Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
Stealing administrative JWT’s through post auth SSRF (CVE-2021-22056) https://blog.assetnote.io/2022/01/17/workspace-one-access-ssrf/
As enterprises take on the challenge of managing identity at scale, often, enterprise products such as VMWare Workspace One Access are used to facilitate this. In this blog post, we take a look at a critical piece of software used by enterprises to manage multi-factor authentication and SSO. While the vulnerability found was post-authentication, an attack vector exists to leak an administrative JWT using the SSRF through CSRF. This increases the severity of the issue as this vulnerability can be used in spear phishing attacks against organizations that use VMWare Workspace One Access.
Tomi Engdahl says:
Phishing e-mail with…an advertisement?
https://isc.sans.edu/forums/diary/Phishing+email+withan+advertisement/28250/
Authors of phishing and malspam messages like to use various techniques to make their creations appear as legitimate as possible in the eyes of the recipients. o this end, they often try to make their messages look like reports generated by security tools[1], responses to previous communication initiated by the recipient[2], or instructions from someone at the recipients organization[3], just to name a few. Most such techniques have been with us for a long time, however, last week I came across one that I dont believe Ive ever seen before inclusion of what may be thought of as an advertisement in the body of the message.
Tomi Engdahl says:
Analyzing DevSecOps vs. DevOps
https://www.trendmicro.com/en_us/devops/22/a/analyzing-devsecops-vs-devops.html
DevSecOps and DevOps are terms youre most likely familiar with and theyre often used so interchangeably you may wonder if theres an actual difference. DevOps walked so DevSecOps can run. Or, in plain English, DevOps was the starting point for integrating teams to encourage agility, but development teams quickly realized this didnt address security teams, so they added security to the mix and coined this DevSecOps. Now you know the difference regarding definition. Not to be all philosophicalbut should there be a difference?
Tomi Engdahl says:
Report: Going to the Beijing Olympics? Leave anything with an electron home https://therecord.media/report-going-to-the-beijing-olympics-leave-your-cellphone-home/
One of the official sponsors to the Beijing 2022 Olympic and Paralympic Winter games is a company called QI-ANXIN and, according to a new report, Olympic visitors who use the companys VPN software while in Beijing could unwittingly be handing over their user data. We recommend that visitors and athletes traveling to the 2022 Winter Olympics in China are aware of the risk in taking and using personal devices during the event, the threat intelligence company Internet 2.0 writes in a new report. This is true for all digital communications in China, and not just while using VPN software.”
Tomi Engdahl says:
Organizations Face a Losing Battle Against Vulnerabilities https://threatpost.com/organizations-losing-battle-vulnerabilities/177696/
After a banner year for vulnerabilities and cyberattacks in 2021, organizations believe they are fighting a losing battle against security vulnerabilities and threats, despite the billions of dollars spent collectively on cybersecurity technology, according to an annual security report from Bugcrowd. This perception comes after 2021 found organizations grappling with the complexities of hybrid environmentswith many corporate workers still at home due to the pandemic plus an explosion of ransomware, and the emergence of the supply chain as a major attack surface, according to the Priority One Report 2022.
Tomi Engdahl says:
How to Attract Hard-to-Find Cybersecurity Talent
https://www.securityweek.com/how-attract-hard-find-cybersecurity-talent
It’s tempting to view cybersecurity through the lens that new and better technology will knock down threats and deliver all the protection an organization needs. While the right tools, applications and systems are essential, the problem for most organizations is managing a security framework.
Currently, nearly 600,000 cybersecurity positions remain unfilled in the US or put another way about 46% of all cyber positions. Globally, the shortage is approximately 2.7 million. What’s more, the problem is accelerating.
This talent shortage has real world repercussions. It makes it more difficult to use tools and technologies effectively, but it also overburdens existing staff and results in protection gaps that increase risks. Yet, snagging cybersecurity talent is an increasingly daunting task. It often seems as though people with the right background and qualifications simply don’t exist.
The upshot? Security leaders must approach staffing in broader and deeper ways. These days, it isn’t enough to rely only on those with degrees, certifications and past experience. By expanding the labor pool to those who are self-taught or have a knack for cybersecurity—and training them for specific roles—the universe of candidates expands exponentially.
Taking a Position
It’s tempting to rely on all the usual suspects for attracting talent. This may involve posting job listings on LinkedIn and on conventional job boards. Or posting openings at a company’s website or using computer programs to scan résumés and look for talent by searching on keywords.
