Cyber security trends for 2020

Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, will be making educated guesses based on what has happened during the last 12 months and several years before that.

The past year has seen a rapid increase in the adoption of up-and-coming technologies. Everyday items are getting
smarter and more connected. Companies are saving millions with new technologies and cities are racing to
implement smart solutions. 5G promises to bring wireless high speed broadband to everywhere. On the other hand those solutions add new kinds of vulnerabilities. Competing in today’s digital marketplace requires that organizations are cyber-savvy. 2020 is when cybersecurity gets even weirder, so get ready.

Here are some trends and predictions for cyber security in 2020:

Cyber Attacks: Cyberattacks grow in volume and complexity.Many countries that are going to emerge as major threats in the 2020s. Nation-state backed cyber groups have been responsible for major incidents over the last decade. And now more countries want the same power. Cyberattacks range from targeting your database to steal information that can be sold on the dark web, to hijacking unused CPU cycles on your devices to mine for cryptocurrencies, or trying to infect vulnerable systems so they can be used later as part of a botnet.

IoT security: IoT security is still getting worse until it starts to get better.  IoT security is an extremely hot topic right now and will be hot for many years to come. Industrial IoT risk has been discussed a lot. Physics dictates local application deployment, because the control rate of most industrial systems is 10 milliseconds or below. Smart Building Security Awareness Grows. The risks of the IoT in financial services are great. An explosion in IoT devices significantly raises the threat level. Gartner predicted that the world will see nearly 21 billion IoT devices by next year and it would be nice if all of them would be secure, but many of them unfortunately are not secure. Hackers are continually looking for ways to exploit device vulnerabilities. From smart TV’s, IP cameras, and smart elevators, to hospital infusion pumps and industrial PLC controllers, IoT and OT (Operational Technology) devices are inherently vulnerable and easy to hack. Why? Because IoT security is complicated and security should consider and integrated with IoT deployments. Gartner Says Worldwide IoT Security Spending Will Reach $1.9 Billion in 2019, and will raise to $ 3.1 billion in 2021, making it one of the fastest growing segments in cybersecurity industry. IoT landscape is complex, and so are the security solutions. These tackle the different challenges of IoT- device hardening, encryption, discovery, data protection, malware and anomaly detection, policy enforcement and more. You might have to do a little work with your internet of things devices to stay secure. A failure by many IoT device manufacturers to follow cryptographic best practices is leaving a high proportion of the devices vulnerable to attack. One in every 172 active RSA certificates are vulnerable to attack. It is a good idea to build a separate network segments for IoT devices so that they are isolated from the normal office network. FBI recommends that you keep your IoT devices on a separate network.

IoT privacy: Silicon Valley Is Listening to Your Most Intimate Moments. The world’s biggest companies got millions of people to let temps analyze some very sensitive recordings made by your “smart” speakers and smart phones. A quarter of Americans have bought “smart speaker” devices such as the Echo, Google Home, and Apple HomePod. Consulting firm Juniper Research Ltd. estimates that by 2023 the global annual market for smart speakers will reach $11 billion, and there will be about 7.4 billion voice-controlled devices in the wild. That’s about one for every person on Earth. The question is, then what? Having microphones that listen all the time is concerning. Also some attackers are terrifying homeowners and making them feel violated in their own homes.

Medical systems security: Cyberattacks on Medical Devices Are on the Rise—and Manufacturers Must Respond. Attacks on networked medical devices, and the data they collect and transmit, can be costly. Patient safety is a critical concern, especially with devices such as defibrillators and insulin pumps that could cause patient harm or death if they malfunction. It’s shocking that a few years after WannaCry and NotPetya, the healthcare industry is still not prepared to deal with ransomware attacks. Many hospitals and healthcare networks that have been hit by ransomware over the past few months.

Surveillance cameras: Surveillance cameras are capturing what we do on the streets, at airports, in stores, and in much of our public space. China’s Orwellian video surveillance gets a bad rap but the US isn’t far behind as US has nearly the same ratio of security cameras to citizens as China.And the numbers are growing all over the world. One billion surveillance cameras will be deployed globally by 2021, according to data compiled by IHS Markit. Russia is building one of the world’s largest facial recognition networks and it may even be bigger than China’s 200 million camera system. China’s installed base is expected to rise to over 560 million cameras by 2021, representing the largest share of surveillance devices installed globally, with the US rising to around 85 million cameras. Now US, like China, has about one surveillance camera for every four people (in 2018 China had 350 million cameras and USA  70 million). Surveillance cameras are getting better, smaller and cheaper and can be installed almost anywhere. It would be very easy to sneak another device onto a hotel’s Wi-Fi network, stream that video over the internet to the computer.

Facial recognition: Private companies and governments worldwide are already experimenting with facial recognition technology. Facial recognition software is touted as making us safer. But mass surveillance has downsides of major proportions. Massive errors found in facial recognition tech. Facial recognition systems can produce wildly inaccurate results, especially for non-whites. Russia is building one of the world’s largest facial recognition networks. Individuals, lawmakers, developers – and everyone in between – should be aware of the rise of facial recognition, and the risks it poses to rights to privacy, freedom, democracy and non-discrimination.

Shut off Internet: Worrying worldwide trend employed by various governments: preventing people from communicating on the web and accessing information. Amid widespread demonstrations over different issues many countries have started cutting Internet connections from people. Some countries, namely China, architected their internet infrastructure from the start with government control in mind. Russia is aiming to this direction. Iran, India, Russia. For better or worse, an internet blackout limits the government’s ability to conduct digital surveillance on citizens.

Security First: Implementing Cyber Best Practices Requires a Security-First ApproachCompeting in today’s digital marketplace requires that organizations be cyber-savvy. The best defense is to start with a security-driven development and networking strategy that builds a hardened digital presence from the ground up. This not only ensures that your online services and web applications are protected from compromise, but also enables security to automatically evolve and adapt right alongside the development of your digital presence, rather than it having to be constantly rigged and retrofitted to adapt to digital innovation.

Zero Trust Network Access: Many of the most damaging breaches have been the result of users gaining access to unauthorized levels of network resources and devicesZero Trust is an enforceable, identity-driven access policy that includes seamless and secure two-factor/OTP authentication across the organization. Zero Trust Network Access ensures that all users and devices are identified, profiled, and provided appropriate network access. It also ensures that new devices are automatically assigned to appropriate network segments based on things like device profiles and owners. When combined with Network Access Control (NAC), organizations can also discover, identify, grant appropriate access, and monitor devices, thereby enhancing your access and segmentation strategy.

Anti-virus software: Only Half of Malware Caught by Signature AV. The percentage of malware that successfully bypassed signature-based antivirus scanners at companies’ network gateways has increased significantly, either by scrambling
code known as “packing” using basic encryption techniques or by the automatic creation of code variants. It seems that new approaches like machine learning and behavioral detection are necessary to catch threats. Meanwhile, network attacks have risen, especially against older vulnerabilities.

Ransomware attacks: Ransomware will remain a major threat in the coming year, as the criminal business model continues to flourish. That’s a move that security professionals have long condemned, warning that paying the ransom in a ransomware attack could end up causing more turmoil for victims – as well as inspire other cybercriminals to launch ransomware attacksMicrosoft never encourage a ransomware victim to pay. What to do with this is question. How much does a large-scale ransomware attack cost, as opposed to just hiring an adequate number of skilled IT personnel, and having disaster recovery plans in place? There is no complete security solution that could stop all attacks, but you should have decent protection. It would seem prudent to have adequate staff and offline BACKUPS to deal with this kind of situation, so decent recovery would be possible. Having no backup system is the gamble many companies and public entities seem to be playing. Good backups helps to recover from ransom attacks. There are new tactics coming to use in ransomware. A new Snatch ransomware strain that will reboot computers it infects into Safe Mode to disable any resident security solutions. Another new tactic by ransomware developers is to release a victim’s data if they do not pay the ransom – they will publish data that they steal to a competitor if the ransom is not paid.

Public sector: Public Sector Security Is Lagging. The state of cybersecurity and resilience in the public sector needs an
urgent boost in many countries. U.S. citizens rely on state governments and local municipalities to provide a host of services everything from access to public records, law enforcement protection, education and welfare to voting and election services. Cybercriminals have been targeting state and local governments with ransomware tools, which infect an organization’s computer networks and lock up critical files.

Regulation: We will see further legal regulations in the area of cyber security and data protection. The implementation of the GDPR and the IT Security Act have already ensured that the behaviour of companies has changed significantly. The drastic fines are having an effect. However, the GDPR is not the end of the story. The ePrivacy Regulation, the forthcoming reform of the IT Security Act and the European CyberSecurity Act will introduce further requirements, with the aim of improving digital security.

Consumer confidence: Winning consumer confidence is crucial to the development of new digital services. In a PwC study, consumers are prepared to share personal information if it is of sufficient value to them. On the other hand, consumer confidence also needs to be earned that you keep the information safe.

API security: APIs now account for 40% of the attack surface for all web-enabled apps. It’s a good time to pay attention to API security, since some recent high-profile breaches have involved API vulnerabilities. OWASP, the Open Web Application Security Project known for its top 10 list of web application vulnerabilities, published the release candidate version of its API Security Top 10 list at the end of September 2019. Also it’s almost 2020 and some sysadmins are still leaving Docker admin ports exposed on the internet.

Skills gap: Security teams are already grappling with serious challenges due to the growing cybersecurity skills gap, are being tasked to secure an ever-expanding network footprint. Security teams are often left to secure virtual and cloud environments, the implementation of SaaS services, DevOps projects, the growing adoption of IoT, mobile workers, and an expanding array of personal connected devices after they have already been implemented. They often do not have enough people and enough knowledge on those new technologies to do their work well. The cybersecurity unemployment rate is zero, with over 1 million jobs currently unfilled, a number that is expected to climb to 3.5 million by 2021. 145% Growth is Needed to Meet Global Demand.

