Cyber security trends for 2020

Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, will be making educated guesses based on what has happened during the last 12 months and several years before that.

The past year has seen a rapid increase in the adoption of up-and-coming technologies. Everyday items are getting
smarter and more connected. Companies are saving millions with new technologies and cities are racing to
implement smart solutions. 5G promises to bring wireless high speed broadband to everywhere. On the other hand those solutions add new kinds of vulnerabilities. Competing in today’s digital marketplace requires that organizations are cyber-savvy. 2020 is when cybersecurity gets even weirder, so get ready.

Here are some trends and predictions for cyber security in 2020:

Cyber Attacks: Cyberattacks grow in volume and complexity.Many countries that are going to emerge as major threats in the 2020s. Nation-state backed cyber groups have been responsible for major incidents over the last decade. And now more countries want the same power. Cyberattacks range from targeting your database to steal information that can be sold on the dark web, to hijacking unused CPU cycles on your devices to mine for cryptocurrencies, or trying to infect vulnerable systems so they can be used later as part of a botnet.

IoT security: IoT security is still getting worse until it starts to get better.  IoT security is an extremely hot topic right now and will be hot for many years to come. Industrial IoT risk has been discussed a lot. Physics dictates local application deployment, because the control rate of most industrial systems is 10 milliseconds or below. Smart Building Security Awareness Grows. The risks of the IoT in financial services are great. An explosion in IoT devices significantly raises the threat level. Gartner predicted that the world will see nearly 21 billion IoT devices by next year and it would be nice if all of them would be secure, but many of them unfortunately are not secure. Hackers are continually looking for ways to exploit device vulnerabilities. From smart TV’s, IP cameras, and smart elevators, to hospital infusion pumps and industrial PLC controllers, IoT and OT (Operational Technology) devices are inherently vulnerable and easy to hack. Why? Because IoT security is complicated and security should consider and integrated with IoT deployments. Gartner Says Worldwide IoT Security Spending Will Reach $1.9 Billion in 2019, and will raise to $ 3.1 billion in 2021, making it one of the fastest growing segments in cybersecurity industry. IoT landscape is complex, and so are the security solutions. These tackle the different challenges of IoT- device hardening, encryption, discovery, data protection, malware and anomaly detection, policy enforcement and more. You might have to do a little work with your internet of things devices to stay secure. A failure by many IoT device manufacturers to follow cryptographic best practices is leaving a high proportion of the devices vulnerable to attack. One in every 172 active RSA certificates are vulnerable to attack. It is a good idea to build a separate network segments for IoT devices so that they are isolated from the normal office network. FBI recommends that you keep your IoT devices on a separate network.

IoT privacy: Silicon Valley Is Listening to Your Most Intimate Moments. The world’s biggest companies got millions of people to let temps analyze some very sensitive recordings made by your “smart” speakers and smart phones. A quarter of Americans have bought “smart speaker” devices such as the Echo, Google Home, and Apple HomePod. Consulting firm Juniper Research Ltd. estimates that by 2023 the global annual market for smart speakers will reach $11 billion, and there will be about 7.4 billion voice-controlled devices in the wild. That’s about one for every person on Earth. The question is, then what? Having microphones that listen all the time is concerning. Also some attackers are terrifying homeowners and making them feel violated in their own homes.

Medical systems security: Cyberattacks on Medical Devices Are on the Rise—and Manufacturers Must Respond. Attacks on networked medical devices, and the data they collect and transmit, can be costly. Patient safety is a critical concern, especially with devices such as defibrillators and insulin pumps that could cause patient harm or death if they malfunction. It’s shocking that a few years after WannaCry and NotPetya, the healthcare industry is still not prepared to deal with ransomware attacks. Many hospitals and healthcare networks that have been hit by ransomware over the past few months.

Surveillance cameras: Surveillance cameras are capturing what we do on the streets, at airports, in stores, and in much of our public space. China’s Orwellian video surveillance gets a bad rap but the US isn’t far behind as US has nearly the same ratio of security cameras to citizens as China.And the numbers are growing all over the world. One billion surveillance cameras will be deployed globally by 2021, according to data compiled by IHS Markit. Russia is building one of the world’s largest facial recognition networks and it may even be bigger than China’s 200 million camera system. China’s installed base is expected to rise to over 560 million cameras by 2021, representing the largest share of surveillance devices installed globally, with the US rising to around 85 million cameras. Now US, like China, has about one surveillance camera for every four people (in 2018 China had 350 million cameras and USA  70 million). Surveillance cameras are getting better, smaller and cheaper and can be installed almost anywhere. It would be very easy to sneak another device onto a hotel’s Wi-Fi network, stream that video over the internet to the computer.

Facial recognition: Private companies and governments worldwide are already experimenting with facial recognition technology. Facial recognition software is touted as making us safer. But mass surveillance has downsides of major proportions. Massive errors found in facial recognition tech. Facial recognition systems can produce wildly inaccurate results, especially for non-whites. Russia is building one of the world’s largest facial recognition networks. Individuals, lawmakers, developers – and everyone in between – should be aware of the rise of facial recognition, and the risks it poses to rights to privacy, freedom, democracy and non-discrimination.

Shut off Internet: Worrying worldwide trend employed by various governments: preventing people from communicating on the web and accessing information. Amid widespread demonstrations over different issues many countries have started cutting Internet connections from people. Some countries, namely China, architected their internet infrastructure from the start with government control in mind. Russia is aiming to this direction. Iran, India, Russia. For better or worse, an internet blackout limits the government’s ability to conduct digital surveillance on citizens.

Security First: Implementing Cyber Best Practices Requires a Security-First ApproachCompeting in today’s digital marketplace requires that organizations be cyber-savvy. The best defense is to start with a security-driven development and networking strategy that builds a hardened digital presence from the ground up. This not only ensures that your online services and web applications are protected from compromise, but also enables security to automatically evolve and adapt right alongside the development of your digital presence, rather than it having to be constantly rigged and retrofitted to adapt to digital innovation.

Zero Trust Network Access: Many of the most damaging breaches have been the result of users gaining access to unauthorized levels of network resources and devicesZero Trust is an enforceable, identity-driven access policy that includes seamless and secure two-factor/OTP authentication across the organization. Zero Trust Network Access ensures that all users and devices are identified, profiled, and provided appropriate network access. It also ensures that new devices are automatically assigned to appropriate network segments based on things like device profiles and owners. When combined with Network Access Control (NAC), organizations can also discover, identify, grant appropriate access, and monitor devices, thereby enhancing your access and segmentation strategy.

Anti-virus software: Only Half of Malware Caught by Signature AV. The percentage of malware that successfully bypassed signature-based antivirus scanners at companies’ network gateways has increased significantly, either by scrambling
code known as “packing” using basic encryption techniques or by the automatic creation of code variants. It seems that new approaches like machine learning and behavioral detection are necessary to catch threats. Meanwhile, network attacks have risen, especially against older vulnerabilities.

Ransomware attacks: Ransomware will remain a major threat in the coming year, as the criminal business model continues to flourish. That’s a move that security professionals have long condemned, warning that paying the ransom in a ransomware attack could end up causing more turmoil for victims – as well as inspire other cybercriminals to launch ransomware attacksMicrosoft never encourage a ransomware victim to pay. What to do with this is question. How much does a large-scale ransomware attack cost, as opposed to just hiring an adequate number of skilled IT personnel, and having disaster recovery plans in place? There is no complete security solution that could stop all attacks, but you should have decent protection. It would seem prudent to have adequate staff and offline BACKUPS to deal with this kind of situation, so decent recovery would be possible. Having no backup system is the gamble many companies and public entities seem to be playing. Good backups helps to recover from ransom attacks. There are new tactics coming to use in ransomware. A new Snatch ransomware strain that will reboot computers it infects into Safe Mode to disable any resident security solutions. Another new tactic by ransomware developers is to release a victim’s data if they do not pay the ransom – they will publish data that they steal to a competitor if the ransom is not paid.

Public sector: Public Sector Security Is Lagging. The state of cybersecurity and resilience in the public sector needs an
urgent boost in many countries. U.S. citizens rely on state governments and local municipalities to provide a host of services everything from access to public records, law enforcement protection, education and welfare to voting and election services. Cybercriminals have been targeting state and local governments with ransomware tools, which infect an organization’s computer networks and lock up critical files.

Regulation: We will see further legal regulations in the area of cyber security and data protection. The implementation of the GDPR and the IT Security Act have already ensured that the behaviour of companies has changed significantly. The drastic fines are having an effect. However, the GDPR is not the end of the story. The ePrivacy Regulation, the forthcoming reform of the IT Security Act and the European CyberSecurity Act will introduce further requirements, with the aim of improving digital security.

Consumer confidence: Winning consumer confidence is crucial to the development of new digital services. In a PwC study, consumers are prepared to share personal information if it is of sufficient value to them. On the other hand, consumer confidence also needs to be earned that you keep the information safe.

API security: APIs now account for 40% of the attack surface for all web-enabled apps. It’s a good time to pay attention to API security, since some recent high-profile breaches have involved API vulnerabilities. OWASP, the Open Web Application Security Project known for its top 10 list of web application vulnerabilities, published the release candidate version of its API Security Top 10 list at the end of September 2019. Also it’s almost 2020 and some sysadmins are still leaving Docker admin ports exposed on the internet.

Skills gap: Security teams are already grappling with serious challenges due to the growing cybersecurity skills gap, are being tasked to secure an ever-expanding network footprint. Security teams are often left to secure virtual and cloud environments, the implementation of SaaS services, DevOps projects, the growing adoption of IoT, mobile workers, and an expanding array of personal connected devices after they have already been implemented. They often do not have enough people and enough knowledge on those new technologies to do their work well. The cybersecurity unemployment rate is zero, with over 1 million jobs currently unfilled, a number that is expected to climb to 3.5 million by 2021. 145% Growth is Needed to Meet Global Demand.

