The Cybersecurity Roundup
Don Mangiarelli Cyber Security Hawaii
Cybersecurity Town Crier | IT Services | Helpdesk | Compliance Done For You | Ransomware Cleanup
Cybersecurity Nightmares You Can’t Ignore!
Hackers are evolving, AI is changing the game, and businesses are more vulnerable than ever. In this explosive 46th edition of The Cybersecurity Roundup, we’re exposing the biggest threats, urgent security mandates, and the AI-driven risks that could cripple your business.
Our Expert’s Corner features an eye-opening interview with Don Mangiarelli on how to STOP your sensitive information from leaking out of AI tools before it’s too late. PLUS, we have a MAJOR ANNOUNCEMENT—our brand-new podcast, Risk and Reality, is dropping in just TWO WEEKS! Don’t miss out!
Read on…
This Week's Cybersecurity News
1. PCI DSS 4.0 Mandates DMARC by 31st March
PCI DSS 4.0 has made it mandatory for organizations to implement Domain-based Message Authentication, Reporting & Conformance (DMARC) by March 31st. This update aims to mitigate phishing risks and ensure that only authorized senders can use a business's email domain. Businesses handling payment card information must comply to prevent security breaches. Read more
2. AI and Security: A New Puzzle to Figure Out
AI-driven automation is reshaping business operations, but security remains a challenge. AI models can introduce vulnerabilities in identity management, data security, and unauthorized access. Businesses must implement strict policies and controls to prevent AI misuse. Read more
3. DeepSeek Exposes Major Cybersecurity Blind Spot
A new AI chatbot, DeepSeek, has exposed a significant privacy risk, as users—including government employees—are unknowingly sharing confidential information. The chatbot collects extensive metadata, making data security a growing concern. Read more
4. Ransomware Gangs Extort Victims 17 Hours After Intrusion on Average
Ransomware operators are accelerating their attack timelines, demanding ransoms just 17 hours after initial intrusion. This trend underscores the need for rapid detection and response strategies to minimize damage. Read more
5. Insight Partners, VC Giant, Falls to Social Engineering
A major venture capital firm suffered a breach due to a sophisticated social engineering attack. This highlights the ongoing risks posed by phishing and impersonation scams and the need for continuous security awareness training. Read more
6. Content Credentials Aim to Tame Disinformation
As AI-generated content becomes more prevalent, new "content credential" technologies are being introduced to verify the authenticity of digital media, helping combat misinformation and deepfake threats. Read more
7. The National Institute of Standards and Technology Braces for Mass Firings
NIST, a critical institution for cybersecurity standards, is facing potential mass layoffs. This reduction could impact national security and slow down advancements in cybersecurity regulations. Read more
8. Integrating LLMs into Security Operations Using Wazuh
Security teams are exploring the integration of Large Language Models (LLMs) into platforms like Wazuh to enhance threat detection, automate incident response, and streamline cybersecurity operations. Read more
9. Darcula PhaaS Can Now Auto-Generate Phishing Kits for Any Brand
The Darcula phishing-as-a-service platform has introduced automated phishing kit generation for various brands, lowering the barrier to entry for cybercriminals. Businesses must ramp up email security measures to counteract this growing threat. Read more
Expert’s Corner: Interview with Don Mangiarelli on Protecting Business Information in AI
CSR: What are the primary security risks businesses face with AI in the workplace?
Don Mangiarelli: The biggest risk is that businesses lack formal policies governing AI usage. They often don't know which employees are using AI or what data they are inputting. If sensitive company information is fed into AI tools, it could be stored and even leaked, posing serious security risks.
CSR: How can businesses protect sensitive information from leaking into AI systems?
Don Mangiarelli: Businesses must establish clear AI usage policies. For example, employees should be prohibited from uploading bank statements or confidential documents into AI platforms. Policies should outline acceptable AI interactions and safeguard proprietary information.
CSR: What role does employee training play in mitigating AI-related security risks?
Don Mangiarelli: After setting AI policies, businesses must train employees on what data is permissible to enter into AI tools. Training helps employees understand risks and make informed decisions, preventing accidental data exposure.
CSR: Are there AI solutions that businesses can use to improve security?
Don Mangiarelli: Yes, businesses can deploy their own AI models trained on internal company data. This enhances security by ensuring AI outputs remain relevant and company-specific, rather than relying on general, publicly available data.
Useful Tips: Secure AI Usage in the Workplace
Think twice before entering any information into an AI. Consider if the data is personal or sensitive in nature. If it contains sensitive details, scrub that portion before entering it to prevent leaks and exposure. Cybercriminals may have malicious intentions, so always be mindful of what data you share with AI tools.
Announcement: Risk and Reality Podcast Launch!
We’re thrilled to announce the launch of our new podcast, Risk and Reality, where we explore business risks in the age of cyber threats. Our first episode airs in two weeks—stay tuned for expert insights, real-world case studies, and practical solutions to keep your business secure.
Book a free 15 minute cybersecurity strategy session with one of our friendly, local experts! You can book right here --> https://strategy,cybersecurehawaii.com