Think Like Your Adversary: Cybersecurity leaders need to access the potential vulnerabilities (from the mindset of the adversary) and devise effective defensive countermeasures unique to their company’s needs. Programmers Should Think like Hackers. Security must be taken into account in all programming steps.

Third party security: Most Companies Don’t Properly Manage Third-Party Cyber Risk. It’s been established that good cybersecurity requires not just an internal assessment of an organization’s own security practices, but also a close look at the security of the partners that businesses rely upon in today’s modern, interconnected world. Developing a Third-Party Cyber Risk Management (TPCRM) strategy is becoming more common with every news headline regarding a major breach that stemmed from a company’s relationship with a third-party.

Privacy and surveillance: Fears Grow on Digital Surveillance. Americans are increasingly fearful of monitoring of their online and offline activities, both by governments and private companies. More than 60 percent of US adults believe it is impossible to go about daily life without having personal information collected by companies or the government. Google and Facebook help connect the world and provide crucial services to billions. But their system can also be used for surveillance. Amnesty International says Facebook and Google’s omnipresent surveillance is inherently incompatible with the right to privacy and is a danger to human rights. The claim is that the companies’ surveillance-based business model is inherently incompatible with the right to privacy and poses a threat to a range of other rights including freedom of opinion and expression, freedom of thought, and the right to equality and non-discriminationAmnesty International has called for a radical transformation of the tech giants’ core business model and said that Google and Facebook should be forced to abandon what it calls their surveillance-based business model because it is “predicated on human rights abuse.”

5G: Forecasting that 2020 will be “the year of 5G” no longer qualifies as a bold prediction. Billions of dollars’ worth of 5G rollouts are scheduled for the coming year, which will bring the emergent technology to countries around the world. The arrival of 5G will fuel an explosion of never-before-seen IoT machines, introducing uncharted vulnerabilities and opening the door for cyber-criminals to compromise our increasingly intertwined cities. Claims that 5G offers “better security” for IoT may not ring true.

5G security: The new 5G mobile networks will be the backbone of future digitalized operations. Therefore, it is also important to ensure the security and immunity of 5G networks.The Council of the European Union has warned member states that the introduction of 5G networks poses increased security risks while also bringing economic and infrastructure benefits. ENISA, the European Union Agency for Cybersecurity has published a ThreatLandscape for 5G Networks, assessing the threats related to the fifth generation of mobile telecommunications networks (5G). Organised cybercrime, rogue insiders and nation-state-backed hackers are among the groups that could soon be targeting 5G networks. Claims that 5G offers “better security” for IoT may not ring true – with the technology remaining vulnerable to SIM-jacking attacks within private Industry 4.0-style deployments. 5G SIM-swap attacks could be even worse for industrial IoT than now. Criminals can convince telcos to port a victim’s number to a new SIM card controlled by the criminal. Trust your hardware or operator? Pah, you oughta trust nobody. Do not put all your security and identification to this SIM card.

DNS Over HTTPS (DoH):  DoH encrypted DNS queries are already set to arrive in Chrome and Firefox web browsers. Microsoft Will Bring DNS Over HTTPS (DoH) to Windows 10 in an attempt to keep user traffic as private as possible. DoH support in Windows means encrypted DNS queries. Microsoft says that DoH doesn’t require DNS centralization if adoption is broad among operating systems and Internet service providers alike.

Firewall configuration: Now, more than ever, it is important to automate firewall processes to prevent misconfigurations and data breaches. Gartner has warned that “50% of enterprises will unknowingly and mistakenly have exposed some IaaS storage services, network segments, applications or APIs directly to the public internet, up from 25% at YE18.”. This is a human problem, not a firewall problem.

Bot attacks: Bots are being used to take over user accounts, perform DDoS attacks, abuse APIs, scrape unique content and pricing information and more. Organizations are Failing to Deal With Rising Bot Attacks.

Network security: Networks are continually growing in complexity and the cyberattack surface is constantly expanding. The network perimeter of today is elastic, expanding and contracting with the demands of both users and the business. In a rush to adopt digital business practices, many of these new network expansion projects are often being implemented ad hoc by individual lines of business. Routers sit at the edge of the network and see everything and they can be utilized to Making the Network the First Line of Defense. A critical step in building a stronger security posture and more robust data protection strategy is a 24×7 facility whose mission is to monitor, detect, investigate and resolve active threats. Cybercriminals only need to be successful once in finding a way to access the network – but the security team needs to monitor everything on the network and be right all the time to ensure security. Today’s core network is continually adapting to the introduction of new devices, applications, and workflows, along with shifting network configurations to support business requirements, requiring the use of advanced, intent-based segmentation.

Security-Driven Networking: Security-Driven Networking is a new, strategic approach to security that enables the seamless expansion of network environments and services without ever compromising on security. Essentially, it begins by crafting a comprehensive security policy that covers the entire organization. It outlines the protocols, enforcement and inspection technologies, policies, and protections required to be in place before any new network environment or solution is even placed on the drawing board. It requires the selection and full integration of security tools that not only work together to share and correlate intelligence and coordinate a unified response to threats, but that also work seamlessly across the widest variety of environments possible.

Critical infrastructure: Determined threat actors have, for some time, been extending their toolsets beyond Windows, and even beyond PC systems. In recent years, we have seen a number of high-profile attacks on critical infrastructure facilities and these have typically been aligned to wider geo-political objectives. Expect targeted attacks on critical infrastructure facilities to increase. APT33 has shifted targeting to industrial control systems software. We need to be worried about Cyber-Physical Security of the Power Grid. To protect this infrastructure you need to prioritize strategic risks that affect critical infrastructure: Concern yourself with the most important hacks, Understand the critical pieces of your infrastructure and Know your inter-dependencies.

Payment security: Payment security backslides for second straight year in 2019. Verizon’s 2019 Payment Security Report found that full compliance with the Payment Card Industry Data Security Standard (PCI DSS) fell to36.7% globally, down from 52.5% in 2018. At the same time EU’s PSD2 (Payments Services Directive) lays down regulatory requirements for companies that provide payment services, including the use of personal data by new fintech companies that are not part of the established banking community. Security of online, including mobile, payments is a key aspect of the legislation. Nevertheless, as banks will be required to open their infrastructure and data to third parties. Although SSLv3 has been considered obsolete and insecure for a long time, a large number of web servers still support its use.

Election security: Nowadays, no elections can be held any longer without debate on influencing voters through online services. There are on-going accusations of Russian interference in US elections and fears about a possible reboot of this in the run-up to the 2020 elections. U.S. military cyber experts are plotting strategy in a fight against potential Russian and other cyberattacks ahead of the 2020 American and Montenegrin elections. As the 2020 Presidential election looms closer in the United
States, a key focus will be on securing election infrastructure to prevent tampering. Most of the largest US voting districts are still vulnerable to email spoofing. Also disinformation campaigns for political purposes are deeply rooted in cybercriminal endeavors. It’s quite possible that we will see changes to legislation and policy, as governments look to define more clearly what is and what isn’t allowed. Hacking is considered to be the biggest tech threats to 2020 elections in USA. Legislators are working on new laws, but it is not going to be enough in an era when technology is turning out entirely new attack surfaces.

False Flags: The use of false flags has become an important element in the playbook of several APT groups. This can be used to try to deflect attention away from those responsible for the attack or what is really happening.

Common attack tools: Cyber actors continually use commodity malware, scripts, publicly available security tools or administrator software during their attacks and for lateral movement, making attribution increasingly difficult.

Vulnerability disclosure: Most “white hat” cyber engineers seem to be driven by a sense of social responsibility best expressed as, “If you find something, say something.” Across the industry, the ethos is to share information quickly, whether the problem is a newly discovered exploit or an evolving cyber threat. The goal is to impel the affected vendor—hardware or software—to take quick action and produce a fixThere are good and bad ways to make vulnerabilities known. A premature “full disclosure” of a previously unknown issue can unleash the forces of evil, and the “black hats” often move faster than vendors or enterprise IT teamsThe preferred path is a “responsible” or “coordinated” disclosure that happens behind the scenes. Public announcements occur after a specified period of time—typically 90 or 120 days. But things don’t work this way always.

Ransomware: Cybercriminals have become more targeted in their use of ransomwareIt is inevitable that the cybercriminals will also attempt to diversify their attacks to include other types of devices besides PCs or servers. There is a Ransomware ‘Crisis’ in US Schools and in many cities in USA.

Supply chain: Use of supply chains will continue to be one of the most difficult delivery methods to address. It is likely that attackers will continue to expand this method through manipulated software containers, for example, and abuse of packages and libraries. Medium-sized companies are being targeted even more heavily by cyber criminals. They are often the weakest link in supply chains that include large corporations. There is the growth of counterfeit electronics.

Mobile: The main storage for our digital lives has moved from the PC to mobiles over last 10 years. Several countries have started demanding their own software (maybe in some cases also malware) to be installed to all smart phones. Putin signs law making Russian apps mandatory on smartphones, computers.

Android: Today 80% of Android apps are encrypting traffic by default. To ensure apps are safe, apps targeting Android 9 (API level 28) or higher automatically have a policy set by default that prevents unencrypted traffic for every domain. The heterogeneity of the Android versions will continue to be a problem in the coming year.

DDoS attacks: DNS amplification attacks continue to dominate distributed denial-of-service (DDoS) attacks, while mobile devices make up a larger share of traffic. The number of distributed denial-of-service (DDoS) attacks rose 86% in the third quarter compared to a year agoDNS amplification attacks accounted for 45% of the attacks, while HTTP
floods and TCP SYN attacks accounted for 14%Mobile Devices Account for 41% of DDoS Attack Traffic.