A starting point for spotting cybersecurity talent is to think more broadly. For example, college job fairs, gaming conventions, hackathons and various other events can serve as valuable resources. A booth or even an informal presence at industry events can pay enormous dividends. It may also be possible to sponsor programs or participate in learning partnerships at universities and technical institutes—and thus establish connections with professors and students.
Yet, it’s also critical to rethink the fundamental way an organization approaches hiring. Unfortunately, many companies are entirely out of sync with the marketplace. For example, it isn’t uncommon on LinkedIn to see “entry level” job postings that require multiple certifications and several years of experience. The idea that an entry level position requires this type of background is unrealistic and counterproductive.
Tomi Engdahl says:
Cyber Insights 2022: Supply Chain
https://www.securityweek.com/cyber-insights-2022-supply-chain
Think of a supply chain attack as hub and spokes. It’s a one-to-many relationship: compromise one and get the rest free. One-to-many is the key attraction of supply chain attacks. This is not a new idea, but it’s been taken to new levels of sophistication and frequency in recent years. This growth will continue through 2022 and beyond.
Mike Sentonas, CTO at CrowdStrike, comments, “Frankly put, supply chains are vulnerable, and adversaries are actively researching ways to take advantage of this. We haven’t nearly seen the end of these attacks, and the implications for each one are significant for both the victims and the victims’ customers and partners up and down the chain.”
Supply chains are attractive targets for both cybercriminal gangs and nation-state actors. For the former, they provide the potential for large-scale extortion attacks (see Cyber Insights 2022: Ransomware), while for the latter they can provide extensive access to espionage-linked targets (see Cyber Insights 2022: Nation-States). Both were illustrated in 2021.
Tomi Engdahl says:
For security alone, we could try paying open source projects properly | ZDNet
https://www.zdnet.com/article/for-security-alone-we-could-try-paying-open-source-projects-properly/
Big Tech wants to make Open Source Software more Secure
https://coderoasis.com/open-source-to-be-more-secure/
Tomi Engdahl says:
How to prepare for the growing threat of ransomware
Stay better attuned to—and one step ahead of—increasingly sophisticated cyberattacks
https://brand-studio.fortune.com/sophos/how-to-prepare-for-the-growing-threat-of-ransomware/?prx_t=Xj4HAAAAAAoPEQA&fbclid=IwAR2Ov7Gw5CTCmYmA0x5rumbQO5QzYRKEDKwa59AgfjGDL84wsY7XFa5Jp2E
Tomi Engdahl says:
How does virtual patching help?Virtual patching —or vulnerability shielding —acts as a safety measure against threats that exploit known and unknown vulnerabilities. Virtual patching works byimplementing layers of security policies and rules that prevent and intercept anexploitfrom taking network paths to and from a vulnerability.A good virtual patching solution should be multilayered. This includes capabilities that inspect and block malicious activity from business-critical traffic; detect and prevent intrusions; thwartattacks on web-facing applications; and adaptably deploy on physical, virtual, or cloud environments
https://www.trendmicro.com/explore/en_fi_virtual_patching?utm_source=marketo&utm_medium=email&utm_campaign=Virtual+Patching+finland+baltics&mkt_tok=OTQ1LUNYRC0wNjIAAAGAxsmtOn_OXJhaHMdJSTWtijUNXIuEurkloBcjxP1Y2S3yF1oZU55PeCfGh9-RDvOd0qMrWxMrRHm_IzopLQzRw15LRRKr43T3o0NZjiTDennTg-4noC7H
Here’s how virtual patching augments an organization’s existing security technologies as well as vulnerability and patch management policies:•Buys additional time.Virtual patching gives security teams the time needed to assess the vulnerability and test and apply the necessary and permanent patches. For in-house applications, virtual patching provides time for developers and programmers to fix flaws in their code.•Avoids unnecessary downtime.Virtual patching provides enterprises more freedom to enforce their patch management policies on their own schedule. This mitigates the potential revenue loss caused by unplanned or superfluous disruptions in business operations.•Improves regulatory compliance.Virtual patching helps organizations meet timeliness requirements, such as those imposed by theEUGeneral Data Protection Regulation(GDPR) andPayment Card Industry(PCI).•Provides an additional layer of security.Virtual patching provides security controls to components in the IT infrastructures for which patches are no longer issued (e.g., legacy systems and end-of-support OSs like Windows Server 2008) or are prohibitively costly to patch.•Provides flexibility.Virtual patching reduces the need to roll out workarounds or emergency patches. It eases the task, for instance, of gauging specific points in the network that require patching (or if a patch needs to be applied to all systems).
