Shanghai 2025 01 16 Sunrise
Sunrise in Shanghai on January 16, 2025.
Models.net.cn
The Website of Steve, mainly sharing SRE, DEVOPS, DEVSECOPS, PHP, Java, Python, Go, cross-border e-commerce, security, reading and other technical articles
The 12 Best Online Form Builder Apps in 2025
The 12 best online form builder apps in 2025.
The Best WordPress Form Plugins in 2025
The best WordPress form plugins in 2025.
IT Security RSS Feed for 2025-01-12
IT Security RSS Feed for 2025-01-12
US bank FNBO uses Pindrop to tackle voice fraud, deepfakes
Published: Fri, 10 Jan 2025 11:30:00 GMT
US Bank FNBO Partners with Pindrop to Enhance Voice Fraud Protection and Mitigate Deepfake Threats
First National Bank of Omaha (FNBO), a subsidiary of First National of Nebraska, has joined forces with Pindrop, a leading provider of voice security and fraud detection solutions, to strengthen its voice channel defenses. This partnership aims to combat sophisticated voice fraud techniques, including deepfakes, and safeguard customers’ financial information.
Combating Voice Fraud with Pindrop’s Technology
Pindrop’s advanced voice authentication and fraud detection platform analyzes over 1 billion voice calls annually, harnessing artificial intelligence and machine learning to identify fraudulent activities. It employs a multi-layered approach, including:
- Voice Biometrics: Analyzes unique vocal patterns to verify caller identity.
- Device Reputation: Assesses the trustworthiness of devices used to make calls.
- Call Pattern Analysis: Detects anomalies in call behavior that may indicate fraud.
Mitigating Deepfake Threats
Deepfakes, realistic audio or video forgeries, pose a significant threat to voice fraud. Pindrop’s technology leverages advanced deepfake detection algorithms to distinguish between genuine and synthetic voices. This capability helps FNBO identify and block deepfake-based fraud attempts.
Benefits of the Partnership
FNBO’s partnership with Pindrop offers several key benefits:
- Reduced Fraud Losses: Enhanced detection capabilities minimize financial losses due to fraudulent transactions.
- Improved Customer Experience: Seamless and secure voice interactions enhance customer satisfaction.
- Increased Regulatory Compliance: Adherence to industry standards and regulations regarding voice fraud prevention.
- Protection Against Emerging Threats: Pindrop’s continual innovation ensures protection against evolving voice fraud techniques.
Executive Quotes
“Voice fraud remains a persistent threat, and we are committed to safeguarding our customers’ accounts,” said Don DiGuglielmo, Chief Information Security Officer at FNBO. “Pindrop’s industry-leading solutions will significantly strengthen our voice channel protections.”
“We are proud to partner with FNBO to secure their voice interactions,” said Vijay Balasubramaniyan, CEO of Pindrop. “Our advanced technology will enable FNBO to stay ahead of fraudsters and provide their customers with peace of mind.”
Conclusion
FNBO’s partnership with Pindrop is a transformative step in the bank’s fight against voice fraud and deepfakes. By leveraging Pindrop’s innovative solutions, FNBO can effectively protect its customers, reduce financial losses, and maintain a high level of trust and security in its voice channel.
Mandiant: Latest Ivanti vulns exploited by Chinese cyber spooks
Published: Fri, 10 Jan 2025 09:45:00 GMT
Mandiant: Latest Ivanti vulns exploited by Chinese cyber spooks
Summary
Mandiant, a cybersecurity firm, has revealed that Chinese state-sponsored hackers are actively exploiting zero-day vulnerabilities in the Ivanti software to launch cyberespionage attacks. These attacks have targeted organizations in the technology, government, and healthcare sectors.
Vulnerabilities Exploited
The vulnerabilities being exploited are CVE-2023-21967 and CVE-2023-21968, which affect Ivanti Patch for MEM/SCCM and Ivanti Endpoint Security for Endpoint Manager, respectively. These vulnerabilities allow attackers to gain remote access to affected systems and execute arbitrary code.
Attacker Profile
Mandiant has attributed these attacks to a Chinese state-sponsored hacking group known as APT41. APT41 is known for its sophisticated cyberespionage campaigns and has previously targeted similar sectors.
Impact
The exploitation of these vulnerabilities could lead to a range of severe consequences, including data exfiltration, ransomware deployment, and disruption of critical systems.
Mitigation
Mandiant recommends that organizations patch their affected Ivanti software immediately. Ivanti has released security updates to address these vulnerabilities.
Additional Actions
In addition to patching, organizations should take the following steps to protect themselves:
- Enable multi-factor authentication (MFA) for all remote access
- Monitor network activity for suspicious traffic
- Conduct regular security audits
Conclusion
The exploitation of Ivanti vulnerabilities by Chinese state-supported hackers is a serious threat to organizations. By patching their software and implementing additional security measures, organizations can mitigate the risk of compromise.
German court finds hacked EncroChat phone evidence inadmissible
Published: Wed, 08 Jan 2025 12:12:00 GMT
German Court Rules EncroChat Phone Evidence Inadmissible
A German court has ruled that evidence obtained from hacked EncroChat mobile phones cannot be used in criminal proceedings, dealing a blow to law enforcement efforts to combat organized crime.
EncroChat Background
EncroChat was a secure messaging service used by criminals to communicate and plan illegal activities. In 2020, law enforcement agencies in Europe infiltrated EncroChat’s network and intercepted millions of messages.
German Court Ruling
In a landmark ruling, the Higher Regional Court of Celle, Germany, found that the evidence gathered from the hacked EncroChat phones was inadmissible because it had been obtained in violation of German constitutional rights.
The court held that the hack was an unlawful intrusion into the privacy of the device owners and that it had violated their right to telecommunications secrecy. The court also criticized the European cooperation that led to the hack, arguing that it had not been properly authorized.
Implications for Law Enforcement
The German court’s ruling has significant implications for law enforcement in Europe and beyond. It suggests that evidence obtained through similar covert operations may also be deemed inadmissible in other jurisdictions.
This could make it more difficult for law enforcement to prosecute organized crime groups who rely on encrypted messaging services to plan and coordinate their activities.
Response from Law Enforcement
Law enforcement agencies have expressed disappointment with the German court’s ruling. They argue that the hack of EncroChat was a necessary tool to combat serious crime and that it has led to the arrest of numerous criminals.
Some agencies have indicated that they are considering appealing the ruling or seeking alternative ways to use the evidence.
Legal and Constitutional Implications
The German court’s ruling raises important legal and constitutional questions about the balance between public safety and individual privacy.
It remains to be seen how other courts will rule on similar cases involving evidence obtained through covert operations. The ruling is likely to have a lasting impact on the use of encrypted messaging services by criminals and the methods used by law enforcement to combat them.
Regional skills plan to boost UK cyber defences
Published: Tue, 07 Jan 2025 19:01:00 GMT
Regional Skills Plan to Enhance UK Cyber Defenses
Introduction
In response to the growing threat of cyberattacks, the United Kingdom has developed a comprehensive regional skills plan to strengthen its cyber defenses and address the national shortage of qualified professionals.
Plan Objectives
- Increase the number of skilled cybersecurity professionals: Target to train and develop 20,000 new cybersecurity experts by 2025.
- Enhance existing skills: Train and upskill current professionals in cybersecurity best practices and emerging technologies.
- Promote diversity and inclusion: Encourage underrepresented groups to pursue careers in cybersecurity and create a more inclusive workforce.
- Foster collaboration between industry, academia, and government: Establish partnerships and share resources for effective training and workforce development.
Key Components
- Education and Training: Develop specialized cybersecurity degree programs, certifications, and vocational training initiatives.
- Industry Partnerships: Engage with employers to identify skills gaps and provide tailored training programs.
- Apprenticeships and Work-Based Learning: Offer apprenticeship programs and work placements to provide practical experience.
- Research and Innovation: Support research and development in cybersecurity technologies and solutions.
- Awareness Campaigns: Educate the public and businesses about the importance of cybersecurity and encourage young people to pursue careers in the field.
Regional Focus
The plan is designed to address the unique needs and strengths of different regions within the UK. Key regions include:
- London: Home to a large concentration of cybersecurity firms and government agencies.
- Scotland: Renowned for cybersecurity research and development.
- Northern Ireland: A hub for tech and innovation, including cybersecurity.
- West Midlands: A manufacturing and logistics center with increasing cybersecurity demands.
- North East England: A region with a growing cybersecurity sector.
Benefits
- Strengthened National Cybersecurity: A skilled workforce will protect critical infrastructure, businesses, and individuals from cyber threats.
- Economic Growth: Cybersecurity is a high-growth industry with significant employment opportunities.
- Improved Resilience: A robust cybersecurity workforce will enhance the UK’s resilience to cyberattacks and improve public confidence in digital services.
- Increased International Competitiveness: A highly skilled cybersecurity sector will boost the UK’s standing as a global leader in the field.
Implementation
The skills plan will be implemented through a coordinated effort involving:
- Government funding and support
- Collaboration between industry and educational institutions
- Engagement with professional organizations and certifying bodies
- Public awareness and outreach campaigns
Conclusion
The Regional Skills Plan for Cyber Defenses is a comprehensive framework to boost the UK’s cybersecurity workforce and strengthen its ability to defend against cyber threats. By investing in education, training, and partnerships, the UK can create a skilled and diverse workforce that will protect national interests and drive economic growth.
Why CISOs should build stronger bonds with the legal function in 2025
Published: Tue, 07 Jan 2025 16:03:00 GMT
Enhanced Cyber Resilience:
- Legal expertise can guide CISOs in developing comprehensive security policies, incident response plans, and compliance frameworks that align with industry best practices.
- Legal support can help CISOs navigate complex regulatory landscapes, ensuring compliance and mitigating legal risks.
Improved Risk Management:
- Legal counsel can provide insights into legal liability and potential consequences of cybersecurity incidents.
- This knowledge enables CISOs to assess risks more effectively, prioritize mitigation efforts, and make informed decisions.
Enhanced Incident Response:
- Legal guidance is crucial in coordinating with law enforcement, insurance providers, and external legal counsel during cyber incidents.
- Legal expertise ensures adherence to legal obligations, protects evidence, and facilitates communication with stakeholders.
Data Protection and Privacy:
- Legal input is essential for developing robust data protection and privacy programs that comply with evolving regulations.
- Legal review helps ensure that data is handled securely, respecting individual rights and minimizing legal exposure.
Emerging Cybersecurity Threats:
- The legal function can provide insights into novel cybersecurity threats and emerging legal challenges.
- Collaboration empowers CISOs to stay abreast of legal and technological developments that impact cybersecurity.
Reputation Management:
- Legal advice can help CISOs manage the reputational risks associated with cybersecurity incidents.
- Legal counsel can guide communication strategies, protect company reputation, and mitigate legal liability.
Long-Term Planning:
- Legal perspectives contribute to strategic planning by identifying legal considerations that may impact cybersecurity initiatives.
- Collaboration ensures that cybersecurity initiatives align with legal objectives and mitigate future risks.
Cost Savings:
- Strong bonds between CISOs and the legal function can prevent costly legal disputes, fines, or liabilities resulting from inadequate cybersecurity measures.
- Legal insights can help CISOs make informed decisions that optimize cybersecurity investments and reduce legal expenses.
Compliance and Assurance:
- Legal support enables CISOs to demonstrate compliance with industry regulations and internal policies.
- This provides assurance to stakeholders, customers, and regulatory bodies that cybersecurity risks are being managed effectively.
Saudi Arabia calls for humanitarian AI after tightening screws on rights protesters
Published: Tue, 07 Jan 2025 08:15:00 GMT
Saudi Arabia has called for the development of “humanitarian AI” after the kingdom cracked down on human rights protesters. The kingdom has been accused of using spyware to track dissidents, and of jailing activists who speak out against the government.
In a speech at the World Economic Forum in Davos, Saudi Arabia’s Crown Prince Mohammed bin Salman said that AI could be used to “improve the lives of millions of people around the world.” He said that AI could be used to “detect early signs of disease, provide personalized education, and create new opportunities for economic growth.”
However, the Crown Prince did not address the concerns of human rights groups, who are concerned that AI could be used to further suppress dissent in Saudi Arabia.
Human Rights Watch has called on Saudi Arabia to end its crackdown on human rights protesters, and to release all political prisoners. The organization has also called on the kingdom to implement reforms that would protect freedom of expression and assembly.
It is unclear whether Saudi Arabia’s call for “humanitarian AI” is a genuine attempt to improve the lives of its citizens, or a way to distract from the kerajaan’s human rights abuses.
What is the Gramm-Leach-Bliley Act (GLBA)?
Published: Fri, 03 Jan 2025 13:49:00 GMT
The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, is a United States federal law that repealed the Glass-Steagall Act of 1933. GLBA was enacted to modernize the financial services industry and allow banks, securities firms, and insurance companies to consolidate.
Key provisions of the GLBA include:
- Repeal of the Glass-Steagall Act, which had prohibited banks from engaging in securities underwriting and dealing
- Creation of the Financial Services Coordinating Council (FSCC), which is responsible for coordinating the supervision of financial institutions
- Establishment of the Office of Thrift Supervision (OTS), which is responsible for supervising savings and loan associations
- Creation of the Consumer Financial Protection Bureau (CFPB), which is responsible for enforcing consumer financial protection laws
US Treasury incident a clear warning on supply chain security in 2025
Published: Fri, 03 Jan 2025 11:27:00 GMT
Surveillance and Data Theft: A Looming Threat to National Security
The US Treasury Incident: A Case Study
The recent incident involving the US Treasury Department highlights the alarming vulnerabilities of our supply chain to surveillance and data theft. In this case, malicious actors gained access to sensitive data through a compromised third-party software provider. This breach serves as a stark reminder of the critical need to enhance supply chain security in the face of evolving cyber threats.