Business security: Small and medium-sized businesses (SMBs) increasingly recognize that a reactive security posture is no longer sufficient for protecting their networks. Breaches will happen. Companies should treat cyberattacks “as a matter of when” and not “whether.” Inside threads are still a big issue as Employees are one of your biggest assets, but human beings are the weakest link in the security chain. Data leaks help attackers to craft more convincing social engineering attacks. Plan proper incident management because Quick, reliable, multichannel communication is a vital part of any incident management solution. Cybercriminals often choose very small companies as their targets because small businesses rarely spend significant money on security systems. Medium-sized companies are being targeted even more heavily by cyber criminals. They are often the weakest link in supply chains that include large corporations.

Cyber insurance: Cyber Has Emerged as a Risk That is Not Specifically Covered by Other Insurance Policies. Since business is now urged to take a risk management approach to cyber security, it is natural and inevitable that cyber insurance should be considered as part of the mix. Cyber insurance is set to grow.

New encryption:  The problem with encrypted data is that you must decrypt it in order to work with it. There is a powerful solution to this scenario: homomorphic encryption. Homomorphic encryption makes it possible to analyze or manipulate encrypted data without revealing the data to anyone. Just like many other populr forms of encryption, homomorphic encryption uses a public key to encrypt the data. There are three main types of homomorphic encryption: partially homomorphic encryption (keeps sensitive data secure by only allowing select mathematical functions to be performed on encrypted data); somewhat homomorphic encryption (supports limited operations that can be performed only a set number of times); fully homomorphic encryption (this is the gold standard of homomorphic encryption that keeps information secure and accessible). Cryptographers have known of the concept of homomorphic encryption since 1978 but Gentry established the first homomorphic encryption scheme in 2009.The biggest barrier to widescale adoption of homomorphic encryption is that it is still very slow. Duality, a security startup co-founded by the creator of homomorphic encryption, raises $16M.

Artificial Intelligence (AI): The buzzword for 2019 that we have all heard a thousand times was Artificial Intelligence, AI. The term AI is often interchanged with machine learning. There is a lot of research to examine AI applications on cyber security. As cyberattacks grow in volume and complexity, hopefully artificial intelligence (AI) is helping under-resourced security operations analysts stay ahead of threats.  Cybersecurity tools currently use this data aggregation and pattern analysis in the field of heuristic modeling: THE TRUE FUNCTION OF AI WILL BE TO DETERMINE WITH A LONG ARC OF TIME AND DATA, WHAT “NORMAL” LOOKS LIKE FOR A USER. AI can act as an advisor to analysts, helping them quickly identify and connect the dots between threats. Finnish cyber security company F-Secure is making research on AI agents and on that Mikko Hyppönen says that AI should not used to try to imitate humans and that artificial intelligence-based attacks are expected in the near future. Another Finnish cyber security company Nixu says that Artificial intelligence is going to revolutionize cyber security. According to Orlando Scott-Cowley from Amazon Web Services machine learning is the new normal in cyber security. Advanced Machine Learning layers are to be integrated into the latest Windows cybersecurity products. Leaders in artificial intelligence warn that progress is slowing, big challenges remain, and simply throwing more computers at a problem isn’t sustainable.

2020 problems: Has your business prepared for the ‘2020 problem’? Software updates for Windows 7 will end on January 14, 2020. As of Jan. 14, 2020, Windows 7 and Server 2008 technical support and software updates will no longer be available from Windows Update. There will no longer be updates for Office 2010. Some business users can buy extended security update support with extra money for some time. Python will stop supporting Python version 2 on January 1, 2020. Beginning on January 1, 2020, un-patched Splunk platform instances will be unable to recognize timestamps from events where the date contains a two-digit year. December 2019 Patch Tuesday was the last time Microsoft ever offered security updates for devices running Windows 10 Mobile.

Crypto wars continue: A decades-old debate: Government officials have long argued that encryption makes criminal investigations too hard. Governments all over the world say that Encrypted communication is a huge issue for law enforcement and the balance between the privacy of citizens and effective policing of criminal activity is top of mind for governments, technology companies, citizens and privacy organisations all over the world. The international police organization Interpol plans to condemn the spread of strong encryption. Top law enforcement officials in the United States, United Kingdom and Australia, the larger group will cite difficulties in catching child sexual predators as grounds for companies opening up user communications to authorities wielding court warrants. Congress warns tech companies: Take action on encryption, or we will. US lawmakers are poised to “impose our will” if tech companies don’t weaken encryption so police can access data.

Do not weaken encryption: Companies, they say, should build in special access that law enforcement could use with a court’s permission. Technologists say creating these back doors would weaken digital security for everyone. Unfortunately, every privacy protection mechanism is subject to abuse by the morally challenged. That’s just a truth that must be accepted and overcome. Invading the privacy of the masses in order to catch criminals is unacceptable. Remember three things: One, that strong encryption is necessary for personal and national security. Two, that weakening encryption does more harm than good. And three, law enforcement has other avenues for criminal investigation than eavesdropping on communications and stored devicesIf back-doors are added to encryption, they will be abused. If You Think Encryption Back Doors Won’t Be Abused, You May Be a Member of Congress. Bad encryption can have business consequences. Apple and Facebook told the committee that back doors would introduce massive privacy and security threats and would drive users to devices from overseas. In Australia 40% of firms say they have lost sales say they have lost sales or other commercial opportunities as a result of the encryption law being in place.

Scaring people: Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. Which particular horseman is in vogue depends on time and circumstance.

2FA: The second authentication factor might be a minor inconvenience, but it provides a major security boost. With past years riddled with security breaches, it is high time we evaluated the way we secure our online presence. Two factors are much better than one, but can still be hacked. Attacks that phish 2FA to access email accounts cost $100-$400; such attacks can be prevented with physical security keys. Also some physical security keys can be hacked as they turn to be less secure that what they were told to be in the advertisements.

Myth of sophisticated hacker in news:  It’s the latest lexical stretch for an adjective that’s widely used in reports of cybersecurity incidents — and widely loathed by researchers as a result. If everything is sophisticated, nothing is sophisticated.

New security models: Google moved from perimeter-based to cloud-native security. Google’s architecture is the inspiration and template for what’s widely known as “cloud-native” today—using microservices and containers to enable workloads to be split into smaller, more manageable units for maintenance and discovery. Google’s cloud-native architecture was developed prioritizing security as part of every evolution.

Hacktivists: Hacktivists seek to obtain private information about large companies in order to embarrass or expose the company’s controversial business practices. Many companies are a treasure trove for personal information, whether they realize it or not. Experian is predicting that the emerging cannabis industry will experience an increase in data breaches and cybersecurity threats in 2020.

RCS messaging: RCS, expanded as Rich Communications Services, is a protocol that aims to replace SMS.RCS messaging has rolled out to Android users in the US. The update brings a lot of new features like chat, send hi-res videos and photos and create group chat. One criticism of RCS is that it doesn’t provide end-to-end encryption. RCS could be also better in many other security aspects. Researchers have discovered that the RCS protocol exposes most users to several cyber attacks. These risks are said to be mitigated by implementing the protocol with the security perspective in mind. The standard itself allows for poor security implementation, but GSMA advises its members to deploy rcs with the most secure settings possible.

Data breaches: Billions of Sensitive Files Exposed Online all the time. During the first six months of 2019, more than 4 billion records were exposed by data breaches. That’s a shocking statistic that’s made even more so when you realize that passwords were included in droves. On December 4, a security researcher discovered a treasure trove of more than a billion plain-text passwords in an unsecured online database. Many businesses wrongly assume they are too small to be on the radar of the threat actors. The truth is that it is all about the data, and small businesses often have less well-guarded data storesAll organizations are exposed to security breaches: from large multinationals to SMEs and public administrations. A common thread is  unsecured cloud-based databases that left the sensitive information wide open for anyone to access online.

Phishing: Phishing remains 1 of the most pervasive online threats. Phishing emails are still managing to catch everyone out. Phishing e-mails which are used to steal credentials usually depend on user clicking a link which leads to a phishing website that looks like login page for some valid service. Google Chrome now offers better protection against it as safe Browsing displays warning messages to users ahead of visiting dangerous websites and before downloading harmful applications. New advanced ways to phish are taken to use.With dynamite phishing, the cyber criminals read the email communication from a system already infected with an information stealer. The infected user’s correspondents then receive malicious emails that quote the last “real” email between the two parties and look like a legitimate response from the infected user. Attacks that phish 2FA to access email accounts cost $100-$400; such attacks can be prevented with physical security keys.

Windows: Microsoft Doesn’t Back Up the Windows Registry Anymore. It’s still possible to perform Windows Registry backups, but the option is disabled by default. It’s time to disconnect RDP from the internet as brute-force attacks and BlueKeep exploits usurp convenience of direct RDP connection. Microsoft is ready to push a full-screen warning to Windows 7 users
who are still running the OS after January 14.

Linux: Support for 32 bit i386 architecture will be dropped by many Linux distributions. It turns out that there are essentially no upstream development resources dedicated to x86_32 Linux. Perhaps unsurprisingly, it was badly broken.

Drones: Turkey is getting military drones armed with machine guns. Drone hacking happens. There is now Dronesploit – Metasploit for drones. Metasploit-style CLI framework tailored for tinkering with everybody’s favourite unmanned flying objects.

World market war: China tells government offices to remove all foreign computer equipment. China has ordered the replacement of all foreign PC hardware and operating systems in state offices over the next three years. This will mean that China to ditch all Windows PCs by 2022.China has already some of their own Linux distros like Kylin and Deepin. Many western countries are more or less banning Huawei teleocm equipment.

