For the past thirteen years, Bitcoin has proven to be a great investment asset. Although this digital money is a very volatile asset, volatility is what entices investors to invest because the network assures them high returns in the long run. Here is why many entities and businesses prefer this electronic currency today. Once you conduct thorough research, create an account with a reliable and genuine exchange such as bitcoin 360 ai platform.
Perfect Hedge against Inflation
Fiat currencies are subject to inflation as they have regulation and an infinite supply. On the other hand, this digital money does not suffer inflation because it has a hard limit whereby people can only mine 21 million Bitcoins. Therefore, investors prefer investing in this electronic currency to hedge against inflation.
No government or financial institution can regulate or manipulate this digital money. So, this virtual money has a higher return potential than fiat money which loses its value over time. On the other hand, this virtual currency goes through a halving process. This halving process involves the slashing of Bitcoin rewards after every four years and when people mine 210,000 Bitcoins. The halving process is vital as it limits the supply of Bitcoins, increasing demand, which leads to an increase in the value of this electronic money. Because of the halving process, the collection of Bitcoin remains scarce.
Enables Portfolio Diversification
This digital money has a higher return potential because of its limited supply and volatility. The price of Bitcoin fluctuates drastically, but this virtual money has seen a value increase with time. No asset backs this digital money, which is not similar to stocks and bonds. Therefore, this electronic currency is a perfect addition to one’s portfolio. Moreover, before investing in this digital currency, one should thoroughly consult a financial advisor and research.
Ease of Investing
Investing in this virtual currency is not as hard as it sounds. Also, there are zero barriers to entry when investing in this electronic asset. Nevertheless, investing in this electronic currency requires a few rules. For instance, you should allocate a small portion of the entire investment portfolio as a beginner. Moreover, do your research thoroughly and learn the various trading strategies, cons, and pros of investing in this virtual money.
Having created an account with a reputable dealer, you can link your account with your bank account and deposit funds. What’s more, you will have to make a Bitcoin wallet that you can access on your smartphone, desktop, or hardware device. There are Bitcoin wallets that people store in the cloud.
Increased Bitcoin Adoption
Many people assumed Bitcoin was a scam when Satoshi Nakamoto introduced it to the public. However, in the past decade, this virtual currency has been around; it has proven to be a great medium of exchange, store of value, and hedge against inflation. Private and public corporations are now investing in this digital money. Well-established businesses and industries are now adopting this virtual currency. For instance, Microsoft was the first company to accept Bitcoin payments.
In simpler terms, you should not purchase this virtual money and let it stay in your wallet. One could explore multiple passive income opportunities such as staking, mining, or lending. Also, online stores accept electronic money payments. Hence, one does not have to worry about where to spend their Bitcoins.
Blockchain Is Here to Stay
Satoshi initially introduced this virtual money to provide a better alternative to fiat money. Eventually, this digital money disrupted the traditional financial system, proving that Bitcoin and blockchain are here to stay. Bitcoin is decentralized therefore giving its users the financial freedom they deserve.
Eventually, blockchain, a public distributed ledger, is not going anywhere as it promotes transparency.
Final Thoughts
Bitcoin is one of the greatest innovations to be created globally; hence it makes sense when entities and businesses prefer this digital money. This digital money has unique attributes which make it a great coin.
Per autoevolution, Crowd-sourced navigation app Waze has been asked by authorities in Southern Shores, North Carolina to stop sending traffic through residential streets which it does to help users avoid bumper-to-bumper traffic on the main roads. The problem with doing this is that it leaves the local, residential roads overcrowded. In these quiet neighborhoods, the additional traffic causes pollution, and noise, and can lead to accidents.
While the officials in Southern Shores, North Carolina tried to find a solution including closing some roads, this led to drivers getting stuck on some other streets which caused major congestion. But the local council in Southern Shores feels that it has taken back control by passing a resolution that asks Waze to stop directing traffic to residential streets by removing these streets from the Waze routing system. This would essentially keep traffic on the main roads.
Elizabeth Morey, the mayor of Southern Shores, had a Zoom meeting with two Waze employees and they agreed to make the changes once the aforementioned resolution is adopted. While all of the details are unknown, Waze has agreed to stop drivers from “seeing where it’s faster to go through town streets.” This will probably lead Waze to remove residential areas from its routing models leading drivers to stay on the main roads. This could lead to more traffic congestion as cars would stay on the same road.
Mayor Morey also says that transitioning to residential streets does not make driving any faster although she did not cite any data that would prove this statement. The report suggests that the mayor was simply pointing out that the speed limits on residential streets are typically lower than the ones allowed on major roads. As a result, drivers usually are forced to drive slower on residential streets.
While the resolution in Southern Shores, North Carolina appears to focus on Waze, it is unclear whether it will eventually be amended to include other navigation apps such as Google Maps and Apple Maps.
We take a look at a vulnerability in a popular WordPress plugin. It’s been fixed, but you’ll need to update as soon as you can!
