Artificial cybernet updates. info

Keeping Both Eyes on Cybersecurity
March 24, 2022 by Sheppard Mullin Richter & Hampton LLP, Charles Glover, Liisa Thomas
The New York State Attorney General’s finding that EyeMed Vision Care LLC had failed to protect customer data in violation of the NY SHIELD Act provides insights for companies on how to protect information. New York’s SHIELD Act applies, as we have written previously, to any organization owning or licensing the information of a NYS resident, not just organizations located in New York. It requires companies to take reasonable administrative, technical, and physical safeguards to protect collected personal information.
The underlying incident occurred when an attacker gained access to an EyeMed email address for a week, and used it to send 2000 phishing emails to EyeMed clients. During that time, the attacker accessed and had the ability to exfiltrate emails and attachments with customer information from as far back as 2014. EyeMed retained counsel, engaged a reputable forensic cybersecurity firm to assist with their investigation, and offered impacted individuals credit monitoring, fraud consultation, and identify theft restoration.
While the attorney general did not comment on EyeMed’s incident response process, the office felt that the company’s prior actions -or lack thereof- helped lead to the incident. Of particular concern were the following elements:
Lack of multi-factor authentication on the compromised web-facing email account.
Insufficient password management requirements on the account that contain large volumes of customer information (character length only a minimum of eight; six login attempts were allowed before locking the user account).
Account logs only were available for 90 days.
Emails stored that had customer information from as far back as 2014.
As a result of the investigation, EyeMed was required to update its internal processes to address these concerns. EyeMed also agreed to pay a $600,000 fine.
Putting it into Practice: In keeping with other guidance from New York, the EyeMed settlement shows that the New York AG has very specific expectations of companies’ data security measures. These include password strength, logging capabilities, and data storage minimization.

BrainCo’s thought-controlled prosthesis.

BrainCo’s bionic prosthesis differs from its counterparts in that it responds to brain and muscle signals to perform corresponding movements. That is, it reacts like a real hand, intuitively doing what the person wants to do.

IT Department establishes centralized cybersecurity roadmap by leveraging CIS18 framework
Contra Costa County has 28 government agencies, each with different cyber needs. This left their approach to cybersecurity decentralized. After completing a CIS18 framework analysis, the county set a clear, long-term strategy designed to develop cyber resilience.
March 23, 2022 by AT&T
Contra Costa County’s 28 agencies were left with a decentralized approach to its cybersecurity.

Problems Addressed:
Crafting a uniform approach to cybersecurity strategy in county government is particularly challenging given the wide breadth and depth of requirements across a range of security domains; data privacy, availability of critical resources and systems, mandates for special protection of officially designed critical infrastructure, and even variances in acceptable risk tolerance levels by agency, to name a few.

Over time, the variance in needs in Contra Costa County resulted in a decentralized approach to cybersecurity across the county’s 28 agencies. This dynamic is common in many County governments and fosters an environment with an inconsistent implementation of controls and a lack of standardization in securing systems and data. Lacking a way to collaborate and communicate effectively towards a common set of priorities, agencies approach their cyber challenges in silos, increasing overall costs, and potentially, risk.

The team developed an objective assessment of the cybersecurity program against the CIS18 controls framework.

Solutions Used:
To address this, Contra Costa County utilized the professional services of a trusted industry partner, AT&T Cybersecurity, to provide an objective assessment of the cybersecurity program against the CIS18 controls framework.

The Contra Costa County security team approached the challenge with a novel strategy in mind: leading by example in the central information technology office. Rather than attempting to dictate to their semi-autonomous agencies by policy, they set out to showcase success defined as reduced risk and improved capability maturity in the smaller central environment. Their proactive security and best practices then developed a standardized approach to cybersecurity for all agencies to adopt willingly and enthusiastically. This also served to build consulting, assessment, and control capabilities of the newly developed security team, and the partner service providers that they work with. This collective force could then serve to guide others within the organization in their own unique challenges.

Beginning with the establishment of a baseline of controls using the Center for Internet Security (CIS) Critical Security Controls, the County security team was able to identify the greatest areas of risk in their environment, shore up gaps and weaknesses in their program, and set a long-term strategy that had the greatest return on investment for the citizens of Contra Costa County.

This solution has served to help provide direction and alignment of resources around a standardized and understandable “security baseline” for the organization, and ensure the collective team is moving jointly in a shared direction.

Outcomes:
1. Long-term strategic cybersecurity roadmap and plan developed after risk assessment
2. Efficient budgeting and resourcing or the county through a centralized strategy
3. Improved collaboration and alignment of initiatives across IT, cyber, and business thanks to baseline controls outlined by the Center for Internet Security (CIS)
Lessons Learned:
1. Security risk management does not have to be complex.
2. A team approach within government as well as public private coordination is necessary to achieve success.
3. Bringing in an external partner with lots of private sector experience managing cyber risks to do an objective audit can help a country modernize more quickly.
4. Federal funding, ARPA and IIJA included, can be used for projects, including this one, that build resilient cybersecurity infrastructure.
Something Unique:
The CIS18 are a risk ranked set of security best practices that organizations can understand, achieve, and measure against. Implementing these recommendations can help mitigate against most cyber-attacks. Government entities can gain access to the CIS organizations materials free of charge at The 18 CIS Critical Security Controls (cisecurity.org).

