Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
Google Announces New Chrome and Chrome OS Security Features for Enterprises
https://www.securityweek.com/google-announces-new-chrome-and-chrome-os-security-features-enterprises
Google on Thursday announced several new security features for enterprises that are using Chrome and Chrome OS.
Google has boasted that Chrome OS has never been hit by ransomware and says there is no evidence of a “successful virus attack”. The Chrome browser, on the other hand, has been increasingly targeted in zero-day attacks.
The tech giant wants to continue improving the security of Chrome OS and Chrome, including for enterprises.
The company is now offering enterprise security teams a collection of plug-and-play integrations with third-party identity and access, endpoint management, and security insights and reporting products.
The new Chrome Enterprise Connectors Framework enables Chrome and Chrome OS integrations with products from Netskope, Okta, BlackBerry, Samsung, VMware, Splunk, CrowdStrike and Palo Alto Networks. Not all of these are immediately available, but Google says they are “coming soon.”
Tomi Engdahl says:
Spain to Tighten Control Over Secret Services After Spying Scandal
https://www.securityweek.com/spain-tighten-control-over-secret-services-after-spying-scandal
Spain’s prime minister vowed Thursday to tighten oversight of the country’s secret services in the wake of a scandal over the hacking of top politicians’ mobile phones that has roiled his fragile coalition government.
The affair broke in April when Canadian cybersecurity watchdog Citizen Lab said the telephones of more than 60 people linked to the Catalan separatist movement had been tapped using Pegasus spyware after a failed independence bid in 2017.
The scandal sparked a crisis between Prime Minister Pedro Sanchez’s minority government and Catalan separatist party ERC which blamed Madrid for the phone hacking.
His fragile coalition relies on the ERC to pass legislation in parliament and remain in power until the next general election due at the end of 2023.
The scandal deepened after the government announced that the phones of Sanchez and the defense and interior ministers were hacked by the same spyware, made by Israel’s NSO Group, by an “external actor” last year.
The revelation raised questions over who was to blame and whether Spain had adequate security protocols.
Sanchez said Thursday his government would “strengthen judicial control” of Spain’s secret services and update procedures to “prevent these security breaches from happening again”.
Tomi Engdahl says:
Tapping Neurodiverse Candidates Can Address Cybersecurity Skills Shortage
https://www.securityweek.com/tapping-neurodiverse-candidates-can-address-cybersecurity-skills-shortage
While neurodiverse candidates don’t fit the traditional mold of applicants, they can often excel at highly focused, analytical work
At a time when there countless unfulfilled cybersecurity positions worldwide, too many companies overlook neurodiverse candidates in their hiring processes. This a huge mistake as people with autism, dyslexia, and other conditions often possess skills that are well suited for cybersecurity work. Those skills include the ability to concentrate, a capacity for recognizing anomalies, and great determination.
People with ADHD, for example, are able to hyper-focus on certain tasks, while those with autism can process complex detail-oriented tasks, and have above average recall capabilities.
However, neurodiverse people generally do not excel at acquiring certifications — common requirements for most cybersecurity jobs. Presenting a polished persona in an interview is something else they may struggle with.
In addition, interviewing neurodiverse candidates can be challenging since they tend to avoid eye contact, sometimes struggle to communicate and can get overwhelmed in unfamiliar circumstances. They may also struggle to communicate with groups of people in a panel type interview. All of these typically are seen as they “interviewed badly.”
Tomi Engdahl says:
How are hackers targeting your network through mobile devices?
https://www.pandasecurity.com/en/mediacenter/security/hackers-network-mobile/
Mobile devices are now a key part of our personal and professional lives. But the fact that we carry smartphones in our pockets (or
bags!) means that we treat them slightly differently to other gadgets like computers and laptops. They quickly become personal devices even if they are given to us as part of our job.
Tomi Engdahl says:
Jopa 7-vuotiaat syyllistyvät kyberrikoksiin “Vielä kuulusteluissakaan nuori ei ole täysin ymmärtänyt mitä on tehnyt väärin”
https://www.mantsalanuutiset.fi/paikalliset/4632158
Kyberrikoksiin syyllistyvät jopa pienet lapset: viiden viime vuoden aikana verkkorikoksiin ovat syyllistyneet jopa 7-vuotiaat. Viime vuonna Suomessa selvitetyissä kyberrikoksissa on kaksi 11-vuotiaan tekemää tietomurtoa ja kolme tietosuojarikosta. Viime vuonna poliisin rekisteröimästä 2418 kyberrikosta koskevasta ilmoituksesta ja selvitetyistä rikoksista alaikäisten osuus epäillyistä tekijöistä oli
30 prosenttia, sanoo Keskusrikospoliiisin kyberrikostorjuntakeskuksen päällikkö Mikko Rauhamaa.
