Cyber security trends for 2020

Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, will be making educated guesses based on what has happened during the last 12 months and several years before that.

The past year has seen a rapid increase in the adoption of up-and-coming technologies. Everyday items are getting
smarter and more connected. Companies are saving millions with new technologies and cities are racing to
implement smart solutions. 5G promises to bring wireless high speed broadband to everywhere. On the other hand those solutions add new kinds of vulnerabilities. Competing in today’s digital marketplace requires that organizations are cyber-savvy. 2020 is when cybersecurity gets even weirder, so get ready.

Here are some trends and predictions for cyber security in 2020:

Cyber Attacks: Cyberattacks grow in volume and complexity.Many countries that are going to emerge as major threats in the 2020s. Nation-state backed cyber groups have been responsible for major incidents over the last decade. And now more countries want the same power. Cyberattacks range from targeting your database to steal information that can be sold on the dark web, to hijacking unused CPU cycles on your devices to mine for cryptocurrencies, or trying to infect vulnerable systems so they can be used later as part of a botnet.

IoT security: IoT security is still getting worse until it starts to get better.  IoT security is an extremely hot topic right now and will be hot for many years to come. Industrial IoT risk has been discussed a lot. Physics dictates local application deployment, because the control rate of most industrial systems is 10 milliseconds or below. Smart Building Security Awareness Grows. The risks of the IoT in financial services are great. An explosion in IoT devices significantly raises the threat level. Gartner predicted that the world will see nearly 21 billion IoT devices by next year and it would be nice if all of them would be secure, but many of them unfortunately are not secure. Hackers are continually looking for ways to exploit device vulnerabilities. From smart TV’s, IP cameras, and smart elevators, to hospital infusion pumps and industrial PLC controllers, IoT and OT (Operational Technology) devices are inherently vulnerable and easy to hack. Why? Because IoT security is complicated and security should consider and integrated with IoT deployments. Gartner Says Worldwide IoT Security Spending Will Reach $1.9 Billion in 2019, and will raise to $ 3.1 billion in 2021, making it one of the fastest growing segments in cybersecurity industry. IoT landscape is complex, and so are the security solutions. These tackle the different challenges of IoT- device hardening, encryption, discovery, data protection, malware and anomaly detection, policy enforcement and more. You might have to do a little work with your internet of things devices to stay secure. A failure by many IoT device manufacturers to follow cryptographic best practices is leaving a high proportion of the devices vulnerable to attack. One in every 172 active RSA certificates are vulnerable to attack. It is a good idea to build a separate network segments for IoT devices so that they are isolated from the normal office network. FBI recommends that you keep your IoT devices on a separate network.

IoT privacy: Silicon Valley Is Listening to Your Most Intimate Moments. The world’s biggest companies got millions of people to let temps analyze some very sensitive recordings made by your “smart” speakers and smart phones. A quarter of Americans have bought “smart speaker” devices such as the Echo, Google Home, and Apple HomePod. Consulting firm Juniper Research Ltd. estimates that by 2023 the global annual market for smart speakers will reach $11 billion, and there will be about 7.4 billion voice-controlled devices in the wild. That’s about one for every person on Earth. The question is, then what? Having microphones that listen all the time is concerning. Also some attackers are terrifying homeowners and making them feel violated in their own homes.

Medical systems security: Cyberattacks on Medical Devices Are on the Rise—and Manufacturers Must Respond. Attacks on networked medical devices, and the data they collect and transmit, can be costly. Patient safety is a critical concern, especially with devices such as defibrillators and insulin pumps that could cause patient harm or death if they malfunction. It’s shocking that a few years after WannaCry and NotPetya, the healthcare industry is still not prepared to deal with ransomware attacks. Many hospitals and healthcare networks that have been hit by ransomware over the past few months.

Surveillance cameras: Surveillance cameras are capturing what we do on the streets, at airports, in stores, and in much of our public space. China’s Orwellian video surveillance gets a bad rap but the US isn’t far behind as US has nearly the same ratio of security cameras to citizens as China.And the numbers are growing all over the world. One billion surveillance cameras will be deployed globally by 2021, according to data compiled by IHS Markit. Russia is building one of the world’s largest facial recognition networks and it may even be bigger than China’s 200 million camera system. China’s installed base is expected to rise to over 560 million cameras by 2021, representing the largest share of surveillance devices installed globally, with the US rising to around 85 million cameras. Now US, like China, has about one surveillance camera for every four people (in 2018 China had 350 million cameras and USA  70 million). Surveillance cameras are getting better, smaller and cheaper and can be installed almost anywhere. It would be very easy to sneak another device onto a hotel’s Wi-Fi network, stream that video over the internet to the computer.

Facial recognition: Private companies and governments worldwide are already experimenting with facial recognition technology. Facial recognition software is touted as making us safer. But mass surveillance has downsides of major proportions. Massive errors found in facial recognition tech. Facial recognition systems can produce wildly inaccurate results, especially for non-whites. Russia is building one of the world’s largest facial recognition networks. Individuals, lawmakers, developers – and everyone in between – should be aware of the rise of facial recognition, and the risks it poses to rights to privacy, freedom, democracy and non-discrimination.

Shut off Internet: Worrying worldwide trend employed by various governments: preventing people from communicating on the web and accessing information. Amid widespread demonstrations over different issues many countries have started cutting Internet connections from people. Some countries, namely China, architected their internet infrastructure from the start with government control in mind. Russia is aiming to this direction. Iran, India, Russia. For better or worse, an internet blackout limits the government’s ability to conduct digital surveillance on citizens.

Security First: Implementing Cyber Best Practices Requires a Security-First ApproachCompeting in today’s digital marketplace requires that organizations be cyber-savvy. The best defense is to start with a security-driven development and networking strategy that builds a hardened digital presence from the ground up. This not only ensures that your online services and web applications are protected from compromise, but also enables security to automatically evolve and adapt right alongside the development of your digital presence, rather than it having to be constantly rigged and retrofitted to adapt to digital innovation.

Zero Trust Network Access: Many of the most damaging breaches have been the result of users gaining access to unauthorized levels of network resources and devicesZero Trust is an enforceable, identity-driven access policy that includes seamless and secure two-factor/OTP authentication across the organization. Zero Trust Network Access ensures that all users and devices are identified, profiled, and provided appropriate network access. It also ensures that new devices are automatically assigned to appropriate network segments based on things like device profiles and owners. When combined with Network Access Control (NAC), organizations can also discover, identify, grant appropriate access, and monitor devices, thereby enhancing your access and segmentation strategy.

Anti-virus software: Only Half of Malware Caught by Signature AV. The percentage of malware that successfully bypassed signature-based antivirus scanners at companies’ network gateways has increased significantly, either by scrambling
code known as “packing” using basic encryption techniques or by the automatic creation of code variants. It seems that new approaches like machine learning and behavioral detection are necessary to catch threats. Meanwhile, network attacks have risen, especially against older vulnerabilities.

Ransomware attacks: Ransomware will remain a major threat in the coming year, as the criminal business model continues to flourish. That’s a move that security professionals have long condemned, warning that paying the ransom in a ransomware attack could end up causing more turmoil for victims – as well as inspire other cybercriminals to launch ransomware attacksMicrosoft never encourage a ransomware victim to pay. What to do with this is question. How much does a large-scale ransomware attack cost, as opposed to just hiring an adequate number of skilled IT personnel, and having disaster recovery plans in place? There is no complete security solution that could stop all attacks, but you should have decent protection. It would seem prudent to have adequate staff and offline BACKUPS to deal with this kind of situation, so decent recovery would be possible. Having no backup system is the gamble many companies and public entities seem to be playing. Good backups helps to recover from ransom attacks. There are new tactics coming to use in ransomware. A new Snatch ransomware strain that will reboot computers it infects into Safe Mode to disable any resident security solutions. Another new tactic by ransomware developers is to release a victim’s data if they do not pay the ransom – they will publish data that they steal to a competitor if the ransom is not paid.

Public sector: Public Sector Security Is Lagging. The state of cybersecurity and resilience in the public sector needs an
urgent boost in many countries. U.S. citizens rely on state governments and local municipalities to provide a host of services everything from access to public records, law enforcement protection, education and welfare to voting and election services. Cybercriminals have been targeting state and local governments with ransomware tools, which infect an organization’s computer networks and lock up critical files.

Regulation: We will see further legal regulations in the area of cyber security and data protection. The implementation of the GDPR and the IT Security Act have already ensured that the behaviour of companies has changed significantly. The drastic fines are having an effect. However, the GDPR is not the end of the story. The ePrivacy Regulation, the forthcoming reform of the IT Security Act and the European CyberSecurity Act will introduce further requirements, with the aim of improving digital security.

Consumer confidence: Winning consumer confidence is crucial to the development of new digital services. In a PwC study, consumers are prepared to share personal information if it is of sufficient value to them. On the other hand, consumer confidence also needs to be earned that you keep the information safe.

API security: APIs now account for 40% of the attack surface for all web-enabled apps. It’s a good time to pay attention to API security, since some recent high-profile breaches have involved API vulnerabilities. OWASP, the Open Web Application Security Project known for its top 10 list of web application vulnerabilities, published the release candidate version of its API Security Top 10 list at the end of September 2019. Also it’s almost 2020 and some sysadmins are still leaving Docker admin ports exposed on the internet.

Skills gap: Security teams are already grappling with serious challenges due to the growing cybersecurity skills gap, are being tasked to secure an ever-expanding network footprint. Security teams are often left to secure virtual and cloud environments, the implementation of SaaS services, DevOps projects, the growing adoption of IoT, mobile workers, and an expanding array of personal connected devices after they have already been implemented. They often do not have enough people and enough knowledge on those new technologies to do their work well. The cybersecurity unemployment rate is zero, with over 1 million jobs currently unfilled, a number that is expected to climb to 3.5 million by 2021. 145% Growth is Needed to Meet Global Demand.

Think Like Your Adversary: Cybersecurity leaders need to access the potential vulnerabilities (from the mindset of the adversary) and devise effective defensive countermeasures unique to their company’s needs. Programmers Should Think like Hackers. Security must be taken into account in all programming steps.