WordPress plugins are under fire once more, and you’re advised to update your version of Beautiful Cookie Consent Banner as soon as possible. The plugin, which is installed on more than 40,000 sites, has been impacted by a “bizarre campaign” being actively used since at least February 5 of this year.
The plugin is designed to present users with a cookie banner “without loading any external resources from third parties”. Sadly the cookie has crumbled with a flaw leaving sites open to the possibility of rogue JavaScript abuse.
The flaw was actually patched way back in January, but considering how long some folks can leave updates it’s going to take a while to have this one settle down. The best example of this update-related security drag is the fact that despite the plugin update, attacks are still in full flow. Researchers have observed:
3 million attacks against more than 1.5 million sites, from nearly 14,000 IP addresses since May 23, 2023.
The plugin exploit is a cross-site scripting attack (XSS), a type of attack that injects malicious code into otherwise benign websites. Most XSS attacks require users to click on doctored links, and only work if they do, because the malicious code isn’t retained by the site being attacked. The vulnerability in the Beautiful Cookie Consent banner allows for the more dangerous stored XSS, in which an attacker causes the site to remember the malicious code and regurgitate it to all of its users.
The potential for mischief and mayhem with this kind of compromise is large. Perhaps someone could use scripts to redirect visitors to malware, or phishing pages, or even create malicious admin users. Maybe the rogue admin could add a phishing login page to the website itself, without the real admins knowing about it.
What’s interesting with this one, and perhaps why it’s being tagged as “bizarre”, is that the attack is misconfigured with attacks containing a “partial payload”. In essence, bits of JavaScript code are missing. As the researchers put it, the misconfigured exploit…
…expects a customised payload, and the attacker has simply failed to provide one.
Even so, they note that even in its misconfigured state it still has the potential to corrupt the configuration of the plugin so it will no longer work as expected. There is also the possibility of the individual(s) responsible adding in a functional payload at a later date.
The latest version of the plugin is 2.10.2. Anything below this is at risk of attack. If your site has been impacted by this vulnerability, once you upgrade patched versions will repair alterations made by said attack. If you think you might be at risk, or you’re unsure which version you’re running, now is the time to pop over to the plugin’s WordPress page and see if an update is required.
Attacks are ongoing, and will likely continue. Numbers have ramped up dramatically over the past month, so it would be best to lock your site plugins down now. In fact, it would probably be a good idea to check the update status of all of your site plugins. Why wait until you see the name of something you use appearing in a news article next month when you can get one step ahead of the game right now?
Keeping WordPress safe
The following preventative maintenance could save you a lot of trouble:
Update existing plugins. If you use WordPress you can check if you have any plugins that need updating by logging in to your site and going to Dashboard > Updates. (The Themes and Plugins menu items will also have red circles next to them if any need updating.) Update everything.
Turn on automatic updates for plugins. By default, WordPress does not update plugins automatically. You can enable this on a per-plugin basis by going to the Plugins screen and clicking Enable auto-updates next to each plugin.
Remove unsupported plugins. Go to the Plugins screen and click View details for each plugin. This screen shows you the last version of WordPress the plugin was tested with, and when it was last updated. It will also display an alert if it thinks the plugin is no longer supported.
Remove unnecessary plugins. Check out how many plugins and themes you have installed on your site. Do you need them all? Can any of them be removed or replaced? Generally, fewer is better.
If you can’t make enough time available to keep on top of theme and plugins, it might be a good time to accept that you don’t need the risk and hand the job to an agency or hosting company.
Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.
We’re here to compare two camera-centric smartphones. This time around, we’re comparing the Xiaomi 13 Ultra vs Sony Xperia 1 V. Both of these smartphones are brand new, basically. The Xiaomi 13 Ultra arrived in April, while the Xperia 1 V launched earlier this month. Do note that the Xiaomi 13 Ultra still didn’t launch globally, only in China. We did already review it, however, as the phone works perfectly fine once the Google services are sideloaded.
Now, we’ll first list the specs of both devices, and will then move to compare them across a number of different categories. We’ll compare their designs, displays, performance, battery life, cameras, and audio performance. There is plenty to talk about here, so let’s get things started, shall we?
Both of these phones feature rather unique designs, but completely different ones. The Xiaomi 13 Ultra has a vegan leather backplate. That backplate doesn’t go all the way to the edges of the phone’s back, and it also gradually climbs towards the camera oreo. The part where the camera oreo sits is actually thicker than the bottom part of the phone. You can easily notice the slope on the back. The camera bump would be even more noticeable if not for this design implementation, and it won’t really bother you during usage, it’s actually a nice point to anchor your finger when you’re holding the device.
The Xperia 1 V also has a rather unique design. It’s made out of metal and glass, but the metal on the sides has vertical lines across it, embedded into the frame. That helps with the grip, and the phone’s sides are flat all around, by the way. On the back, you’ll notice a glass backplate, but with a dotted design. Yes. you’ll feel those dots under your finger on the back, as they do protrude, every single one of them. That also helps with the grip, and makes the phone more pleasant to hold.