Think Like Your Adversary: Cybersecurity leaders need to access the potential vulnerabilities (from the mindset of the adversary) and devise effective defensive countermeasures unique to their company’s needs. Programmers Should Think like Hackers. Security must be taken into account in all programming steps.

Third party security: Most Companies Don’t Properly Manage Third-Party Cyber Risk. It’s been established that good cybersecurity requires not just an internal assessment of an organization’s own security practices, but also a close look at the security of the partners that businesses rely upon in today’s modern, interconnected world. Developing a Third-Party Cyber Risk Management (TPCRM) strategy is becoming more common with every news headline regarding a major breach that stemmed from a company’s relationship with a third-party.

Privacy and surveillance: Fears Grow on Digital Surveillance. Americans are increasingly fearful of monitoring of their online and offline activities, both by governments and private companies. More than 60 percent of US adults believe it is impossible to go about daily life without having personal information collected by companies or the government. Google and Facebook help connect the world and provide crucial services to billions. But their system can also be used for surveillance. Amnesty International says Facebook and Google’s omnipresent surveillance is inherently incompatible with the right to privacy and is a danger to human rights. The claim is that the companies’ surveillance-based business model is inherently incompatible with the right to privacy and poses a threat to a range of other rights including freedom of opinion and expression, freedom of thought, and the right to equality and non-discriminationAmnesty International has called for a radical transformation of the tech giants’ core business model and said that Google and Facebook should be forced to abandon what it calls their surveillance-based business model because it is “predicated on human rights abuse.”

5G: Forecasting that 2020 will be “the year of 5G” no longer qualifies as a bold prediction. Billions of dollars’ worth of 5G rollouts are scheduled for the coming year, which will bring the emergent technology to countries around the world. The arrival of 5G will fuel an explosion of never-before-seen IoT machines, introducing uncharted vulnerabilities and opening the door for cyber-criminals to compromise our increasingly intertwined cities. Claims that 5G offers “better security” for IoT may not ring true.

5G security: The new 5G mobile networks will be the backbone of future digitalized operations. Therefore, it is also important to ensure the security and immunity of 5G networks.The Council of the European Union has warned member states that the introduction of 5G networks poses increased security risks while also bringing economic and infrastructure benefits. ENISA, the European Union Agency for Cybersecurity has published a ThreatLandscape for 5G Networks, assessing the threats related to the fifth generation of mobile telecommunications networks (5G). Organised cybercrime, rogue insiders and nation-state-backed hackers are among the groups that could soon be targeting 5G networks. Claims that 5G offers “better security” for IoT may not ring true – with the technology remaining vulnerable to SIM-jacking attacks within private Industry 4.0-style deployments. 5G SIM-swap attacks could be even worse for industrial IoT than now. Criminals can convince telcos to port a victim’s number to a new SIM card controlled by the criminal. Trust your hardware or operator? Pah, you oughta trust nobody. Do not put all your security and identification to this SIM card.

DNS Over HTTPS (DoH):  DoH encrypted DNS queries are already set to arrive in Chrome and Firefox web browsers. Microsoft Will Bring DNS Over HTTPS (DoH) to Windows 10 in an attempt to keep user traffic as private as possible. DoH support in Windows means encrypted DNS queries. Microsoft says that DoH doesn’t require DNS centralization if adoption is broad among operating systems and Internet service providers alike.

Firewall configuration: Now, more than ever, it is important to automate firewall processes to prevent misconfigurations and data breaches. Gartner has warned that “50% of enterprises will unknowingly and mistakenly have exposed some IaaS storage services, network segments, applications or APIs directly to the public internet, up from 25% at YE18.”. This is a human problem, not a firewall problem.

Bot attacks: Bots are being used to take over user accounts, perform DDoS attacks, abuse APIs, scrape unique content and pricing information and more. Organizations are Failing to Deal With Rising Bot Attacks.

Network security: Networks are continually growing in complexity and the cyberattack surface is constantly expanding. The network perimeter of today is elastic, expanding and contracting with the demands of both users and the business. In a rush to adopt digital business practices, many of these new network expansion projects are often being implemented ad hoc by individual lines of business. Routers sit at the edge of the network and see everything and they can be utilized to Making the Network the First Line of Defense. A critical step in building a stronger security posture and more robust data protection strategy is a 24×7 facility whose mission is to monitor, detect, investigate and resolve active threats. Cybercriminals only need to be successful once in finding a way to access the network – but the security team needs to monitor everything on the network and be right all the time to ensure security. Today’s core network is continually adapting to the introduction of new devices, applications, and workflows, along with shifting network configurations to support business requirements, requiring the use of advanced, intent-based segmentation.

Security-Driven Networking: Security-Driven Networking is a new, strategic approach to security that enables the seamless expansion of network environments and services without ever compromising on security. Essentially, it begins by crafting a comprehensive security policy that covers the entire organization. It outlines the protocols, enforcement and inspection technologies, policies, and protections required to be in place before any new network environment or solution is even placed on the drawing board. It requires the selection and full integration of security tools that not only work together to share and correlate intelligence and coordinate a unified response to threats, but that also work seamlessly across the widest variety of environments possible.

Critical infrastructure: Determined threat actors have, for some time, been extending their toolsets beyond Windows, and even beyond PC systems. In recent years, we have seen a number of high-profile attacks on critical infrastructure facilities and these have typically been aligned to wider geo-political objectives. Expect targeted attacks on critical infrastructure facilities to increase. APT33 has shifted targeting to industrial control systems software. We need to be worried about Cyber-Physical Security of the Power Grid. To protect this infrastructure you need to prioritize strategic risks that affect critical infrastructure: Concern yourself with the most important hacks, Understand the critical pieces of your infrastructure and Know your inter-dependencies.

Payment security: Payment security backslides for second straight year in 2019. Verizon’s 2019 Payment Security Report found that full compliance with the Payment Card Industry Data Security Standard (PCI DSS) fell to36.7% globally, down from 52.5% in 2018. At the same time EU’s PSD2 (Payments Services Directive) lays down regulatory requirements for companies that provide payment services, including the use of personal data by new fintech companies that are not part of the established banking community. Security of online, including mobile, payments is a key aspect of the legislation. Nevertheless, as banks will be required to open their infrastructure and data to third parties. Although SSLv3 has been considered obsolete and insecure for a long time, a large number of web servers still support its use.

Election security: Nowadays, no elections can be held any longer without debate on influencing voters through online services. There are on-going accusations of Russian interference in US elections and fears about a possible reboot of this in the run-up to the 2020 elections. U.S. military cyber experts are plotting strategy in a fight against potential Russian and other cyberattacks ahead of the 2020 American and Montenegrin elections. As the 2020 Presidential election looms closer in the United
States, a key focus will be on securing election infrastructure to prevent tampering. Most of the largest US voting districts are still vulnerable to email spoofing. Also disinformation campaigns for political purposes are deeply rooted in cybercriminal endeavors. It’s quite possible that we will see changes to legislation and policy, as governments look to define more clearly what is and what isn’t allowed. Hacking is considered to be the biggest tech threats to 2020 elections in USA. Legislators are working on new laws, but it is not going to be enough in an era when technology is turning out entirely new attack surfaces.

False Flags: The use of false flags has become an important element in the playbook of several APT groups. This can be used to try to deflect attention away from those responsible for the attack or what is really happening.

Common attack tools: Cyber actors continually use commodity malware, scripts, publicly available security tools or administrator software during their attacks and for lateral movement, making attribution increasingly difficult.

Vulnerability disclosure: Most “white hat” cyber engineers seem to be driven by a sense of social responsibility best expressed as, “If you find something, say something.” Across the industry, the ethos is to share information quickly, whether the problem is a newly discovered exploit or an evolving cyber threat. The goal is to impel the affected vendor—hardware or software—to take quick action and produce a fixThere are good and bad ways to make vulnerabilities known. A premature “full disclosure” of a previously unknown issue can unleash the forces of evil, and the “black hats” often move faster than vendors or enterprise IT teamsThe preferred path is a “responsible” or “coordinated” disclosure that happens behind the scenes. Public announcements occur after a specified period of time—typically 90 or 120 days. But things don’t work this way always.

Ransomware: Cybercriminals have become more targeted in their use of ransomwareIt is inevitable that the cybercriminals will also attempt to diversify their attacks to include other types of devices besides PCs or servers. There is a Ransomware ‘Crisis’ in US Schools and in many cities in USA.

Supply chain: Use of supply chains will continue to be one of the most difficult delivery methods to address. It is likely that attackers will continue to expand this method through manipulated software containers, for example, and abuse of packages and libraries. Medium-sized companies are being targeted even more heavily by cyber criminals. They are often the weakest link in supply chains that include large corporations. There is the growth of counterfeit electronics.

Mobile: The main storage for our digital lives has moved from the PC to mobiles over last 10 years. Several countries have started demanding their own software (maybe in some cases also malware) to be installed to all smart phones. Putin signs law making Russian apps mandatory on smartphones, computers.

Android: Today 80% of Android apps are encrypting traffic by default. To ensure apps are safe, apps targeting Android 9 (API level 28) or higher automatically have a policy set by default that prevents unencrypted traffic for every domain. The heterogeneity of the Android versions will continue to be a problem in the coming year.

DDoS attacks: DNS amplification attacks continue to dominate distributed denial-of-service (DDoS) attacks, while mobile devices make up a larger share of traffic. The number of distributed denial-of-service (DDoS) attacks rose 86% in the third quarter compared to a year agoDNS amplification attacks accounted for 45% of the attacks, while HTTP
floods and TCP SYN attacks accounted for 14%Mobile Devices Account for 41% of DDoS Attack Traffic.