Third party security: Most Companies Don’t Properly Manage Third-Party Cyber Risk. It’s been established that good cybersecurity requires not just an internal assessment of an organization’s own security practices, but also a close look at the security of the partners that businesses rely upon in today’s modern, interconnected world. Developing a Third-Party Cyber Risk Management (TPCRM) strategy is becoming more common with every news headline regarding a major breach that stemmed from a company’s relationship with a third-party.

Privacy and surveillance: Fears Grow on Digital Surveillance. Americans are increasingly fearful of monitoring of their online and offline activities, both by governments and private companies. More than 60 percent of US adults believe it is impossible to go about daily life without having personal information collected by companies or the government. Google and Facebook help connect the world and provide crucial services to billions. But their system can also be used for surveillance. Amnesty International says Facebook and Google’s omnipresent surveillance is inherently incompatible with the right to privacy and is a danger to human rights. The claim is that the companies’ surveillance-based business model is inherently incompatible with the right to privacy and poses a threat to a range of other rights including freedom of opinion and expression, freedom of thought, and the right to equality and non-discriminationAmnesty International has called for a radical transformation of the tech giants’ core business model and said that Google and Facebook should be forced to abandon what it calls their surveillance-based business model because it is “predicated on human rights abuse.”

5G: Forecasting that 2020 will be “the year of 5G” no longer qualifies as a bold prediction. Billions of dollars’ worth of 5G rollouts are scheduled for the coming year, which will bring the emergent technology to countries around the world. The arrival of 5G will fuel an explosion of never-before-seen IoT machines, introducing uncharted vulnerabilities and opening the door for cyber-criminals to compromise our increasingly intertwined cities. Claims that 5G offers “better security” for IoT may not ring true.

5G security: The new 5G mobile networks will be the backbone of future digitalized operations. Therefore, it is also important to ensure the security and immunity of 5G networks.The Council of the European Union has warned member states that the introduction of 5G networks poses increased security risks while also bringing economic and infrastructure benefits. ENISA, the European Union Agency for Cybersecurity has published a ThreatLandscape for 5G Networks, assessing the threats related to the fifth generation of mobile telecommunications networks (5G). Organised cybercrime, rogue insiders and nation-state-backed hackers are among the groups that could soon be targeting 5G networks. Claims that 5G offers “better security” for IoT may not ring true – with the technology remaining vulnerable to SIM-jacking attacks within private Industry 4.0-style deployments. 5G SIM-swap attacks could be even worse for industrial IoT than now. Criminals can convince telcos to port a victim’s number to a new SIM card controlled by the criminal. Trust your hardware or operator? Pah, you oughta trust nobody. Do not put all your security and identification to this SIM card.

DNS Over HTTPS (DoH):  DoH encrypted DNS queries are already set to arrive in Chrome and Firefox web browsers. Microsoft Will Bring DNS Over HTTPS (DoH) to Windows 10 in an attempt to keep user traffic as private as possible. DoH support in Windows means encrypted DNS queries. Microsoft says that DoH doesn’t require DNS centralization if adoption is broad among operating systems and Internet service providers alike.

Firewall configuration: Now, more than ever, it is important to automate firewall processes to prevent misconfigurations and data breaches. Gartner has warned that “50% of enterprises will unknowingly and mistakenly have exposed some IaaS storage services, network segments, applications or APIs directly to the public internet, up from 25% at YE18.”. This is a human problem, not a firewall problem.

Bot attacks: Bots are being used to take over user accounts, perform DDoS attacks, abuse APIs, scrape unique content and pricing information and more. Organizations are Failing to Deal With Rising Bot Attacks.

Network security: Networks are continually growing in complexity and the cyberattack surface is constantly expanding. The network perimeter of today is elastic, expanding and contracting with the demands of both users and the business. In a rush to adopt digital business practices, many of these new network expansion projects are often being implemented ad hoc by individual lines of business. Routers sit at the edge of the network and see everything and they can be utilized to Making the Network the First Line of Defense. A critical step in building a stronger security posture and more robust data protection strategy is a 24×7 facility whose mission is to monitor, detect, investigate and resolve active threats. Cybercriminals only need to be successful once in finding a way to access the network – but the security team needs to monitor everything on the network and be right all the time to ensure security. Today’s core network is continually adapting to the introduction of new devices, applications, and workflows, along with shifting network configurations to support business requirements, requiring the use of advanced, intent-based segmentation.

Security-Driven Networking: Security-Driven Networking is a new, strategic approach to security that enables the seamless expansion of network environments and services without ever compromising on security. Essentially, it begins by crafting a comprehensive security policy that covers the entire organization. It outlines the protocols, enforcement and inspection technologies, policies, and protections required to be in place before any new network environment or solution is even placed on the drawing board. It requires the selection and full integration of security tools that not only work together to share and correlate intelligence and coordinate a unified response to threats, but that also work seamlessly across the widest variety of environments possible.

Critical infrastructure: Determined threat actors have, for some time, been extending their toolsets beyond Windows, and even beyond PC systems. In recent years, we have seen a number of high-profile attacks on critical infrastructure facilities and these have typically been aligned to wider geo-political objectives. Expect targeted attacks on critical infrastructure facilities to increase. APT33 has shifted targeting to industrial control systems software. We need to be worried about Cyber-Physical Security of the Power Grid. To protect this infrastructure you need to prioritize strategic risks that affect critical infrastructure: Concern yourself with the most important hacks, Understand the critical pieces of your infrastructure and Know your inter-dependencies.

Payment security: Payment security backslides for second straight year in 2019. Verizon’s 2019 Payment Security Report found that full compliance with the Payment Card Industry Data Security Standard (PCI DSS) fell to36.7% globally, down from 52.5% in 2018. At the same time EU’s PSD2 (Payments Services Directive) lays down regulatory requirements for companies that provide payment services, including the use of personal data by new fintech companies that are not part of the established banking community. Security of online, including mobile, payments is a key aspect of the legislation. Nevertheless, as banks will be required to open their infrastructure and data to third parties. Although SSLv3 has been considered obsolete and insecure for a long time, a large number of web servers still support its use.

Election security: Nowadays, no elections can be held any longer without debate on influencing voters through online services. There are on-going accusations of Russian interference in US elections and fears about a possible reboot of this in the run-up to the 2020 elections. U.S. military cyber experts are plotting strategy in a fight against potential Russian and other cyberattacks ahead of the 2020 American and Montenegrin elections. As the 2020 Presidential election looms closer in the United
States, a key focus will be on securing election infrastructure to prevent tampering. Most of the largest US voting districts are still vulnerable to email spoofing. Also disinformation campaigns for political purposes are deeply rooted in cybercriminal endeavors. It’s quite possible that we will see changes to legislation and policy, as governments look to define more clearly what is and what isn’t allowed. Hacking is considered to be the biggest tech threats to 2020 elections in USA. Legislators are working on new laws, but it is not going to be enough in an era when technology is turning out entirely new attack surfaces.

False Flags: The use of false flags has become an important element in the playbook of several APT groups. This can be used to try to deflect attention away from those responsible for the attack or what is really happening.

Common attack tools: Cyber actors continually use commodity malware, scripts, publicly available security tools or administrator software during their attacks and for lateral movement, making attribution increasingly difficult.

Vulnerability disclosure: Most “white hat” cyber engineers seem to be driven by a sense of social responsibility best expressed as, “If you find something, say something.” Across the industry, the ethos is to share information quickly, whether the problem is a newly discovered exploit or an evolving cyber threat. The goal is to impel the affected vendor—hardware or software—to take quick action and produce a fixThere are good and bad ways to make vulnerabilities known. A premature “full disclosure” of a previously unknown issue can unleash the forces of evil, and the “black hats” often move faster than vendors or enterprise IT teamsThe preferred path is a “responsible” or “coordinated” disclosure that happens behind the scenes. Public announcements occur after a specified period of time—typically 90 or 120 days. But things don’t work this way always.

Ransomware: Cybercriminals have become more targeted in their use of ransomwareIt is inevitable that the cybercriminals will also attempt to diversify their attacks to include other types of devices besides PCs or servers. There is a Ransomware ‘Crisis’ in US Schools and in many cities in USA.

Supply chain: Use of supply chains will continue to be one of the most difficult delivery methods to address. It is likely that attackers will continue to expand this method through manipulated software containers, for example, and abuse of packages and libraries. Medium-sized companies are being targeted even more heavily by cyber criminals. They are often the weakest link in supply chains that include large corporations. There is the growth of counterfeit electronics.

Mobile: The main storage for our digital lives has moved from the PC to mobiles over last 10 years. Several countries have started demanding their own software (maybe in some cases also malware) to be installed to all smart phones. Putin signs law making Russian apps mandatory on smartphones, computers.

Android: Today 80% of Android apps are encrypting traffic by default. To ensure apps are safe, apps targeting Android 9 (API level 28) or higher automatically have a policy set by default that prevents unencrypted traffic for every domain. The heterogeneity of the Android versions will continue to be a problem in the coming year.

DDoS attacks: DNS amplification attacks continue to dominate distributed denial-of-service (DDoS) attacks, while mobile devices make up a larger share of traffic. The number of distributed denial-of-service (DDoS) attacks rose 86% in the third quarter compared to a year agoDNS amplification attacks accounted for 45% of the attacks, while HTTP
floods and TCP SYN attacks accounted for 14%Mobile Devices Account for 41% of DDoS Attack Traffic.

Business security: Small and medium-sized businesses (SMBs) increasingly recognize that a reactive security posture is no longer sufficient for protecting their networks. Breaches will happen. Companies should treat cyberattacks “as a matter of when” and not “whether.” Inside threads are still a big issue as Employees are one of your biggest assets, but human beings are the weakest link in the security chain. Data leaks help attackers to craft more convincing social engineering attacks. Plan proper incident management because Quick, reliable, multichannel communication is a vital part of any incident management solution. Cybercriminals often choose very small companies as their targets because small businesses rarely spend significant money on security systems. Medium-sized companies are being targeted even more heavily by cyber criminals. They are often the weakest link in supply chains that include large corporations.

Cyber insurance: Cyber Has Emerged as a Risk That is Not Specifically Covered by Other Insurance Policies. Since business is now urged to take a risk management approach to cyber security, it is natural and inevitable that cyber insurance should be considered as part of the mix. Cyber insurance is set to grow.

