Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
https://hackersonlineclub.com/steganography-data-that-hidden-behind-the-images/
Tomi Engdahl says:
AN ORAL HISTORY OF HOW THE MOVIE ‘WARGAMES’ INSPIRED RONALD REAGAN’S CYBERSECURITY POLICIES
From the movie’s writers to the people who were in the room with Reagan when he watched it, here’s why you can thank Matthew Broderick for the lack of accidental nuclear wars
https://melmagazine.com/en-us/story/wargames-ronald-reagan-cybersecurity
Tomi Engdahl says:
When to go full Spartan Defense in Data Management?
https://pentestmag.com/when-to-go-full-spartan-defense-in-data-management/
Tomi Engdahl says:
https://www.eficode.com/guides/devops-for-executives
Tomi Engdahl says:
White House to beef up cyberdefenses for National Security Agency, Defense Department
https://www.cnet.com/tech/services-and-software/white-house-to-beef-up-cyberdefenses-for-national-security-agency-defense-department/
A new memorandum requires cybersecurity measures at intelligence-gathering organizations to match or exceed those of federal civilian networks.
Tomi Engdahl says:
5 tools helping companies more effectively manage cybersecurity in 2022
https://www.techrepublic.com/article/5-tools-helping-companies-more-effectively-manage-cybersecurity-in-2022/
Tomi Engdahl says:
8 Cybersecurity Tips to Stay Protected in 2022
https://www.howtogeek.com/778547/cybersecurity-tips-to-stay-protected/
As new technology emerges, cybersecurity protocols also evolve. However, there are some basic tips you should carry with you everywhere to stay better protected against cyber attacks. Here are some general rules to follow to stay safe in 2022.
Use Strong Passwords and a Password Manager
Using strong passwords is a must-do to keep yourself protected, and you should take this a step further by using a unique password for each separate account you have. This protects you in a number of ways.
Using strong passwords increases your protection against brute force attacks
Use Two-Factor Authentication (2FA)
The first layer of protection between your account and someone else accessing it is your password. The second layer is two-factor authentication (2FA). You should be using it to add an extra blanket of security to your accounts.
Double-Check That Link Before You Click
Phishing is one of the most common forms of cyber attack. Phishing is a form of cyberattack that is delivered mainly by email, but also by SMS. The threat actor tries to entice you to click a bogus link that will take you to a website that’s masquerading as an official entity, or even download a virus on your device.
Use a VPN When On Public Wi-Fi
Public Wi-Fi is a great thing in a pinch, but it’s not a good idea to connect to a public Wi-Fi network unless you absolutely have to. If you do connect to a public Wi-Fi network, make sure you connect to a VPN. Otherwise, your traffic may be exposed to anyone on that network.
Keeps Apps and Devices Up-to-Date
App and device updates aren’t just for bringing you cool new features; they also often provide important security patches.
Don’t Jailbreak Your iPhone
Hackers find security holes in the iPhone’s iOS operating system, and then take advantage of those security holes to take control over iOS.
Don’t Store Sensitive Info on Your Phone (and Always Use a Passcode Lock)
As we mentioned, cyberattacks don’t always happen on the other side of the screen. If you lose your phone and someone finds it, or if someone gains physical access to your phone, and your personal information is stored on that phone, you’re vulnerable.
Use Privacy-Focused Apps
Using privacy-focused apps may not only help prevent you from being a victim of cybercrime,
Tomi Engdahl says:
Microsoft lists the Windows 10 group policies to avoid
https://www.bleepingcomputer.com/news/microsoft/microsoft-lists-the-windows-10-group-policies-to-avoid/
Tomi Engdahl says:
https://pentestmag.com/why-cloud-networking-is-a-must-for-flexibility-scalability-and-visibility/
Tomi Engdahl says:
Are embedded devices the next ransomware target?
https://techcrunch.com/2022/01/22/embedded-devices-ransomware/
2021 will be remembered as the year that ransomware gangs turned their attention to critical infrastructure, targeting companies built around manufacturing, energy distribution, and food production.
The Colonial Pipeline ransomware alone resulted in the shutdown of 5,500 miles of pipeline over fears that the ransomware attack on its IT network would spread to the operational network that controls the pipeline for distributing fuel.
Operational technology (OT) networks control the devices critical to the continued operations of production lines, power plants, and energy supplies, and as such are typically segmented from a company’s internet-facing IT networks to better isolate critical hardware from cyberattacks.
Tomi Engdahl says:
Can We Actually Trust Google?
