Tel Aviv, Israel, April 23rd, 2025, CyberNewsWire

Lattica, an FHE-based platform enabling secure and private use of AI in the cloud, has emerged from stealth with $3.25 million in pre-seed funding. The round was led by Konstantin Lomashuk’s Cyber Fund, with participation from angel investor Sandeep Nailwal, co-founder of Polygon Network and Sentient: The Open AGI Foundation, among others.

Lattica’s technology represents a critical new standard for industries such as healthcare, finance, and government sectors, where data privacy and security concerns have limited AI adoption. According to Cisco’s 2025 AI Briefing: CEO Edition, 70% of CEOs surveyed admitted being concerned about the state of their networks due to the rising adoption of AI, with 34% citing security as a major barrier to adoption. 

Fully Homomorphic Encryption (FHE) – the “holy grail” of cryptography in the last decade – ensures all communication between AI providers and end users remains encrypted, without needing to decrypt it, but due to longstanding computational inefficiencies, FHE has yet to be widely adopted. By capitalizing on the latest breakthroughs in the AI acceleration stack, Lattica leverages advanced acceleration techniques to operationalize FHE. 

Led by founder and CEO, Dr. Rotem Tsabary, who holds a PhD in lattice-based cryptography from the Weizmann Institute of Science, Lattica takes advantage of the foundational mathematical similarities between FHE and machine learning to offer a hardware-agnostic, cloud-based platform that utilizes FHE to deliver secure and private use of AI.

A key differentiator powering Lattica’s solution is its Homomorphic Encryption Abstraction Layer (HEAL), which enhances FHE performance and standardizes its acceleration. A cloud-based service, HEAL serves as a universal bridge connecting FHE applications and AI algorithms across a diverse range of hardware, including GPUs, TPUs, and CPUs, as well as dedicated accelerators like ASICs and FPGAs.

“By combining the advancements of hardware acceleration with software-based optimization, we realized that not only could we improve FHE efficiency to the point of commercial viability, but use it to solve critical data dilemmas holding back AI’s adoption in sensitive industries,“ said Dr. Rotem Tsabary, founder and CEO of Lattica. “We’re enabling practical FHE by developing a solution that is tailor made for neural networks.”

As part of its emergence from stealth, Lattica has made demos of the platform available on its website, alongside insights from an in-depth survey within the FHE community. Survey results validate Lattica’s approach, revealing that a majority (71%) of respondents believe FHE adoption will be achieved through a combination of hardware and software. 

“Lattica is pushing the boundaries of Fully Homomorphic Encryption, solving one of the most critical challenges in AI security,” said Konstantin Lomashuk, Managing Partner at Cyber Fund. “Cyber Fund is proud to have led Lattica’s pre-seed round. This is the kind of deep-tech innovation that defines the future, and we’re excited to see Lattica leading the way.”

Lattica’s focus on healthcare and finance further underscores the platform’s relevance, with potential applications in secure data analysis for medical research and encrypted financial transactions.

“Lattica’s product-first approach fundamentally transforms sensitive data processing in the AI ecosystem,” said Sandeep Nailwal, co-founder of Polygon Network and investor in Lattica. “Lattica has made FHE a reality that is both practical and scalable, as Tsabary and her research team is proving that advances in the machine learning stack can significantly boost the performance of FHE and have an immediate impact on the market.”

About Lattica

Lattica enables querying AI models with Fully Homomorphic Encryption, offering FHE as a hardware-agnostic, cloud-based service. The platform leads in scientific innovation by ensuring that user queries remain encrypted throughout the entire machine learning inference process. Lattica’s Homomorphic Encryption Abstraction Layer (HEAL) connects FHE applications, algorithm implementations, and diverse hardware backends, making secure AI computation as accessible as traditional cloud-based AI services. The company is headquartered in Tel Aviv. For more information, users can visit www.lattica.ai.

Contact

Jordan Chaim
InboundJunction
jordan@inboundjunction.com

The post Lattica Emerges from Stealth to Solve AI’s Biggest Privacy Challenge with FHE first appeared on Cybersecurity Insiders.

The post Lattica Emerges from Stealth to Solve AI’s Biggest Privacy Challenge with FHE appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/8dB9kOy
via IFTTT

In this increasingly digital world, cybersecurity has become more than just an IT concern; it’s a critical aspect of every business’s strategy and operations. With the rise of cyber threats—ranging from ransomware and phishing to insider threats and advanced persistent threats (APTs)—securing your digital infrastructure is no longer optional, but a necessity.

While no system can guarantee 100% security (given the ever-evolving nature of cyber threats), there are essential strategies and practices that can significantly reduce the risk and strengthen your cybersecurity posture. Achieving “100% cybersecurity success” means taking a holistic, multi-layered approach that focuses on prevention, detection, response, and continuous improvement.

Here’s a detailed look at the essentials to achieve a near-total cybersecurity defense:

1. A Robust Cybersecurity Framework: Build from the Ground Up

To lay the foundation for comprehensive cybersecurity, it’s crucial to adopt a well-established cybersecurity framework. Frameworks like NIST (National Institute of Standards and Technology), ISO 27001, and CIS Controls are designed to guide organizations in building and maintaining secure systems and processes. These frameworks offer structured methodologies for protecting digital assets, setting clear guidelines on policies, procedures, and technologies necessary for cybersecurity success.

Key Areas:
•    Risk management and assessment
•    Data protection and privacy
•    Incident response protocols
•    Network security controls

Implementing these frameworks ensures that your organization’s cybersecurity strategy is both comprehensive and effective, addressing threats from multiple angles.

2. Employee Awareness and Training: The Human Element

One of the most vulnerable points in any cybersecurity strategy is the human element. Employees are often the weakest link in the chain, falling victim to phishing scams, social engineering tactics, or careless handling of sensitive data.