New encryption:  The problem with encrypted data is that you must decrypt it in order to work with it. There is a powerful solution to this scenario: homomorphic encryption. Homomorphic encryption makes it possible to analyze or manipulate encrypted data without revealing the data to anyone. Just like many other populr forms of encryption, homomorphic encryption uses a public key to encrypt the data. There are three main types of homomorphic encryption: partially homomorphic encryption (keeps sensitive data secure by only allowing select mathematical functions to be performed on encrypted data); somewhat homomorphic encryption (supports limited operations that can be performed only a set number of times); fully homomorphic encryption (this is the gold standard of homomorphic encryption that keeps information secure and accessible). Cryptographers have known of the concept of homomorphic encryption since 1978 but Gentry established the first homomorphic encryption scheme in 2009.The biggest barrier to widescale adoption of homomorphic encryption is that it is still very slow. Duality, a security startup co-founded by the creator of homomorphic encryption, raises $16M.

Artificial Intelligence (AI): The buzzword for 2019 that we have all heard a thousand times was Artificial Intelligence, AI. The term AI is often interchanged with machine learning. There is a lot of research to examine AI applications on cyber security. As cyberattacks grow in volume and complexity, hopefully artificial intelligence (AI) is helping under-resourced security operations analysts stay ahead of threats.  Cybersecurity tools currently use this data aggregation and pattern analysis in the field of heuristic modeling: THE TRUE FUNCTION OF AI WILL BE TO DETERMINE WITH A LONG ARC OF TIME AND DATA, WHAT “NORMAL” LOOKS LIKE FOR A USER. AI can act as an advisor to analysts, helping them quickly identify and connect the dots between threats. Finnish cyber security company F-Secure is making research on AI agents and on that Mikko Hyppönen says that AI should not used to try to imitate humans and that artificial intelligence-based attacks are expected in the near future. Another Finnish cyber security company Nixu says that Artificial intelligence is going to revolutionize cyber security. According to Orlando Scott-Cowley from Amazon Web Services machine learning is the new normal in cyber security. Advanced Machine Learning layers are to be integrated into the latest Windows cybersecurity products. Leaders in artificial intelligence warn that progress is slowing, big challenges remain, and simply throwing more computers at a problem isn’t sustainable.

2020 problems: Has your business prepared for the ‘2020 problem’? Software updates for Windows 7 will end on January 14, 2020. As of Jan. 14, 2020, Windows 7 and Server 2008 technical support and software updates will no longer be available from Windows Update. There will no longer be updates for Office 2010. Some business users can buy extended security update support with extra money for some time. Python will stop supporting Python version 2 on January 1, 2020. Beginning on January 1, 2020, un-patched Splunk platform instances will be unable to recognize timestamps from events where the date contains a two-digit year. December 2019 Patch Tuesday was the last time Microsoft ever offered security updates for devices running Windows 10 Mobile.

Crypto wars continue: A decades-old debate: Government officials have long argued that encryption makes criminal investigations too hard. Governments all over the world say that Encrypted communication is a huge issue for law enforcement and the balance between the privacy of citizens and effective policing of criminal activity is top of mind for governments, technology companies, citizens and privacy organisations all over the world. The international police organization Interpol plans to condemn the spread of strong encryption. Top law enforcement officials in the United States, United Kingdom and Australia, the larger group will cite difficulties in catching child sexual predators as grounds for companies opening up user communications to authorities wielding court warrants. Congress warns tech companies: Take action on encryption, or we will. US lawmakers are poised to “impose our will” if tech companies don’t weaken encryption so police can access data.

Do not weaken encryption: Companies, they say, should build in special access that law enforcement could use with a court’s permission. Technologists say creating these back doors would weaken digital security for everyone. Unfortunately, every privacy protection mechanism is subject to abuse by the morally challenged. That’s just a truth that must be accepted and overcome. Invading the privacy of the masses in order to catch criminals is unacceptable. Remember three things: One, that strong encryption is necessary for personal and national security. Two, that weakening encryption does more harm than good. And three, law enforcement has other avenues for criminal investigation than eavesdropping on communications and stored devicesIf back-doors are added to encryption, they will be abused. If You Think Encryption Back Doors Won’t Be Abused, You May Be a Member of Congress. Bad encryption can have business consequences. Apple and Facebook told the committee that back doors would introduce massive privacy and security threats and would drive users to devices from overseas. In Australia 40% of firms say they have lost sales say they have lost sales or other commercial opportunities as a result of the encryption law being in place.

Scaring people: Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. Which particular horseman is in vogue depends on time and circumstance.

2FA: The second authentication factor might be a minor inconvenience, but it provides a major security boost. With past years riddled with security breaches, it is high time we evaluated the way we secure our online presence. Two factors are much better than one, but can still be hacked. Attacks that phish 2FA to access email accounts cost $100-$400; such attacks can be prevented with physical security keys. Also some physical security keys can be hacked as they turn to be less secure that what they were told to be in the advertisements.

Myth of sophisticated hacker in news:  It’s the latest lexical stretch for an adjective that’s widely used in reports of cybersecurity incidents — and widely loathed by researchers as a result. If everything is sophisticated, nothing is sophisticated.

New security models: Google moved from perimeter-based to cloud-native security. Google’s architecture is the inspiration and template for what’s widely known as “cloud-native” today—using microservices and containers to enable workloads to be split into smaller, more manageable units for maintenance and discovery. Google’s cloud-native architecture was developed prioritizing security as part of every evolution.

Hacktivists: Hacktivists seek to obtain private information about large companies in order to embarrass or expose the company’s controversial business practices. Many companies are a treasure trove for personal information, whether they realize it or not. Experian is predicting that the emerging cannabis industry will experience an increase in data breaches and cybersecurity threats in 2020.

RCS messaging: RCS, expanded as Rich Communications Services, is a protocol that aims to replace SMS.RCS messaging has rolled out to Android users in the US. The update brings a lot of new features like chat, send hi-res videos and photos and create group chat. One criticism of RCS is that it doesn’t provide end-to-end encryption. RCS could be also better in many other security aspects. Researchers have discovered that the RCS protocol exposes most users to several cyber attacks. These risks are said to be mitigated by implementing the protocol with the security perspective in mind. The standard itself allows for poor security implementation, but GSMA advises its members to deploy rcs with the most secure settings possible.

Data breaches: Billions of Sensitive Files Exposed Online all the time. During the first six months of 2019, more than 4 billion records were exposed by data breaches. That’s a shocking statistic that’s made even more so when you realize that passwords were included in droves. On December 4, a security researcher discovered a treasure trove of more than a billion plain-text passwords in an unsecured online database. Many businesses wrongly assume they are too small to be on the radar of the threat actors. The truth is that it is all about the data, and small businesses often have less well-guarded data storesAll organizations are exposed to security breaches: from large multinationals to SMEs and public administrations. A common thread is  unsecured cloud-based databases that left the sensitive information wide open for anyone to access online.

Phishing: Phishing remains 1 of the most pervasive online threats. Phishing emails are still managing to catch everyone out. Phishing e-mails which are used to steal credentials usually depend on user clicking a link which leads to a phishing website that looks like login page for some valid service. Google Chrome now offers better protection against it as safe Browsing displays warning messages to users ahead of visiting dangerous websites and before downloading harmful applications. New advanced ways to phish are taken to use.With dynamite phishing, the cyber criminals read the email communication from a system already infected with an information stealer. The infected user’s correspondents then receive malicious emails that quote the last “real” email between the two parties and look like a legitimate response from the infected user. Attacks that phish 2FA to access email accounts cost $100-$400; such attacks can be prevented with physical security keys.

Windows: Microsoft Doesn’t Back Up the Windows Registry Anymore. It’s still possible to perform Windows Registry backups, but the option is disabled by default. It’s time to disconnect RDP from the internet as brute-force attacks and BlueKeep exploits usurp convenience of direct RDP connection. Microsoft is ready to push a full-screen warning to Windows 7 users
who are still running the OS after January 14.

Linux: Support for 32 bit i386 architecture will be dropped by many Linux distributions. It turns out that there are essentially no upstream development resources dedicated to x86_32 Linux. Perhaps unsurprisingly, it was badly broken.

Drones: Turkey is getting military drones armed with machine guns. Drone hacking happens. There is now Dronesploit – Metasploit for drones. Metasploit-style CLI framework tailored for tinkering with everybody’s favourite unmanned flying objects.

World market war: China tells government offices to remove all foreign computer equipment. China has ordered the replacement of all foreign PC hardware and operating systems in state offices over the next three years. This will mean that China to ditch all Windows PCs by 2022.China has already some of their own Linux distros like Kylin and Deepin. Many western countries are more or less banning Huawei teleocm equipment.

Cloud security: Traditional security tools and methodologies are ill-suited to protect cloud native’s developer-driven and infrastructure-agnostic multicloud patterns. The vision as laid out by these renown analysts is straightforward. The legacy “data center as the center of the universe” network and network security architecture are obsolete and has become an inhibitor to the needs of digital business. They describe the underpinning shift to cloud infrastructure, a digital transformation that has been underway for ten years. They also point out that the corporate network cannot protect end users who consume cloud applications from any location and any device without the contorting, expensive, backhaul of traffic through the corporate data center. Gartner coins a new term for the future of security and networks, SASE (pronounced sassy), Secure Access Service Edge, which is not anything really new.  SASE promises to create a ubiquitous, resilient, and agile secure network service—globally. Most of the stolen data incidents in the cloud are related to simple human errors rather than concerted attacks. Expect that through 2020, 95% of cloud security failures will be the customer’s fault. A common thread is  unsecured cloud-based databases that left the sensitive information wide open for anyone to access online. Also it’s almost 2020 and some sysadmins are still leaving Docker admin ports exposed on the internet.

Autocracy as a service: Now Any Government Can Buy China’s Tools for Censoring the Internet. “Autocracy as a service” lets countries buy or rent the technology and expertise they need, as they need it. China offers a full-stack of options up and down the layers of the internet, including policies and laws, communications service providers with full internet.

Trackers: Trackers are hiding in nearly every corner of today’s Internet, which is to say nearly every corner of modern life. The average web page shares data with dozens of third-parties. The average mobile app does the same, and many apps collect highly sensitive information like location and call records even when they’re not in use. Tracking also reaches into the physical world.