Who should consider:
Organizations that are building out new security programs, or those that need a “reboot” to a more understandable shared vision.

More resources about this case study
AT&T Cybersecurity
CIS18 Security Best Practices

What have we learned so far regarding cybersecurity from the Russia-Ukraine war and related cyber incidents around the world? Let’s explore.
March 23,
What are the most important trends in global cybersecurity? How are current events impacting the wider cyber conflicts and incidents that public- and private-sector organizations face every day? How will these events shape the world in the years ahead in cyberspace?

These questions are becoming more and more difficult to answer as new alliances are being formed as a result of the war in Ukraine.

Back when we started the year, the top cyber experts and companies made numerous predictions regarding cybersecurity in 2022, but no one predicted what is happening now.

The Washington Post column called “The Cybersecurity 202,” which analyzes world cyber events, offered this headline this past week: “Cyber conflict in Ukraine is growing more complex by the day.”

Here’s an excerpt: “An IT army of volunteers from inside and outside Ukraine has been targeting Russia with a mix of offensive hacks and information operations aimed at cracking through Russian censorship with news about the bloody conflict.

“A top Ukrainian cyber official, Victor Zhora, distanced the government from the group’s offensive hacks during a call with reporters — even as he praised much of its work.

“‘Volunteers continue their operations, and we believe that some of these operations can be offensive and directed to military infrastructures of Russia,’ he said. ‘But … it’s their own initiative, so this activity isn’t coordinated by the government, and we continue focusing on protecting of Ukrainian infrastructure.’”

The article goes on to describe how cyber officials from allied nations have also offered remote assistance to help protect Ukrainian digital assets and investigate the origin of some cyber attacks. Also, China may be in the hacking mix, as a Twitter handle known for exposing Chinese hacking operations said they were conducting operations in Ukraine — but stopped short of linking the Chinese government.
Going even further, a recent CNBC headline proclaimed “‘For the first time in history anyone can join a war’: Volunteers join Russia-Ukraine cyber fight.”

Here’s an excerpt:
“The number of cyber attacks being waged by — and on behalf of — Ukraine and Russia since the outbreak of the war is ‘staggering,’ according to research.
“Ukraine authorities estimate some 400,000 multinational hackers have volunteered to help counter Russia’s digital attacks, said Yuval Wollman, president of CyberProof.
“Russia is expected to retaliate against countries and companies that are siding with Ukraine, especially in light of its military difficulties, said Wollman.
“‘For the first time in history anyone can join a war,’ said Lotem Finkelstein, head of threat intelligence at Check Point Software. ‘We’re seeing the entire cyber community involved, where many groups and individuals have taken a side, either Russia or Ukraine.’

“‘It’s a lot of cyber chaos,’ he said.”

Additionally, IFLScience.com offered this article: “Over 300,000 Hackers Join Ukraine’s Volunteer ‘IT Army’ Against Russia.”

Here’s an excerpt: “Most attacks on behalf of both Ukraine and Russia appear to employ two well-known methods. Firstly, hackers are attempting to access sensitive or private information with the aim of leaking the data to disrupt normal operations. Secondly, many are conducting DDoS attacks, involving overwhelming and disrupting a service or network by flooding it with traffic from multiple sources.

“There have been a number of highly publicized cyber attacks against Russia so far, although it’s difficult to know who’s behind the offensive and whether they are affiliated with this so-called ‘IT Army.’ One cyber attack, reportedly carried out by non-state-affiliated hacking collective Anonymous, involved broadcasting footage of the war on Russia’s state TV and the country’s equivalent of Netflix.

“The bombs and bullets remain as ugly as ever, but the prolific use of cyber attacks, cryptocurrency, social media, and disinformation campaigns means that this war is like few others seen before it. …”
IS CYBER INVOLVEMENT OVERBLOWN?
There are other experts who are reporting that the role of hackers and cyber attacks in the Ukraine conflict is overblown, especially with respect to cyber attacks outside Ukraine and Russia.

One of those experts is Dr. Lennart Maschmeyer, a senior researcher at the Cybersecurity Centre for Security Studies run by ETH Zurich, a public research university in Switzerland.

In this article for IT Wire, Dr. Maschmeyer wrote:

“Fear of cyber attacks has persisted for years, if not decades now, and there has been a lot of hype around what is theoretically possible in cyber operations …

“The problem is that in the excitement, and fear, few have stopped to think and look at the evidence of what is feasible in practice. Consequently, most threat scenarios are based on imagination and possibilities rather than evidence and evaluation.