Business security: Small and medium-sized businesses (SMBs) increasingly recognize that a reactive security posture is no longer sufficient for protecting their networks. Breaches will happen. Companies should treat cyberattacks “as a matter of when” and not “whether.” Inside threads are still a big issue as Employees are one of your biggest assets, but human beings are the weakest link in the security chain. Data leaks help attackers to craft more convincing social engineering attacks. Plan proper incident management because Quick, reliable, multichannel communication is a vital part of any incident management solution. Cybercriminals often choose very small companies as their targets because small businesses rarely spend significant money on security systems. Medium-sized companies are being targeted even more heavily by cyber criminals. They are often the weakest link in supply chains that include large corporations.

Cyber insurance: Cyber Has Emerged as a Risk That is Not Specifically Covered by Other Insurance Policies. Since business is now urged to take a risk management approach to cyber security, it is natural and inevitable that cyber insurance should be considered as part of the mix. Cyber insurance is set to grow.

New encryption:  The problem with encrypted data is that you must decrypt it in order to work with it. There is a powerful solution to this scenario: homomorphic encryption. Homomorphic encryption makes it possible to analyze or manipulate encrypted data without revealing the data to anyone. Just like many other populr forms of encryption, homomorphic encryption uses a public key to encrypt the data. There are three main types of homomorphic encryption: partially homomorphic encryption (keeps sensitive data secure by only allowing select mathematical functions to be performed on encrypted data); somewhat homomorphic encryption (supports limited operations that can be performed only a set number of times); fully homomorphic encryption (this is the gold standard of homomorphic encryption that keeps information secure and accessible). Cryptographers have known of the concept of homomorphic encryption since 1978 but Gentry established the first homomorphic encryption scheme in 2009.The biggest barrier to widescale adoption of homomorphic encryption is that it is still very slow. Duality, a security startup co-founded by the creator of homomorphic encryption, raises $16M.

Artificial Intelligence (AI): The buzzword for 2019 that we have all heard a thousand times was Artificial Intelligence, AI. The term AI is often interchanged with machine learning. There is a lot of research to examine AI applications on cyber security. As cyberattacks grow in volume and complexity, hopefully artificial intelligence (AI) is helping under-resourced security operations analysts stay ahead of threats.  Cybersecurity tools currently use this data aggregation and pattern analysis in the field of heuristic modeling: THE TRUE FUNCTION OF AI WILL BE TO DETERMINE WITH A LONG ARC OF TIME AND DATA, WHAT “NORMAL” LOOKS LIKE FOR A USER. AI can act as an advisor to analysts, helping them quickly identify and connect the dots between threats. Finnish cyber security company F-Secure is making research on AI agents and on that Mikko Hyppönen says that AI should not used to try to imitate humans and that artificial intelligence-based attacks are expected in the near future. Another Finnish cyber security company Nixu says that Artificial intelligence is going to revolutionize cyber security. According to Orlando Scott-Cowley from Amazon Web Services machine learning is the new normal in cyber security. Advanced Machine Learning layers are to be integrated into the latest Windows cybersecurity products. Leaders in artificial intelligence warn that progress is slowing, big challenges remain, and simply throwing more computers at a problem isn’t sustainable.

2020 problems: Has your business prepared for the ‘2020 problem’? Software updates for Windows 7 will end on January 14, 2020. As of Jan. 14, 2020, Windows 7 and Server 2008 technical support and software updates will no longer be available from Windows Update. There will no longer be updates for Office 2010. Some business users can buy extended security update support with extra money for some time. Python will stop supporting Python version 2 on January 1, 2020. Beginning on January 1, 2020, un-patched Splunk platform instances will be unable to recognize timestamps from events where the date contains a two-digit year. December 2019 Patch Tuesday was the last time Microsoft ever offered security updates for devices running Windows 10 Mobile.

Crypto wars continue: A decades-old debate: Government officials have long argued that encryption makes criminal investigations too hard. Governments all over the world say that Encrypted communication is a huge issue for law enforcement and the balance between the privacy of citizens and effective policing of criminal activity is top of mind for governments, technology companies, citizens and privacy organisations all over the world. The international police organization Interpol plans to condemn the spread of strong encryption. Top law enforcement officials in the United States, United Kingdom and Australia, the larger group will cite difficulties in catching child sexual predators as grounds for companies opening up user communications to authorities wielding court warrants. Congress warns tech companies: Take action on encryption, or we will. US lawmakers are poised to “impose our will” if tech companies don’t weaken encryption so police can access data.

Do not weaken encryption: Companies, they say, should build in special access that law enforcement could use with a court’s permission. Technologists say creating these back doors would weaken digital security for everyone. Unfortunately, every privacy protection mechanism is subject to abuse by the morally challenged. That’s just a truth that must be accepted and overcome. Invading the privacy of the masses in order to catch criminals is unacceptable. Remember three things: One, that strong encryption is necessary for personal and national security. Two, that weakening encryption does more harm than good. And three, law enforcement has other avenues for criminal investigation than eavesdropping on communications and stored devicesIf back-doors are added to encryption, they will be abused. If You Think Encryption Back Doors Won’t Be Abused, You May Be a Member of Congress. Bad encryption can have business consequences. Apple and Facebook told the committee that back doors would introduce massive privacy and security threats and would drive users to devices from overseas. In Australia 40% of firms say they have lost sales say they have lost sales or other commercial opportunities as a result of the encryption law being in place.

Scaring people: Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. Which particular horseman is in vogue depends on time and circumstance.

2FA: The second authentication factor might be a minor inconvenience, but it provides a major security boost. With past years riddled with security breaches, it is high time we evaluated the way we secure our online presence. Two factors are much better than one, but can still be hacked. Attacks that phish 2FA to access email accounts cost $100-$400; such attacks can be prevented with physical security keys. Also some physical security keys can be hacked as they turn to be less secure that what they were told to be in the advertisements.

Myth of sophisticated hacker in news:  It’s the latest lexical stretch for an adjective that’s widely used in reports of cybersecurity incidents — and widely loathed by researchers as a result. If everything is sophisticated, nothing is sophisticated.

New security models: Google moved from perimeter-based to cloud-native security. Google’s architecture is the inspiration and template for what’s widely known as “cloud-native” today—using microservices and containers to enable workloads to be split into smaller, more manageable units for maintenance and discovery. Google’s cloud-native architecture was developed prioritizing security as part of every evolution.

Hacktivists: Hacktivists seek to obtain private information about large companies in order to embarrass or expose the company’s controversial business practices. Many companies are a treasure trove for personal information, whether they realize it or not. Experian is predicting that the emerging cannabis industry will experience an increase in data breaches and cybersecurity threats in 2020.

RCS messaging: RCS, expanded as Rich Communications Services, is a protocol that aims to replace SMS.RCS messaging has rolled out to Android users in the US. The update brings a lot of new features like chat, send hi-res videos and photos and create group chat. One criticism of RCS is that it doesn’t provide end-to-end encryption. RCS could be also better in many other security aspects. Researchers have discovered that the RCS protocol exposes most users to several cyber attacks. These risks are said to be mitigated by implementing the protocol with the security perspective in mind. The standard itself allows for poor security implementation, but GSMA advises its members to deploy rcs with the most secure settings possible.

Data breaches: Billions of Sensitive Files Exposed Online all the time. During the first six months of 2019, more than 4 billion records were exposed by data breaches. That’s a shocking statistic that’s made even more so when you realize that passwords were included in droves. On December 4, a security researcher discovered a treasure trove of more than a billion plain-text passwords in an unsecured online database. Many businesses wrongly assume they are too small to be on the radar of the threat actors. The truth is that it is all about the data, and small businesses often have less well-guarded data storesAll organizations are exposed to security breaches: from large multinationals to SMEs and public administrations. A common thread is  unsecured cloud-based databases that left the sensitive information wide open for anyone to access online.

Phishing: Phishing remains 1 of the most pervasive online threats. Phishing emails are still managing to catch everyone out. Phishing e-mails which are used to steal credentials usually depend on user clicking a link which leads to a phishing website that looks like login page for some valid service. Google Chrome now offers better protection against it as safe Browsing displays warning messages to users ahead of visiting dangerous websites and before downloading harmful applications. New advanced ways to phish are taken to use.With dynamite phishing, the cyber criminals read the email communication from a system already infected with an information stealer. The infected user’s correspondents then receive malicious emails that quote the last “real” email between the two parties and look like a legitimate response from the infected user. Attacks that phish 2FA to access email accounts cost $100-$400; such attacks can be prevented with physical security keys.

Windows: Microsoft Doesn’t Back Up the Windows Registry Anymore. It’s still possible to perform Windows Registry backups, but the option is disabled by default. It’s time to disconnect RDP from the internet as brute-force attacks and BlueKeep exploits usurp convenience of direct RDP connection. Microsoft is ready to push a full-screen warning to Windows 7 users
who are still running the OS after January 14.

Linux: Support for 32 bit i386 architecture will be dropped by many Linux distributions. It turns out that there are essentially no upstream development resources dedicated to x86_32 Linux. Perhaps unsurprisingly, it was badly broken.

Drones: Turkey is getting military drones armed with machine guns. Drone hacking happens. There is now Dronesploit – Metasploit for drones. Metasploit-style CLI framework tailored for tinkering with everybody’s favourite unmanned flying objects.

World market war: China tells government offices to remove all foreign computer equipment. China has ordered the replacement of all foreign PC hardware and operating systems in state offices over the next three years. This will mean that China to ditch all Windows PCs by 2022.China has already some of their own Linux distros like Kylin and Deepin. Many western countries are more or less banning Huawei teleocm equipment.

