Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, will be making educated guesses based on what has happened during the last 12 months and several years before that.
The past year has seen a rapid increase in the adoption of up-and-coming technologies. Everyday items are getting
smarter and more connected. Companies are saving millions with new technologies and cities are racing to
implement smart solutions. 5G promises to bring wireless high speed broadband to everywhere. On the other hand those solutions add new kinds of vulnerabilities. Competing in today’s digital marketplace requires that organizations are cyber-savvy. 2020 is when cybersecurity gets even weirder, so get ready.
Here are some trends and predictions for cyber security in 2020:
Cyber Attacks: Cyberattacks grow in volume and complexity.Many countries that are going to emerge as major threats in the 2020s. Nation-state backed cyber groups have been responsible for major incidents over the last decade. And now more countries want the same power. Cyberattacks range from targeting your database to steal information that can be sold on the dark web, to hijacking unused CPU cycles on your devices to mine for cryptocurrencies, or trying to infect vulnerable systems so they can be used later as part of a botnet.
IoT security: IoT security is still getting worse until it starts to get better. IoT security is an extremely hot topic right now and will be hot for many years to come. Industrial IoT risk has been discussed a lot. Physics dictates local application deployment, because the control rate of most industrial systems is 10 milliseconds or below. Smart Building Security Awareness Grows. The risks of the IoT in financial services are great. An explosion in IoT devices significantly raises the threat level. Gartner predicted that the world will see nearly 21 billion IoT devices by next year and it would be nice if all of them would be secure, but many of them unfortunately are not secure. Hackers are continually looking for ways to exploit device vulnerabilities. From smart TV’s, IP cameras, and smart elevators, to hospital infusion pumps and industrial PLC controllers, IoT and OT (Operational Technology) devices are inherently vulnerable and easy to hack. Why? Because IoT security is complicated and security should consider and integrated with IoT deployments. Gartner Says Worldwide IoT Security Spending Will Reach $1.9 Billion in 2019, and will raise to $ 3.1 billion in 2021, making it one of the fastest growing segments in cybersecurity industry. IoT landscape is complex, and so are the security solutions. These tackle the different challenges of IoT- device hardening, encryption, discovery, data protection, malware and anomaly detection, policy enforcement and more. You might have to do a little work with your internet of things devices to stay secure. A failure by many IoT device manufacturers to follow cryptographic best practices is leaving a high proportion of the devices vulnerable to attack. One in every 172 active RSA certificates are vulnerable to attack. It is a good idea to build a separate network segments for IoT devices so that they are isolated from the normal office network. FBI recommends that you keep your IoT devices on a separate network.
IoT privacy: Silicon Valley Is Listening to Your Most Intimate Moments. The world’s biggest companies got millions of people to let temps analyze some very sensitive recordings made by your “smart” speakers and smart phones. A quarter of Americans have bought “smart speaker” devices such as the Echo, Google Home, and Apple HomePod. Consulting firm Juniper Research Ltd. estimates that by 2023 the global annual market for smart speakers will reach $11 billion, and there will be about 7.4 billion voice-controlled devices in the wild. That’s about one for every person on Earth. The question is, then what? Having microphones that listen all the time is concerning. Also some attackers are terrifying homeowners and making them feel violated in their own homes.
Medical systems security: Cyberattacks on Medical Devices Are on the Rise—and Manufacturers Must Respond. Attacks on networked medical devices, and the data they collect and transmit, can be costly. Patient safety is a critical concern, especially with devices such as defibrillators and insulin pumps that could cause patient harm or death if they malfunction. It’s shocking that a few years after WannaCry and NotPetya, the healthcare industry is still not prepared to deal with ransomware attacks. Many hospitals and healthcare networks that have been hit by ransomware over the past few months.
Surveillance cameras: Surveillance cameras are capturing what we do on the streets, at airports, in stores, and in much of our public space. China’s Orwellian video surveillance gets a bad rap but the US isn’t far behind as US has nearly the same ratio of security cameras to citizens as China.And the numbers are growing all over the world. One billion surveillance cameras will be deployed globally by 2021, according to data compiled by IHS Markit. Russia is building one of the world’s largest facial recognition networks and it may even be bigger than China’s 200 million camera system. China’s installed base is expected to rise to over 560 million cameras by 2021, representing the largest share of surveillance devices installed globally, with the US rising to around 85 million cameras. Now US, like China, has about one surveillance camera for every four people (in 2018 China had 350 million cameras and USA 70 million). Surveillance cameras are getting better, smaller and cheaper and can be installed almost anywhere. It would be very easy to sneak another device onto a hotel’s Wi-Fi network, stream that video over the internet to the computer.
Facial recognition: Private companies and governments worldwide are already experimenting with facial recognition technology. Facial recognition software is touted as making us safer. But mass surveillance has downsides of major proportions. Massive errors found in facial recognition tech. Facial recognition systems can produce wildly inaccurate results, especially for non-whites. Russia is building one of the world’s largest facial recognition networks. Individuals, lawmakers, developers – and everyone in between – should be aware of the rise of facial recognition, and the risks it poses to rights to privacy, freedom, democracy and non-discrimination.
Shut off Internet: Worrying worldwide trend employed by various governments: preventing people from communicating on the web and accessing information. Amid widespread demonstrations over different issues many countries have started cutting Internet connections from people. Some countries, namely China, architected their internet infrastructure from the start with government control in mind. Russia is aiming to this direction. Iran, India, Russia. For better or worse, an internet blackout limits the government’s ability to conduct digital surveillance on citizens.
Security First: Implementing Cyber Best Practices Requires a Security-First Approach. Competing in today’s digital marketplace requires that organizations be cyber-savvy. The best defense is to start with a security-driven development and networking strategy that builds a hardened digital presence from the ground up. This not only ensures that your online services and web applications are protected from compromise, but also enables security to automatically evolve and adapt right alongside the development of your digital presence, rather than it having to be constantly rigged and retrofitted to adapt to digital innovation.
Zero Trust Network Access: Many of the most damaging breaches have been the result of users gaining access to unauthorized levels of network resources and devices. Zero Trust is an enforceable, identity-driven access policy that includes seamless and secure two-factor/OTP authentication across the organization. Zero Trust Network Access ensures that all users and devices are identified, profiled, and provided appropriate network access. It also ensures that new devices are automatically assigned to appropriate network segments based on things like device profiles and owners. When combined with Network Access Control (NAC), organizations can also discover, identify, grant appropriate access, and monitor devices, thereby enhancing your access and segmentation strategy.
Anti-virus software: Only Half of Malware Caught by Signature AV. The percentage of malware that successfully bypassed signature-based antivirus scanners at companies’ network gateways has increased significantly, either by scrambling
code known as “packing” using basic encryption techniques or by the automatic creation of code variants. It seems that new approaches like machine learning and behavioral detection are necessary to catch threats. Meanwhile, network attacks have risen, especially against older vulnerabilities.
Ransomware attacks: Ransomware will remain a major threat in the coming year, as the criminal business model continues to flourish. That’s a move that security professionals have long condemned, warning that paying the ransom in a ransomware attack could end up causing more turmoil for victims – as well as inspire other cybercriminals to launch ransomware attacks. Microsoft never encourage a ransomware victim to pay. What to do with this is question. How much does a large-scale ransomware attack cost, as opposed to just hiring an adequate number of skilled IT personnel, and having disaster recovery plans in place? There is no complete security solution that could stop all attacks, but you should have decent protection. It would seem prudent to have adequate staff and offline BACKUPS to deal with this kind of situation, so decent recovery would be possible. Having no backup system is the gamble many companies and public entities seem to be playing. Good backups helps to recover from ransom attacks. There are new tactics coming to use in ransomware. A new Snatch ransomware strain that will reboot computers it infects into Safe Mode to disable any resident security solutions. Another new tactic by ransomware developers is to release a victim’s data if they do not pay the ransom – they will publish data that they steal to a competitor if the ransom is not paid.
Public sector: Public Sector Security Is Lagging. The state of cybersecurity and resilience in the public sector needs an
urgent boost in many countries. U.S. citizens rely on state governments and local municipalities to provide a host of services everything from access to public records, law enforcement protection, education and welfare to voting and election services. Cybercriminals have been targeting state and local governments with ransomware tools, which infect an organization’s computer networks and lock up critical files.
Consumer confidence: Winning consumer confidence is crucial to the development of new digital services. In a PwC study, consumers are prepared to share personal information if it is of sufficient value to them. On the other hand, consumer confidence also needs to be earned that you keep the information safe.
API security: APIs now account for 40% of the attack surface for all web-enabled apps. It’s a good time to pay attention to API security, since some recent high-profile breaches have involved API vulnerabilities. OWASP, the Open Web Application Security Project known for its top 10 list of web application vulnerabilities, published the release candidate version of its API Security Top 10 list at the end of September 2019. Also it’s almost 2020 and some sysadmins are still leaving Docker admin ports exposed on the internet.
Skills gap: Security teams are already grappling with serious challenges due to the growing cybersecurity skills gap, are being tasked to secure an ever-expanding network footprint. Security teams are often left to secure virtual and cloud environments, the implementation of SaaS services, DevOps projects, the growing adoption of IoT, mobile workers, and an expanding array of personal connected devices after they have already been implemented. They often do not have enough people and enough knowledge on those new technologies to do their work well. The cybersecurity unemployment rate is zero, with over 1 million jobs currently unfilled, a number that is expected to climb to 3.5 million by 2021. 145% Growth is Needed to Meet Global Demand.
Think Like Your Adversary: Cybersecurity leaders need to access the potential vulnerabilities (from the mindset of the adversary) and devise effective defensive countermeasures unique to their company’s needs. Programmers Should Think like Hackers. Security must be taken into account in all programming steps.