Geopolitics: US-China Tech Divide Could Cause Havoc. It is possible that world’s next major conflict can start in cyberspace. USA has ordered to ban certain hardware from China (Huawei and ZTE). China orders ban on US computers and softwareChinese government to replace foreign hardware and software within three years. Who needs who more?

International cyber politics: Lack of international standards for proper behavior in cyberspace prevents the United States and allies from policing adversaries as they wish to. US can’t ‘enforce standards that don’t exist’. We have international norms in the maritime; we don’t have those in cyber. It makes it difficult to enforce standard that don’t exist, and to therefore hold nations accountable for nefarious behavior. NATO did confirm in 2017 that it could invoke Article 5 of its charter should one or more member nations find themselves under a serious cyberattack that threatens critical military and civilian infrastructure.

 

Sources:


https://www.csoonline.com/article/3452747/what-you-need-to-know-about-the-new-owasp-api-security-top-10-list.html

https://pentestmag.com/iot-security-its-complicated/

https://isc.sans.edu/diary/rss/25580

https://www.securityweek.com/case-cyber-insurance

https://www.bleepingcomputer.com/news/security/cybercriminals-lend-tactics-and-skills-to-political-meddlers/

https://www.securityweek.com/tips-help-mssps-choose-threat-intelligence-partner

https://www.zdnet.com/article/microsoft-we-never-encourage-a-ransomware-victim-to-pay/

https://www.darkreading.com/iot/weak-crypto-practice-undermining-iot-device-security/d/d-id/1336636

https://pacit-tech.co.uk/blog/the-2020-problem/

https://www.theregister.co.uk/2019/12/09/dronesploit_framework/

https://www.securityweek.com/blunt-effect-two-edged-sword-vulnerability-disclosures

https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020

https://threatpost.com/email-voted-a-weak-link-for-election-security-with-dmarc-lagging/150909/

https://techcrunch.com/2019/12/15/rcs-messaging-has-rolled-out-to-android-users-in-the-us/?tpcc=ECFB2019&guccounter=1

https://www.theregister.co.uk/2019/12/04/council_of_eu_5g_risks/

https://techcrunch.com/2019/12/05/major-voting-districts-vulnerable-email-security/

https://www.zdnet.com/article/windows-10-mobile-is-over-prepare-for-final-security-patches-as-support-ends/

https://cacm.acm.org/magazines/2019/12/241053-hack-for-hire/fulltext

https://www.zdnet.com/article/chinese-government-to-replace-foreign-hardware-and-software-within-three-years/

https://www.zdnet.com/article/5g-hackers-these-six-groups-will-try-to-break-into-the-networks-of-tomorrow/

http://read.uberflip.com/i/1180978-siliconexpert-growth-of-counterfeit-electronics-3/0?acctid=6759

https://www.fireeye.com/blog/threat-research/2019/12/fireeye-approach-to-operational-technology-security.html

https://www.darkreading.com/attacks-breaches/mobile-devices-account-for-41–of-ddos-attack-traffic/d/d-id/1336635

https://www.technologyreview.com/f/614906/us-senators-on-encryption-backdoors-we-will-impose-our-will-on-apple-and-facebook/

https://www.zdnet.com/article/2020-is-when-cybersecurity-gets-even-weirder-so-get-ready/

https://www.theregister.co.uk/2019/12/09/china_orders_ban_on_us_computers_and_software/

https://www.securityweek.com/case-cyber-insurance

https://www.darkreading.com/threat-intelligence/only-half-of-malware-caught-by-signature-av/d/d-id/1336577

https://securityintelligence.com/posts/public-sector-security-is-lagging-how-can-states-and-governments-better-defend-against-cyberattacks-in-2020/

https://www.eetimes.eu/ai-will-empower-industry-4-0-when-it-arrives/

https://www.pandasecurity.com/mediacenter/security/2019-the-ransomware-tsunami/

https://blog.paloaltonetworks.com/2019/12/cloud-native-security-platform-age/

https://github.com/dhondta/dronesploit/

https://isc.sans.edu/forums/diary/Internet+banking+sites+and+their+use+of+TLS+and+SSLv3+and+SSLv2/25606/

https://www.zdnet.com/article/1-in-every-172-active-rsa-certificates-are-vulnerable-to-exploit/

https://nationalcybersecurity.com/hacking-the-biggest-tech-threats-to-2020-elections/

https://www.welivesecurity.com/2019/12/17/bluekeep-time-disconnect-rdp-internet/

https://www.eff.org/wp/behind-the-one-way-mirror

https://www.gdatasoftware.com/blog/2019/12/35671-early-detection-and-repulsion-of-dangerous-attacks

https://www.is.fi/digitoday/tietoturva/art-2000006342803.html

https://www.bleepingcomputer.com/news/security/another-ransomware-will-now-publish-victims-data-if-not-paid/

https://www.bleepingcomputer.com/news/security/google-chrome-uses-safe-browsing-to-improve-phishing-protection/

https://techcrunch.com/2019/10/30/duality-cybersecurity-16-million/

https://www.wired.com/story/sobering-message-future-ai-party/

https://www.reuters.com/article/us-russia-internet-software-idUSKBN1Y61Z4?utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook

https://security.googleblog.com/2019/12/an-update-on-android-tls-adoption.html?m=1

https://www.forbes.com/sites/richardstiennon/2019/12/09/gartner-has-it-right-palo-alto-networks-has-it-wrong/

https://www.forbes.com/sites/leemathews/2019/12/11/google-chrome-adds-real-time-warnings-for-phishing-attacks/

https://www.zdnet.com/article/google-all-android-users-in-the-us-just-got-rcs-next-gen-sms/

https://www.schneier.com/blog/archives/2019/12/scaring_people_.html

https://www.mikrobitti.fi/uutiset/yha-oudompia-kyberiskuja-tahan-sinun-tulee-varautua/146d2459-1709-4109-8615-a24875b5af5d

https://www.fifthdomain.com/smr/reagan-defense-forum/2019/12/07/in-cyber-the-us-cant-enforce-standards-that-dont-exist/?utm_source=facebook.com&utm_campaign=Socialflow+C4&utm_medium=social

https://tcrn.ch/355ZAOT

https://www.bleepingcomputer.com/news/security/attackers-terrify-homeowners-after-hacking-ring-devices/

https://lists.ubuntu.com/archives/ubuntu-devel-announce/2019-June/001261.html

https://lwn.net/ml/oss-security/CALCETrW1z0gCLFJz-1Jwj_wcT3+axXkP_wOCxY8JkbSLzV80GA@mail.gmail.com/

https://www.theguardian.com/world/2019/dec/09/china-tells-government-offices-to-remove-all-foreign-computer-equipment

https://www.inc.com/chris-matyszczyk/if-you-have-an-amazon-echo-or-google-home-fbi-has-some-urgent-advice-for-you.html?cid=sf01002

https://www.bbc.com/news/amp/world-australia-46463029

https://minnesota.cbslocal.com/2019/12/11/its-scary-stuff-cyber-security-expert-says-recording-device-investigation-at-hyatt-hotel-is-not-uncommon/

https://fin.afterdawn.com/uutiset/artikkeli.cfm/2019/12/11/windows-7-n-tuki-paattyy-pian-microsoft-iskee-koko-nayton-varoituksella

https://tcrn.ch/2rMpx7E

https://cyware.com/news/rcs-technology-most-users-are-vulnerable-to-hacking-b53f9a6f

https://www.forbes.com/sites/daveywinder/2019/08/20/data-breaches-expose-41-billion-records-in-first-six-months-of-2019/#36679040bd54

https://hub.packtpub.com/core-python-team-confirms-sunsetting-python-2-on-january-1-2020/

ttps://www.kauppalehti.fi/uutiset/uusi-alypuhelintekniikka-tuo-mukanaan-tietoturva-aukkoja-muun-muassa-google-ilmoittanut-ottavansa-tekniikan-kayttoon/8d8093a0-71ab-4a9c-838a-eb3bfc697e85

https://www.cnet.com/news/congress-warns-tech-companies-take-action-on-encryption-or-we-will/

https://cyware.com/news/rcs-technology-most-users-are-vulnerable-to-hacking-b53f9a6f

https://edri.org/facial-recognition-and-fundamental-rights-101/

https://cloud.google.com/blog/products/identity-security/beyondprod-whitepaper-discusses-cloud-native-security-at-google

https://itwire.com/government-tech-policy/encryption-law-40-of-firms-say-they-have-lost-sales-after-passage.html

https://techcrunch.com/2019/12/10/insider-threats-startups-protect/

https://www.newscientist.com/article/2227168-turkey-is-getting-military-drones-armed-with-machine-guns/#ixzz684jm3YzJ

https://uk.pcmag.com/windows-10/121518/microsoft-doesnt-back-up-the-windows-registry-anymore

https://threatpost.com/ransomware-attack-new-jersey-largest-hospital-system/151148/

https://www.cnbc.com/2019/12/13/new-orleans-reports-cyberattacks-after-other-attacks-in-louisiana.html

https://chiefexecutive.net/bridge-cybersecurity-skills-gap/

https://systemagic.co.uk/has-your-business-prepared-for-the-2020-problem/

https://blog.checkpoint.com/2019/12/09/protect-yourself-from-hacker-in-the-box-devices-with-the-iot-security-risk-assessment/

https://www.bloomberg.com/news/features/2019-12-11/silicon-valley-got-millions-to-let-siri-and-alexa-listen-in

https://www.vice.com/en_us/article/k7eq7x/vladimir-putins-computer-is-apparently-still-running-windows-xp?utm_source=vicenewsfacebook

https://nypost.com/2019/12/16/video-surveillance-in-china-isnt-much-worse-than-in-the-us/?utm_campaign=iosapp&utm_source=facebook_app

https://spectrum.ieee.org/the-human-os/biomedical/devices/cyber-attacks-on-medical-devices-are-on-the-riseand-manufacturers-must-respond

https://reason.com/2019/12/16/if-you-think-encryption-back-doors-wont-be-abused-you-may-be-a-member-of-congress/

https://news.yahoo.com/massive-errors-found-facial-recognition-tech-us-study-215334634.html

https://www.securityweek.com/most-companies-dont-properly-manage-third-party-cyber-risk