Employee training and awareness are fundamental to preventing breaches. Regular training sessions should be conducted to educate staff about:

•    Recognizing phishing emails
•    Best practices for password management
•    How to identify and avoid social engineering tactics
•    Data protection protocols and compliance regulations (like GDPR)

3. A Multi-Layered Defense Strategy: Defense in Depth

A successful cybersecurity strategy requires multiple layers of defense. This defense-in-depth approach ensures that even if one layer is breached, others will still protect critical assets. Implementing several layers of security reduces the risk of a successful attack.

Core Layers Include:

•    Firewalls and Network Security: These are the first line of defense against external threats. Modern firewalls should be capable of inspecting traffic for malicious activity and blocking threats in real-time.
•    Endpoint Protection: All devices connected to your network, such as laptops, smartphones, and servers, need to be protected with antivirus software, endpoint detection, and response (EDR) systems.
•    Encryption: Encrypting sensitive data, both at rest and in transit, is crucial for ensuring that even if data is intercepted, it cannot be accessed or tampered with.
•    Access Controls: Implementing zero-trust architecture, where every user and device is continuously validated, ensures that only authorized individuals can access critical systems.

4. Incident Detection and Response: Plan for the Worst

No matter how strong your defenses are, there’s always a possibility that a breach could occur. Incident detection is crucial to minimize the impact of an attack. The faster you detect a breach, the faster you can respond and mitigate potential damage.

Key Incident Response Actions:

•    Real-Time Monitoring: Utilize automated threat detection systems, such as SIEM (Security Information and Event Management) solutions, to continuously monitor your network and endpoints for suspicious activity.
•    Behavioral Analytics: These tools help identify unusual patterns of behavior, which can indicate a compromised system or insider threat.
•    Incident Response Plan (IRP): Having a clearly defined IRP ensures that everyone in the organization knows what to do in case of a breach. It should include protocols for containment, investigation, communication, and recovery.

5. Regular Vulnerability Assessments and Penetration Testing

Vulnerabilities in your systems can lead to potential entry points for attackers. Regular vulnerability assessments and penetration testing should be part of your ongoing cybersecurity strategy. These tests simulate attacks on your systems to identify weaknesses before cybercriminals can exploit them.

Penetration testing helps you:
•    Identify software vulnerabilities, unpatched systems, and misconfigurations
•    Test the strength of your defenses
•    Provide insight into areas that need improvement

Frequency: Penetration testing should be conducted every 3-6 months, or whenever major changes are made to your network or infrastructure.

6. Data Backup and Disaster Recovery Plans

A strong cybersecurity strategy includes disaster recovery (DR) and business continuity plans. Ransomware attacks, data breaches, and system failures can bring business operations to a halt. To minimize the impact of such disruptions, organizations must have reliable data backup solutions and DR protocols in place.

Essentials of a Data Backup and DR Plan:

•    Frequent backups: Ensure that critical data is backed up on a regular basis, and that backups are stored securely, ideally in multiple locations (on-site and off-site/cloud).
•    Tested Recovery Procedures: Periodically test recovery plans to ensure that systems can be restored quickly in the event of a breach or failure.
•    Separation of backup systems: Isolate backup systems from production networks to reduce the risk of them being compromised in the event of an attack.

7. Third-Party Vendor Risk Management

In today’s interconnected world, businesses often rely on third-party vendors for critical services, such as cloud storage, payment processing, and software development. However, these vendors can also pose a cybersecurity risk if their own security practices are weak.

Vendor risk management is essential to ensure that any third-party relationships do not expose your organization to unnecessary threats. Key steps include:

•    Evaluating vendor security policies: Before onboarding any vendor, assess their cybersecurity policies and practices.
•    Continuous monitoring: Regularly assess the security posture of third-party vendors to ensure they remain compliant with your organization’s security standards.
•    Contractual Agreements: Ensure that cybersecurity expectations are included in contracts, specifying security measures, data protection requirements, and liability clauses.

8. Compliance with Regulatory Standards

Many industries are subject to strict regulatory frameworks that mandate specific cybersecurity practices. Compliance with regulations such as GDPR (General Data Protection Regulation), HIPAA (Health Insurance Portability and Accountability Act), and PCI DSS (Payment Card Industry Data Security Standard) not only helps businesses protect sensitive data but also ensures they avoid costly penalties.

Regular audits should be conducted to ensure your organization complies with relevant laws and regulations. Failing to meet compliance standards can lead to significant legal and financial consequences, as well as damage to your reputation.

9. Continuous Improvement: Evolving with the Threat Landscape

Cybersecurity is not a one-time effort but a continuous process. New vulnerabilities, threats, and technologies emerge regularly, and businesses must remain agile in adapting their defenses. Regularly review and update your cybersecurity strategy to stay ahead of evolving cyber threats.

•    Stay informed: Subscribe to threat intelligence services to receive updates on emerging threats and vulnerabilities.
•    Engage with the cybersecurity community: Participate in industry forums, cybersecurity conferences, and workshops to stay informed about the latest trends and best practices.

Conclusion: Striving for 100% Success in Cybersecurity

While achieving 100% cybersecurity success is a complex and ongoing process, the principles above lay the groundwork for a robust defense. By adopting a multi-layered security approach, prioritizing employee training, establishing an incident response plan, and continuously evaluating your defenses, you can significantly reduce the risk of cyber threats.

Cybersecurity is not just a technical issue—it’s a culture that must permeate every level of an organization. With a proactive, well-rounded approach, businesses can maximize their chances of achieving “success” in cybersecurity, protecting their assets, reputation, and customers in an increasingly hostile digital landscape.

The post Essentials to Gain 100% Cybersecurity Success: A Comprehensive Approach first appeared on Cybersecurity Insiders.