Third party security: Most Companies Don’t Properly Manage Third-Party Cyber Risk. It’s been established that good cybersecurity requires not just an internal assessment of an organization’s own security practices, but also a close look at the security of the partners that businesses rely upon in today’s modern, interconnected world. Developing a Third-Party Cyber Risk Management (TPCRM) strategy is becoming more common with every news headline regarding a major breach that stemmed from a company’s relationship with a third-party.
Privacy and surveillance: Fears Grow on Digital Surveillance. Americans are increasingly fearful of monitoring of their online and offline activities, both by governments and private companies. More than 60 percent of US adults believe it is impossible to go about daily life without having personal information collected by companies or the government. Google and Facebook help connect the world and provide crucial services to billions. But their system can also be used for surveillance. Amnesty International says Facebook and Google’s omnipresent surveillance is inherently incompatible with the right to privacy and is a danger to human rights. The claim is that the companies’ surveillance-based business model is inherently incompatible with the right to privacy and poses a threat to a range of other rights including freedom of opinion and expression, freedom of thought, and the right to equality and non-discrimination. Amnesty International has called for a radical transformation of the tech giants’ core business model and said that Google and Facebook should be forced to abandon what it calls their surveillance-based business model because it is “predicated on human rights abuse.”
5G: Forecasting that 2020 will be “the year of 5G” no longer qualifies as a bold prediction. Billions of dollars’ worth of 5G rollouts are scheduled for the coming year, which will bring the emergent technology to countries around the world. The arrival of 5G will fuel an explosion of never-before-seen IoT machines, introducing uncharted vulnerabilities and opening the door for cyber-criminals to compromise our increasingly intertwined cities. Claims that 5G offers “better security” for IoT may not ring true.
5G security: The new 5G mobile networks will be the backbone of future digitalized operations. Therefore, it is also important to ensure the security and immunity of 5G networks.The Council of the European Union has warned member states that the introduction of 5G networks poses increased security risks while also bringing economic and infrastructure benefits. ENISA, the European Union Agency for Cybersecurity has published a ThreatLandscape for 5G Networks, assessing the threats related to the fifth generation of mobile telecommunications networks (5G). Organised cybercrime, rogue insiders and nation-state-backed hackers are among the groups that could soon be targeting 5G networks. Claims that 5G offers “better security” for IoT may not ring true – with the technology remaining vulnerable to SIM-jacking attacks within private Industry 4.0-style deployments. 5G SIM-swap attacks could be even worse for industrial IoT than now. Criminals can convince telcos to port a victim’s number to a new SIM card controlled by the criminal. Trust your hardware or operator? Pah, you oughta trust nobody. Do not put all your security and identification to this SIM card.
DNS Over HTTPS (DoH): DoH encrypted DNS queries are already set to arrive in Chrome and Firefox web browsers. Microsoft Will Bring DNS Over HTTPS (DoH) to Windows 10 in an attempt to keep user traffic as private as possible. DoH support in Windows means encrypted DNS queries. Microsoft says that DoH doesn’t require DNS centralization if adoption is broad among operating systems and Internet service providers alike.
Firewall configuration: Now, more than ever, it is important to automate firewall processes to prevent misconfigurations and data breaches. Gartner has warned that “50% of enterprises will unknowingly and mistakenly have exposed some IaaS storage services, network segments, applications or APIs directly to the public internet, up from 25% at YE18.”. This is a human problem, not a firewall problem.
Bot attacks: Bots are being used to take over user accounts, perform DDoS attacks, abuse APIs, scrape unique content and pricing information and more. Organizations are Failing to Deal With Rising Bot Attacks.
Network security: Networks are continually growing in complexity and the cyberattack surface is constantly expanding. The network perimeter of today is elastic, expanding and contracting with the demands of both users and the business. In a rush to adopt digital business practices, many of these new network expansion projects are often being implemented ad hoc by individual lines of business. Routers sit at the edge of the network and see everything and they can be utilized to Making the Network the First Line of Defense. A critical step in building a stronger security posture and more robust data protection strategy is a 24×7 facility whose mission is to monitor, detect, investigate and resolve active threats. Cybercriminals only need to be successful once in finding a way to access the network – but the security team needs to monitor everything on the network and be right all the time to ensure security. Today’s core network is continually adapting to the introduction of new devices, applications, and workflows, along with shifting network configurations to support business requirements, requiring the use of advanced, intent-based segmentation.
Security-Driven Networking: Security-Driven Networking is a new, strategic approach to security that enables the seamless expansion of network environments and services without ever compromising on security. Essentially, it begins by crafting a comprehensive security policy that covers the entire organization. It outlines the protocols, enforcement and inspection technologies, policies, and protections required to be in place before any new network environment or solution is even placed on the drawing board. It requires the selection and full integration of security tools that not only work together to share and correlate intelligence and coordinate a unified response to threats, but that also work seamlessly across the widest variety of environments possible.
Critical infrastructure: Determined threat actors have, for some time, been extending their toolsets beyond Windows, and even beyond PC systems. In recent years, we have seen a number of high-profile attacks on critical infrastructure facilities and these have typically been aligned to wider geo-political objectives. Expect targeted attacks on critical infrastructure facilities to increase. APT33 has shifted targeting to industrial control systems software. We need to be worried about Cyber-Physical Security of the Power Grid. To protect this infrastructure you need to prioritize strategic risks that affect critical infrastructure: Concern yourself with the most important hacks, Understand the critical pieces of your infrastructure and Know your inter-dependencies.
Payment security: Payment security backslides for second straight year in 2019. Verizon’s 2019 Payment Security Report found that full compliance with the Payment Card Industry Data Security Standard (PCI DSS) fell to36.7% globally, down from 52.5% in 2018. At the same time EU’s PSD2 (Payments Services Directive) lays down regulatory requirements for companies that provide payment services, including the use of personal data by new fintech companies that are not part of the established banking community. Security of online, including mobile, payments is a key aspect of the legislation. Nevertheless, as banks will be required to open their infrastructure and data to third parties. Although SSLv3 has been considered obsolete and insecure for a long time, a large number of web servers still support its use.
Election security: Nowadays, no elections can be held any longer without debate on influencing voters through online services. There are on-going accusations of Russian interference in US elections and fears about a possible reboot of this in the run-up to the 2020 elections. U.S. military cyber experts are plotting strategy in a fight against potential Russian and other cyberattacks ahead of the 2020 American and Montenegrin elections. As the 2020 Presidential election looms closer in the United
States, a key focus will be on securing election infrastructure to prevent tampering. Most of the largest US voting districts are still vulnerable to email spoofing. Also disinformation campaigns for political purposes are deeply rooted in cybercriminal endeavors. It’s quite possible that we will see changes to legislation and policy, as governments look to define more clearly what is and what isn’t allowed. Hacking is considered to be the biggest tech threats to 2020 elections in USA. Legislators are working on new laws, but it is not going to be enough in an era when technology is turning out entirely new attack surfaces.
False Flags: The use of false flags has become an important element in the playbook of several APT groups. This can be used to try to deflect attention away from those responsible for the attack or what is really happening.
Common attack tools: Cyber actors continually use commodity malware, scripts, publicly available security tools or administrator software during their attacks and for lateral movement, making attribution increasingly difficult.
Vulnerability disclosure: Most “white hat” cyber engineers seem to be driven by a sense of social responsibility best expressed as, “If you find something, say something.” Across the industry, the ethos is to share information quickly, whether the problem is a newly discovered exploit or an evolving cyber threat. The goal is to impel the affected vendor—hardware or software—to take quick action and produce a fix. There are good and bad ways to make vulnerabilities known. A premature “full disclosure” of a previously unknown issue can unleash the forces of evil, and the “black hats” often move faster than vendors or enterprise IT teams. The preferred path is a “responsible” or “coordinated” disclosure that happens behind the scenes. Public announcements occur after a specified period of time—typically 90 or 120 days. But things don’t work this way always.
Ransomware: Cybercriminals have become more targeted in their use of ransomware. It is inevitable that the cybercriminals will also attempt to diversify their attacks to include other types of devices besides PCs or servers. There is a Ransomware ‘Crisis’ in US Schools and in many cities in USA.
Supply chain: Use of supply chains will continue to be one of the most difficult delivery methods to address. It is likely that attackers will continue to expand this method through manipulated software containers, for example, and abuse of packages and libraries. Medium-sized companies are being targeted even more heavily by cyber criminals. They are often the weakest link in supply chains that include large corporations. There is the growth of counterfeit electronics.
Mobile: The main storage for our digital lives has moved from the PC to mobiles over last 10 years. Several countries have started demanding their own software (maybe in some cases also malware) to be installed to all smart phones. Putin signs law making Russian apps mandatory on smartphones, computers.
Android: Today 80% of Android apps are encrypting traffic by default. To ensure apps are safe, apps targeting Android 9 (API level 28) or higher automatically have a policy set by default that prevents unencrypted traffic for every domain. The heterogeneity of the Android versions will continue to be a problem in the coming year.
DDoS attacks: DNS amplification attacks continue to dominate distributed denial-of-service (DDoS) attacks, while mobile devices make up a larger share of traffic. The number of distributed denial-of-service (DDoS) attacks rose 86% in the third quarter compared to a year ago. DNS amplification attacks accounted for 45% of the attacks, while HTTP
floods and TCP SYN attacks accounted for 14%. Mobile Devices Account for 41% of DDoS Attack Traffic.
