IT Security & Privacy

In a joint effort to enhance cybersecurity awareness and preparedness, the cybersecurity authorities of the Five Eyes (FVEY) intelligence alliance, including the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the NSA, have released a list of the top 12 most exploited vulnerabilities throughout 2022. This publication sheds light on cybercriminals' preference for targeting older unpatched security flaws to carry out their malicious activities.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has introduced its comprehensive Cybersecurity Strategic Plan for the fiscal years 2024-2026, outlining a new vision for fortified cybersecurity that emphasizes collaboration, innovation, and accountability. The plan is aligned with the National Cybersecurity Strategy and embedded within CISA's 2023-2025 Strategic Plan, establishing a roadmap for the agency to navigate towards a future marked by infrequent cyber intrusions, bolstered organizational security and resilience, and technology products designed and default-secured for safety.

A new breed of virtual assistant software has surfaced in underground forums, catering to "black hat" hackers seeking illicit gains. These emerging tools, harnessing the power of generative AI models akin to those behind ChatGPT, have adopted monikers such as "FraudGPT" and "WormGPT," promising functionalities spanning from crafting malicious software and phishing emails to constructing attack sites and pinpointing vulnerabilities. Notably, their effectiveness shines in facilitating business email compromise (BEC) attacks.

The Dubai International Financial Centre (DIFC) has taken a significant step in data protection by issuing an adequacy determination that establishes the equivalence of the California Consumer Privacy Act of 2018 (CCPA) with the DIFC's Data Protection Law. This recognition underscores the importance of strong consumer privacy rights in the digital age and highlights the CCPA's leadership in shaping commercial privacy laws.

In a significant move to safeguard its digital infrastructure and protect against evolving cyber threats, Governor Kathy Hochul announced the launch of New York's first-ever statewide cybersecurity strategy. The strategy marks a pivotal step in fortifying the state's digital assets and ensuring the safety and security of its residents in the face of an increasingly complex cyber landscape.

Indian lawmakers have approved a data protection legislation aimed at regulating tech giants and addressing data breaches, but the move has sparked concerns about citizens' privacy rights. The bill, which limits cross-border data transfers and establishes a data protection authority, has been met with criticism from various quarters, with opponents arguing that it could grant excessive power to the government and undermine individual freedoms.

In a crippling blow to the healthcare sector, a widespread cyber attack has thrown hospital systems across the United States into disarray, leading to the suspension of medical services, the diversion of ambulances, and the scramble to find alternative solutions. Prospect Medical Holdings, a prominent healthcare provider based in California, confirmed the incident, highlighting the severity of the data security breach.