Join Packt’s Accelerated Agentic AI Bootcamp this June and learn to design, build, and deploy autonomous AI Agents using LangChain, AutoGen, and CrewAI. Hands-on training, expert guidance, and a portfolio-worthy project—delivered live, fast, and with purpose.

Spots are limited - book now to save 50%! Don’t miss your chance to join at the lowest price.

Use Code CYBER50 at checkout
Offer Valid until 18th May Midnight

Welcome to another_secpro!

For all of you who attended the RSA Conference, we hope you had a great time getting up to scratch with the goings on in this industry. Got something to share? Reply to this email and tell us about your thoughts. This week's issue contains:

- AI-Generated Law
-Google’s Advanced Protection Now on Android
-Another Move in the Deepfake Creation/Detection Arms Race
-Japan Enacts Active Cyberdefence Law to Counter Foreign Threats
-Dior Suffers Data Breach Exposing Customer Information
-U.S. House GOP Proposal to Block State AI Laws Raises Cybersecurity Concerns
-Navvis and SSM Health Agree to $6.5M Settlement Over Data Breach
-Indian Government Warns of Cyber Threats Post Ceasefire with Pakistan
-Maharashtra Appoints First Female Cyber Commando

Cheers!
Austin Miller
Editor-in-Chief

Secure AI agents and app workloads without secrets.

Identity-based, just-in-time access across AWS, Azure, GCPNo custom auth code required" MFA for machines" with Zero Trust built in.

Backed by Snowflake, Aembit makes identity-first security practical for today’s multi-cloud, AI-powered environments.

AI-Generated Law: On April 14, Dubai’s ruler, Sheikh Mohammed bin Rashid Al Maktoum,announcedthat the United Arab Emirates would begin usingartificial intelligence to help write its laws. A new Regulatory Intelligence Office would use the technology to “regularly suggest updates” to the law and “accelerate the issuance of legislation by up to 70%.” AI would create a “comprehensive legislative plan” spanning local and federal law and would be connected to public administration, the courts, and global policy trends. From Bruce Schneier.

Google’s Advanced Protection Now on Android: Google hasextended its Advanced Protection features to Android devices. It’s not for everybody, but something to be considered by high-risk users. From Bruce Schneier.

Another Move in the Deepfake Creation/Detection Arms Race:Deepfakes are nowmimicking heartbeats. In a nutshell: Recent research reveals that high-quality deepfakes unintentionally retain the heartbeat patterns from their source videos, undermining traditional detection methods that relied on detecting subtle skin color changes linked to heartbeats; the assumption that deepfakes lack physiological signals, such as heart rate, is no longer valid. This challenges many existing detection tools, which may need significant redesigns to keep up with the evolving technology; to effectively identify high-quality deepfakes, researchers suggest shifting focus from just detecting heart rate signals to analyzing how blood flow is distributed across different facial regions, providing a more accurate detection strategy. From Bruce Schneier.

Japan Enacts Active Cyberdefence Law to Counter Foreign Threats: Japan has passed the Active Cyberdefence Law, empowering its government to proactively monitor and counter cyber threats, including those from foreign actors. The legislation allows for the surveillance of foreign IP communications and authorizes offensive cyber actions by law enforcement and the Self-Defense Forces, marking a significant shift in Japan's cybersecurity posture. See DIESEC's analysis here.

Dior Suffers Data Breach Exposing Customer Information: Luxury fashion brand Dior confirmed a cyberattack that compromised customer data, including names, contact details, and purchase histories. The breach, which did not affect financial information, was disclosed on Dior's South Korean website, with affected customers also reportedly contacted in China.

U.S. House GOP Proposal to Block State AI Laws Raises Cybersecurity Concerns: A Republican-led initiative in the U.S. House aims to impose a 10-year moratorium on state-level AI regulations, intending to create a unified federal framework. However, cybersecurity experts warn that this could weaken consumer protections and data privacy safeguards, especially in the absence of comprehensive federal legislation.

Navvis and SSM Health Agree to $6.5M Settlement Over Data Breach: Healthcare providers Navvis and SSM Health have agreed to a $6.5 million settlement following a 2023 data breach that exposed sensitive patient information. Affected individuals may receive up to $7,000 in compensation, depending on the extent of their losses, and are eligible for two years of free credit monitoring.

Indian Government Warns of Cyber Threats Post Ceasefire with Pakistan: Following a recent ceasefire between India and Pakistan, the Indian government has issued advisories highlighting potential cyber threats. Officials are urged to remain vigilant, as cyber operations and espionage activities may continue despite the cessation of active hostilities.

Maharashtra Appoints First Female Cyber Commando: Assistant Inspector Rupali Bobade of the Sangli Cyber Cell has become Maharashtra’s first female "cyber commando" after completing a rigorous six-month national training program. This initiative aims to strengthen India's digital security infrastructure by training 5,000 officers over five years.

ATT&CK Splunk Add-on (as part of Attack Range): This Splunk-supported environment is designed for testing and training based on real-world attack scenarios. It leverages MITRE ATT&CK to simulate threats and includes preconfigured Splunk dashboards and detections for ATT&CK techniques, offering a lab-like setting for defenders to hone their response strategies.

ATT&CK Navigator: ATT&CK Navigator is a web-based tool for visualizing and annotating MITRE ATT&CK matrices. It allows analysts to overlay data like detection coverage, threat actor usage, or red/blue team test results to better understand where gaps exist in detection or mitigation strategies.

Caldera: Caldera is an automated adversary emulation system designed to evaluate the effectiveness of cyber defense tools and processes. It uses the MITRE ATT&CK framework to model adversary behavior and execute post-compromise techniques, allowing blue teams to validate detection and response capabilities.

Detection Rules: Detection Rules is a collection of threat detection rules for use with Elastic Security. These rules are directly mapped to MITRE ATT&CK techniques and tactics, enabling high-fidelity detection of adversarial behavior in environments monitored by the Elastic Stack (Elasticsearch, Kibana, etc.).

Here are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!

DSEI (9th-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.

Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.

Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.