Xiaomi’s flagship has a centered display camera hole, and a curved display. The Xperia 1 V doesn’t have a camera hole or notch, but its bezels are a bit thicker because of it. The Xperia 1 has a lot smaller camera island on the back, and one that features a different shape. Sony’s handset is a lot narrower than the Xiaomi 13 Ultra, but it’s also slightly taller. The Xiaomi 13 Ultra does have a larger display, though, we’ll talk about that soon. Both phones do offer IP68 certification for water and dust resistance, by the way, and they do feel like quality pieces of tech (in the hand) through and through.
Xiaomi 13 Ultra vs Sony Xperia 1 V: Display
There is a 6.73-inch QHD+ (3200 x 1440) LTPO AMOLED display included on the Xiaomi 13 Ultra. That is an LTPO panel, with a 120Hz refresh rate (adaptive), and it’s curved. Dolby Vision is supported here, and the phone also supports HDR10+ content. This display gets immensely bright at 2,600 nits of peak brightness, and is actually technically the brightest display in the industry at the moment. The phone display has a 20:9 aspect ratio, and the Gorilla Glass Victus protects this panel.
The Xperia 1 V, on the flip side, features a 6.5-inch 4K (3840 x 1644) OLED display. This is also a 120Hz panel (adaptive), and it supports HDR content. This display can project up to 1 billion colors, and has an aspect ratio of 21:9. In other words, it’s very tall and narrow. The Gorilla Glass Victus 2 protects this display, in case you were wondering, and the panel is flat.
Both displays offer great viewing angles, and are more than sharp enough. The Xperia 1 V will use its 4K resolution only for 4K content, though. The colors on both displays are vivid, and the blacks are deep. The touch response is good on both of them. Do note that the Xiaomi 13 Ultra’s panel will get brighter outdoors, but the Xperia 1 V’s display is not exactly dim either. Both of these panels are excellent, as you’d expect out of Xiaomi and Sony flagships.
Xiaomi 13 Ultra vs Sony Xperia 1 V: Performance
Both phones are fueled by the same processor, Qualcomm’s Snapdragon 8 Gen 2 SoC. That is Qualcomm’s most powerful chip at the moment, a truly excellent processor. Both smartphones also utilize LPDDR5X RAM. The Xiaomi 13 Ultra has up to 16GB of it, while the Xperia 1 V comes with 12GB of RAM. You will also find UFS 4.0 flash storage inside both of these smartphones.
So, when it comes to specs, they’re really well equipped. Does that reflect on performance? Well, yes, it does. They are both very snappy, very responsive. They simply fly through regular, everyday tasks, and can also handle some intensive gaming sessions without a problem. Their software implementations are different, even though they’re both based on Android 13. The Xiaomi 13 Ultra’s MIUI build is a bit odd to use due to the fact it’s made for China, you may stumble upon some quirks, but not that many. Sony tries to keep things close to stock Android, for the most part. Both are future-proof spec-wise, and both offer outstanding performance.
Xiaomi 13 Ultra vs Sony Xperia 1 V: Battery
There is a 5,000mAh battery inside each of these two phones. Their battery life is actually quite good, and also comparable. Getting 7-8 hours of screen-on-time is easily doable, as long as you’re not running demanding games or something similar to that. Your usage will, of course, play a huge part in it, as will your signal strength. Therefore, you may get entirely different results.
When it comes to charging, it’s not even comparable. The Xiaomi 13 Ultra comes out on top. It supports 90W wired, 50W wireless, and 10W reverse wireless charging. The Xperia 1 V supports 30W wired, 15W wireless, and reverse wireless charging. Another thing worth noting is that Xiaomi’s flagship does come with a charger in the box, unlike the Xperia 1 V. The Xiaomi 13 Ultra blows the Xperia 1 V out of the water as far as charging is concerned.
Xiaomi 13 Ultra vs Sony Xperia 1 V: Cameras
The Xiaomi 13 Ultra packs in a 50-megapixel main camera (1-inch camera sensor, variable aperture), a 50-megapixel ultrawide unit (122-degree FoV), a 50-megapixel telephoto camera (3.2x optical zoom), and a 50-megapixel periscope telephoto unit (5x optical zoom). The Sony Xperia 1, on the other hand, has a 48-megapixel main camera (Sony’s new sensor), a 12-megapixel ultrawide camera, and a 12-megapixel telephoto unit (3.5x-5.2x continuous zoom).
First and foremost, do note that both of these phones are phenomenal camera smartphones. That goes for both photos and videos. The Xiaomi 13 Ultra has that recognizable Leica look if you opt for the ‘Authentic’ shooting mode, while the ‘Vibrant’ shooting mode will make photos look a bit more vibrant, and less Leica-like. Both results are outstanding. The phone provides a ton of details, the colors are gorgeous, and it also does a great job in low light. It shoots photos really fast in such conditions, and it doesn’t even require you to switch to night mode. It has a truly fast shutter speed.