The post Essentials to Gain 100% Cybersecurity Success: A Comprehensive Approach appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/Hnjqhkb
via IFTTT

Many small and medium-sized businesses (SMBs) operate under the assumption that cybercriminals won’t target them, believing their data or systems lack the value to entice hackers. After all, these businesses often can’t afford the hefty ransoms that typically interest cyber attackers. However, this misconception is increasingly outdated. Hackers have shifted their tactics and are now eyeing SMBs as prime targets.

According to a report by Dark Atlas, a web monitoring platform, cybercriminal groups, particularly those behind Akira Ransomware, have broadened their focus to include smaller businesses, launching double-extortion attacks. In these attacks, cybercriminals not only encrypt a company’s data but also steal it, threatening to release sensitive information unless a ransom is paid.

In 2024 alone, the Akira Ransomware group targeted over 350 organizations globally, generating an estimated $42 million in ransom payments. The majority of this money came from victims in North America.

How These Attacks Work

The method used by these cybercriminals is relatively simple yet effective: they exploit stolen credentials to infiltrate networks that rely on basic, single-factor authentication for security. Once inside, they deploy file-encrypting malware, locking up critical data and demanding a ransom for its release.

The primary targets are SMBs, often with fewer than 100 employees, who typically lack the robust IT resources needed to prevent or respond to such sophisticated attacks. Without dedicated cybersecurity teams, these businesses are particularly vulnerable, leaving them with little choice but to pay the ransom.

Key Targets and Profitable Regions

Research from Dark Atlas indicates that Akira Ransomware’s main targets in 2024 were organizations in North America, Europe, and Australia, where the value of cryptocurrencies against the dollar is high, maximizing the criminals’ profits. Sectors such as education, finance, healthcare, and manufacturing were hit the hardest, with some organizations in the defense industry also affected.

Should You Pay the Ransom?

While paying the ransom might seem like the quickest way to regain access to locked data, experts warn against it. Not only does paying ransom fuel further criminal activity, but it doesn’t guarantee that the attackers will actually provide the decryption key. Additionally, once a company has been attacked, it’s possible that they could be targeted again, especially if security vulnerabilities aren’t addressed.

The post Akira Ransomware shifts focus to SMBs first appeared on Cybersecurity Insiders.

The post Akira Ransomware shifts focus to SMBs appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/vwYe7Lr
via IFTTT

I love my job

This isn’t said sarcastically or trying to convince myself. I genuinely love my job. I love my company and coworkers and the ability to help clients. I think I have the best job out there and I feel blessed. Japanese ikigai describes the intersection of what you love, what you’re good at, what the world needs, and what you can be paid for. I have that.

And I’m always passionate about helping others find their way into security and dispelling myths and supporting underrepresented groups. Security professionals come from all walks of life, we need all perspectives to solve some of these challenging problems.

The Reality of the Cybersecurity Job Market

I saw the initial posts by ISACA about how there are 2 million openings in cybersecurity. I followed as the number bloomed to 4 million and regularly quote it. When people said they don’t believe it because they’ve been looking for a while and unsuccessful, I suggested that there may be other reasons they’re unsuccessful finding a job.

And the layoffs—previously they did not affect cybersecurity but now they definitely are. The job market is challenging, but I still believe that if you are a motivated individual, you can work your way to your dream job. I no longer believe that there are 4 million openings sitting vacant. Maybe that’s the number of cyber professionals the world needs, but I’d need to see data backing up claims that there are 4 million openings today.

Breaking Into Cybersecurity: A Realistic Approach

You do not have to have a degree in cybersecurity, but it certainly doesn’t hurt. Here are my 5 steps for becoming a security professional:

1. Learn to Speak the Language

Familiarize yourself with industry concepts and terminology through courses. Mike Chapple’s SSCP and CISSP courses are on LinkedIn Learning—often free with a library card. There are many free options here! This step helps you determine if security is truly your calling.

Don’t underestimate the value of understanding the fundamentals. Security is built on concepts like confidentiality, integrity, and availability. Knowing how to discuss these concepts intelligently will set you apart in interviews and networking events.

The security field has its own vocabulary, and fluency in this language signals to potential employers that you’ve done your homework. Terms like “threat modeling,” “defense in depth,” and “least privilege” should become second nature.

2. Network Relentlessly

Join organizations like ISACA (Information Systems Audit and Control Association), ISC2 (International Information System Security Certification Consortium), ISSA (Information Systems Security Association), or CSA (Cloud Security Alliance). Local meetups are invaluable too, depending on where you live.

You’ll never find a profession where people are more willing to help you get ahead. Security professionals genuinely want to see newcomers succeed and will offer guidance, mentorship, and sometimes even job leads.

Remember that security professionals come from all walks of life. It’s not all IT/technical backgrounds, and it’s not all firefighting or getting called in the middle of the night. The diversity of pathways into security is something to embrace rather than fear.

Consider Certification

While certifications aren’t mandatory, they provide structured learning and validate your knowledge to employers. They also demonstrate commitment to the field.

For beginners, I recommend considering the free Certified in Cybersecurity (CC) certification from ISC2. This helps with both speaking the language and building credentials without financial risk.

When it comes to certifications, I tell people that employers primarily recognize CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), and CISM (Certified Information Security Manager). Check job postings—they often list “one of the SANS certifications” rather than specifying which ones.

There’s an exception if you’re interested in red teaming/penetration testing, where certifications like LPT (Licensed Penetration Tester), GPEN (GIAC Penetration Tester), CEH (Certified Ethical Hacker), and OSCP (Offensive Security Certified Professional) carry more weight.

Both CISSP and OSCP are challenging exams, so I recommend warming up with an entry-level certification first to get used to test-taking under pressure. If you’re aiming for CISSP, consider Security+ or SSCP (Systems Security Certified Practitioner) as stepping stones. The SSCP is offered by the same organization as CISSP (ISC2), as is the free CC certification.

Get on Stage

Present on a security topic—perhaps something you already know about with a security angle added. This builds your reputation and demonstrates expertise.

