Federal Security Service by Ukraine’s Security Service, Gamaredon has been active since 2014. Their operations have predominantly targeted Ukrainian organizations to collect comprehensive data through various malware tools, with LitterDrifter being a notable example. This particular malware is a computer worm developed in Visual Basic Scripting language.

The mechanics of LitterDrifter’s spread

The primary mechanism of LitterDrifter involves propagation through USB drives, leading to the persistent infection of devices. These infected devices then communicate with servers controlled by Gamaredon. Check Point Research has noted that LitterDrifter has inadvertently or intentionally spread to several countries, including the USA, Vietnam, Chile, Poland, Germany, and Hong Kong.

LitterDrifter rapidly replicates, a trait typical of computer worms. Its self-replicating nature mirrors significant cyber threats like Stuxnet, but it stands out with its USB-based activation, similar to worms like NotPetya and WannaCry.

The spreading mechanism of LitterDrifter involves creating deceptive shortcut files (LNK) and hidden instances of a file named “trash.dll” on removable USB drives. It uses Windows Management Instrumentation to scan a computer’s logical drives, specifically targeting removable USB drives identified by a null MediaType value. The worm then infiltrates subfolders on these drives, generating shortcuts that aid in disseminating the malware.

The global spread of LitterDrifter signifies a worrying escalation in cyber espionage capabilities, highlighting the ongoing threat posed by state-affiliated hacking groups. The ease with which this malware spreads via USB drives emphasizes the importance of robust cybersecurity practices and awareness, particularly for organizations that handle sensitive data. As cyber threats continue to evolve, staying ahead of such risks is crucial for maintaining global cybersecurity integrity.

The post Russian hackers unleash new USB-based cyber threat LitterDrifter appeared first on ReadWrite.

]]>
Pexels
FBI exposes Scattered Spider’s alliance with notorious ransomware gang https://readwrite.com/fbi-scattered-spider-ransomware-gang/ Mon, 20 Nov 2023 08:06:06 +0000 https://readwrite.com/?p=242679 spider web

The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency have exposed new details about the cybercrime group […]

The post FBI exposes Scattered Spider’s alliance with notorious ransomware gang appeared first on ReadWrite.

]]>
spider web

The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency have exposed new details about the cybercrime group Scattered Spider and its collaboration with the notorious ALPHV/BlackCat ransomware operation in an advisory published on Friday.

According to a Bleeping Computer report, Scattered Spider — tracked by multiple aliases including 0ktapus, Starfraud, and Octo Tempest — has been responsible for some of the most high-profile ransomware attacks in recent years. The fluid collective of English-speaking hackers as young as 16 has relied on cunning social engineering tactics to breach the networks of companies like MailChimp, Reddit and Twilio.

Now, the FBI reveals that select members of Scattered Spider have joined forces with ALPHV/BlackCat, the Russia-based ransomware cartel behind major attacks on oil giant Shell and Costa Rica’s government. This alliance allows the Scattered Spider actors to encrypt and lock systems using BlackCat, then extort victims for ransom payments.

Experts say Scattered Spider’s loose, decentralized structure makes the group difficult to track. The FBI knows the identities of at least 12 individuals but has yet to prosecute any members. Some are believed also to be part of “The Comm,” a network of hackers involved in recent violent crimes.

Scattered Spider’s access tactics exploit human vulnerabilities. Posing as IT staff, they trick employees into handing over credentials via SMS phishing, phone calls, and fake domain names impersonating corporate services. Once inside, they covertly install RAT malware and monitoring tools to steal data and learn about incident response efforts in Slack or email. This allows Scattered Spider to evade detection, create fake accounts to move laterally and determine how victims are trying to kick them out.

The advisory warns they take interest in source code, certificates, and credential repositories.

Experts urge strengthening MFA, email security, network segmentation, and patching against the MITRE techniques listed by the FBI. They also advise implementing robust data recovery plans and offline backups to empower recovery after an attack.

The exposure of Scattered Spider’s inner workings sheds light on the human infrastructure behind sophisticated cybercriminal networks executing ransomware attacks. It also exemplifies the evolving cyber threat landscape, where threat actors share capabilities to maximize profits from extortion.

Photo by Pixabay.

The post FBI exposes Scattered Spider’s alliance with notorious ransomware gang appeared first on ReadWrite.

]]>
Pexels
Seize Control of Your Data https://readwrite.com/seize-control-of-data/ Fri, 17 Nov 2023 08:44:24 +0000 https://readwrite.com/?p=242638

With news of data breaches and scandals around the misuse of people’s data becoming a worrying norm, one company is […]

The post Seize Control of Your Data appeared first on ReadWrite.