Cloud security: Traditional security tools and methodologies are ill-suited to protect cloud native’s developer-driven and infrastructure-agnostic multicloud patterns. The vision as laid out by these renown analysts is straightforward. The legacy “data center as the center of the universe” network and network security architecture are obsolete and has become an inhibitor to the needs of digital business. They describe the underpinning shift to cloud infrastructure, a digital transformation that has been underway for ten years. They also point out that the corporate network cannot protect end users who consume cloud applications from any location and any device without the contorting, expensive, backhaul of traffic through the corporate data center. Gartner coins a new term for the future of security and networks, SASE (pronounced sassy), Secure Access Service Edge, which is not anything really new.  SASE promises to create a ubiquitous, resilient, and agile secure network service—globally. Most of the stolen data incidents in the cloud are related to simple human errors rather than concerted attacks. Expect that through 2020, 95% of cloud security failures will be the customer’s fault. A common thread is  unsecured cloud-based databases that left the sensitive information wide open for anyone to access online. Also it’s almost 2020 and some sysadmins are still leaving Docker admin ports exposed on the internet.

Autocracy as a service: Now Any Government Can Buy China’s Tools for Censoring the Internet. “Autocracy as a service” lets countries buy or rent the technology and expertise they need, as they need it. China offers a full-stack of options up and down the layers of the internet, including policies and laws, communications service providers with full internet.

Trackers: Trackers are hiding in nearly every corner of today’s Internet, which is to say nearly every corner of modern life. The average web page shares data with dozens of third-parties. The average mobile app does the same, and many apps collect highly sensitive information like location and call records even when they’re not in use. Tracking also reaches into the physical world.

Geopolitics: US-China Tech Divide Could Cause Havoc. It is possible that world’s next major conflict can start in cyberspace. USA has ordered to ban certain hardware from China (Huawei and ZTE). China orders ban on US computers and softwareChinese government to replace foreign hardware and software within three years. Who needs who more?

International cyber politics: Lack of international standards for proper behavior in cyberspace prevents the United States and allies from policing adversaries as they wish to. US can’t ‘enforce standards that don’t exist’. We have international norms in the maritime; we don’t have those in cyber. It makes it difficult to enforce standard that don’t exist, and to therefore hold nations accountable for nefarious behavior. NATO did confirm in 2017 that it could invoke Article 5 of its charter should one or more member nations find themselves under a serious cyberattack that threatens critical military and civilian infrastructure.

 

Sources:


https://www.csoonline.com/article/3452747/what-you-need-to-know-about-the-new-owasp-api-security-top-10-list.html

https://pentestmag.com/iot-security-its-complicated/

https://isc.sans.edu/diary/rss/25580

https://www.securityweek.com/case-cyber-insurance

https://www.bleepingcomputer.com/news/security/cybercriminals-lend-tactics-and-skills-to-political-meddlers/

https://www.securityweek.com/tips-help-mssps-choose-threat-intelligence-partner

https://www.zdnet.com/article/microsoft-we-never-encourage-a-ransomware-victim-to-pay/

https://www.darkreading.com/iot/weak-crypto-practice-undermining-iot-device-security/d/d-id/1336636

https://pacit-tech.co.uk/blog/the-2020-problem/

https://www.theregister.co.uk/2019/12/09/dronesploit_framework/

https://www.securityweek.com/blunt-effect-two-edged-sword-vulnerability-disclosures

https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020

https://threatpost.com/email-voted-a-weak-link-for-election-security-with-dmarc-lagging/150909/

https://techcrunch.com/2019/12/15/rcs-messaging-has-rolled-out-to-android-users-in-the-us/?tpcc=ECFB2019&guccounter=1

https://www.theregister.co.uk/2019/12/04/council_of_eu_5g_risks/

https://techcrunch.com/2019/12/05/major-voting-districts-vulnerable-email-security/

https://www.zdnet.com/article/windows-10-mobile-is-over-prepare-for-final-security-patches-as-support-ends/

https://cacm.acm.org/magazines/2019/12/241053-hack-for-hire/fulltext

https://www.zdnet.com/article/chinese-government-to-replace-foreign-hardware-and-software-within-three-years/

https://www.zdnet.com/article/5g-hackers-these-six-groups-will-try-to-break-into-the-networks-of-tomorrow/

http://read.uberflip.com/i/1180978-siliconexpert-growth-of-counterfeit-electronics-3/0?acctid=6759

https://www.fireeye.com/blog/threat-research/2019/12/fireeye-approach-to-operational-technology-security.html

https://www.darkreading.com/attacks-breaches/mobile-devices-account-for-41–of-ddos-attack-traffic/d/d-id/1336635

https://www.technologyreview.com/f/614906/us-senators-on-encryption-backdoors-we-will-impose-our-will-on-apple-and-facebook/

https://www.zdnet.com/article/2020-is-when-cybersecurity-gets-even-weirder-so-get-ready/

https://www.theregister.co.uk/2019/12/09/china_orders_ban_on_us_computers_and_software/

https://www.securityweek.com/case-cyber-insurance

https://www.darkreading.com/threat-intelligence/only-half-of-malware-caught-by-signature-av/d/d-id/1336577

https://securityintelligence.com/posts/public-sector-security-is-lagging-how-can-states-and-governments-better-defend-against-cyberattacks-in-2020/

https://www.eetimes.eu/ai-will-empower-industry-4-0-when-it-arrives/

https://www.pandasecurity.com/mediacenter/security/2019-the-ransomware-tsunami/

https://blog.paloaltonetworks.com/2019/12/cloud-native-security-platform-age/

https://github.com/dhondta/dronesploit/

https://isc.sans.edu/forums/diary/Internet+banking+sites+and+their+use+of+TLS+and+SSLv3+and+SSLv2/25606/

https://www.zdnet.com/article/1-in-every-172-active-rsa-certificates-are-vulnerable-to-exploit/

https://nationalcybersecurity.com/hacking-the-biggest-tech-threats-to-2020-elections/

https://www.welivesecurity.com/2019/12/17/bluekeep-time-disconnect-rdp-internet/

https://www.eff.org/wp/behind-the-one-way-mirror

https://www.gdatasoftware.com/blog/2019/12/35671-early-detection-and-repulsion-of-dangerous-attacks

https://www.is.fi/digitoday/tietoturva/art-2000006342803.html

https://www.bleepingcomputer.com/news/security/another-ransomware-will-now-publish-victims-data-if-not-paid/

https://www.bleepingcomputer.com/news/security/google-chrome-uses-safe-browsing-to-improve-phishing-protection/

https://techcrunch.com/2019/10/30/duality-cybersecurity-16-million/

https://www.wired.com/story/sobering-message-future-ai-party/

https://www.reuters.com/article/us-russia-internet-software-idUSKBN1Y61Z4?utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook

https://security.googleblog.com/2019/12/an-update-on-android-tls-adoption.html?m=1

https://www.forbes.com/sites/richardstiennon/2019/12/09/gartner-has-it-right-palo-alto-networks-has-it-wrong/

https://www.forbes.com/sites/leemathews/2019/12/11/google-chrome-adds-real-time-warnings-for-phishing-attacks/

https://www.zdnet.com/article/google-all-android-users-in-the-us-just-got-rcs-next-gen-sms/

https://www.schneier.com/blog/archives/2019/12/scaring_people_.html

https://www.mikrobitti.fi/uutiset/yha-oudompia-kyberiskuja-tahan-sinun-tulee-varautua/146d2459-1709-4109-8615-a24875b5af5d

https://www.fifthdomain.com/smr/reagan-defense-forum/2019/12/07/in-cyber-the-us-cant-enforce-standards-that-dont-exist/?utm_source=facebook.com&utm_campaign=Socialflow+C4&utm_medium=social

https://tcrn.ch/355ZAOT

https://www.bleepingcomputer.com/news/security/attackers-terrify-homeowners-after-hacking-ring-devices/

https://lists.ubuntu.com/archives/ubuntu-devel-announce/2019-June/001261.html

https://lwn.net/ml/oss-security/CALCETrW1z0gCLFJz-1Jwj_wcT3+axXkP_wOCxY8JkbSLzV80GA@mail.gmail.com/

https://www.theguardian.com/world/2019/dec/09/china-tells-government-offices-to-remove-all-foreign-computer-equipment

https://www.inc.com/chris-matyszczyk/if-you-have-an-amazon-echo-or-google-home-fbi-has-some-urgent-advice-for-you.html?cid=sf01002

https://www.bbc.com/news/amp/world-australia-46463029

https://minnesota.cbslocal.com/2019/12/11/its-scary-stuff-cyber-security-expert-says-recording-device-investigation-at-hyatt-hotel-is-not-uncommon/

https://fin.afterdawn.com/uutiset/artikkeli.cfm/2019/12/11/windows-7-n-tuki-paattyy-pian-microsoft-iskee-koko-nayton-varoituksella

https://tcrn.ch/2rMpx7E

https://cyware.com/news/rcs-technology-most-users-are-vulnerable-to-hacking-b53f9a6f

https://www.forbes.com/sites/daveywinder/2019/08/20/data-breaches-expose-41-billion-records-in-first-six-months-of-2019/#36679040bd54

https://hub.packtpub.com/core-python-team-confirms-sunsetting-python-2-on-january-1-2020/

ttps://www.kauppalehti.fi/uutiset/uusi-alypuhelintekniikka-tuo-mukanaan-tietoturva-aukkoja-muun-muassa-google-ilmoittanut-ottavansa-tekniikan-kayttoon/8d8093a0-71ab-4a9c-838a-eb3bfc697e85

https://www.cnet.com/news/congress-warns-tech-companies-take-action-on-encryption-or-we-will/

https://cyware.com/news/rcs-technology-most-users-are-vulnerable-to-hacking-b53f9a6f

https://edri.org/facial-recognition-and-fundamental-rights-101/

https://cloud.google.com/blog/products/identity-security/beyondprod-whitepaper-discusses-cloud-native-security-at-google