The Xperia 1 V is in the same boat, but has a different look to its photos. They look barely processed, and the phone tends to keep things a bit darker in low light, to keep things looking a bit more authentic. It provides a ton of details in all shooting scenarios, and does a great job when it comes to balancing images. Both do a great job in HDR situations, and with reflections. Their telephoto cameras are also worth talking about separately. They do a phenomenal job with portraits, and keep a ton of detail in the shot. 3x optical zoom is a tossup between the two, while we prefer the Xperia 1 V when it comes to 5x zoom. Everything above 5-6x is Xiaomi’s territory.
Ultrawide cameras are really good on both phones, no complaints here, while the selfie camera is definitely better on the Xperia 1 V. The one on the Xiaomi 13 Ultra tends to ‘beautify’ photos even when you disable all those options, and the images don’t look all that great, to be quite honest. When video recording is concerned, both phones do a really good job.
Audio
There are stereo speakers included on both smartphones. The Xiaomi 13 Ultra has top and bottom firing speakers, while the Xperia 1 V has front-facing ones. Both sets of speakers are great, actually. They’re loud, detailed, and well-balanced. Both sets also offer some bass. We prefer the Xperia 1 V output, mainly because they’re front-firing speakers.
The Xperia 1 V also has a 3.5mm headphone jack, which is something you won’t find on the Xiaomi 13 Ultra. You’ll have to use the Type-C port for wired audio connections. If you opt for a wireless connection, both smartphones do offer Bluetooth 5.3.
Eric Schmidt, the former Google CEO, expresses his concerns regarding artificial intelligence. According to Eric Schmidt, the abuse of artificial intelligence can put the lives of people at risk. In his words, artificial intelligence is an “existential risk” but he doesn’t stop there, he goes on to say that it can harm or kill people.
But why would someone who once occupied a high executive position with Google be against a product it’s investing so much in? Well, to clarify, Eric Schmidt isn’t against Google’s AI model but the entire industry without proper regulations. Despite his concerns, he doesn’t feel that the threat would surface now, as it might unveil itself in the future.
He envisions a future where artificial intelligence will aid in finding software security flaws to attack organizations. Of concern is the fear of artificial intelligence helping in the generation of new biological flaws or weapons. But these two rather scary situations will only be possible if there is an abuse of the power of artificial intelligence, hence the need for strict regulations now.
Eric Schmidt joins the fight for strict regulations on artificial intelligence
Eric Schmidt isn’t the only one fighting for artificial intelligence regulations as it gains popularity. Well, artificial intelligence has always been a part of tech, but in recent months it has found its way to the doorsteps of everyday people. Lots of big tech firms are rolling out various AI models or integrating these models into their services.
This integration makes the use of artificial intelligence more common among users of such services. Ever since the roll-outs of these AI models and their integration into some products and services, there have been a lot of complaints from some end users. These complaints come as a result of people abusing the use of artificial intelligence to commit certain social vices.
Some of the vices that people have used artificial intelligence for include cheating during exams, and producing and selling fake music, among a list of others. At the time, various AI models were gaining momentum. These vices were rather basic, with students getting it to write papers for them. But now more serious vices are on the rise with the help of artificial intelligence.
Eric Schmidt and the National Security Commission on AI point out that there are no regulations guarding the use of artificial intelligence. This can pose a threat to the lives of people as artificial intelligence models advance with time. Some governmental bodies around the world are already working hard to slap restrictions on artificial intelligence and its usage.
These restrictions will go a long way to curb the fearful future that Eric Schmidt foresees. The restrictions will aim at limiting the ability of artificial intelligence models and what they can be used for. In the coming months, more regions might roll out restrictions to help them place a watchful eye on artificial intelligence.
Chief Information Security Officers (CISOs) hold a critical and challenging role in today’s rapidly evolving cybersecurity landscape. Here are the common security challenges CISOs face.
As organizations increasingly rely on technology to drive their operations, CISOs face complex security challenges that demand their expertise and strategic decision-making.
These challenges arise from the constant emergence of sophisticated cyber threats, the need to protect sensitive data, and the ever-evolving regulatory landscape.
The role of a CISO requires balancing proactive risk mitigation with the ability to respond swiftly to incidents and breaches.
This article will delve into the top challenges CISOs face, including protecting digital assets, managing security incidents, ensuring compliance, dealing with insider threats, and the relentless pursuit of cyber resilience.
By understanding these challenges, CISOs can develop robust cybersecurity strategies and lead their organizations toward a secure and resilient future.
Who is a CISO?
Chief Information Security Officer (CISO) is a senior executive responsible for overseeing and administering an organization’s information security plan.
A CISO’s primary responsibility is safeguarding the confidentiality, availability, and integrity of an organization’s information assets and systems.
They are accountable for creating and enforcing strategies, policies, and procedures to defend against cyber threats, protect sensitive data, and mitigate security risks.