Technology Policy
•
Jan 22, 2022
https://coderoasis.com/can-we-actually-trust-google/
For a good few years, it seemed that Google lived up to its old motto.
Tomi Engdahl says:
How to protect your PC from ransomware using Windows’ built-in protection
It may take a bit of work to use, but that could end up being very worth it
https://www.theverge.com/22889631/windows-10-11-ransomware-defense-security-how-to
Tomi Engdahl says:
Mitigating log4j with Runtime-based Kubernetes Network Policies
https://sysdig.com/blog/mitigating-log4j-kubernetes-network-policies/?utm_source=facebook&utm_medium=cpc&utm_campaign=cloud-security-awareness&utm_content=blog-log4j-kubernetes&fbclid=IwAR2CBjPgH_0PJCus8-IPF0jipEa57aYJ6ygekoejOFZQswfCKITJ6V_FnIE
Traditional Mitigation
Web Application Firewalls (WAF) are often the first option for mitigating vulnerabilities that require HTTP transport. Google Cloud discusses using their Cloud Armor WAF to block requests with some of the JNDI strings known to be used in the exploitation of log4j.
Other WAF vendors have been releasing similar posts. While initially effective and easy to apply, these solutions are based on pattern matches, which can often be bypassed.
Kubernetes Mitigation
If your environment is running Kubernetes, there is another option for mitigating log4j.
Network policies dictate how pods are able to communicate with network entities in and outside of your cluster. One of the key aspects of the log4j vulnerability is that it forces the server to reach out to another server in order to get its payload. This egress can be prevented with a Kubernetes network policy.
Sysdig Secure’s runtime analysis of workloads is very valuable.
As seen in the runtime generated policy above, egress activity has been limited to resources installed using Helm and initiating DNS activity over UDP port 53. All other traffic would be disallowed, including the stage of the log4j exploit that downloads the malicious payload because it uses TCP.
An advanced attacker could try to exfiltrate data over DNS which would be allowed by the generated policy. If that is a concern, DNS monitoring may be required.
Tomi Engdahl says:
https://www.facebook.com/cybersec.prism/photos/a.2047976635522412/2865395077113893/?type=3
How Does Network Security Work?
Network security is any activity designed to protect the usability and integrity of your network and data.
It includes both hardware and software technologies
It targets a variety of threats
It stops them from entering or spreading on your network
Effective network security manages access to the network
Network security combines multiple layers of defenses at the edge and in the network. Each network security layer implements policies and controls. Authorized users gain access to network resources, but malicious actors are blocked from carrying out exploits and threats.
14-Components of Network Security
Firewalls
Firewalls put up a barrier between your trusted internal network and untrusted outside networks, such as the Internet. They use a set of defined rules to allow or block traffic. A firewall can be hardware, software, or both.
Email security
Email gateways are the number one threat vector for a security breach. Attackers use personal information and social engineering tactics to build sophisticated phishing campaigns to deceive recipients and send them to sites serving up malware. An email security application blocks incoming attacks and controls outbound messages to prevent the loss of sensitive data.
Anti-virus and anti-malware software
“Malware,” short for “malicious software,” includes viruses, worms, Trojans, ransomware, and spyware. Sometimes malware will infect a network but lie dormant for days or even weeks. The best antimalware programs not only scan for malware upon entry, but also continuously track files afterward to find anomalies, remove malware, and fix damage.
Network segmentation
Software-defined segmentation puts network traffic into different classifications and makes enforcing security policies easier. Ideally, the classifications are based on endpoint identity, not mere IP addresses. You can assign access rights based on role, location, and more so that the right level of access is given to the right people and suspicious devices are contained and remediated.
Network Access control [NAC]
Not every user should have access to your network. To keep out potential attackers, you need to recognize each user and each device. Then you can enforce your security policies. You can block non-compliant endpoint devices or give them only limited access. This process is network access control (NAC).
Application security
Any software you use to run your business needs to be protected, whether your IT staff builds it or whether you buy it. Unfortunately, any application may contain holes, or vulnerabilities, that attackers can use to infiltrate your network. Application security encompasses the hardware, software, and processes you use to close those holes.
Behavioral analytics
To detect abnormal network behavior, you must know what normal behavior looks like. Behavioral analytics tools automatically discern activities that deviate from the norm. Your security team can then better identify indicators of compromise that pose a potential problem and quickly remediate threats.
Data loss prevention
Organizations must make sure that their staff does not send sensitive information outside the network. Data loss prevention, or DLP, technologies can stop people from uploading, forwarding, or even printing critical information in an unsafe manner.