]]>

With news of data breaches and scandals around the misuse of people’s data becoming a worrying norm, one company is working to put data ownership back in the hands of individuals and organizations.

Akord is a web3 platform offering digital vaults for storage and collaboration. For the first time, both traditional cloud and permanent blockchain storage is combined in one application. This gives users unparalleled control over how to store, manage and share their data.

Introducing Permanent Storage

Akord provides the most user-friendly solution for accessing a new technological offering: permanent storage. This is possible thanks to Arweave, a decentralized blockchain project that stores data forever with a one-time upfront fee.

This is realized through Arweave’s blockchain-like structure, the blockweave, as well as its storage endowment.

The blockweave holds all the data stored on the network, using a consensus mechanism called Succinct Random Proofs of Access (SPoRA), to validate whether miners are storing all data correctly.

Permanent storage for 200 years seems like it would be very costly but when considered over this time frame it’s actually quite the opposite. Storing a GB of data for 200 years costs  $6.4 at today’s prices. It’s also important to understand how the endowment mechanism functions. It enables users to only pay an upfront fee once when storing their data on the network.

The Arweave protocol charges users to hold a minimum of 15 replicas with extremely pessimistic future assumptions. Over the past 50 years, the cost of storage on average has gone down by 30.5% every year. To be on the very conservative side, the endowment makes an assumption that the decline will be 0.5% each year when calculating the cost of storing data on the network. Therefore, whenever the cost of storage decreases > 0.5% a year, it stretches out the lifetime that the protocol can store data. Since genesis no tokens have been released from the endowment.

On-chain or in the cloud, you decide

Akord’s vaults can either be set to Permanent or Cloud, Public or Private.

Permanent vaults store data on the Arweave blockchain, where data is stored for at least 200 years. All data is cryptographically immutable guaranteeing its integrity.

Stored in hundreds of nodes spread across the globe, the decentralized nature of this storage protects against ransomware attacks and other single-point-of-failure risks associated with traditional cloud storage providers.

For data that may need to be deleted due to regulatory or other reasons, Akord also offers cloud storage vaults. These cloud vaults can act as a testing environment before sending data on-chain. Or, it can act as a more secure alternative to centralized storage providers like Dropbox and Google Drive.

Akord offers cloud storage vaults.

What makes Akord so secure?

Akord’s private vaults use true end-to-end encryption where the user has complete control over the keys. This means that all data is encrypted on the user’s device before being sent to Akord, adding a robust layer of security.

Furthermore, users hold a recovery phrase which gives them sole control over their account and data. This recovery phrase is the user’s safeguard. It ensures that only they have access to their stored data, akin to holding a private key to a cryptocurrency wallet.

Such a level of security is so secure that not even Akord has the ability to access the user’s data. The encryption keys are solely in the user’s possession, and without the recovery phrase, the data remains inaccessible, even to Akord.

The social vault

When we store data that’s valuable, we often want or need to share it with others, precisely because it’s so valuable. That’s why Akord’s vaults can be social spaces, managed privately through access control or shared with the world.

Akord is not just for dumping files and forgetting about them, unless of course that’s what you want to do. Their vaults are designed to be dynamic, with the ability to invite others and set access controls, offer end-to-end encrypted chat, note creation, media galleries, and an in-app notification feed.

You can also transfer ownership of a vault. You can leave the vault and pass on control of the vault and its contents to someone else.

You can transfer the ownership of a vault.

From ancient Buddhist texts to precious family photos

Since launching in 2021, the platform has seen diverse use cases. Examples include ancient Buddhist teachings and other digital heritage projects, NFT artists, reforestation data, insurance certificates, podcasts, accounting and legal firms, media companies, and many individual users storing their precious family photos and other digital assets.

The common thread between these various organizations, individuals and businesses is a desire to hold greater control over their data.

Whether that’s the ability to ensure data will be preserved for future generations, secured with end-to-end encryption and genuine ownership through keys, or shared and managed within a collaborative space, Akord delivers on all fronts.

For businesses and organizations, the ability to white label the platform is helping them redefine their relationship with customers. This enables them to better protect privacy, build trust and earn loyalty.

If you’re interested in getting a demo of Akord, you can book a demo here.

Sounds great, but what if Akord no longer exists?

Storing data forever and never losing access sounds pretty great. However, companies and products come and go: what if Akord isn’t around in X years from now?

As the Arweave blockchain is a data storage network it’s possible to host applications from Arweave, meaning these “permaweb dApps” live independently, governed purely by their own code.

Akord will soon release their own permaweb dApp, Akord Explorer. Even if the Akord app, company and team cease operations, Explorer will continue running, providing perpetual access to data. Users only need their recovery phrase to connect to Explorer. They will find all their vaults and data inside.