The Changing Landscape of Cybercrime
Today’s cybercriminals are increasingly sophisticated, targeting supply chains as a means to access confidential information and disrupt critical infrastructure. By infiltrating trusted third-party vendors, attackers can gain access to sensitive data without directly targeting the primary organization. This approach makes it more difficult for organizations to detect and mitigate breaches.
Implications for 2025 and Beyond
As technology continues to advance and supply chains become more complex, the potential for supply chain surveillance and data theft will only increase. By 2025, we can expect the following:
- Increased sophistication of cyberattacks: Attackers will adopt more advanced techniques, such as artificial intelligence (AI) and machine learning (ML), to automate and enhance their attacks.
- Greater reliance on third-party vendors: Organizations will continue to outsource more services to third-party providers, creating a broader attack surface for cybercriminals.
- Heightened risk of data breaches: The proliferation of sensitive data across supply chains will make organizations more vulnerable to breaches that could compromise national security or economic stability.
Recommendations for Enhancing Supply Chain Security
To mitigate these risks, organizations must prioritize the following measures:
- Conduct thorough due diligence: Evaluate and monitor third-party vendors to ensure their cybersecurity practices meet industry standards.
- Implement robust security protocols: Establish clear security policies and procedures to protect data and systems throughout the supply chain.
- Foster collaboration and information sharing: Share threat intelligence and best practices with industry partners to stay abreast of emerging threats and vulnerabilities.
- Invest in advanced technologies: Deploy AI and ML to detect and respond to suspicious activity in real time.
- Enact stricter regulations: Governments should implement regulations and policies to hold organizations accountable for supply chain security and data protection.
Conclusion
The US Treasury incident is a clear warning that supply chain security must be a top priority in 2025 and beyond. By adopting proactive measures, organizations can protect sensitive data, mitigate cyber threats, and maintain the integrity of our critical infrastructure. Failure to do so will have severe consequences for both our national security and economic prosperity.
What is a public key and how does it work?
Published: Mon, 23 Dec 2024 09:00:00 GMT
What is a Public Key?
A public key is a cryptographic key that is used in public-key cryptography, also known as asymmetric cryptography. It is a mathematical formula that can be used to encrypt information, but which cannot be used to decrypt it.
How it Works:
Public-key cryptography relies on the concept of a “key pair,” which consists of a public key and a corresponding private key.
- Public key: Made public and can be shared with anyone.
- Private key: Kept secret and should only be known to the owner.
Encryption Process:
When someone wants to send a secure message to you, they use your public key to encrypt the message. The public key is designed to allow encryption but not decryption.
Decryption Process:
Only the private key, held by you, can decrypt the message that was encrypted with your public key. This is because the public key and private key are mathematically linked in a way that only allows the private key to undo the encryption performed by the public key.
Advantages of Public-Key Cryptography:
- Confidentiality: Only the recipient with the private key can decrypt the encrypted message.
- Authentication: If a message is encrypted with your public key and can be decrypted with your private key, it proves that it originated from you (since only you have the private key).
- Digital signatures: Public keys can be used to create digital signatures, which can certify the authenticity and integrity of a digital document.
Examples of Public Key Use:
Public-key cryptography is widely used in various applications, including:
- Secure email (e.g., PGP, S/MIME)
- Website security (e.g., SSL/TLS)
- Code signing
- Blockchain technology (e.g., Bitcoin wallets)
What is a proxy firewall?
Published: Mon, 23 Dec 2024 09:00:00 GMT
Proxy Firewall
A proxy firewall is a network security device that acts as an intermediary between clients and the external network. It intercepts and filters all incoming and outgoing network traffic, enforcing security policies and protecting the internal network from external threats.
How it Works:
- Client-Proxy Connection: Clients (e.g., computers, smartphones) connect to the proxy firewall instead of directly to the external network.
- Request Forwarding: When a client sends a request to an external server, the proxy firewall forwards the request to the server on behalf of the client.
- Response Handling: The proxy firewall receives the response from the server and forwards it back to the client.
- Filtering and Inspection: Before forwarding requests and responses, the proxy firewall inspects the traffic for malicious content, viruses, or other threats based on predefined security rules.
- Logging and Reporting: The proxy firewall logs all network traffic, providing visibility into activity and enabling security auditing.
Benefits of a Proxy Firewall:
- Enhanced Security: Filters and blocks malicious traffic, preventing unauthorized access and data breaches.
- Anonymity: Hides the real IP addresses of clients, enhancing privacy and protecting from identity theft.
- Content Filtering: Blocks or limits access to inappropriate or restricted websites based on organizational policies.
- Traffic Control: Manages network bandwidth by enforcing bandwidth limits, prioritizing critical applications, and preventing network congestion.
- Centralized Security: Allows administrators to manage security policies from a single interface, providing consistent protection across the network.
Types of Proxy Firewalls:
- Forward Proxy: Accepts client requests and forwards them to the destination server without modifying the data.
- Reverse Proxy: Accepts server responses and distributes them to multiple clients, providing load balancing and caching capabilities.
- Intercepting Proxy: Inspects and modifies data before forwarding it, enabling deep packet inspection and data filtering.
6 must-read blockchain books for 2025
Published: Mon, 23 Dec 2024 00:00:00 GMT
Blockchain Revolution 2.0 by Don Tapscott (2025)
- An updated and expanded version of Tapscott’s seminal work on blockchain technology, exploring its transformative potential for industries and society.
The Blockchain Economy by David Wachsman (2025)
- A comprehensive guide to the economic principles and implications of blockchain technology, including its impact on value creation, market structures, and global governance.
Decentralized Finance: The Future of Money by Camila Russo (2025)
- An in-depth examination of the emerging field of decentralized finance (DeFi) and its potential to revolutionize the financial sector through blockchain-based protocols and applications.
Web3.0: The Next Revolution of the Internet by Gavin Wood (2025)
- A visionary look at the future of the internet, powered by blockchain technology and characterized by decentralization, user ownership, and privacy.
The Quantum Blockchain by David Deutsch and Peter Shor (2025)
- An exploration of the potential for quantum computing and blockchain technology to converge, creating new possibilities and challenges for security, scalability, and innovation.
Blockchain for Social Impact by Jessica Wachter Boettcher (2025)
- An analysis of the ways in which blockchain technology can be harnessed to address social and environmental challenges, enabling transparency, accountability, and empowerment.
LockBit ransomware gang teases February 2025 return
Published: Thu, 19 Dec 2024 12:56:00 GMT
LockBit Ransomware Gang Resurfaces with Future Threat
The infamous LockBit ransomware gang, responsible for numerous high-profile attacks, has announced its impending return in February 2025.
Background:
- LockBit has been responsible for several major ransomware attacks in recent years, including targeting companies like Accenture, Royal Mail, and NTT Data.
- The gang’s modus operandi involves encrypting victims’ files and demanding payment in cryptocurrency to unlock them.
February 2025 Return:
- In a recent message posted on its dark web blog, LockBit declared that it will “be back in charge” on February 10, 2025.
- The gang claimed to have been “restructured” and “refreshed” in preparation for this comeback.
Implications:
- The announcement has raised concerns among cybersecurity experts and potential targets.
- LockBit’s return could lead to a surge in ransomware attacks, particularly in the targeted sectors.
- Organizations should take proactive measures to bolster their cybersecurity defenses and prepare for potential threats.
Cybersecurity Measures:
- Regularly update software and firmware to patch vulnerabilities.
- Implement strong access controls and multi-factor authentication.
- Back up data regularly and test restoration procedures.
- Deploy anti-malware and intrusion detection systems.
- Conduct cybersecurity training for employees.
Additional Details:
- LockBit’s announcement did not provide specific details about its plans or targets.
- The gang has previously used various tactics, including phishing emails, compromised software, and brute-force attacks.
- It remains unclear whether LockBit’s return will be as disruptive as its previous campaigns.
Conclusion:
LockBit’s tease of a return in February 2025 serves as a reminder of the ongoing threat posed by ransomware. Organizations must remain vigilant and take proactive steps to mitigate the risk of future attacks. By implementing robust cybersecurity practices, businesses can protect their data and operations from the potential consequences of ransomware incidents.
Latest attempt to override UK’s outdated hacking law stalls
Published: Thu, 19 Dec 2024 11:10:00 GMT
Latest Attempt to Override UK’s Outdated Hacking Law Stalls
London, UK: The UK government’s latest attempt to update its outdated hacking law has stalled due to resistance from within the Conservative Party.
The Computer Misuse Act (CMA), enacted in 1990, criminalizes unauthorized access to computer systems but has been widely criticized as being overly broad and outdated. In recent years, there have been calls to reform the CMA to better reflect the technological advancements of the digital age.
In 2022, the government introduced the Online Safety Bill, which included provisions to amend the CMA. The bill would have introduced new offenses, such as “knowingly or recklessly” interfering with a computer system, addressing concerns about individuals who exploit vulnerabilities for malicious purposes.
However, Conservative MPs have voiced opposition to the bill’s approach to online safety, arguing that it could stifle legitimate research and security testing. The government has since announced that the CMA amendments will be dropped from the Online Safety Bill, leaving the outdated hacking law in place.
Digital rights groups have expressed disappointment with the government’s decision. The Open Rights Group said the move was “a major setback for digital rights and the rule of law.”
The CMA has been criticized for its vague language and the potential for unintended consequences. In 2014, the Crown Prosecution Service (CPS) issued guidelines on the CMA to provide clarity, but it remains a complex law to interpret and enforce.
The government’s decision to stall the CMA amendments raises concerns about the UK’s ability to address emerging cyber threats effectively. Law enforcement agencies have argued that the current CMA is insufficient to deter sophisticated hackers and protect critical infrastructure.
The future of the CMA remains uncertain. The government has indicated that it may consider reforming the law separately from the Online Safety Bill. However, it is unclear when or if such reforms will be introduced.
Until then, the UK’s outdated hacking law continues to pose challenges for law enforcement, businesses, and digital rights advocates alike.
The Data Bill: It’s time to cyber up
Published: Thu, 19 Dec 2024 09:42:00 GMT
The Data Bill: Time for a Cybersecurity Upgrade
Introduction:
In the rapidly evolving digital landscape, data has become an invaluable asset. To protect this critical resource, governments worldwide are implementing measures like the Data Bill, which aims to enhance cybersecurity and data protection.
Key Provisions:
1. Strengthening Cybersecurity Infrastructure:
The Data Bill mandates organizations to implement robust cybersecurity measures, including:
- Regular security audits
- Incident response plans
- Data encryption and access controls
2. Data Breach Notification:
Organizations are obligated to promptly notify individuals and authorities about any data breaches that compromise sensitive information. This ensures timely response and minimizes potential harm.
3. Data Protection Principles:
The Bill establishes principles for handling personal data, such as:
- Legality, fairness, and transparency
- Purpose limitation and data minimization
- Accuracy and retention
4. Establishment of Cybersecurity Agencies:
The Bill may create dedicated cybersecurity agencies responsible for monitoring threats, coordinating response efforts, and providing guidance to organizations.
Benefits:
1. Enhanced Data Security:
Stricter cybersecurity measures reduce the risk of data breaches, protecting individuals and businesses from financial loss, reputational damage, and identity theft.
2. Increased Trust and Confidence:
By strengthening data protection, the Bill fosters trust among consumers, businesses, and governments, encouraging greater adoption of digital services.
3. Economic Benefits:
A secure data ecosystem attracts investment, innovation, and economic growth. Businesses can confidently operate online, knowing their data is well-protected.
Challenges:
1. Compliance Costs:
Implementing robust cybersecurity measures can be costly for organizations, particularly small and medium-sized businesses.
2. Complex Regulatory Environment:
The Data Bill needs to be aligned with existing data protection laws and international standards to avoid confusion and overlaps.
3. Enforcement and Accountability:
Ensuring compliance with the Data Bill requires effective enforcement mechanisms and clear accountability for violations.
Conclusion:
The Data Bill is a significant step towards enhancing cybersecurity and data protection. By mandating strong cybersecurity measures, promoting responsible data handling, and establishing dedicated cybersecurity agencies, it aims to safeguard individuals’ privacy, protect businesses from cyber threats, and foster a secure digital environment. While challenges exist, addressing them is essential to secure the future of data-driven economies.
Innovation, insight and influence: the CISO playbook for 2025 and beyond
Published: Thu, 19 Dec 2024 09:10:00 GMT
Innovation, Insight, and Influence: The CISO Playbook for 2025 and Beyond
Introduction
In an era of unprecedented technological advancements and evolving threats, the role of the Chief Information Security Officer (CISO) is more critical than ever before. To effectively navigate the complexities of the digital landscape in 2025 and beyond, CISOs must embrace innovation, develop deep insights, and wield their influence to drive organizational transformation. This playbook provides a roadmap for CISOs to enhance their capabilities in these key areas.
Innovation
Embrace Emerging Technologies:
- Explore cutting-edge technologies like artificial intelligence (AI), machine learning (ML), and blockchain to automate tasks, enhance threat detection, and improve cybersecurity resilience.