https://itwire.com/government-tech-policy/encryption-law-40-of-firms-say-they-have-lost-sales-after-passage.html

https://techcrunch.com/2019/12/10/insider-threats-startups-protect/

https://www.newscientist.com/article/2227168-turkey-is-getting-military-drones-armed-with-machine-guns/#ixzz684jm3YzJ

https://uk.pcmag.com/windows-10/121518/microsoft-doesnt-back-up-the-windows-registry-anymore

https://threatpost.com/ransomware-attack-new-jersey-largest-hospital-system/151148/

https://www.cnbc.com/2019/12/13/new-orleans-reports-cyberattacks-after-other-attacks-in-louisiana.html

https://chiefexecutive.net/bridge-cybersecurity-skills-gap/

https://systemagic.co.uk/has-your-business-prepared-for-the-2020-problem/

https://blog.checkpoint.com/2019/12/09/protect-yourself-from-hacker-in-the-box-devices-with-the-iot-security-risk-assessment/

https://www.bloomberg.com/news/features/2019-12-11/silicon-valley-got-millions-to-let-siri-and-alexa-listen-in

https://www.vice.com/en_us/article/k7eq7x/vladimir-putins-computer-is-apparently-still-running-windows-xp?utm_source=vicenewsfacebook

https://nypost.com/2019/12/16/video-surveillance-in-china-isnt-much-worse-than-in-the-us/?utm_campaign=iosapp&utm_source=facebook_app

https://spectrum.ieee.org/the-human-os/biomedical/devices/cyber-attacks-on-medical-devices-are-on-the-riseand-manufacturers-must-respond

https://reason.com/2019/12/16/if-you-think-encryption-back-doors-wont-be-abused-you-may-be-a-member-of-congress/

https://news.yahoo.com/massive-errors-found-facial-recognition-tech-us-study-215334634.html

https://www.securityweek.com/most-companies-dont-properly-manage-third-party-cyber-risk

https://www.uusiteknologia.fi/2019/11/21/hyoty-panee-jakamaan-tietonsa-luottamus-ratkaisee/

https://pentestmag.com/advice-for-a-cybersecurity-leader-think-like-your-adversary/

https://www.amnesty.org/en/latest/news/2019/11/google-facebook-surveillance-privacy/

https://www.amnesty.org/en/documents/pol30/1404/2019/en/

https://www.securityweek.com/compromised-connection-5g-will-unite-cities-and-also-put-them-risk

https://www.securityweek.com/amnesty-international-calls-facebook-google-rights-abusers

https://www.securityweek.com/microsoft-will-bring-dns-over-https-doh-windows

https://www.securityweek.com/cybersecurity-workforce-gap-145-growth-needed-meet-global-demand

https://blog.radware.com/security/2019/11/why-organizations-are-failing-to-deal-with-rising-bot-attacks/

https://www.helpnetsecurity.com/2019/11/19/successful-soc/

https://shorturl.at/kKLM6

https://www.securityweek.com/making-network-first-line-defense

https://techbeacon.com/security/how-prioritize-strategic-risks-affect-critical-infrastructure

https://www.securityweek.com/transitioning-security-driven-networking-strategy

https://www.theregister.co.uk/2019/11/16/5g_iot_report/

https://www.securityweek.com/us-montenegro-plot-cyber-warfare-ahead-2020-elections

https://www.securityweek.com/fears-grow-digital-surveillance-us-survey

https://www.kaspersky.com/blog/attack-on-online-retail/31786/

https://www.securityweek.com/implementing-cyber-best-practices-requires-security-first-approach

https://securelist.com/advanced-threat-predictions-for-2020/95055/

https://www.darkreading.com/cloud/smart-building-security-awareness-grows/d/d-id/1336597

https://www.forbes.com/sites/bernardmarr/2019/11/15/what-is-homomorphic-encryption-and-why-is-it-so-transformative/

https://www.cisomag.com/the-future-of-ai-in-cybersecurity/

https://www.ibm.com/security/artificial-intelligence

https://www.welivesecurity.com/2019/12/13/2fa-double-down-your-security/

https://cannatechtoday.com/experian-predicts-an-increase-in-global-cannabis-industry-data-breaches/

https://www.uusiteknologia.fi/2019/11/21/f-secure-tutkimaan-tekoalyagentteja/

https://www.securityweek.com/ongoing-research-project-examines-application-ai-cybersecurity

http://www.etn.fi/index.php/13-news/10151-mikko-hypponen-tekoalyn-ei-pida-matkia-ihmista

http://www.etn.fi/index.php/13-news/10124-nixu-selvitti-tekoaly-mullistaa-kyberturvan

http://www.etn.fi/index.php/13-news/10120-kyberturvassa-koneoppiminen-on-uusi-normaali

https://www.eset.com/blog/company/evading-machine-learning-detection-in-a-cyber-secure-world/?utm_source=facebook&utm_medium=cpc&utm_campaign=corporate-blog&utm_term=machine-learning&utm_content=blog

https://www.is.fi/digitoday/tietoturva/art-2000006316233.html

https://www.uusiteknologia.fi/2019/11/29/5g-verkkojen-tietoturvariskit-listattu-oulu-testaa-ongelmat/

https://www.cyberscoop.com/apt33-microsoft-iran-ics/

https://blog.malwarebytes.com/exploits-and-vulnerabilities/2019/11/exploit-kits-fall-2019-review/

https://www.zdnet.com/article/a-hacking-group-is-hijacking-docker-systems-with-exposed-api-endpoints/

https://www.enisa.europa.eu/news/enisa-news/enisa-draws-threat-landscape-of-5g-networks/

https://systemagic.co.uk/has-your-business-prepared-for-the-2020-problem/

https://smartgrid.ieee.org/newsletters/november-2019/the-cyber-physical-security-of-the-power-grid

https://www.wired.com/story/un-secretary-general-antonio-guterres-internet-risks/

https://codastory.com/authoritarian-tech/russia-facial-recognition-networks/

https://www.theverge.com/2019/12/9/21002515/surveillance-cameras-globally-us-china-amount-citizens

https://www.wired.com/story/iran-internet-shutoff/

https://www.zdnet.com/article/fbi-recommends-that-you-keep-your-iot-devices-on-a-separate-network/

https://www.zdnet.com/google-amp/article/hacking-and-cyber-espionage-the-countries-that-are-going-to-emerge-as-major-threats-in-the-2020s/

https://www.reuters.com/article/us-interpol-encryption-exclusive-idUSKBN1XR0S7

https://www.kcrw.com/news/shows/to-the-point/does-facial-recognition-software-threaten-our-freedom

 

 

 

1,468 Comments

  1. Tomi Engdahl says:

    10 Tools You Should Know As A Cybersecurity Engineer
    https://www.freecodecamp.org/news/10-tools-you-should-know-as-a-cybersecurity-engineer/

    Reply
  2. Tomi Engdahl says:

    When it comes to hacking societies, Russia remains the master at sowing discord and disinformation online
    China can’t hold a candle to GRU’s shenanigans, says expert
    https://www.theregister.com/2020/08/06/china_russia_disinformation_black_hat/

    Reply
  3. Tomi Engdahl says:

    https://blog.luap.info/planning-for-my-kidnapping.html

    Reply
  4. Tomi Engdahl says:

    SP 800-207 – Zero Trust Architecture
    https://csrc.nist.gov/publications/detail/sp/800-207/final
    Zero trust (ZT) is the term for an evolving set of cybersecurity
    paradigms that move defenses from static, network-based perimeters to
    focus on users, assets, and resources. . A zero trust architecture
    (ZTA) uses zero trust principles to plan industrial and enterprise
    infrastructure and workflows. Zero trust assumes there is no implicit
    trust granted to assets or user accounts based solely on their
    physical or network location (i.e., local area networks versus the
    internet) or based on asset ownership (enterprise or personally
    owned).. Authentication and authorization (both subject and device)
    are discrete functions performed before a session to an enterprise
    resource is established. . Zero trust is a response to enterprise
    network trends that include remote users, bring your own device
    (BYOD), and cloud-based assets that are not located within an
    enterprise-owned network boundary.. Zero trust focuses on protecting
    resources (assets, services, workflows, network accounts, etc.), not
    network segments, as the network location is no longer seen as the
    prime component to the security posture of the resource.. Read also:
    https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf

    Reply
  5. Tomi Engdahl says:

    Cybersecurity: These two basic flaws make it easy for hackers to break
    into you systems
    https://www.zdnet.com/article/cybersecurity-these-two-basic-flaws-make-it-easy-for-hackers-to-break-into-you-systems/
    One of the most common security issues is weak passwords, allowing
    hackers to gain access to accounts by using brute force attacks.
    Cracking the password of one account shouldn’t be enough to gain full
    access to an internal network, but in many cases, it just takes this
    and the ability to exploit known vulnerabilities to gain further
    access to systems.. In addition to weak passwords, over two thirds of
    organisations are using vulnerable versions of software which hasn’t
    received the required security updates, leaving it open to being
    exploited.

    Reply
  6. Tomi Engdahl says:

    Ransomware: These warning signs could mean you are already under
    attack
    https://www.zdnet.com/article/ransomware-these-warning-signs-could-mean-you-are-already-under-attack/
    File-encrypting ransomware attacks can take months of planning by
    gangs. Here’s what to look out for. There are as many as 100 claims to
    insurers over ransomware attacks every day, according to one estimate.
    And as the average ransomware attack can take anywhere from 60 to 120
    days to move from the initial security breach to the delivery of the
    actual ransomware, that means hundreds of companies could have hackers
    hiding in their networks at any time, getting ready to trigger their
    network-encrypting malware.