CISOs play a crucial role in maintaining an organization’s security posture by establishing and enforcing security standards, conducting risk assessments, and implementing appropriate security controls.
They collaborate with other executives, IT teams, and stakeholders to align security initiatives with business objectives and ensure that security measures are integrated into the organization’s operations.
In addition to their technical expertise, CISOs often engage in risk management, incident response planning, security awareness training, and compliance with regulatory requirements.
They stay updated on the latest cybersecurity trends, threats, and technologies to address emerging risks and implement appropriate security measures effectively.
The role of a CISO has become increasingly important as cyber threats evolve in complexity and frequency.
CISOs are responsible for safeguarding the organization’s sensitive information, maintaining the trust of customers and stakeholders, and ensuring business continuity in the face of cybersecurity challenges.
What are all the Roles and Responsibilities of CISO?
Developing and Implementing Information Security Strategy: The CISO is responsible for developing and implementing an overarching information security strategy aligned with the organization’s business objectives. This includes setting security goals, defining security policies and procedures, and establishing risk management frameworks.
Leading the Security Team: The CISO manages and provides leadership to the security team, including hiring, training, and supervising security personnel. They ensure the team has the necessary skills, resources, and support to carry out their responsibilities effectively.
Overseeing Security Operations: The CISO oversees day-to-day security operations, including incident response, vulnerability management, threat intelligence, and security monitoring. They ensure appropriate controls, technologies, and processes are in place to protect the organization’s assets.
Risk Management: The CISO is responsible for identifying and assessing security risks to the organization’s information systems and assets. They develop and implement risk management strategies to safeguard critical data and systems, including risk mitigation, transfer, and acceptance.
Compliance and Regulatory Requirements: The CISO ensures that the organization complies with relevant security regulations, industry standards, and legal requirements. They stay updated on emerging regulations and ensure appropriate controls and processes are in place to meet compliance obligations.
Security Incident Response: The CISO leads the organization’s response to security incidents, including data breaches, malware attacks, and other security breaches. They establish incident response plans, coordinate efforts, and collaborate with relevant stakeholders, such as legal, PR, and law enforcement agencies.
Security Awareness and Training: The CISO promotes a culture of security awareness throughout the organization. They develop and deliver security awareness programs and training initiatives to educate employees on security best practices and minimize human-related security risks.
Vendor and Third-Party Risk Management: The CISO assesses and manages security risks associated with third-party vendors and partners. They establish vendor security requirements, conduct due diligence, and monitor compliance with security standards and contractual obligations.
Security Governance and Reporting: The CISO provides regular reports and updates on the organization’s security posture to executive management, board members, and other relevant stakeholders. They ensure that security metrics and key performance indicators (KPIs) are established to measure the effectiveness of security programs.
Incident Investigation and Forensics: In the event of security incidents, the CISO oversees the investigation and forensic analysis to identify the root cause, assess the impact, and prevent future occurrences. As required, they collaborate with internal and external resources, such as forensic experts and law enforcement agencies.
Security Challenges CISOs Face
CISOs face various common security challenges as they strive to protect their organizations’ digital assets and information. Perimeter 81 Guide helps CISOs to prevent their network from being at Risk. Some of the key challenges they encounter include:
Sophisticated Cyberattacks: CISOs must defend against increasingly sophisticated cyber threats, including advanced persistent threats (APTs), ransomware attacks, social engineering, and zero-day exploits. These attacks can bypass traditional security measures and require constant vigilance and adaptive security strategies.
Insider Threats: CISOs need to address the risks posed by insiders, including employees, contractors, or partners who have authorized access to systems and data. Insider threats can involve accidental data breaches, negligence, or malicious intent, requiring a balance between enabling productivity and implementing controls to prevent unauthorized access or data leakage.
Compliance and Regulatory Requirements: CISOs must ensure their organizations comply with industry-specific regulations, such as GDPR, HIPAA, PCI-DSS, or SOX, and evolving privacy laws. Navigating complex compliance requirements and maintaining a robust security posture to meet these standards can be a significant challenge.
Cloud Security: As organizations increasingly adopt cloud services and infrastructure, CISOs must address the unique security challenges associated with cloud computing. This includes securing data stored in the cloud, managing access controls, and ensuring the security of cloud service providers (CSPs) and their environments.
Security Skills Gap: CISOs often need more skilled cybersecurity professionals. The industry’s rapid growth and evolving threat landscape have resulted in high demand for cybersecurity talent, making recruiting and retaining qualified professionals challenging.
Third-Party Risk: Organizations rely on third-party vendors and suppliers, introducing potential security risks. CISOs must assess the security posture of third parties, establish contractual security obligations, and monitor their adherence to security standards to mitigate the risk of breaches through these external connections.
Security Awareness and Training: Human error remains a significant factor in cybersecurity incidents. CISOs must promote a strong security culture, provide regular training and awareness programs, and educate employees about cybersecurity best practices to minimize the risk of social engineering, phishing attacks, and other user-related vulnerabilities.