Tomi Engdahl says:
NIS2: Experts share their views on the EU’s upcoming cybersecurity directive https://portswigger.net/daily-swig/nis2-experts-share-their-views-on-the-eus-upcoming-cybersecurity-directive
Criminal hackers, nation states, and other malicious actors are constantly changing their targets and methods. Legislation, though, often takes years to draft, putting law enforcement on the back foot when it comes to keeping pace with emerging cybersecurity threats. The European Union (EU), though, is moving relatively quickly towards new, common cybersecurity regulations for the bloc.
Tomi Engdahl says:
Global tech industry objects to India’s new infosec reporting regime https://www.theregister.com/2022/05/29/global_opposition_india_infosec_plan/
Eleven significant tech-aligned industry associations from around the world have reportedly written to India’s Computer Emergency Response Team (CERT-In) to call for revision of the nation’s new infosec reporting and data retention rules, which they criticise as inconsistent, onerous, unlikely to improve security within India, and possibly harmful to the nations economy. The rules were introduced in late April and are extraordinarily broad. For example, operators of datacenters, clouds, and VPNs, are required to register customers’
names, dates on which services were used, and even customer IP addresses, and store that data for five years.
Tomi Engdahl says:
Military-made cyberweapons could soon become available on the dark web, Interpol warns https://www.cnbc.com/2022/05/23/military-cyberweapons-could-become-available-on-dark-web-interpol.html
Digital tools used by the military to conduct cyberwarfare could eventually end up in the hands of cybercriminals, a top Interpol official has warned. Jurgen Stock, the international police agency’s secretary general, said he’s concerned state-developed cyberweapons will become available on the darknet a hidden part of the internet that can’t be accessed through search engines like Google in a “couple of years.”
Tomi Engdahl says:
Abitti-järjestelmässä vakavia haavoittuvuuksia – mahdollistivat ylioppilaskokeissa huijaamisen
https://www.tivi.fi/uutiset/tv/6734f0fd-fc40-4d62-871f-f92b70a5a949
Koejärjestelmässä on esiintynyt myös hitautta, jonka syytä ei toistaiseksi tunneta.
Ylioppilaskokeissa ja lukioiden kurssikokeissa käytettävässä Abitti-järjestelmässä on havaittu kolme vakavaa haavoittuvuutta. Ylioppilastutkintolautakunnan tuoteomistajan Matti Latun mukaan aukot ovat mahdollistaneet verkkohyökkäykset sekä ylioppilaskokeissa huijaamisen.
Hyökkäämisen ja kokeissa huijaamisen mahdollistavat haavoittuvuudet ovat olleet järjestelmässä sen julkaisuvuodesta lähtien.
”Meillä ei ole näyttöä hyökkäyksistä, emmekä ole selvittäneet sitä, onko niihin hyökätty. Olisi vaikeaa varmistua siitä, ettei vuodesta 2015 saatavilla ollutta aukkoa olisi hyödynnetty”, Lattu sanoo Tiville.
Abitti-järjestelmän verkkopalvelussa on myös esiintynyt hitautta tänään 30. toukokuuta, jota on selvitetty aamupäivästä lähtien. Latun mukaan hitaus on samassa verkkopalvelussa, jossa vakavin haavoittuvuus on. Tämä haavoittuvuus mahdollistaa petollisen kirjautumissivun luomisen ja opettajien Abitti-tunnusten varastamisen.
Näyttöä hyökkäämisestä hitauden syynä ei kuitenkaan toistaiseksi ole. Lukion kurssikokeiden tehtävien lataaminen tai arvosteleminen on kuitenkin ollut jumissa. Lattu sanoo tämänhetkisen näkemyksen olevan se, että järjestelmässä on tekninen vika.
