#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

Regulatory Compliance | Breaking Cybersecurity News | The Hacker News

Category — Regulatory Compliance
Meta Pauses AI Training on EU User Data Amid Privacy Concerns

Meta Pauses AI Training on EU User Data Amid Privacy Concerns

Jun 15, 2024 Artificial Intelligence / Privacy
Meta on Friday said it's delaying its efforts to train the company's large language models ( LLMs ) using public content shared by adult users on Facebook and Instagram in the European Union following a request from the Irish Data Protection Commission (DPC). The company expressed disappointment at having to put its AI plans on pause, stating it had taken into account feedback from regulators and data protection authorities in the region. At issue is Meta's plan to use personal data to train its artificial intelligence (AI) models without seeking users' explicit consent, instead relying on the legal basis of ' Legitimate Interests ' for processing first and third-party data in the region. These changes were expected to come into effect on June 26, before when the company said users could opt out of having their data used by submitting a request "if they wish." Meta is already utilizing user-generated content to train its AI in other markets such ...
Google's Privacy Sandbox Accused of User Tracking by Austrian Non-Profit

Google's Privacy Sandbox Accused of User Tracking by Austrian Non-Profit

Jun 14, 2024 Privacy / Ad Tracking
Google's plans to deprecate third-party tracking cookies in its Chrome web browser with Privacy Sandbox has run into fresh trouble after Austrian privacy non-profit noyb (none of your business) said the feature can still be used to track users. "While the so-called 'Privacy Sandbox' is advertised as an improvement over extremely invasive third-party tracking, the tracking is now simply done within the browser by Google itself," noyb said . "To do this, the company theoretically needs the same informed consent from users. Instead, Google is tricking people by pretending to 'Turn on an ad privacy feature.'" In other words, by making users agree to enable a privacy feature, they are still being tracked by consenting to Google's first-party ad tracking, the Vienna-based non-profit founded by activist Max Schrems alleged in a complaint filed with the Austrian data protection authority. Privacy Sandbox is a set of proposals put forth by the i...
Watch Out For These 8 Cloud Security Shifts in 2025

Watch Out For These 8 Cloud Security Shifts in 2025

Feb 04, 2025Threat Detection / Cloud Security
As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud. But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Let's take a look… #1: Increased Threat Landscape Encourages Market Consolidation Cyberattacks targeting cloud environments are becoming more sophisticated, emphasizing the need for security solutions that go beyond detection. Organizations will need proactive defense mechanisms to prevent risks from reaching production. Because of this need, the market will favor vendors offering comprehensive, end-to-end security platforms that streamline risk mitigation and enhance operational efficiency. #2: Cloud Security Unifies with SOC Priorities Security operations centers (SOC) and cloud security functions are c...
Why Regulated Industries are Turning to Military-Grade Cyber Defenses

Why Regulated Industries are Turning to Military-Grade Cyber Defenses

Jun 14, 2024 Cybersecurity / Regulatory Compliance
As cyber threats loom large and data breaches continue to pose increasingly significant risks. Organizations and industries that handle sensitive information and valuable assets make prime targets for cybercriminals seeking financial gain or strategic advantage.  Which is why many highly regulated sectors, from finance to utilities, are turning to military-grade cyber defenses to safeguard their operations. Regulatory Pressures Impacting Cyber Decisions Industries such as finance, healthcare, and government are subject to strict regulatory standards, governing data privacy, security, and compliance. Non-compliance with these regulations can result in severe penalties, legal repercussions, and damage to reputation. To meet regulatory requirements and mitigate the ever-increasing risk, organizations are shifting to adopt more robust cybersecurity measures. Understanding the Increase of Threats Attacks on regulated industries have increased dramatically over the past 5 years, wi...
cyber security

Webinar: 5 Ways New AI Agents Can Automate Identity Attacks | Register Now

websitePush SecurityAI Agents / Identity Security
Watch how Computer-Using Agents can be used by attackers to automate account takeover and exploitation.
New Research Warns About Weak Offboarding Management and Insider Risks