Incident Response and Recovery: CISOs must develop and test robust incident response plans to manage and recover from security incidents effectively. This involves identifying and containing breaches, conducting forensic investigations, and implementing remediation measures to minimize the impact and prevent future incidents.
Emerging Technologies: Adopting technologies like the Internet of Things (IoT), artificial intelligence (AI), and blockchain introduces new security challenges. CISOs must understand the security implications of these technologies, assess risks, and implement appropriate controls to protect against potential vulnerabilities and attacks.
Budget and Resource Constraints: CISOs often face budget limitations and the need to prioritize security initiatives. Balancing the allocation of resources to address immediate security needs while investing in long-term security capabilities can be a significant challenge.
What are the Security Compliance CISO Should Follow
As a Chief Information Security Officer (CISO), there are several security compliance frameworks and regulations that you should consider following, depending on the nature of your organization and its operations. Here are some of the key security compliance frameworks and regulations:
General Data Protection Regulation (GDPR): If your organization deals with the personal data of individuals in the European Union (EU), GDPR sets requirements for the protection, processing, and transfer of personal data. It includes principles for data minimization, consent, data breach notification, and the rights of individuals.
Payment Card Industry Data Security Standard (PCI DSS): PCI DSS applies to organizations that handle credit card information. It sets requirements for securing payment card data, including network security, encryption, access controls, and regular vulnerability assessments.
Health Insurance Portability and Accountability Act (HIPAA): HIPAA applies to organizations in the healthcare industry that handle protected health information (PHI). It establishes requirements for the privacy and security of PHI, including access controls, encryption, risk assessments, and breach notification.
Sarbanes-Oxley Act (SOX): SOX applies to publicly traded companies in the United States. It sets requirements for financial reporting and establishes controls and processes to ensure the accuracy and integrity of financial statements. While not solely focused on security, it includes provisions for protecting financial data.
National Institute of Standards and Technology (NIST) Cybersecurity Framework: The NIST Cybersecurity Framework provides guidelines and best practices for managing cybersecurity risks. It covers risk assessment, security controls, incident response, and continuous monitoring.
ISO 27001: ISO 27001 is an international standard that provides a framework for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). It covers various aspects of information security, including risk management, access controls, incident management, and security awareness.
Federal Information Security Management Act (FISMA): FISMA applies to U.S. federal agencies and sets requirements for securing federal information and systems. It mandates risk assessments, security controls, incident response planning, and continuous monitoring.
Security Challenges CISOs Face to Manage Security Team
Managing a security team as a Chief Information Security Officer (CISO) requires effective leadership, communication, and coordination. Here are some key aspects to consider when managing a security team:
Establish Clear Roles and Responsibilities: Clearly define the roles and responsibilities of each team member to ensure everyone understands their specific duties and areas of expertise. This clarity helps streamline operations and avoid confusion.
Set Goals and Objectives: Define strategic goals and objectives for the security team aligned with the organization’s overall security strategy. Communicate these goals to the team and regularly track progress to ensure everyone is working towards the same objectives.
Provide Guidance and Mentorship: Offer team members guidance, mentorship, and professional development opportunities. Encourage skill development, certifications, and staying up-to-date with the latest security trends and technologies—support team members in their career growth.
Foster Collaboration and Communication: Promote a collaborative and open communication culture within the team. Encourage knowledge sharing, cross-functional collaboration, and effective communication channels. Regular team meetings, brainstorming sessions, and updates are valuable for aligning efforts.
Support Decision-Making: Empower team members to make decisions within their areas of responsibility. Provide guidance and support when needed, but encourage autonomy and ownership in decision-making. Foster an environment where team members feel comfortable taking calculated risks.
Establish Incident Response Procedures: Develop clear incident response procedures and ensure the team is well-prepared to handle security incidents effectively. Conduct regular drills, tabletop exercises, and simulations to test and improve the team’s incident response capabilities.
Stay Informed and Adapt: Stay up-to-date with the latest security threats, industry trends, and best practices. Encourage continuous learning and professional development for the team. Adapt security strategies and measures as the threat landscape evolves.
Collaborate with Other Departments: Work closely with other departments, such as IT, legal, HR, and executive management, to ensure security initiatives are aligned with business objectives and integrated into overall organizational operations. Build relationships and foster a culture of security awareness throughout the organization.
Regularly Evaluate and Improve: Regularly evaluate the team’s performance, processes, and procedures. Collect feedback from team members and stakeholders to identify areas for improvement. Implement changes and adjustments as necessary to enhance the team’s effectiveness and efficiency.
Lead by Example: Demonstrate strong leadership skills, integrity, and a commitment to security best practices. Lead by example in adhering to security policies and procedures. Encourage a positive and supportive work environment.
Final Thoughts
CISOs face many common security challenges as protectors of their organization’s digital assets and information.