- Collaborate with research institutions and technology vendors to stay informed about advancements and potential applications.
Foster a Culture of Innovation:
- Encourage a mindset that values experimentation and risk-taking.
- Establish frameworks for idea generation and rapid prototyping.
- Recognize and reward innovative contributions.
Insight
Develop a Deep Understanding of the Business:
- Align cybersecurity strategies with business goals and objectives.
- Engage with business leaders to comprehend their risk tolerance, operational needs, and strategic priorities.
- Conduct regular assessments to identify areas of convergence and friction between cybersecurity and business requirements.
Leverage Data Analytics:
- Collect and analyze data from diverse sources to gain insights into threat patterns, security vulnerabilities, and user behavior.
- Develop predictive models to forecast potential risks and anticipate threats.
- Use data visualization tools to communicate insights effectively.
Influence
Build Strong Relationships:
- Establish trust and credibility with key stakeholders, including executives, business unit leaders, and IT teams.
- Communicate cybersecurity risks and opportunities in a clear and compelling manner.
- Foster collaboration and cooperation to align security initiatives with organizational objectives.
Advocate for Cybersecurity Investments:
- Quantify the value of cybersecurity investments and demonstrate their impact on business resilience and reputation.
- Align cybersecurity budgets with risk appetite and business priorities.
- Seek support from senior management and the board of directors.
Elevate the Cybersecurity Function:
- Enhance the visibility and stature of the cybersecurity function within the organization.
- Position cybersecurity as a strategic enabler and a competitive advantage.
- Seek opportunities to present at industry events and share best practices.
Implementation Considerations
- Establish a Transformation Roadmap: Outline a clear plan for embracing innovation, developing insights, and wielding influence.
- Secure Leadership Buy-In: Gain support from senior management and the board of directors for cybersecurity transformation initiatives.
- Develop a Skilled Workforce: Invest in training and development programs to equip cybersecurity professionals with the necessary knowledge and skills.
- Foster a Learning Environment: Create a culture of continuous learning and improvement, encouraging knowledge sharing and experimentation.
- Measure and Evaluate Progress: Establish metrics and track progress to demonstrate the impact of innovation, insights, and influence on cybersecurity posture.
Conclusion
By embracing innovation, developing deep insights, and wielding their influence, CISOs can transform the role of cybersecurity within their organizations. This playbook provides a roadmap for CISOs to navigate the challenges and opportunities of the digital landscape in 2025 and beyond, ensuring that their organizations remain secure, resilient, and competitive in an increasingly interconnected world.
What is a public key certificate?
Published: Thu, 19 Dec 2024 09:00:00 GMT
A public key certificate is a digital document that verifies the identity of a website or organization and binds it to a public key. This certificate is issued by a trusted third party, known as a Certificate Authority (CA), after verifying the organization’s identity and its control over the domain or service being certified.
The certificate contains the following information:
• The organization’s identity (represented by its domain name or other identifying information)
• The public key (which is used to encrypt communications)
• The digital signature of the CA that issued the certificate
• Information about the certificate’s validity period and usage
When a client accesses a website or service that uses a public key certificate, the client’s browser or other software automatically retrieves the certificate and verifies its authenticity and validity. If the certificate is valid, the client will accept the server’s public key as genuine and establish a secure connection.
Public key certificates play a crucial role in securing online communications and transactions. They help prevent man-in-the-middle attacks and ensure that data transmitted between the client and the server remains confidential and has not been tampered with.
For example, when you visit a website that uses HTTPS, the website’s server presents its public key certificate to your browser. Your browser checks the certificate against a list of trusted CAs, ensures that it is valid and has not been revoked, and then uses the public key to encrypt the connection between your browser and the server. This encryption ensures that any data you transmit to the server (such as your login credentials or credit card information) remains confidential and cannot be intercepted by third parties.
French court refuses to expedite trial of Sky ECC cryptophone distributor Thomas Herdman
Published: Thu, 19 Dec 2024 06:53:00 GMT
French Court Rejects Request to Expedite Trial of Sky ECC Distributor Thomas Herdman
Paris, France: A French court has denied a request to expedite the trial of Thomas Herdman, a key distributor of the now-defunct encrypted communications platform Sky ECC.
Background:
- Sky ECC was a popular encrypted messaging service used by organized crime groups to facilitate illegal activities, such as drug trafficking and money laundering.
- In 2021, global law enforcement agencies coordinated an operation that seized servers and decrypted millions of Sky ECC messages.
- Herdman, based in the United Kingdom, was arrested in France in 2022 and charged with distributing and promoting Sky ECC.
Request for Expedited Trial:
- Herdman’s lawyers filed a request to expedite the trial due to his deteriorating health and the risk of ongoing detention without trial.
- The defense argued that the trial could take several years to commence, causing significant hardship for Herdman.
Court’s Ruling:
- The French court rejected the request, stating that the trial would not be expedited.
- The court cited the complexity of the case, the large number of defendants involved, and the need for a fair and thorough process.
- Herdman will remain in custody and is scheduled to appear in court for a preliminary hearing in March 2024.
Significance:
- The decision delays the progress of the Sky ECC case, which involves numerous individuals and has significant implications for transnational crime.
- The trial is expected to provide insights into the use of encrypted communications platforms and the challenges law enforcement faces in combating organized crime.
Reactions:
- Herdman’s lawyers expressed disappointment and called the decision “shocking.”
- Law enforcement agencies welcomed the court’s ruling, emphasizing the importance of a thorough investigation and prosecution in this high-profile case.
The Security Interviews: Martin Lee, Cisco Talos
Published: Wed, 18 Dec 2024 07:14:00 GMT
Interviewer: Welcome to the Security Interviews, Martin. It’s great to have you here.
Martin Lee: Thank you for having me.
Interviewer: Let’s start with your role at Cisco Talos. What do you do there?
Martin Lee: I’m a Principal Threat Researcher at Cisco Talos. I lead a team of researchers who identify, analyze, and mitigate emerging threats to the internet.
Interviewer: What are some of the most common threats you see these days?
Martin Lee: We see a lot of phishing, ransomware, and malware attacks. We also see a lot of targeted attacks against businesses and governments.
Interviewer: What are some of the biggest challenges you face in your work?
Martin Lee: The biggest challenge is the constant evolution of threats. The threat landscape is always changing, so we need to be constantly adapting our methods and techniques.
Interviewer: What are some of the most rewarding aspects of your work?
Martin Lee: The most rewarding aspect is making a difference in the world. We help to protect people and businesses from cyberattacks, and that’s a great feeling.
Interviewer: What advice would you give to someone who wants to work in cybersecurity?
Martin Lee: I would advise them to start by getting a good education in computer science and security. I would also recommend getting involved in the cybersecurity community and attending conferences and events.
Interviewer: What are some of the trends you see in cybersecurity for the future?
Martin Lee: I see a lot of growth in the areas of artificial intelligence and machine learning. I also see a lot of focus on protecting the Internet of Things (IoT).
Interviewer: Thank you for your time, Martin.
Martin Lee: It was my pleasure.
Top 10 cyber security stories of 2024
Published: Wed, 18 Dec 2024 07:00:00 GMT
1. Record-Breaking Global Ransomware Attack Cripples Critical Infrastructure
A coordinated ransomware attack disrupts power grids, hospitals, and financial institutions worldwide, causing widespread chaos and economic damage.
2. Massive Data Breach at Major Social Media Company Exposes Personal Information
Personal data, including sensitive messages and location tracking, is stolen from a major social media company, raising concerns about data privacy and social media surveillance.
3. AI-Fueled Hackers Emerge, Posing New Cyber Threats
Artificial intelligence (AI)-powered hacking tools become widely available, enabling non-expert attackers to launch complex and targeted cyberattacks.
4. Quantum Computing Breakthroughs Spark Cybersecurity Race
Advancements in quantum computing challenge traditional encryption methods, prompting a scramble to develop new cybersecurity solutions.
5. Cyberwar Threat Intensifies as Nation-States Target Each Other
Cyberwarfare escalates between nation-states, leading to disruptions of critical government systems and military operations.
6. Smart Home Devices Become New Attack Vectors
Hackers exploit vulnerabilities in smart home devices to gain access to personal data and control home appliances.
7. Cloud Data Security Concerns Rise as Adoption Increases
As businesses and individuals increasingly rely on cloud storage, concerns about data security and privacy in the cloud become prominent.
8. Wearable Technology Poses Cybersecurity Risks
Fitness trackers and other wearable devices collect sensitive personal data, creating new opportunities for cybercriminals.
9. Collaboration and Partnerships Enhance Cybersecurity
Governments, businesses, and researchers work together to share threat intelligence and develop innovative cybersecurity solutions.
10. Cybersecurity Awareness Becomes Urgent Priority
Public awareness campaigns and educational initiatives emphasize the importance of cybersecurity and encourage proper safety practices.
Look to the future: How the threat landscape may evolve next
Published: Wed, 18 Dec 2024 06:48:00 GMT
Emerging Threat Vectors:
- Quantum Computing: Advances in quantum computing could enable attackers to break encryption algorithms, posing a significant risk to data security.
- Artificial Intelligence (AI): AI-powered threats, such as deepfakes and autonomous attacks, will become more sophisticated and widespread.
- Internet of Things (IoT): The proliferation of IoT devices will expand the attack surface, making it easier for attackers to gain access to networks and systems.
- 5G Technology: The increased connectivity and bandwidth of 5G will facilitate faster and more efficient attacks.
Evolution of Existing Threats:
- Ransomware: Attackers will continue to refine ransomware techniques, such as targeted attacks on critical infrastructure and double extortion schemes.
- Phishing: Phishing emails will become more personalized and harder to detect, leveraging advanced social engineering tactics.
- Social Engineering: Human-centric attacks, such as social engineering, will remain a prevalent threat as attackers exploit vulnerabilities in human behavior.
- Supply Chain Attacks: The increasing reliance on third-party vendors and interconnected systems will make supply chains more vulnerable to targeted attacks.
Growing Convergence of Threats:
- Cyber-Physical Attacks: Attacks that bridge the gap between the digital and physical worlds, such as those targeting critical infrastructure or autonomous vehicles, will pose significant risks.
- AI-Enhanced Malware: Malware will incorporate AI capabilities, enabling it to evade detection, adapt to changing environments, and launch more targeted attacks.
- Botnet as a Service (BaaS): Attackers will increasingly offer botnets for rent, making it easier for non-technical individuals to launch attacks.
Countermeasures and Challenges:
- Zero Trust Architecture: Adopting a zero trust approach, where all entities are considered untrustworthy until verified, will mitigate the risks of insider threats and supply chain attacks.
- Endpoint Protection and Detection: Implementing robust endpoint security solutions will prevent malware from infiltrating and compromising systems.
- Continuous Vulnerability Management: Regularly patching vulnerabilities and updating security configurations will minimize the attack surface and reduce the impact of exploits.
- Cybersecurity Skills Gap: The shortage of skilled cybersecurity professionals will hinder organizations’ ability to effectively respond to threats.
- Increased Regulation: Governments and regulatory bodies will impose more stringent cybersecurity regulations, increasing the compliance burden on organizations.
Models.com 2025-01-12
Models.com for 2025-01-12
GQ Portugal
Published: Sat, 11 Jan 2025 23:12:55 GMT
FAZ Magazine
Published: Sat, 11 Jan 2025 18:21:32 GMT
Various Campaigns
Published: Sat, 11 Jan 2025 15:14:36 GMT
Various Campaigns
Published: Sat, 11 Jan 2025 11:57:20 GMT
Man In Town
Published: Sat, 11 Jan 2025 11:43:00 GMT
Dust Magazine
Published: Sat, 11 Jan 2025 11:21:13 GMT
Sicky Magazine
Published: Fri, 10 Jan 2025 23:04:08 GMT
Vogue Thailand
Published: Fri, 10 Jan 2025 20:28:39 GMT
L’Officiel Hong Kong
Published: Fri, 10 Jan 2025 20:20:48 GMT
Portrait
Published: Fri, 10 Jan 2025 20:02:17 GMT
Y/Project Closes, The British Fashion Council Taps Laura Weir as CEO, and more news you missed
Published: Fri, 10 Jan 2025 19:57:00 GMT
M Le magazine du Monde
Published: Fri, 10 Jan 2025 19:43:03 GMT
Desigual
Published: Fri, 10 Jan 2025 16:50:55 GMT
Cosmopolitan U.S.