https://www.uusiteknologia.fi/2019/11/21/hyoty-panee-jakamaan-tietonsa-luottamus-ratkaisee/

https://pentestmag.com/advice-for-a-cybersecurity-leader-think-like-your-adversary/

https://www.amnesty.org/en/latest/news/2019/11/google-facebook-surveillance-privacy/

https://www.amnesty.org/en/documents/pol30/1404/2019/en/

https://www.securityweek.com/compromised-connection-5g-will-unite-cities-and-also-put-them-risk

https://www.securityweek.com/amnesty-international-calls-facebook-google-rights-abusers

https://www.securityweek.com/microsoft-will-bring-dns-over-https-doh-windows

https://www.securityweek.com/cybersecurity-workforce-gap-145-growth-needed-meet-global-demand

https://blog.radware.com/security/2019/11/why-organizations-are-failing-to-deal-with-rising-bot-attacks/

https://www.helpnetsecurity.com/2019/11/19/successful-soc/

https://shorturl.at/kKLM6

https://www.securityweek.com/making-network-first-line-defense

https://techbeacon.com/security/how-prioritize-strategic-risks-affect-critical-infrastructure

https://www.securityweek.com/transitioning-security-driven-networking-strategy

https://www.theregister.co.uk/2019/11/16/5g_iot_report/

https://www.securityweek.com/us-montenegro-plot-cyber-warfare-ahead-2020-elections

https://www.securityweek.com/fears-grow-digital-surveillance-us-survey

https://www.kaspersky.com/blog/attack-on-online-retail/31786/

https://www.securityweek.com/implementing-cyber-best-practices-requires-security-first-approach

https://securelist.com/advanced-threat-predictions-for-2020/95055/

https://www.darkreading.com/cloud/smart-building-security-awareness-grows/d/d-id/1336597

https://www.forbes.com/sites/bernardmarr/2019/11/15/what-is-homomorphic-encryption-and-why-is-it-so-transformative/

https://www.cisomag.com/the-future-of-ai-in-cybersecurity/

https://www.ibm.com/security/artificial-intelligence

https://www.welivesecurity.com/2019/12/13/2fa-double-down-your-security/

https://cannatechtoday.com/experian-predicts-an-increase-in-global-cannabis-industry-data-breaches/

https://www.uusiteknologia.fi/2019/11/21/f-secure-tutkimaan-tekoalyagentteja/

https://www.securityweek.com/ongoing-research-project-examines-application-ai-cybersecurity

http://www.etn.fi/index.php/13-news/10151-mikko-hypponen-tekoalyn-ei-pida-matkia-ihmista

http://www.etn.fi/index.php/13-news/10124-nixu-selvitti-tekoaly-mullistaa-kyberturvan

http://www.etn.fi/index.php/13-news/10120-kyberturvassa-koneoppiminen-on-uusi-normaali

https://www.eset.com/blog/company/evading-machine-learning-detection-in-a-cyber-secure-world/?utm_source=facebook&utm_medium=cpc&utm_campaign=corporate-blog&utm_term=machine-learning&utm_content=blog

https://www.is.fi/digitoday/tietoturva/art-2000006316233.html

https://www.uusiteknologia.fi/2019/11/29/5g-verkkojen-tietoturvariskit-listattu-oulu-testaa-ongelmat/

https://www.cyberscoop.com/apt33-microsoft-iran-ics/

https://blog.malwarebytes.com/exploits-and-vulnerabilities/2019/11/exploit-kits-fall-2019-review/

https://www.zdnet.com/article/a-hacking-group-is-hijacking-docker-systems-with-exposed-api-endpoints/

https://www.enisa.europa.eu/news/enisa-news/enisa-draws-threat-landscape-of-5g-networks/

https://systemagic.co.uk/has-your-business-prepared-for-the-2020-problem/

https://smartgrid.ieee.org/newsletters/november-2019/the-cyber-physical-security-of-the-power-grid

https://www.wired.com/story/un-secretary-general-antonio-guterres-internet-risks/

https://codastory.com/authoritarian-tech/russia-facial-recognition-networks/

https://www.theverge.com/2019/12/9/21002515/surveillance-cameras-globally-us-china-amount-citizens

https://www.wired.com/story/iran-internet-shutoff/

https://www.zdnet.com/article/fbi-recommends-that-you-keep-your-iot-devices-on-a-separate-network/

https://www.zdnet.com/google-amp/article/hacking-and-cyber-espionage-the-countries-that-are-going-to-emerge-as-major-threats-in-the-2020s/

https://www.reuters.com/article/us-interpol-encryption-exclusive-idUSKBN1XR0S7

https://www.kcrw.com/news/shows/to-the-point/does-facial-recognition-software-threaten-our-freedom

 

 

 

1,468 Comments

  1. Tomi Engdahl says:

    How COVID-19 Has Changed Business Cybersecurity Priorities Forever
    https://thehackernews.com/2020/08/covid-19-cybersecurity.html
    And hackers all over the world knew it. Almost immediately, Google
    reported a significant increase in malicious activity, and Microsoft
    noted trends that appeared to back that up. The good news is that the
    wave of cyberattacks unleashed by the pandemic peaked in April and has
    since died down. Fortunately, that’s allowing IT professionals and
    network administrators everywhere to take a deep breath and take stock
    of the new security environment they’re now operating in.

    Reply
  2. Tomi Engdahl says:

    GEC Special Report: Russia’s Pillars of Disinformation and Propaganda
    https://www.state.gov/russias-pillars-of-disinformation-and-propaganda-report/
    The Department’s Global Engagement Center (GEC) is leading and
    coordinating efforts of the U.S. Federal Government to recognize,
    understand, expose, and counter foreign propaganda and disinformation.
    In line with its congressional mandate, the GEC is releasing a special
    report that provides an overview of Russia’s disinformation and
    propaganda ecosystem. The report outlines the five pillars of Russia’s
    disinformation and propaganda ecosystem and how these pillars work
    together to create a media multiplier effect. In particular, it
    details how the tactics of one pillar, proxy sources, interact with
    one another to elevate malicious content and create an illusion of
    credibility. Read also:
    https://www.state.gov/wp-content/uploads/2020/08/Pillars-of-Russia%E2%80%99s-Disinformation-and-Propaganda-Ecosystem_08-04-20.pdf

    Reply
  3. Tomi Engdahl says:

    We’ve got you covered: experts produce first-ever technical advice on
    cyber insurance
    https://www.ncsc.gov.uk/news/experts-first-advice-on-cyber-insurance
    New guidance highlights the 7 cyber security questions organisations
    should be asking if they are considering purchasing cyber insurance.
    Read also: https://www.ncsc.gov.uk/guidance/cyber-insurance-guidance
    and
    https://www.ncsc.gov.uk/blog-post/is-cyber-insurance-right-for-you. As
    well as:
    https://www.zdnet.com/article/cyber-insurance-seven-questions-you-need-to-consider-before-buying/

    Reply
  4. Tomi Engdahl says:

    Pahamaineinen vakooja opastaa: Näin puhelin ei paljasta sijaintiasi
    https://www.is.fi/digitoday/mobiili/art-2000006594867.html
    Yhdysvaltalainen tiedusteluelin National Security Agency (NSA)
    julkaisi ohjeet mobiilikäyttäjille oman sijaintinsa piilottamiseksi
    ulkopuolisilta. Asiasta kertoi Bleeping Computer. Vaikka NSA:n
    toiminta ympäri maailmaa on ollut paikoin kyseenalaista, sen ohjeet
    Yhdysvaltain puolustusministeriön työntekijöille (pdf) ovat oivaa
    luettavaa kaikille, jotka haluavat pitää sijaintinsa omana tietonaan.
    IS Digitoday teki näihin ohjeisiin joitakin tarkennuksia. Jos noudatat
    näitä ohjeita, varaudu siihen että useat tärkeät sijaintiin nojaavat
    sovellukset, kuten kartat, kuntomittarit tai sääennusteet, eivät
    välttämättä enää toimi. Read also:
    https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI_LIMITING_LOCATION_DATA_EXPOSURE_FINAL.PDF

    Reply
  5. Tomi Engdahl says:

    DDoS Attacks Cresting Amid Pandemic
    https://threatpost.com/ddos-attacks-cresting-pandemic/158211/
    Attacks were way up year-over-year in the second quarter as people
    continue to work from home. The number of distributed
    denial-of-service (DDoS) attacks spiked in the second quarter of 2020,
    researchers said. According to the latest Kaspersky quarterly DDoS
    attacks report, DDoS events were three times more frequent in
    comparison to the second quarter last year (up 217 percent), and were
    up 30 percent from the number of DDoS attacks observed in the first
    quarter of 2020. Read also:
    https://securelist.com/ddos-attacks-in-q2-2020/98077/

    Reply
  6. Tomi Engdahl says:

    How to organize your security team: The evolution of cybersecurity
    roles and responsibilities
    https://www.microsoft.com/security/blog/2020/08/06/organize-security-team-evolution-cybersecurity-roles-responsibilities/
    Security functions represent the human portion of a cybersecurity
    system. They are the tasks and duties that members of your team
    perform to help secure the organization. Depending on your company
    size and culture, individuals may be responsible for a single function
    or multiple functions; in some cases, multiple people might be
    assigned to a single function as a team. A security operations center
    (SOC) detects, responds to, and remediates active attacks on
    enterprise assets. SOCs are currently undergoing significant change,
    including an elevation of the function to business risk management,
    changes in the types of metrics tracked, new technologies, and a
    greater emphasis on threat hunting.