From sophisticated cyberattacks and insider threats to compliance requirements and resource constraints, these challenges highlight the complex and evolving nature of the cybersecurity landscape.
CISOs must navigate these challenges by adopting a proactive and strategic approach to security, leveraging advanced technologies, fostering a strong security culture, and collaborating with stakeholders.
To overcome these challenges, CISOs must stay abreast of emerging threats, continuously evaluate and improve their security measures, and prioritize investments in critical security capabilities.
They must also foster strong partnerships with internal teams, third-party vendors, and industry peers to collectively address security challenges and share best practices.
While the security challenges CISOs face may seem daunting, they also present opportunities for innovation and growth.
By effectively addressing these challenges, CISOs can enhance their organizations’ security posture, safeguard critical assets, and instill confidence in customers and stakeholders.
Ultimately, the role of a CISO requires a comprehensive and adaptable approach to cybersecurity, where staying one step ahead of threats and continuously improving security measures are paramount.
By embracing these challenges, CISOs can help shape a secure and resilient future for their organizations in an increasingly interconnected and threat-filled digital landscape.
The researchers have noticed that Brazilian hackers are deploying PeepingTitle malware in their attacks against at least 30 Portuguese financial institutions.
According to the latest report from SentinelLabs, more than 30 Portuguese banks have become victims of targeted hacking by cybercriminals based in Brazil. These institutions were targeted in what seems to be a financially motivated campaign that was launched in 2021 but became active in early 2023.
Most of the attacks occurred last month, and the main targets are financial institutions in Portugal, wrote SentinelOne researchers Tom Hegel and Aleksandar Milenkoski.
Reportedly, the hackers implant information-stealing malware to hijack credentials and user data, including personal information, and leverage it for malicious activities apart from financial gains.
In a blog post, SentinelOne stated that it started tracking the campaign, dubbed Operation Magalenha, in early 2022. The researchers noted that the intrusions led to deploying two variants of the PeepingTitle backdoor, which greatly enhanced the attack potential.
The attack starts with phishing emails and websites hosting bogus installers of popular software. Once downloaded on a device, it launches a Visual Basic Script, which executes the malware loader. This loader then downloads/executes the PeepingTitle backdoors. The backdoor starts monitoring users’ web browsing activities.
The backdoor quickly captures screenshots when a user accesses a financial institution’s website or logs into their account. It connects with the attacker’s remote server to launch new malware executables.
“With the first PeepingTitle variant capturing the entire screen, and the second capturing each window a user interacts with, this malware duo provides the threat actor with a detailed insight into user activity,” researchers noted.
PeepingTitle window title monitoring (Credit: Sentinelone.com)
This campaign initially exploited cloud service providers such as Dropbox and DigitalOcean. But the hackers had to change course as these platforms tightened their security practices. Now, hackers are relying on Russian web hosting services provider, TimeWeb.
Both backdoors are simultaneously deployed, giving the hackers exceptional control over the compromised devices. Through PeepingTitle, attackers can track window interactions, terminate system processes, capture screenshots, and deploy data exfiltration tools and other malware.
Operation Magalenha indicates Brazilian hackers’ persistent nature and the evolving feature of their campaigns. Researchers wrote that Brazilian groups consistently update their malware tools and tactics, which is why their campaigns are so effective.
Moreover, researchers believe that the attackers have shown considerable understanding of local financial institutions and are ready to invest resources and time to develop targeted campaigns.
Regarding how researchers determined it was the work of Brazilian hackers, Hegel and Milenkoski wrote that the attackers used the Brazilian-Portuguese language in the artefacts they detected.
Moreover, the malware source code shares similarities with the Maxtrilha banking trojan, first discovered in 2021. It is written in Delphi programming language and grant hacker complete control over the infected hosts, capture screenshots, and drop new payloads.
Samsung‘s May 2023 update has reached a couple more Galaxy devices. The company is rolling out the latest security patch to the Galaxy A42 5G and Galaxy A20s. These two Galaxy A series models follow dozens of other devices, including Galaxy S series flagships, Galaxy Z series foldables, and more in receiving the May SMR (Security Maintenance Release).
The latest update for the Galaxy A42 5G is currently available in Europe. Samsung is widely rolling out the May SMR to the 2020 mid-range smartphone in the region. The new firmware build number for the device is A426BXXU5DWE1 (via). While the build number suggests more than just a security patch, Samsung’s official changelog doesn’t mention anything else. Maybe there are some system optimizations hidden here, but don’t expect any new features.
The Galaxy A42 5G may or may not receive the May SMR in other regions. That’s because the device is only eligible for biannual security updates (two updates in a year), so Samsung may skip this release in some markets. It could push one of the future security releases to the phone in other markets, such as the US. The handset will receive security patches at least until the end of 2024. November 2024, to be precise.