Business security: Small and medium-sized businesses (SMBs) increasingly recognize that a reactive security posture is no longer sufficient for protecting their networks. Breaches will happen. Companies should treat cyberattacks “as a matter of when” and not “whether.” Inside threads are still a big issue as Employees are one of your biggest assets, but human beings are the weakest link in the security chain. Data leaks help attackers to craft more convincing social engineering attacks. Plan proper incident management because Quick, reliable, multichannel communication is a vital part of any incident management solution. Cybercriminals often choose very small companies as their targets because small businesses rarely spend significant money on security systems. Medium-sized companies are being targeted even more heavily by cyber criminals. They are often the weakest link in supply chains that include large corporations.
Cyber insurance: Cyber Has Emerged as a Risk That is Not Specifically Covered by Other Insurance Policies. Since business is now urged to take a risk management approach to cyber security, it is natural and inevitable that cyber insurance should be considered as part of the mix. Cyber insurance is set to grow.
New encryption: The problem with encrypted data is that you must decrypt it in order to work with it. There is a powerful solution to this scenario: homomorphic encryption. Homomorphic encryption makes it possible to analyze or manipulate encrypted data without revealing the data to anyone. Just like many other populr forms of encryption, homomorphic encryption uses a public key to encrypt the data. There are three main types of homomorphic encryption: partially homomorphic encryption (keeps sensitive data secure by only allowing select mathematical functions to be performed on encrypted data); somewhat homomorphic encryption (supports limited operations that can be performed only a set number of times); fully homomorphic encryption (this is the gold standard of homomorphic encryption that keeps information secure and accessible). Cryptographers have known of the concept of homomorphic encryption since 1978 but Gentry established the first homomorphic encryption scheme in 2009.The biggest barrier to widescale adoption of homomorphic encryption is that it is still very slow. Duality, a security startup co-founded by the creator of homomorphic encryption, raises $16M.
Artificial Intelligence (AI): The buzzword for 2019 that we have all heard a thousand times was Artificial Intelligence, AI. The term AI is often interchanged with machine learning. There is a lot of research to examine AI applications on cyber security. As cyberattacks grow in volume and complexity, hopefully artificial intelligence (AI) is helping under-resourced security operations analysts stay ahead of threats. Cybersecurity tools currently use this data aggregation and pattern analysis in the field of heuristic modeling: THE TRUE FUNCTION OF AI WILL BE TO DETERMINE WITH A LONG ARC OF TIME AND DATA, WHAT “NORMAL” LOOKS LIKE FOR A USER. AI can act as an advisor to analysts, helping them quickly identify and connect the dots between threats. Finnish cyber security company F-Secure is making research on AI agents and on that Mikko Hyppönen says that AI should not used to try to imitate humans and that artificial intelligence-based attacks are expected in the near future. Another Finnish cyber security company Nixu says that Artificial intelligence is going to revolutionize cyber security. According to Orlando Scott-Cowley from Amazon Web Services machine learning is the new normal in cyber security. Advanced Machine Learning layers are to be integrated into the latest Windows cybersecurity products. Leaders in artificial intelligence warn that progress is slowing, big challenges remain, and simply throwing more computers at a problem isn’t sustainable.
2020 problems: Has your business prepared for the ‘2020 problem’? Software updates for Windows 7 will end on January 14, 2020. As of Jan. 14, 2020, Windows 7 and Server 2008 technical support and software updates will no longer be available from Windows Update. There will no longer be updates for Office 2010. Some business users can buy extended security update support with extra money for some time. Python will stop supporting Python version 2 on January 1, 2020. Beginning on January 1, 2020, un-patched Splunk platform instances will be unable to recognize timestamps from events where the date contains a two-digit year. December 2019 Patch Tuesday was the last time Microsoft ever offered security updates for devices running Windows 10 Mobile.
Crypto wars continue: A decades-old debate: Government officials have long argued that encryption makes criminal investigations too hard. Governments all over the world say that Encrypted communication is a huge issue for law enforcement and the balance between the privacy of citizens and effective policing of criminal activity is top of mind for governments, technology companies, citizens and privacy organisations all over the world. The international police organization Interpol plans to condemn the spread of strong encryption. Top law enforcement officials in the United States, United Kingdom and Australia, the larger group will cite difficulties in catching child sexual predators as grounds for companies opening up user communications to authorities wielding court warrants. Congress warns tech companies: Take action on encryption, or we will. US lawmakers are poised to “impose our will” if tech companies don’t weaken encryption so police can access data.
Do not weaken encryption: Companies, they say, should build in special access that law enforcement could use with a court’s permission. Technologists say creating these back doors would weaken digital security for everyone. Unfortunately, every privacy protection mechanism is subject to abuse by the morally challenged. That’s just a truth that must be accepted and overcome. Invading the privacy of the masses in order to catch criminals is unacceptable. Remember three things: One, that strong encryption is necessary for personal and national security. Two, that weakening encryption does more harm than good. And three, law enforcement has other avenues for criminal investigation than eavesdropping on communications and stored devices. If back-doors are added to encryption, they will be abused. If You Think Encryption Back Doors Won’t Be Abused, You May Be a Member of Congress. Bad encryption can have business consequences. Apple and Facebook told the committee that back doors would introduce massive privacy and security threats and would drive users to devices from overseas. In Australia 40% of firms say they have lost sales say they have lost sales or other commercial opportunities as a result of the encryption law being in place.
2FA: The second authentication factor might be a minor inconvenience, but it provides a major security boost. With past years riddled with security breaches, it is high time we evaluated the way we secure our online presence. Two factors are much better than one, but can still be hacked. Attacks that phish 2FA to access email accounts cost $100-$400; such attacks can be prevented with physical security keys. Also some physical security keys can be hacked as they turn to be less secure that what they were told to be in the advertisements.
Myth of sophisticated hacker in news: It’s the latest lexical stretch for an adjective that’s widely used in reports of cybersecurity incidents — and widely loathed by researchers as a result. If everything is sophisticated, nothing is sophisticated.
New security models: Google moved from perimeter-based to cloud-native security. Google’s architecture is the inspiration and template for what’s widely known as “cloud-native” today—using microservices and containers to enable workloads to be split into smaller, more manageable units for maintenance and discovery. Google’s cloud-native architecture was developed prioritizing security as part of every evolution.
Hacktivists: Hacktivists seek to obtain private information about large companies in order to embarrass or expose the company’s controversial business practices. Many companies are a treasure trove for personal information, whether they realize it or not. Experian is predicting that the emerging cannabis industry will experience an increase in data breaches and cybersecurity threats in 2020.
RCS messaging: RCS, expanded as Rich Communications Services, is a protocol that aims to replace SMS.RCS messaging has rolled out to Android users in the US. The update brings a lot of new features like chat, send hi-res videos and photos and create group chat. One criticism of RCS is that it doesn’t provide end-to-end encryption. RCS could be also better in many other security aspects. Researchers have discovered that the RCS protocol exposes most users to several cyber attacks. These risks are said to be mitigated by implementing the protocol with the security perspective in mind. The standard itself allows for poor security implementation, but GSMA advises its members to deploy rcs with the most secure settings possible.
Data breaches: Billions of Sensitive Files Exposed Online all the time. During the first six months of 2019, more than 4 billion records were exposed by data breaches. That’s a shocking statistic that’s made even more so when you realize that passwords were included in droves. On December 4, a security researcher discovered a treasure trove of more than a billion plain-text passwords in an unsecured online database. Many businesses wrongly assume they are too small to be on the radar of the threat actors. The truth is that it is all about the data, and small businesses often have less well-guarded data stores. All organizations are exposed to security breaches: from large multinationals to SMEs and public administrations. A common thread is unsecured cloud-based databases that left the sensitive information wide open for anyone to access online.
Phishing: Phishing remains 1 of the most pervasive online threats. Phishing emails are still managing to catch everyone out. Phishing e-mails which are used to steal credentials usually depend on user clicking a link which leads to a phishing website that looks like login page for some valid service. Google Chrome now offers better protection against it as safe Browsing displays warning messages to users ahead of visiting dangerous websites and before downloading harmful applications. New advanced ways to phish are taken to use.With dynamite phishing, the cyber criminals read the email communication from a system already infected with an information stealer. The infected user’s correspondents then receive malicious emails that quote the last “real” email between the two parties and look like a legitimate response from the infected user. Attacks that phish 2FA to access email accounts cost $100-$400; such attacks can be prevented with physical security keys.
Windows: Microsoft Doesn’t Back Up the Windows Registry Anymore. It’s still possible to perform Windows Registry backups, but the option is disabled by default. It’s time to disconnect RDP from the internet as brute-force attacks and BlueKeep exploits usurp convenience of direct RDP connection. Microsoft is ready to push a full-screen warning to Windows 7 users
who are still running the OS after January 14.
Linux: Support for 32 bit i386 architecture will be dropped by many Linux distributions. It turns out that there are essentially no upstream development resources dedicated to x86_32 Linux. Perhaps unsurprisingly, it was badly broken.
Drones: Turkey is getting military drones armed with machine guns. Drone hacking happens. There is now Dronesploit – Metasploit for drones. Metasploit-style CLI framework tailored for tinkering with everybody’s favourite unmanned flying objects.
World market war: China tells government offices to remove all foreign computer equipment. China has ordered the replacement of all foreign PC hardware and operating systems in state offices over the next three years. This will mean that China to ditch all Windows PCs by 2022.China has already some of their own Linux distros like Kylin and Deepin. Many western countries are more or less banning Huawei teleocm equipment.