Tomi Engdahl says:
Global Encryption Coalition Webinar: Germany’s New Position on Encryption
https://www.globalencryption.org/2022/01/global-encryption-coalition-webinar-germanys-new-position-on-encryption/
agreement, Germany’s new coalition government outlined their policy positions for the next four years. (1) In the agreement, the new German government came out strongly in support of end-to-end encryption and firmly opposed to encryption backdoors.
Tomi Engdahl says:
UK Government to Launch PR Campaign Undermining End-to-End Encryption
https://www.schneier.com/blog/archives/2022/01/uk-government-to-launch-pr-campaign-undermining-end-to-end-encryption.html
Tomi Engdahl says:
The Log4j Vulnerability Puts Pressure on the Security World
https://threatpost.com/log4j-vulnerability-pressures-security-world/177721/
It’s time to sound the alarm for Log4Shell. Saryu Nayyar, CEO at Gurucul, discusses what actions you should be taking.
It’s not my intention to be alarmist about the Log4j vulnerability (CVE-2021-44228), known as Log4Shell, but this one is pretty bad.
First of all, Log4j is a ubiquitous logging library that is very widely used by millions of computers. Second, the director of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) says this is the most serious vulnerability she has ever seen in her career spanning decades, and many security experts agree. Third, researchers say that cyberattackers are already exploiting the vulnerability hundreds of times every minute. The fact is, Log4Shell is relatively easy to exploit, so even low-skilled hackers can take advantage.
Tomi Engdahl says:
https://www.facebook.com/groups/2600net/permalink/3218858661670570/
Just the idea that this would make it into a internet security article is disturbing. Google statistics, it just shows that they keep stats on chrome users. How wonderful of them
“The shift toward HTTPs is still great for the internet! According to Google’s statistics, 80% of web pages loaded in Chrome on Windows are loaded over HTTPS. And Chrome users on Windows spend 88% of their browsing time on HTTPS sites.”
Tomi Engdahl says:
Malware vaccines can prevent pandemics, yet are rarely used
https://www.gdatasoftware.com/blog/2022/01/malware-vaccines
Malware vaccines apply harmless parts of malware to a system to trick malware into malfunction. It is not a coincidence that the security industry adopted the term vaccine from medicine because there is a resemblence to medical vaccines which apply inactive or weakened parts of viruses to a person in oder to protect. But the analogy stops there. Malware vaccines do not improve the security reponse of the system.. The harmless malware parts that vaccines apply are often so called infection markers. Malware usually tries not to infect a system twice because this has unintended consequences. For that reason malware may place infection markers after a successful infection. If the malware finds such a marker, it will refrain from installing itself again.
Tomi Engdahl says:
Reducing Security Risks in Open Source Software at Scale: Scorecards Launches V4 https://security.googleblog.com/2022/01/reducing-security-risks-in-open-source.html
Since our July announcement of Scorecards V2, the Scorecards projectan automated security tool to flag risky supply chain practices in open source projectshas grown steadily to over 40 unique contributors and
18 implemented security checks. Today we are proud to announce the V4 release of Scorecards, with larger scaling, a new security check, and a new Scorecards GitHub Action for easier security automation.
Tomi Engdahl says:
Campaigns abusing corporate trusted infrastructure hunt for corporate credentials on ICS networks
https://ics-cert.kaspersky.com/publications/reports/2022/1/19/campaigns-abusing-corporate-trusted-infrastructure-hunt-for-corporate-credentials-on-ics-networks/
In 2021, Kaspersky ICS CERT experts noticed a growing number of anomalous spyware attacks infecting ICS computers across the globe.
Although the malware used in these attacks belongs to well-known commodity spyware families, these attacks stand out from the mainstream due to a very limited number of targets in each attack and a very short lifetime of each malicious sample. By the time the anomaly was detected, this had become a trend: around 21.2% of all spyware samples blocked on ICS computers worldwide in H1 2021 were part of this new limited-scope short-lifetime attack series and, at the same time, and, depending on the region, up to one-sixth of all computers attacked with spyware were hit using this tactic.