Intrusion prevention systems
An intrusion prevention system (IPS) scans network traffic to actively block attacks. Cisco Next-Generation IPS (NGIPS) appliances do this by correlating huge amounts of global threat intelligence to not only block malicious activity but also track the progression of suspect files and malware across the network to prevent the spread of outbreaks and reinfection.
Mobile device security
Cybercriminals are increasingly targeting mobile devices and apps. Within the next 3 years, 90 percent of IT organizations may support corporate applications on personal mobile devices. Of course, you need to control which devices can access your network. You will also need to configure their connections to keep network traffic private.
Security information and event management
SIEM products pull together the information that your security staff needs to identify and respond to threats. These products come in various forms, including physical and virtual appliances and server software.
VPN
A virtual private network encrypts the connection from an endpoint to a network, often over the Internet. Typically, a remote-access VPN uses IPsec or Secure Sockets Layer to authenticate the communication between device and network.
Web security
A web security solution will control your staff’s web use, block web-based threats, and deny access to malicious websites. It will protect your web gateway on site or in the cloud. “Web security” also refers to the steps you take to protect your own website.
Wireless security
Wireless networks are not as secure as wired ones. Without stringent security measures, installing a wireless LAN can be like putting Ethernet ports everywhere, including the parking lot. To prevent an exploit from taking hold, you need products specifically designed to protect a wireless network.
Nonetheless, always remember to:
Educate your staff
Follow industry best practices
Explore your attack surface
___________________________
You can watch all the videos of Cybersecurity Series here:
Facebook Page : Cybersecurity Prism https://www.facebook.com/cybersec.prism/
Tomi Engdahl says:
Log4j: Mirai botnet found targeting ZyXEL networking devices
A report explained that the Log4j vulnerability is being used to “infect and assist in the proliferation of malware used by the Mirai botnet.”
https://www.zdnet.com/article/log4j-mirai-ddos-botnet-targeting-zyxel-networking-devices/
An Akamai researcher has discovered an attempt to use Log4j vulnerabilities in ZyXEL networking devices to “infect and assist in the proliferation of malware used by the Mirai botnet.”
Tomi Engdahl says:
https://techcrunch.com/2022/01/24/a-cisos-playbook-for-responding-to-zero-day-exploits/
Tomi Engdahl says:
Securing file transfers in a fast-changing world
MFT systems have evolved to embrace both security and simplicity—but they’re only getting started.
https://brand-studio.fortune.com/axway/securing-file-transfers-in-a-fast-changing-world/?prx_t=AyIHAAAAAAoPEQA&fbclid=IwAR2oeHomAQFVeA73JglOEE0oaPjpLhFCcytftuJxLHmrMXXEWlY41j9q88k
Transferring files online is as old as the Internet itself, but the process continues to grow more complex, thanks to a surge in the volume of electronic data. As digital transformation fuels the rapidly changing global economy, companies are calling for powerful new capabilities, which have come in the form of managed file transfer (MFT) systems.
Today, MFT systems, which guarantee security through the life cycle of a document’s delivery via encryption, are being used as an efficient, reliable method to securely transfer data across industries, whether it’s banks moving large portions of the global money supply, manufacturers producing cutting-edge product designs, or doctors sharing life-saving medical data. By using MFT systems, enterprises can also ensure this critical data stays protected and complies with vendor service agreements, as well as regulations that protect consumer privacy and patient data.
“There is a massive increase in the amount of data exchange happening right now, and I don’t think that is going to slow down anytime soon,” says Meetesh Patel, general manager of MFT at Axway. “This system helps avoid a breakdown in secure file transfers that can hurt a company’s bottom line.”
Tomi Engdahl says:
Pääsynhallinta on yritysverkon oma portsari
Tunnistamattomista laitteista muodostuu yritysverkoissa aina tietoturva-aukkoja. DNA Pääsynhallinnalla varmistetaan tietoturvallinen liiketoiminta.