Public speaking might seem intimidating, but it’s one of the fastest ways to establish yourself in the field. Start small, perhaps at a local meetup or a lightning talk at a conference. Choose topics where you have unique insights or experiences.

The ability to communicate complex security concepts clearly is a rare and valuable skill. By presenting, you not only build this skill but also make connections with potential employers and mentors who appreciate good communicators.

Claim Your Identity as a Security Professional

Cybersecurity is largely an unregulated industry. At some point, you need to confidently present yourself as a security professional. Update your LinkedIn profile, participate in forums, contribute to open-source projects, or write blog posts about security topics.

This step is often the hardest for newcomers—feeling confident enough to claim the identity. But remember that everyone starts somewhere, and the industry needs fresh perspectives. Your background, whatever it may be, likely gives you unique insights that will benefit the security community.

Finding Your Security Niche

The beauty of cybersecurity is its breadth. You can focus on governance and policy if you enjoy working with frameworks and documentation. You can dive into technical specialties like cloud security, application security, or network defense. You might prefer security education and awareness if you enjoy working with people.

Take time to explore different domains before specializing. Your previous experience likely gives you advantages in certain areas. Former developers often excel in application security, while those with business backgrounds might find governance roles more natural.

The Path Forward

Breaking into cybersecurity requires persistence, continuous learning, and networking. The field is challenging but rewarding, with problems that matter and colleagues who care. The 4 million job openings might be aspirational rather than current reality, but the need for talented, passionate security professionals remains strong.

What draws most of us to this field isn’t just the job security or pay—it’s the mission. We protect people, organizations, and critical systems from harm. We solve puzzles that matter. We make a difference.

If you’re serious about joining our ranks, start with step one today. Learn the language. Join a community. Begin the journey. The security community will welcome you, support you, and challenge you to grow.

And perhaps someday soon, you’ll find yourself saying, without a hint of sarcasm: “I love my job.”

The post Cybersecurity Talent Gap first appeared on Cybersecurity Insiders.

The post Cybersecurity Talent Gap appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/fm4HeTb
via IFTTT

Data breaches are no occasional crisis – they are a persistent, costly epidemic wreaking global havoc on businesses.

While organizations leverage the latest technological advancements in perimeter defense, access management, and cloud and application security, one area that is overlooked is data encryption. 

Where Do Gaps in Encryption Exist?

Enterprise data follows a lifecycle encompassing creation, collection, transfer, storage, processing, analysis, and archival. Traditional encryption methods typically include encryption at rest (when data is stored) and encryption in motion (when data is transferred between systems). However, these approaches need more protection because data must be decrypted for processing and analysis. Additionally, vulnerabilities arise during transitions between encryption in motion and processing or when shifting to encryption at rest.

These security gaps expose organizations to malicious parties – insiders and external hackers – who increasingly target such weak points to gain access to sensitive information. Attackers’ ability to identify and exploit these lifecycle vulnerabilities puts organizations at significant risk of data exfiltration resulting from a breach, underscoring the urgent need for comprehensive encryption solutions that protect data across every stage of its lifecycle.

The risks multiply in cloud-based and data-sharing environments where data is frequently in motion and accessed by multiple parties.

The Promise of Fully Homomorphic Encryption: Continuous Data Protection

Fully homomorphic encryption (FHE) solutions shield data from unauthorized access and render it useless to threat actors when other defenses fail and a breach is successful. FHE allows computations on encrypted data,, eliminating critical vulnerabilities created by conventional encryption and the need to decrypt data for processing and analysis.  

FHE’s promise is transformative. It allows sensitive data to be processed without exposure in plaintext, enabling multiple parties to perform computations while ensuring data confidentiality and providing robust protection against software—and hardware-based attacks.

FHE enables operations on encrypted data without decryption, maintaining continuous protection throughout data workflows.

FHE is an indispensable tool for mitigating many cyber threats. Its application can reduce insider threats and man-in-the-middle attacks by ensuring that data remains encrypted during transmission and processing, reducing the risk of interception and tampering.

It safeguards third-party data sharing by eliminating plaintext exposure and defends against data exfiltration by ensuring that encrypted data is unreadable without proper decryption keys. The technology also strengthens cloud security by allowing secure data processing in untrusted environments.

Why FHE Hasn’t Achieved Mainstream Success

Despite its vast potential, FHE hasn’t achieved widespread adoption due to several inherent limitations hindering its practicality in real-world applications. The combination of high costs, resource demands, and incompatibility with existing software has further limited its adoption, especially in environments requiring real-time processing.

Traditional FHE solutions often cause data to balloon 100 to 1,000 times in size when encrypted, driving up storage costs and slowing data transfer.  These scalability issues have made handling large datasets or complex computations difficult, particularly for big data analytics and machine learning. Performance bottlenecks can make operations on encrypted data thousands to millions of times slower than plaintext processing, requiring immense computational power.

Only when FHE is optimized can it empower organizations to maintain trust and integrity in an ever-evolving threat landscape. 

Advances in cryptographic algorithms and computing power bridge the gap between security and usability in FHE, making it viable for real-world applications. Optimized Fully Homomorphic Encryption (FHE) solutions are emerging as practical, efficient tools for protecting sensitive data without compromising speed or scalability.

One of the most transformative developments in optimized FHE is the ability to inspect encrypted data at near-plaintext speeds.

Unlike traditional FHE, which could take hours, days, or weeks to process encrypted computations, cutting-edge solutions now operate within nanoseconds. This performance boost is critical in real-time processing scenarios like fraud detection, transaction monitoring, or high-frequency trading. Fast encryption and decryption enable organizations to maintain security without sacrificing efficiency, ensuring seamless operations across time-sensitive use cases.