Interestingly, the Galaxy A42 5G is still running Android 12 in Europe and most parts of Asia where it was sold. It has already picked up Android 13 in most other regions, including the US, Samsung’s home country South Korea, and Hongkong. The handset debuted with Android 10 and isn’t eligible for Android 14. We will let you know if and when Android 13 rolls out to Galaxy A42 5G users in the remaining markets.
The Galaxy A20s is also getting Samsung’s May update
The Galaxy A20s is another Samsung phone that is now receiving the latest security patch. The Korean firm has begun the rollout in select Asian countries, namely India, Sri Lanka, Bangladesh, and Nepal. The device is picking up the firmware build number A207FXXS5CWE1 with this update. This device is also only eligible for biannual security updates, so there’s no guarantee that users in other regions will get the May SMR.
This update doesn’t bring anything notable to the Galaxy A42 5G and Galaxy A20s but fixes some series security issues. Samsung revealed earlier this month that the May SMR patches at least six critical flaws across the Galaxy lineup. It also patches more than 50 high-severity flaws and a few less severe ones. In total, this month’s security patch contains more than 70 fixes, around 20 of which are Galaxy-specific.
Meta has reportedly begun another round of mass layoffs. This is the third and final round of a massive job cut announced in mid-March. Facebook‘s parent company has laid off around 10,000 employees across these three rounds. It previously cut more than 11,000 jobs in November last year, taking the total layoffs to over 21,000.
According to Reuters, the latest round of mass layoffs at Meta mostly affect non-engineering roles. The report states that employees across marketing, site security, enterprise engineering, program management, content strategy, and corporate communications have lost their jobs this week. In a separate report, the publication said that this job cut affected around 490 jobs at the company’s international headquarters in Dublin, Ireland. That’s almost 20% of its Irish workforce.
Meta hasn’t officially announced these layoffs. But the company said in March that it will let go of more than 10,000 employees over the next few months and freeze hiring for around 5,000 open positions globally. Following some job cuts in March, it fired around 4,000 employees in April. A few thousand more are now being let go. As said earlier, this comes after an even bigger layoff in November last year when Meta laid off more than 11,000 employees.
The latest mass layoffs reduce Meta’s global workforce by 25% in six months
A total of 21,000 job cuts by Meta means that the company has reduced its global workforce by about 25% over the past six months or so. CEO Mark Zuckerberg said in November that the goal is to “become a leaner and more efficient company” amid a challenging economic situation. The social network behemoth is also shrinking its real estate footprint, “transitioning to desk sharing for people who already spend most of their time outside the office”.
It hasn’t scaled back investments in the metaverse and AR/VR technologies, though. Zuckerberg has said that Meta will prioritize growth for certain products over others in these challenging situations.
Of course, Meta isn’t the only tech biggie feeling the heat of this global economic downturn. Pretty much every other firm has announced massive job cuts over the past few months to reduce their operational costs. Amazon fired around 27,000 employees across two rounds of mass layoffs in January and March of this year.
Google parent Alphabet has cut 12,000 jobs while Microsoft has let go of around 10,000 employees. Disney (7,000), Dell (6,650), Twitter (more than 6,000), IBM (3,900), and PayPal (2,000) are a few other firms that have cut multi-thousand jobs in recent months. Samsung, Apple, and others have also announced small-scale layoffs.
US CISA recently issued an alert, warning Samsung users about an ASLR bypass flaw being under attack. The attackers are reportedly exploiting this vulnerability to deploy spyware on target devices. Since Samsung has patched the flaw, users only need to ensure updating their devices with the latest system updates to receive the fix.
Samsung ASLR Bypass Vulnerability Under Active Attack
The tech giant Samsung patched a severe kernel vulnerability affecting its smartphones and related devices.
Identified as CVE-2023-21492, Samsung has described the flaw as a kernel pointers exposure in log file without sharing many details in its advisory.
Yet, while confirming a patch release with May 2023 updates, Samsung mentioned the issue as an ASLR bypass flaw that allowed local privileged attackers to access sensitive data. The tech giant also admitted having detected active exploitation of the flaw.
Nonetheless, it still marked the vulnerability as a moderate severity issue that affected the devices with Android versions 11, 12, and 13.
The US CISA has warned users of this vulnerability while listing it in its Known Exploited Vulnerabilities Catalog.
Although, neither Samsung nor CISA elaborated on the vulnerability, probably, given its exploitation in the wild. However, numerous entities have already detected and disclosed the abuse of this vulnerability in recent spyware campaigns.
For instance, Google’s Threat Analysis Group reported in March 2023 about numerous vulnerabilities actively exploited by the threat actors to deploy mercenary ransomware. From the several zero-days and n-days, Google TAG researchers also found the ASLR bypass under attack during these campaigns. The report also stated about informing the matter to Samsung officials.
Likewise, Amnesty International also published a detailed post about mercenary spyware campaigns actively targeting Android and iOS devices. Those campaigns also involved the exploitation of ASLR bypass for Samsung devices.
Given the patch has already been released, users need not worry about possible exploitation. But for that, they must promptly update their devices with the latest releases.