Cloud security: Traditional security tools and methodologies are ill-suited to protect cloud native’s developer-driven and infrastructure-agnostic multicloud patterns. The vision as laid out by these renown analysts is straightforward. The legacy “data center as the center of the universe” network and network security architecture are obsolete and has become an inhibitor to the needs of digital business. They describe the underpinning shift to cloud infrastructure, a digital transformation that has been underway for ten years. They also point out that the corporate network cannot protect end users who consume cloud applications from any location and any device without the contorting, expensive, backhaul of traffic through the corporate data center. Gartner coins a new term for the future of security and networks, SASE (pronounced sassy), Secure Access Service Edge, which is not anything really new.  SASE promises to create a ubiquitous, resilient, and agile secure network service—globally. Most of the stolen data incidents in the cloud are related to simple human errors rather than concerted attacks. Expect that through 2020, 95% of cloud security failures will be the customer’s fault. A common thread is  unsecured cloud-based databases that left the sensitive information wide open for anyone to access online. Also it’s almost 2020 and some sysadmins are still leaving Docker admin ports exposed on the internet.

Autocracy as a service: Now Any Government Can Buy China’s Tools for Censoring the Internet. “Autocracy as a service” lets countries buy or rent the technology and expertise they need, as they need it. China offers a full-stack of options up and down the layers of the internet, including policies and laws, communications service providers with full internet.

Trackers: Trackers are hiding in nearly every corner of today’s Internet, which is to say nearly every corner of modern life. The average web page shares data with dozens of third-parties. The average mobile app does the same, and many apps collect highly sensitive information like location and call records even when they’re not in use. Tracking also reaches into the physical world.

Geopolitics: US-China Tech Divide Could Cause Havoc. It is possible that world’s next major conflict can start in cyberspace. USA has ordered to ban certain hardware from China (Huawei and ZTE). China orders ban on US computers and softwareChinese government to replace foreign hardware and software within three years. Who needs who more?

International cyber politics: Lack of international standards for proper behavior in cyberspace prevents the United States and allies from policing adversaries as they wish to. US can’t ‘enforce standards that don’t exist’. We have international norms in the maritime; we don’t have those in cyber. It makes it difficult to enforce standard that don’t exist, and to therefore hold nations accountable for nefarious behavior. NATO did confirm in 2017 that it could invoke Article 5 of its charter should one or more member nations find themselves under a serious cyberattack that threatens critical military and civilian infrastructure.

 

Sources:


https://www.csoonline.com/article/3452747/what-you-need-to-know-about-the-new-owasp-api-security-top-10-list.html

https://pentestmag.com/iot-security-its-complicated/

https://isc.sans.edu/diary/rss/25580

https://www.securityweek.com/case-cyber-insurance

https://www.bleepingcomputer.com/news/security/cybercriminals-lend-tactics-and-skills-to-political-meddlers/

https://www.securityweek.com/tips-help-mssps-choose-threat-intelligence-partner

https://www.zdnet.com/article/microsoft-we-never-encourage-a-ransomware-victim-to-pay/

https://www.darkreading.com/iot/weak-crypto-practice-undermining-iot-device-security/d/d-id/1336636

https://pacit-tech.co.uk/blog/the-2020-problem/

https://www.theregister.co.uk/2019/12/09/dronesploit_framework/

https://www.securityweek.com/blunt-effect-two-edged-sword-vulnerability-disclosures

https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020

https://threatpost.com/email-voted-a-weak-link-for-election-security-with-dmarc-lagging/150909/

https://techcrunch.com/2019/12/15/rcs-messaging-has-rolled-out-to-android-users-in-the-us/?tpcc=ECFB2019&guccounter=1

https://www.theregister.co.uk/2019/12/04/council_of_eu_5g_risks/

https://techcrunch.com/2019/12/05/major-voting-districts-vulnerable-email-security/

https://www.zdnet.com/article/windows-10-mobile-is-over-prepare-for-final-security-patches-as-support-ends/

https://cacm.acm.org/magazines/2019/12/241053-hack-for-hire/fulltext

https://www.zdnet.com/article/chinese-government-to-replace-foreign-hardware-and-software-within-three-years/

https://www.zdnet.com/article/5g-hackers-these-six-groups-will-try-to-break-into-the-networks-of-tomorrow/

http://read.uberflip.com/i/1180978-siliconexpert-growth-of-counterfeit-electronics-3/0?acctid=6759

https://www.fireeye.com/blog/threat-research/2019/12/fireeye-approach-to-operational-technology-security.html

https://www.darkreading.com/attacks-breaches/mobile-devices-account-for-41–of-ddos-attack-traffic/d/d-id/1336635

https://www.technologyreview.com/f/614906/us-senators-on-encryption-backdoors-we-will-impose-our-will-on-apple-and-facebook/

https://www.zdnet.com/article/2020-is-when-cybersecurity-gets-even-weirder-so-get-ready/

https://www.theregister.co.uk/2019/12/09/china_orders_ban_on_us_computers_and_software/

https://www.securityweek.com/case-cyber-insurance

https://www.darkreading.com/threat-intelligence/only-half-of-malware-caught-by-signature-av/d/d-id/1336577

https://securityintelligence.com/posts/public-sector-security-is-lagging-how-can-states-and-governments-better-defend-against-cyberattacks-in-2020/

https://www.eetimes.eu/ai-will-empower-industry-4-0-when-it-arrives/

https://www.pandasecurity.com/mediacenter/security/2019-the-ransomware-tsunami/

https://blog.paloaltonetworks.com/2019/12/cloud-native-security-platform-age/

https://github.com/dhondta/dronesploit/

https://isc.sans.edu/forums/diary/Internet+banking+sites+and+their+use+of+TLS+and+SSLv3+and+SSLv2/25606/

https://www.zdnet.com/article/1-in-every-172-active-rsa-certificates-are-vulnerable-to-exploit/

https://nationalcybersecurity.com/hacking-the-biggest-tech-threats-to-2020-elections/

https://www.welivesecurity.com/2019/12/17/bluekeep-time-disconnect-rdp-internet/

https://www.eff.org/wp/behind-the-one-way-mirror

https://www.gdatasoftware.com/blog/2019/12/35671-early-detection-and-repulsion-of-dangerous-attacks

https://www.is.fi/digitoday/tietoturva/art-2000006342803.html

https://www.bleepingcomputer.com/news/security/another-ransomware-will-now-publish-victims-data-if-not-paid/

https://www.bleepingcomputer.com/news/security/google-chrome-uses-safe-browsing-to-improve-phishing-protection/

https://techcrunch.com/2019/10/30/duality-cybersecurity-16-million/

https://www.wired.com/story/sobering-message-future-ai-party/

https://www.reuters.com/article/us-russia-internet-software-idUSKBN1Y61Z4?utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=facebook

https://security.googleblog.com/2019/12/an-update-on-android-tls-adoption.html?m=1

https://www.forbes.com/sites/richardstiennon/2019/12/09/gartner-has-it-right-palo-alto-networks-has-it-wrong/

https://www.forbes.com/sites/leemathews/2019/12/11/google-chrome-adds-real-time-warnings-for-phishing-attacks/

https://www.zdnet.com/article/google-all-android-users-in-the-us-just-got-rcs-next-gen-sms/

https://www.schneier.com/blog/archives/2019/12/scaring_people_.html

https://www.mikrobitti.fi/uutiset/yha-oudompia-kyberiskuja-tahan-sinun-tulee-varautua/146d2459-1709-4109-8615-a24875b5af5d

https://www.fifthdomain.com/smr/reagan-defense-forum/2019/12/07/in-cyber-the-us-cant-enforce-standards-that-dont-exist/?utm_source=facebook.com&utm_campaign=Socialflow+C4&utm_medium=social

https://tcrn.ch/355ZAOT

https://www.bleepingcomputer.com/news/security/attackers-terrify-homeowners-after-hacking-ring-devices/

https://lists.ubuntu.com/archives/ubuntu-devel-announce/2019-June/001261.html

https://lwn.net/ml/oss-security/CALCETrW1z0gCLFJz-1Jwj_wcT3+axXkP_wOCxY8JkbSLzV80GA@mail.gmail.com/

https://www.theguardian.com/world/2019/dec/09/china-tells-government-offices-to-remove-all-foreign-computer-equipment

https://www.inc.com/chris-matyszczyk/if-you-have-an-amazon-echo-or-google-home-fbi-has-some-urgent-advice-for-you.html?cid=sf01002

https://www.bbc.com/news/amp/world-australia-46463029

https://minnesota.cbslocal.com/2019/12/11/its-scary-stuff-cyber-security-expert-says-recording-device-investigation-at-hyatt-hotel-is-not-uncommon/

https://fin.afterdawn.com/uutiset/artikkeli.cfm/2019/12/11/windows-7-n-tuki-paattyy-pian-microsoft-iskee-koko-nayton-varoituksella

https://tcrn.ch/2rMpx7E

https://cyware.com/news/rcs-technology-most-users-are-vulnerable-to-hacking-b53f9a6f

https://www.forbes.com/sites/daveywinder/2019/08/20/data-breaches-expose-41-billion-records-in-first-six-months-of-2019/#36679040bd54

https://hub.packtpub.com/core-python-team-confirms-sunsetting-python-2-on-january-1-2020/

ttps://www.kauppalehti.fi/uutiset/uusi-alypuhelintekniikka-tuo-mukanaan-tietoturva-aukkoja-muun-muassa-google-ilmoittanut-ottavansa-tekniikan-kayttoon/8d8093a0-71ab-4a9c-838a-eb3bfc697e85

https://www.cnet.com/news/congress-warns-tech-companies-take-action-on-encryption-or-we-will/

https://cyware.com/news/rcs-technology-most-users-are-vulnerable-to-hacking-b53f9a6f

https://edri.org/facial-recognition-and-fundamental-rights-101/

https://cloud.google.com/blog/products/identity-security/beyondprod-whitepaper-discusses-cloud-native-security-at-google

https://itwire.com/government-tech-policy/encryption-law-40-of-firms-say-they-have-lost-sales-after-passage.html