”Jos kyseessä olisi palvelunestohyökkäys, näkisimme paljon verkkoliikennettä, jota ei nyt nähdä. Ulkopuolista tekijää ei kuitenkaan voi sulkea pois, sillä emme vielä tiedä, mikä tämän aiheuttaa”, Lattu kommentoi.
Toinen haavoittuvuus on mahdollistanut GeoGebra 6 -laskimen 4f-vihon käyttämisen kaksiosaisen matematiikan ylioppilaskokeen ensimmäisessä osassa, jossa se on normaalisti kiellettyä. Näiden html5-tekniikkaa käyttävien ohjelmien koodi on ollut kokelaiden saatavilla ja suoritettavissa koeympäristön Firefox-selaimessa.
Linux-pohjaisessa Abitissa on myös ollut mahdollista korottaa kokelaiden koeaikaisia käyttöoikeuksia kernelille annettavien parametrien muuttamisella. Tämä kolmas haavoittuvuus on ollut kehittäjien tiedossa ja sitä hallitaan koejärjestelmän teknisellä valvonnalla.
Haavoittuvuuksista ilmoitti Ylioppilastutkintolautakunnalle ulkopuolinen henkilö.
”Lukukauden päätös on todella paineinen tilanne opettajille ja olemme pahoillamme, että tästä on aiheutunut heille haittaa”, Lattu pahoittelee.
Tomi Engdahl says:
7 Cryptography Concepts EVERY Developer Should Know
https://www.youtube.com/watch?v=NuyzuNBFWxQ
Cryptography is scary. In this tutorial, we get hands-on with Node.js to learn how common crypto concepts work, like hashing, encryption, signing, and more
https://fireship.io/lessons/node-crypto-examples/
Chapters
00:00 What is Cryptography
00:52 Brief History of Cryptography
01:41 1. Hash
04:07 2. Salt
05:47 3. HMAC
06:35 4. Symmetric Encryption.
08:19 5. Keypairs
09:29 6. Asymmetric Encryption
10:22 7. Signing
11:31 Hacking Challenge
Tomi Engdahl says:
Kyberturvallisuusjohtaja: “Ennen kaikkea yritysten tulisi varautua siihen, kuinka nopeasti toivutaan”
https://www.kauppalehti.fi/uutiset/kyberturvallisuusjohtaja-ennen-kaikkea-yritysten-tulisi-varautua-siihen-kuinka-nopeasti-toivutaan/0495a6e9-d509-4747-8908-b7fe650ca520
Venäjän hyökkäys Ukrainaan ja Suomen Nato-hakemus ei ole aiheuttanut poikkeamia kyberammattilaisten rutiineihin. Suomessa varautumistasoa nostettiin jo ennen sotaa, vuoden vaihteessa. “Suomen kyberturvallisuustilanne on varsin rauhallinen, ei tavallisuudesta poikkeavaa. Normaaleja torjuntatoimia tehdään. Suomeen kohdistuu vuositasolla noin 10 000 kyberhyökkäystä”, valtion kyberturvallisuusjohtaja Rauli Paananen kertoo.
Tomi Engdahl says:
Champions League clashes revive appetite for facial recognition technology in France https://www.euractiv.com/section/data-protection/news/facial-recognition-debate-back-on-the-menu-after-champions-league-clashes/
The Mayor of Nice, Christian Estrosi, has revived the debate on facial recognition after images of violent clashes outside the Stade de France during the Champions League final on Saturday (28 May) put the French government in the spotlight. EURACTIV France reports.
Tomi Engdahl says:
Guardian launches Tor onion service
https://www.theguardian.com/help/insideguardian/2022/may/30/guardian-launches-tor-onion-service
The Guardian website is now available to Tor users as an “onion service”. The Tor network helps conceal its users’ locations, which makes tracking their internet activity much more difficult. Tor also makes it harder for internet service providers to identify what their users are accessing. This means users can bypass censorship in parts of the world where access to independent news might be difficult or if certain websites and services are banned.
Tomi Engdahl says:
Latest Mobile Malware Report Suggests On-Device Fraud is on the Rise https://thehackernews.com/2022/05/latest-mobile-malware-report-suggests.html
An analysis of the mobile threat landscape in 2022 shows that Spain and Turkey are the most targeted countries for malware campaigns, even as a mix of new and existing banking trojans are increasingly targeting Android devices to conduct on-device fraud (ODF). Other frequently targeted countries include Poland, Australia, the U.S., Germany, the U.K., Italy, France, and Portugal. “The most worrying leitmotif is the increasing attention to On-Device Fraud (ODF), ”
Dutch cybersecurity company ThreatFabric said in a report shared with The Hacker News.