    Reply
  7. Tomi Engdahl says:

    2019 Center for Internet Security Year in Review
    https://www.cisecurity.org/white-papers/2019-center-for-internet-security-year-in-review/
    2019 was a fast-paced and highly-productive year for the Center for
    Internet Security, Inc. (CIS). We continued to experience remarkable
    growth in our products and services, furthering our mission as an
    independent, global leader in cybersecurity for the benefit of both
    public and private sector organizations. Read also:
    https://f.hubspotusercontent00.net/hubfs/2101505/CIS%20Year%20in%20Review%202020-0806.pdf

    Reply
  8. Tomi Engdahl says:

    Five regular checks for Android
    https://www.kaspersky.com/blog/five-regular-checks-for-android/36440/
    To make sure that you remain in control of your data wealth, some
    regular maintenance is required think of it like brushing your teeth,
    only it’s your phone you need to clean. In this post, we talk about
    five regular safety and security checks for Android smartphones.

    Reply
  9. Tomi Engdahl says:

    Linux-based malware analysis toolkit REMnux 7 released
    https://www.bleepingcomputer.com/news/security/linux-based-malware-analysis-toolkit-remnux-7-released/
    “A new version of REMnux Linux distro is now available for malware
    researchers, packed with hundreds of tools to dissect malicious
    executables, documents, scripts, and ill-intended code.”. REMnux has
    been around for 10 years and recently received an update to version 7,
    which adds new tools and retires some of the old ones.

    Reply
  10. Tomi Engdahl says:

    No More Ransom turns 4: Saves $632 million in ransomware payments
    https://www.bleepingcomputer.com/news/security/no-more-ransom-turns-4-saves-632-million-in-ransomware-payments/
    The No More Ransom Project celebrates its fourth anniversary today
    after helping over 4.2 million visitors recover from a ransomware
    infection and saving an estimated $632 million in ransom payments. No
    More Ransom was created in 2016 through an alliance between Europol’s
    European Cybercrime Centre, the National High Tech Crime Unit of the
    Netherlands’ police, and McAfee to battle ransomware and provide free
    decryption services and support to victims. Lisäksi
    https://www.zdnet.com/article/ransomware-these-free-decryption-tools-have-now-saved-victims-over-600m

    Reply
  11. Tomi Engdahl says:

    Tutorial of ARM Stack Overflow Exploit against SETUID Root Program
    https://www.fortinet.com/blog/threat-research/tutorial-arm-stack-overflow-exploit-against-setuid-root-program
    In part I of this blog series, Tutorial of ARM Stack Overflow Exploit
    Defeating ASLR with ret2plt, I presented how to exploit a classic
    buffer overflow vulnerability when ASLR is enabled. That target
    program calls the function gets() to read a line from stdin. In this
    blog, I will demonstrate how to use data from a local file, instead of
    stdin, to cause a stack overflow. For this scenario, as in part I, the
    ASLR (address space layout randomization) feature is enabled on the
    target machine. Likewise, in order to complete a full exploit, an
    attacker first needs to defeat ASLR before performing code execution

    Reply
  12. Tomi Engdahl says:

    DDoS Attacks Increase in Size, Frequency and Duration
    https://securityintelligence.com/articles/avoid-ddos-attacks/
    Distributed denial of service (DDoS) attacks are increasing in size,
    frequency and duration. Kaspersky Lab reported a doubling of DDoS
    attacks in the first quarter of 2020 compared with the fourth quarter
    of 2019, plus an 80% jump compared with the same quarter last year.. A
    recent DDoS attack against a large European bank clocked in at 809
    million packets per second, more than double the previous record on
    the Akamai platform.

    Reply
  13. Tomi Engdahl says:

    Container adoption is on the rise: How can security keep up?
    https://www.zdnet.com/article/container-adoption-is-on-the-rise-how-can-security-keep-up/
    Containers are becoming increasingly popular, and its not surprising
    considering benefits like scalability, agility, and cost reduction.
    However, it is important that security pros are brought into the
    adoption process to ensure that they have a strategy in place to
    secure the use of these containers.

    Reply
  14. Tomi Engdahl says:

    Can This Army Of Hackers Secure The 2020 U.S. Presidential Election?
    https://www.forbes.com/sites/daveywinder/2020/08/01/can-this-army-of-hackers-secure-the-2020-us-presidential-election-trump-vote-cybersecurity/
    The 2020 U.S. presidential election clock is ticking, with just 94
    days to go, and President Trump has, rather unconvincingly, already
    called for the election to be postponed. Although this suggestion was
    quickly dismissed as something that Trump has no authority to make
    happen, the comments he made when putting forward the idea cannot be
    quite as easily put to one side.

    Reply
  15. Tomi Engdahl says:

    Launching a new version of Logging Made Easy (LME)
    https://www.ncsc.gov.uk/blog-post/launching-a-new-version-of-logging-made-easy-lme
    The NCSC has launched version 0.3 of LME to make logging even easier
    with some enhanced features. We launched Logging Made Easy (LME)
    officially in April 2019, enabling hundreds of you to install a basic
    logging capability on your IT estate, detecting and protecting against
    cyber attack.. Now, we’re launching LME version 0.3. This release
    makes logging even easier, adding some enhanced features to the open
    source project.

    Reply
  16. Tomi Engdahl says:

    Build a Roadmap for Cyber Resilience
    https://securityintelligence.com/articles/build-roadmap-cyber-resilience/
    The current information security landscape is rapidly evolving.
    According to the latest research from IBM Security and the Ponemon
    Institutes 2020 Cyber Resilient Organization Report, 67% of
    organizations reported that the volume of attacks had significantly
    increased over the past 12 months. Its not just the amount of attacks
    that grew; 64% of organizations also saw an increase in the severity
    of the attacks. Roughly 53% of responding organizations experienced a
    data breach involving more than 1,000 records within the last two
    years.

    Reply
  17. Tomi Engdahl says:

    Kiristäjävirus on viranomaisten mukaan yksi USA:n vaalien pahimmista
    uhkista: “Yrityksiä lähes päivittäin”
    https://yle.fi/uutiset/3-11476769
    Yhdysvaltain liittovaltion viranomaisten mukaan marraskuun
    presidentinvaalien äänestyksen pahimpiin uhkiin kuuluvat hyvin
    ajoitetut haittaohjelmien hyökkäykset, jotka voivat halvaannuttaa
    äänestämisen. Kiristysviruksen hyökkäyksessä hakkeri voi muun muassa
    estää kohteen kovalevyn tietojen käyttämisen salaamalla tiedot.
    Salausavaimen saa hakkerilta tyypillisesti Bitcoin-valuutassa
    toimitetun, jopa miljoonien arvoisen maksun jälkeen.

    Reply
  18. Tomi Engdahl says:

    The Biggest Challenges and Best Practices to Mitigate Risks in
    Maritime Cybersecurity
    https://www.tripwire.com/state-of-security/security-data-protection/biggest-challenges-best-practices-mitigate-risks-maritime-cybersecurity/
    Ships are increasingly using systems that rely on digitalization,
    integration, and automation, which call for cyber risk management on
    board. As technology continues to develop, the convergence of
    information technology (IT) and operational technology (OT) onboard
    ships and their connection to the Internet creates an increased attack
    surface that needs to be addressed.

    Reply
  19. Tomi Engdahl says:

    Falsification and eavesdropping of contents across multiple websites
    via Web Rehosting services
    https://jvn.jp/en/ta/JVNTA96129397/
    Researchers at NTT Secure Platform Laboratories and Waseda University
    have identified multiple security issues that lead to content being
    tampered with and eavesdropped on a service called Web Rehosting.
    These issues have been published in NDSS 2020. “Web Rehosting” is the
    name of a group of web services proposed in this study, which has the
    function of retrieving content from a user-specified website and
    hosting it again on its server.. If a web rehosting service does not
    take measures against the attacks listed in this advisory, there is a
    risk that some of the browser resources of users may be manipulated by
    an attacker, resulting in a security and privacy violation.

    Reply
  20. Tomi Engdahl says:

    Code-Signing: How Malware Gets a Free Pass
    https://www.gdatasoftware.com/blog/how-malware-gets-a-free-pass
    In an ideal world, something that is signed cannot not be altered. A
    signature implies that the signed item is trustworthy and unaltered.
    When it comes to signed files, things look a bit different: A
    signature does not always mean that everything is in order. Digitally
    signing a software – also referred to as code signing – is intended to
    certify a softwares authenticity. It is a method that provides a sense
    of assurance to the users that the software they are using is
    untampered with and true to its original design. In January 2019,
    Virustotal[1], together with Microsoft, disclosed a vulnerability
    involving digitally signed Microsoft Installer files(.MSI).
    Researchers had found out that the validity of a digitally signed MSI
    file will remain intact even after appending additional content to the
    end of the file.

    Reply
  21. Tomi Engdahl says:

    Do You Have Enough Cloud Security? Use CIS Controls to Assess Yourself
    https://blog.paloaltonetworks.com/2020/08/cloud-cis-controls/
    Clients often ask me, How do I know if I have enough security in the
    cloud? This is a great question because it shows a willingness to
    learn. The truth is that there is no right answer. However, a simple
    place to begin is the basics. You should be sure youre covering the
    basics well and tracking them closely. This is why I am a huge fan of
    standards. While they are not the be-all and end-all for security,
    they give you an excellent place to start.

    Reply
  22. Tomi Engdahl says:

    6 Ransomware Trends You Should Watch for in 2020
    https://securityintelligence.com/articles/6-ransomware-trends-2020/
    A ransomware infection can have a significant financial impact on an
    organization. American digital security and data backup firm Datto
    found that ransomware is costing businesses more than $75 billion a
    year. Part of that financial impact results from downtime costs.
    Govtech also revealed that businesses lost an average of $8,500 per
    hour as the result of ransomware-related downtime, while Coveware
    placed the total amount of downtime damages at $65,645 per
    crypto-malware incident.