Tomi Engdahl says:
Poking Holes in Crypto-Wallets: A Short Analysis of BHUNT Stealer https://www.bitdefender.com/blog/labs/poking-holes-in-crypto-wallets-a-short-analysis-of-bhunt-stealer/
Ever since the Bitcoin boom, crypto currencies have risen sharply in value year after year. Besides attracting more investment, this gain has also increasingly motivated malicious actors to develop stealer malware specialized in gaining access to cryptocurrency wallets. Once they get to these wallets, they can freely and irreversibly transfer funds to wallets controlled by the attacker. In the past year, security researchers have noticed a surge in such cryptocurrency stealers such as the famous Redline Stealer and WeSteal.
Tomi Engdahl says:
Russian Hackers Heavily Using Malicious Traffic Direction System to Distribute Malware https://thehackernews.com/2022/01/russian-hackers-heavily-using-malicious.html
Potential connections between a subscription-based crimeware-as-a-service (Caas) solution and a cracked copy of Cobalt Strike have been established in what the researchers suspect is being offered as a tool for its customers to stage post-exploitation activities. Prometheus, as the service is called, first came to light in August 2021 when cybersecurity company Group-IB disclosed details of malicious software distribution campaigns undertaken by cybercriminal groups to distribute Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish in Belgium and the U.S.
DDoS IRC Bot Malware (GoLang) Being Distributed via Webhards https://asec.ahnlab.com/en/30755/ While monitoring the distribution source of malware in Korea, the ASEC analysis team has discovered that DDoS IRC Bot strains disguised as adult games are being installed via webhards. Webhards are platforms commonly used for the distribution of malware in Korea, where njRAT and UDP Rat were distributed in the past. The cases that are recently being discovered are similar to the case discussed in the post above, and it appears that the same attacker is continuing to distribute the malware.
Tomi Engdahl says:
EU wants to build its own DNS infrastructure with built-in filtering capabilities https://therecord.media/eu-wants-to-build-its-own-dns-infrastructure-with-built-in-filtering-capabilities/
The European Union is interested in building its own recursive DNS service that will be made available to EU institutions and the general public for free. The proposed service, named DNS4EU, is currently in a project planning phase, and the EU is looking for partners to help build a sprawling infrastructure to serve all its current 27 member states. EU officials said they started looking into an EU-based centrally-managed DNS service after observing consolidation in the DNS market around a small handful of non-EU operators.
Tomi Engdahl says:
0.0.0.0 in Emotet Spambot Traffic
https://isc.sans.edu/forums/diary/0000+in+Emotet+Spambot+Traffic/28254/
Emotet often uses information from emails and address books stolen from infected Windows hosts. Malicious spam (malspam) from Emotet spoofs legitimate senders to trick potential victims into running malicious files. Additionally, Emotet uses IP address 0.0.0.0 in spambot traffic, possibly attempting to hide the actual IP address of an Emotet-infected host.
Tomi Engdahl says:
Cross-country Exposure – Analysis of the MY2022 Olympics App https://citizenlab.ca/2022/01/cross-country-exposure-analysis-my2022-olympics-app/
The 2022 Winter Olympic Games in Beijing have generated significant controversy. As early as February 2021, over 180 human rights groups had called for governments to boycott the Olympics, arguing that holding the Games in Beijing will legitimize a regime currently engaging in genocide against Uyghur people in China. Some governments including Canada, the United Kingdom, and the United States have pledged to diplomatically boycott the Games, meaning that these countries will allow athletes to compete at the Games but will not send government delegates to attend the event.
Tomi Engdahl says:
Google Analytics declared illegal in the EU https://tutanota.com/blog/posts/google-analytics/
When the Privacy Shield legislation was invalidated in 2020, this had far-reaching consequences for US online services operating in Europe:
They were no longer allowed to transfer data of European citizens to the US as this would make data of European citizens vulnerable to American mass surveillance – a clear violation of the European GDPR.
However, the Silicon Valley tech industry largely ignored the ruling.
Tomi Engdahl says:
CISA Adds 13 Known Exploited Vulnerabilities to Catalog https://www.cisa.gov/uscert/ncas/current-activity/2022/01/18/cisa-adds-13-known-exploited-vulnerabilities-catalog
CISA has added 13 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below.
These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.
Tomi Engdahl says:
Microsoft Edge Adds Security Mode to Thwart Malware Attacks
https://www.securityweek.com/microsoft-edge-adds-security-mode-thwart-malware-attacks
A new security feature in the latest beta of the Microsoft Edge browser can help protect web surfers from zero-day attacks.
Redmond is positioning Edge’s new security mode as an extra layer of protection for Windows, macOS, and Linux computers and seeks to mitigate unforeseen attacks based on historical trends.