Tomi Engdahl says:
New XLoader botnet uses probability theory to hide its servers https://www.bleepingcomputer.com/news/security/new-xloader-botnet-uses-probability-theory-to-hide-its-servers/
Threat analysts have spotted a new version of the XLoader botnet malware that uses probability theory to hide its command and control servers, making it difficult to disrupt the malware’s operation. This helps the malware operators continue using the same infrastructure without the risk of losing nodes due to blocks on identified IP addresses while also reducing the chances of being tracked and identified.
Tomi Engdahl says:
Paying Ransomware? Should You Really Pay Ransom Settlements?
https://www.fortinet.com/blog/industry-trends/paying-ransomware
Ransomware is one of the top threats facing organizations and individuals today. In fact, according to a recent survey, 85% of organizations are more worried about a ransomware attack than any other cyber threat. By simply clicking a link or downloading a malicious file, anyone can unwittingly initiate a ransomware attack.
And while often someone may feel desperate and want to pay the ransom or a ransomware settlement to re-gain access to critical data, it is a decision that should be considered very carefully.
Tomi Engdahl says:
Cyber Agency: Voting Software Vulnerable in Some States
https://www.securityweek.com/cyber-agency-voting-software-vulnerable-some-states
Electronic voting machines from a leading vendor used in at least 16 states have software vulnerabilities that leave them susceptible to hacking if unaddressed, the nation’s leading cybersecurity agency says in an advisory sent to state election officials.
The U.S. Cybersecurity and Infrastructure Agency, or CISA, said there is no evidence the flaws in the Dominion Voting Systems’ equipment have been exploited to alter election results. The advisory is based on testing by a prominent computer scientist and expert witness in a long-running lawsuit that is unrelated to false allegations of a stolen election pushed by former President Donald Trump after his 2020 election loss.
The advisory, obtained by The Associated Press in advance of its expected Friday release, details nine vulnerabilities and suggests protective measures to prevent or detect their exploitation. Amid a swirl of misinformation and disinformation about elections, CISA seems to be trying to walk a line between not alarming the public and stressing the need for election officials to take action.
CISA Executive Director Brandon Wales said in a statement that “states’ standard election security procedures would detect exploitation of these vulnerabilities and in many cases would prevent attempts entirely.” Yet the advisory seems to suggest states aren’t doing enough. It urges prompt mitigation measures, including both continued and enhanced “defensive measures to reduce the risk of exploitation of these vulnerabilities.” Those measures need to be applied ahead of every election, the advisory says, and it’s clear that’s not happening in all of the states that use the machines.
Tomi Engdahl says:
7 Security Risks and Hacking Stories for Web Developers
https://www.youtube.com/watch?v=4YOpILi9Oxs
Concepts:
1. Zero-day 0:47
2. Vulnerable packages 1:22
3. XSS 2:24
4. SQL Injection 3:42
5. Credential Leaks 4:48
6. Principle of Least Privilege 6:11
7. DDoS 7:43
Tomi Engdahl says:
https://www.vice.com/en/article/n7n848/discord-is-the-worlds-most-important-financial-messenger-and-a-hotbed-for-scammers
Tomi Engdahl says:
Financial Times:
An investigation details NSO’s severe financial troubles, after human rights groups documented Pegasus abuses, as executives weigh selling to risky clients — The inside story of the Pegasus spyware maker’s perilous financial situation and its way ahead following US blacklisting
NSO’s cash dilemma: miss debt repayment or sell to risky customers
https://www.ft.com/content/5ef90e5f-1220-4ed6-a650-985272eb0334
Tomi Engdahl says:
Suomalaishanke aikoo korvata perinteiset salasanat
https://www.uusiteknologia.fi/2022/06/01/suomalaishanke-aikoo-korvata-perinteiset-salasanat/
Epävarmat toimintatavat salasanojen käytössä johtavat vuosittain lukemattomiin tietoturvaloukkauksiin ja taloudellisiin tappioihin. Nyt Jyväskylän yliopiston SAFE-hanke aikoo korvata perinteiset salasanat turvallisemmilla ratkaisuilla. Rahoitusta hankkeen kaupallistamiseen on saatu Business Finlandilta.