https://techcrunch.com/2019/12/10/insider-threats-startups-protect/

https://www.newscientist.com/article/2227168-turkey-is-getting-military-drones-armed-with-machine-guns/#ixzz684jm3YzJ

https://uk.pcmag.com/windows-10/121518/microsoft-doesnt-back-up-the-windows-registry-anymore

https://threatpost.com/ransomware-attack-new-jersey-largest-hospital-system/151148/

https://www.cnbc.com/2019/12/13/new-orleans-reports-cyberattacks-after-other-attacks-in-louisiana.html

https://chiefexecutive.net/bridge-cybersecurity-skills-gap/

https://systemagic.co.uk/has-your-business-prepared-for-the-2020-problem/

https://blog.checkpoint.com/2019/12/09/protect-yourself-from-hacker-in-the-box-devices-with-the-iot-security-risk-assessment/

https://www.bloomberg.com/news/features/2019-12-11/silicon-valley-got-millions-to-let-siri-and-alexa-listen-in

https://www.vice.com/en_us/article/k7eq7x/vladimir-putins-computer-is-apparently-still-running-windows-xp?utm_source=vicenewsfacebook

https://nypost.com/2019/12/16/video-surveillance-in-china-isnt-much-worse-than-in-the-us/?utm_campaign=iosapp&utm_source=facebook_app

https://spectrum.ieee.org/the-human-os/biomedical/devices/cyber-attacks-on-medical-devices-are-on-the-riseand-manufacturers-must-respond

https://reason.com/2019/12/16/if-you-think-encryption-back-doors-wont-be-abused-you-may-be-a-member-of-congress/

https://news.yahoo.com/massive-errors-found-facial-recognition-tech-us-study-215334634.html

https://www.securityweek.com/most-companies-dont-properly-manage-third-party-cyber-risk

https://www.uusiteknologia.fi/2019/11/21/hyoty-panee-jakamaan-tietonsa-luottamus-ratkaisee/

https://pentestmag.com/advice-for-a-cybersecurity-leader-think-like-your-adversary/

https://www.amnesty.org/en/latest/news/2019/11/google-facebook-surveillance-privacy/

https://www.amnesty.org/en/documents/pol30/1404/2019/en/

https://www.securityweek.com/compromised-connection-5g-will-unite-cities-and-also-put-them-risk

https://www.securityweek.com/amnesty-international-calls-facebook-google-rights-abusers

https://www.securityweek.com/microsoft-will-bring-dns-over-https-doh-windows

https://www.securityweek.com/cybersecurity-workforce-gap-145-growth-needed-meet-global-demand

https://blog.radware.com/security/2019/11/why-organizations-are-failing-to-deal-with-rising-bot-attacks/

https://www.helpnetsecurity.com/2019/11/19/successful-soc/

https://shorturl.at/kKLM6

https://www.securityweek.com/making-network-first-line-defense

https://techbeacon.com/security/how-prioritize-strategic-risks-affect-critical-infrastructure

https://www.securityweek.com/transitioning-security-driven-networking-strategy

https://www.theregister.co.uk/2019/11/16/5g_iot_report/

https://www.securityweek.com/us-montenegro-plot-cyber-warfare-ahead-2020-elections

https://www.securityweek.com/fears-grow-digital-surveillance-us-survey

https://www.kaspersky.com/blog/attack-on-online-retail/31786/

https://www.securityweek.com/implementing-cyber-best-practices-requires-security-first-approach

https://securelist.com/advanced-threat-predictions-for-2020/95055/

https://www.darkreading.com/cloud/smart-building-security-awareness-grows/d/d-id/1336597

https://www.forbes.com/sites/bernardmarr/2019/11/15/what-is-homomorphic-encryption-and-why-is-it-so-transformative/

https://www.cisomag.com/the-future-of-ai-in-cybersecurity/

https://www.ibm.com/security/artificial-intelligence

https://www.welivesecurity.com/2019/12/13/2fa-double-down-your-security/

https://cannatechtoday.com/experian-predicts-an-increase-in-global-cannabis-industry-data-breaches/

https://www.uusiteknologia.fi/2019/11/21/f-secure-tutkimaan-tekoalyagentteja/

https://www.securityweek.com/ongoing-research-project-examines-application-ai-cybersecurity

http://www.etn.fi/index.php/13-news/10151-mikko-hypponen-tekoalyn-ei-pida-matkia-ihmista

http://www.etn.fi/index.php/13-news/10124-nixu-selvitti-tekoaly-mullistaa-kyberturvan

http://www.etn.fi/index.php/13-news/10120-kyberturvassa-koneoppiminen-on-uusi-normaali

https://www.eset.com/blog/company/evading-machine-learning-detection-in-a-cyber-secure-world/?utm_source=facebook&utm_medium=cpc&utm_campaign=corporate-blog&utm_term=machine-learning&utm_content=blog

https://www.is.fi/digitoday/tietoturva/art-2000006316233.html

https://www.uusiteknologia.fi/2019/11/29/5g-verkkojen-tietoturvariskit-listattu-oulu-testaa-ongelmat/

https://www.cyberscoop.com/apt33-microsoft-iran-ics/

https://blog.malwarebytes.com/exploits-and-vulnerabilities/2019/11/exploit-kits-fall-2019-review/

https://www.zdnet.com/article/a-hacking-group-is-hijacking-docker-systems-with-exposed-api-endpoints/

https://www.enisa.europa.eu/news/enisa-news/enisa-draws-threat-landscape-of-5g-networks/

https://systemagic.co.uk/has-your-business-prepared-for-the-2020-problem/

https://smartgrid.ieee.org/newsletters/november-2019/the-cyber-physical-security-of-the-power-grid

https://www.wired.com/story/un-secretary-general-antonio-guterres-internet-risks/

https://codastory.com/authoritarian-tech/russia-facial-recognition-networks/

https://www.theverge.com/2019/12/9/21002515/surveillance-cameras-globally-us-china-amount-citizens

https://www.wired.com/story/iran-internet-shutoff/

https://www.zdnet.com/article/fbi-recommends-that-you-keep-your-iot-devices-on-a-separate-network/

https://www.zdnet.com/google-amp/article/hacking-and-cyber-espionage-the-countries-that-are-going-to-emerge-as-major-threats-in-the-2020s/

https://www.reuters.com/article/us-interpol-encryption-exclusive-idUSKBN1XR0S7

https://www.kcrw.com/news/shows/to-the-point/does-facial-recognition-software-threaten-our-freedom

 

 

 

1,468 Comments

  1. Tomi Engdahl says:

    When Security Takes a Backseat to Productivity
    https://krebsonsecurity.com/2020/06/when-security-takes-a-backseat-to-productivity/
    So ends a key section of a report the U.S. Central Intelligence Agency
    produced in the wake of a mammoth data breach in 2016 that led to
    Wikileaks publishing thousands of classified documents stolen from the
    agencys offensive cyber operations division. The analysis highlights a
    shocking series of security failures at one of the worlds most
    secretive entities, but the underlying weaknesses that gave rise to
    the breach also unfortunately are all too common in many organizations
    today.

    Reply
  2. Tomi Engdahl says:

    How to Track Cyber Risk With the Threat Category Risk Framework
    https://www.recordedfuture.com/track-cyber-risk/
    Ideally, organizations would make every cybersecurity decision based
    on an objective risk assessment. Unfortunately, this often isnt
    possible. Cyber risk is notoriously difficult to measure. This leaves
    many organizations in the unhappy position of making educated guesses
    about which threats are most significant. Recently, we wrote about the
    Threat Category Risk (TCR) framework a practical, quantitative cyber
    risk framework designed to help security teams estimate the likelihood
    and cost associated with different threats.

    Reply
  3. Tomi Engdahl says:

    Operation In(ter)ception: Aerospace and military companies in the
    crosshairs of cyberspies
    https://www.welivesecurity.com/2020/06/17/operation-interception-aerospace-military-companies-cyberspies/
    ESET researchers uncover targeted attacks against high-profile
    aerospace and military companies. At the end of last year, we
    discovered targeted attacks against aerospace and military companies
    in Europe and the Middle East, active from September to December 2019.
    A collaborative investigation with two of the affected European
    companies allowed us to gain insight into the operation and uncover
    previously undocumented malware.

    Reply
  4. Tomi Engdahl says:

    The State of Business Email Compromise Q1 2020: Attacks Shift From the
    C-Suite to Finance
    https://abnormalsecurity.com/blog/the-state-of-business-email-compromise-q1-2020-attacks-shift-from-the-c-suite-to-finance/
    Every day, we track and prevent email security threats for our users,
    which gives us enormous insight into where and how attackers attempt
    to infiltrate a business through email. Our main interest is in, of
    course, business email compromise (BEC) because its the costliest and
    most sophisticated type of email attack that bypasses traditional
    security email gateways. These insights are powerful. They help us
    better understand when, where and how attacks happen and allow us to
    track trends in attack campaigns that we can link to external events
    such was the case in Q1

    Reply
  5. Tomi Engdahl says:

    Iot:n tietoturvakulttuuri kypsyy hiljalleen
    https://www.tivi.fi/uutiset/tv/ecfb8aa0-a137-498e-ae95-07fb84265efd
    Internet of things eli iot on tapana mieltää turvattomaksi
    teknologiaympäristöksi. Verkkokaupat ovat pullollaan halpoja
    kuluttajatuotteita, joiden tietoturva on luvattoman usein retuperällä.
    Näitä ovat erilaiset mittarit ja anturit, älyvalaisimet, etäohjattavat
    lukot ja muut vempaimet. Yritysten operatiiviset iot-ratkaisut ovat
    tietoturvan suhteen onneksi paremmalla tolalla kuin kuluttajatuotteet.
    Isot pilvialustat tarjoavat palveluita, joilla iot:n tietoturvan saa
    hoidettua kuntoon. Ongelmana on kuitenkin se, että palveluita ei osata
    vielä käyttää oikein.