Cloud security: Traditional security tools and methodologies are ill-suited to protect cloud native’s developer-driven and infrastructure-agnostic multicloud patterns. The vision as laid out by these renown analysts is straightforward. The legacy “data center as the center of the universe” network and network security architecture are obsolete and has become an inhibitor to the needs of digital business. They describe the underpinning shift to cloud infrastructure, a digital transformation that has been underway for ten years. They also point out that the corporate network cannot protect end users who consume cloud applications from any location and any device without the contorting, expensive, backhaul of traffic through the corporate data center. Gartner coins a new term for the future of security and networks, SASE (pronounced sassy), Secure Access Service Edge, which is not anything really new. SASE promises to create a ubiquitous, resilient, and agile secure network service—globally. Most of the stolen data incidents in the cloud are related to simple human errors rather than concerted attacks. Expect that through 2020, 95% of cloud security failures will be the customer’s fault. A common thread is unsecured cloud-based databases that left the sensitive information wide open for anyone to access online. Also it’s almost 2020 and some sysadmins are still leaving Docker admin ports exposed on the internet.
Autocracy as a service: Now Any Government Can Buy China’s Tools for Censoring the Internet. “Autocracy as a service” lets countries buy or rent the technology and expertise they need, as they need it. China offers a full-stack of options up and down the layers of the internet, including policies and laws, communications service providers with full internet.
Geopolitics: US-China Tech Divide Could Cause Havoc. It is possible that world’s next major conflict can start in cyberspace. USA has ordered to ban certain hardware from China (Huawei and ZTE). China orders ban on US computers and software. Chinese government to replace foreign hardware and software within three years. Who needs who more?
International cyber politics: Lack of international standards for proper behavior in cyberspace prevents the United States and allies from policing adversaries as they wish to. US can’t ‘enforce standards that don’t exist’. We have international norms in the maritime; we don’t have those in cyber. It makes it difficult to enforce standard that don’t exist, and to therefore hold nations accountable for nefarious behavior. NATO did confirm in 2017 that it could invoke Article 5 of its charter should one or more member nations find themselves under a serious cyberattack that threatens critical military and civilian infrastructure.
Sources:
https://pentestmag.com/iot-security-its-complicated/
https://isc.sans.edu/diary/rss/25580
https://www.securityweek.com/case-cyber-insurance
https://www.securityweek.com/tips-help-mssps-choose-threat-intelligence-partner
https://www.zdnet.com/article/microsoft-we-never-encourage-a-ransomware-victim-to-pay/
https://www.darkreading.com/iot/weak-crypto-practice-undermining-iot-device-security/d/d-id/1336636
https://pacit-tech.co.uk/blog/the-2020-problem/
https://www.theregister.co.uk/2019/12/09/dronesploit_framework/
https://www.securityweek.com/blunt-effect-two-edged-sword-vulnerability-disclosures
https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020
https://threatpost.com/email-voted-a-weak-link-for-election-security-with-dmarc-lagging/150909/
https://www.theregister.co.uk/2019/12/04/council_of_eu_5g_risks/
https://techcrunch.com/2019/12/05/major-voting-districts-vulnerable-email-security/
https://cacm.acm.org/magazines/2019/12/241053-hack-for-hire/fulltext
http://read.uberflip.com/i/1180978-siliconexpert-growth-of-counterfeit-electronics-3/0?acctid=6759
https://www.zdnet.com/article/2020-is-when-cybersecurity-gets-even-weirder-so-get-ready/
https://www.theregister.co.uk/2019/12/09/china_orders_ban_on_us_computers_and_software/
https://www.securityweek.com/case-cyber-insurance
https://www.eetimes.eu/ai-will-empower-industry-4-0-when-it-arrives/
https://www.pandasecurity.com/mediacenter/security/2019-the-ransomware-tsunami/
https://blog.paloaltonetworks.com/2019/12/cloud-native-security-platform-age/
https://github.com/dhondta/dronesploit/
https://www.zdnet.com/article/1-in-every-172-active-rsa-certificates-are-vulnerable-to-exploit/
https://nationalcybersecurity.com/hacking-the-biggest-tech-threats-to-2020-elections/
https://www.welivesecurity.com/2019/12/17/bluekeep-time-disconnect-rdp-internet/
https://www.eff.org/wp/behind-the-one-way-mirror
https://www.gdatasoftware.com/blog/2019/12/35671-early-detection-and-repulsion-of-dangerous-attacks
https://www.is.fi/digitoday/tietoturva/art-2000006342803.html
https://techcrunch.com/2019/10/30/duality-cybersecurity-16-million/
https://www.wired.com/story/sobering-message-future-ai-party/
https://security.googleblog.com/2019/12/an-update-on-android-tls-adoption.html?m=1
https://www.zdnet.com/article/google-all-android-users-in-the-us-just-got-rcs-next-gen-sms/
https://www.schneier.com/blog/archives/2019/12/scaring_people_.html
https://lists.ubuntu.com/archives/ubuntu-devel-announce/2019-June/001261.html
https://lwn.net/ml/oss-security/CALCETrW1z0gCLFJz-1Jwj_wcT3+axXkP_wOCxY8JkbSLzV80GA@mail.gmail.com/
https://www.bbc.com/news/amp/world-australia-46463029
https://cyware.com/news/rcs-technology-most-users-are-vulnerable-to-hacking-b53f9a6f
https://hub.packtpub.com/core-python-team-confirms-sunsetting-python-2-on-january-1-2020/
https://www.cnet.com/news/congress-warns-tech-companies-take-action-on-encryption-or-we-will/
https://cyware.com/news/rcs-technology-most-users-are-vulnerable-to-hacking-b53f9a6f
https://edri.org/facial-recognition-and-fundamental-rights-101/
https://techcrunch.com/2019/12/10/insider-threats-startups-protect/
https://uk.pcmag.com/windows-10/121518/microsoft-doesnt-back-up-the-windows-registry-anymore
https://threatpost.com/ransomware-attack-new-jersey-largest-hospital-system/151148/
https://chiefexecutive.net/bridge-cybersecurity-skills-gap/
https://systemagic.co.uk/has-your-business-prepared-for-the-2020-problem/
https://news.yahoo.com/massive-errors-found-facial-recognition-tech-us-study-215334634.html
https://www.securityweek.com/most-companies-dont-properly-manage-third-party-cyber-risk
https://www.uusiteknologia.fi/2019/11/21/hyoty-panee-jakamaan-tietonsa-luottamus-ratkaisee/
https://pentestmag.com/advice-for-a-cybersecurity-leader-think-like-your-adversary/
https://www.amnesty.org/en/latest/news/2019/11/google-facebook-surveillance-privacy/
https://www.amnesty.org/en/documents/pol30/1404/2019/en/
https://www.securityweek.com/compromised-connection-5g-will-unite-cities-and-also-put-them-risk
https://www.securityweek.com/amnesty-international-calls-facebook-google-rights-abusers
https://www.securityweek.com/microsoft-will-bring-dns-over-https-doh-windows
https://www.securityweek.com/cybersecurity-workforce-gap-145-growth-needed-meet-global-demand
https://www.helpnetsecurity.com/2019/11/19/successful-soc/
https://www.securityweek.com/making-network-first-line-defense
https://techbeacon.com/security/how-prioritize-strategic-risks-affect-critical-infrastructure
https://www.securityweek.com/transitioning-security-driven-networking-strategy
https://www.theregister.co.uk/2019/11/16/5g_iot_report/
https://www.securityweek.com/us-montenegro-plot-cyber-warfare-ahead-2020-elections
https://www.securityweek.com/fears-grow-digital-surveillance-us-survey
https://www.kaspersky.com/blog/attack-on-online-retail/31786/
https://www.securityweek.com/implementing-cyber-best-practices-requires-security-first-approach
https://securelist.com/advanced-threat-predictions-for-2020/95055/
https://www.darkreading.com/cloud/smart-building-security-awareness-grows/d/d-id/1336597
https://www.cisomag.com/the-future-of-ai-in-cybersecurity/
https://www.ibm.com/security/artificial-intelligence
https://www.welivesecurity.com/2019/12/13/2fa-double-down-your-security/
https://cannatechtoday.com/experian-predicts-an-increase-in-global-cannabis-industry-data-breaches/
https://www.uusiteknologia.fi/2019/11/21/f-secure-tutkimaan-tekoalyagentteja/
https://www.securityweek.com/ongoing-research-project-examines-application-ai-cybersecurity
http://www.etn.fi/index.php/13-news/10151-mikko-hypponen-tekoalyn-ei-pida-matkia-ihmista
http://www.etn.fi/index.php/13-news/10124-nixu-selvitti-tekoaly-mullistaa-kyberturvan
http://www.etn.fi/index.php/13-news/10120-kyberturvassa-koneoppiminen-on-uusi-normaali
https://www.is.fi/digitoday/tietoturva/art-2000006316233.html
https://www.cyberscoop.com/apt33-microsoft-iran-ics/
https://blog.malwarebytes.com/exploits-and-vulnerabilities/2019/11/exploit-kits-fall-2019-review/
https://www.enisa.europa.eu/news/enisa-news/enisa-draws-threat-landscape-of-5g-networks/
https://systemagic.co.uk/has-your-business-prepared-for-the-2020-problem/
https://smartgrid.ieee.org/newsletters/november-2019/the-cyber-physical-security-of-the-power-grid
https://www.wired.com/story/un-secretary-general-antonio-guterres-internet-risks/
https://codastory.com/authoritarian-tech/russia-facial-recognition-networks/
https://www.theverge.com/2019/12/9/21002515/surveillance-cameras-globally-us-china-amount-citizens
https://www.wired.com/story/iran-internet-shutoff/
https://www.zdnet.com/article/fbi-recommends-that-you-keep-your-iot-devices-on-a-separate-network/
https://www.reuters.com/article/us-interpol-encryption-exclusive-idUSKBN1XR0S7
https://www.kcrw.com/news/shows/to-the-point/does-facial-recognition-software-threaten-our-freedom
1,468 Comments
Tomi Engdahl says:
The Top Free Vulnerability Assessment Tools of 2020
https://pentestmag.com/the-top-free-vulnerability-assessment-tools-of-2020/
Whether you’re a student, studying for certification, or a vulnerability management pro, finding cheap tools to satisfy educational requirements or satiate your scanning curiosity can be difficult. In this post I’ll be looking at my top 5 free vulnerability assessment tools.