’’Käyttäjillä on nykyään aivan valtava määrä tilejä ja niihin valitaan helppouden takia liian usein heikkoja salasanoja tai vanhoja tuttuja salasanoja käytetään uudelleen. Siksi tarvitaan uutta radikaalia innovaatiota, joilla salasanojen nykyisiin ongelmiin pystytään puuttumaan’’, kertoo hanketta Jyväskylän yliopitstossa johtava apulaisprofessori Naomi Wood.
Salasanoihin ja tunnistautumiseen liittyviin ongelmiin on aiemmin kehitetty erilaisia vaihtoehtoisia ratkaisuja. Ne eivät kuitenkaan ole onnistuneet korvaamaan salasanoja, koska käyttäjät eivät ole joko pitäneet ratkaisuja luotettavina tai ovat pitäneet niitä liian vaikeakäyttöisinä.
Salasanoihin on usein liittynyt myös erilaisia tietoturvaongelmia. Siksi salasanat ja niiden hallinnointi ovat nykyoloissa ratkaisevan tärkeitä paitsi yksityisten käyttäjien, myös organisaatioiden tietoturvan kannalta. Myös armeija, hallitukset, sähköverkot ja esimerkiksi rautateiden ja lennonjohdon tietoverkot tarvitsevat salasanoja tietoturvansa ylläpitämiseen.
Hankken lopullisena tarkoituksena on kehittää ja kaupallistaa kaikissa käyttöjärjestelmissä, palveluissa ja laitteissa toimiva tunnistautumismenetelmä, joka on paitsi tietoturvallinen myös helppokäyttöinen.
Tomi Engdahl says:
Poliisi kertoi verkkorikollisuuden karun hinnan suomalaisille https://www.is.fi/digitoday/tietoturva/art-2000008857482.html
Tomi Engdahl says:
Mikko Hyppönen varoittaa: Verkkokonnilla kohta uusi tekniikka https://www.is.fi/digitoday/tietoturva/art-2000008857483.html
Tomi Engdahl says:
Access Brokers and Ransomware-as-a-Service Gangs Tighten Relationships
https://www.securityweek.com/access-brokers-and-ransomware-service-gangs-tighten-relationships
Access brokers sell compromised network access to help ransomware gangs launch attacks
Dark web watchers have noted the increasing professionalism of cybercrime groups over the last few years. Criminal groups are well-organized and have just one purpose: streamlining operations to maximize profits. An increasingly close relationship between access brokers and ransomware-as-a-service (RaaS) groups is an obvious development.
Analysts have been watching this unfold, and threat intelligence firm Intel 471 has posted an initial report: The relationship between access brokers and ransomware crews is growing.
The access brokers in this report are credential brokers. “They specialize in obtaining credentials to organizations’ IT stacks across the world,” Intel 471′s Greg Otto told SecurityWeek. “They sell that access to the highest bidders on the cybercrime underground; and the highest bidders are increasingly ransomware-as-a-service (RaaS) gangs.”
There are other categories of ‘access’ broker – such as vulnerability merchants who might auction the presence of a backdoor or the discovery of an unpatched vulnerability – or the availability of RDP access. But this report focuses on the growth of the credential broker over recent years, and the growing alliance of brokers with specific RaaS groups.
For RaaS groups and access brokers alike, the business advantages of a close – perhaps exclusive – relationship are clear. The ransomware operators can provide a better service to their affiliates delivering both the access and the malware. This makes the process shorter and increases their turnover – with their ransom percentages increasing in number and decreasing in wait time. Furthermore, as relationships strengthen, ransomware groups may identify a victim they wish to target, and the access merchant will provide the access once it is available.
Tomi Engdahl says:
Automation. Where do We Go from Here?
https://www.securityweek.com/automation-where-do-we-go-here
What’s next in the evolution of security automation and orchestration?
Over the past 20 years we’ve seen significant improvements in cybersecurity technology and tools. For example, new versions of intrusion prevention systems and firewalls were introduced using terminology like “next-generation”, which I’m not a fan of because it borders on hype. (What is after next-generation? Next-next? But I digress…) Regardless, ultimately, important revisions and upgrades were made that helped security teams improve threat detection and prevention.