When enabled, the feature improves user security on the Internet with the help of Hardware-enforced Stack Protection, Arbitrary Code Guard (ACG), and Content Flow Guard (CFG), according to a Microsoft document.
The company said corporate network administrators can now ensure that end-user desktops are protected against zero-days by enabling a new set of Group Policies.
https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnote-beta-channel#version-980110823-january-14
Tomi Engdahl says:
U.S. Olympians Told to Use ‘Burner Phones’ in China
https://www.securityweek.com/us-olympians-told-use-burner-phones-china
Olympic athletes heading to China for the upcoming Winter Games should use burner phones and rental computers, and understand clearly that there’s “no expectation of data security or privacy” while moving around in China.
That’s the blunt warning from the U.S. Olympic and Paralympic Committee ahead of next month’s games in Beijing where there’s an elevated risk of malware infections and data compromise.
The guidance is an important reminder to businesses that international travel, even though curtailed by the pandemic, presents a clear and present danger to sensitive company data and intellectual property.
“No guarantees of data privacy or security should be made regardless of the security technology utilized. Assume that every device and every communication, transaction, and online activity will be monitored. Devices may also be compromised with malicious software designed to compromise the device and its future use,” the committee said in a notice seen by SecurityWeek.
It recommended that a “sterile device” be used when entering China and, upon exit, “ the cleansing and destruction of the information on the device ensures the highest degree of security.”
Tomi Engdahl says:
https://www.uusiteknologia.fi/2022/01/20/kateva-pilvipalvelu-voi-olla-tietoturvaongelma/
Tomi Engdahl says:
Identifying Malware By Sniffing Its EM Signature
https://hackaday.com/2022/01/19/identifying-malware-by-sniffing-its-em-signature/
Tomi Engdahl says:
Dustin Volz / Wall Street Journal:
Biden signs a memorandum expanding the NSA’s role in protecting sensitive government networks, and mandating cybersecurity practices at DoD and spy agencies — White House order mandates cybersecurity practices at Defense Department, spy agencies, contractors
Biden to Expand National Security Agency Role in Government Cybersecurity
https://www.wsj.com/articles/biden-to-expand-national-security-agency-role-in-government-cybersecurity-11642604412?mod=djemalertNEWS
White House order mandates cybersecurity practices at Defense Department, spy agencies, contractors
Tomi Engdahl says:
Crack WPA/WPA2 Wi-Fi Routers with Aircrack-ng and Hashcat by Brannon Dorsey
https://hakin9.org/crack-wpa-wpa2-wi-fi-routers-with-aircrack-ng-and-hashcat/
This is a brief walk-through tutorial that illustrates how to crack Wi-Fi networks that are secured using weak passwords. It is not exhaustive, but it should be enough information for you to test your own network’s security or break into one nearby. The attack outlined below is entirely passive (listening only, nothing is broadcast from your computer) and it is impossible to detect provided that you don’t actually use the password that you crack. An optional active deauthentication attack can be used to speed up the reconnaissance process and is described at the end of this document.
Tomi Engdahl says:
Yritysten käyttämissä pilvipalveluissa heikko suojaus
https://etn.fi/index.php/13-news/13062-yritysten-kaeyttaemissae-pilvipalveluissa-heikko-suojaus
Tietoturvayhtiö Palo Alto Networksin tuorein vuosiraportti osoittaa, että yritysten pilvipalvelujen käytössä on tietoturva-aukkoja. Raportin mukaan lähes 70 prosenttia vastanneista yrityksistä hoitaa jo yli puolet tehtävistään pilvessä, kun vastaava luku vuonna 2020 oli 31 prosenttia.
Koronapandemia on johtanut pilvipalvelujen käytön lisääntymiseen yrityksissä. Ne ovat samalla altistaneet itsensä myös aiemmin tuntemattomille riskeille. State of Cloud Native Security -raporttiin on haastateltu yli 3000 IT-ammattilaista pilvipalvelujen tietoturvasta.
Yli puolet vastaajista (55 %) ilmoitti pilvitietoihin liittyvästä heikosta tietoturvan tasosta. Vastaajat kokivat, että heidän on parannettava perusasioitaan, kuten hyödyntää useampaa pilvipalvelua, parantaa käyttöoikeuskäytäntöjen valvontaa ja seurata paremmin tietoturvaloukkauksia.