    Reply
  7. Tomi Engdahl says:

    Deepfakes’ ranked as most serious AI crime threat
    https://www.ucl.ac.uk/news/2020/aug/deepfakes-ranked-most-serious-ai-crime-threat
    Fake audio or video content has been ranked by experts as the most
    worrying use of artificial intelligence in terms of its potential
    applications for crime or terrorism, according to a new UCL report.
    Read also: https://dx.doi.org/10.1186/s40163-020-00123-8

    Reply
  8. Tomi Engdahl says:

    Penetration testing of corporate information systems – External
    pentests results, 2020
    https://www.ptsecurity.com/upload/corporate/ww-en/analytics/external-pentests-2020-eng.pdf
    Even an unskilled hacker can penetrate the infrastructure of most
    tested companies, because many attack vectors involve exploitation of
    known security flaws. To secure the network perimeter, the first step
    is to follow basic information security rules. Recommendations for
    protecting against the most common penetration vectors are given in
    our research. Web applications are the most vulnerable component on
    the network perimeter. Perform security analysis regularly. White-box
    testing, which includes source code analysis, is the most effective
    method. Vulnerabilities allowing internal network penetration occur in
    both in-house apps and solutions by well-known vendors. Fixing them
    takes time, and meanwhile the application remains vulnerable. For
    proactive security, we recommend using a web application firewall to
    prevent exploitation of known vulnerabilities, even ones that have not
    been detected yet. Usually companies install a WAF only on certain
    sites. However, keep in mind that WAF solutions can be used to protect
    many remote access systems. For instance, a correctly installed WAF
    would stop attackers from exploiting vulnerability CVE2019-19781 in
    Citrix Gateway, even before a patch is released and installed.
    Penetration testing, regularly performed, detects and closes new
    penetration vectors. It sheds light on how security at a particular
    company actually works in practice. And ultimately from a business
    standpoint, penetration testing examines the plausibility of key
    business risks related to cyberattacks, providing the basis for an
    effective and evidence-driven security system.

    Reply
  9. Tomi Engdahl says:

    F-Secure authorized to be a CVE Numbering Authority (CNA)
    https://www.f-secure.com/en/press/p/f-secure-authorized-to-be-a-cve-numbering-authority–cna-
    CVE Program’s accreditation allows F-Secure to assign CVE identifiers
    in accordance with the cyber security industry’s best practices. Cyber
    security provider F-Secure is authorized by the CVE Program to assign
    Common Vulnerability and Exposures (CVE) identifiers as a CVE
    Numbering Authority (CNA). CNAs are organizations authorized by the
    CVE Program to assign CVE IDs to vulnerabilities affecting products
    within their distinct, agreed-upon scope.

    Reply
  10. Tomi Engdahl says:

    What is the cost of a data breach?
    https://www.welivesecurity.com/2020/08/12/what-is-cost-data-breach/
    The price tag is higher if the incident exposed customer data or if it
    was the result of a malicious attack, an annual IBM study finds. The
    average cost of a data breach has declined by 1.5% year-over-year,
    costing companies US$3.86 million per incident, according to IBM’s
    2020 Cost of a Data Breach Report. The annual study analyzed data from
    524 organizations that, while being based in 17 countries and regions
    and operating in 17 industries, have one thing in common each of them
    has suffered a security breach over the past year. Read also:
    https://www.ibm.com/security/digital-assets/cost-data-breach-report/Cost%20of%20a%20Data%20Breach%20Report%202020.pdf

    Reply
  11. Tomi Engdahl says:

    Victims Of Cyberattacks Have Much To Teach Us About The Early Warning
    Signs Of Intruders
    https://www.forbes.com/sites/adambradley1/2020/08/13/victims-of-cyberattacks-have-much-to-teach-us-about-the-early-warning-signs-of-intruders/
    Our team found five indicators, in particular, that are each almost
    certainly a sign that attackers have been poking around to get an idea
    of what your network looks like, and to learn how they can get the
    accounts and access they need to launch a ransomware attack. First, a
    network scanner, particularly on a server, which none of your IT admin
    staff can account for. Second, any tools, including commercial,
    licensed ones, that can disable antivirus software it may just be
    someone legitimately testing defences internally, but chances are it’s
    not. Third, the presence of open source tools that can extract
    usernames and passwords. Again, it could be someone in the IT team is
    using this for a legitimate purpose, but you need to be sure because
    attackers use them for the same purposes and they’re banking on you
    assuming it’s just a colleague doing stuff. Fourth, any unexpected
    patterns of behaviour, like a detection triggered at the same time
    every day, or the same pattern popping up at regular intervals. These
    are a pretty good sign that something’s up, even if you’ve already
    detected and removed malicious files and think everything’s clean.
    Lastly, any sign of a test’ or very small-scale attack. Sometimes
    attackers try out these micro assaults to see if their tools work. If
    you spot this last sign, you may have very little time left before the
    main attack is launched, hours at most, so you need to move fast. Read
    also:
    https://news.sophos.com/en-us/2020/08/04/the-realities-of-ransomware-five-signs-youre-about-to-be-attacked/

    Reply
  12. Tomi Engdahl says:

    Attribution: A Puzzle
    https://blog.talosintelligence.com/2020/08/attribution-puzzle.html
    The attribution of cyber attacks is hard. It requires collecting
    diverse intelligence, analyzing it and deciding who is responsible.
    Rarely does the evidence available to researchers reach a level of
    proof that would be acceptable in a court of law. The WellMess malware
    is an excellent example of how examination of infrastructure and the
    techniques used in an attack can lead to different conclusions. The
    Japanese national CERT named this malware in their July 2018 report.
    Two years later, the malware was used in attacks targeting COVID-19
    vaccine research. In some cases, false evidence is planted
    deliberately to confuse researchers. In acknowledging the existence of
    false flags, we must also admit it’s possible researchers have
    misattributed attacks after being fooled by the threat actor. One of
    the most egregious examples of false flags was that of Olympic
    Destroyer, the malware that disrupted the opening of the 2018 Winter
    Olympics. In this attack, the threat actor left clues in the malware
    that potentially implicated three different state-sponsored actors in
    carrying out the attack.

    Reply
  13. Tomi Engdahl says:

    The Simulation of Scandal: Hack-and-Leak Operations, the Gulf States,
    and U.S. Politics
    https://tnsr.org/2020/08/the-simulation-of-scandal-hack-and-leak-operations-the-gulf-states-and-u-s-politics/
    Four hack-and-leak operations in U.S. politics between 2016 and 2019,
    publicly attributed to the United Arab Emirates (UAE), Qatar, and
    Saudi Arabia, should be seen as the “simulation of scandal” deliberate
    attempts to direct moral judgement against their target. Although
    “hacking” tools enable easy access to secret information, they are a
    double-edged sword, as their discovery means the scandal becomes about
    the hack itself, not about the hacked information. There are wider
    consequences for cyber competition in situations of constraint where
    both sides are strategic partners, as in the case of the United States
    and its allies in the Persian Gulf.

    Reply
  14. Tomi Engdahl says:

    June 2020 Cyber Attacks Statistics
    https://www.hackmageddon.com/2020/08/13/june-2020-cyber-attacks-statistics/
    The Daily Trend chart, shows a constant trend (with a clear drop
    during the weekends), while the peak on the 29 reflects the leak of a
    trove of 14 databases in the dark web. Cyber crime is always on top of
    the Motivations Behind Attacks chart with a percentage similar to May
    (85.6% vs 87%). Cyber Espionage is back to values similar to April and
    grows to 10.7% from 9.8%. Hacktivism accounts for 2.1% (in May it was
    2.7%) and Cyber Warfare for 1.1% (it was 0.5% in May). Ransomware
    attacks push once again malware on top of the Attack Techniques chart
    with 36.4% (it was 34.8% in May). Account hijackings are still at
    number two among the known attack techniques with 16% (in May it was
    16.3%). Similarly to May, targeted attacks close the top trio of the
    known attack vectors with 9.1% (down from 10.9% of May). As always
    bear in mind that the sample refers exclusively to the attacks
    included in my timelines, available from public sources such as blogs
    and news sites. Obviously the sample cannot be complete, but only aims
    to provide an high level overview of the threat landscape.

    Reply
  15. Tomi Engdahl says:

    Insider Attacks: Protecting Your Business From Itself
    https://www.secureworks.com/resources/wp-insider-attacks-protecting-your-business-from-itself
    Read also:
    https://pcdnscwx001.azureedge.net/~/media/Files/US/White%20Papers/SecureworksE1Insiderattacksprotectingyourbusinessfromitself.ashx

    Reply
  16. Tomi Engdahl says:

    7 Ways to Identify if Your Security Stack is Too Complex
    https://www.secureworks.com/resources/wp-7-ways-to-identify-if-your-security-stack-is-too-complex
    Read also:
    https://pcdnscwx001.azureedge.net/~/media/Files/US/White%20Papers/SecureworksSE17waystoidentifyifyoursecuritystackistoocomplex.ashx

    Reply
  17. Tomi Engdahl says:

    This NSA, FBI security advisory has four words you never want to see together: Fancy Bear Linux rootkit
    From Russia, with love
    https://www.theregister.com/2020/08/13/drovorub_nsa_fbi/

    Reply
  18. Tomi Engdahl says:

    Boom Goes the Cyber Security Toolbox
    https://www.securityweek.com/boom-goes-cyber-security-toolbox

    More Cyber Security Tools Can Increase Cost, Increase Complexity, and Reduce an Organization’s Ability to be Effective

    Reply
  19. Tomi Engdahl says:

    Stick With The Plan Until It Not Longer Makes Sense
    https://www.securityweek.com/stick-plan-until-it-not-longer-makes-sense

    There Are Times When a Given Plan May No Longer be Appropriate or Effective

    Reply
  20. Tomi Engdahl says:

    DevSecOps Study Finds that Nearly Half of Organizations Consciously Deploy Vulnerable Applications Due to Time Pressures
    Study conducted by analyst firm ESG explores security trends and challenges emerging in modern application development
    https://news.synopsys.com/2020-08-06-DevSecOps-Study-Finds-that-Nearly-Half-of-Organizations-Consciously-Deploy-Vulnerable-Applications-Due-to-Time-Pressures

    Reply
  21. Tomi Engdahl says:

    https://semiengineering.com/week-in-review-auto-security-pervasive-computing-27/

    SEMI, Cadence, Synopsys, and Mentor, a Siemens Business, will jointly develop an industry-standard protocol to combat software piracy in electronic design automation (EDA). EDA software piracy happens when individuals use a legitimate license number for unallowed uses: to increase the number of seats or gain access without paying. The partnership takes the form of a committee, the License Management/Anti-Piracy (LMA) Committee within the Electronic System Design Alliance (ESD Alliance). The committee will develop the SEMI Server Certification Protocol, a standard that will provide strong protection against piracy by defining how servers can be uniquely identified.

    https://www.semi.org/en/news-media-press/semi-press-releases/esda-machine-certification-partnership

    Reply
  22. Tomi Engdahl says:

    The Integration Imperative for Security Vendors
    https://www.securityweek.com/integration-imperative-security-vendors

    Integration is Key to Bringing Security Teams, Processes and Technology Together

    Reply
  23. Tomi Engdahl says:

    A Not-So-Blind RCE with SQL Injection

    https://pentestmag.com/a-not-so-blind-rce-with-sql-injection/

    #pentest #magazine #pentestmag #pentestblog #PTblog #sqlinjection #RCE #cybersecurity #infosecurity #infosec

    Reply
  24. Tomi Engdahl says:

    Decrypted: Hackers show off their exploits as Black Hat goes virtual
    https://techcrunch.com/2020/08/15/decrypted-black-hat-def-con-virtual/

    Reply
  25. Tomi Engdahl says:

    Report: Unskilled hackers can breach about 3 out of 4 companies
    https://www.techrepublic.com/article/report-unskilled-hackers-can-breach-3-out-of-4-of-companies/

    Positive Technologies found in a recent study that criminals with few skills can hack a company in less than 30 minutes.