https://www.dna.fi/yrityksille/blogi/-/blogs/paasynhallinta-on-yritysverkon-oma-portsari?utm_source=facebook&utm_medium=linkad&utm_content=ILTE-artikkeli-paasynhallinta-on-yritysverkon-oma-portsari&utm_campaign=H_MES_22-03-05_aruba&fbclid=IwAR3uKBHGzmHTfXaqn9ZrHF3MH-8FrVITLiQ33BfvnMblpBoiHgobQbWkV-Q
Tomi Engdahl says:
http://antonioparata.blogspot.com/2022/01/analyzing-ida-pro-anti-decompilation.html
Tomi Engdahl says:
Microsoft: Now we’re switching off Excel 4.0 macros by default
Microsoft has enabled a new setting that disables legacy Excel 4.0 macros by default
https://www.zdnet.com/article/microsoft-were-switching-off-excel-4-0-macros-by-default-to-protect-you-against-security-threats/
Tomi Engdahl says:
Cybersecurity: 11 steps to take as threat levels increase
Security agency warns businesses that the cyber-threat level rises when zero days or geopolitical tensions emerge.
https://www.zdnet.com/article/cybersecurity-11-steps-to-take-as-threat-levels-increase/
Tomi Engdahl says:
Huoli Omakannasta: Onko terveyssovelluksen käyttö uhka etuuksien saamiselle? https://www.is.fi/digitoday/art-2000008564340.html
Tomi Engdahl says:
https://www.kanta.fi/hyvinvointitiedot
Tomi Engdahl says:
https://www.uusiteknologia.fi/2022/01/26/pahimmat-kyberhyokkaykset-kohteena-koulutus-ja-tutkimusala/
Tomi Engdahl says:
Molerats Hackers Hiding New Espionage Attacks Behind Public Cloud Infrastructure
https://thehackernews.com/2022/01/molerats-hackers-hiding-new-espionage.html
An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East.
The cyber offensive is believed to have been underway since at least July 2021, according to cloud-based information security company Zscaler, continuing previous efforts by the hacking group to conduct reconnaissance on the target hosts and plunder sensitive information.
Tomi Engdahl says:
https://kienmanowar.wordpress.com/2022/01/23/quicknote-emotet-epoch4-epoch5-tactics/
Tomi Engdahl says:
https://pentestmag.com/exploiting-blind-sql-injections-update-insert-statements-without-stacked-queries-sina-yazdanmehr/
Tomi Engdahl says:
https://visualtraceroute.net/
Tomi Engdahl says:
The Words You Should Never Google, According To People Who Have
https://www.iflscience.com/technology/the-words-you-should-never-google-according-to-people-who-have/
Ah, Google, the world’s number two website. An incredibly useful tool that can become an absolute horror show if you use it incorrectly.
Some people have learned this the hard way so that you don’t have to. These are some of the words that you should never Google, according to people who have.
Tomi Engdahl says:
Cyber Insights 2022: Identity
https://www.securityweek.com/cyber-insights-2022-identity
The rise of cloud and remote working led to the concept of ‘no-perimeter’ IT, and companies struggled to find a border to protect. The difficulty is the perimeter is no longer a ‘thing’ with a physical presence but a concept. That concept is the identity – for whatever and from wherever.
Identity has always been the key to security. But the industry became sidetracked into concentrating more on the content of traffic than on the source of the traffic. If we have authorized identities, and can authenticate authorized identities, we can block everyone and everything else. The bad guys just cannot get in – well, that’s the theory.
But in recent years, the volume of identities has burgeoned. Estimates that users have around 100 identities are common. Expansion within the cloud, increasing business transformation and the explosion of IoT all require identities. But only the volume has changed. The identity remains the key for access into the network, and for movement within the network.
“Identity security will become all the more vital as the ‘metaverse’ gains traction,” warns Larry Chinski, VP of global IAM strategy at One Identity “Ninety-five percent of businesses report challenges managing the number of identities that currently fall under their organization’s umbrella (human, digital, RPA, etc.). As adoption of the metaverse increases, identity security and management issues will only become more profound – and a bigger threat to business resiliency.”
There is no greater certainty than attacks on and with identities will increase in 2022.
Digital identity fraud
Fraud is the single most common identity-based attack. There are many sub-categories of fraud, but all require the misuse of someone’s identity. Fraud will continue to grow in 2020 because of the growing number of identities to misuse, the huge pool of stolen credentials on the dark web, and an increasing use of bot automation (for credential stuffing and more), and AI techniques by criminals.
Account takeover, account opening and BEC scams are three sub-categories to watch in 2022.
Machine identities
Non-human identities, collectively known as machine identities, generally outnumber the human identities within an organization. These include devices, services and workloads – and are usually ‘privileged’ accounts. Their growth is still accelerating in line with both business transformation and automation, and they have not traditionally been given as much security concern as human identities. This growing identity sprawl will prove challenging through 2022.