Tomi Engdahl says:
Privacy statement
Palo Alto Networks
THE STATE OF CLOUD NATIVE SECURITY 2022
The largest, most globally expansive market research dataset on cloud native security is here
https://www.paloaltonetworks.com/state-of-cloud-native-security
Tomi Engdahl says:
UK mulls making MSPs subject to mandatory security standards where they provide critical infrastructure
https://www.theregister.com/2022/01/20/uk_nis_regulations_msp_plans/
Small and medium-sized managed service providers (MSPs) could find themselves subject to the Network and Information
Tomi Engdahl says:
Security Scanners Across Europe Tied to China Govt, Military
https://www.securityweek.com/security-scanners-across-europe-tied-china-govt-military
At some of the world’s most sensitive spots, authorities have installed security screening devices made by a single Chinese company with deep ties to China’s military and the highest levels of the ruling Communist Party.
The World Economic Forum in Davos. Europe’s largest ports. Airports from Amsterdam to Athens. NATO’s borders with Russia. All depend on equipment manufactured by Nuctech, which has quickly become the world’s leading company, by revenue, for cargo and vehicle scanners.
Tomi Engdahl says:
Cyber Insights 2022: Nation-States
https://www.securityweek.com/cyber-insights-2022-nation-states
In the 1960s, the Cold War with the USSR was at its height and hot war raged in Vietnam. The world was on the brink, and songs like P.F. Sloan’s Eve of Destruction were popular. The world pulled back, and things changed.
The question for 2022 is whether the threat of full-blown cyberwar will increase or recede. The stakes are high – a single error in cyber activity could tip over into a kinetic response that could spread from local to global in extent.
Tomi Engdahl says:
Software Supply Chain Attacks Tripled in 2021: Study
https://www.securityweek.com/software-supply-chain-attacks-tripled-2021-study
2021 can be described as the year of the software supply chain attack – the year in which SolarWinds opened the world’s eyes, and the extent of the threat became apparent.
Apart from SolarWinds, other major attacks included Kaseya, Codecov, ua-parser-js and Log4j. In each case, the attraction for the attacker is that a single breach, compromise or vulnerability in distributed code can lead to multiple – even thousands – of victims.
Following a six-month analysis of customer security assessments conducted by Argon (an Aqua Security company), the 2021 Software Supply Chain Security Report highlights the primary areas of criminal focus: open-source vulnerabilities and poisoning; code integrity issues; and exploiting the software supply chain process and supplier trust to distribute malware or backdoors.
The common factor is open-source software – a source of code that is often inherently trusted and used automatically by in-house system developers.
“The number of attacks over the past year and the widespread impact of a single attack highlights the massive challenge that application security teams are facing,” comments Eran Orzel, a senior director at Argon. “Unfortunately, most teams lack the resources, budget, and knowledge to deal with supply chain attacks. Add to that the fact that to address this attack vector AppSec teams need cooperation from development and DevOps teams, and you can understand why this is a tough challenge to overcome.”
Tomi Engdahl says:
Seven Ways to Ensure Successful Cross-Team Security Initiatives
https://www.securityweek.com/seven-ways-ensure-successful-cross-team-security-initiatives
Many organizations have one or more strategic initiatives that involve a large amount of coordination and cooperation across functions and teams. In my experience, these cross-team initiatives are often the most challenging ones, while simultaneously being the most rewarding. There are a number of reasons why this is the case, though I’d like to take a look at a different angle in this piece.
After making some observations and doing some thinking, I believe that I have identified several important factors. While there are surely others, here are seven ways to ensure successful cross-team security initiatives:
1. Executive support: Perhaps it seems obvious, though cross-team initiatives require executive support for them to succeed. The reason for this is often very straightforward. Each team has its own priorities, goals, objectives, targets, and other criteria by which its success is measured.
2. Clear priorities: In addition to executive support behind cross-team efforts, executives need to set clear priorities both for the initiative and across the organization as a whole.
3. Responsible party: One of the toughest parts of cross-team efforts is responsible and timely decision making. One reason this happens is because it is not clear to those contributing to the effort who is in charge, and thus, who is responsible for the outcomes of the project.
4. Adequate resources: Support, priorities, and a point-person are a great start, though a successful cross-team initiative requires that adequate resources be assigned to it.
5. Trust: It is an unfortunate reality of larger organizations that there sometimes exists mistrust or distrust between different parts of the organization.
6. Attainable milestones: Cross-team efforts are similar to intra-team efforts in that they need to be broken down into smaller, attainable milestones.