    Reply
  6. Tomi Engdahl says:

    Chrome extensions are ‘the new rootkit’ say researchers linking
    surveillance campaign to Israeli registrar Galcomm
    https://www.theregister.com/2020/06/18/chrome_browser_extensions_new_rootkit/
    Researchers at Awake Security have published a report on malicious
    extensions in the Chrome web store, making both specific claims of
    over 32 million downloads of one malware family, and general claims of
    weak security in both domain registration and Google’s store. The
    researchers said they have been tracking a “massive global
    surveillance campaign that affects almost every enterprise we have
    investigated” linked to a specific Israel-based domain registrar
    called Communigal Communication Ltd (Galcomm).

    Reply
  7. Tomi Engdahl says:

    Seventy-three percent of SMBs pay up after a ransomware attack
    https://www.pandasecurity.com/mediacenter/business/smbs-pay-ransomware-attack/
    SMBs account for 99% of all businesses in the USA, and create 1.5
    million new jobs every year, 64% of the total. This means that SMBs
    are a true economic powerhouse in the States. Although many of these
    companies believe that they are too small to be attacked by
    cybercriminals, almost half of all cyberattacks in the world target
    this kind of business.

    Reply
  8. Tomi Engdahl says:

    Microsoft: These hackers got from a broken password to full control of
    a network – in just days
    https://www.zdnet.com/article/microsoft-how-hackers-got-from-a-broken-password-to-full-network-control-in-just-days/
    Microsoft has detailed how one sophisticated hacking group is able to
    get from a cracked cloud password to full control over a network in
    less than a week. “Every day, we see attackers mount an offensive
    against target organizations through the cloud and various other
    attack vectors with the goal of finding the path of least resistance,
    quickly expanding foothold, and gaining control of valuable
    information and assets,” Microsoft’s Threat Protection Intelligence
    Team said.

    Reply
  9. Tomi Engdahl says:

    We were already secure enough for mass remote working before COVID-19, boast IT pros
    Three-quarters claim pandemic didn’t trigger big changes to corporate security settings
    https://www.theregister.com/2020/06/22/sectigo_security_survey/

    Nearly three-quarters of IT professionals haven’t increased their company’s security posture during the COVID-19 pandemic – while 90 per cent highlighted remote working as a security risk, according to a survey.

    On the bright side, half of those people reckoned that remote working from home has increased productivity across the board while a further third said it was at about the same level as it was pre-coronavirus.

    “As C-Level executives continue to embrace the increased productivity of a distributed workforce, they need to consider new approaches to security that rely on automation and secure digital identities,” said Sectigo CEO Bill Holtz in a canned statement, omitting to mention that his firm sells automation and secure digital identity tech.

    Much to Sectigo’s chagrin, British respondents were mainly using traditional usernames and passwords (74 per cent) for remote authentication instead of its favoured methods, including biometrics (26 per cent) and user identity certificates (58 per cent).

    Reply
  10. Tomi Engdahl says:

    Alfred Ng / CNET:
    Senate Republicans introduce bill calling for an end to “warrant-proof” encryption, citing apps like WhatsApp that use end-to-end encryption — The proposed legislation is Congress’ latest attempt to weaken encryption from tech giants. — A group of Senate Republicans are looking …

    Republicans push bill requiring tech companies to help access encrypted data
    https://www.cnet.com/news/republicans-push-bill-requiring-tech-companies-to-help-access-encrypted-data/

    The proposed legislation is Congress’ latest attempt to weaken encryption from tech giants.

    Reply
  11. Tomi Engdahl says:

    Micro-Segmentation for Endpoints Shows Promising Defense Against Lateral Movement
    https://www.securityweek.com/micro-segmentation-endpoints-stops-lateral-movement-after-initial-compromise

    Micro-segmentation combined with zero-trust access control between the segments is recommended as one of the best approaches to breach containment. This principle is now extended from the network infrastructure to the endpoint, whether that device is local in the office, portable, or remote at home.

    Segmentation does not prevent compromise, but it contains it to minimize damage. It prevents attackers’ lateral movement from server to server across the network infrastructure by allowing only known good connections and denying all else. But there is one weakness in this scenario — the endpoint. The endpoint is the primary route of initial incursion. If a compromise is not contained within the endpoint, it can rapidly spread to other endpoints and across the network.

    Reply
  12. Tomi Engdahl says:

    Defending Your Budget: How to Show ROI of Cybersecurity Investments
    https://www.securityweek.com/defending-your-budget-how-show-roi-cybersecurity-investments

    For those of us who work in cybersecurity, the term “Return on Investment” (ROI) has no doubt made for awkward conversations. The solutions we work with have a return, but one that is commonly only evident during a malware attack or after a data breach has been thwarted.

    Like testing parachutes or evaluating new safety harnesses, performing a live demonstration to show the power of a solution is not comfortable for any security professional.

    Until recently, proving the ROI of security investment has not been a significant issue. Headlines pretty much did the job for us. Newspaper articles and online reports of the latest breach, ransomware or software vulnerability made it easier to justify the need for additional layers of security to reduce the risk of our own business becoming a future headline. But this was before we entered the new era of remote work we are in today.

    Reply
  13. Tomi Engdahl says:

    A zero-day guide for 2020: Recent attacks and advanced preventive
    techniques
    https://blog.malwarebytes.com/exploits-and-vulnerabilities/2020/06/a-zero-day-guide-for-2020/
    Zero-day vulnerabilities enable threat actors to take advantage of
    security blindspots. Typically, a zero-day attack involves the
    identification of zero-day vulnerabilities, creating relevant
    exploits, identifying vulnerable systems, and planning the attack. The
    next steps are infiltration and launch. This article examines three
    recent zero-day attacks, which targeted Microsoft, Internet Explorer,
    and Sophos. Finally, you will learn about four zero-day protection and
    prevention solutionsNGAV, EDR, IPsec, and network access controls.

    Reply
  14. Tomi Engdahl says:

    What is Hacktivism? Campaigns That Shaped the Movement
    https://www.pandasecurity.com/mediacenter/technology/what-is-hacktivism/
    - From protests and sit-ins to doxxing and distributed denial-of-service
    attacks, a new kind of activism rose in the ranks. In 1996,
    cyber-activism gained a reputation and was given a new name:
    hacktivism. Consisting of breaking into a computer system for
    political, social, religious, or anarchistic reasons, hackers began to
    wage a war on information.

    Reply
  15. Tomi Engdahl says:

    Companies Say Strong Authentication Important But Still Over-Rely on Passwords
    https://www.securityweek.com/companies-say-strong-authentication-important-still-over-rely-passwords

    The need for improved access control is proven by empirical observation — it keeps failing. But improving access control beyond passwords suffers from a fundamental contradiction: while 98% of companies believe strong authentication is necessary for secure cloud adoption, 41% believe the username/password combination is one of the most effective access management tools, and 58% allow their employees to log on to corporate resources via social media credentials.

    This combination — an understanding that the status quo needs to be improved while claiming that the status quo is still good enough — is harder to accept than it is to understand. It’s all down to balancing security with convenience. Users, whether they are visiting a website to make purchases or working at a desk in the office, do not like being put through the hoops normally required by stronger authentication. This explains why companies cling to the old password-based authentication while nevertheless understanding that it is no longer good enough.

    Reply
  16. Tomi Engdahl says:

    40 Of The Most Used Tourist Scams That Still Work Because Not Enough People Are Aware Of Them
    https://www.boredpanda.com/40-tourist-scams-around-world/?utm_source=facebook&utm_medium=social&utm_campaign=BPFacebook

    Tourists are often unfamiliar with the place they’re visiting, its customs and people, and need information and guidance to get around. And while most locals are willing to help them, some are interested only in taking advantage of these gullible foreigners, getting a hold of their cash and credit cards.

    Reply
  17. Tomi Engdahl says:

    Why cloud first is not a security problem
    https://www.ncsc.gov.uk/blog-post/why-cloud-first-is-not-a-security-problem
    When considering moving to the public cloud, one of the first
    questions is often, Is the cloud secure?. This is a natural question.
    Although the public cloud offers an impressive array of tools and
    services, hidden beneath that slick visible layer are the complex
    layers of software and hardware used to implement the services.

    When considering moving to the public cloud, one of the first questions is often, ‘Is the cloud secure?’

    This is a natural question. Although the public cloud offers an impressive array of tools and services, hidden beneath that slick visible layer are the complex layers of software and hardware used to implement the services.

    Just like other software and hardware, these layers can have undiscovered vulnerabilities. The nightmare scenario, from a security point of view, involves an attacker infiltrating these underlying layers and getting access to any work going on in the cloud.

    In this blog, I’ll show why the security of the public cloud should not be your primary concern. The nightmare scenario, like any nightmare, seems frightening, but shouldn’t keep you up at night. I’ll also show that the big security concern with moving to the cloud is not whether the cloud itself is secure, but whether it is being used securely.

    No analogy is perfect, but I think this drives home (sorry!) the key to thinking about the cloud: it is rentable computing power.

    Being rentable, the cloud comes with restrictions, but it allows easy scaling to suit demand, and much of the computer support is outsourced to the cloud provider. And, as with the need to lock a hire car and look after the keys, we need to secure our code and data in the cloud. The commodity computing aspect can be turned into an advantage with the right security model.

    A misleading question

    With a little background, we can now see that there’s a problem with simply asking, ‘Is the cloud secure?’ The question is misleading because, without context, it can’t be answered.

    We tend to talk about computers being ‘secure’ or ‘insecure’, but those terms are meaningless by themselves. A computer is secure or insecure against specific attacks by specific attackers.

    It is always possible to imagine a ‘what if?’ scenario that leads to a successful attack, and this is easier if you don’t have control of the computer in question. In that case, your imagination can run wild.

