Resources Guide on Cybersecurity

 

AI

AI technology has evolved a lot in the different applications and uses that we can offer, one of these cases is the company based Document Classification Firm Concentric Emerges From Stealth, they have developed an AI-based system which manages the semantic language to protect documents Most critics of the company showing such detail as, for example, the number of documents that each employee has, the number of times that the employee has shared both high and low risk documents with this technology, companies can obtain greater control of your information creating safer environments. This directly affects the reduction in costs for this type of process, since it would take a long time to organize a team of people to do it and would be exposed to many errors.
Another application of AI technology is the alliance between Novartis and Microsoft for the discovery of new drugs, alliances like these will help us prevent and treat existing diseases and new diseases to lengthen people’s lives, but there are several challenges in the processes For example, there are typographical errors that when analyzing the information we will eventually find errors in the results of the AI. There is still a lot to work on in this field, but this is a huge step.
Another major alliance The University of Maryland, Baltimore and UM Baltimore County for Medical Data recently signed an agreement to leverage UMBC’s AI, machine learning, and cybersecurity experience to protect medical devices and data from cyberattacks. Security leaders have long stressed that the healthcare sector should read on outside resources and collaborate to fill cybersecurity gaps.

Authentication

 

This article is very interesting, Nimbus-Key system could be the solution for their problem (Jose Bolanos MD).
The Defense Department has been trying to kill the Common Access Card for a long time. Before it does so, it wants to make it more like a commonly used authentication measure: the Personal Identity Verification (PIV) card. Former DOD CIO Terry Halvorsen announced a two-year plan in June 2016 to move away from the CAC. The CAC is a “smart” card about the size of a credit card, and is the standard identification issued to active duty uniformed service personnel, selected reserve, DOD civilian employees and eligible contractors, the DOD notes. It is also the principal card used to grant physical access to buildings and controlled spaces, and it gives users access to DOD computer networks and systems.

Last year, the DOD tested alternatives to the CAC. DOD is exploring other ways to improve the CAC, including something known as the opacity, which, Federal News Radio reports, “is protocol to protect contactless communication between the card and the system, and adding encrypted certificates that will let users do tap-and -go authentication. ” This is crucial for first responders and others who need quick access to systems or facilities, the publication notes and the impact on authentication goes beyond government in the private sphere an Increasingly Diverse, Dynamic Workforce Is Driving Dramatic Change in How Users Authenticate.

There are not only more users, but also more kinds of users working in more places, all needing to authenticate in a way that keeps resources secure without making access unduly difficult or time-consuming.
What about contractors or gig workers who aren’t traditional employees?

How do you provide them with the access they require, absent direct control of the devices they’re using to access your organization’s resources?

We all need to remember the critical nature of information that exists on people’s devices, including laptops, and the need to protect that information. cyber security experts have recommended augmenting usernames and passwords with multi-factor authentication (MFA) to add an additional layer of security for access control. Smart Cards – Smart Cards can also be used for authentication and provide a level of assurance once validated and verified.

Cybersecurity

Cybersecurity is a constant risk in different systems
Hackers Scanning for Apache Tomcat Servers Vulnerable to Ghostcat Attacks. Hackers have started scanning the web in search of Apache Tomcat servers affected by a recently disclosed vulnerability tracked as CVE-2020-1938 and dubbed Ghostcat. Ghostcat affects Tomcat’s default settings, and many servers are vulnerable to attacks directly from the Internet. ONYPHE reported in late February that a scan had identified more than 170,000 potentially vulnerable devices.

This leads us to think if we are really safe in the network, hackers invent new and sophisticated ways to violate our systems every day, such as the case of T-Mobile Notifying Customers of Data Breach. The company notified its users that the accounts of Their employees’ emails were violated and with them the massive theft of hundreds of customer accounts including names, addresses, telephone numbers, rate plans and features, and billing information. T-Mobile says the attack was identified and shut down by its cyber-security team recently, but does not provide a specific timeframe for when that happened, nor does it reveal details on how many of its customers might have been impacted.

Likewise the Mobile Payment Fraud on the Rise and is growing faster in the mobile ecosystem than anywhere else. While Windows remains the most popular operating system used by fraudsters at 38%, the combined figures for iOS and Android are now 51% of all online fraudulent activity. The growth is probably even greater since little more than half of merchants track fraud on mobile channels.

Just as the targets have evolved with the emergence of mobile as the fraud platform of choice, so too have the payment types evolved. The more apparently obvious types – gift cards and credit cards – occupy only positions six and seven in the most popular methods. and hackers show us more of their crime skills ‘Surfing attacks’ could let hackers read your texts and it’s not a game recently investigators found that Ultrasonic waves can activate Siri on your cellphone and have it make calls, take images, or read the contents of a text to a stranger.

