Normal view
Enhancing Enterprise Browser Security
TechSpective Podcast Episode 133 Β Nick Edwards, Vice President of Product Management at Menlo Security joins me for this insightful episode of the TechSpective Podcast. Nick brings decades of cybersecurity experience to the table, offering a deep dive into the [β¦]
The post Enhancing Enterprise Browser Security appeared first on TechSpective.
The post Enhancing Enterprise Browser Security appeared first on Security Boulevard.
Understanding Cyberconflict in the Geopolitical Context
The Role of Misinformation and Disinformation in Cyberconflict
Misinformation and disinformation play a critical role in the landscape of cyberconflict, shaping public perception and influencing the dynamics of geopolitical tensions. A report by Full Fact highlights the detrimental impact of false information on democratic societies, emphasizing the need for informed citizenship to combat the spread of such information. Similarly, data from UNESCO underscores the pervasive risk of encountering disinformation across various media platforms, with statistics indicating a significant trust deficit in media and an increase in the manipulation of news consumption. The cybersecurity sector also recognizes disinformation as a substantial threat, with a study by the Institute for Public Relations revealing that 63% of Americans view disinformation as a major societal issue, and nearly half of cybersecurity professionals consider it a significant threat to security. These concerns are echoed globally, as a survey found that over 85% of people worry about the impact of online disinformation on their country's politics. The intertwining of misinformation, disinformation, and cyberconflict presents a complex challenge that requires a multifaceted approach, including media literacy, regulatory frameworks, and international cooperation to mitigate its effects and safeguard information integrity.The Role of Big Tech in Cyberconflict Interplay
The role of big tech companies in cyber conflict is a complex and evolving issue. These companies often find themselves at the forefront of cyber conflict, whether as targets, mediators, or sometimes even participants. For instance, during civil conflicts, digital technologies have been used to recruit followers, finance activities, and control narratives, posing additional challenges for peacemakers. The explosive growth of digital technologies has also opened new potential domains for conflict, with state and non-state actors capable of carrying out attacks across international borders, affecting critical infrastructure and diminishing trust among states. In response to the invasion of Ukraine, big tech companies played crucial roles in addressing information warfare and cyber-attacks, showcasing their significant influence during times of conflict. Moreover, the technological competition between major powers like the United States and China further highlights the geopolitical dimension of big tech's involvement in cyber conflict. These instances underscore the need for a robust framework to manage the participation of big tech in cyber conflict, ensuring that their capabilities are harnessed for peace and security rather than exacerbating tensions.Hedging the Risks of Using AI and Emerging Tech To Scaleup Misinformation and Global Cyberconflicts
In response to the growing threat of election misinformation, various initiatives have been undertaken globally. The World Economic Forum has identified misinformation as a top societal threat and emphasized the need for a concerted effort to combat it, especially in an election year with a significant global population going to the polls. The European Union has implemented a voluntary code of practice for online platforms to take proactive measures against disinformation, including the establishment of a Rapid Alert System and the promotion of fact-checking and media literacy programs. In the United States, the Brennan Center for Justice advocates for active monitoring of false election information and collaboration with internet companies to curb digital disinformation. Additionally, the North Carolina State Board of Elections (NCSBE) provides guidelines for the public to critically assess the credibility of election news sources and encourages the use of reputable outlets. These initiatives represent a multifaceted approach to safeguarding the integrity of elections by enhancing public awareness, improving digital literacy, and fostering collaboration between governments, tech companies, and civil society. In the ongoing battle against election misinformation, several key alliances and actions have been formed. Notably, the AI Elections Accord was proposed for public signature at the Munich Security Conference on February 16, 2024. This accord represents a commitment by technology companies to combat deceptive AI content in elections. In a similar vein, Meta established a dedicated team on February 26, 2024, to address disinformation and the misuse of AI leading up to the European Parliament elections. Furthermore, the Federal Communications Commission (FCC) in the United States took a decisive step by making AI-generated voices in robocalls illegal on February 8, 2024, to prevent their use in misleading voters. These measures reflect a growing recognition of the need for collaborative efforts to safeguard the integrity of elections in the digital age. The alliances and regulations are pivotal in ensuring that the democratic process remains transparent and trustworthy amidst the challenges posed by advanced technologies. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.Moondrop Isle
Click on the dock by the shore to start. It's pretty new so you will find some some unpolished or even buggy things if you spend much time with it, but it's fun to explore. Your progress in the game will be saved in your browser but you can also type
>saveto download an interesting form of save file. If you've never played this type of game before, A Beginner's Guide to Interactive Fiction has some tips for you.