    Reply
  23. Tomi Engdahl says:

    How much is your personal data worth on the dark web?
    https://www.welivesecurity.com/2020/08/03/how-much-is-your-personal-data-worth-dark-web/
    Its no news that the dark web is rife with offers of stolen data that
    ranges from pilfered credit card information and hijacked payment
    services accounts to hacked social media accounts. Anyone interested
    can also hire a neer-do-well to launch a distributed denial of service
    (DDoS) attack, buy malware, or purchase forged documents and commit
    identity theft.. But have you ever wondered how much your personal
    information goes for on the dark web? Researchers at Privacy Affairs
    have sifted through the listings in the internets seedy underbelly and
    created an overview of the average price tags attached to your stolen
    personal data.

    Reply
  24. Tomi Engdahl says:

    Internet Choke Points: Concentration of Authoritative Name Servers
    https://isc.sans.edu/forums/diary/Internet+Choke+Points+Concentration+of+Authoritative+Name+Servers/26428/
    A utopian vision of the Internet often describes it as a distributed
    partnership of equals giving everybody the ability to publish and
    discover information worldwide. This open, democratic Internet is
    often little more than an imaginary legacy construct that may have
    existed at some time in the distant past, if ever. Reality: Today, the
    Internet is governed by a few large entities. Diverse
    interconnectivity and content distribution were also supposed to make
    the Internet more robust. But as it has been shown over and over
    again, a simple misconfiguration at a single significant player will
    cause large parts of the network to disappear.

    Reply
  25. Tomi Engdahl says:

    Tietoturvaa vaivannut sama päänsärky jo 30 vuotta ei mikään
    tuntematon uhka
    https://www.tivi.fi/uutiset/tv/30502d08-b6a4-4dd2-95c4-097d149a23d5
    Kiristyshaittaohjelmat ovat vaivanneet internetiä kolmen vuosikymmenen
    ajan, joten ne eivät todellakaan ole mikään eilispäivän uhka. Tästä
    huolimatta kaikenkokoisissa yrityksissä väki tuntuu olevan aina yhtä
    yllättynyt siitä, että tunkeutujat ovat onnistuneet pääsemään
    järjestelmiin ja verkkoihin. Lopulta uhreille jää vain kaksi
    vaihtoehtoa: joko rakentaa kriittiset it-järjestelmät alusta asti
    uudelleen tai maksaa roistoille lunnaat datan salauksen purkamiseksi.
    Aiheesta myös:
    https://www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/kiristyshaittaohjelmien-aktiivinen-toiminta-jatkuu

    Reply
  26. Tomi Engdahl says:

    Leaky AWS S3 buckets are so common, they’re being found by the
    thousands now with lots of buried secrets
    https://www.theregister.com/2020/08/03/leaky_s3_buckets/
    Misconfigured AWS S3 storage buckets exposing massive amounts of data
    to the internet are like an unexploded bomb just waiting to go off,
    say experts. The team at Truffle Security said its automated search
    tools were able to stumble across some 4,000 open Amazon-hosted S3
    buckets that included data companies would not want public things
    like login credentials, security keys, and API keys.

    Vulnerable perimeter devices: a huge attack surface
    https://www.bleepingcomputer.com/news/security/vulnerable-perimeter-devices-a-huge-attack-surface/
    With the increase of critical gateway devices deployed to support
    off-premise work, companies across the world have to adapt to a new
    threat landscape where perimeter and remote access devices are now in
    the first line. Companies lack visibility into the growing network of
    internet-connected services and devices that support the new work
    paradigm; and the avalanche of vulnerabilities reported for edge
    devices make tackling the new security challenge even more difficult.

    Reply
  27. Tomi Engdahl says:

    INTERPOL report shows alarming rate of cyberattacks during COVID-19
    https://www.interpol.int/News-and-Events/News/2020/INTERPOL-report-shows-alarming-rate-of-cyberattacks-during-COVID-19
    An INTERPOL assessment of the impact of COVID-19 on cybercrime has
    shown a significant target shift from individuals and small businesses
    to major corporations, governments and critical infrastructure. With
    organizations and businesses rapidly deploying remote systems and
    networks to support staff working from home, criminals are also taking
    advantage of increased security vulnerabilities to steal data,
    generate profits and cause disruption.. Also:
    https://www.bleepingcomputer.com/news/security/interpol-lockbit-ransomware-attacks-affecting-american-smbs/

    Reply
  28. Tomi Engdahl says:

    Toolmarks and Intrusion Intelligence
    https://windowsir.blogspot.com/2020/08/toolmarks-and-intrusion-intelligence.html
    Very often, DFIR and intel analysts alike don’t appear to consider
    such things as toolmarks associated with TTPs, nor intrusion
    intelligence. However, considering such things can lead to greater
    edge sharpness with respect to attribution, as well as to the
    intrusion itself. What I’m suggesting in this post is fully exploiting
    the data that most DFIR analysts already collect and therefore have
    available. I’m not suggesting that additional tools be purchased;
    rather, what I’m illustrating is the value of going just below the
    surface of much of what’s shared, and adding a bit of context
    regarding the how and when of various actions taken by threat actors.

    Reply
  29. Tomi Engdahl says:

    Traffic Analysis Quiz: What’s the Malware From This Infection?
    https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Whats+the+Malware+From+This+Infection/26430/
    Today’s diary is a traffic analysis quiz where you try to identify the
    malware based on a pcap of traffic from an infected Windows host.
    Download the pcap from this page, which also has the alerts. Don’t
    open or review the alerts yet, because they give away the answer.

    Reply
  30. Tomi Engdahl says:

    How the NSA Says You Can Limit Location Data Exposure
    https://www.vice.com/en_us/article/v7gxv3/nsa-location-data-privacy
    Location data can be one of the most valuable pieces of information
    for an attacker, and also arguably one of the hardest to protect.
    Smartphones are constantly providing such data through apps, the
    phone’s operating system itself, or in virtue of just using
    telecommunications networks or being near other devices. With that in
    mind, the National Security Agency (NSA) on Tuesday published its own
    guidelines for limiting the exposure of location data. The guidelines
    are geared more for government officials, but the advice itself can be
    useful for those hoping to stop sending so much location data to tech
    companies, ad firms, or apps that may then expose it later.

    Reply
  31. Tomi Engdahl says:

    Threat Hunting Techniques: A Quick Guide
    https://securityintelligence.com/posts/threat-hunting-guide/
    Threat hunting is an essential part of security operations center
    services and should be incorporated at an early stage. Threat hunting
    is the art of finding the unknowns in the environment, going beyond
    traditional detection technologies, such as security information and
    event management (SIEM), endpoint detection and response (EDR) and
    others. There are multiple methods to perform hunting, and your team
    can select the one that fits best based on what you want to
    accomplish.

    Reply
  32. Tomi Engdahl says:

    FBI issues warning over Windows 7 end-of-life
    https://www.zdnet.com/article/fbi-issues-warning-over-windows-7-end-of-life/
    The Federal Bureau of Investigation has sent a private industry
    notification (PIN) on Monday to partners in the US private sector
    about the dangers of continuing to use Windows 7 after the operating
    system reached its official end-of-life (EOL) earlier this year. “The
    FBI has observed cyber criminals targeting computer network
    infrastructure after an operating system achieves end of life status,”
    the agency said.

    Reply
  33. Tomi Engdahl says:

    Less Than Half of Security Pros Can Identify Their Organization’s
    Level of Risk
    https://www.darkreading.com/risk/less-than-half-of-security-pros-can-identify-their-organizations-level-of-risk-/d/d-id/1338577
    Just 51% work with the business side of the house on risk reduction
    objectives, new study shows. Security leaders still struggle to
    communicate their organization’s cyber risk to business executives and
    the board. New research by Forrester and Tenable found that just four
    out of 10 security leaders can answer with a high level of confidence
    the question: “How secure, or at risk, are we?”

    Reply
  34. Tomi Engdahl says:

    Misconfigured servers contributed to more than 200 cloud breaches
    https://www.scmagazine.com/home/security-news/cloud-misconfigurations-contributed-to-more-than-200-breaches/
    Misconfigured storage services in 93 percent of cloud deployments have
    contributed to more than 200 breaches over the past two years,
    exposing more than 30 billion records, according to a report from
    Accurics, which predicted that cloud breaches are likely to increase
    in both velocity and scale. The researchers found that 91 percent of
    the cloud deployments analyzed had at least one major exposure that
    left a security group wide open while in 50 percent unprotected
    credentials were stored in container configuration files, significant
    because 84 percent of organizations use containers.

    Reply
  35. Tomi Engdahl says:

    Australia’s 2020 Cyber Security Strategy
    https://www.pm.gov.au/media/australias-2020-cyber-security-strategy
    The Morrison Governments 2020 Cyber Security Strategy outlines how we
    will keep Australian families and businesses secure online, protect
    and strengthen the security and resilience of Australias critical
    infrastructure and ensure law enforcement agencies have the powers and
    technical capabilities to detect, target, investigate and disrupt
    cybercrime, including on the dark web. The 2020 Cyber Security
    Strategy is the largest ever Australian Government financial
    commitment to cyber security and builds on the strong foundations
    established by its predecessor.. (3MB PDF):
    https://www.homeaffairs.gov.au/cyber-security-subsite/files/cyber-security-strategy-2020.pdf

    Reply
  36. Tomi Engdahl says:

    Shellshock In-Depth: Why This Old Vulnerability Wont Go Away
    https://securityintelligence.com/articles/shellshock-vulnerability-in-depth/
    Shellshock is a bug in the Bash command-line interface shell that has
    existed for 30 years and was discovered as a significant threat in
    2014. Today, Shellshock still remains a threat to enterprise. The
    threat is certainly less risky than in the year of discovery. However,
    in a year in which security priorities have recalibrated to keep up
    with the chaotic landscape, its a good time to look back at this
    threat and the underlying factors that keep these attacks alive today.