“In theory, everyone can become a billionaire. In practice, it is extremely difficult though – very, very few make it. The same is true for cyber operations to produce strategically relevant, and useful, effects as my research has shown. …

“To be fair, cyber operations are capable of causing significant disruptions to individual lives, for companies suffering from ransomware etc.,” he added. “However, little of this activity rises to the level of strategic significance.”
WHERE IS THIS GOING NEXT?
 
In conclusion, we don’t know yet how these conflicts will be resolved any more than we know how the Russian invasion of Ukraine will end.

But some experts see current developments as a glimpse into the future regarding conflicts around the world, even if the war in Ukraine is resolved soon and does not spread to other countries.

For example, the role of the hacktivist, which I wrote about more than six years ago here and here, has evolved substantially. Quartz reported that “Pro-Ukrainian hacktivists are taking down Russian websites.”

Additionally, the Cybersecurity and Infrastructure Security Agency (CISA) just released this new guidance as part of a “Shields Up” Alert given the situation in Ukraine.

And many worry that once this global cyber army has been assembled, trained and made effective, they may be difficult to disband — or control.

Only time will tell.

Xiaomi has announced sub-flagship Redmi K50 and K50 Pro with identical design:

• 6.67″ 3200×1440 AMOLED 120Hz, touch 480Hz
• Dimensity 8100 / Dimensity 9000
• 8 + 128 or 256, 12 + 256 GB / 8 + 128 or 256, 12 + 256, 12 + 512 GB
• 48 MP + 8 MP wide + 2 MP macro / 108 MP + 8 MP wide + 2 MP macro
• 5G, NFC, Bluetooth 5.3
• IP53
• 5500 mAh, 67 W / 5000 mAh, 120 W
• From ¥2399 yuan (~₹28,720) / ¥2999 (~₹35,900)

stay tuned for more updates. (a.o.t.p.)

introducing a brand new — App, — we are excited to announce that our App is now available to download.
take advantage of this app and embark on a journey of
“Artificial Intelligence”.

App is free to download and is available in three languages: English, Spanish, and portuguese.

link to download 👇

https://play.google.com/store/apps/details?id=ai.artificialintelligence.artificial.intelligence.programming.learn.coding.robotics.leanai

https://play.google.com/store/apps/details?id=com.AI.dev20.app20

i believe today’s challenge and tomorrow’s opportunites are the best solved when people come together to work together. i also believe that technology has a role to play in making this happen,
which is why Artificial online training program
(A.O.T.P). our annual online developer event– is an exciting time of the year for me.

in just a few weeks March — 22nd — 27th
we’ll bring together our community of developers and unveil new technologies and tools across with 50+sessions.
people will get the opportunity to hear from our product expert and deep dive into our announcements.
this year’s event is slated to be our largest one to date!.
most importantly, there will be plenty of opportunities to meet other passionate developers. and identify ways we can all work together.

Artificial intelligence tunnel VPN is a great tool to protect your privacy and increase your security on the Internet. It basically connects two computers securely and privately on the internet. Artificial intelligence tunnel VPN is designed to provide a secure, encrypted tunnel to transmit the data between the remote user and the company network. The information transmitted between the two locations via the encrypted tunnel cannot be read by anyone else because the system contains several elements to secure both the company’s private network and the outside network through which the remote user connects through. VPN adds a layer of security and privacy to both private and public networks such as Wi-Fi hotspots.

As time has progressed, VPN’s advantages have been realized more widely by users other than just companies and organizations. Primarily, companies and organizations started using artificial intelligence tunnel VPN to communicate confidentially over public networks to send voice, video, and data. It is also an excellent option for remote workers and organizations with global offices and partners to share data in a private manner. Now, personal users can also use artificial intelligence tunnel VPN to increase their security and privacy, access streaming channels and similar services everywhere and also to protect their identity anywhere on the Internet.

Should I use Artificial Intelligence tunnel VPN?
You might have heard of artificial Intelligence tunnel VPNs before but haven’t used it yet. When you are using the Internet, you can never be sure if someone is snooping your data, especially when accessing public Wi-Fi hotspots which are usually unprotected and not secure. Artificial intelligence tunnel VPN helps you do your online work through a secure tunnel, so hackers can’t have access to your precious data.

Why do you need Artificial Intelligence tunnel VPN on your Smartphone?
Your Smartphone contains a lot of your personal information. It is synced with your email and your other profiles. It has access to all of your other personal data like your photos, messages, emails, Facebook, Twitter, Snapchat, etc. When you are connected to Wi-Fi, your data could be shared with others whether that Wi-Fi connection is secure or not! And when you browse some websites, they save your data by accessing your real IP and finding out your real physical location! So by using artificial intelligence tunnel VPN, you can browse websites anonymously because a good VPN gives you a different IP address than what the websites think. Also, by using artificial intelligence tunnel VPN, you can choose your desired Virtual Location to do your work safely and quickly, and also have free access to all websites everywhere without any concern.

#Artificial-cyber-net