    Less control, more security?

    There’s a temptation to try and control as much of your IT as possible, in the belief that the associated vulnerabilities and security are known and understood.

    Making sensible security decisions about public cloud services means not succumbing to this temptation, acknowledging that having control of a computer is (sadly!) not the same as securing it, and recognising that another company may be able to help.

    Giving up control feels uncomfortable, but the cloud provider is better placed to manage its own services. Letting them manage as much as possible means you can concentrate your security effort on the features they don’t offer.

    You have to trust your public cloud provider. If the only thing that mattered for security was the number of people that needed to be trusted, the cloud would offer poorer security than an on-premises system. However, that ignores the security benefits brought by the cloud: patching, logging & monitoring, DDoS protection, easily duplicating systems across multiple regions, and so on.

    Due diligence

    it is sensible to research a cloud provider’s background and security. If, after this ‘due diligence’, you can’t trust them to handle your data, don’t use them. Depending on the nature of your data and your risk appetite, this may be a reasonable decision, provided it is evidence-based and rational.

    This research will also show how this cloud provider divides security responsibilities between the customer and themselves (called the ‘shared responsibility model’). While they are all broadly similar — for example, access control is under the control of the customer, whereas physical security of the data centre is under the control of the cloud provider – each provider differs slightly in the details.

    There is ongoing research into ways of keeping the benefits of the cloud while reducing the need to trust the provider, but this remains complicated and, currently, more likely to introduce security problems than fix them.

    Reply
  18. Tomi Engdahl says:

    concentrate your security effort on making sure your data is secure. In our experience, data breaches in the cloud mostly come from the customer failing to protect their own data. Leaving your data insecure and hoping no-one will find it is like leaving the car unlocked and hoping no-one will steal it.

    Reply
  19. Tomi Engdahl says:

    Visibility and Threat Detection in a Remote Working World
    https://securityintelligence.com/posts/visibility-threat-detection-remote-work/
    At the outset of the COVID-19 pandemic, when governments around the
    world put stay-at-home orders in place, it was hard to imagine the
    state of work would permanently change. Yet, as organizations rapidly
    adopted and expanded systems to enable a remote workforce which
    doubled in size in just three weeks company cultures began shifting,
    too. As employees adjusted to life working remotely, many proved to
    their employers that productivity could remain high, and in some cases
    even increase, while they worked from home.

    Reply
  20. Tomi Engdahl says:

    Now that Adobe Flash is about to reach its end-of-life date
    at the end of this year, it is disabled by default in all web browser
    and has pretty much been replaced with open standards such as HTML5,
    WebGL, WebAssembly.

    Reply
  21. Tomi Engdahl says:

    Mapping the Cloud Native Security Genome
    https://blog.paloaltonetworks.com/2020/06/cloud-native-security-genome/
    The only given in cloud is that technology and services are evolving
    at a rapid pace. Organizations are embracing a wide diversity in
    technologies, but securing this complexity can be challenging. Current
    approaches are not sustainable. Leaders need to envision a different
    future for cloud security. This is what we have learned as we launch
    the results from our first annual State of Cloud Native Security
    Report. Conducted by Palo Alto Networks and sponsored by Accenture
    Security, it is the largest and most globally expansive market
    research dataset on cloud native security to date.

    Reply
  22. Tomi Engdahl says:

    European victims refuse to bow to Thanos ransomware
    https://www.bleepingcomputer.com/news/security/european-victims-refuse-to-bow-to-thanos-ransomware/
    A Thanos ransomware campaign targeting mid-level employees of multiple
    organizations from Austria, Switzerland, and Germany was met by the
    victims’ refusal to pay the ransoms demanded to have their data
    decrypted. Thanos ransomware is a Ransomware-as-a-Service (RaaS)
    operation advertised on Russian-speaking hacker forums that allows
    affiliates to customize their own ransomware through a builder offered
    by the developer.

    Reply
  23. Tomi Engdahl says:

    Open-Source Security: The Good, the Bad, and the Ugly
    Some form of open-source software is in almost every commercial product, which is good and bad from a security standpoint.
    https://www.electronicdesign.com/altembedded/article/21133709/opensource-security-the-good-the-bad-and-the-ugly?utm_source=EG+ED+IoT+for+Engineers&utm_medium=email&utm_campaign=CPS200619063&o_eid=7211D2691390C9R&rdx.ident%5Bpull%5D=omeda%7C7211D2691390C9R&oly_enc_id=7211D2691390C9R

    Tracking a project’s software components is important regardless of whether the code is open source or not. Commercial software used within a project is usually easier to track since a contract is usually involved along with service and support. Open-source software is more of a challenge because one open-source project often depends on other open-source projects. Thus, the issue can cascade into a significant amount of code involved in a project.

    Reply
  24. Tomi Engdahl says:

    Bug Hunters Confident They Will Continue to Outperform AI: Study
    https://www.securityweek.com/bug-hunters-confident-they-will-continue-outperform-ai-study

    Cyber security is described as a form of asymmetric warfare. One side, the defenders, have limited numbers — just the security team. The other side includes every blackhat hacker in the world — that is, many, many thousands. The blackhats only need to succeed once; the defenders need to succeed many times every day. Bugcrowd seeks to reverse this impossible mathematics.

    Motivation for Bugcrowd hackers is not primarily financial, with the biggest single consideration being a desire to help organizations defend against cybercrime. This seems to be an exact opposite to what motivates blackhats, where financial return is paramount, and the concerns of the victims ignored — as we have seen time and again throughout the COVID-19 pandemic.

    The ethical hacker motivation is confirmed by actual earnings. While 79% of the hackers find their actual earnings good or better than expected, around one-quarter are seeking to earn between $50,000 and $100,000 per annum — which is roughly comparable to their professional counterparts. The more usual earning is around $25,000, which is less than half of what is considered a median salary in the U.S. Having said that, it is possible, and has happened, that a few elite hackers have earned more than $1 million — although the report notes that “these security researchers represent less than 1% of the global community.”

    Other motivations include learning and job-seeking — and it does happen that corporations raid the bug crowd for new hirings. CEO Casey Ellis told SecurityWeek that he has no qualms about — indeed welcomes — the practice since it adds to the vitality of the marketplace.

    The motivations of the customer are also worth considering. The process is beneficial in that it can find bugs in new applications faster and cheaper than doing it in-house. This benefits everyone. The danger comes where a developer decides to ‘outsource’ the entire security responsibility to Bugcrowd, because the ‘secure by design’ principle can easily be lost. Furthermore, by transferring the Sec element of DevSecOps to Bugcrowd, the developer will lose a lot of agility in future development. Bugcrowd is best used as an additional rather than replacement resource.

    “In 2019,” says the report, “Bugcrowd prevented $8.9B in cybercrime, and security researchers earned 38% more in bounty payments.”

    The $8.9 billion figure comes from multiplying the number of P1 vulnerabilities found by Bugcrowd with the average cost of a breach in 2019 as described by IBM.

    Reply
  25. Tomi Engdahl says:

    Kashmir Hill / New York Times:
    In January, a faulty facial recognition match led to a Michigan man’s arrest for a crime he did not commit, in what may be the first known case of its kind — In what may be the first known case of its kind, a faulty facial recognition match led to a Michigan man’s arrest for a crime he did not commit.

    Wrongfully Accused by an Algorithm
    https://www.nytimes.com/2020/06/24/technology/facial-recognition-arrest.html

    In what may be the first known case of its kind, a faulty facial recognition match led to a Michigan man’s arrest for a crime he did not commit.

    Reply
  26. Tomi Engdahl says:

    https://www.europol.europa.eu/activities-services/main-reports/european-union-terrorism-situation-and-trend-report-te-sat-2020

    Reply
  27. Tomi Engdahl says:

    Machine Learning in Malware Analysis
    https://www.linkedin.com/pulse/machine-learning-malware-analysis-jimmy-biniyaz

    Many different deep network architectures have been suggested by machine learning experts and malware analysts to detect both known and unknown malware. There has been proposed architectures include limited CNN Modeling, Boltzmann machines and hybrid methods.

    Reply
  28. Tomi Engdahl says:

    Cybersecurity Tools Every Company Should Have
    https://pentestmag.com/cybersecurity-tools-every-company-should-have/

    Reply
  29. Tomi Engdahl says:

    https://owasp.org/www-project-application-security-verification-standard/

    https://tietoturvasertifikaatti.fi/

    Reply
  30. Tomi Engdahl says:

    China’s surprise, years in the planning: An EMP attack
    https://thehill.com/opinion/national-security/503252-chinas-surprise-years-in-the-planning-an-emp-attack

    Reply
  31. Tomi Engdahl says:

    https://www.theregister.com/2020/06/10/iot_trouble_root_certificates_expire/

    Reply
  32. Tomi Engdahl says:

    United States seems to want HTTPS for all government sites and insecure encryption for everything else.

    A group of mathematically clueless looking lawmakers again seem to attempt to bend the laws of mathematics to their will as a trio of Republican senators on Tuesday proposed legislation that requires service providers and device makers in America to help the Feds bypass encryption. The law bill is dubbed the Lawful Access to Encrypted Data Act. This latest legislative attempt to make encryption – math – insecure on-demand.

    This should not be confused with another bill up for consideration in the United States’ Congress, the EARN-IT Act, which threatens service providers with liability for supporting private, aka encrypted, communications.