    Despite cybersecurity efforts, bad actors continue to find ways to hack businesses. Consequently, security efforts are focused on how to prevent these destructive breaches. Penetration testers (pentesters) were successful in breaching the network perimeter and accessing the local networks of 93% of companies, according to a recent report from the security information company Positive Technologies.

    combination of external-and-internal network breaches represent 58% of hacks, and external alone, 19%.

    Comparatively, in an internal pentest, attacks (23%) originate from inside the company, by testing, for example, typical employee privileges or with the physical access available to a random visitor. An internal pentest can determine the highest level of privileges an attacker can obtain.

    Pentesters offer an expert’s opinion and analysis of the effectiveness of their clients’ security system, as well as cyber threat preparedness.

    While the average time to penetrate a local network was four days, pentesters found it could be done in as little as 30 minutes. But in the majority of cases, the successful attacks lacked much complexity, and pentesters said the attack was within the purview of a hacker with “middling” skills.

    Only 7% of systems tested were adequate enough to withstand any breaches, but 25% were hacked in a single step, 43% in two steps, and 25% in three to six steps.

    The testing revealed some alarming vulnerabilities, including the fact that at 71% of companies, even an unskilled hacker was able to penetrate the internal network.

    Another revelation was that 77% of breaches were related to insufficient protection of web applications, and pentesters discovered at least one vector at 86% of companies.

    Pentesters were able to breach 77% of businesses through web application protection vulnerabilities, 15% through brute forcing credentials used for accessing DBMS, 6% brute forcing credentials for remote access services, and 1% each through brute forcing domain-user credentials with software vulnerabilities exploitation, as well as with software vulnerabilities exploitation as well as bruteforcing credentials for the FTP server.

    Risk-level of detection is 57% for web application vulnerabilities, 50% for password policy flaws, 29% vulnerable software, 25% configuration flaw.

    Reply
  26. Tomi Engdahl says:

    https://www.military.com/daily-news/2020/08/16/fake-news-wreaking-havoc-battlefield-heres-what-militarys-doing-about-it.html

    Reply
  27. Tomi Engdahl says:

    Tor and anonymous browsing just how safe is it?
    https://nakedsecurity.sophos.com/2020/08/13/tor-and-anonymous-browsing-just-how-safe-is-it/
    Loosely speaking, that strapline implies that if you visit a website
    using Tor, typically in the hope of remaining anonymous and keeping
    away from unwanted surveillance, censorship or even just plain old web
    tracking for marketing purposes. then one in four of those visits
    (perhaps more!) will be subject to the purposeful scrutiny of
    cybercriminals.

    Reply
  28. Tomi Engdahl says:

    Use A Smart Lock? Get In The Sea, 73% Of Security Professionals Say
    https://www.forbes.com/sites/daveywinder/2020/08/16/use-a-smart-lock-get-in-the-sea-73-of-security-professionals-say/
    I decided to take the question of smart lock security to a
    cross-section of security professionals, including hackers and
    lock-pickers. The question I asked was a straightforward one: would
    you use a smart lock to secure your home, office or anything? Some 73%
    of the 549 respondents to my polling said: “Get in the sea.”

    Reply
  29. Tomi Engdahl says:

    The Best Password Managers to Secure Your Digital Life
    https://www.wired.com/story/best-password-managers/
    Keep your logins under lock and key. We picked our favorites for PC,
    Mac, Android, iPhone, and web browsers.

    Reply
  30. Tomi Engdahl says:

    https://www.securityweek.com/facebook-google-step-election-protection-efforts

    Reply
  31. Tomi Engdahl says:

    Launching a new version of Logging Made Easy (LME)
    The NCSC has launched version 0.3 of LME to make logging even easier with some enhanced features.
    https://www.ncsc.gov.uk/blog-post/launching-a-new-version-of-logging-made-easy-lme
    We launched Logging Made Easy (LME) officially in April 2019, enabling hundreds of you to install a basic logging capability on your IT estate, detecting and protecting against cyber attack.
    Logging made easy (LME)
    How to set up your own basic security logging system
    https://www.ncsc.gov.uk/blog-post/logging-made-easy
    Who is the LME open-source project for?
    Broadly speaking, we’ve produced this for organisations that:
    Don’t have a SOC, SIEM, or any monitoring in place at the moment
    Lack the budget, time or understanding to set up their own logging system, or buy a professional solution
    Recognise the need to begin gathering logs and monitoring their IT

    What does the Github project contain?
    The LME repo contains:
    Documentation – to help users install and configure LME
    Group Policy Objects (GPO) – to configure Microsoft components
    Linux Scripts – to install required software and dependencies
    With this you create:
    An end-to-end Windows logging solution (for users and servers) which uses Microsoft Sysmon to create host-based logs
    The open-source Elasticsearch, Logstash and Kibana (ELK) stack to store and visualise log events

    Reply
  32. Tomi Engdahl says:

    Jacob Helberg / Foreign Policy:
    To secure its supply chains and information networks against Chinese attacks, the US needs to reindustrialize and develop a skilled and innovative workforce

    In the New Cold War, Deindustrialization Means Disarmament
    Chinese security threats offer the chance to rethink the U.S. econom
    https://foreignpolicy.com/2020/08/12/china-industry-manufacturing-cold-war/

    Since March alone, China has threatened to withhold medical equipment from the United States and Europe during the coronavirus pandemic; launched the biggest cyberattack against Australia in the country’s history; hacked U.S. firms to acquire secrets related to the coronavirus vaccine; and engaged in massive disinformation campaigns on a global scale. China even hacked the Vatican. These incidents reflect the power China wields through its control of supply chains and information hardware. They show the peril of ceding control of vast swaths of the world’s manufacturing to a regime that builds at home, and exports abroad, a model of governance that is fundamentally in conflict with American values and democracies everywhere. And they pale in comparison to what China will have the capacity to do as its confrontation with the United States sharpens.

    In this new cold war, a deindustrialized United States is a disarmed United States—a country that is precariously vulnerable to coercion, espionage, and foreign interference. Preserving American preeminence will require reconstituting a national manufacturing arrangement that is both safe and reliable—particularly in critical high-tech sectors. If the United States is to secure its supply chains and information networks against Chinese attacks, it needs to reindustrialize. The question today is not whether America’s manufacturing jobs can return, but whether America can afford not to bring them back.

    America’s superpower might was made on the factory floor. The nation’s vast industrial capacity carried it to victory in World War II and gave it a commanding advantage over the Soviet Union.

    But since the 1970s, more than 7 million American manufacturing jobs have evaporated—over a third of the country’s entire manufacturing workforce. In the first decade of the 21st century, more than 66,000 manufacturing facilities closed down or moved overseas. America’s share of the world’s printed circuit board production has dropped 70 percent since 2000; China accounts for around half of global production today. The high-tech industry is hardly exempt: As of 2015, Chinese factories produced 28 percent of the world’s cars, 41 percent of ships, more than 60 percent of TVs, and a staggering 90 percent of the world’s mobile phones. Indeed, Apple’s Elk Grove plant is now an AppleCare call center.

    At the same time, a new Silicon Curtain has begun to descend. As FBI Director Christopher Wray recently pointed out, China does not seek a world where its companies lead alongside other global companies but one where its companies exploit a domestic monopoly at home to drive other companies out of business everywhere else. In the energy sector, China’s vast web of state subsidies supporting its domestic solar-electric industry dropped world prices of solar panels by 80 percent between 2008 and 2013.

    The United States’ industrial overdependence on China poses two profound national security threats. The first is about access to the supply of critical goods. As I warned in June, U.S.-China relations are now more volatile than at any time since Tiananmen, and it is an open question whether decoupling will be slow and soft or hard and fast. As the bilateral relationship further deteriorates, American companies face a growing risk of experiencing sudden delays or disruptions to their supply chains

    The United States’ industrial overdependence on China poses profound national security threats.

    The second risk of U.S. industrial dependence on China is about the integrity of powerful dual-use commercial technology products: civilian goods such as information platforms, social network technology, facial recognition systems, cellphones, and computers that also have powerful military or intelligence implications. These products are increasingly becoming a “perfect weapon” for U.S. adversaries such as Russia and China that continuously seek asymmetric ways to weaken the United States. The Senate Foreign Relations Committee report noted, “the suites of new and emergent digital technologies … —including 5G infrastructure, social media, block-chain, digital surveillance, and genomics and biotechnology—are all widely acknowledged as being on the cutting edge of this new competition.” China’s command over critical nodes of the world’s supply chains provides it with vast strategic leverage over the integrity of critical hardware products.

    Public concerns over the integrity of Chinese-built technology systems recently reached a boiling point in the software world, with the U.S. government calling on ByteDance, a Beijing-based global technology company, to divest from TikTok, its U.S. subsidiary.

    The United States’ slow drift toward deindustrialization is not a threat to Democrats or a threat to Republicans—it’s a threat to the United States. Addressing it will require an American solution that transcends party lines.