Published: Fri, 10 Jan 2025 16:42:19 GMT
The Times Magazine UK
Published: Fri, 10 Jan 2025 16:33:40 GMT
British Vogue
Published: Fri, 10 Jan 2025 16:25:36 GMT
L’Officiel Italia
Published: Fri, 10 Jan 2025 16:19:47 GMT
Various Covers
Published: Fri, 10 Jan 2025 16:04:42 GMT
L’Officiel Baltics
Published: Fri, 10 Jan 2025 15:53:27 GMT
Various Lookbooks/Catalogs
Published: Fri, 10 Jan 2025 15:51:27 GMT
Vogue Japan
Published: Fri, 10 Jan 2025 15:44:07 GMT
The Sunday Times Style Magazine UK
Published: Fri, 10 Jan 2025 15:41:17 GMT
C.P. Company
Published: Fri, 10 Jan 2025 15:29:49 GMT
Miss Sixty
Published: Fri, 10 Jan 2025 14:53:12 GMT
Various Campaigns
Published: Fri, 10 Jan 2025 14:33:16 GMT
Schön Magazine
Published: Fri, 10 Jan 2025 14:29:09 GMT
MMScene
Published: Fri, 10 Jan 2025 14:22:47 GMT
Various Campaigns
Published: Fri, 10 Jan 2025 14:16:18 GMT
Various Editorials
Published: Fri, 10 Jan 2025 13:23:34 GMT
W Magazine China
Published: Fri, 10 Jan 2025 13:00:04 GMT
Plaza Magazine
Published: Fri, 10 Jan 2025 12:04:18 GMT
Beyond Noise
Published: Fri, 10 Jan 2025 11:27:02 GMT
Canali
Published: Fri, 10 Jan 2025 11:21:13 GMT
Zalando
Published: Fri, 10 Jan 2025 10:34:47 GMT
L’Officiel Baltics
Published: Fri, 10 Jan 2025 09:07:09 GMT
& Other Stories
Published: Fri, 10 Jan 2025 04:05:39 GMT
Various Lookbooks/Catalogs
Published: Thu, 09 Jan 2025 23:42:32 GMT
Test Shoot
Published: Thu, 09 Jan 2025 23:10:34 GMT
METAL Magazine
Published: Thu, 09 Jan 2025 23:06:03 GMT
Test Shoot
Published: Thu, 09 Jan 2025 22:49:28 GMT
Various Campaigns
Published: Thu, 09 Jan 2025 22:41:15 GMT
Philosophy
Published: Thu, 09 Jan 2025 22:38:47 GMT
Melissa Shoes
Published: Thu, 09 Jan 2025 22:36:18 GMT
Apple
Published: Thu, 09 Jan 2025 22:18:12 GMT
Service
Published: Thu, 09 Jan 2025 22:00:52 GMT
Special Projects
Published: Thu, 09 Jan 2025 21:47:40 GMT
Various Lookbooks/Catalogs
Published: Thu, 09 Jan 2025 21:45:05 GMT
Simons Canada
Published: Thu, 09 Jan 2025 21:37:11 GMT
Test Shoot
Published: Thu, 09 Jan 2025 21:27:29 GMT
British GQ
Published: Thu, 09 Jan 2025 21:04:18 GMT
Notion Magazine
Published: Thu, 09 Jan 2025 20:55:44 GMT
Office Magazine
Published: Thu, 09 Jan 2025 20:44:21 GMT
Boy.Brother.Friend
Published: Thu, 09 Jan 2025 20:28:06 GMT
Polo Ralph Lauren
Published: Thu, 09 Jan 2025 19:36:28 GMT
Harper’s Bazaar Vietnam
Published: Thu, 09 Jan 2025 19:00:42 GMT
Models.com
Published: Thu, 09 Jan 2025 18:56:57 GMT
Marie Claire Brazil
Published: Thu, 09 Jan 2025 18:10:21 GMT
Numero Russia
Published: Thu, 09 Jan 2025 17:06:58 GMT
Birkenstock
Published: Thu, 09 Jan 2025 16:59:11 GMT
Magazine Antidote
Published: Thu, 09 Jan 2025 16:51:23 GMT
Apollo Magazine
Published: Thu, 09 Jan 2025 16:41:37 GMT
What’s Contemporary
Published: Thu, 09 Jan 2025 16:10:46 GMT
Lampoon Magazine
Published: Thu, 09 Jan 2025 16:01:45 GMT
Tag Heuer
Published: Thu, 09 Jan 2025 16:00:12 GMT
DA MAN Magazine
Published: Thu, 09 Jan 2025 15:40:17 GMT
Elle France
Published: Thu, 09 Jan 2025 15:24:18 GMT
GQ Magazine U.S.
Published: Thu, 09 Jan 2025 14:41:48 GMT
These Rookies Are Extreme Adventure Seekers
Published: Thu, 09 Jan 2025 14:00:24 GMT
Vogue Polska
Published: Thu, 09 Jan 2025 13:58:51 GMT
SSAW Magazine
Published: Thu, 09 Jan 2025 13:54:34 GMT
Khaite
Published: Thu, 09 Jan 2025 13:33:38 GMT
Roland Mouret
Published: Thu, 09 Jan 2025 13:09:02 GMT
GQ Turkey
Published: Thu, 09 Jan 2025 13:04:32 GMT
Miu Miu
Published: Thu, 09 Jan 2025 13:00:36 GMT
Numero Russia
Published: Thu, 09 Jan 2025 11:45:23 GMT
Unprint Magazine
Published: Thu, 09 Jan 2025 10:39:41 GMT
Loewe
Published: Thu, 09 Jan 2025 10:39:05 GMT
Nylon China
Published: Thu, 09 Jan 2025 03:48:27 GMT
Mango
Published: Thu, 09 Jan 2025 03:27:38 GMT
British Vogue
Published: Wed, 08 Jan 2025 23:46:27 GMT
Love Want Magazine
Published: Wed, 08 Jan 2025 23:41:44 GMT
Love Want Magazine
Published: Wed, 08 Jan 2025 23:36:46 GMT
1883 Magazine
Published: Wed, 08 Jan 2025 23:00:39 GMT
Test Shoot
Published: Wed, 08 Jan 2025 21:59:05 GMT
Test Shoot
Published: Wed, 08 Jan 2025 21:47:21 GMT
Various Lookbooks/Catalogs
Published: Wed, 08 Jan 2025 21:39:46 GMT
Various Campaigns
Published: Wed, 08 Jan 2025 21:21:07 GMT
Sacai
Published: Wed, 08 Jan 2025 20:58:58 GMT
PALACE
Published: Wed, 08 Jan 2025 20:51:30 GMT
Acne Studios
Published: Wed, 08 Jan 2025 20:51:03 GMT
Various Campaigns
Published: Wed, 08 Jan 2025 20:47:16 GMT
Dust Magazine
Published: Wed, 08 Jan 2025 20:45:47 GMT
Off-White
Published: Wed, 08 Jan 2025 20:35:39 GMT
Victoria Beckham Beauty
Published: Wed, 08 Jan 2025 20:05:36 GMT
Zara
Published: Wed, 08 Jan 2025 20:01:19 GMT
rhode Skin
Published: Wed, 08 Jan 2025 19:46:41 GMT
The Latest Ad Campaigns on Our Radar
Published: Wed, 08 Jan 2025 19:23:06 GMT
Dust Magazine
Published: Wed, 08 Jan 2025 18:32:50 GMT
Emporio Armani
Published: Wed, 08 Jan 2025 17:57:21 GMT
Banana Republic
Published: Wed, 08 Jan 2025 17:51:16 GMT
Indie Magazine
Published: Wed, 08 Jan 2025 17:47:16 GMT
Harper’s Bazaar Arabia
Published: Wed, 08 Jan 2025 17:40:34 GMT
Mirror Mirror Magazine
Published: Wed, 08 Jan 2025 17:24:10 GMT
Numéro Netherlands
Published: Wed, 08 Jan 2025 16:52:32 GMT
Rowen Rose
Published: Wed, 08 Jan 2025 16:44:04 GMT
Rowen Rose
Published: Wed, 08 Jan 2025 16:38:00 GMT
DEdiCate Magazine
Published: Wed, 08 Jan 2025 16:37:40 GMT
Rowen Rose
Published: Wed, 08 Jan 2025 16:25:53 GMT
Rowen Rose
Published: Wed, 08 Jan 2025 16:23:52 GMT
Betsey Johnson
Published: Wed, 08 Jan 2025 16:22:40 GMT
Rowen Rose
Published: Wed, 08 Jan 2025 16:19:56 GMT
Book
Published: Wed, 08 Jan 2025 16:18:04 GMT
Marie Claire Taiwan
Published: Wed, 08 Jan 2025 16:16:12 GMT
Milk Magazine
Published: Wed, 08 Jan 2025 16:16:12 GMT
Ralph Lauren
Published: Wed, 08 Jan 2025 15:52:44 GMT
Family Style
Published: Wed, 08 Jan 2025 15:50:24 GMT
Cake Magazine
Published: Wed, 08 Jan 2025 15:45:59 GMT
Net-A-Porter
Published: Wed, 08 Jan 2025 15:25:03 GMT
ME+EM
Published: Wed, 08 Jan 2025 15:11:18 GMT
Video
Published: Wed, 08 Jan 2025 14:48:31 GMT
Adidas
Published: Wed, 08 Jan 2025 13:54:55 GMT
Vanity Teen Magazine
Published: Wed, 08 Jan 2025 13:50:49 GMT
Vanity Teen Magazine
Published: Wed, 08 Jan 2025 13:44:51 GMT
American Vogue
Published: Wed, 08 Jan 2025 13:39:03 GMT
Vanity Teen Magazine
Published: Wed, 08 Jan 2025 13:37:08 GMT
Test Shoot
Published: Wed, 08 Jan 2025 13:24:32 GMT
American Vogue
Published: Wed, 08 Jan 2025 13:20:26 GMT
King Kong Magazine
Published: Wed, 08 Jan 2025 13:08:25 GMT
Various Campaigns
Published: Wed, 08 Jan 2025 12:59:44 GMT
Vogue Netherlands
Published: Wed, 08 Jan 2025 12:56:24 GMT
Highsnobiety
Published: Wed, 08 Jan 2025 12:00:06 GMT
Dior
Published: Wed, 08 Jan 2025 11:42:09 GMT
Numéro France
Published: Wed, 08 Jan 2025 11:36:44 GMT
Dior
Published: Wed, 08 Jan 2025 11:25:31 GMT
Tod’s
Published: Wed, 08 Jan 2025 11:00:45 GMT
Numéro Netherlands
Published: Wed, 08 Jan 2025 10:59:19 GMT
Le Mile Magazine
Published: Wed, 08 Jan 2025 10:55:50 GMT
H&M
Published: Wed, 08 Jan 2025 10:26:39 GMT
Massimo Dutti
Published: Wed, 08 Jan 2025 09:31:34 GMT
Giorgio Armani
Published: Wed, 08 Jan 2025 06:59:06 GMT
PEDRO
Published: Wed, 08 Jan 2025 06:09:21 GMT
REVS Magazine
Published: Tue, 07 Jan 2025 22:45:46 GMT
Test Shoot
Published: Tue, 07 Jan 2025 22:35:42 GMT
SKIMS
Published: Tue, 07 Jan 2025 22:18:59 GMT
Various Campaigns
Published: Tue, 07 Jan 2025 22:07:08 GMT
Tibi
Published: Tue, 07 Jan 2025 22:00:18 GMT
Le Mile Magazine
Published: Tue, 07 Jan 2025 21:51:19 GMT
Bumble and Bumble
Published: Tue, 07 Jan 2025 21:32:52 GMT
Various Editorials
Published: Tue, 07 Jan 2025 21:23:19 GMT
Vogue Polska
Published: Tue, 07 Jan 2025 21:08:39 GMT
Schooled in AI Podcast Feed for 2025-01-12
Schooled in AI Podcast Feed for 2025-01-12
3 hybrid work strategy tips CIOs and IT need now
Published: Mon, 04 Oct 2021 20:37:00 GMT
Author: Joe Berger
Moving to a hybrid work model presents a number of challenges for companies. Here’s how IT leaders can help overcome obstacles and support success.
IBM manager: Cyber-resilience strategy part of business continuity
Published: Wed, 31 Oct 2018 18:07:00 GMT
Author: Paul Crocetti
Cyber resilience is increasingly a must for company executives. IBM’s Andrea Sayles details the latest threats, as well as best practices for how to be prepared for attacks.
Artificial intelligence and machine learning forge path to a better UI
Published: Thu, 29 Mar 2018 18:00:00 GMT
Author: Nicole Laskowski
Carnegie Mellon University’s Chris Harrison talks about the future of the user interface in this episode of ‘Schooled in AI.’
Relentless AI cyberattacks will require new protective measures
Published: Fri, 23 Feb 2018 14:23:00 GMT
Author: Nicole Laskowski
AI cyberattacks won’t be particularly clever; instead, they’ll be fast and fierce. Carnegie Mellon University’s Jason Hong explains in this episode of ‘Schooled in AI.’
Trying to wrap your brain around AI? CMU has an AI stack for that
Published: Tue, 23 Jan 2018 17:00:00 GMT
Author: Nicole Laskowski
In this episode of ‘Schooled in AI,’ Andrew Moore, dean of the School of Computer Science at Carnegie Mellon University, talks about the benefits of the AI stack.
How to add payment method in odoo
How to add payment method in odoo, odoo payment method, odoo payment gateway, odoo payment acquirer, odoo payment integration, odoo payment gateway integration, odoo payment acquirer integration, odoo payment method integration
IT Security RSS Feed for 2025-01-11
IT Security RSS Feed for 2025-01-11
US bank FNBO uses Pindrop to tackle voice fraud, deepfakes
Published: Fri, 10 Jan 2025 11:30:00 GMT
FNBO Leverages Pindrop to Combat Voice Fraud and Deepfakes
First National Bank of Omaha (FNBO) has partnered with Pindrop, a leading provider of voice fraud and deepfake detection solutions, to enhance its fraud prevention capabilities.
Voice Fraud: A Growing Threat
Voice fraud, where criminals impersonate customers over the phone to gain access to their accounts, has become increasingly prevalent. Deepfakes, which use artificial intelligence (AI) to create realistic synthetic voices, pose an even greater challenge to traditional detection methods.