7. Regular touchpoints: Effective communication is key to a successful cross-team effort. One way to accomplish this is to establish regular touchpoints on a recurring basis where priorities are communicated, input and feedback is solicited, confidence and consensus are built, and status reports are provided.
Tomi Engdahl says:
Living Off the “Edge” of the Land
https://www.securityweek.com/living-edge-land
Edge-Access Trojans (EATs) allow attackers to collect data and even disrupt crucial decisions as the edge of the network
Edge computing is eminently practical in that it solves several important problems, many of which are related to the latency created when data must travel long distances. The edge offers significant functional and economic benefits, such as the emergence of a new breed of real-time applications. And the need for more edges has increased due to the proliferation of IoT and operational technology (OT) devices, as well as smart devices powered by 5G and AI that enable real-time transactions.
At the same time, though, such a profusion of devices expands the attack surface, creating new entry doors into corporate networks. New edge-based threats are emerging as cybercriminals target the entire extended network as an entry point for an attack. Malicious actors will work to maximize any potential security gaps created by intelligent edges and advances in computing power to create advanced and more destructive threats – and at unprecedented scale.
As edge devices become more powerful, with more native capabilities, criminals will design new attacks to “live off the edge.” An increase in attacks targeting OT, particularly at the edge, is likely as the convergence of IT and OT networks continues. It’s important to understand the nature of attacks headed for the edge in order to properly prepare for them.
New edge threats emerge
FortiGuard Labs predicted last year the advent of Edge-Access Trojans (EATs), designed to target edge environments. This approach has the advantage of allowing bad actors to collect data and even disrupt crucial decisions as the edge of the network, where time sensitivity is paramount. This would create an entirely new level of urgency to ransomware attacks, particularly when it comes critical infrastructure systems.
Attackers can also use EATs to corrupt data, which may significantly impact downstream systems that rely on data collected by edge devices. Such edge footholds can also be used to tunnel back to the corporate network.
Another edge challenge: Living off the land
Living-off-the-land attacks allow malware to use existing toolsets and capabilities within compromised environments. It’s a particularly tricky situation because attacks and data exfiltration look like normal system activity and go unnoticed. The March 2021 Hafnium Exchange attacks used this technique to live and persist in domain controllers.
Living off the land at the edge
We believe EATs and living-off-the-land will converge in 2022. Criminals will design new attacks to live off the edge “land” as edge devices become more powerful and, of course, more privileged. Edge malware will monitor edge activities and data and then steal, hijack or even ransom critical systems, applications and information while avoiding detection.
Endpoint security becomes increasingly important
Every point of connection represents a possible attack surface. IoT edge devices and the IoT devices they connect with present new vulnerabilities for a network. Some edge devices come with default passwords, such as “admin,” that customers may neglect to change. Other devices are personal ones that a user may log in to and then leave open, allowing an attacker to access the network. Examples include smartphones or smart cars, both of which can be stolen while the user is still logged in to the network.
Protecting your organization from these new edge-based threats will require you to upgrade end-user devices with advanced Endpoint Detection and Response (EDR) technologies along with enhanced network access controls (NAC) – including zero trust network access (ZTNA).
Securing the edge
Cybercriminals are tireless in their efforts to attack everything they can, and that includes the edge. The convergence of the “living off the land” and EATs trends is particularly dangerous, as it enables attackers to go unnoticed while they carry out their schemes for as long as they want. With every endpoint a potential entry point, you need EDR and other advanced defense solutions working together to thwart edge attacks.
Tomi Engdahl says:
Ransomware attacks, which were a growing problem last year, are expected to increase this year. But the cyberattacks, which people assumed were coming from outside their organizations, have also become internal threats.
65% Of Surveyed Executives And Employees Have Been Asked By Hackers To Help In Ransomware Attacks
https://lm.facebook.com/l.php?u=https%3A%2F%2Ftrib.al%2Fqtsgt7y&h=AT15REK7nre4GoUKCotSsPZMJjoncSob6SZiwPMv-43uxs5BrycMPQin4BUDDwX5Lj2dtv2c2JGg1J8m6V1oF98AH8DvnRqPy_Nf_3CTXZQTBa7BbNOvn5YFXGU2kUEi0A
Ransomware attacks, which were a growing problem last year, are expected to increase this year. But the cyberattacks, which people assumed were coming from outside their organizations, have also become internal threats.