Apple Intelligence and Privacy @ WWDC '24
The system will debut in the pending iOS 18, iPadOS 18, and macOS Sequoia releases and is composed of three separate layers: 1) On device, the primary mode which draws upon all personal information across apps, contacts, conversations, etc. to create a highly-detailed, user-specific context Apple refers to as a "semantic index." In addition to the ability to parse information currently displayed on screen when requested, there is a new developer API so that third-party applications can specify what kind of information Siri can draw from them, and request appropriate generated text and images. The specific information gathered and any derived data or personalized fine-tuning remains on your device, with the limited exception of difficult queries which are handed off to... 2) Private Cloud Compute, a semi-anonymous cloud-based neural network inference service hosted by Apple with exposure of personal data limited specifically to the query at hand, using a cryptographically-signed software stack and operating with a no-data-retention policy. The segment on Private Cloud Compute featured an unusually candid critique of the data harvesting common to machine learning systems by competing tech giants, without specifically naming... 3) OpenAI's ChatGPT, which will be available later this year and only with explicit user opt-in (on each individual query) for queries the new Siri detects as likely to benefit from scale beyond both on-device hardware and Private Cloud Compute. Data sent to OpenAI is heavily anonymized and multi-modal (meaning combined text and images) for asking questions about an image. Apple mentioned that other models may later become available, but did not specify whether this meant Google's Gemini, Facebook's Llama-3, or potentially even self-hosted endpoints based on open source models like Mistral 8x7b.
- Malwarebytes Labs
- 19 million plaintext passwords exposed by incorrectly configured Firebase instances
19 million plaintext passwords exposed by incorrectly configured Firebase instances
Three researchers scanned the internet for vulnerable Firebase instances, looking for personally identifiable information (PII).
Firebase is a platform for hosting databases, cloud computing, and app development. Itβs owned by Google and was set up to help developers build and ship apps.
What the researchers discovered was scary. They found 916 websites from organizations that set their Firebase instances up incorrectly, some with no security rules enabled at all.
One of the researchers told BleepingComputer that most of the sites also had write enabled (meaning anyone can change it) which is bad, and one of them was a bank.
During a sweep of the internet that took two weeks, the researchers scanned over five million domains connected to Googleβs Firebase platform.
The total amount of exposed data is huge:
- Names: 84,221,169
- Emails: 106,266,766
- Phone Numbers: 33,559,863
- Passwords: 20,185,831
- Billing Info (Bank details, invoices, etc): 27,487,924
And as if that isnβt bad enough, 19,867,627 of those passwords were stored in plaintext. Which is a shame given that Firebase has a built-in end-to-end identity solution called Firebase Authentication that is specifically designed for secure sign-in processes and does not expose user passwords in the records.
So, an administrator of a Firebase database would have to go out of their way and create an extra database field in order to store the passwords in plaintext.
The researchers have warned all the affected companies, sending 842 emails in total. Only 1% of the site owners replied, but about a quarter of them did fix the misconfiguration.
In this case we can consider it a blessing that these researchers managed to get a lot of those instances correctly configured. On the other hand itβs frightening that the rest lives on in a state of insecurity.
Check your digital footprint
If you want to find out how much of your data has been exposed online, you can try our free Digital Footprint scan. Fill in the email address youβre curious about (itβs best to submit the one you most frequently use) and weβll send you a free report.
We donβt just report on threats β we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect yourβand your familyβsβpersonal information by using identity protection.