Pindrop’s Voice Fraud Detection
Pindrop’s advanced technology analyzes over 800 unique characteristics of a caller’s voice and device, including:
- Voice biometrics
- Device fingerprinting
- Conversation patterns
This comprehensive analysis helps identify suspicious callers in real-time, enabling FNBO to prevent fraudulent transactions.
Deepfake Detection
Pindrop’s deepfake detection engine utilizes advanced AI algorithms to differentiate between real and synthetic voices. It examines pitch, intonation, and other subtle vocal nuances to identify deepfake attempts.
Benefits for FNBO and Customers
By partnering with Pindrop, FNBO enhances its ability to:
- Reduce fraud losses
- Protect customer accounts
- Strengthen customer trust
- Improve compliance with industry regulations
Customers also benefit from:
- Increased peace of mind
- Reduced risk of identity theft
- Confidence in the security of their financial transactions
Industry Recognition
FNBO’s commitment to fraud prevention has been recognized by the industry. In 2022, it received the American Bankers Association (ABA) Bank Security Award for its “Voice Fraud Mitigation and Account Takeover Prevention Program.”
Conclusion
FNBO’s partnership with Pindrop demonstrates its proactive approach to combating voice fraud and deepfakes. By implementing advanced technology, the bank safeguards its customers’ accounts and strengthens its overall security posture.
Mandiant: Latest Ivanti vulns exploited by Chinese cyber spooks
Published: Fri, 10 Jan 2025 09:45:00 GMT
Mandiant: Latest Ivanti vulns exploited by Chinese cyber spooks
- Mandiant attributes attacks to “APT41,” a Chinese state-sponsored group.
- APT41 has been exploiting recently disclosed vulnerabilities in Ivanti’s Pulse Connect Secure VPN appliances.
- The attacks are targeting government and private sector organizations worldwide.
Mandiant, a cybersecurity firm, has attributed recent attacks exploiting vulnerabilities in Ivanti’s Pulse Connect Secure VPN appliances to a Chinese state-sponsored cyber espionage group known as “APT41.”
According to Mandiant’s report, APT41 has been actively targeting government and private sector organizations worldwide, using the vulnerabilities to gain access to their networks and steal sensitive information.
The vulnerabilities in question were disclosed by Ivanti in April 2023. They allow attackers to execute arbitrary code on vulnerable appliances, effectively giving them full control over the devices.
Mandiant said that APT41 has been exploiting these vulnerabilities since at least May 2023. The group has been using a variety of techniques to gain access to vulnerable appliances, including phishing emails, watering hole attacks, and drive-by downloads.
Once attackers have gained access to a vulnerable appliance, they can use it to launch a variety of attacks, including stealing data, deploying malware, and establishing persistent access to the victim’s network.
Mandiant said that APT41 has been targeting a wide range of organizations, including government agencies, financial institutions, and healthcare providers. The group is known to be particularly interested in stealing intellectual property and sensitive data.
The attacks underscore the importance of patching vulnerabilities promptly. Organizations that are using Ivanti’s Pulse Connect Secure VPN appliances should apply the patches that Ivanti has released as soon as possible.
Mandiant also recommends that organizations implement multi-factor authentication (MFA) to protect their VPNs from unauthorized access. MFA requires users to provide two or more pieces of evidence to authenticate, which makes it much more difficult for attackers to compromise accounts.
Additional Resources:
- [Mandiant’s report on APT41’s exploitation of Ivanti vulnerabilities](https://www.mandiant.com/resources/blog/apt41-exploits-critical-ivan
ti-vulnerabilities) - Ivanti’s security advisory on the Pulse Connect Secure VPN vulnerabilities
German court finds hacked EncroChat phone evidence inadmissible
Published: Wed, 08 Jan 2025 12:12:00 GMT
German Court Rules EncroChat Phone Evidence Inadmissible
A German court has ruled that evidence obtained from hacked EncroChat phones is inadmissible in court. The court determined that the French police operation that hacked the encrypted communication network violated German law.
Background:
- EncroChat was a popular encrypted communication network used by criminal organizations.
- In 2020, French police hacked EncroChat and extracted millions of messages.
- The evidence from the hacked EncroChat phones has been used in criminal prosecutions in several countries, including Germany.
Court Ruling:
The Higher Regional Court of Cologne determined that the French police operation violated German law because:
- It involved the unlawful interception of communications.
- It lacked the necessary legal authorization.
- It violated the privacy rights of EncroChat users.
The court ruled that the evidence obtained from the hack is inadmissible in German courts because it was illegally obtained.
Implications:
The ruling is a significant blow to prosecutors who have relied on EncroChat evidence in criminal cases. The court’s decision sets a precedent for other courts in Germany and potentially in other countries where EncroChat evidence has been used.
The ruling also raises concerns about the legality of international law enforcement cooperation, particularly when it involves the use of surveillance techniques that may violate the privacy rights of individuals.
Reaction:
Prosecutors expressed disappointment with the ruling, arguing that it would hinder their ability to prosecute criminals. Defense attorneys welcomed the decision, stating that it protected fundamental privacy rights.
The German government has stated that it is reviewing the court’s decision and will consider possible legal remedies.
Regional skills plan to boost UK cyber defences
Published: Tue, 07 Jan 2025 19:01:00 GMT
Regional Skills Plan to Boost UK Cyber Defences
Introduction:
The United Kingdom faces a growing threat from cyber attacks, with businesses and critical infrastructure increasingly targeted. To address this challenge, the government has launched a regional skills plan to develop a highly skilled workforce capable of defending the nation’s cyberspace.
Key Objectives:
- Enhance the number of skilled cybersecurity professionals in the UK.
- Improve the diversity and representation of cybersecurity professionals.
- Develop specialist skills in emerging cybersecurity areas.
- Support the growth of the cybersecurity industry across all regions.
Regional Initiatives:
The skills plan is being implemented through a series of regional initiatives, tailored to the specific needs of each area:
- London: Focus on developing specialist skills in areas such as threat intelligence and incident response.
- South East England: Establish a skills hub to train individuals in the latest cybersecurity technologies.
- North West England: Provide apprenticeships and degree programs in cybersecurity to attract young talent.
- Scotland: Create a national cybersecurity innovation center to foster research and development in the field.
- Wales: Develop a cybersecurity innovation ecosystem to support businesses and entrepreneurs.
Collaboration and Partnerships:
- The skills plan is underpinned by strong partnerships between government, industry, and education providers.
- Universities and colleges are offering new and updated cybersecurity programs to meet the growing demand.
- Industry leaders are providing internships, apprenticeships, and mentorship opportunities to develop practical skills.
- Government agencies are working with educational institutions and employers to ensure that courses align with the latest industry requirements.
Diversity and Inclusion:
- The skills plan prioritizes diversity and inclusion in the cybersecurity workforce.
- Initiatives are being developed to encourage women, ethnic minorities, and individuals with disabilities to pursue careers in the field.
- Mentorship programs and outreach events are being organized to build inclusive networks and promote opportunities for all.
Monitoring and Evaluation:
- The progress of the regional skills plan will be closely monitored and evaluated.
- Regular reporting will provide insights into the effectiveness of initiatives and identify areas for improvement.
- Stakeholder feedback will be sought to ensure that the plan remains relevant and responsive to the evolving cybersecurity landscape.
Conclusion:
The regional skills plan is a vital step towards strengthening the UK’s cyber defences and ensuring the nation’s prosperity in the digital age. Through collaboration, investment, and a focus on diversity and inclusion, the government is building a workforce that is equipped to protect the country from the growing threats of cybercrime.
Why CISOs should build stronger bonds with the legal function in 2025
Published: Tue, 07 Jan 2025 16:03:00 GMT
Enhance Risk Mitigation and Compliance
- Collaborating with legal counsels allows CISOs to stay abreast of regulatory changes and legal obligations, minimizing compliance risks and potential penalties.
- Legal advice provides clarity on data privacy laws, intellectual property protection, and cybersecurity standards, ensuring compliance with industry regulations.
Improve Cybersecurity Strategy and Decision-Making
- Involving legal counsel in cybersecurity strategy development aligns security measures with legal requirements and ethical considerations.
- Legal input helps CISOs understand the legal implications of cybersecurity incidents, enabling informed decision-making during response and recovery.
Support Incident Response and Investigations
- Legal guidance provides direction on preserving evidence, handling data breaches, and communicating with external stakeholders in the event of a cybersecurity incident.
- Attorneys can help CISOs navigate legal complexities associated with investigations, evidence collection, and potential lawsuits.
Foster Cybersecurity Awareness and Education
- Legal counsel can provide training and education on legal aspects of cybersecurity for employees throughout the organization, raising awareness and promoting compliance.
- This collaboration ensures that all stakeholders understand their legal responsibilities and the potential consequences of non-compliance.
Build Trust and Reputation
- Demonstrating a strong working relationship between the CISO and legal function builds trust among stakeholders, including investors, customers, and regulators.
- It conveys a commitment to ethical cybersecurity practices and compliance, enhancing the organization’s reputation as a responsible entity.
Competitive Advantage and Innovation
- Strong cybersecurity safeguards can provide a competitive advantage, attracting customers and investors.
- Collaboration with legal counsel ensures that cybersecurity efforts align with the organization’s innovation goals, fostering growth and protecting intellectual property.
Conclusion
Forging stronger bonds between the CISO and legal function in 2025 is crucial for mitigating risks, enhancing cybersecurity strategy, supporting incident response, fostering cybersecurity awareness, building trust, and gaining a competitive advantage. By working closely with legal counsels, CISOs can navigate the evolving cybersecurity landscape with confidence and ensure the protection of sensitive data and organizational assets.
Saudi Arabia calls for humanitarian AI after tightening screws on rights protesters
Published: Tue, 07 Jan 2025 08:15:00 GMT
Saudi Arabia has called for the development of humanitarian artificial intelligence (AI) technologies, even as it continues to crack down on human rights protesters.
The kingdom’s Ministry of Communications and Information Technology (MCIT) announced the launch of a new initiative called the “Humanitarian AI Challenge,” which will award grants to researchers and developers working on AI solutions to global humanitarian challenges.
The MCIT said the initiative is part of its commitment to “harnessing the power of technology for good,” and that it believes AI can play a vital role in addressing “some of the world’s most pressing humanitarian challenges.”
However, the announcement of the Humanitarian AI Challenge has been met with skepticism by some human rights groups, who point out that Saudi Arabia has a long history of suppressing dissent and cracking down on human rights activists.
In recent years, Saudi Arabia has arrested and imprisoned dozens of human rights defenders, including women’s rights activists, journalists, and academics. The kingdom has also been accused of torturing and mistreating political prisoners.
“Saudi Arabia’s call for humanitarian AI is nothing more than a PR stunt,” said Omar Abdulaziz, a Saudi human rights activist who lives in exile. “The kingdom has a terrible human rights record, and it is using AI to further suppress dissent.”
Abdulaziz pointed to the case of Loujain al-Hathloul, a prominent women’s rights activist who was arrested in 2018 and has been tortured and sexually harassed in prison.
“If Saudi Arabia was serious about using AI for good, it would release Loujain and all other political prisoners,” Abdulaziz said.
The launch of the Humanitarian AI Challenge comes just weeks after Saudi Arabia announced new restrictions on freedom of expression. The new regulations make it illegal to “disseminate false or misleading information” or to “harm the reputation of the kingdom.”
The new restrictions have been condemned by human rights groups, who say they will further stifle dissent and make it even more difficult for activists to speak out against the government.
“Saudi Arabia’s new restrictions on freedom of expression are a clear sign that the kingdom is not interested in improving its human rights record,” said Sarah Leah Whitson, the Middle East director at Human Rights Watch. “The Humanitarian AI Challenge is just a way for the kingdom to whitewash its image and pretend that it is a champion of human rights.”
What is the Gramm-Leach-Bliley Act (GLBA)?
Published: Fri, 03 Jan 2025 13:49:00 GMT
The Gramm-Leach-Bliley Act (GLBA) is a United States federal law enacted in 1999 that repealed the Glass–Steagall Act of 1933 and allowed commercial banks, investment banks, insurance companies, and other financial institutions to consolidate.
Key Provisions:
- Repeal of Glass-Steagall Act: GLBA removed the separation between commercial banks and investment banks, allowing them to merge and create large financial conglomerates.
- Establishment of Financial Holding Companies: GLBA created financial holding companies (FHCs) that could own subsidiaries engaged in various financial activities, including banking, investments, insurance, and real estate.
- Privacy Provisions: GLBA included the Fair Credit Reporting Act (FCRA) and the Financial Privacy Rule, which require financial institutions to protect the privacy of customer information.
- Anti-Predatory Lending Provisions: GLBA prohibits lenders from engaging in unfair or deceptive practices when extending credit to consumers, including predatory lending.
Objectives:
- Modernization of Financial Industry: GLBA sought to modernize the financial system by allowing innovation and consolidation.
- Enhanced Consumer Protection: By including privacy and anti-predatory lending provisions, GLBA aimed to safeguard consumers from financial exploitation.
- Promotion of Economic Growth: Consolidation and innovation were expected to foster competition and economic growth.
Impact:
GLBA had a profound impact on the financial industry, leading to:
- Financial Conglomerates: The creation of large financial conglomerates, such as Citigroup, JPMorgan Chase, and Bank of America.
- Increased Risk: Critics argue that GLBA weakened regulations and led to increased systemic risk, contributing to the 2008 financial crisis.
- Consumer Protections: The privacy and anti-predatory lending provisions have helped protect consumers from harmful practices.