Network Scanning vs. Vulnerability Assessment vs. Vulnerability Management
This terminology can get a little confusing. Network Scanning can often be boiled down to the act of port scanning and mapping a network. Vulnerability Assessment is one step beyond network scanning where there is an additional step to identify services and test for vulnerable software. Finally Vulnerability Management is the process of identifying, prioritizing, and remediation vulnerabilities detected in a network. The primary focus here will be on the first two, as true Vulnerability Management solutions are generally too complex to be offered as a free standalone tool.
Tomi Engdahl says:
Record-breaking numbers of DDoS attacks in first half of 2020
https://betanews.com/2020/09/29/record-breaking-ddos-attacks-2020/
Cybercriminals have launched a record number attacks on online platforms and services this year, with more than 929,000 DDoS attacks occurring in May, the single largest number of attacks ever seen in a month.
The latest threat intelligence report from NETSCOUT also reveals that 4.83 million DDoS attacks occurred in the first half of 2020, a 15 percent increase, and attack frequency jumped 25 percent during the peak pandemic lockdown months of March through June.
Tomi Engdahl says:
The President Has an ‘Internet Kill Switch.’ A Bipartisan Group of Lawmakers Wants to Change That
https://fee.org/articles/the-president-has-an-internet-kill-switch-a-bipartisan-group-of-lawmakers-wants-to-change-that/
The executive branch technically has the authority under a World War II-era amendment of the Communications Act of 1934 to seize control of the internet. That’s scary.
Tomi Engdahl says:
This ‘Hacker University’ Offers Dark Web Cybercrime Degrees For $125
https://www.forbes.com/sites/daveywinder/2020/09/28/this-hacker-university-offers-dark-web-cybercrime-degrees-for-125/
Tomi Engdahl says:
Emotet malware takes part in the 2020 U.S. elections
https://www.bleepingcomputer.com/news/security/emotet-malware-takes-part-in-the-2020-us-elections/
Emotet is now taking part in the United States 2020 Presidential
election with a new spam campaign pretending to be from the Democratic
National Convention’s Team Blue initiative.
Tomi Engdahl says:
XDSpy cyber-espionage group operated discretely for nine years
https://www.bleepingcomputer.com/news/security/xdspy-cyber-espionage-group-operated-discretely-for-nine-years/
Researchers at ESET today published details about a threat actor that
has been operating for at least nine years, yet their activity
attracted almost no public attention. Lisäksi:
https://vblocalhost.com/presentations/xdspy-stealing-government-secrets-since-2011/.
Lisäksi:
https://www.zdnet.com/article/eset-discovers-a-rare-apt-that-stayed-undetected-for-nine-years
Tomi Engdahl says:
Graphology of an Exploit Fingerprinting exploit authors to help with
hunting zero-day exploits in the wild
https://blog.checkpoint.com/2020/10/02/graphology-of-an-exploit-fingerprinting-exploit-authors-to-help-with-hunting-zero-day-exploits-in-the-wild/
In the cyber-crime economy, which is all about exploiting
vulnerabilities in software and products, the most valuable and prized
asset is the zero day’ a vulnerability for which there is no patch or
update available. Our research methodology was to fingerprint’ an
exploit author’s working technique, looking for unique identifiers
that could be associated with that individual.
Tomi Engdahl says:
Google is creating a special Android security team to find bugs in
sensitive apps
https://www.zdnet.com/article/google-is-creating-a-special-android-security-team-to-find-bugs-in-sensitive-apps
Google is hiring to create a special Android security team that will
be tasked with finding vulnerabilities in highly sensitive apps on the
Google Play Store. Android apps that will be on the team’s radar
include COVID-19 contact tracing apps and election-related apps.
Tomi Engdahl says:
Serious Security: Phishing without links when phishers bring along
their own web pages
https://nakedsecurity.sophos.com/2020/10/02/serious-security-phishing-without-links-when-phishers-bring-along-their-own-web-pages/
In the past few days we received two phishing campaigns one sent in by
a thoughtful reader and the other spammed directly to us that we
thought would tell a useful visual story.
Tomi Engdahl says:
Microsoft Says Russia Behind Most Nation-State Cyber-Attacks
https://www.bloomberg.com/news/articles/2020-09-29/microsoft-says-russia-behind-most-nation-state-hacking-attempts
Russia-based hackers are responsible for the majority of nation-state
attacks on Microsoft customers, according to new data from company.
Tomi Engdahl says:
How One Piece of Hardware Took Down a $6 Trillion Stock Market
https://www.bloomberg.com/news/articles/2020-10-02/how-one-piece-of-hardware-took-down-a-6-trillion-stock-market
A data device critical to the Tokyo Stock Exchange’s trading system
had malfunctioned, and the automatic backup had failed to kick in. It
was less than an hour before the system, called Arrowhead, was due to
start processing orders in the $6 trillion equity market. Exchange
officials could see no solution.
Tomi Engdahl says:
Google now discloses Android vulnerabilities for 3rd-party devices
https://www.bleepingcomputer.com/news/security/google-now-discloses-android-vulnerabilities-for-3rd-party-devices/
Google today announced the launch of a new program specifically
designed to deal with security vulnerabilities the company finds in
third-party Android devices and software serviced by Android OEMs.
Tomi Engdahl says:
Common Ways Attackers Are Stealing Credentials
https://www.wordfence.com/blog/2020/10/common-ways-attackers-are-stealing-credentials/
A few weeks ago, we reviewed some of the worst website hacks we’ve
ever seen. Every one of them started with poor password choices and
escalated into a disastrous event for the site owner. Strong passwords
and good password hygiene are often the first line of defense.
Tomi Engdahl says:
Online avatar service Gravatar allows mass collection of user info
https://www.bleepingcomputer.com/news/security/online-avatar-service-gravatar-allows-mass-collection-of-user-info/
A user enumeration technique discovered by security researcher Carlo
Di Dato demonstrates how Gravatar can be abused for mass data
collection of its profiles by web crawlers and bots.
Tomi Engdahl says:
Check Point osaa tunnistaa haittakoodin kirjoittajan
https://etn.fi/index.php/13-news/11232-check-point-osaa-tunnistaa-haittakoodin-kirjoittajan
Tietoturvayhtiö Check Pointin tutkijat ovat kehittäneet tekniikan, jolla ne voivat tunnistaa haavoittuvuuksien hyväksikäyttämiseen tarkoitetun koodin kirjoittajan ”käsialan”. Tutkijat todistivat tekniikkaansa löytämällä ja nimeämällä kaksi Windows-haittojen koodaajaa.
Tutkijat seurasivat 16 haittaohjelmaa, jotka hyödyntävät Windows-koneiden paikallisten oikeuksien korottamiseen perustuvia LPE-haittoja. Tutkijat rakensivat profiilin yhdestä aktiivisimmista kehittäjistä, jotka tunnetaan nimellä “Volodja” tai “BuggiCorp”.
Tomi Engdahl says:
How to block targeted advertising on Facebook, Google, Instagram and Twitter
https://www.wired.co.uk/article/how-to-block-ad-tracking-facebook-instagram-twitter-google
Wherever you go online, you’re being followed by the spectre of targeted ads. You’ll never be able to stop them fully, but there are some steps to take
Targeted advertising is big business. 98 per cent of Facebook’s revenue comes from advertising; in the first three months of 2019 alone, this equated to $14.9 billion and was up 26 per cent year-on-year – an increase that is primarily driven by Instagram.
Google collected $30.7bn and Twitter $787 million, respectively, in ad revenue for the same three months. Facebook, Google and Twitter approach advertising slightly differently, but their success comes down to the same thing: targeting.
Targeted advertising makes sure you see adverts that are supposedly relevant to your interests. Data based on your gender, age and income, or psychographic traits including attitudes and interests is used to put specific adverts in front of your eyes.
Facebook, Google and Twitter will look at your activity, location and searches over time to predict your preferences and show you relevant ads and banners from third parties.
They do not sell your data directly, but they do sell access to you. If you’re searching for a flight on Skyscanner then you might immediately see airline or hotel deals when visiting Facebook or Youtube. It always feels creepy.
To block annoying ads and banners from popping up on your sidebar, you could download ad-blocking extensions to clean up your browser. But unless you are willing to unplug from social media and search engines, there is little you can do to stop them (and other companies) from tracking you entirely. Facebook’s Pixel, which is used to track behaviour across the web, appears on more than eight million websites and even follows people who don’t have Facebook accounts.
However, there are some ways to control what ads you see and how they are targeted to you.
Tomi Engdahl says:
Check Point Research:
Security researchers describe a way to fingerprint exploit writers’ characteristics, which can then be used to identify other exploits written by same writers
Graphology of an Exploit – Hunting for exploits by looking for the author’s fingerprints
October 2, 2020
https://research.checkpoint.com/2020/graphology-of-an-exploit-volodya/
Research by: Itay Cohen, Eyal Itkin
In the past months, our Vulnerability and Malware Research teams joined efforts to focus on the exploits inside the malware and specifically, on the exploit writers themselves. Starting from a single Incident Response case, we built a profile of one of the most active exploit developers for Windows, known as “Volodya” or “BuggiCorp”. Up until now, we managed to track down more than 10 (!) of their Windows Kernel Local Privilege Escalation (LPE) exploits, many of which were zero-days at the time of development.