    Reply
  37. Tomi Engdahl says:

    USA piirsi ison maalitaulun presidentinvaaleihin sotkeutujien otsaan:
    palkkio jopa 10 miljoonaa dollaria
    https://www.tivi.fi/uutiset/tv/dec0a49d-9a7d-4bbc-8929-470c536f6c26
    Yhdysvallat on valmis maksamaan jopa 10 miljoonaa dollaria sellaisesta
    vihjeestä, joka johtaa ulkomaisen vaaleihin sekaantujan kiinniottoon.
    ZDNetin mukaan palkkio koskee niin vaalijärjestelmiin,
    äänestyslaitteisiin, viranomaisiin, ehdokkaisiin kuin
    kampanjatyötekijöihin kohdistuneita hyökkäyksiä. Palkkio on rajattu
    kuitenkin koskemaan vain sellaisia tekijöitä, jotka toimivat
    yhteistyössä ulkomaisten valtioiden kanssa. Yksittäisten
    kiusantekijöiden nappaamisesta ei siis olla kiinnostuneita.

    Reply
  38. Tomi Engdahl says:

    Insecure satellite Internet is threatening ship and plane safety
    https://arstechnica.com/information-technology/2020/08/insecure-satellite-internet-is-threatening-ship-and-plane-safety/
    More than a decade has passed since researchers demonstrated serious
    privacy and security holes in satellite-based Internet services. The
    weaknesses allowed attackers to snoop on and sometimes tamper with
    data received by millions of users thousands of miles away. You might
    expect that in 2020as satellite Internet has grown more
    popularproviders would have fixed those shortcomings, but youd be
    wrong.

    Reply
  39. Tomi Engdahl says:

    Black Hat 2020: Linux Spyware Stack Ties Together 5 Chinese APTs
    https://threatpost.com/black-hat-linux-spyware-stack-chinese-apts/158092/
    The groups, all tied to the Winnti supply-chain specialist gang, were
    seen using the same Linux rootkit and backdoor combo. A stack of Linux
    backdoor malware used for espionage, compiled dynamically and
    customizable to specific targets, is being used as a shared resource
    by five different Chinese-language APT groups, according to
    researchers.

    Reply
  40. Tomi Engdahl says:

    Cyber insurance guidance
    https://www.ncsc.gov.uk/guidance/cyber-insurance-guidance
    This guidance is for organisations of all sizes who are considering
    purchasing cyber insurance. It is not intended to be a comprehensive
    cyber insurance buyers guide, but instead focuses on the cyber
    security aspects of cyber insurance. If you are considering cyber
    insurance, these questions can be used to frame your discussions. This
    guidance focuses on standalone cyber insurance policies, but many of
    these questions may be relevant to cyber insurance where it is
    included in other policies.

    Reply
  41. Tomi Engdahl says:

    USA decides to cleanse local networks of anything Chinese under new
    five-point national data security plan
    https://www.theregister.com/2020/08/06/usa_clean_network_plan/
    US secretary of state Mike Pompeo has announced a Clean Network plan
    he says offers a comprehensive approach to guarding our citizens
    privacy and our companies most sensitive information from aggressive
    intrusions by malign actors, such as the Chinese Communist Party
    (CCP).

    Reply
  42. Tomi Engdahl says:

    Processing Data to Protect Data: Resolving the Breach Detection
    Paradox
    https://script-ed.org/article/processing-data-to-protect-data-resolving-the-breach-detection-paradox/
    Most privacy laws contain two obligations: that processing of personal
    data must be minimised, and that security breaches must be detected
    and mitigated as quickly as possible. These two requirements appear to
    conflict, since detecting breaches requires additional processing of
    logfiles and other personal data to determine what went wrong.
    Fortunately Europes General Data Protection Regulation (GDPR)
    considered the strictest such law recognises this paradox and
    suggests how both requirements can be satisfied. This paper assesses
    security breach detection in the light of the principles of purpose
    limitation and necessity, finding that properly-conducted breach
    detection should satisfy both principles,

    Reply
  43. Tomi Engdahl says:

    https://semiengineering.com/week-in-review-auto-security-pervasive-computing-27/

    Being in a hurry hurts security. A study from the IT analyst company Enterprise Strategy Group commissioned by Synopsys finds that nearly half (48%) of survey respondents — who were all cybersecurity and application development professionals — consciously push vulnerable code to production due to time pressures. “Organizations need to address application security holistically throughout the development life cycle,” said Patrick Carey, director of product marketing for the Synopsys Software Integrity Group, in a press release. “Of the organizations consciously pushing vulnerable code into production, 45% do so because the vulnerabilities identified were discovered too late in the cycle to resolve them in time. This reaffirms the importance of shifting security left in the development process, enabling development teams with ongoing training as well as tooling solutions that complement their current processes so that they may code securely without negatively impacting their velocity.”

    https://news.synopsys.com/2020-08-06-DevSecOps-Study-Finds-that-Nearly-Half-of-Organizations-Consciously-Deploy-Vulnerable-Applications-Due-to-Time-Pressures

    Reply
  44. Tomi Engdahl says:

    The Secret Life of an Initial Access Broker
    https://ke-la.com/the-secret-life-of-an-initial-access-broker/
    Recently, ZDNet exclusively reported a leak posted on a cybercrime
    community containing details and credentials of over 900 enterprise
    Secure Pulse servers exploited by threat actors. Since this leak
    represents an ever-growing ransomware risk, KELA delved into both the
    leaks content and the actors who were involved in its inception and
    circulation. This short research targets a specific tier of
    cybercriminal actors Initial Access Brokers. These are mid-tier
    actors who specialize in obtaining initial network access from a
    variety of sources, curating and grooming it into a wider network
    compromise and then selling them off to ransomware affiliates. With
    the affiliate ransomware network becoming more and more popular and
    affecting huge enterprises as well as smaller ones, initial access
    brokers are rapidly becoming an important part of the affiliate
    ransomware supply chain. The list leak mentioned above seems to have
    been circulating between several initial access brokers in cybercrime
    forums, and have been exposed by a LockBit affiliate who regarded the
    actors as unprofessional. This event showcases the breadth of
    information thats exchanged on cybercrime communities and, in KELAs
    eyes, emphasizes the need for scalable and targeted monitoring of
    underground communities

    Reply
  45. Tomi Engdahl says:

    The Current State of Exploit Development, Part 1
    https://www.crowdstrike.com/blog/state-of-exploit-development-part-1/
    Memory corruption exploits have historically been one of the strongest
    accessories in a good red teamer’s toolkit. They present an easy win
    for offensive security engineers, as well as adversaries, by allowing
    the attacker to execute payloads without relying on any user
    interaction.

    Reply
  46. Tomi Engdahl says:

    Small and mediumsized businesses: Big targets for ransomware attacks
    https://www.welivesecurity.com/2020/08/07/small-medium-sized-businesses-big-targets-ransomware-attacks/
    Why are SMBs a target for ransomware-wielding gangs and what can they
    do to protect themselves against cyber-extortion?. While large
    enterprises may present themselves as more lucrative prey, SMBs are an
    attractive target due to their lack of resources to defend against
    such attacks.

    Reply
  47. Tomi Engdahl says:

    Iranians, Russians receive text messages seeking U.S. election hacking
    info
    https://www.reuters.com/article/us-cyber-iran-text-messages/iranians-russians-receive-text-messages-seeking-u-s-election-hacking-info-idUSKCN2522Z0
    Written in Farsi, the Iran text messages say: “The United States pays
    up to $10 million for any information on foreign interference in
    American elections.” They carry a link to the U.S. Rewards for Justice
    Program, which offers cash bounties in return for information on
    threats to American national security.

    Reply
  48. Tomi Engdahl says:

    DEF CON: New tool brings back ‘domain fronting’ as ‘domain hiding’
    https://www.zdnet.com/article/def-con-new-tool-brings-back-domain-fronting-as-domain-hiding/
    After Amazon and Google stopped supporting the censorship-evading
    domain fronting technique on their clouds in 2018, new Noctilucent
    toolkit aims to bring it back in a new form as “domain hiding.”. At
    the DEF CON 28 security conference this week, a security researcher
    has released a new tool that can help the makers of sensitive
    applications evade censorship and bypass firewalls to keep services up
    inside problematic areas of the globe. Domain fronting is a technique
    that has been made popular by mobile app developers in the 2010s and
    has been used to allow apps to bypass censorship attempts in
    oppressive countries.

    Reply
  49. Tomi Engdahl says:

    Why You Should Stop Sending SMS MessagesEven On Apple iMessage
    https://www.forbes.com/sites/zakdoffman/2020/08/08/apple-iphone-ipad-imessage-security-update-sms-rcs-google-whatsapp-encryption/
    SMS is at the other end of the security spectrum, built on an archaic
    architecture that sits inside the many cellular networks around the
    world. When you send an SMS, while it might be secure between your
    phone and your network, once there it can be easily intercepted and
    collected. Last year I reported on hackers compromising global telcos
    to collect SMS traffic between targeted senders and recipients. As
    FireEye warned at the time, “users and organizations must consider the
    risk of unencrypted data being intercepted several layers upstream in
    their cellular communication chain.”

    Reply
  50. Tomi Engdahl says:

    Security News This Week: The NSA’s Tips to Keep Your Phone From
    Tracking You
    https://www.wired.com/story/nsa-tips-smartphone-data-canon-ransomware-twitter-bug-security-news/
    Plus: A Canon ransomware hack, a nasty Twitter bug, and more of the
    week’s top security news.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*