US Treasury incident a clear warning on supply chain security in 2025
Published: Fri, 03 Jan 2025 11:27:00 GMT
The US Treasury Incident: A Harbinger of Supply Chain Security Risks in 2025
The recent incident involving the US Treasury Department’s internal systems highlights a critical vulnerability in the nation’s supply chain: cybersecurity.
The Incident
In January 2023, Treasury officials discovered that a third-party vendor used by the department had been compromised by a cyberattack. The vendor’s software was used for managing financial transactions, potentially exposing sensitive information and financial operations.
Implications for 2025
This incident serves as a stark reminder of the increasing sophistication of cyber threats and the potential impact they can have on critical infrastructure. By 2025, the following trends are expected to exacerbate these risks:
- Increased reliance on technology: Governments and businesses will become increasingly dependent on digital systems and Internet of Things (IoT) devices.
- Expanded attack surface: The proliferation of IoT devices and connected systems creates new entry points for cybercriminals.
- More sophisticated attacks: Cybercriminals are continually developing advanced techniques to bypass security measures.
Supply Chain Security Implications
The US Treasury incident highlights the importance of securing the entire supply chain, from vendors to end-users. In 2025, businesses and governments must prioritize the following measures:
- Vendor due diligence: Conduct thorough background checks and cybersecurity assessments on third-party vendors.
- Multi-factor authentication: Implement strong authentication protocols to prevent unauthorized access to systems.
- Regular patching and updates: Keep software and firmware up to date to address known vulnerabilities.
- Incident response plans: Develop and test comprehensive plans to mitigate the impact of cyberattacks.
Government Role
Governments play a crucial role in enhancing supply chain security. Key actions include:
- Setting standards and regulations: Establish minimum cybersecurity requirements for critical supply chain vendors.
- Collaboration and information sharing: Foster collaboration between government agencies, businesses, and security experts.
- Support for research and development: Invest in research to develop new cybersecurity technologies and best practices.
Conclusion
The US Treasury incident is a wake-up call for organizations to prioritize supply chain security in 2025 and beyond. By embracing robust cybersecurity measures, businesses and governments can mitigate the risks posed by increasingly sophisticated cyber threats and protect their critical infrastructure from disruption.
What is a public key and how does it work?
Published: Mon, 23 Dec 2024 09:00:00 GMT
Public Key
A public key is an encryption key that is made public and can be distributed to anyone. It can be used to encrypt messages, but cannot decrypt them. The corresponding decryption key is known as the private key and is kept secret.
How It Works:
The process of public-key cryptography involves the following steps:
1. Generate Key Pair:
- Two mathematically related keys are generated: a public key and a private key.
2. Publishing the Public Key:
- The public key is made publicly available, while the private key is kept secret.
3. Encryption:
- A sender encrypts a message using the recipient’s public key.
- This encryption process makes the message unreadable to anyone who does not have the private key.
4. Decryption:
- The recipient uses their private key to decrypt the message.
- As only the recipient has access to the private key, they are the only ones who can read the decrypted message.
Key Features:
- Confidentiality: Public-key cryptography ensures that messages can only be read by the intended recipient, providing confidentiality.
- Authentication: If a recipient responds to a message using their private key, it verifies their identity and authenticates them as the originator of the response.
- Non-repudiation: Since the sender encrypts the message with the recipient’s public key, the recipient cannot deny receiving the message.
Applications:
Public-key cryptography is widely used in:
- Secure email (e.g., PGP)
- Digital signatures
- SSL/TLS protocols for secure website communication
- Bitcoin and other cryptocurrencies
- Authentication and identity verification systems
What is a proxy firewall?
Published: Mon, 23 Dec 2024 09:00:00 GMT
Definition:
A proxy firewall is a network security appliance that acts as an intermediary between trusted and untrusted networks. It filters network traffic passing between these networks, enforcing security policies and protecting internal resources from external threats.
How it Works:
- Proxy firewalls act as a “middleman” between clients on the internal network and servers on the external network.
- Clients connect to the proxy firewall, which then establishes connections to the external servers on their behalf.
- The proxy firewall intercepts all traffic passing through it and inspects it for malicious content, unauthorized access attempts, and policy violations.
Features:
- Stateful Inspection: Proxy firewalls monitor the state of network connections and make decisions based on the history of traffic.
- Access Control Lists (ACLs): They use ACLs to define rules for which traffic is allowed and which is blocked.
- Content Filtering: They can filter traffic based on specific content, such as file types, URLs, or keywords.
- Protocol Inspection: They can inspect specific protocols, such as HTTP, FTP, and SMTP, to detect vulnerabilities and block malicious requests.
- Intrusion Prevention System (IPS): Some proxy firewalls include IPS capabilities to detect and block known network attacks.
Benefits:
- Enhanced Security: Proxy firewalls provide an additional layer of security, protecting internal networks from external threats and data breaches.
- Centralized Control: They allow administrators to manage security policies from a single location, making it easier to implement and enforce consistent security measures.
- Improved Performance: By caching frequently accessed content, proxy firewalls can improve network performance for clients.
- Anonymity: Proxies can hide the real IP addresses of clients, providing a degree of anonymity when accessing external networks.
Considerations:
- Cost: Proxy firewalls can be more expensive than traditional firewalls.
- Performance: Inspecting traffic can introduce latency into the network.
- Configuration Complexity: Proxy firewalls require careful configuration to ensure that they do not block legitimate traffic.
6 must-read blockchain books for 2025
Published: Mon, 23 Dec 2024 00:00:00 GMT
1. The Blockchain Economy: Unlocking the Value of Crypto Assets
- By David Yermack
- Explores the economic foundations of blockchain technology, including the design of cryptocurrencies, exchanges, and the regulatory landscape.
2. The Enterprise Blockchain: Beyond the Hype
- By Dion Hinchcliffe
- Provides a practical guide for organizations considering implementing blockchain solutions, covering key concepts, benefits, and challenges.
3. Blockchain and the Future of IoT
- By Albert Rizk
- Examines the convergence of blockchain and IoT, highlighting the potential for secure and tamper-proof data management in various industries.
4. Mastering Blockchain
- By Imran Bashir
- A comprehensive technical guide to blockchain development, covering core concepts, programming languages, and real-world applications.
5. Decentralized Finance: The Future of Open Finance
- By Aave and Argent
- Explores the rise of DeFi and its potential to revolutionize financial services through decentralized protocols and applications.
6. Blockchain Technology: Principles and Applications
- By Atul Narayanan and Joseph Bonneau
- Provides a rigorous academic foundation for blockchain technology, covering its mathematical principles, cryptography, and security mechanisms.
LockBit ransomware gang teases February 2025 return
Published: Thu, 19 Dec 2024 12:56:00 GMT
LockBit Ransomware Gang Teases February 2025 Return
The notorious ransomware gang, LockBit, has hinted at a potential return to active operations in February 2025. This disclosure comes following a recent post on their Telegram channel that contained a cryptic message.
The Cryptic Message
The message, posted on January 20th, 2023, simply read:
“Wake up in February 2025.”
No further context or explanation was provided, leaving the cybersecurity community speculating on its significance.
Speculations and Analysis
Security researchers believe that this message could indicate several possible outcomes:
- Temporary Hiatus: LockBit may be taking a break from active operations to regroup, improve their tactics, or evade law enforcement surveillance.
- Extended Cessation: The gang may have decided to permanently cease ransomware activities and disband.
- Planned Comeback: LockBit may be planning an elaborate return with new and improved ransomware techniques in 2025.
LockBit’s Past Activity
LockBit has been one of the most prolific ransomware gangs in recent years, responsible for high-profile attacks on organizations worldwide. The gang has developed and used multiple versions of their ransomware, including LockBit 2.0 and LockBit Extortionist.
Implications for Cybersecurity
If LockBit does return to active operations in 2025, it could have significant implications for cybersecurity:
- Increased Risk of Attacks: Organizations need to be prepared for the potential resumption of LockBit’s ransomware attacks.
- Evolution of Tactics: LockBit is known for constantly evolving its tactics, so organizations should be ready for new and sophisticated attack methods.
- Strain on Law Enforcement: Law enforcement agencies will need to prioritize efforts to combat LockBit’s potential return and apprehend the gang’s members.
Conclusion
While the LockBit ransomware gang’s cryptic message leaves room for ambiguity, cybersecurity professionals need to remain vigilant and prepare for the potential return of this dangerous threat in February 2025. Organizations should ensure their cybersecurity measures are up to date and implement robust defense strategies to mitigate the risks posed by LockBit and other ransomware gangs.
Latest attempt to override UK’s outdated hacking law stalls
Published: Thu, 19 Dec 2024 11:10:00 GMT
Latest Attempt to Override UK’s Outdated Hacking Law Stalls
The latest effort to update the UK’s antiquated hacking legislation has reached a standstill. Reform of the Computer Misuse Act (CMA) 1990, which criminalizes unauthorized access to computer systems, has been widely sought after due to its inability to keep up with the evolving digital landscape.
Outdated Provisions
The CMA’s provisions, which were drafted before the advent of modern technology, have faced criticism for being overly broad and not accommodating advancements in cybersecurity. Critics argue that the law can unintentionally criminalize legitimate security research and ethical hacking practices.
Stalled Progress
A draft bill was proposed in 2021 that sought to address these concerns by introducing new exemptions for security researchers and clarifying the definition of unauthorized access. However, the bill has faced opposition from law enforcement agencies who fear it could weaken their powers to investigate cybercrimes.
Government Intervention
In response to the impasse, the UK government has announced that it will take over the legislative process from Parliament. The government has stated that it is committed to modernizing the CMA, but it remains unclear when and in what form this will happen.
Industry Concerns
The technology industry has expressed disappointment over the stalled progress. Cybersecurity experts argue that the outdated law hampers innovation and inhibits the UK’s ability to compete in the global cybersecurity market.
Next Steps
The government’s plans to take control of the CMA reform process have raised questions about the transparency and inclusivity of the legislative process. It remains to be seen how the government will navigate the challenges of balancing national security concerns with the need for a modern and effective hacking law.
Conclusion
The UK’s Computer Misuse Act remains a significant obstacle to cybersecurity research and development. While the latest attempt to update the law has stalled, the government has indicated that it is still committed to reform. The technology industry and cybersecurity experts will be watching closely to see how these commitments are reflected in the government’s proposed legislative changes.
The Data Bill: It’s time to cyber up
Published: Thu, 19 Dec 2024 09:42:00 GMT
The Data Bill: It’s Time to Cyber Up
Introduction:
In an era defined by rapidly evolving technology and the proliferation of data, the Data Bill emerges as a crucial legislative response to safeguard our digital realm. With its comprehensive provisions, the Bill aims to regulate the use, storage, and security of data, empowering individuals and protecting businesses.
Key Provisions:
1. Data Protection:
- The Bill establishes clear standards for how personal data is collected, processed, and stored.
- Individuals are granted the right to access, correct, and erase their personal data.
- Organizations must implement appropriate security measures to protect data from unauthorized access or breaches.
2. Data Sharing:
- The Bill promotes responsible data sharing while balancing individual privacy and innovation.
- Organizations can share data with third parties for specific purposes, subject to informed consent and strong data protection safeguards.
- A national data sandbox is established to facilitate secure and controlled data collaboration.
3. Data Security:
- The Bill strengthens cybersecurity measures by requiring organizations to adopt robust security practices.
- It introduces penalties for organizations that fail to adequately protect data from cyberattacks and breaches.
- A national cyber incident response framework is established to coordinate and address cybersecurity emergencies.
4. Data Rights:
- The Bill empowers individuals with data rights, including the right to control their personal data and to be compensated for its use.
- Organizations must disclose how personal data is used and with whom it is shared.
- A Data Commissioner is appointed to oversee compliance and protect individual rights.
5. Innovation and Economic Growth:
- The Bill strikes a balance between data protection and innovation.
- It provides incentives for organizations to invest in data-driven technologies and services.
- A robust data market is promoted to support the development of new data-based products and services.
Benefits of the Data Bill:
1. Enhanced Privacy Protection:
- Individuals gain greater control over their personal data, reducing the risk of misuse or exploitation.
2. Improved Cybersecurity:
- Strong data security measures protect critical data from cyberattacks, mitigating the risk of data breaches and financial losses.
3. Fostered Innovation:
- Responsible data sharing and access to data sandboxes support innovation and the development of new technologies and services.
4. Economic Growth:
- A vibrant data market drives economic growth by encouraging investment in data-related industries and enabling businesses to make data-driven decisions.
Conclusion:
The Data Bill is a transformative legislative milestone that equips the nation with a comprehensive framework for data regulation. By protecting privacy, enhancing cybersecurity, fostering innovation, and supporting economic growth, the Bill empowers individuals and businesses to navigate the digital realm with confidence and success. As we embrace the age of data, it is imperative that we “cyber up” and implement the necessary safeguards for our digital future.
Innovation, insight and influence: the CISO playbook for 2025 and beyond
Published: Thu, 19 Dec 2024 09:10:00 GMT
Innovation, Insight, and Influence: The CISO Playbook for 2025 and Beyond
Introduction
In a rapidly evolving cyber threat landscape, Chief Information Security Officers (CISOs) are facing unprecedented challenges and opportunities. To navigate this dynamic environment effectively, CISOs must embrace innovation, develop deep insights, and foster influential relationships. This playbook outlines strategies for CISOs to stay ahead of the curve and ensure the resilience and success of their organizations in 2025 and beyond.