Tomi Engdahl says:
Quantum Computing is a Challenge for Cryptography
https://www.eetimes.com/quantum-computing-is-a-challenge-for-cryptography/
Quantum computing promises significant breakthroughs in science, medicine, financial strategies, and more, but it also has the power to blow right through current cryptography systems, therefore becoming a potential risk for a whole range of technologies, from the IoT to technologies that are supposedly hack-proof, like blockchain.
Cryptography is everywhere — in messages from WhatsApp, online payments, eCommerce sites. Perhaps we cannot see it, but our data are transformed several times to avoid being tracked. “Simple” Wi-Fi is protected by the Wi-Fi Protected Access 2 (WPA2) protocol. Every credit card transaction is protected by the Advanced Encryption Standard (AES). These are different encryption methods with different mathematical problems to solve.
In order to keep ahead of potential security problems, the length of the encryption keys is gradually increasing, and the algorithms are gradually becoming more sophisticated. The general principle is that the longer the key length, the more difficult it is for a brute force to attack and break it. These are attacks in which cyber criminals make thousands of attempts to force keys until they find the right one.
All of this remains true with classic computers that operate with bits and bytes. If and when quantum computers that use qubits come into play, however, then the story changes. In the case of encryption keys, quantum computers are able to process an enormous number of potential results in parallel.
Progress in quantum computing would jeopardize the use of PKI X.509 (RSA, ECDSA) certificates used today for authentication and digital signature algorithms: all must be protected by new quantum-resistant algorithms to remain secure.
Tomi Engdahl says:
Johdon ohjaus on ratkaisevaa yrityksen kyberkestävyyden kannalta
https://www.huoltovarmuuskeskus.fi/johdon-ohjaus-on-ratkaisevaa-yrityksen-kyberkestavyyden-kannalta/
Johdon sitoutuminen ja ohjaus ratkaisevat yrityksen kyberkestävyyden
ja sitä kautta liiketoiminnan jatkuvuuden. Suomessa finanssiala on
pisimmällä kyberturvallisuudessa, kertoo Huoltovarmuusorganisaation
Digipoolin teettämä kartoitus
Tomi Engdahl says:
MosaicRegressor: Lurking in the Shadows of UEFI
https://securelist.com/mosaicregressor/98849/
UEFI (or Unified Extensible Firmware Interface) has become a prominent
technology that is embedded within designated chips on modern day
computer systems. Replacing the legacy BIOS, it is typically used to
facilitate the machine’s boot sequence and load the operating system,
while using a feature-rich environment to do so. Lisäksi:
https://threatpost.com/bootkit-malware-north-korea-diplomats/159846/.
Lisäksi:
https://www.zdnet.com/article/chinese-hacker-group-spotted-using-a-uefi-bootkit-in-the-wild/.
Lisäksi:
https://arstechnica.com/information-technology/2020/10/custom-made-uefi-bootkit-found-lurking-in-the-wild/.
Lisäksi:
https://www.bleepingcomputer.com/news/security/mosaicregressor-second-ever-uefi-rootkit-found-in-the-wild/.
Lisäksi: https://www.wired.com/story/hacking-team-uefi-tool-spyware/
Tomi Engdahl says:
Koodin aukot voi nyt tarkistaa Githubin omalla työkalulla
https://etn.fi/index.php/13-news/11236-koodin-aukot-voi-nyt-tarkistaa-githubin-omalla-tyokalulla
Github on miljardien koodirivien koti ja nyt kehittäjille on tuotu varastoon natiivityökalu, jolla voidaan tarkistaa koodiin sisältyviä haavoittuvuuksia. Työkalu perustuu Semmlen semanttiseen koodinanalyysiin.
Semmleä käyttävät monet jättimäiset organisaatiot, kuten Uber, NASA, Microsoft ja Google. Työkalun avulla on löydetty tuhansia haavoittuvuuksia suurimmista ohjelmistoista. Nyt työkalu siis löytyy natiivina kaikkien Github-käyttäjien käyttöön.
Semmlen semanttinen CodeQL-koodianalyysimoottori antaa kehittäjille mahdollisuuden kirjoittaa kyselyjä, jotka tunnistavat koodimalleja suurissa koodikannoissa. Kuvailujen perusteella työkalu etsii haavoittuvuuksia ja niiden muunnelmia.
Tomi Engdahl says:
China-Linked Hackers Used UEFI Malware in North Korea-Themed Attacks
https://www.securityweek.com/china-linked-hackers-used-uefi-malware-north-korea-themed-attacks
A threat actor linked to China has used UEFI malware based on code from Hacking Team in attacks aimed at organizations with an interest in North Korea, Kaspersky reported on Monday.
https://www.securityweek.com/hacking-team-preparing-launch-new-surveillance-solution
Tomi Engdahl says:
More Than Half Of Young Women Have Been Abused Online, Study Says
https://www.forbes.com/sites/carlieporterfield/2020/10/05/more-than-half-of-young-women-have-been-abused-online-study-says/?utm_campaign=forbes&utm_source=facebook&utm_medium=social&utm_term=Gordie/#676f7264696
A study released this week found that nearly 60% of young women ages 15 to 25 have been the victim of online harassment and abuse, with a staggering 39% of those saying they’ve been threatened with sexual violence while online.
Plan International, an advocacy group for children’s rights and gender equality, this week released the findings of a study into online harassment that it says is the largest to have been done.
Of the respondents who have been abused online, nearly 60% said they’ve experienced insulting language, followed by targeted humiliation (41%) body shaming (39%) and threats of sexual violence (39%).
More than half of respondents from the LGBTQ+ community said they’d been harassed for their sexual orientation or gender identity, and nearly 40% who are part of an ethnic minority have faced attacks on their ethnicity or race, according to Plan International.
Respondents said Facebook is the leading platform for attacks — 39% said they’ve faced abuse on it — followed by Instagram (23%), WhatsApp (14%), Snapchat (10%), Twitter (9%) and TikTok (6%).
Online harassment has real-world consequences, according to Plan International: one in five survey respondents said they or a friend had felt their physical safety was in danger because of internet abuse, and many reported it took a toll on their mental health (38%), lowered their self-esteem (39%) and created issues at school (18%).
Tomi Engdahl says:
Sam Shead / CNBC:
The European Court of Justice, EU’s highest legal authority, rules that member states cannot collect mass mobile and internet data of citizensFind
EU’s top court limits government spying on citizens’ mobile and internet data
https://www.cnbc.com/2020/10/06/ecj-limits-government-spying-on-citizens-mobile-and-internet-data-.html
The European Court of Justice (ECJ) has ruled that member states cannot collect mass mobile and internet data on citizens.
It said forcing internet and phone operators to carry out the “general and indiscriminate transmission or retention of traffic data and location data” is against EU law.
The ruling is in response to several cases brought about by Privacy International and La Quadrature du Net.
The top court in the European Union has delivered another blow to governments seeking to keep tabs on citizens through controversial spying techniques.
The European Court of Justice (ECJ), the EU’s highest legal authority, ruled Tuesday that member states cannot collect mass mobile and internet data on citizens.
Forcing internet and phone operators to carry out the “general and indiscriminate transmission or retention of traffic data and location data” is against EU law, the court explained in its ruling.
“However, in situations where a member state is facing a serious threat to national security that proves to be genuine and present or foreseeable, that member state may derogate from the obligation to ensure the confidentiality of data relating to electronic communications,” it continues.
Even in these emergency scenarios, there are rules that must be adhered to.
“Such an interference with fundamental rights must be accompanied by effective safeguards and be reviewed by a court or by an independent administrative authority,” the court said.
Tomi Engdahl says:
WoW. You paid to Halers who encrypted your data? You may be violating a bunch of federal regulations and can be prosecuted.
Joseph Steinberg
CYBERSECURITYUS Government Threatens To Punish Anyone Who Pays Ransomware Ransoms, Or Even Negotiates With, Sanctioned Hackers
https://josephsteinberg.com/us-government-threatens-to-punish-anyone-who-pays-ransomware-ransoms-or-even-negotiates-with-sanctioned-hackers/
Any person, business, or organization that pays a ransomware ransom, or that helps others negotiate and implement deals with ransomware attackers, could face criminal prosecution or significant fines if the parties who benefit from any resulting payments are under sanctions, the US Government warned late last week.
US law prohibits both individuals and organizations from either directly or indirectly engaging in any financial transactions with individuals or organizations that the Treasury Department’s Office of Foreign Assets Control (OFAC), has sanctioned, as well as with any party subject to the government’s “comprehensive country or region embargoes,” such as those prohibiting economic activity with anyone in Iran, Syria, North Korea, Cuba, and Russian-occupied regions of Ukraine.
Americans are subject to OFAC sanctions even when out of the country, and are also prohibited from engaging with foreign nationals in any effort to circumvent sanctions; the US government even considers its sanctions applicable to non-Americans if their actions help an American violate sanctions.
Tomi Engdahl says:
The last few months have seen a steady stream of proposals, encouraged by the advocacy of the FBI and Department of Justice, to provide “lawful access” to end-to-end encrypted services in the United States. Now lobbying has moved from the U.S., where Congress has been largely paralyzed by the nation’s polarization problems, to the European Union—where advocates for anti-encryption laws hope to have a smoother ride. A series of leaked documents from the EU’s highest institutions show a blueprint for how they intend to make that happen, with the apparent intention of presenting anti-encryption law to the European Parliament within the next year.