New Research Warns About Weak Offboarding Management and Insider Risks

May 29, 2024 SaaS Security / Regulatory Compliance
A recent study by Wing Security found that 63% of businesses may have former employees with access to organizational data, and that automating SaaS Security can help mitigate offboarding risks.  Employee offboarding is typically seen as a routine administrative task, but it can pose substantial security risks, if not handled correctly. Failing to quickly and thoroughly remove access for departing employees introduces serious insider threats, leaving a company vulnerable to multiple kinds of risks, such as data breaches, intellectual property theft, and regulatory non-compliance.  Today, where SaaS applications are easily onboarded and are commonly used by users within and beyond the organization, effective offboarding procedures are non-negotiable to prevent instances of data leaks and other cybersecurity issues. Let's explore insider risk management and user offboarding in more detail, looking at their security risks and discussing best practices for ensuring a secure or...
Achieve Security Compliance with Wazuh File Integrity Monitoring

Achieve Security Compliance with Wazuh File Integrity Monitoring

May 21, 2024 Threat Detection / Regulatory Compliance
File Integrity Monitoring (FIM) is an IT security control that monitors and detects file changes in computer systems. It helps organizations audit important files and system configurations by routinely scanning and verifying their integrity. Most information security standards mandate the use of FIM for businesses to ensure the integrity of their data. IT security compliance involves adhering to applicable laws, policies, regulations, procedures, and standards issued by governments and regulatory bodies such as PCI DSS, ISO 27001, TSC, GDPR, and HIPAA. Failure to comply with these regulations can lead to severe consequences such as cyber breaches, confidential data loss, financial loss, and reputational damage. Therefore, organizations must prioritize adherence to IT regulations and standards to mitigate risks and safeguard their information systems effectively. The rapid pace of technological advancement and a shortage of skilled cybersecurity professionals contribute to compliance...
New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs

New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs

May 17, 2024 Cyber Hygiene / Attack Surface
A new report from XM Cyber has found – among other insights - a  dramatic  gap between where most organizations focus their security efforts, and where the most serious threats actually reside. The new report, Navigating the Paths of Risk: The State of Exposure Management in 2024, is based on hundreds of thousands of attack path assessments conducted by the  XM Cyber platform  during 2023. These assessments uncovered over 40 million exposures that affected millions of business-critical assets. Anonymized data regarding these exposures was then provided to the Cyentia Institute for independent analysis. To read the full report,  check it out here . Download the report to discover: Key findings on the types of exposures putting organizations at greatest risk of breach. The state of attack paths between on-prem and cloud networks. Top attack techniques seen in 2023. How to focus on what matters most, and remediate high-impact exposure risks...
New Guide: How to Scale Your vCISO Services Profitably

New Guide: How to Scale Your vCISO Services Profitably

May 09, 2024 vCISO / Regulatory Compliance
Cybersecurity and compliance guidance are in high demand among SMEs. However, many of them cannot afford to hire a full-time CISO. A  v CISO can answer this need by offering on-demand access to top-tier cybersecurity expertise. This is also an opportunity for MSPs and MSSPs to grow their business and bottom line. MSPs and MSSPs that expand their offerings and provide vCISO services will cater to SME requirements and concerns. By answering this market gap, they can grow their customer base as well as upsell to existing clients. This will lead to recurring revenue and increased profitability. Developing and scaling vCISO services requires a well-thought-out plan. This will help guide you through the required processes, anticipate and overcome challenges and optimize resource use. To aid you, we introduce a comprehensive and actionable  guide: "How to Scale Your vCISO Services Profitably" . The guide was developed based on the...
A SaaS Security Challenge: Getting Permissions All in One Place 

A SaaS Security Challenge: Getting Permissions All in One Place 

May 08, 2024 Attack Surface / SaaS Security
Permissions in SaaS platforms like Salesforce, Workday, and Microsoft 365 are remarkably precise. They spell out exactly which users have access to which data sets. The terminology differs between apps, but each user's base permission is determined by their role, while additional permissions may be granted based on tasks or projects they are involved with. Layered on top of that are custom permissions required by an individual user.  For example, look at a sales rep who is involved in a tiger team investigating churn while also training two new employees. The sales rep's role would grant her one set of permissions to access prospect data, while the tiger team project would grant access to existing customer data. Meanwhile, special permissions are set up, providing the sales rep with visibility into the accounts of the two new employees. While these permissions are precise, however, they are also very complex. Application admins don't have ...
New Case Study: The Malicious Comment