What’s more, Explorer also functions as a portal to discovering and following any public vault deployed on Akord. This permanent discoverability means anyone publishing public data can ensure their data can be discovered for generations to come.

Final Thoughts on Seizing Control of Your Data

Data is often described as the “new oil.” However, with increasing concerns about how this data is being handled, controlled, and potentially misused, there is a growing need for solutions that put data ownership back into the hands of the people who generate it.

Akord is positioning itself at the forefront of this movement. It is leveraging the power of web3 technology to offer digital vaults where data is stored, managed and shared securely.

Akord’s unique offering of both permanent blockchain and cloud storage in a single platform, coupled with end-to-end encryption and collaborative features, sets it apart. Whether it’s the permanence of blockchain storage or the flexibility of cloud vaults, Akord provides a versatile platform for individuals and organizations to take control of their data.

Sign up for free to explore Akord’s digital vaults. If you’d like to subscribe to a plan, use the code AKORD30 to get 30% off your first month.

The post Seize Control of Your Data appeared first on ReadWrite.

]]>
Pexels
Look to GDPR to Predict the Future of AI in Europe https://readwrite.com/look-to-gdpr-to-predict-the-future-of-ai-in-europe/ Mon, 13 Nov 2023 19:50:56 +0000 https://readwrite.com/?p=242478 GDPR to Predict AI in Europe

The promise of the worldwide artificial intelligence market is staggering, and Europe, with its 450 million consumers, is a location […]

The post Look to GDPR to Predict the Future of AI in Europe appeared first on ReadWrite.

]]>
GDPR to Predict AI in Europe

The promise of the worldwide artificial intelligence market is staggering, and Europe, with its 450 million consumers, is a location for American tech companies wishing to tap into the opportunity. While Europe has adopted GDPR as a way to ensure consumer protection in online technology, adhering to these laws will also apply to AI technology. US companies need to make sure they incorporate GDPR into AI as a certain way to future-proof AI technology.

GDPR is the key

The EU’s General Data Protection Regulation (GDPR), which went into force May of 2018, paved the way for a new approach to privacy – digital and otherwise – but isn’t the only such government to assist consumers in using personal data in a geographic region. Some US states followed suit, with California passing the California Privacy Rights Act (CPRA) and recently announcing that it will study the development, use and risks of AI in California. Now, the EU’s AI Act , first proposed in April 2021 by the European Commission and to be finalized at the end of 2023, will be the world’s first comprehensive AI law. Some say it could lead to setting a worldwide standard, according to the Brookings Institute.  

As any firm doing business in Europe knows, GDPR enforces a broad definition of personal data covering any information related to an identifiable, living individual stored anywhere. Such personal data is subject to a significant number of protections that fully apply to certain AI products, present and future, with some financial implications and technology revisions for those who ignore GDPR’s current requirements and the imminent AI Act. In recent months, there have been fines for GDPR infractions for large and smaller companies as data privacy becomes embedded in European law.

According to Doug McMahon, partner at international law firm McCann FitzGerald, who specializes in IT, IP, and the implementation of GDPR, companies should now look to the future. “If I’m a company that breaches the GDPR when creating a large language model and I’m told I can no longer process any EU citizens’ personal data to train my model, this is potentially worse than a fine because I have to retrain my model.” The advice is to think now about GDPR for any AI product.

Optimizing regulation, IP, and taxes

McMahon advises U.S. AI companies wishing to succeed in the European market. While companies can do business there while being located domestically in the US, “from a data protection perspective, having a base in the EU would be ideal because the company’s European customers will have questions about your GDPR compliance. Established in Europe and directly subject to GDPR will help you sell into Europe.”

The next step requires some research since the EU has 27 member states and 27 regulators, with not all regulators being alike, he says. Plus, no U.S. company wants to deal with the regulator in each nation where it does business, which would be the case without an EU office. While a choice of regulator is unlikely to be the main factor in deciding where to locate a European base, companies will want to pick an EU location “with regulators that are used to regulating highly complex data protection companies that process lots of personal data, such as in the social media space, that have a legal infrastructure with advisors who are very familiar with complex processing of personal data and a court system well versed in the realm of data protection,” says McMahon.

As stated by Brian McElligott, a partner and head of the AI practice at international law firm Mason Hayes Curran, seeking a European location offering a “knowledge development” or “patent box” can benefit U.S. AI firms. Available in nations like Ireland,  “the Knowledge Development Box covers copyrighted software, which is exactly the legal manifestation of AI technology,” he says. Assuming an American company located in a nation like Ireland, “if your technology is protected by a patent or copyrighted software, you can look to reduce the taxation on profits from licensed revenues from your technology covered by those patents/copyrighted software down to an effective tax rate of 6.25%.”