Section 1: Embracing Innovation
- Foster a culture of security experimentation: Encourage employees to test new security technologies and approaches in controlled environments to identify potential value.
- Invest in emerging technologies: Leverage cloud security, AI, ML, and automation to enhance detection and response capabilities and reduce operational burdens.
- Collaborate with startups and academia: Establish partnerships to access cutting-edge research, innovative solutions, and fresh perspectives.
Section 2: Developing Insight
- Establish a cyber threat intelligence program: Gather and analyze internal and external data to identify emerging threats, prioritize risks, and develop informed strategies.
- Foster a risk-based approach: Assess the organization’s vulnerabilities and threats to prioritize investments and allocate resources effectively.
- Conduct regular security audits and penetration tests: Identify weaknesses and gaps in security measures to drive continuous improvement.
Section 3: Fostering Influence
- Align security with business objectives: Demonstrate how security investments contribute to overall organizational growth and success.
- Become a trusted advisor: Provide strategic guidance to the C-suite and board on security risks and opportunities.
- Build relationships with stakeholders: Engage with IT, legal, HR, and other departments to ensure alignment and coordination on security matters.
- Leverage industry and community involvement: Join security organizations, participate in conferences, and share knowledge to build influence and gain access to best practices.
Section 4: Preparing for the Future
- Address convergence of IT and OT security: Explore strategies to protect increasingly connected operational technology environments.
- Prepare for quantum computing: Anticipate the potential impact of quantum computing on encryption and security algorithms.
- Develop a skills roadmap: Identify and prioritize security skills and certifications required for future workforce needs.
Conclusion
By embracing innovation, developing insight, and fostering influence, CISOs can play a critical role in shaping the future of their organizations. This playbook provides a roadmap for CISOs to lead the charge in protecting their enterprises against evolving cyber threats and positioning themselves as strategic business enablers in 2025 and beyond.
What is a public key certificate?
Published: Thu, 19 Dec 2024 09:00:00 GMT
Definition:
A public key certificate is a digital document that electronically binds a public key to the entity (person, organization, device, etc.) that owns it. It is used to verify the identity of the certificate holder and ensure the authenticity and integrity of digital communications.
Components:
- Subject: The entity to which the certificate is issued.
- Issuer: The entity that issued the certificate.
- Public Key: The holder’s public key.
- Validity Period: The time period during which the certificate is valid.
- Digital Signature: A unique cryptographic value that verifies the authenticity of the certificate.
Types:
There are various types of public key certificates, each used for different purposes:
- SSL/TLS Certificates: Used to secure websites and ensure the privacy and integrity of data during web browsing.
- Code Signing Certificates: Used to verify the integrity of software code and ensure that it has not been tampered with.
- Email Certificates: Used to digitally sign and encrypt emails, preventing phishing and ensuring their authenticity.
- Device Certificates: Used to identify and authenticate IoT devices, ensuring their secure communication.
Importance:
Public key certificates play a crucial role in the security of digital communications by:
- Authenticating Identities: Verifying the identity of entities that engage in digital transactions.
- Ensuring Data Integrity: Ensuring that data has not been altered or compromised during transmission.
- Protecting Privacy: Encrypting data to prevent unauthorized access.
- Facilitating Secure Communication: Establishing secure channels for communication, such as HTTPS.
Issuance:
Public key certificates are typically issued by trusted Certificate Authorities (CAs) that have verified the identity of the certificate holder. The CA uses its own private key to digitally sign the certificate, verifying its authenticity.
French court refuses to expedite trial of Sky ECC cryptophone distributor Thomas Herdman
Published: Thu, 19 Dec 2024 06:53:00 GMT
French Court Refuses to Expedite Trial of Sky ECC Cryptophone Distributor Thomas Herdman
A French court has rejected a request to expedite the trial of Thomas Herdman, a key distributor of the encrypted communications platform Sky ECC. Herdman was arrested in January 2021 and charged with complicity in drug trafficking and money laundering.
Background
Sky ECC was a secure messaging app that gained popularity among criminal organizations due to its strong encryption. In March 2021, law enforcement agencies in Europe and the United States cracked the Sky ECC encryption, leading to the arrest of thousands of individuals worldwide.
Herdman is accused of distributing Sky ECC devices and services to criminal groups in the United Kingdom and other countries. Prosecutors allege that he played a significant role in facilitating drug trafficking and other illegal activities.
Request for Expedited Trial
Herdman’s lawyers requested that his trial be expedited due to the length of time he has spent in pre-trial detention. They argued that the delay was causing him undue suffering and that he had the right to a fair and speedy trial.
Court’s Decision
However, the French court rejected the request for an expedited trial. The court noted that the case was complex and required careful investigation and preparation. The court also considered the need to protect the rights of other parties involved in the case.
Significance
The court’s decision to refuse an expedited trial is significant because it means that Herdman will likely remain in custody for an extended period of time. The trial is currently scheduled for March 2024.
The case against Herdman is one of the most high-profile prosecutions related to the Sky ECC investigation. It is expected to shed light on the role of encrypted communications in facilitating criminal activities.
The Security Interviews: Martin Lee, Cisco Talos
Published: Wed, 18 Dec 2024 07:14:00 GMT
Name: Martin Lee
Title: Talos Incident Response Manager
Company: Cisco Talos
Location: San Francisco Bay Area
Years in cybersecurity: 15
Education: B.S. Computer Science.
Certifications: CEH, OSCP, GCIH, GCIA, GPEN, GXPN, CCNA Security, Counter-Terrorism Awareness
Area(s) of expertise: Incident response, threat intelligence, computer forensics, malware analysis.
What’s the most exciting thing about working in cybersecurity?
The most exciting thing about working in cybersecurity is the constant challenge of staying ahead of the ever-evolving threat landscape. There is always something new to learn and new ways to protect against emerging threats. It’s a field that is constantly changing and growing, which keeps things interesting and exciting.
What’s the most challenging thing about your job?
The most challenging thing about my job is the constant pressure to stay ahead of the threat actors. We are constantly monitoring the threat landscape and responding to new threats, which can be a lot of pressure. It’s also challenging to keep up with the latest technologies and trends in cybersecurity, as the field is constantly evolving.
What advice would you give to someone who wants to get into cybersecurity?
My advice to someone who wants to get into cybersecurity is to start by learning the basics of computer science and networking. Once you have a solid foundation, you can start to specialize in cybersecurity. There are many different areas of cybersecurity to choose from, so it’s important to find one that interests you and that you are good at. I would also recommend getting involved in the cybersecurity community, attending conferences and meetups, and staying up-to-date on the latest news and trends.
What do you think are the biggest challenges facing cybersecurity today?
I think the biggest challenges facing cybersecurity today are the increasing sophistication of threat actors, the growing number of connected devices, and the lack of skilled cybersecurity professionals.
Threat actors are constantly developing new and more sophisticated ways to attack networks and systems. They are also increasingly targeting connected devices, such as smart homes and IoT devices. This makes it difficult for organizations to stay ahead of the threats.
The lack of skilled cybersecurity professionals is also a major challenges. There is a huge demand for cybersecurity professionals, but there are not enough qualified candidates to fill the open positions. This makes it difficult for organizations to find the people they need to protect their networks and systems.
What advice would you give to organizations to help them improve their cybersecurity posture?
My advice to organizations to help them improve their cybersecurity posture is to start by assessing their current security posture and identifying any weaknesses. Once they have identified their weaknesses, they can start to implement measures to address them. I would also recommend organizations to develop a cybersecurity strategy and incident response plan. This will help them to be prepared for and respond to security incidents. Finally, I would recommend organizations to invest in cybersecurity training and awareness for their employees. This will help to ensure that all employees are aware of the cybersecurity risks and know how to protect themselves and the organization.
What are your predictions for the future of cybersecurity?
I think the future of cybersecurity is bright. The demand for cybersecurity professionals will continue to grow as the threat landscape continues to evolve. I also believe that we will see more organizations adopting new cybersecurity technologies, such as AI and machine learning. These technologies will help organizations to automate many of the tasks that are currently performed manually, which will free up cybersecurity professionals to focus on more strategic tasks.
I also believe that we will see more collaboration between the public and private sectors on cybersecurity. This collaboration will be essential to developing and implementing effective cybersecurity strategies.
Top 10 cyber security stories of 2024
Published: Wed, 18 Dec 2024 07:00:00 GMT
Top 10 Cybersecurity Stories of 2024
Massive Breach at Global Tech Giant: A renowned multinational technology company suffers a devastating data breach, exposing sensitive information of millions of users, including financial details, personal data, and intellectual property.
Rise of Ransomware-as-a-Service (RaaS): Cybercriminals establish a thriving underground marketplace for selling and renting ransomware tools, making these attacks more accessible to less skilled threat actors.
Quantum Computing Threatens Encryption: Advancements in quantum computing pose a significant risk to existing encryption standards, raising concerns about the security of sensitive data and communications.
Supply Chain Attacks Target Critical Infrastructure: Sophisticated cyberattacks target critical infrastructure providers, disrupting operations and creating widespread chaos, highlighting the growing importance of supply chain security.
AI-Powered Phishing Campaigns: Artificial intelligence (AI) is used by attackers to create highly personalized and targeted phishing emails, significantly increasing their success rate.
Cyber Warfare Escalates International Conflict: Cyberattacks become an integral part of international disputes, with nation-state actors engaging in cyber espionage, sabotage, and influence campaigns.
Smart Home Vulnerabilities Exploited: The rapid adoption of smart home devices creates new attack vectors for cybercriminals, exposing personal data, privacy concerns, and home security.
Blockchain Security Challenged: While blockchain technology has gained popularity, vulnerabilities are exploited by attackers, highlighting the need for enhanced security measures.
Cyberinsurance Market Booms: The increasing frequency and severity of cyberattacks drive demand for cyberinsurance, providing financial protection to businesses and individuals.
Global Cybersecurity Agreement Reached: Amidst growing international concern, nations collaborate to establish a comprehensive cybersecurity framework, promoting information sharing, coordination, and deterrence.
Look to the future: How the threat landscape may evolve next
Published: Wed, 18 Dec 2024 06:48:00 GMT
Advanced Persistent Threats (APTs):
- APTs will continue to evolve in sophistication, targeting high-value organizations with custom malware and zero-day exploits.
- They may leverage emerging attack vectors such as IoT devices and cloud infrastructure.
Ransomware:
- Ransomware attacks will remain prevalent, with attackers targeting both businesses and individuals.
- New variants will emerge with advanced encryption methods and extortion techniques.
Supply Chain Attacks:
- Attackers will increasingly target third-party vendors and software suppliers to gain access to victim systems.
- This will require organizations to focus on supply chain security and vendor risk management.
Cloud Security:
- As cloud adoption grows, so will the threat landscape.
- Attackers will exploit misconfigurations, data breaches, and shared vulnerabilities in cloud platforms.
Artificial Intelligence (AI):
- AI-powered malware and deepfakes will pose new challenges for detection and prevention.
- Attackers may use AI to automate attacks and evade traditional security measures.
Data Breaches:
- Data breaches will continue to be a major concern, with attackers using phishing, social engineering, and insider threats to access sensitive information.
- Data privacy regulations and compliance will become increasingly stringent.
Mobile and IoT Devices:
- Mobile devices and IoT devices will be increasingly targeted by attackers due to their widespread use and often weaker security.
- Malicious apps, phishing campaigns, and IoT botnets will pose significant threats.
Nation-State Cyber Warfare:
- Nation-state actors will continue to engage in cyberwarfare operations, targeting critical infrastructure, government agencies, and corporations.
- These attacks may have far-reaching geopolitical consequences.
Zero-Trust Model:
- As threats evolve, organizations will adopt a zero-trust model, assuming that all traffic is malicious until proven otherwise.
- This will require a focus on identity and access management, micro-segmentation, and continuous monitoring.
Quantum Computing:
- While still in its early stages, quantum computing has the potential to significantly disrupt encryption and cryptography.
- Organizations should prepare for a potential quantum computing threat landscape by investing in quantum-resistant algorithms and technologies.
Models.com 2025-01-11
Models.com for 2025-01-11
Sicky Magazine
Published: Fri, 10 Jan 2025 23:04:08 GMT
Vogue Thailand
Published: Fri, 10 Jan 2025 20:28:39 GMT
L’Officiel Hong Kong
Published: Fri, 10 Jan 2025 20:20:48 GMT
Portrait
Published: Fri, 10 Jan 2025 20:02:17 GMT
Y/Project Closes, The British Fashion Council Taps Laura Weir as CEO, and more news you missed
Published: Fri, 10 Jan 2025 19:57:00 GMT
M Le magazine du Monde
Published: Fri, 10 Jan 2025 19:43:03 GMT
Desigual
Published: Fri, 10 Jan 2025 16:50:55 GMT
Cosmopolitan U.S.