The researchers suggested some defense mechanisms that could protect against such an attack. One idea would be the development of phone software that analyzes the received signal to discriminate between ultrasonic waves and genuine human voices. Changing the layout of mobile phones, such as the placement of the microphone, to dampen or suppress ultrasound waves could also stop a surfing attack.

Healthcare Innovation

With more sophisticated tools, scientists hope to launch a new tool can monitor influenza A virus mutations in real time. The tool could help virologists learn how to stop viruses from replicating, according to the new study. The gold nanoparticle-based probe measures viral RNA in live influenza A cells. It is the first time in virology that experts have used imaging tools with gold nanoparticles to monitor mutations in influenza, with unparalleled sensitivity.

and in other news of innovation in health. The researchers report that a flexible device can collect thermal energy from the human body to control health. The device surpasses all other flexible harvesters that use body heat as their sole energy source. Flexible harvesters that conform to the human body are highly desired for use with wearable technologies. Superior skin contact with flexible devices, as well as the ergonomic and comfort considerations to the device wearer are the core reasons behind building flexible thermoelectric generators, or TEGs, says corresponding author Mehmet Ozturk, a professor of electrical and computer engineering at North Carolina State University .

Technology gives us more help every day to control our health Liquid Metal Biosensors for Healthcare Monitoring now researchers at KAIST, South Korea’s institute of science and technology, have been able to use a liquid metal to make highly accurate flexible pressure sensors that can be manufactured relatively inexpensively.

Liquid metals, such as Galinstan, an alloy of gallium, indium, and tin, have been tried inside flexible pressure sensors but the devices produced were not sensitive enough to detect heartbeats and other biological signals. The KAIST team created a 3D printed sensor that integrates liquid metal and a rigid microbump array to produce accurate, highly sensitive pressure readings.

“We expect it to be used in health care applications, such as the prevention and the monitoring of the pressure-driven diseases such as pressure ulcers in the near future. There will be more opportunities for future research including a whole-body pressure monitoring system related to other physical parameters. ”

Identity Management

Identity management is a very important tool to manage platforms, access our information, but it is not always used in the most ethical way and the risk that they use it to access our privacy is a risk. Activists believe the FBI is currently collecting biometric data on people’s faces, irises, walking patterns, and voices, and has a database of at least 640 million images of adults in the United States.

They are not taking into account that in the biometric process they may have Massive Errors Found in Facial Recognition Tech, putting at risk the safety of innocent people and judging them unfairly. Senate Bill Maintains Funding Ban on Unique Patient Identifier, this due to the fear that there is no adequate security of patient information, this situation will surely change when more secure methods such as Nimbus-Key are massified so that systems in a future like Medicare and Medicaid will be more efficient in treating and diagnosing pexistent diseases with detailed information in the medical history of their patients.

But good use of identity management technology not only helps us control but also prevents it. Universal background checks really reduce gun deaths. Controlling who has access to guns has much more impact on reducing gun-related homicides than controlling what guns people have, researchers report. According to analysts, it is much more effective for researchers to control the identity of those who buy weapons to know their criminal history or mental problems than to control what type of weapons are sold or are legal for their use.

This would greatly reduce demonstrations and shootings throughout the country, generating greater security for people. Overall, we tend to think of cybersecurity as just that: security. It protects us from digital threats and malicious actors. Yet we also tend to think of it as a giant fence; it surrounds our IT environment where all the important business processes occur. How Identity Security Improves Your Business Processes.

Enterprises migrate to cloud and hybrid environments more and more each passing day and the reasons why prove obvious. The cloud offers:

Faster communications.
Easier collaboration.
More productivity.
More flexibility.
A stronger bottom line.

Identity security can enhance your cloud business processes.

As we can see, identity management is very important in all aspects of our society, it impacts us in processes and direct circumstances in our environment where we want security of our information and data, but at the same time we are afraid of the risk that this entails if not We are clear in whose hands our personal data is, both facial recognition and fingerprint, 2-factor authentication or QR codes offer us a technological vehicle to generate safer environments, the real risk behind those who control this technology and drive Our information.

Identity Theft

A new JavaScript skimmer targets data entered into the payment forms of ecommerce merchant websites, Visa Payment Fraud Disruption (PFD) warns. Dubbed Pipka, the skimmer was discovered on an ecommerce website previously infected with the JavaScript skimmer known as Inter, but it has infected at least sixteen other merchant websites as well.

The skimmer shows a focus on anti-forensics, by calling a function that clears the skimmer’s script tag from the page immediately after the script loads, thus making it difficult for analysts or website administrators to notice the code. The end result of Pipka, however, is the same as with any other skimmer, albeit some methods are different: exfiltrating payment card data from ecommerce websites. The new threat, Visa notes, is expected to continue to be used in live attacks. identity fraud hit a new all-time high and cyber-enabled fraud accounted for an even greater proportion of the growing problem, according to the 2019 Fraudscape report.