Orders from the Top: The EU’s Timetable for Dismantling End-to-End Encryption
https://www.eff.org/deeplinks/2020/10/orders-top-eus-timetable-dismantling-end-end-encryption
The public signs of this shift in the EU—which until now has been largely supportive toward privacy-protecting technologies like end-to-end encryption—began in June with a speech by Ylva Johansson, the EU’s Commissioner for Home Affairs.
Speaking at a webinar on “Preventing and combating child sexual abuse [and] exploitation”, Johansson called for a “technical solution” to what she described as the “problem” of encryption, and announced that her office had initiated “a special group of experts from academia, government, civil society and business to find ways of detecting and reporting encrypted child sexual abuse material.”
The subsequent report was subsequently leaked to Politico. It includes a laundry list of tortuous ways to achieve the impossible: allowing government access to encrypted data, without somehow breaking encryption.
At the top of that precarious stack was, as with similar proposals in the United States, client-side scanning. We’ve explained previously why client-side scanning is a backdoor by any other name. Unalterable computer code that runs on your own device, comparing in real-time the contents of your messages to an unauditable ban-list, stands directly opposed to the privacy assurances that the term “end-to-end encryption” is understood to convey. It’s the same approach used by China to keep track of political conversations on services like WeChat, and has no place in a tool that claims to keep conversations private.
It’s also a drastically invasive step by any government that wishes to mandate it. For the first time outside authoritarian regimes, Europe would be declaring which Internet communication programs are lawful, and which are not. While the proposals are the best that academics faced with squaring a circle could come up with, it may still be too aggressive to politically succeed as enforceable regulation—even if tied, as Johannsson ensured it was in a subsequent Commission communication, to the fight against child abuse.
Tomi Engdahl says:
Singapore unveils 2020 Cybersecurity Masterplan
https://w.media/news/singapore-unveils-2020-cybersecurity-masterplan/
As Singapore continues to equip itself to become Asia’s post-pandemic digital hub, the Safer Cyberspace Masterplan 2020 has been unveiled by Deputy Prime Minister Heng Swee Keat at Singapore’s International Cyber Week 2020.
Tomi Engdahl says:
Verizon: Just 25% of global businesses comply fully with the Payment Card Industry Data Security Standard
Gives you confidence in an era where nobody accepts cash any more
https://www.theregister.com/2020/10/06/verizon_pci_dss_survey/
A little more than a quarter of companies worldwide are fully compliant with the exacting PCI DSS online payment security standard, according to US telco Verizon.
The company’s 2020 Payment Security Report found that only 27 per cent of organisations worldwide were in line with the full ambit of the PCI DSS (Payment Card Industry Data Security Standard) for handling payment card data in online purchases.
“Unfortunately we see many businesses lacking the resources and commitment from senior business leaders to support long-term data security and compliance initiatives. This is unacceptable,” said Sampath Sowmyanarayan, president, Global Enterprise, Verizon Business. “Payment security has to be seen as an ongoing business priority by all companies that handle any payment data, they have a fundamental responsibility to their customers, suppliers and consumers.”
Compounding that, Verizon also said that PCI DSS compliance has fallen by 27 percentage points since 2016, with 2017′s report seeing 55 per cent of orgs passing the “interim assessment” stage.
A UK-based small business owner offered to shed a little light on the report’s main finding for The Register anonymously, lest he trigger the wrath of his payment provider. He said: “The questions are so convoluted and confusing, and you can only put ‘Yes’, ‘No’ or ‘Not sure’ answers… which doesn’t always fit. I fecking hate having to do it… too much technical speak and legalese and I have no idea what the majority of it means despite doing my best to understand it all.”
More worryingly, Verizon reckoned that just 70 per cent of financial institutions “maintain essential security perimeter controls”.
Hospitality was the industry least likely to be compliant across the world, with a quarter of businesses in that sector meeting full compliance standards. Financial services led the way: 40 per cent of institutions in that sector met the rules in full.
Tomi Engdahl says:
September 2020′s Most Wanted Malware: New Info-stealing Valak Variant
Enters Top 10 Malware List For First Time
https://blog.checkpoint.com/2020/10/07/september-2020s-most-wanted-malware-new-info-stealing-valak-variant-enters-top-10-malware-list-for-first-time/
Check Point researchers find sharp increase in attacks using new Valak
malware, while the Emotet trojan remains in 1st place for third
consecutive month
Tomi Engdahl says:
Had your face stolen lately?
https://www.welivesecurity.com/2020/10/06/had-face-stolen-lately-biometrics-data-breach/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29
You can reset your PIN after a data breach, you can reset your
password after a data breach, you can reset your security questions
after a data breach but can you reset your face?
Tomi Engdahl says:
CISA Warns of Emotet Trojan Targeting State, Local Governments
https://www.securityweek.com/cisa-warns-emotet-trojan-targeting-state-local-governments
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of an increase in attacks targeting state and local governments with the Emotet Trojan.
Active for over a decade, Emotet is a Trojan mainly used to drop additional malware onto compromised systems. Previously, it also functioned as a banking Trojan and as an information stealer.
Emotet has been silent for nearly half a year in 2020, but resumed activity in July, with the number of attacks surrounding it surging the next month. In early August, Binary Defense security researchers revealed that a vaccine deployed in February kept Emotet away for six months.
Tomi Engdahl says:
Cybercriminals Have Shifted Their Attack Strategies. Are You Prepared?
https://www.securityweek.com/cybercriminals-have-shifted-their-attack-strategies-are-you-prepared
The Best Defense Against Cyber Threats is Good Information
Recent threat research shows that during the first six months of 2020, cybercriminals adapted their usual attack strategies to take advantage of the global pandemic and target the expanded attack surface created by the dramatic shift to remote workers. Understanding this trend is critical for security teams tasked with identifying threats and properly securing networks.
One of the biggest challenges is the double-edged sword of NOC and SOC teams having to invert their network to switch the majority of end-users from working inside the traditional perimeter to now connecting from home offices. And many have had to do so while working remotely themselves. Visibility and control across the network have been reduced, exposing organizations to risks that did not exist only a few weeks ago. Like it or not, notoriously unpatched and unprotected home networks are now part of the extended corporate network.
Cybercriminals understand this and have modified their attack strategies accordingly. According to recent threat data, IPS signatures have detected a dramatic upswing of attacks looking to target home-based routers and IoT devices. Also, while 2020 is on track to have released the largest number of CVEs in history, 65% of organizations report detecting threats targeting vulnerabilities identified in 2018. And more than a quarter of firms registered attempts to exploit CVEs from 15 years earlier.
Tomi Engdahl says:
Missä on koodia, siellä on haavoittuvuuksia
https://etn.fi/index.php/13-news/11251-missa-on-koodia-siella-on-haavoittuvuuksia
Tietoturvayhtiö Trend Micro järjesti tänään kyberturvawebinaarin. Siinä yhtiön tietoturvatutkimuksen johtaja Rik Ferguson maalasi varsin synkeän kuvan kyberturvan tulevaisuudesta. Ongelma ei ole katoamassa koskaan. – Missä on koodia, siellä on haavoittuvuuksia, Ferguson sanoi.
- Ja missä on käyttäjiä, siellä on heikkouksia, Ferguson jatkoi. Ongelmana on ennen kaikkea datan eksponentiaalinen kasvu. Hyökkäyksiä tulee niin paljon, etteivät yritysten tietoturvatiimit voi koskaan ylittää tätä taitokuilua (skills gap).
Tomi Engdahl says:
NATO Chief Calls for New Strategy on Cyber, China
https://www.securityweek.com/nato-chief-calls-new-strategy-cyber-china
NATO needs a new strategic concept adjusted to the global rise of new technologies, terrorism and China to replace a plan developed a decade ago, the head of the alliance said on Wednesday.
French President Emmanuel Macron famously branded the alliance “brain dead” last year, demanding a new strategy that would, among other things, reopen dialogue with Russia — stifled after it annexed part of Ukraine — and refocus on the fight against Islamist terrorism.
As part of a “reflection process” triggered by the French leader’s controversial remarks, NATO will revise its strategic concept — its overarching statement of the threats it faces and how it might respond, Secretary General Jens Stoltenberg told a conference in Slovakia’s capital Bratislava.
“The time has come to develop a new strategic concept for NATO, as the world has fundamentally changed,” Stoltenberg said at the GLOBSEC security forum.
He dubbed the initiative “NATO 2030″.
Tomi Engdahl says:
Redefining PII as We Trade Convenience for Risk in a Contactless World
https://www.securityweek.com/redefining-pii-we-trade-convenience-risk-contactless-world
Since the beginning of the COVID-19 pandemic, my favorite restaurant in my little neighborhood in Seattle has undergone some operational changes.
The only way to order there now is through the virtual menu on the restaurant’s website. They prepare the food back in the kitchen, and someone just brings it out to your table.
I know everybody on the staff, but I’ve hardly seen them in months. The manager still comes around to check on the tables and banter. But overall, the staff are optimized for much less human interaction. It definitely changes the dining experience.
The same theme is playing out across a number of life’s little touchpoints. It’s not just masks and social distancing. In ways large and small, there’s been a broader social shift toward a reliance on virtual processes.
When you go to the store for groceries, you may just fill your bag with items marked by RFID tags that supply the product and pricing information. They’re connected to a back-end payment system that automatically charges you via a wireless payment format like Apple Pay—not only cashless, but entirely touchless.
Over the past several weeks, we’ve talked about the changes to education, healthcare and retail as similar stories play out across industries. But what does it all mean for each of us as individuals, navigating this contactless world?
From a security perspective, the biggest issue may be that your digital footprint is now a digital vapor trail. Everywhere you go, you cast a shadow of data that, taken together, reveals who you are, what you like to do, your habits, your addictions.