Published: Fri, 10 Jan 2025 16:42:19 GMT
The Times Magazine UK
Published: Fri, 10 Jan 2025 16:33:40 GMT
British Vogue
Published: Fri, 10 Jan 2025 16:25:36 GMT
L’Officiel Italia
Published: Fri, 10 Jan 2025 16:19:47 GMT
Various Covers
Published: Fri, 10 Jan 2025 16:04:42 GMT
L’Officiel Baltics
Published: Fri, 10 Jan 2025 15:53:27 GMT
Various Lookbooks/Catalogs
Published: Fri, 10 Jan 2025 15:51:27 GMT
Vogue Japan
Published: Fri, 10 Jan 2025 15:44:07 GMT
The Sunday Times Style Magazine UK
Published: Fri, 10 Jan 2025 15:41:17 GMT
C.P. Company
Published: Fri, 10 Jan 2025 15:29:49 GMT
Various Campaigns
Published: Fri, 10 Jan 2025 14:33:16 GMT
Schön Magazine
Published: Fri, 10 Jan 2025 14:29:09 GMT
MMScene
Published: Fri, 10 Jan 2025 14:22:47 GMT
Various Campaigns
Published: Fri, 10 Jan 2025 14:16:18 GMT
Various Editorials
Published: Fri, 10 Jan 2025 13:23:34 GMT
W Magazine China
Published: Fri, 10 Jan 2025 13:00:04 GMT
Plaza Magazine
Published: Fri, 10 Jan 2025 12:04:18 GMT
Beyond Noise
Published: Fri, 10 Jan 2025 11:27:02 GMT
Canali
Published: Fri, 10 Jan 2025 11:21:13 GMT
Zalando
Published: Fri, 10 Jan 2025 10:34:47 GMT
L’Officiel Baltics
Published: Fri, 10 Jan 2025 09:07:09 GMT
& Other Stories
Published: Fri, 10 Jan 2025 04:05:39 GMT
Various Lookbooks/Catalogs
Published: Thu, 09 Jan 2025 23:42:32 GMT
Test Shoot
Published: Thu, 09 Jan 2025 23:10:34 GMT
METAL Magazine
Published: Thu, 09 Jan 2025 23:06:03 GMT
Test Shoot
Published: Thu, 09 Jan 2025 22:49:28 GMT
Various Campaigns
Published: Thu, 09 Jan 2025 22:41:15 GMT
Philosophy
Published: Thu, 09 Jan 2025 22:38:47 GMT
Melissa Shoes
Published: Thu, 09 Jan 2025 22:36:18 GMT
Apple
Published: Thu, 09 Jan 2025 22:18:12 GMT
Special Projects
Published: Thu, 09 Jan 2025 21:47:40 GMT
Various Lookbooks/Catalogs
Published: Thu, 09 Jan 2025 21:45:05 GMT
Simons Canada
Published: Thu, 09 Jan 2025 21:37:11 GMT
Test Shoot
Published: Thu, 09 Jan 2025 21:27:29 GMT
British GQ
Published: Thu, 09 Jan 2025 21:04:18 GMT
Notion Magazine
Published: Thu, 09 Jan 2025 20:55:44 GMT
Office Magazine
Published: Thu, 09 Jan 2025 20:44:21 GMT
Boy.Brother.Friend
Published: Thu, 09 Jan 2025 20:28:06 GMT
Polo Ralph Lauren
Published: Thu, 09 Jan 2025 19:36:28 GMT
Harper’s Bazaar Vietnam
Published: Thu, 09 Jan 2025 19:00:42 GMT
Models.com
Published: Thu, 09 Jan 2025 18:56:57 GMT
Marie Claire Brazil
Published: Thu, 09 Jan 2025 18:10:21 GMT
Numero Russia
Published: Thu, 09 Jan 2025 17:06:58 GMT
Birkenstock
Published: Thu, 09 Jan 2025 16:59:11 GMT
Magazine Antidote
Published: Thu, 09 Jan 2025 16:51:23 GMT
Apollo Magazine
Published: Thu, 09 Jan 2025 16:41:37 GMT
What’s Contemporary
Published: Thu, 09 Jan 2025 16:10:46 GMT
Lampoon Magazine
Published: Thu, 09 Jan 2025 16:01:45 GMT
Tag Heuer
Published: Thu, 09 Jan 2025 16:00:12 GMT
DA MAN Magazine
Published: Thu, 09 Jan 2025 15:40:17 GMT
Elle France
Published: Thu, 09 Jan 2025 15:24:18 GMT
GQ Magazine U.S.
Published: Thu, 09 Jan 2025 14:41:48 GMT
These Rookies Are Extreme Adventure Seekers
Published: Thu, 09 Jan 2025 14:00:24 GMT
Vogue Polska
Published: Thu, 09 Jan 2025 13:58:51 GMT
SSAW Magazine
Published: Thu, 09 Jan 2025 13:54:34 GMT
Khaite
Published: Thu, 09 Jan 2025 13:33:38 GMT
Roland Mouret
Published: Thu, 09 Jan 2025 13:09:02 GMT
GQ Turkey
Published: Thu, 09 Jan 2025 13:04:32 GMT
Miu Miu
Published: Thu, 09 Jan 2025 13:00:36 GMT
Numero Russia
Published: Thu, 09 Jan 2025 11:45:23 GMT
Unprint Magazine
Published: Thu, 09 Jan 2025 10:39:41 GMT
Loewe
Published: Thu, 09 Jan 2025 10:39:05 GMT
Nylon China
Published: Thu, 09 Jan 2025 03:48:27 GMT
Mango
Published: Thu, 09 Jan 2025 03:27:38 GMT
Love Want Magazine
Published: Wed, 08 Jan 2025 23:41:44 GMT
Love Want Magazine
Published: Wed, 08 Jan 2025 23:36:46 GMT
1883 Magazine
Published: Wed, 08 Jan 2025 23:00:39 GMT
Test Shoot
Published: Wed, 08 Jan 2025 21:59:05 GMT
Test Shoot
Published: Wed, 08 Jan 2025 21:47:21 GMT
Various Lookbooks/Catalogs
Published: Wed, 08 Jan 2025 21:39:46 GMT
Various Campaigns
Published: Wed, 08 Jan 2025 21:21:07 GMT
Sacai
Published: Wed, 08 Jan 2025 20:58:58 GMT
PALACE
Published: Wed, 08 Jan 2025 20:51:30 GMT
Acne Studios
Published: Wed, 08 Jan 2025 20:51:03 GMT
Various Campaigns
Published: Wed, 08 Jan 2025 20:47:16 GMT
Dust Magazine
Published: Wed, 08 Jan 2025 20:45:47 GMT
Off-White
Published: Wed, 08 Jan 2025 20:35:39 GMT
Victoria Beckham Beauty
Published: Wed, 08 Jan 2025 20:05:36 GMT
Zara
Published: Wed, 08 Jan 2025 20:01:19 GMT
rhode Skin
Published: Wed, 08 Jan 2025 19:46:41 GMT
The Latest Ad Campaigns on Our Radar
Published: Wed, 08 Jan 2025 19:23:06 GMT
Dust Magazine
Published: Wed, 08 Jan 2025 18:32:50 GMT
Emporio Armani
Published: Wed, 08 Jan 2025 17:57:21 GMT
Banana Republic
Published: Wed, 08 Jan 2025 17:51:16 GMT
Indie Magazine
Published: Wed, 08 Jan 2025 17:47:16 GMT
Harper’s Bazaar Arabia
Published: Wed, 08 Jan 2025 17:40:34 GMT
Mirror Mirror Magazine
Published: Wed, 08 Jan 2025 17:24:10 GMT
Numéro Netherlands
Published: Wed, 08 Jan 2025 16:52:32 GMT
Rowen Rose
Published: Wed, 08 Jan 2025 16:44:04 GMT
Rowen Rose
Published: Wed, 08 Jan 2025 16:38:00 GMT
DEdiCate Magazine
Published: Wed, 08 Jan 2025 16:37:40 GMT
Rowen Rose
Published: Wed, 08 Jan 2025 16:25:53 GMT
Rowen Rose
Published: Wed, 08 Jan 2025 16:23:52 GMT
Betsey Johnson
Published: Wed, 08 Jan 2025 16:22:40 GMT
Rowen Rose
Published: Wed, 08 Jan 2025 16:19:56 GMT
Book
Published: Wed, 08 Jan 2025 16:18:04 GMT
Milk Magazine
Published: Wed, 08 Jan 2025 16:16:12 GMT
Marie Claire Taiwan
Published: Wed, 08 Jan 2025 16:16:12 GMT
Ralph Lauren
Published: Wed, 08 Jan 2025 15:52:44 GMT
Family Style
Published: Wed, 08 Jan 2025 15:50:24 GMT
Cake Magazine
Published: Wed, 08 Jan 2025 15:45:59 GMT
Net-A-Porter
Published: Wed, 08 Jan 2025 15:25:03 GMT
ME+EM
Published: Wed, 08 Jan 2025 15:11:18 GMT
Video
Published: Wed, 08 Jan 2025 14:48:31 GMT
Adidas
Published: Wed, 08 Jan 2025 13:54:55 GMT
Vanity Teen Magazine
Published: Wed, 08 Jan 2025 13:50:49 GMT
Vanity Teen Magazine
Published: Wed, 08 Jan 2025 13:44:51 GMT
American Vogue
Published: Wed, 08 Jan 2025 13:39:03 GMT
Vanity Teen Magazine
Published: Wed, 08 Jan 2025 13:37:08 GMT
Test Shoot
Published: Wed, 08 Jan 2025 13:24:32 GMT
American Vogue
Published: Wed, 08 Jan 2025 13:20:26 GMT
King Kong Magazine
Published: Wed, 08 Jan 2025 13:08:25 GMT
Various Campaigns
Published: Wed, 08 Jan 2025 12:59:44 GMT
Vogue Netherlands
Published: Wed, 08 Jan 2025 12:56:24 GMT
Highsnobiety
Published: Wed, 08 Jan 2025 12:00:06 GMT
Dior
Published: Wed, 08 Jan 2025 11:42:09 GMT
Numéro France
Published: Wed, 08 Jan 2025 11:36:44 GMT
Dior
Published: Wed, 08 Jan 2025 11:25:31 GMT
Tod’s
Published: Wed, 08 Jan 2025 11:00:45 GMT
Numéro Netherlands
Published: Wed, 08 Jan 2025 10:59:19 GMT
Le Mile Magazine
Published: Wed, 08 Jan 2025 10:55:50 GMT
H&M
Published: Wed, 08 Jan 2025 10:26:39 GMT
Massimo Dutti
Published: Wed, 08 Jan 2025 09:31:34 GMT
Giorgio Armani
Published: Wed, 08 Jan 2025 06:59:06 GMT
PEDRO
Published: Wed, 08 Jan 2025 06:09:21 GMT
REVS Magazine
Published: Tue, 07 Jan 2025 22:45:46 GMT
Test Shoot
Published: Tue, 07 Jan 2025 22:35:42 GMT
SKIMS
Published: Tue, 07 Jan 2025 22:18:59 GMT
Various Campaigns
Published: Tue, 07 Jan 2025 22:07:08 GMT
Tibi
Published: Tue, 07 Jan 2025 22:00:18 GMT
Le Mile Magazine
Published: Tue, 07 Jan 2025 21:51:19 GMT
Bumble and Bumble
Published: Tue, 07 Jan 2025 21:32:52 GMT
Various Editorials
Published: Tue, 07 Jan 2025 21:23:19 GMT
Vogue Polska
Published: Tue, 07 Jan 2025 21:08:39 GMT
L’Oréal Paris
Published: Tue, 07 Jan 2025 21:03:22 GMT
Various Campaigns
Published: Tue, 07 Jan 2025 20:57:44 GMT
MAC Cosmetics
Published: Tue, 07 Jan 2025 20:37:12 GMT
Fenty Beauty
Published: Tue, 07 Jan 2025 20:35:56 GMT
Boy.Brother.Friend
Published: Tue, 07 Jan 2025 20:21:09 GMT
GQ Turkey
Published: Tue, 07 Jan 2025 20:16:21 GMT
Latest Magazine
Published: Tue, 07 Jan 2025 20:13:57 GMT
Citizen K International
Published: Tue, 07 Jan 2025 20:06:27 GMT
Various Campaigns
Published: Tue, 07 Jan 2025 19:45:55 GMT
Schooled in AI Podcast Feed for 2025-01-11
Schooled in AI Podcast Feed for 2025-01-11
3 hybrid work strategy tips CIOs and IT need now
Published: Mon, 04 Oct 2021 20:37:00 GMT
Author: Joe Berger
Moving to a hybrid work model presents a number of challenges for companies. Here’s how IT leaders can help overcome obstacles and support success.
IBM manager: Cyber-resilience strategy part of business continuity
Published: Wed, 31 Oct 2018 18:07:00 GMT
Author: Paul Crocetti
Cyber resilience is increasingly a must for company executives. IBM’s Andrea Sayles details the latest threats, as well as best practices for how to be prepared for attacks.
Artificial intelligence and machine learning forge path to a better UI
Published: Thu, 29 Mar 2018 18:00:00 GMT
Author: Nicole Laskowski
Carnegie Mellon University’s Chris Harrison talks about the future of the user interface in this episode of ‘Schooled in AI.’
Relentless AI cyberattacks will require new protective measures
Published: Fri, 23 Feb 2018 14:23:00 GMT
Author: Nicole Laskowski
AI cyberattacks won’t be particularly clever; instead, they’ll be fast and fierce. Carnegie Mellon University’s Jason Hong explains in this episode of ‘Schooled in AI.’
Trying to wrap your brain around AI? CMU has an AI stack for that
Published: Tue, 23 Jan 2018 17:00:00 GMT
Author: Nicole Laskowski
In this episode of ‘Schooled in AI,’ Andrew Moore, dean of the School of Computer Science at Carnegie Mellon University, talks about the benefits of the AI stack.