December 22, 2023
Kannan Subbiah
FCA | CISA | CGEIT | CCISO | GRC Consulting | Independent Director | Enterprise & Solution Architecture | Former Sr. VP & CTO of MF Utilities | BU Soft Tech | itTrident
Healthcare organisations have initiated partnership with others to develop security operations centres to monitor their traffic and identify threats. Proactive programs like threat hunting and brand monitoring have also been preferred. ... These initiatives are being taken keeping in mind the requirements from CERT-IN to report cyber incidents within six hours, and new requirements under Digital Personal Data protection Act, 2023, which require the organisation to take measures to identify sources of data, take consent and manage the use and eventual destruction of data as per the guidelines given by the government. “Investments in advanced IAM technologies are becoming paramount, encompassing robust authentication methods, privileged access controls, and continuous monitoring of user activities,” says Pramod Bhaskar, CISO, Cross Identity. These measures align closely with regulatory changes and compliance requirements, as regulations like HIPAA increasingly emphasise the importance of secure user authentication, access governance, and audit trails in safeguarding patient information.
The goal of any responsible security professional is to reduce the window of exposure as much as possible. There are two basic approaches to this: limiting the amount of vulnerability information available to the public and reducing the window of exposure in time by issuing patches quickly. Limiting the amount of vulnerability information available to the public might work in theory, but it is impossible to enforce in practice. There is a continuous stream of research in security vulnerabilities, and most of this research results in public announcements. Hackers write new attack exploits all the time, and the exploits quickly end up in the hands of malicious attackers. While some researchers might choose not to publish a vulnerability they discover, public dissemination of vulnerability information is the norm because it is the best way to improve security. Reducing the window of exposure in time by issuing patches quickly is the other approach. Full-disclosure proponents publish vulnerabilities far and wide to spur vendors to patch faster.
Many developers believe that services bound to localhost — a computer’s internal hostname — cannot be targeted from the internet. However, this is an incorrect assumption according to Joseph Beeton, a senior application security researcher at Contrast Security, who recently held a talk on attacking developer environments through localhost services at the DefCamp security conference. Beeton recently found serious vulnerabilities in the Quarkus Java framework and MLflow that allow remote attackers to exploit features in the development interfaces or APIs exposed by those applications locally. The attacks would only require the computer user to visit an attacker-controlled website in their browser or a legitimate site where the attacker managed to place specifically crafted ads. Drive-by attacks have been around for many years, but they are powerful when combined with a cross-site request forgery (CSRF) vulnerability in an application. In the past hackers used drive-by attacks through malicious ads placed on websites to hijack the DNS settings of users’ home routers.
Recommended by LinkedIn
The variant includes several new features that make it even more dangerous to Android users that its previous incarnation, including a new ability to interrupt the biometric operations of the targeted device, the researchers said. By unlocking biometric access (facial recognition or fingerprint scans, for example), attackers can access PINs, passwords, or graphical keys through keylogging functionalities, as well as unlock devices using previously stolen PINs or passwords. "This functionality to effectively bypass biometric security measures is a concerning development in the landscape of mobile malware," according to Threat Fabric's analysis. ... The malware's key new ability to disable biometric security on the device is enabled by issuing the command "interrupt_biometric," which executes the "InterruptBiometric" method. The method uses Android's KeyguardManager API and AccessibilityEvent to assess the device screen and keyguard status, evaluating the state of the latter in terms of various locking mechanisms, such as pattern, PIN, or password.
AI and LLMs have fundamentally altered how people and organizations interact with technology. While they drive innovation and automation across multiple sectors simultaneously, they also change how professionals make decisions and communicate with customers. They have redefined industry-specific domains while enhancing industrial growth and innovation potential. With further development and research, it is only a matter of time before these AI-driven models can replicate the qualities of human speech and interaction. There is no certainty as to the extent of AI developments and capabilities. While the potential for innovation and development seems endless, AI’s rapid growth in business and industry proves that developers have only reached the tip of the iceberg. As AI functionalities become faster and more proficient, the healthcare, education, and financial service industries will thrive further and deliver trustworthy, reliable care and services for patients, students, and customers worldwide. Because LLMs offer operational support in data and analytics, there will be cost savings as professionals transfer their time and efforts elsewhere.
This is the first time there has been an "affirmative requirement" for companies developing foundational models that pose a serious risk to national security, economic security, public health or safety to notify the federal government when training their models, and to share the results of red team safety tests, said Lisa Sotto, partner at Hunton Andrews Kurth and chair of the company's global privacy and cybersecurity practice. This will have a "profound" impact on the development of AI models in the United States, she told Information Security Media Group. While NIST does not directly regulate AI, it helps develop frameworks, standards, research and resources that play a significant role in informing the regulation and the technology's responsible use and development. Its artificial intelligence risk management framework released earlier this year seeks to provide a comprehensive framework for managing risks associated with AI technologies. Its recent report on bias in AI algorithms seeks to help organizations develop potential mitigation strategies, and the Trustworthy and Responsible AI Resource Center, launched in March, is a central repository for information about NIST's AI activities.