New Case Study: The Malicious Comment

May 07, 2024 Regulatory Compliance / Cyber Threat
How safe is your comments section? Discover how a seemingly innocent 'thank you' comment on a product page concealed a malicious vulnerability, underscoring the necessity of robust security measures. Read the full real-life case study  here .  When is a 'Thank you' not a 'Thank you'? When it's a sneaky bit of code that's been hidden inside a 'Thank You' image that somebody posted in the comments section of a product page! The guilty secret hidden inside this particular piece of code was designed to let hackers bypass security controls and steal the personal identifying information of online shoppers, which could have meant big trouble for them and the company. The page in question belongs to a global retailer. User communities are often a great source of unbiased advice from fellow enthusiasts, which was why a Nikon camera owner was posting there. They were looking for the ideal 50mm lens and asked for a recommendation....
New U.K. Law Bans Default Passwords on Smart Devices Starting April 2024

New U.K. Law Bans Default Passwords on Smart Devices Starting April 2024

Apr 30, 2024 IoT Security / Botnet
The U.K. National Cyber Security Centre (NCSC) is calling on manufacturers of smart devices to comply with new legislation that prohibits them from using default passwords, effective April 29, 2024. "The law, known as the  Product Security and Telecommunications Infrastructure act  (or PSTI act), will help consumers to choose smart devices that have been designed to provide ongoing protection against cyber attacks," the NCSC  said . To that end, manufacturers are required to not supply devices that use guessable default passwords, provide a point of contact to report security issues, and state the duration for which their devices are expected to receive important security updates. Default passwords can not only be easily found online, they also act as a vector for threat actors to log in to devices for follow-on exploitation. That said, a unique default password is permissible under t...
Unmasking the True Cost of Cyberattacks: Beyond Ransom and Recovery

Unmasking the True Cost of Cyberattacks: Beyond Ransom and Recovery

Apr 23, 2024 Regulatory Compliance / Penetration Testing
Cybersecurity breaches can be devastating for both individuals and businesses alike. While many people tend to focus on understanding how and why they were targeted by such breaches, there's a larger, more pressing question: What is the true financial impact of a cyberattack? According to research by Cybersecurity Ventures, the global cost of cybercrime is projected to reach an astonishing 10.5 trillion USD annually by 2025, which marks a dramatic increase from the 3 trillion USD reported in 2015. This sharp rise highlights a concerning trend: cybercriminals have significantly improved their methods for conducting sophisticated and successful cyberattacks over the years. According to research firm Cybersecurity Ventures, the cost of global cybercrime will reach a staggering 10.5 trillion USD annually by 2025, up from the 3 trillion USD that it was in 2015. It's clear, then, that these threat actors have found ways to pull off sophisticated and succes...
FTC Fines Mental Health Startup Cerebral $7 Million for Major Privacy Violations

FTC Fines Mental Health Startup Cerebral $7 Million for Major Privacy Violations

Apr 16, 2024 Privacy Breach / Regulatory Compliance
The U.S. Federal Trade Commission (FTC) has ordered mental telehealth company Cerebral from using or disclosing personal medical data for advertising purposes. It has also been fined more than $7 million over charges that it revealed users' sensitive personal health information and other data to third-parties for advertising purposes and failed to honor its easy cancellation policies. "Cerebral and its former CEO, Kyle Robertson, repeatedly broke their privacy promises to consumers and misled them about the company's cancellation policies," the FTC  said  in a press statement. While claiming to offer "safe, secure, and discreet" services in order to get consumers to sign up and provide their data, the company, FTC alleged, did not clearly disclose that the information would be shared with third-parties for advertising. The agency also accused the company of burying its data sharing practices in dense privacy policies, with the company engaging in decept...
Expert Insights / Articles Videos
Cybersecurity Resources