    Reply
  33. Tomi Engdahl says:

    A Security Reminder: Containers Talk to Each Other and Other Endpoints

    https://pentestmag.com/a-security-reminder-containers-talk-to-each-other-and-other-endpoints/

    #pentest #magazine #pentestmag #pentestblog #PTblog #container #security #cybersecurity #infosecurity #infosec

    Reply
  34. Tomi Engdahl says:

    https://www.foxnews.com/tech/10-cybersecurity-myths-you-need-to-stop-believing

    Reply
  35. Tomi Engdahl says:

    No ‘Hoax’: Bipartisan Senate Report Confirms Russian 2016 Role, Putin Ordered DNC Hack, More
    https://www.forbes.com/sites/jackbrewster/2020/08/18/putin-ordered-dnc-hack-bipartisan-senate-report-confirms/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Valerie/#76616c657269

    Russian President Vladimir Putin directly ordered the hacking of the Democratic Party’s servers with the goal of leaking damaging information that would hurt then-candidate Hillary Clinton and provide a boost to President Trump’s campaign, the final report from the Senate Intelligence Committee’s probe into Russian interference in the 2016 presidential election released Tuesday found, among other damaging findings. 

    The report—which is the committee’s fifth and final—states that Putin “ordered the Russian effort to hack computer networks and accounts affiliated with the Democratic Party” with the purpose of harming the Clinton campaign, which the Russian president has long denied.

    The Russian effort was aided by Wikileaks, which has also claimed that it was not the source of the hacked information; Wikileaks “likely knew it was assisting a Russian intelligence influence effort,” the report states.

    The committee “found significant evidence to suggest that, in the summer of 2016, WikiLeaks was knowingly collaborating with Russian government officials.”

    While the report found “no evidence of collusion between President Trump and the Russians,” it did find that Trump campaign staff attempted to benefit politically from the leaks.

    Reply
  36. Tomi Engdahl says:

    US senators: WikiLeaks ‘likely knew it was assisting Russian intelligence influence effort’ in 2016 Dem email leak >

    US senators: WikiLeaks ‘likely knew it was assisting Russian intelligence influence effort’ in 2016 Dem email leak
    https://www.theregister.com/2020/08/18/us_senate_wikileaks_report/

    And: ‘Putin ordered the Russian effort to hack computer networks’ to help Donald Trump win White House race

    The 2016 hacking of the Democratic Party’s email system – and subsequent leaking of its messages – was personally ordered by Vladimir Putin and aided by Julian Assange, according to the US Senate Select Committee on Intelligence.

    A just-released volume [PDF] from the panel’s dossier on Russia’s efforts to meddle in that year’s White House race pretty much accuses the Assange-run WikiLeaks of actively helping Moscow in its dirty work – by obtaining the internal memos from Russian hackers and spreading them online to derail Hillary Clinton’s campaign and help nudge Donald Trump to victory.

    Reply
  37. Tomi Engdahl says:

    COVID-19 Pandemic Persists While Extortion Ransomware Operators Run
    Rampant
    https://www.recordedfuture.com/pandemic-ransomware-operators/
    Two major trends in malware development and deployment dominated
    headlines throughout the first half of 2020: COVID-19 and extortion
    ransomware. 2020 has been a challenging year, and the cyber threat
    landscape was no exception.

    Reply
  38. Tomi Engdahl says:

    Please stop hard-wiring AWS credentials in your code. Looking at you,
    uni COVID-19 track-and-test app makers
    https://www.theregister.com/2020/08/17/albion_college_coronavirus_tracking_app/
    Albion College has a plan for students to return safely to campus this
    fall amid the COVID-19 coronavirus pandemic. It involves being tracked
    by an app that, at least until a few days ago, appears to have been
    insecure.

    Reply
  39. Tomi Engdahl says:

    Large Orgs Plagued with Bugs, Face Giant Patch Backlogs
    https://threatpost.com/large-orgs-plagued-bugs-patch-backlogs/158433/
    Vulnerability management continues to challenge businesses, as they
    face tens of thousands of bugs with every scan.

    Reply
  40. Tomi Engdahl says:

    Tämä tietoturvatiimien sokea piste kasvaa koronan myötä
    https://www.tivi.fi/uutiset/tv/94f4b44d-231e-4182-94bf-96d676d83a4f
    Yrityksillä ei ole keinoja sanella sitä, millaisia iot-laitteita
    etätyötä tekevät kotiverkoissaan käyttävät. It-osastoilla on aika
    vähän vaihtoehtoja suojata firmojen tärkeää dataomaisuutta.

    Reply
  41. Tomi Engdahl says:

    [C](https://warontherocks.com/2020/08/the-age-of-cyber-sovereignty/)lean initiative? Sounds good when it comes to application security, with so much closed source out there and malicious actors, but will it be used for censorship of products as well? I for one would like to see some app stores a bit cleaner or better disclosure of what is collected before it’s installed (like F-Droid).

    [https://www.state.gov/announcing-the-expansion-of-the-clean-network-to-safeguard-americas-assets/](https://slack-redir.net/link?url=https%3A%2F%2Fwww.state.gov%2Fannouncing-the-expansion-of-the-clean-network-to-safeguard-americas-assets%2F)

    Reply
  42. Tomi Engdahl says:

    Airline DMARC Policies Lag, Opening Flyers to Email Fraud
    https://threatpost.com/airline-dmarc-policies-lag-opening-flyers-to-email-fraud/158449/
    Up to 61 percent out of the IATA (International Air Transport
    Association) airline members do not have a published DMARC record.

    Reply
  43. Tomi Engdahl says:

    https://blogs.cisco.com/security/mitre-attck-the-magic-of-mitigations
    MITRE ATT&CK: The Magic of Mitigations

    XDR: The Next Level of Prevention, Detection and Response [New Guide]
    https://thehackernews.com/2020/08/cybersecurity-response.html

    Reply
  44. Tomi Engdahl says:

    Practical Insider Threat Penetration Testing Cases with Scapy (Shell Code and Protocol Evasion)

    https://pentestmag.com/practical-insider-threat-penetration-testing-cases-with-scapy-shell-code-and-protocol-evasion/

    #pentest #magazine #pentestmag #pentestblog #PTblog #scapy #insider #threat #shell #code #protocol #evasion #cybersecurity #infosecurity #infosec

    Reply
  45. Tomi Engdahl says:

    “But when it comes to what companies can do with people’s information, China is rapidly moving toward a data privacy regime that, in aligning with the European Union’s GDPR, is far more stringent than any federal law on the books in the US. … They’re essentially proposing a new model to the world of how countries can have strong consumer protections without limiting state surveillance. ”

    Podcast: Want consumer privacy? Try China
    https://www.technologyreview.com/2020/08/19/1007425/data-privacy-china-gdpr/

    Forget the idea that China doesn’t care about privacy—its citizens will soon have much greater consumer privacy protections than Americans.

    Reply
  46. Tomi Engdahl says:

    NSA and CISA Alert Highlights Urgency for OT Security
    https://www.securityweek.com/nsa-and-cisa-alert-highlights-urgency-ot-security

    In the last few years, we’ve seen ample evidence of how cyberattacks on critical infrastructure can be leveraged by nation-states and other powerful adversaries as weapons in geopolitical conflicts. The attacks on the Ukraine power grid and several other incidents demonstrated a show of power and how a country’s infrastructure can be disrupted. The indiscriminate use of destructive exploits in NotPetya (which caused widespread, collateral damage to operational technology (OT) networks and halted operations) revealed to security professionals just how poor the cyber risk posture of their OT networks is and prompted swift actions in many of the largest companies.

    For years now, the government has been warning openly and clearly that: “Since at least March 2016, Russian government cyber actors—hereafter referred to as ‘threat actors’—targeted government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.” A new alert, issued by the U.S. National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA), couldn’t be more clear: “We are in a state of heightened tensions and additional risk and exposure.”

    Government agency alerts about previous threats typically describe how the attacks are executed and provide some tactical steps to specific sectors to enhance their ability to reduce exposure. However, this recent alert stands out for its tone, language, and content. Framed from a strategic perspective, it includes broad warnings of an imminent and serious threat across all 16 critical infrastructure sectors, and lengthy, detailed sets of recommendations for how to protect OT environments that, together, encourage a holistic approach to risk mitigation.

    They can start to identify deviations from established behavioral baselines, unauthorized connections, and the presence of adversary techniques, such as those in the new MITRE ATT&CK for ICS framework, to implement mitigation recommendations rapidly.

    https://www.securityweek.com/mitre-releases-attck-knowledge-base-industrial-control-systems

    NSA, CISA Urge Critical Infrastructure Operators to Secure OT Assets
    https://www.securityweek.com/nsa-cisa-urge-critical-infrastructure-operators-secure-ot-assets

    Reply
  47. Tomi Engdahl says:

    The impact of COVID-19 on healthcare cybersecurity
    https://blog.malwarebytes.com/vital-infrastructure/2020/08/the-impact-of-covid-19-on-healthcare-cybersecurity/
    As if stress levels in the healthcare industry werent high enough due
    to the COVID-19 pandemic, risks to its already fragile cybersecurity
    infrastructure are at an all-time high. From increased cyberattacks to
    exacerbated vulnerabilities to costly human errors, if healthcare
    cybersecurity wasnt circling the drain before, COVID-19 sent it into a
    tailspin.

    Reply
  48. Tomi Engdahl says:

    20 percent of organizations experienced breach due to remote worker,
    Labs report reveals
    https://blog.malwarebytes.com/reports/2020/08/20-percent-of-organizations-experienced-breach-due-to-remote-worker-labs-report-reveals/

    Reply
  49. Tomi Engdahl says:

    Bug bounty platform ZDI awarded $25m to researchers over the past 15
    years
    https://www.zdnet.com/article/bug-bounty-platform-zdi-awarded-25m-to-researchers-over-the-past-15-years/
    Bug bounty platform pioneer Zero-Day Initiative (ZDI) is celebrating
    its 15-year-old birthday this year.

    Reply
  50. Tomi Engdahl says:

    That Doesn’t Sound Secure
    The SpiKey method can clone a key by listening to the sound of it being inserted into a lock.
    https://www.hackster.io/news/that-doesn-t-sound-secure-ae424e3b2353

    A team at the National University of Singapore have described a method — called SpiKey — that can provide the information needed to create a key for a lock by using only the sound of that lock being opened.

    SpiKey works on the most common type of lock, the pin tumbler.

    Reply

Leave a Reply to Tomi Engdahl Cancel reply

Your email address will not be published. Required fields are marked *

*

*