In 2017 more than 305,000 instances of fraudulent conduct were recorded to the National Fraud Database:
Identity fraud continued to rise, hitting an all-time high of 174,523 cases in 2017 (up one percent from 2016). 95 percent of these cases involved the impersonation of an innocent victim. Eight out of 10 fraudulent applications were made online. There was a 27 percent increase in 14-24 year olds becoming ‘money mules’. Overall bank accounts identified as being used as ‘mule’ accounts were up by 11 percent. More than a third of bank account takeover victims were over 60-years-old.

There are two major phases of combating identity theft: prevention and recovery. The first phase can minimize exposure; the second can help minimize the pain in terms of time and money remediating any problem that results, despite prevention efforts.

Preventing Identity Theft
It is impossible for an individual or business to become completely immune from identity theft. Nevertheless, the following important steps can lessen the likelihood of thieves obtaining and using personal information for fraudulent purposes.

Safeguarding personal / business information.
For individuals, this means taking all of the following actions:

Protecting a Social Security number; for example, a Social Security card should not be carried around (other than to complete Form I-9 when hired for a job).

Limiting disclosure of personal information, such as a birthday, on social media.

Using smart passwords for financial accounts, mobile devices, and other sensitive data and devices.

For businesses, vulnerability can come from within (an employee or former employee) or without (hackers).

A more complete discussion about prudent company policy regarding access to sensitive business information can be found later in this article.

For independent contractors, one strategy is to obtain an employer identification number and use it instead of a Social Security number when completing Form W-9 for all engagements.

Telehealth

Virtual tools have advanced enormously in recent years and one of them is revolutionizing the world that is telehealth, an example is, Intermountain Healthcare launches new Kidney Care Center that will provide at-home dialysis with telehealth-enabled video visits to patients. Patients will be able to schedule kidney dialysis treatments that fit their schedule. Giving kidney dialysis patients access to in-home care will allow them to have treatments that easily accommodate their schedule, and follow-ups can be conducted via telehealth-enabled calls to a caregiver. In addition, many patients today greatly appreciate telehealth tools, Video visits still might one day replace many in-person checkups, said Dr. Michael Barnett of the Harvard T. H. Chan School of Public Health in Boston.

Rehabilitation by video telehealth reduced the rates that patients with chronic obstructive pulmonary disease (COPD) had to be readmitted within 30 days after hospitalization for a lung exacerbation, according to a study. “The video telehealth pulmonary rehabilitation program, by overcoming many barriers to early initiation of pulmonary rehabilitation, can expand access to pulmonary rehabilitation, especially for patients who live in rural areas,” Bhatt added.

Furthermore, the researcher emphasized that “by reducing COPD readmissions, this intervention has the potential to substantially reduce healthcare costs.”

Apart from COPD, the intervention approach can also be applied to the rehabilitation of patients with other chronic lung diseases. However, according to the team, the results need to be confirmed through randomized clinical trials.

Ransomware

Ransomware is a malicious software program that infects your computer and displays messages that require payment of money to restore system operation. This type of malware is a criminal system for making money that can be installed through deceptive links included in an email message, instant message or website.

Ransomware has the ability to lock a computer screen or encrypt predetermined important files with a password. this was the case in the U.S. Natural Gas Facilities Disrupted by Ransomware Attack, A ransomware infection at a natural gas compression facility in the United States resulted in a two-day operational shutdown of a full pipeline asset, the Cyber Security and Infrastructure Security Agency revealed ( CISA) of the Department of Homeland Security. the attackers used spear phishing to gain initial access to the facility’s IT network, after which they managed to reach the OT network.

The hackers then implemented basic ransomware that encrypted files on Windows machines on IT and OT networks. The agency published an alert to warn gas and other critical infrastructure operators about the risk of cyberattacks, and provide recommendations for mitigating the threat. but cybercriminals do not sit idly by when they are discovered and are always innovating new ways to continue committing a crime in one of the new methodology for instigating ransomware makes use of Windows‘ own Encrypting File System (EFS). EFS has been a part of Windows since Windows 2000. Unlike Windows ’BitLocker – which is a full disk encryption feature – EFS can selectively encrypt individual files or folders. It does this transparently to the user, using a key that is partly stored in an accessible file, and partly computed from the user’s account password.

Once set up, the user does not need to provide a password for EFS to work.
And another of the news that caught our attention on this subject was that New Jersey’s largest hospital system said Friday that a ransomware attack last week disrupted its computer network and that it paid a ransom to stop it.

Hackensack Meridian Health did not say in its statement how much it paid to regain control over its systems but said it holds insurance coverage for such emergencies.
The attack forced hospitals to reschedule nonemergency surgeries and doctors and nurses to deliver care without access to electronic records.