A new poll from identity protection company Hitachi ID Systems found that 65% of surveyed IT and security executives or their employees have been approached to assist in these cyberattacks. This represents a 17% increase from a similar survey last November.
Overall, 57% of respondents reported that they or their employees were offered cash or Bitcoins worth less than $500,000. Ransomware attackers primarily contacted executives and employees through email (59%).
Of the 65% who said they had been approached to assist in a ransomware attack, 49% ended up a victim of ransomware attack.
Although many (55%) consider themselves moderately or very prepared to defend against ransomware, more than half (51%) rely mostly or exclusively on perimeter defense.
In the new poll, most people said they consulted an external party before responding to a ransomware attack and were advised not to pay the ransom. But 26% said they did pay—the demands ranged between $300,000 and $600,000.
Hitachi ID warned that, “To combat this rising threat, businesses must take a proactive offensive approach to cybersecurity or face financial and reputational damage.”
Tomi Engdahl says:
https://melmagazine.com/en-us/story/wargames-ronald-reagan-cybersecurity
Tomi Engdahl says:
Meta and Snap sued by mother over alleged role in her daughter’s suicide
https://lm.facebook.com/l.php?u=https%3A%2F%2Fengt.co%2F33ZT8gA&h=AT0M4hDfIJjFtyiB-jXleJ_pLG0sCz0ivjhMlU4mfSEyQjoubYCk68cxW_-oobnraPpPFUrW714vJ4Kt133L8ZBbo4cuoyMw3ozKU2FFw6Z3aJ3zT_msa_dy-4ScWD_7SQ
Tomi Engdahl says:
The EU Wants Its Own DNS Resolver that Can Block ‘Unlawful’ Traffic
https://torrentfreak.com/the-eu-wants-its-own-dns-resolver-that-can-block-unlawful-traffic-220119/
The EU is planning to develop its own government-run DNS resolver. The project dubbed DNS4EU is meant to offer a counterweight to the popular resolvers that are mostly based in the U.S. Aside from offering privacy and security to users, the DNS solution will also be able to block “illegal” websites, including pirate sites.
Nowadays, there are several large DNS resolvers. Many ISPs operate their own but third-party DNS services are very popular too. The most used third-party options include Google, Cloudflare, OpenDNS and Norton, which are all US-based. This large foreign footprint has the EU worried.
To offer some balance to the American dominance in the DNS industry, Europe is proposing its own alternative titled DNS4EU. Last week the European Commission published a call for proposals, which also describes in detail what features the government-controlled DNS resolver should offer.
The project overview makes it clear that DNS4EU is meant to protect the privacy of end-users and keep them secure.
“DNS4EU shall offer a high level of resilience, global and EU-specific cybersecurity protection, data protection and privacy according to EU rules, ensure that DNS resolution data are processed in Europe and personal data are not monetised,” the EU writes in its overview.
“Filtering of URLs leading to illegal content based on legal requirements applicable in the EU or in national jurisdictions (e.g. based on court orders), in full compliance with EU rules.”
Tomi Engdahl says:
Memorandum on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems
https://www.whitehouse.gov/briefing-room/presidential-actions/2022/01/19/memorandum-on-improving-the-cybersecurity-of-national-security-department-of-defense-and-intelligence-community-systems/
Tomi Engdahl says:
https://sysdig.com/blog/mitigating-log4j-kubernetes-network-policies/
Tomi Engdahl says:
Building resilience is a skill and a team sport – two common myths around resilience
https://technopolisglobal.com/insights/stories/building-resilience-is-a-skill/
The psychological demands placed upon Formula 1 drivers are remarkable. In this article we discuss resilience on two levels – the individual and her environment.
Tomi Engdahl says:
CSPM, CIEM, CWPP, and CNAPP: Guess who in cloud security landscape
https://sysdig.com/blog/cnapp-cloud-security-sysdig/
Tomi Engdahl says:
https://www.zdnet.com/article/singapore-must-clamp-down-on-security-inertia-before-digital-banking-era-can-take-off/
Tomi Engdahl says:
https://thehackernews.com/2022/01/donot-hacking-team-targeting-government.html
Tomi Engdahl says:
https://voidsec.com/windows-drivers-reverse-engineering-methodology/
Tomi Engdahl says:
How to Trace Emails Back to Their Source IP Address
BY GAVIN PHILLIPS
UPDATED SEP 15, 2021
Here’s how to trace that email back to where it came from… and why you’d want to do it!
https://www.makeuseof.com/tag/how-to-trace-your-emails-back-to-the-source/