Unique capabilities also emerged like automation and orchestration that became the focus of new categories like security orchestration, automation and response (SOAR) platforms which quickly proved their value by improving the throughput of analyst work. As SOAR platforms grew in popularity, vendors of related cybersecurity product categories began to envision how automation and orchestration could also be applied to their area of focus. Soon, a technology that began as a unique capability of SOAR, evolved to become a core feature in many other categories. SIEM providers acquired stand-alone SOAR platforms, and endpoint detection and response (EDR) and extended detection and response (XDR) solutions broadened to include automation and orchestration capabilities. What’s next in the evolution of automation and orchestration?
U.S. Supreme Court Judge Louis D. Brandeis once said, “There are no shortcuts to evolution.” We see that his pioneering ideas and principles on free speech, privacy, government intrusion and democracy changed American society and law at the time and continue to shape legal decisions and regulations decades later. And we see parallels with the evolution of automation and orchestration. SOAR was an important step forward in the adoption of automation and orchestration. Now, as these capabilities fragment and find their way into other cybersecurity tools, their applications and usage will evolve for even greater, ongoing impact. Let’s take a closer look at how this plays out with automation, and we’ll look at orchestration in a future article.
From process-driven…
SOAR was off to a great start, touting the ability to increase security operations efficiency and consistency by automatically running a playbook in reaction to an incident or issue without the need for human intervention. However, as organizations began using SOAR, they encountered three main challenges:
1. In order for playbooks to run, processes need to be defined, created and maintained. Engineering work is also required to customize playbooks and standardize implementation. Many companies found SOAR was not an immediate fix to streamline security operations. Humans needs to be involved as these efforts to put automation in place can be onerous.
2. The current approach to security automation has focused on automating processes, with no regard to the data being processed. This approach works fine if you’re in a static environment doing the same thing over and over again. But in detection and response, which is dynamic and variable, that’s not the case. Playbooks are run regardless of the relevance or priority of data. If you put noisy data in, the result will be amplified noise out.
3. Process-focused playbooks are inherently inefficient and complex because the decision-making criteria and logic are built into the playbooks and updates need to be made in each playbook. This complexity grows exponentially as you increase the number of playbooks.
…evolving to data-driven
As automation continues to evolve, a new approach to accelerate detection and response is emerging based on data and business logic to automatically trigger simple actions that can be standalone or be chained together. Instead of an entire process driving automation, a data-driven approach defines the criteria for the automation and how it is executed for greater focus, accuracy and agility.
Tomi Engdahl says:
Poliisi kertoi verkkorikollisuuden karun hinnan suomalaisille https://www.is.fi/digitoday/tietoturva/art-2000008857482.html
Suomalaiset ovat pelkästään viime vuoden alusta lukien menettäneet kymmeniä miljoonia euroja erilaisiin verkkohuijauksiin. Asiasta kertoi rikosylikonstaapeli Marko Erämaa keskusrikospoliisin tiedusteluosastolta. Hän osallistui Digi- ja väestötietoviraston Vahti-seminaariin keskiviikkona. Yhteensä uhrit ovat menettäneet näissä petoksissa yli 51 miljoonaa euroa tammikuusta 2021 lukien.
Eniten rahaa eksyi sijoitushuijareille, jotka veivät 20, 7 miljoonaa euroa. Näissä petoksissa tyypillisesti maanitellaan ihmisiä kryptovaluuttojen pariin. Tilastoissa näkyvät rahasummat ovat jäävuoren huippu. Todelliset menetykset ovat paljon isompia. Tämä on totta erityisesti rakkaushuijauksissa, joiden aiheuttama häpeä ja stigma estää monia uhreja kertomasta vahingostaan.
Tomi Engdahl says:
Singapore mandates ‘kill switch’ for banks as safeguard against online scams https://www.zdnet.com/article/singapore-mandates-kill-switch-for-banks-as-safeguard-against-online-scams/
Banks in Singapore will have to provide a “kill switch” as part of a new slew of security measures to safeguard against growing online scams. Consumers also are urged to access their accounts via mobile banking apps, instead of web browsers, to minimise risks. The latest set of measures would complement those introduced in January this year, shortly after a spat of online scams involving OCBC Bank customers resulted in losses of more than SG$8.5 million ($6.32 million). The new measures were unveiled Thursday and expected to come into effect by October 31 this year, according to the Monetary Authority of Singapore (MAS) and Association of Banks in Singapore (ABS).
