Home Black Hat Deep Tech Essays Fireside Chat My Take News Alerts Q&A RSAC Videocasts About Contact

GUEST ESSAY: NIST’s Cybersecurity Framework update extends best practices to supply chain, AI

By Jeremy Swenson

The National Institute of Standards and Technology (NIST) has updated their widely used Cybersecurity Framework (CSF) — a free respected landmark guidance document for reducing cybersecurity risk.

Related: More background on CSF

However, it’s important to note that most of the framework core has remained the same. Here are the core components the security community knows:

Govern (GV): Sets forth the strategic path and guidelines for managing cybersecurity risks, ensuring harmony with business goals and adherence to legal requirements and standards. This is the newest addition which was inferred before but is specifically illustrated to touch every aspect of the framework. It seeks to establish and monitor your company’s cybersecurity risk management strategy, expectations, and policy.

•Identify (ID): Entails cultivating a comprehensive organizational comprehension of managing cybersecurity risks to systems, assets, data, and capabilities. (more…)

LW ROUNDTABLE: Will the U.S. Senate keep citizens safe, vote to force China to divest TikTok?

By Byron V. Acohido

Congressional bi-partisanship these day seems nigh impossible.

Related: Rising tensions spell need for tighter cybersecurity

Yet by a resounding vote of 352-65, the U.S. House of Representatives recently passed a bill that would ban TikTok unless its China-based owner, ByteDance Ltd., relinquishes its stake.

President Biden has said he will sign the bill into law, so its fate is now in the hands of the U.S. Senate.

I fervently hope the U.S. Senate does not torpedo this long overdue proactive step to protect its citizens and start shoring up America’s global stature.

Weaponizing social media

How did we get here? A big part of the problem is a poorly informed general populace. Mainstream news media gravitates to chasing the political antics of the moment. This tends to diffuse sober analysis of the countless examples of Russia, in particular, weaponizing social media to spread falsehoods, interfere in elections, target infrastructure and even radicalize youth. (more…)

Author Q&A: A patient’s perspective of advanced medical technology and rising privacy risks

By Byron V. Acohido

A close friend of mine, Jay Morrow, has just authored a book titled “Hospital Survival.”

Related: Ransomware plagues healthcare

Jay’s book is very personal. He recounts a health crisis he endured that began to manifest at the start of what was supposed to be a rejuvenation cruise.

Jay had to undergo several operations, including one where he died on the operating table and had to be resuscitated. Jay told me he learned about managing work stress, the fragility and preciousness of good health and the importance of family. We also discussed medical technology and how his views about patient privacy evolved. Here are excerpts of our discussion, edited for clarity and length:

LW: Your book is pretty gripping. It starts with you going on a cruise, but then ending up on this harrowing personal journey.

Morrow: That’s right. I was a projects manager working hard at a high-stress job and not necessarily paying any attention to the stress toll that it was taking on me over a number of years. Professionally, my plates were full. I was working 60 to 70 hours a week and that was probably too much. (more…)

GUEST ESSAY: A DIY guide to recognizing – and derailing – Generative AI voice scams

By Alexander Konovalov

Americans lost a record $10 billion to scams last year — and scams are getting more sophisticated.

Related: Google battles AI fakers

Recently used to impersonate Joe Biden and Taylor Swift, AI voice cloning scams are gaining momentum — and one in three adults confess they aren’t confident they’d identify the cloned voice from the real thing.

Google searches for ‘AI voice scams’ soared by more than 200 percent in the course of a few months. Here are a few tips  how to not fall prey to voice cloning scams.

•Laugh. AI has a hard time recognizing laughter, so crack a joke and gauge the person’s reaction. If their laugh sounds authentic, chances are there’s a human on the other end of the line, at least. (more…)

News alert: Badge expands availability of ‘Enroll Once and Authenticate on Any Device’ software

San Francisco, Calif., Mar. 7, 2024 — Badge Inc., the award-winning privacy company enabling Identity without Secrets™, today launched a new Partner Program and welcomed Identity Data Management and Analytics provider Radiant Logic as its newest partner.

Radiant Logic joins Badge’s partner network alongside marquee identity partners, Okta and Ping Identity. The new Badge Partner Program further accelerates the adoption and integration of Badge’s privacy-preserving authentication, enabling even more users to benefit from seamless MFA experiences across any device or application without storing user secrets or private keys.

“We are thrilled to be working with Badge, enabling a best-in-class authentication solution that builds on top of our market-leading identity data management and identity analytics capabilities to provide greater privacy and security to our customers,” said Wade Ellery, Field CTO, Radiant Logic.

The integration of Badge brings downstream value to Radiant Logic customers, allowing employees to enroll once and log into any application via RadiantOne using their preferred biometrics and factors of choice for a safe and holistic user experience across any device. By eliminating passwords and stored secrets, Badge bolsters Radiant Logic’s extensible identity data platform to accelerate strategic initiatives such as digital transformation, Zero Trust, automated compliance, and data-driven governance. (more…)

GUEST ESSAY: Essential cyber hygiene practices all charities must embrace to protect their donors

By Zac Amos

Charities and nonprofits are particularly vulnerable to cybersecurity threats, primarily because they maintain personal and financial data, which are highly valuable to criminals.

Related: Hackers target UK charities

Here are six tips for establishing robust nonprofit cybersecurity measures to protect sensitive donor information and build a resilient organization.

•Assess risks. Creating a solid cybersecurity foundation begins with understanding the organization’s risks. Many nonprofits are exposed to potential daily threats and don’t even know it. A recent study found only 27% of charities undertook risk assessments in 2023 and only 11% said they reviewed risks posed by suppliers. These worrying statistics underscore the need to be more proactive in preventing security breaches.

•Keep software updated. Outdated software and operating systems are known risk factors in cybersecurity. Keeping these systems up to date and installing the latest security patches can help minimize the frequency and severity of data breaches among organizations. Investing in top-notch firewalls is also essential, as they serve as the first line of defense against external threats. (more…)

News alert: Silence Laboratories raises $4.1M for new privacy-preserving cryptography platform

SINGAPORE – Feb. 29, 2024.  In the modern age, large companies are wrestling to leverage their customers’ data to provide ever-better AI-enhanced experiences.

But a key barrier to leveraging this opportunity is mounting public concern around data privacy, as ever-greater data processing poses risks of data leaks by hackers and malicious insiders.

Silence Laboratories is on a mission to create infrastructure to enable complex data collaborations between enterprises and entities, without any sensitive information being exposed to the other engaging parties. Silence Laboratories today announces it has raised an additional $4.1 million funding round led by Pi Ventures and Kira Studio, along with several prominent angel investors.

Leveraging modern cryptography, the company already has one of the fastest distributed signature (authorization) libraries in production (Silent Shard), which has been audited by some of the best security auditing companies like Trail of Bits. These libraries have led to the establishment of strong partnerships with leading digital asset infrastructure and protocol companies like BitGo, MetaMaskEigenLayer, Biconomy, and EasyCrypto. (more…)