There has long been a tension between our willingness to give up personal information, security and privacy and our desire for convenience. Now maybe the tables have turned. Convenience has become necessity. And after a while, people just get comfortable with what comes with it.
In the U.S. at least, we’ve long considered “personally identifiable information” to be the hard stuff: Social Security numbers, driver’s license and passport numbers, full names, bank accounts. But Europe’s GDPR is more in line with what PII will mean in this contactless world.
The EU has done a great deal of work to understand what kinds of data really are “personal” and should be protected under the law. In other regions around the world, however, privacy seems to be of little concern.
It bears looking into in the U.S. as we continue to adapt to more complex situations driven by apps. In doing so, we’re increasing the size and complexity of that data vapor trail, and this will only strengthen the ability for companies, government entities and malicious actors to view people’s spending patterns and to anticipate their wants and needs.
At the same time, 5G is being deployed, edge computing is on the rise and real-time analytics is proliferating. Your data is going to be leveraged in real time.
Hackers might know not only what you like, but also where you’ll be, enabling location-based phishing or other attacks as well. It’s a whole new level of triangulation that’s not just targeting high-value government employees, but anyone with a seemingly healthy bank account.
We’ll see how many of these processes return from the virtual world to the physical world over time, but those virtual processes are likely here to stay regardless. As a result, your PII is becoming a much richer source of information about you, and potentially much more dangerous.
Tomi Engdahl says:
Road signs hacking
https://www.facebook.com/groups/majordomo/permalink/10161199899144522/
Tomi Engdahl says:
Sacha Baron Cohen: We Must Save Democracy From Conspiracies
https://time.com/5897501/conspiracy-theory-misinformation/
Tomi Engdahl says:
A China-Linked Group Repurposed Hacking Team’s Stealthy Spyware
The tool attacks a device’s UEFI firmware—which makes it especially hard to detect and destroy.
https://www.wired.com/story/hacking-team-uefi-tool-spyware/
Tomi Engdahl says:
Microsoft takes down massive hacking operation that could have affected the election
https://edition.cnn.com/2020/10/12/tech/microsoft-election-ransomware/index.html?utm_source=fbCNN&utm_term=link&utm_medium=social&utm_content=2020-10-12T12%3A33%3A09
Microsoft has disrupted a massive hacking operation that it said could have indirectly affected election infrastructure if allowed to continue.
The company said Monday it took down the servers behind Trickbot, an enormous malware network that criminals were using to launch other cyberattacks, including a strain of highly potent ransomware.
Microsoft said it obtained a federal court order to disable the IP addresses associated with Trickbot’s servers, and worked with telecom providers around the world to stamp out the network. The action coincides with an offensive by US Cyber Command to disrupt the cybercriminals, at least temporarily, according to The Washington Post.
Tomi Engdahl says:
Five Eyes governments, India, and Japan make new call for encryption backdoors
Another Five Eyes meeting, another call for encryption backdoors in modern tech.
https://www.zdnet.com/article/five-eyes-governments-india-and-japan-make-new-call-for-encryption-backdoors/
Tomi Engdahl says:
https://www.zdnet.com/article/five-eyes-governments-india-and-japan-make-new-call-for-encryption-backdoors/
If properly implemented, E2EE lets users have secure conversations — may them be chat, audio, or video — without sharing the encryption key with the tech companies.
Representatives from the seven governments argue that the way E2EE encryption is currently supported on today’s major tech platforms prohibits law enforcement from investigating crime rings, but also the tech platforms themselves from enforcing their own terms of service.
pressure has been mounting in recent years as western governments seek to reach intelligence-gathering parity with China.
Tomi Engdahl says:
OPINION: Governments Have Failed to Learn from the Cambridge Analytica Scandal
https://www.occrp.org/en/37-ccblog/ccblog/13225-governments-have-failed-to-learn-from-the-cambridge-analytica-scandal
A week before the parent company of Cambridge Analytica filed for bankruptcy, one of its employees opened a UK firm that has since been providing similar “behavioral modification” training to clients including the Canadian and Dutch militaries.
Strategic Communication Laboratories (SCL) Group, Cambridge’s parent company, drew on psychological and social science research to distill techniques aimed at manipulating group behavior.
For almost two decades, SCL sold its services to clients around the world. They included political parties trying to sway voters in scores of countries, and the British and American militaries attempting to influence populations and insurgents in conflicts such as Iraq and Afghanistan.
But SCL did not survive its firm’s best-known campaigns: Its subsidiary, Cambridge Analytica, sparked a scandal due to its involvement in Donald Trump’s 2016 U.S. presidential campaign, and questions were raised over the role of Cambridge Analytica and an affiliate in the successful movement the same year for Britain to leave the European Union.
Cambridge Analytica was subsequently found to have misappropriated data from Facebook, which it used to build profiles of about 87 million users. The scandal forced the entire group of companies to file for insolvency on May 1, 2018.
The fact that Emic was able to rise from the ashes of SCL while the Cambridge Analytica and SCL debacle was still under investigation shows that governments have not learned the lessons of 2016.
vital that scandals such as this are properly investigated to protect against unethical business practices, conflicts of interest, security issues and data rights infringements.
Tomi Engdahl says:
Why Privacy Is the Most Important Concept of Our Time
https://inre.me/why-privacy-is-the-most-important-concept-of-our-time/
Privacy is more than the right of an individual to be left alone. It concerns the very fabric of society
I do think that privacy is the most important concept of our time. Let me tell you why:
internet is not a virtual world anymore, it is a dimension that permeates our lives; we work, socialize and get informed through the internet
our society is more diverse; we have some things in common with our neighbors and some with separate communities
privacy is integral to separate the different parts of our lives; once the separation could be just physical and accidental (i.e., you live here and work there), now it must be built intentionally because there are no natural barriers in information spreading
In short, internet has made sharing information easier and complexity has made information more dangerous. We need to evolve our understanding of rules and norms to deal with this new situation.
Tomi Engdahl says:
Enterprise businesses equip staff with mobile devices such as laptops and smart phones to perform daily tasks. This makes the workforce much more mobile but places an implicit burden on the staff to ensure that they are always on-line. Security is handled by the underlying operating system and supporting solutions, for example a Secure Remote Access solution or “VPN”.
Endpoint VPN technology has been around since at least 1996 when Microsoft created the Peer to Peer Tunneling Protocol (PPTP). OpenVPN and similar open source VPN technologies have advanced this tech from highly specialized to near commodity.
However, enterprise Secure Remote Access solutions can be complicated and nuanced.
Tomi Engdahl says:
Five Eyes governments, India, and Japan make new call for encryption
backdoors
https://www.zdnet.com/article/five-eyes-governments-india-and-japan-make-new-call-for-encryption-backdoors/
Members of the intelligence-sharing alliance Five Eyes, along with
government representatives for Japan and India, have published a
statement over the weekend calling on tech companies to come up with a
solution for law enforcement to access end-to-end encrypted
communications.
Tomi Engdahl says:
Ransomware Attackers Buy Network Access in Cyberattack Shortcut
https://threatpost.com/ransomware-network-access-cyberattack/159998/
Network access to various industries is being offered in underground
forums at as little as $300 a pop and researchers warn that ransomware
groups like Maze and NetWalker could be buying in. In September,
researchers tracked more than 25 persistent network-access sellers
with more entering the scene on a weekly basis. These sellers are
operating on the same forums as actors associated with the ransomware
gangs Maze, Lockbit, Avaddon, Exorcist, NetWalker, Sodinokibi and
others, they said.
Tomi Engdahl says:
We Hacked Apple for 3 Months: Here’s What We Found
https://samcurry.net/hacking-apple/
There were a total of 55 vulnerabilities discovered with 11 critical
severity, 29 high severity, 13 medium severity, and 2 low severity
reports. As of now, October 8th, we have received 32 payments totaling
$288, 500 for various vulnerabilities. However, it appears that Apple
does payments in batches and will likely pay for more of the issues in
the following months.
Tomi Engdahl says:
CISA and FBI Release Joint Advisory Regarding APT Actors Chaining
Vulnerabilities Against Government, Critical Infrastructure, and
Elections Organizations
https://us-cert.cisa.gov/ncas/current-activity/2020/10/09/cisa-and-fbi-release-joint-advisory-regarding-apt-actors-chaining
The Cybersecurity and Infrastructure Security Agency (CISA) and the
Federal Bureau of Investigation (FBI) have released a joint
cybersecurity advisory regarding advanced persistent threat (APT)
actors chaining vulnerabilities in an attempt to compromise federal
and state, local, tribal, and territorial (SLTT) government networks,
critical infrastructure, and elections organizations. Report:
https://us-cert.cisa.gov/ncas/alerts/aa20-283a
Tomi Engdahl says:
Google adds password breach alerts to Chrome for Android, iOS
https://www.welivesecurity.com/2020/10/08/chrome-android-ios-can-now-tell-you-if-your-password-has-been-stolen/
Much like with a feature that is already available for Chrome on
computers, the browser’s version for mobile platforms will now compare
your saved login credentials against a list of login details that are
known to have been compromised; if a match is found, it will alert
you.
Tomi Engdahl says:
Google boosts malware protection for high-risk accounts
https://www.bleepingcomputer.com/news/security/google-boosts-malware-protection-for-high-risk-accounts/
Google’s Advanced Protection Program is a free service that aims to
protect the accounts of users including but not limited to activists,
journalists, business leaders, and political teams who have a higher
risk of being targeted by online attacks. APP blocks unauthorized
access to enrolled users’ accounts, offers additional protection from
harmful downloads, and secures the users’ info.