Tomi Engdahl says:
Ransomware gang now hacks corporate websites to show ransom notes https://www.bleepingcomputer.com/news/security/ransomware-gang-now-hacks-corporate-websites-to-show-ransom-notes/
A ransomware gang is taking extortion to a new level by publicly hacking corporate websites to publicly display ransom notes. This new extortion strategy is being conducted by Industrial Spy, a data extortion gang that recently began using ransomware as part of their attacks. As part of their attacks, Industrial Spy will breach networks, steal data, and deploy ransomware on devices. The threat actors then threaten to sell the stolen data on their Tor marketplace if a ransom is not paid. While this tactic is outside the norm, it allows the ransomware gang to apply further pressure on a victim, as it pushes the attack into the spotlight where customers and business partners can more easily see it. It is not believed, though, that this new tactic will see widespread use as web servers are not typically hosted on corporate networks but rather with hosting providers.
Tomi Engdahl says:
To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions https://www.mandiant.com/resources/unc2165-shifts-to-evade-sanctions
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned the entity known as Evil Corp in December 2019, citing the group’s extensive development and use and control of the DRIDEX malware ecosystem. Since the sanctions were announced, Evil Corp-affiliated actors appear to have continuously changed the ransomware they use. Specifically following an October 2020 OFAC advisory, there was a cessation of WASTEDLOCKER activity and the emergence of multiple closely related ransomware variants in relatively quick succession. These developments suggested that the actors faced challenges in receiving ransom payments following their ransomware’s public association with Evil Corp.
Tomi Engdahl says:
Teollisuuden kyberhyökkäykset maksavat jo miljoonia
https://www.uusiteknologia.fi/2022/06/03/teollisuuden-kyberhyokkaykset-maksavat-jo-miljoonia/
Tietoturvayhtiö Trend Micron uusimman selvityksen mukaan 89 prosenttia kaikista sähkö-, öljy- ja kaasualan yrityksistä on joutunut viimeisen vuoden aikana tuotantoon ja energiahuoltoon vaikuttaneiden kyberhyökkäysten kohteiksi. Suomessa Valtran traktoritehtaan tuotanto on esimerkiksi kipuillut emoyhtiönsä kyberhyökkäyksistä.
Lähes kaikki teollisuusyritykset joutuneet kyberiskun kohteeksi
https://etn.fi/index.php/13-news/13671-laehes-kaikki-teollisuusyritykset-joutuneet-kyberiskun-kohteeksi
Tietoturvayhtiö Trend Micron uusin raportti paljastaa, että 89 prosenttia kaikista sähkö-, öljy- ja kaasualan yrityksistä sekä valmistajista on joutunut viimeisen 12 kuukauden aikana tuotantoon ja energiahuoltoon vaikuttaneiden kyberhyökkäysten kohteiksi. Lähes kolme neljästä (72 %) sanoi, että viimeisen vuoden aikana on tullut vähintään kuusi kyberhyökkäyksistä johtunutta häiriötä.
Tutkimus tehtiin vuosi Colonial Pipeline -putkiyhtiön kiristyshaittaohjelmahyökkäyksen jälkeen. Yhdysvaltain suurimman polttoaineiden putkilinjaston ohjausjärjestelmiin kohdistunut hyökkäys pysäytti linjaston usean vuorokauden ajaksi, mikä johti merkittävään polttoainepulaan Yhdysvaltain itärannikolla. Se on edelleen maailman suurin kriittiseen infrastruktuuriin kohdistunut hyökkäys.
Tomi Engdahl says:
https://www.telia.fi/yrityksille/artikkelit/artikkeli/miten-yritysten-kybertietoturvaa-voi-vahvistaa
Tomi Engdahl says:
Military-made cyberweapons could soon become available on the dark web, Interpol warns
https://www.cnbc.com/2022/05/23/military-cyberweapons-could-become-available-on-dark-web-interpol.html
Tomi Engdahl says:
https://www.iflscience.com/technology/pentagon-impressed-by-starinks-eyewateringly-swift-shut-down-of-russian-cyberattack/
Tomi Engdahl says:
https://hackersonlineclub.com/ghunt-osint-suite-to-investigate-google-accounts/
Tomi Engdahl says:
Cybersecurity pros spend hours on issues that should have been prevented
https://www.techrepublic.com/article/cybersecurity-spend-hours-issues-prevented/
Security staffers can spend more than five hours addressing security flaws that occurred during the application development cycle, says Invicti
Security vulnerabilities have a bad habit of popping up during the software development process, only to surface after an application has been deployed. The frustrating part is that many of these security flaws could have been resolved beforehand had the proper methods and tools been used to uncover them.