Most important actions

Even if a U.S. AI company chooses not to open an EU office, fundamental steps must be taken to stay on the good side of privacy requirements. Notes Jevan Neilan, head of the San Francisco office at Mason Hayes Curran, “The difficulty for these businesses is having a lawful data set or a data set that can be used lawfully. It’s a challenging prospect for business, particularly when you’re a startup.

“From the ground up, you should be building in privacy,” he advises. ”There might be imperfect compliance at the development stages, but ultimately, the application of the large language model needs to be compliant at the end point of the process.” The guiding principle should be “trustworthy AI,” he says.

In fact, it’s been mentioned that the likely transparency requirements for AI that interact with humans, such as chatbots and emotion-detection systems, will lead to global disclosure on most websites and apps. Says McMahon: “The first piece of advice is to look at your training dataset and make sure you have a proper data protection notice available on your website to give to users and make sure that there’s an opt-out mechanism if you’re the creator of the AI data set.”

Keep individual privacy in mind

The AI market is so promising that it’s attracting companies of all sizes. According to McMahon, “Most of the companies will be using a license from, say, OpenAI to use their API. They’ll be implementing that, and then they’ll be providing services to users. In that case, they need to define their end user and if they’re offering a service to individuals or a service to a business. If the former, they need to think about what data are they collecting about them and how they will meet their transparency obligations, and in either case, they need to have a GDPR compliance program in place.”

But the due diligence doesn’t end for smaller companies leveraging third-party large language models, he adds. “The provider of the underlying architecture must be able to say they’ve created their models in compliance with EU GDPR and that they have processes in place that evidence they’ve thought about that,” insists McMahon.

The expanding regulations environment might challenge U.S. firms wanting to enter the large European AI market. Still, in the end, these rules will be helpful, according to McElligott. “Those who are looking to Europe with their AI models should look at GDPR and the AI Act and conduct a threshold analysis to determine whether their AI products might be classed as high risk,” he advises. The increasing regulations “might create a temporary slowdown of investment or in the progression of the tech in Europe versus the U.S., but ultimately, greater consumer confidence in the EU’s trustworthy AI approach could boost the market,” he says.

Featured Image Credit: Provided by the Author; Pixabay; Pexels; Thank you!

The post Look to GDPR to Predict the Future of AI in Europe appeared first on ReadWrite.

]]>
Pexels
Ransomware attack on Boeing leads to major data leak by LockBit https://readwrite.com/ransomware-attack-on-boeing-leads-to-major-data-leak-by-lockbit/ Fri, 10 Nov 2023 23:06:14 +0000 https://readwrite.com/?p=242395

LockBit, a notorious ransomware group, has reportedly released all data stolen from Boeing in a recent ransomware attack. This follows […]

The post Ransomware attack on Boeing leads to major data leak by LockBit appeared first on ReadWrite.

]]>

LockBit, a notorious ransomware group, has reportedly released all data stolen from Boeing in a recent ransomware attack. This follows Boeing’s apparent refusal to meet the ransomware group’s demands. The leaked data, amounting to approximately 50GB, was made public early Friday, consisting of compressed archives and backup files related to various systems.

Nature of the stolen data

Prior to this full release, LockBit had uploaded files allegedly linked to Boeing’s financial and marketing activities, as well as supplier details. The exposed data also includes Citrix logs, raising speculation that the ransomware group exploited the Citrix Bleed vulnerability to infiltrate Boeing’s systems. Boeing, however, has not confirmed the initial entry point used in the attack.

Independent verification of the data dump’s authenticity is pending, as reported by The Register. Boeing has remained tight-lipped about the specifics of the stolen files. In a statement, a Boeing spokesperson acknowledged a cybersecurity incident affecting the parts and distribution business. They emphasized ongoing investigations in collaboration with law enforcement and regulatory authorities, asserting that the incident poses no threat to aircraft or flight safety.

Security researcher Dominic Alvieri noted that the files include corporate emails, which could be particularly useful for malicious actors. “I haven’t gone over the whole data set but Boeing emails and a few others stand out as useful for those with malicious intent,” Alvieri told The Register.

Timeline of the cyberattack

LockBit first listed Boeing on its dark-web site on Oct. 28. Boeing confirmed an IT intrusion affecting its parts and distribution business to The Register on Nov. 2. Initially, Boeing was removed from LockBit’s leaks site amid purported negotiations, but it appears these discussions either failed or didn’t occur, leading to Boeing’s reappearance on the LockBit extortion website.

In a related development, China’s largest bank, ICBC, also fell victim to ransomware attacks this week, disrupting its financial services. LockBit claimed responsibility for this attack as well.

The post Ransomware attack on Boeing leads to major data leak by LockBit appeared first on ReadWrite.

]]>
Pexels