An optimized FHE solution must align with stringent security standards, such as the Federal Information Processing Standard (FIPS) 140-2 certification, to ensure it meets the compliance and encryption benchmarks mandated by governments and regulatory bodies. This certification demonstrates the solution’s robustness and readiness for deployment in industries like finance, healthcare, and government, where data protection is paramount. FIPS compliance ensures secure encryption and fosters trust and confidence in the solution’s reliability.

Optimized FHE solutions eliminate one of the most significant pain points of earlier iterations—data expansion. In traditional FHE systems, encrypted data often ballooned up to 1,000 times its original size, which slowed down processing and created logistical challenges in storage and transmission.

Modern FHE, by contrast, ensures the size of encrypted data remains consistent with its plaintext equivalent, allowing for faster performance and reduced bandwidth and storage costs. This breakthrough is particularly beneficial for large-scale data-sharing applications requiring high computational efficiency.

When evaluating an FHE solution, it’s critical to ensure the offering incorporates key features and capabilities that enable organizations to fully unlock its potential.

The post Gaps In Encryption Create Exploitable Vulnerabilities first appeared on Cybersecurity Insiders.

The post Gaps In Encryption Create Exploitable Vulnerabilities appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/O1eokQZ
via IFTTT

The number of dark web marketplaces, also known as darknet markets, continues to grow year-on-year, despite law enforcement’s efforts to close the networks down. Cybercriminals use these illicit platforms to trade hacking tools, services, stolen data and other sensitive information obtained from cyber attacks. Tools such as malicious software, phishing kits and email extractors are being sold by sophisticated hackers through these darknet markets to inexperienced cybercriminals, democratising their use.  

With advancements in these tools and technologies (such as AI) driving wider use of ransomware and malware-as-a-service (MaaS), the need for organisations to protect digital identities through robust cybersecurity has never been greater. To address and mitigate the vulnerabilities leaving them exposed to cyber attacks, organisations must familiarise themselves with the tools and tactics cybercriminals are using.    

Last year, half of UK businesses experienced a cyber attack or some kind of breach, with the primary attack type being phishing (84%), and viruses or other malware accounting for only 17% of attacks. With phishing’s main purpose being to steal credentials or sensitive information, this knowledge gives organisations a better understanding of what cybercriminals are after and, by extension, where cybersecurity efforts should be prioritised. As organisations struggle to combat cyber attacks, now must be the time to refer to the hacker’s playbook and beat them at their own game.  

Battling hacker sophistication  

More sophisticated attacks and entrepreneurial approaches to the tools hackers make available to other cybercriminals are threatening to outpace organisations in the cyber race. As well as this, evolving technologies, like AI, are accelerating the democratisation of cyber attacks, giving less experienced threat actors the resources they need to carry out a serious breach.  

Recent cases have shown us the extent of damage MaaS attacks can cause. The cybercriminals who carried out the Snowflake data theft and extortion used infostealer malware and purchased credentials to carry out the attack which left up to 165 businesses compromised. The data stolen from such attacks is a valuable commodity on darknet marketplaces, with darknet market ‘vendors’ making the sensitive information available to even the most novice cybercriminals. Last year’s attack on Synnovis, an NHS provider, is another example of this kind of work in the wild, resulting in the ransomware gang which carried out the attack (Qilin) publishing 400GB of private healthcare data online. These attacks reveal how hacking tools and sensitive information is being made available for all types of cybercriminals to utilise. 

Readily available MaaS, including adware, keyloggers, spyware, worms, Trojan horses and more is concerning. Organisations are racing against time to combat the ever-growing volume and complexity of attacks fuelled by open trade on darknet markets.

How organisations can take advantage of the playbook  

The World Economic Forum’s Global Cybersecurity Outlook report for 2025 found a 223% increase in deepfake-related tools being traded on the dark web, outpacing organisations’ abilities to keep up with AI-driven cyber attacks.  

As attacks and the technology behind them evolve, so too must cyber defences. For organisations to defend digital identities from malicious intentions, they must stay informed of the technologies and strategies hackers are exploiting, as well as the most valuable targets for cybercriminals.  

Understanding how hacking tools are being used and what data is most valuable for cybercriminals will become more critical as organisations develop strategies to tackle threats. With bad actors continuously adopting new technologies and changing their attack styles, proactive defence measures, such as behavioural analytics and AI-driven threat detection, should be widely implemented to outsmart cybercriminals before an attack is successfully completed.  

Importantly, personally identifiable information (PII), financial information and passwords or login credentials top the list of the most valuable data cybercriminals sell on the dark web. Alongside proactive defence measures, focusing cybersecurity efforts on these vulnerabilities is critical, and as this information is often stolen through phishing attacks, email and password security should be a primary focus. 

The importance of password-related security is often overlooked. Alternative authentication methods, such as multi-factor authentication (MFA), token authentication and biometric identification can easily be implemented to defend against attacks carried out by sophisticated hackers and less skillful cybercriminals alike. Decentralising identity is also often under-utilised as a defence strategy, despite its proven benefit of making it more difficult for cybercriminals to carry out an attack.  

Darknet markets will remain 

Protecting significant vulnerabilities, such as passwords, which are knowingly exploited to steal PII, financial details and credential information, is of ever-growing importance as hackers continue to go to great lengths to steal one of the dark web’s most valuable commodities – data.  

As technologies and cybercriminals rapidly evolve, organisations must rethink their approach to cyber defence. By keeping well informed of hacking tools and techniques and focusing resources into defences protecting the most valuable aspects of data, businesses can better position themselves to secure digital identities.

 

The post What can organisations learn about cybersecurity from the hacker’s playbook? first appeared on Cybersecurity Insiders.