A report released Tuesday by web application security firm Invicti looks at the time and resources spent tracking down security holes in developed applications.
Tomi Engdahl says:
Researchers uncovered a malware campaign targeting the infoSec community with fake Proof Of Concept to deliver a Cobalt Strike beacon.
https://securityaffairs.co/wordpress/131553/intelligence/fake-poc-exploits-attacks.html
Tomi Engdahl says:
New method to kill cyberattacks in less than a second
https://techxplore.com/news/2022-05-method-cyberattacks.html
A new method that could automatically detect and kill cyberattacks on our laptops, computers and smart devices in under a second has been created by researchers at Cardiff University.
Using artificial intelligence in a completely novel way, the method has been shown to successfully prevent up to 92 percent of files on a computer from being corrupted, with it taking just 0.3 seconds on average for a piece of malware to be wiped out.
Using advances in artificial intelligence and machine learning, the new approach, developed in collaboration with Airbus, is based on monitoring and predicting the behavior of malware as opposed to more traditional antivirus approaches that analyze what a piece of malware looks like.
“Traditional antivirus software will look at the code structure of a piece of malware and say ‘yeah, that looks familiar’,” co-author of the study Professor Pete Burnap explains.
“But the problem is malware authors will just chop and change the code, so the next day the code looks different and is not detected by the antivirus software. We want to know how a piece of malware behaves so once it starts attacking a system, like opening a port, creating a process or downloading some data in a particular order, it will leave a fingerprint behind which we can then use to build up a behavioral profile.”
Tomi Engdahl says:
https://threatpost.com/snake-keylogger-pdfs/179703/
Tomi Engdahl says:
https://www.hackread.com/personal-details-supervpn-geckovpn-users-telegram-leaked/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/pdf-smuggles-microsoft-word-doc-to-drop-snake-keylogger-malware/
Tomi Engdahl says:
https://www.telia.fi/yrityksille/artikkelit/artikkeli/miten-yritysten-kybertietoturvaa-voi-vahvistaa?utm_source=facebook&utm_medium=image&utm_campaign=brand_always_on&fbclid=IwAR2H5pdg9yNDtHrrEHZFo4NM9p-lJp3Fjvn8SJCXjmNcl8fmLQXz4RaH4vY
Tomi Engdahl says:
https://www.yokeglobe.com/2021/11/how-to-avoid-cyber-attacks.html
Tomi Engdahl says:
https://cybernews.com/security/why-cant-russians-hack-starlink-satellites/
Tomi Engdahl says:
How to Turn a Coke Can Into an Eavesdropping Device
https://www.darkreading.com/iot/coke-can-eavesdropping-device
Cyber-researchers are testing the bounds of optical attacks with a technique that allows attackers to recover voice audio from meetings if there are shiny, lightweight objects nearby.
Tomi Engdahl says:
Digital natives more likely to fall for phishing attacks at work than their Gen X and Boomer colleagues
https://www.techrepublic.com/article/digital-natives-more-likely-to-fall-for-phishing-attacks-at-work-than-their-gen-x-and-boomer-colleagues/
Tomi Engdahl says:
https://pauljerimy.com/security-certification-roadmap/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/new-windows-subsystem-for-linux-malware-steals-browser-auth-cookies/
Tomi Engdahl says:
Exposed Kubernetes Clusters, Kubelet Ports Can Be Abused in Cyberattacks
Organizations must ensure their kubelets and related APIs aren’t inadvertently exposed or lack proper access control, offering an easy access point for malicious actors.
https://www.darkreading.com/dr-tech/exposed-kubernetes-clusters-kubelet-ports-can-be-abused-in-cyberattacks
Tomi Engdahl says:
https://www.pcworld.com/article/704687/8-reasons-to-ditch-chrome-and-switch-to-firefox.html
Tomi Engdahl says:
Attackers Can Use Electromagnetic Signals to Control Touchscreens Remotely
https://thehackernews.com/2022/05/attackers-can-use-electromagnetic.html