“The growth of machine identities will create an even larger identity sprawl challenge for organizations,” says Larry Chinski. “Due to the convergence of AI innovation, digitization, and the asynchronous workforce accelerated by the pandemic, enterprises are increasingly deploying solutions like RPA [robotic process automation] to automate tasks, boost productivity, and enhance customer service.”
But, he continued, “There’s one big issue that’s commonly overlooked when it comes to AI innovation – security. Today, 94% of organizations who have deployed bots or RPA report challenges securing them. What’s causing this challenge is that security professionals don’t realize that bots have identities just like humans.”
Identity-based attacks against the cloud
Misconfigurations
Credential-based attacks
Cloud identity systems
Summary
“Identity is the new perimeter and access is the new security,” says Joseph Carson, chief security scientist at ThycoticCentrify (consider the buzz around zero trust). “The paradigm shift to working remotely has been accelerating, making the traditional enterprise perimeter almost entirely redundant. In their bid to secure the new perimeter, organizations have had to first wrestle with the challenge of correctly defining it. Factors such as cloud computing, home office networks, endpoints, mobile apps, and legacy on-premise systems have exacerbated this issue. Some organizations have attempted to enforce multiple edge perimeter points, but this in turn becomes a major challenge to manage and secure.”
The key is the touch point across the organization, both internally and with external entities; and the common factor is identity. “This means access has become the new security control for the organization’s perimeter,” he continued. “In 2022, businesses must get back in control by making Identity and Access Security a top priority. Privileged access has become the digital polygraph test to verify that identities are authentic before enabling authorization to resources.”
Failure to do so in 2022 will lead to a growing number of breaches at the confluence of massive identity sprawl, increasing sophistication and professionalism among the attackers, and the arrival of adversarial AI assistance.
Tomi Engdahl says:
New Open Source Tool Helps Identify EtherNet/IP Stacks for ICS Research, Analysis
https://www.securityweek.com/new-open-source-tool-helps-identify-ethernetip-stacks-ics-research-analysis
Industrial cybersecurity firm Claroty on Wednesday announced a new open source tool designed for identifying EtherNet/IP stacks.
According to the company, the new “EtherNet/IP & CIP Stack Detector” tool can be useful to security researchers, operational technology (OT) engineers, and asset owners.
EtherNet/IP (ENIP) is an industrial network protocol that implements the Common Industrial Protocol (CIP). ENIP is often used for process control and industrial automation applications.
In the past years, Claroty researchers have conducted projects focusing on the security of ENIP stacks and found vulnerabilities that could pose serious risks to industrial control systems (ICS).
Claroty says this open source tool can be used to identify and classify the use of third-party ENIP stack code, helping organizations understand their exposure to vulnerabilities found in these stacks.
Team82 ENIP & CIP Stack Detector Simplifies Protocol Identification
https://www.claroty.com/2022/01/26/blog-research-team82-enip-cip-stack-detector-simplifies-protocol-identification/
Team82 is releasing today a custom, generic EtherNet/IP stack detection tool that will be free and publicly available via our GitHub repository.
The tool fulfills a number of use cases for cybersecurity researchers, OT engineers, and asset owners by helping them to identify and classify commercial and homegrown products using the same third-party ENIP stack code. By identifying the ENIP stack, users inside the enterprise as well as vendors will be able to better understand their exposure to newly disclosed vulnerabilities, and subsequently prioritize updates.
https://github.com/claroty/enip-stack-detector
Tomi Engdahl says:
Europe’s Hypocrisy Over Personal Data Privacy Exposed
https://www.securityweek.com/europes-hypocrisy-over-personal-data-privacy-exposed
There seems to be a strong likelihood that European hypocrisy over personal data privacy might continue indefinitely
The European Data Protection Supervisor’s instruction to Europol to delete all stored data not related to a person with a known link to crime is just the tip of a European hypocritical surveillance iceberg.
The issue is discussed in a report by Douwe Korff (Emeritus Professor of International Law, London Metropolitan University and Associate at the Oxford Martin School, University of Oxford) titled The EU’s own ‘Snowden scandal’: illegal mass surveillance and bulk data mining by Europol and the member states (PDF).
Edward Snowden’s revelations on NSA and GCHQ mass surveillance operations directly led to the development of the European General Data Protection Regulation (GDPR) which is now used around the world as the blueprint and gold standard for personal privacy protection.
GDPR is a production of the European Parliament (EP). EP members are elected by the people. European political power, however, largely rests with the European Commission (EC) whose members are nominated by the member state governments. There is an inherent and ongoing conflict of interest between people and governments in European politics. With GDPR, the people won – but Americans largely looked on and thought: ‘hypocrites’.