    At the same time when everybody else
    At the same time polititicians are saying all dot-gov sites should be available over HTTPS, the government wants to get to the point that all of its web servers are publicly committed to use HTTPS by default and preventing web users from making unencrypted connection to government sites at all.

    https://www.theregister.com/2020/06/24/us_encryption_backdoor/
    https://regmedia.co.uk/2020/06/24/laeda_bill.pdf
    https://cyberlaw.stanford.edu/blog/2020/01/earn-it-act-how-ban-end-end-encryption-without-actually-banning-it
    https://nakedsecurity.sophos.com/2020/06/23/united-states-wants-https-for-all-government-sites-all-the-time/

    Reply
  33. Tomi Engdahl says:

    Jon Brodkin / Ars Technica:
    Comcast is the first ISP to join Firefox’s Trusted Recursive Resolver program to deploy encrypted DNS lookups on the Firefox browser — Comcast/Mozilla deal follows dispute over ISP snooping and DNS encryption. — Comcast is partnering with Mozilla to deploy encrypted DNS lookups on the Firefox browser …

    Comcast, Mozilla strike privacy deal to encrypt DNS lookups in Firefox
    Comcast/Mozilla deal follows dispute over ISP snooping and DNS encryption.
    https://arstechnica.com/tech-policy/2020/06/comcast-mozilla-strike-privacy-deal-to-encrypt-dns-lookups-in-firefox/

    Comcast is partnering with Mozilla to deploy encrypted DNS lookups on the Firefox browser, the companies announced today. Comcast’s version of DNS over HTTPS (DoH) will be turned on by default for Firefox users on Comcast’s broadband network, but people will be able to switch to other options like Cloudflare and NextDNS. No availability date was announced.

    Comcast is the first ISP to join Firefox’s Trusted Recursive Resolver (TRR) program, Mozilla said in today’s announcement. Cloudflare and NextDNS were already in Mozilla’s program, which requires encrypted-DNS providers to meet privacy and transparency criteria and pledge not to block or filter domains by default “unless specifically required by law in the jurisdiction in which the resolver operates.”

    Reply
  34. Tomi Engdahl says:

    How to secure DevOps
    https://www.kaspersky.com/blog/devops-security-hybrid/36021/
    Supply-chain attacks through public repositories have become more
    frequent of late. Heres how to deal with them. Last month, IT news
    websites reported that RubyGems, the official channel for distributing
    libraries for the Ruby programming language, had been poisoned. An
    attacker uploaded fake packages containing a malicious script, so all
    programmers who used the code in their projects unwittingly infected
    users computers with malware that changed cryptocurrency wallet
    addresses.

    Reply
  35. Tomi Engdahl says:

    Two record DDoSes disclosed this week underscore their growing menace
    https://arstechnica.com/information-technology/2020/06/two-record-ddoses-disclosed-this-week-underscore-their-growing-menace/
    Distributed denial-of-service attacksthose floods of junk traffic that
    criminals use to disrupt or completely take down websites and
    serviceshave long been an Internet scourge, with events that regularly
    cripple news outlets and software repositories and in some cases bring
    huge parts on the Internet to a standstill for hours. Now theres
    evidence that DDoSes, as theyre usually called, are growing more
    potent with two record-breaking attacks coming to light in the past
    week.. Related:
    https://www.bleepingcomputer.com/news/security/european-bank-suffers-biggest-pps-ddos-attack-new-botnet-suspected/.
    https://www.theregister.com/2020/06/25/akamai_809mpps_attack/.
    https://www.darkreading.com/attacks-breaches/another-record-breaking-ddos-attack-signals-shift-in-criminal-methods/d/d-id/1338177

    Reply
  36. Tomi Engdahl says:

    Ransomware and hacking: How it feels to be the victim of cybercrime
    https://www.zdnet.com/article/it-is-stressful-it-is-frightening-what-its-like-to-be-a-victim-of-hacking-and-ransomware/
    Much of the analysis of cybercrime tends to focus on the financial
    costs or the technical aspects involved. That means the psychological
    impact of falling victim to hacking, ransomware or other cyberattacks
    tends to be ignored. There’s a widespread perception that cybercrimes
    don’t have as bad an impact as some physical crimes, said Professor
    Mark Button, director of the Centre for Counter Fraud Studies at the
    University of Portsmouth.

    Reply
  37. Tomi Engdahl says:

    Vulnerabilities Declining in Open Source, But Slow Patching Still a
    Problem
    https://www.darkreading.com/vulnerabilities—threats/vulnerabilities-declining-in-open-source-but-slow-patching-still-a-problem/d/d-id/1338179
    Even as more code is produced, indirect dependencies continue to
    undermine security. Driven by growth in the JavaScript, Java, and
    Python ecosystems, the number of open source software packages more
    than doubled in 2019, but the number of vulnerabilities fell by 20%,
    suggesting that developers are weeding out simple vulnerabilities, a
    new report shows.

    Reply
  38. Tomi Engdahl says:

    Why Cybersecurity Is Really A Business Problem
    https://www.forbes.com/sites/louiscolumbus/2020/06/25/why-cybersecurity-is-really-a-business-problem/
    Absolutes 2020 Endpoint Resilience Report illustrates why the purpose
    of any cybersecurity program needs to be attaining a balance between
    protecting an organization and the need to keep the business running,
    starting with secured endpoints. Enterprises whove taken a blank-check
    approach in the past to spending on cybersecurity are facing the stark
    reality that all that spending may have made them more vulnerable to
    attacks.

    Reply
  39. Tomi Engdahl says:

    ICS/OT Incident Response in Times of Lockdown
    https://www.dragos.com/blog/industry-news/ics-ot-incident-response-in-times-of-lockdown/
    The restrictions put in place to slow the spread of the COVID-19
    pandemic have forced us to reassess how to react to cyber incidents in
    OT environments. As travel restrictions were being put in place, the
    Dragos Incident Response team began to create plans, procedures, and
    tooling to enable us to still perform IR services to our customers
    during these challenging times. This article aims to give some
    guidance on how to adapt your incident response posture to the current
    situation.

    Reply
  40. Tomi Engdahl says:

    Tough cyber security rules loom for business as attacks surge
    https://www.afr.com/politics/federal/tough-cyber-security-rules-loom-for-business-as-attacks-surge-20200621-p554nj

    Reply
  41. Tomi Engdahl says:

    https://www.linkedin.com/pulse/analysis-windows-active-directory-environment-using-jimmy-biniyaz

    Reply
  42. Tomi Engdahl says:

    OSINT and Google dorking with Docker swarm
    https://talk.dallasmakerspace.org/t/osint-and-google-dorking-with-docker-swarm/71963

    Reply
  43. Tomi Engdahl says:

    https://pentestmag.com/zeus-scanner-advanced-dork-searching/

    Reply
  44. Tomi Engdahl says:

    How to Protect Your Network Infrastructure and Apps from DDoS Attacks?
    https://pentestmag.com/how-to-protect-your-network-infrastructure-and-apps-from-ddos-attacks/

    Reply
  45. Tomi Engdahl says:

    7 merkkiä siitä, että olet joutunut identiteettivarkauden uhriksi
    https://www.asiakastieto.fi/omatieto/fi/artikkelit/20200603150000?utm_source=Facebook_Mobile_Feed&utm_medium=social&utm_campaign=summer_campaign_2020&utm_content=post%3A+7+merkki%C3%A4+siit%C3%A4%2C+ett%C3%A4+olet+joutunut+identiteettivarkauden+uhriksi

    Reply
  46. Tomi Engdahl says:

    https://www.trustedsec.com/blog/abusing-windows-telemetry-for-persistence/

    Reply
  47. Tomi Engdahl says:

    The Senate’s New Anti-Encryption Bill Is Even Worse Than EARN IT, and That’s Saying Something
    DEEPLINKS BLOG
    https://www.eff.org/deeplinks/2020/06/senates-new-anti-encryption-bill-even-worse-earn-it-and-thats-saying-something

    Right now, we rely on secure technologies like never before—to cope with the pandemic, to organize and march in the streets, and much more. Yet, now is the moment some members of the Senate Judiciary and Intelligence Committees have chosen to try to effectively outlaw encryption in those very technologies.

    The new Lawful Access to Encrypted Data Act—introduced this week by Senators Graham, Blackburn, and Cotton—ignores expert consensus and public opinion, which is unfortunately par for the course.

    But the bill is actually even more out of touch with reality than many other recent anti-encryption bills. Since January, we’ve been fighting the EARN IT Act, a dangerous anti-speech and anti-security bill that would hand a government commission, led by the Attorney General, the power to determine “best practices” online.

    Worse yet, the bill requires companies to figure out for themselves how to comply with a decryption directive. Their only grounds to resist is to show it would be “technically impossible.” While that might seem like a concession to the long-standing expert consensus that technologists simply can’t build a “lawful access” mechanism that only the government can use, the bill’s sponsors are nowhere near that reasonable.

    As a hearing led by Senator Graham last December demonstrated, many legislators and law enforcement officials believe that even though any backdoor could be exploited by bad actors and put hundreds of millions of ordinary users at risk, that doesn’t mean it’s “technically impossible.” In fact, even if decryption would be “impossible” because the system is designed to be secure against everyone except the user who holds the key —as with full-disk encryption schemes designed by Apple and Google—that’s likely not a defense. Instead, the government can require the system to be redesigned.

    Not only does the bill disregard the security of users, it allows the government to support its need for a backdoor with one-sided secret evidence, any time it feels a public court proceeding would harm national security or “enforcement of criminal law.”

    Reply
  48. Tomi Engdahl says:

    https://www.cnet.com/news/republicans-push-bill-requiring-tech-companies-to-help-access-encrypted-data/

    Reply
  49. Tomi Engdahl says:

    After huffing and puffing for years, US senators unveil law to blow the encryption house down with police backdoors
    Lawmakers will attempt to bend the laws of mathematics to their will
    https://www.theregister.com/2020/06/24/us_encryption_backdoor/

    Reply
  50. Tomi Engdahl says:

    Carbon-based vuln hunters will always be better at infosec than AI, insist puny humans
    No intelligent pentesting systems were available to comment on this assertion
    https://www.theregister.com/2020/06/24/bugcrowd_hacker_survey/

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*