The post What can organisations learn about cybersecurity from the hacker’s playbook? appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/4fZ7CLz
via IFTTT

Palo Alto, California, April 16th, 2025, CyberNewsWire

SquareX researchers Jeswin Mathai and Audrey Adeline will be disclosing a new class of data exfiltration techniques at BSides San Francisco 2025. Titled “Data Splicing Attacks: Breaking Enterprise DLP from the Inside Out”, the talk will demonstrate multiple data splicing techniques that will allow attackers to exfiltrate any sensitive file or clipboard data, completely bypassing major Data Loss Protection (DLP) vendors listed by Gartner by exploiting architectural vulnerabilities in the browser. 

DLP is a core pillar of every enterprise security stack. Data breaches can result in severe consequences including IP loss, regulatory violations, fines, and severe reputational damage. With over 60% of corporate data being stored in the cloud, browsers have become the primary way for employees to create, access, and share data. Consequently, the browser has become a particularly attractive target for external attackers and insider threats alike. Yet, existing endpoint and cloud DLP solutions have limited telemetry and control over how employees interact with data on the browser. 

Additionally, there are several unique challenges when it comes to maintaining data lineage in the browser. This includes managing multiple personal and professional identities, the wide landscape of sanctioned and shadow SaaS apps, and the numerous pathways in which sensitive data can flow between these apps. Unlike managed devices where enterprises have full control over what can be installed on the device, employees can easily sign up for various SaaS services without the IT team’s knowledge or oversight. 

SquareX researcher Audrey Adeline says, “Data splicing attacks are a complete game changer for insider threats and attackers that are seeking to steal information from enterprises. They exploit newer browser features that were invented long after existing DLP solutions and thus the data exfiltrated using these techniques are completely uninspected, resulting in full bypasses. With today’s workforce heavily relying on SaaS apps and cloud storage services, any organization that uses the browser is vulnerable to data splicing attacks.”

As part of the talk, they will also be releasing an open-source toolkit, “Angry Magpie”, which will allow pentesters and red teams to test their existing DLP stack and better understand their organization’s vulnerability to Data Splicing Attacks. SquareX hopes that the research will highlight the severe threats that browsers pose on data loss and serve as a call to action for enterprises and vendors alike to re-think their data loss protection strategies. 

Upon the completion of BSides San Francisco, the SquareX team will also be presenting at RSAC 2025 and will be available at Booth S-2361, South Expo for further discussions on the research.

Talk Details:

Title: Data Splicing Attacks: Breaking Enterprise DLP from the Inside Out

Speakers: Jeswin Mathai and Audrey Adeline

Event: BSides San Francisco 2025

Location: San Francisco, CA

Toolkit Release: Angry Magpie (Open Source)

About the Speakers

Jeswin Mathai, Chief Architect, SquareX

Jeswin Mathai serves as the Chief Architect at SquareX, where he leads the design and implementation of the company’s infrastructure. A seasoned speaker and researcher, Jeswin has showcased his work at prestigious international stages such as DEF CON US, DEF CON China, RootCon, Blackhat Arsenal, Recon Village, and Demo Labs at DEFCON. He has also imparted his knowledge globally, training in-classroom sessions at Black Hat US, Asia, HITB, RootCon, and OWASP NZ Day. He is also the creator of popular open-source projects such as AWSGoat, AzureGoat, and PAToolkit.

Audrey Adeline, Researcher

Audrey currently leads the Year of Browser Bugs (YOBB) project at SquareX which has disclosed multiple major architectural browser vulnerabilities to date. She is also a published author of The Browser Security Field Manual. Key discoveries from YOBB include Polymorphic Extensions, Browser Ransomware and Browser Syncjacking, all of which have been covered by major publications such as Forbes, Bleeping Computer and Mashable. She is passionate about furthering cybersecurity education and has run multiple workshops with Stanford University and Women in Security and Privacy (WISP). Prior to SquareX, Audrey was a cybersecurity investor at Sequoia Capital and graduated from the University of Cambridge with a degree in Natural Sciences.

About SquareX

SquareX’s industry-first Browser Detection and Response (BDR) helps organizations detect, mitigate, and threat-hunt client-side web attacks targeting employees happening against their users in real-time. This includes defending against identity attacks, malicious extensions, spearphishing, browser data loss, and insider threats. 

SquareX takes a research and attack-focused approach to browser security. SquareX’s dedicated research team was the first to discover and disclose multiple pivotal attacks, including Last Mile Reassembly Attacks, Browser Syncjacking, Polymorphic Extensions, and Browser-Native Ransomware. As part of the Year of Browser Bugs (YOBB) project, SquareX commits to continue disclosing at least one major architectural browser vulnerability every month.  

Contact

Head of PR
Junice Liew
SquareX
junice@sqrx.com

The post SquareX to Uncover Data Splicing Attacks at BSides San Francisco, A Major DLP Flaw that Compromises Data Security of Millions first appeared on Cybersecurity Insiders.

The post SquareX to Uncover Data Splicing Attacks at BSides San Francisco, A Major DLP Flaw that Compromises Data Security of Millions appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/BsjUD6E
via IFTTT

With the rise of worldwide data threats and attacks, data privacy acts are springing up across the globe. It may be relatively unknown, but India for one has established a data privacy regulation called the Digital Personal Data Protection (DPDP) Act, passed back in 2023. Established to protect digital personal data and regulate its processing, the DPDP Act aligns with global privacy laws like the EU’s General Data Protection Regulation (GDPR), which we are all familiar with, yet it has its own unique set of rules and requirements.

 It’s important to understand the key aspects of the DPDP Act and what you should do to stay compliant. In short, if your organization handles the personal data of residents in India, you need to be prepared.

What is the DPDP Act?

The DPDP Act is India’s own regulation to address concerns over data privacy and security. It applies to organizations that store, collect, or process digitized personal data of individuals in India, regardless of where the company is based. The law emphasizes clear guidelines on data processing, user consent, and penalties for non-compliance.