This inherent hypocrisy is now fully revealed by Europol’s mass collection of personal data of European residents contrary to the principles of GDPR (which by definition includes both natural citizens and incoming migrants). Hypocritical irony is added to the mix with the ECJ’s Schrems II judgment which makes EU to U.S. data transfers difficult and largely illegal. Schrems II is based on the incompatibility of GDPR and FISA 720, the latter giving the U.S. government access to European PII – yet here is Europol doing largely the same thing on European personal data
“This is about the desire of Europol and EU Member States to collect, ‘in a generalized manner’, vast stores of personal data on overwhelmingly innocent people,” writes Douwe Korff. The purpose is to use machine learning AI algorithms to detect or infer the possibility of criminal behavior – in other words, predictive law enforcement that isn’t based on any known personal criminal action.
This is done, he adds, “without regard for the inherent serious dangers and deficiencies in the data mining technologies, and in clear breach of EU law.”
Predictive law enforcement using AI
The EDPS ruling is primarily about illegal data storage; that is, too much for too long with no legal reason. Europol must first categorize the data subjects. This will separate those genuine suspects from ‘the rest’. The rest must be deleted – but until that categorization is complete, the EDPS ruling states, “no personal data in the contributions can undergo any form of processing by Europol other than that strictly necessary to proceed to such categorization.”
Korff’s concern is that ‘any form of processing’ involves predictive law enforcement based on machine learning algorithms – in which he has little faith. These algorithms are intended to find data subjects who might become involved in criminality, even if they haven’t been in the past and there is no current evidence against them.
Tomi Engdahl says:
Europol Ordered to Delete Data Not Linked With Crime
https://www.securityweek.com/europol-ordered-delete-data-not-linked-crime
The European Union crime agency has been ordered by the 27-nation bloc’s data protection watchdog to erase information related to individuals with no proven link to crime.
The European Data Protection Supervisor said Monday that Europol was notified of the order on Jan. 3 following an inquiry that started in 2019.
As part of the investigation, the EDPS said it reprimanded Europol two years ago “for the continued storage of large volumes” of such data, “which poses a risk to individuals’ fundamental rights.”
It said Europol has since introduced some measures but has not complied with requests to set an appropriate data retention period.
“This means that Europol was keeping this data for longer than necessary,” the EDPS said.
EDPS orders Europol to erase data concerning individuals with no established link to a criminal activity
https://edps.europa.eu/press-publications/press-news/press-releases/2022/edps-orders-europol-erase-data-concerning_en
Tomi Engdahl says:
UK’s NCSC Pushes NMAP Scanner Scripts to Fill Defender Gap
https://www.securityweek.com/uks-ncsc-pushes-nmap-scanner-scripts-fill-defender-gap
The U.K. government’s cybersecurity agency has announced plans to ship a collection of well-tested, reliable scanning scripts to help defenders find and fix high-priority software security vulnerabilities.
The new project, called Scanning Made Easy, will push out a collection of NMAP Scripting Engine scripts as part of an initiative to help system owners and administrators find systems with specific vulnerabilities.
“When a software vulnerability is disclosed, it is often easier to find proof-of-concept code to exploit it, than it is to find tools that will help defend your network,” the NCSC said in a note explaining the motivation for the project.
To make matters worse, even when there is a scanning script available, the agency said it can be difficult to know if it is safe to run or will even return valid scan results. Scanning Made Easy (SME) was born out of our frustration with this problem and our desire to help network defenders find vulnerable systems, so they can protect them,” the NCSC said.
To fill this gap, the agency is teaming up with its i100 private sector partners to provide reliable, well-tested scripts that are easy to deploy and provide better attack surface visibility for known vulnerabilities.
The agency said the scripts will be written using the NMAP Scripting Engine (NSE) and will be created for critical documented vulnerabilities that are difficult to find on internal corporate networks.
“While there won’t be a script for every single vulnerability, our plan is that scripts will be developed, and continuously reviewed, for critical vulnerabilities and for vulnerabilities that are consistently causing headaches for system administrators,” the agency said.
It said the scripts will be written and tested by private sector partners and will conform to the NCSC Scanning Made Easy script developer guidelines that mandate how the scripts should be developed and tested.
https://github.com/ukncsc/SME/blob/main/ncsc-scanning-made-easy-script-developer-guidelines.md
Tomi Engdahl says:
Combating the Surge in Retail Theft and E-Commerce Fraud With Open Source Intelligence
https://www.securityweek.com/combating-surge-retail-theft-and-e-commerce-fraud-open-source-intelligence
Retailers have recently experienced a significant increase in the theft of goods from their physical locations. The leaders of these organizations believe the thefts have been fueled by online marketplaces that allow criminals to create and maintain seller accounts under fake identities and under a veil of anonymity.They believe these accounts provide an easy channel to resell stolen goods without oversight or legal accountability.