 Some of the key highlights of DPDP you need to know about include:

•  Data fiduciary responsibilities – Organizations handling personal data must implement robust security measures, restrict access based on need, and maintain data protection accountability. In some cases, they must also appoint a Data Protection Officer (DPO).
• Consent that is explicit – Before processing personal data, organizations must get clear, affirmative consent from individuals. Users must actively agree to data collection – pre-checked boxes or implied permissions won’t cut it.
• Access and erasure rights – Individuals have the right to know what data an organization holds about them. They can request updates, corrections, or deletion of their data – essentially giving them the power to have control over their personal information.
• Data transfer across borders – The Indian government has the authority to regulate the transfer of personal data outside of India to make sure that its residents’ data is not mishandled or exploited in countries with weaker privacy laws.
• Strict penalties – Non-compliance can result in hefty fines, reaching up to INR 250 crore ($30 million USD). For businesses failing to obtain proper consent, mishandling data, or violating data security protocols, it likely will also mean big financial and reputational damages.

Comparing India’s DPDP Act to the EU’s GDPR

It’s clear there are major similarities between the DPDP Act and GDPR, since they both emphasize data rights, consent, and security. But there are also differences which reflect regional approaches to data protection and the specific needs of each jurisdiction. Understanding these distinctions is important for organizations operating within multiple regulatory frameworks.

Some of these differences include:

• Scope of application – GDPR applies broadly to any organization handling EU citizens’ data, while DPDP is specific to Indian residents.
• Data localization – While GDPR allows free movement of data across the EU, DPDP instills restrictions on transferring sensitive personal data outside of India.
• Reporting of a breach – While DPDP’s reporting requirements are still evolving, GDPR establishes strict and specific breach notification timelines.

Why DPDP compliance matters

Pretending you don’t know the DPDP Act exists or ignoring it all together isn’t an option. With India’s skyrocketing digital economy, regulatory compliance is extremely important. Organizations that fail to comply will risk reputational damage, legal penalties, and the loss of consumer trust.

However, a well-structured data protection strategy can provide businesses with not only compliance, but a competitive advantage. By demonstrating a commitment to data privacy, they can build stronger relationships with customers and stakeholders. Proactive steps for compliance also minimize the risk of security breaches, ensuring long-term operational stability.

How technology can help

Navigating data privacy regulations can feel overwhelming. However, approaches such as AI-driven data security governance can help businesses maintain compliance by:

• Discovering and classifying structured and unstructured personal and sensitive data across cloud and on-premises repositories.
• Monitoring and autonomously remediating data access and sharing to detect risky permissions, overexposed data, and unauthorized sharing.
• Automating compliance monitoring to ensure your data practices align with the DPDP Act’s requirements.
• Obtaining real-time insights to mitigate risks and prevent data breaches and unauthorized access.

India’s DPDP Act is a major step toward stronger data privacy and protection. With the proper intelligent data security solutions and practices in place, you can stay ahead of compliance challenges and keep data protected.  

The post What to Know about Compliance with India’s Emerging Digital Personal Data Protection Act first appeared on Cybersecurity Insiders.

The post What to Know about Compliance with India’s Emerging Digital Personal Data Protection Act appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/iB7P3Ww
via IFTTT

In an era where data drives strategy and personalized outreach is key to consumer engagement, marketing teams face mounting pressure to deliver results, especially in healthcare. However, when marketing initiatives intersect with protected health information (PHI), the stakes are significantly higher. HIPAA (Health Insurance Portability and Accountability Act) places strict limitations on how healthcare organizations collect, store, and share patient data. For cybersecurity professionals, ensuring compliance in this digital landscape means taking a proactive role in educating and guiding marketing departments. 

Understanding the HIPAA-Marketing Relationship 

HIPAA was enacted to protect sensitive patient information and to ensure privacy in healthcare transactions. While its relevance to clinicians and healthcare administrators is well-known, marketing teams often overlook their exposure to compliance risks, especially when campaigns target individuals based on health data or behavior. Whether through email campaigns, social media ads, or consumer lead lists, mishandling PHI can result in severe penalties, lawsuits, and long-term reputational damage. 

The challenge lies in the broad definition of PHI. Data points such as names, email addresses, medical conditions, appointment histories, and insurance information are all protected under HIPAA. Even indirect indicators — such as targeting people who downloaded a fertility app or visited a diabetes treatment page — can raise red flags if that data is not properly anonymized. 

Where Marketing Can Go Wrong 

One of the most common pitfalls involves using consumer lead lists that contain health-related information. Purchased or shared lists often lack clear data lineage or proper consent mechanisms. If a marketing team sends emails or digital ads to these contacts without verified HIPAA authorization, the organization could be found in violation even if the marketers were unaware of the regulations. 

Similarly, integrating PHI into customer relationship management (CRM) systems without proper encryption or access controls can create vulnerabilities. Misconfigured cloud storage, unsecured API integrations, and poor endpoint protection are other common weak spots. These missteps aren’t just technical flaws — they represent legal liabilities. 

Cybersecurity professionals must also watch for oversights during the handoff between departments. For example, a healthcare provider may collect patient feedback through a post-visit survey. If those responses are later used for testimonial marketing without HIPAA-compliant consent forms, the organization may unknowingly breach privacy regulations. 

Strategies for HIPAA-Compliant Marketing 

1. Implement Access Controls: Ensure that only authorized personnel — such as HIPAA-trained marketers or legal advisors — can access data tied to individuals’ health information. 
2. Audit Data Sources: Verify that all data used in campaigns is collected with proper consent and is HIPAA-compliant. This includes vetting third-party vendors and lead list providers for compliance documentation. 
3. Use Deidentified Data When Possible: HIPAA permits the use of deidentified data for marketing, provided that all 18 identifiers outlined by the law are removed. Work with data privacy experts to confirm deidentification standards are met. 
4. Secure Communication Channels: Any emails or digital communication involving PHI must be encrypted. Secure email platforms and SSL certificates are essential for any form of electronic outreach. 
5. Train Marketing Teams: Regular training sessions on HIPAA and digital marketing ethics can help nontechnical team members understand how to handle data responsibly. Awareness is often the first line of defense. 
6. Review Business Associate Agreements (BAAs): Ensure BAAs are in place with all marketing vendors who handle PHI. These agreements legally bind third parties to follow HIPAA rules. 

Cybersecurity’s Expanding Role 

For cybersecurity professionals, HIPAA compliance now extends beyond IT infrastructure. With the marketing department increasingly relying on data analytics and personalized targeting, cybersecurity must collaborate across departments. This includes helping select compliant martech tools, conducting risk assessments for marketing workflows, and establishing clear protocols for data segmentation and use. 

Additionally, incident response plans must now include potential marketing-related breaches. If an unauthorized ad campaign mistakenly reveals PHI, the fallout is both a privacy and PR crisis. Being prepared for such incidents is crucial. 

Prevention Over Penalties 

The digital transformation of healthcare marketing offers exciting opportunities but also introduces complex risks. For organizations navigating this evolving landscape, a unified approach between cybersecurity and marketing is essential. By identifying risks early and adopting HIPAA-compliant practices, cybersecurity professionals can play a pivotal role in preventing costly violations. 

Whether you’re working with consumer lead lists or developing targeted campaigns, remember: The goal is not just to market effectively — it’s to market ethically and legally. In the digital age, success is measured not only by clicks and conversions but by trust and compliance. 

__

Author bio: Richard Bufkin is President of TargetLeads a division of Senior Direct Inc., a direct mail marketing company. With over 20 years of experience, he focuses on lead generation and growing the business. 

The post Navigating HIPAA In The Digital Age: How Marketing Teams Can Avoid Costly Violations first appeared on Cybersecurity Insiders.

The post Navigating HIPAA In The Digital Age: How Marketing Teams Can Avoid Costly Violations appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/lILXbW2
via IFTTT

In 2023, the Federal Trade Commission (FTC) released a warning to five of the most popular tax preparation companies, stating they could face civil penalties if they used confidential data collected from consumers – for unrelated purposes. 

Two years after the warning was published, an even greater concern has emerged — the integrity of the tax prep companies’ software. Gartner predicts that by this year, 45% of organizations worldwide will have experienced attacks on their software supply chains. If compromised, for tax prep businesses and their customers, the consequences of a software supply chain attack could be devastating. The potential threats and damages would extend well beyond the April 15 tax deadline.  

The Hidden Risks in Tax Software 

Sensitive data within tax prep software includes anything from finances to personal details such as marital status and children, and even health details — all of which are a top target for cybercriminals. Adversaries can use this information to conduct identity theft, tax refund, and other forms of financial fraud, targeted phishing attacks, and even extortion and blackmail. 

One of the most common ways that adversaries attempt to penetrate tax prep companies’ networks is by exploiting vulnerabilities in their software. Tax software, like the overwhelming majority of all software today, is made up of open-source components. Unfortunately, these dependencies often bring a multitude of security weaknesses. 

Nearly all (95%) of security weaknesses originate within open-source packages, with half of these vulnerabilities, across all severity levels, having no known fixes. In addition, nearly three-fourths of open-source components are either poorly or no longer maintained. 

With the demand that tax season brings on these organizations’ developers, it is nearly impossible for them and security teams to keep up with software supply chain maintenance and governance needs, leaving wide open gaps for threat actors to infiltrate. Plus, the recent IRS reduction in force could also increase IT security threats and make it easier for cybercriminals to break in due to fewer employees, delayed security updates and patches, and diminished security threats and inquiries. 

Strengthening Tax Software from the Inside Out 

Fortunately, there are steps tax companies’ developers and security teams can take to stay secure all year long. 

1. Get to Know What’s in Your Software: Developers and security teams don’t have X-Ray vision, so tax companies need to have a solution that can generate a comprehensive software bill of materials (SBOM). SBOMs can provide visibility into all open-source, third-party, and custom-developed software components, ensuring that even the deepest layers of dependencies meet the current compliance standards and don’t introduce risk. 
2. Keep Your SBOMs Organized: Sometimes tax prep companies need to access an SBOM quickly to either verify the origin of software, provide it for a third-party, or pull information for other software. Tax prep companies need to have a secure channel to share SBOMs and security attestations when needed, all while maintaining confidentiality. 
3. Hold Third-Parties to a High Security Standard: Tax prep companies work with a variety of third-party vendors, including e-filing and payment processors, identity verification and fraud prevention companies, cloud and hosting providers, and even marketing and analytics companies. Tax organizations must have the ability to verify the safety of third-party software and track, share, and manage SBOMs across multiple partners to ensure the integrity of the entire software ecosystem.
4. Don’t Wait for a Vulnerability to Present a Problem: Identifying vulnerabilities is only half of the battle. Tax organizations also need to take action to fix them quickly, especially for open-source code that might not even have a patch available. Fortunately, there are solutions on the market that can help developers prioritize which vulnerabilities to address first and provide guidance on how to fix them. 

In order for tax companies to stay safe throughout the busy tax prep season, it’s imperative that they focus on proactive cybersecurity measures such as utilizing multi-factor authentication, ensuring that there are regular software updates, conducting strong encryption protocols, and providing security user education programs. 

While all of these measures certainly help, all of it is futile without a strong, secure software supply chain. Tax prep companies can protect user data year-round by maintaining SBOMs, holding partners accountable, and proactively managing vulnerabilities. 

 

The post Tax Season’s Silent Threat: The Importance of Securing the Software Supply Chain first appeared on Cybersecurity Insiders.

The post Tax Season’s Silent Threat: The Importance of Securing the Software Supply Chain appeared first on Cybersecurity Insiders.

from Cybersecurity Insiders https://ift.tt/ETPHA58
via IFTTT