At the end of last year, 20 retail leaders, including the CEOs of Best Buy, CVS, Home Depot, Nordstrom, and Target, sent a letter to Congress. These leaders are calling on legislators to enact laws that address this growing fraud by requiring the identification of sellers, making it more difficult for criminals to transact and maintain their anonymity as they sell stolen goods.
While Congress attempts to craft legislation to protect merchants from in-store theft – and consumers from online fraud, the retailers themselves also need to take action. They need to use their intelligence teams to engage in investigations to make these crimes more expensive and less attractive for the criminals.
Shoplifting in San Francisco is so out of control that retailers are closing stores
https://news.yahoo.com/shoplifting-san-francisco-control-retailers-173347237.html?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuc2VjdXJpdHl3ZWVrLmNvbS8&guce_referrer_sig=AQAAAADv-0qSE1bgOl6GeOvkuvHMVPtj_a1LkM1m8FW9YpXolN5bw_NcvVQ9s89wG-CpmkHoLU8DfqOGITJntszTplXvN1rAgF43X_3JcpjeaNYwSGtzvZHde0EoJ4y86HhIWcm9q2PtucMKDSlY0IPZLcpz7y6MIoo0l6aUhyIk6kJQ
Tomi Engdahl says:
Seven Ways to Ensure Successful Cross-Team Security Initiatives
https://www.securityweek.com/seven-ways-ensure-successful-cross-team-security-initiatives
Many organizations have one or more strategic initiatives that involve a large amount of coordination and cooperation across functions and teams. In my experience, these cross-team initiatives are often the most challenging ones, while simultaneously being the most rewarding. There are a number of reasons why this is the case, though I’d like to take a look at a different angle in this piece.
Around this topic, there is one question I’ve asked myself recently: What makes a strategic cross-team initiative successful?
Tomi Engdahl says:
Suomen kyberturvallisuudelle tärkeä nettikaapeli piti vetää merenpohjaan, mutta yhtäkkiä Venäjä vetäytyi hankkeesta mitä oikein tapahtui?
https://yle.fi/uutiset/3-12268002?origin=rss
Valtionyhtiö Cinia kiertää pohjoisnavan lännen kautta, vaikka se vaatii 1 500 kilometriä pidemmän kaapelin. Hyytävässä geopoliittisessa ilmastossa se on turvallisin reitti.
Tomi Engdahl says:
9-vuotiaat pommittavat palvelimia nurin syypäänä tuttu syntipukki, lääkkeenä hyödytöntä kiusaa https://www.tivi.fi/uutiset/tv/d71e18e1-0e4b-4654-a4be-e0419032f5dc
Iso-Britannian National Crime Agency (NCA) on käynnistänyt uuden hankkeen, jolla pyritään ohjaamaan nuoria hakkerinalkuja pois mieron tieltä. Syytä on, sillä NCA:n kyberrikosyksikkö NCCU:n mukaan nuorimmat pahantekijät ovat vasta yhdeksänvuotiaita.
Tomi Engdahl says:
European Commission launches new open source software bug bounty program
https://portswigger.net/daily-swig/european-commission-launches-new-open-source-software-bug-bounty-program
The European Commission (EC) has launched a bug bounty program for open source projects that underpin its public services.
Tomi Engdahl says:
Combatting SMS and phone fraud: UK government issues guidance https://blog.malwarebytes.com/how-tos-2/2022/01/combatting-sms-and-phone-fraud-uk-government-issues-guidance/
The UK’s National Cyber Secuity Centre (NCSC) has published a guide to help make your organization’s SMS and telephone messages effective and trustworthy.
Tomi Engdahl says:
Major Breakthrough As Quantum Computing in Silicon Hits 99% Accuracy https://scitechdaily.com/major-breakthrough-as-quantum-computing-in-silicon-hits-99-accuracy/
Australian researchers have proven that near error-free quantum computing is possible, paving the way to build silicon-based quantum devices compatible with current semiconductor manufacturing technology.
Tomi Engdahl says:
Japan’s Supreme Court rules cryptojacking scripts are not malware https://www.theregister.com/2022/01/21/japan_supreme_court_cryptojacking_not_malware/
A man found guilty of using the Coinhive cryptojacking script to mine Monero on users’ PCs while they browsed the web has been cleared by Japan’s Supreme Court on the grounds that crypto mining software is not malware.
Tomi Engdahl says:
Google Could Face Class-Action Lawsuit Over Free G Suite Legacy Account Shutdown https://yro.slashdot.org/story/22/01/22/0137254/google-could-face-class-action-lawsuit-over-free-g-suite-legacy-account-shutdown
On Wednesday, Google announced that it is getting rid of the G Suite legacy free edition, “which allowed those that snuck in before 2012 to get free Google apps services tied to a custom domain rather than Gmail, ” reports Android Police. Since a lot of people will be left “in the lurch” after the shutdown, attorneys at Chimicles Schwartz Kriner & Donaldson-Smith are opening an investigating into the matter for a potential class-action lawsuit.
Tomi Engdahl says:
Tougher rules on targeted ads, deepfakes, craft web design, and more?
Euro lawmakers give a thumbs up
https://www.theregister.com/2022/01/22/eu_dsa_provisional_draft/
The European Parliament has adopted a set of amendments to the Digital Services Act (DSA) that makes the pending legislation even more protective of personal privacy and requires businesses to give greater consideration to advertising technology, respecting user choice, and web design.
Tomi Engdahl says:
European Parliament uses Google Analytics, which is illegal in the EU
(Handelsblatt)
https://catless.ncl.ac.uk/Risks/33/03/#subj5
Data of European citizens may not be stored in the USA without further considerations. This is stated in a ruling by the European Court of Justice (ECJ) from the summer of 2020. However, many companies violate this requirement on a daily basis, as does the European Parliament.
Parliament had installed cookies from Google Analytics and the payment service provider Stripe on its website. Alkuperäinen (saksaksi):
https://www.handelsblatt.com/politik/international/dsgvo-europaparlament-missachtet-datenschutz-warnung-an-unternehmen/27964838.html
Tomi Engdahl says:
FBI warns of malicious QR codes used to steal your money https://www.bleepingcomputer.com/news/security/fbi-warns-of-malicious-qr-codes-used-to-steal-your-money/
The FBI said crooks are switching legitimate QR codes used by businesses for payment purposes to redirect potential victims to malicious websites designed to steal their personal and financial information, install malware on their devices, or divert their payments to accounts under their control. After the victims scan what looks like legitimate codes, they get sent to attackers’ phishing sites, where they are prompted to enter their login and financial info. Once entered, it gets sent to the cybercriminals who can use it to steal money using hijacked banking accounts.
Tomi Engdahl says:
Hackers Exploited MSHTML Flaw to Spy on Government and Defense Targets https://thehackernews.com/2022/01/hackers-exploited-mshtml-flaw-to-spy-on.html
Cybersecurity researchers on Tuesday took the wraps off a multi-stage espionage campaign targeting high-ranking government officials overseeing national security policy and individuals in the defense industry in Western Asia. The attack is unique as it leverages Microsoft OneDrive as a command-and-control (C2) server and is split into as many as six stages to stay as hidden as possible, Trellix a new company created following the merger of security firms McAfee Enterprise and FireEye said in a report shared with The Hacker News.
Tomi Engdahl says:
How I hacked my friend’s PayPal account
https://www.welivesecurity.com/2022/01/24/how-i-hacked-my-friends-paypal-account/
Somebody could easily take control of your PayPal account and steal money from you if you’re not careful here’s how to stay safe from a simple but effective attack. (lukittukin puhelin väärissä käsissä voi
riittää)
Tomi Engdahl says:
Isolla rahalla pystytetty kampanja hyökkää salattua viestintää vastaan “Ei piilopaikkaa”
https://www.kauppalehti.fi/uutiset/isolla-rahalla-pystytetty-kampanja-hyokkaa-salattua-viestintaa-vastaan-ei-piilopaikkaa/99cf68fb-5204-41ad-b76c-561f13b73130
Britannian hallitus yrittää suostutella ihmisiä omalle kannalleen, että salauksen käyttäminen viestisovelluksissa on vaaraksi lapsille.
Tomi Engdahl says:
Introducing Scanning Made Easy
https://www.ncsc.gov.uk/blog-post/introducing-scanning-made-easy
A joint effort between the i100 and the NCSC, Scanning Made Easy (SME) will be a collection of NMAP Scripting Engine scripts, designed to help system owners and administrators find systems with specific vulnerabilities.