Cyber security trends for 2022

Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.

Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.

Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.

Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats

“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.

Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).

Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.

Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.

Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.

In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.

The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.

Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf

“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.

Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.

Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf

Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”

Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks

Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.

3,062 Comments

  1. Tomi Engdahl says:

    Cyber-enabled financial crime: USD 130 million intercepted in global INTERPOL police operation https://www.interpol.int/News-and-Events/News/2022/Cyber-enabled-financial-crime-USD-130-million-intercepted-in-global-INTERPOL-police-operation
    An INTERPOL police operation to tackle online fraud has seen almost
    1000 suspects arrested and the seizure of USD 129,975,440 worth of virtual assets. Operation HAECHI III cracks down on voice phishing, romance scams, sextortion, investment fraud, business email compromise and money laundering associated with illegal online gambling . Fraud investigators around the world worked together over five months (28 June 23 November) to intercept money and virtual assets linked to a wide range of cyber-enabled financial crimes and money laundering, assisting countries to recover and return illicitly obtained funds to victims.

    Reply
  2. Tomi Engdahl says:

    Operation Elaborate – UK police text 70,000 suspected victims of iSpoof bank fraudsters https://www.tripwire.com/state-of-security/operation-elaborate-uk-police-text-70000-suspected-victims-ispoof-bank-fraudsters
    UK police are texting 70,000 people who they believe have fallen victim to a worldwide scam that saw fraudsters steal at least £50 million from bank accounts. 200,000 people in the UK, including the elderly and disabled, are thought to have been targeted by conmen who masqueraded as highstreet banks. Scammers paid a subscription to a service called iSpoof.cc that allowed them to disguise their phone number so they appeared to be calling from major banks including Barclays, NatWest, HSBC, Santander, Lloyds, First Direct, Nationwide, Halifax, and TSB. The site, set up in December 2020, helped fraudsters steal sensitive information (such as one-time passcodes) from unsuspecting banking customers, allowing the criminals to break into accounts and steal funds.

    Reply
  3. Tomi Engdahl says:

    Senators alarmed over potential Chinese drone spy threat
    https://www.politico.com/news/2022/11/23/drones-chinese-spy-threat-senate-00070591
    Hundreds of Chinese-manufactured drones have been detected in restricted airspace over Washington, D.C., in recent months, a trend that national security agencies fear could become a new means for foreign espionage. The recreational drones made by Chinese company DJI, which are designed with geofencing restrictions to keep them out of sensitive locations, are being manipulated by users with simple workarounds to fly over no-go zones around the nations capital. This story is based on interviews with seven government officials, lawmakers, congressional staffers and contractors. They were granted anonymity because they are not authorized to speak publicly about private and sometimes classified discussions involving government officials.

    Reply
  4. Tomi Engdahl says:

    UK Government Departments Ordered To Remove Chinese Security Cameras https://www.forbes.com/sites/emmawoollacott/2022/11/25/uk-government-departments-ordered-to-remove-chinese-security-cameras/
    The British government has ordered its departments to stop installing Chinese-made security cameras at ‘sensitive’ sites, citing security concerns. In a written statement, Chancellor of the Duchy of Lancaster Oliver Dowden has told MPs that, following a review, new controls were required. The concern hinges on the fact that companies such as Hikvision and Dahua – whose cameras are widely installed outside government offices – are required by Chinas National Intelligence Law
    2017 to support national intelligence work.

    Reply
  5. Tomi Engdahl says:

    Analysis on Docker Hub malicious images: Attacks through public container images https://sysdig.com/blog/analysis-of-supply-chain-attacks-through-public-docker-images/
    Supply Chain attacks are not new, but this past year they received much more attention due to high profile vulnerabilities in popular dependencies. Generally, the focus has been on the dependency attack vector. This is when source code of a dependency or product is modified by a malicious actor in order to compromise anyone who uses it in their own software. Source code dependencies are not the only attack vector that can be used to conduct an offensive supply chain operation. Containers have become a hugely popular attack vector in recent years. Since container images are designed to be portable, it is very easy for one developer to share a container with another individual. The Sysdig Threat Research Team performed an analysis of over 250,000 Linux images in order to understand what kind of malicious payloads are hiding in the containers images on Docker Hub.

    Reply
  6. Tomi Engdahl says:

    Redacted Documents Are Not as Secure as You Think https://www.wired.com/story/redact-pdf-online-privacy/
    Popular redaction tools dont always work as promised, and new attacks can reveal hidden information, researchers say. For years, if you wanted to protect sensitive text in a document, you could grab a pair of scissors or a scalpel and cut out the information. If this didnt work, a chunky black marker pen would do the job. Now that most documents are digitized, securely redacting their contents has become harder. The majority of redactionsby government officials and courtsinvolve placing black boxes over text in PDFs. When this redaction is done incorrectly, peoples safety and national security can be put at risk. New research from a team at the University of Illinois looked at the most popular tools for redacting PDF documents and found many of them wanting.

    Reply
  7. Tomi Engdahl says:

    Who tracked internet users in 20212022
    https://securelist.com/tracker-report-2021-2022/108079/
    Every time you go online, someone is watching over you. The services you use, the websites you visit, the apps on your phone, smart TVs, gaming consoles, and any networked devices collect data on you with the help of trackers installed on web pages or in software. This report uses anonymous statistics collected between August 2021 and August 2022 by the Do Not Track component, which blocks loading of web trackers. The statistics consist of anonymized data provided by users voluntarily. We have compiled a list of 25 tracking services that DNT detected most frequently across nine regions and certain individual countries. 100% in each case represents the total number of DNT detections triggered by all 25 tracking services.

    Reply
  8. Tomi Engdahl says:

    U.S. Bans Chinese Telecom Equipment and Surveillance Cameras Over National Security Risk https://thehackernews.com/2022/11/us-bans-chinese-telecom-equipment-and.html
    The U.S. Federal Communications Commission (FCC) formally announced it will no longer authorize electronic equipment from Huawei, ZTE, Hytera, Hikvision, and Dahua, deeming them an “unacceptable” national security threat. All these Chinese telecom and video surveillance companies were previously included in the Covered List as of March 12, 2021. “The FCC is committed to protecting our national security by ensuring that untrustworthy communications equipment is not authorized for use within our borders, and we are continuing that work here,” FCC Chairwoman Jessica Rosenworcel said in a Friday order.

    Reply
  9. Tomi Engdahl says:

    All You Need to Know About Emotet in 2022 https://thehackernews.com/2022/11/all-you-need-to-know-about-emotet-in.html
    For 6 months, the infamous Emotet botnet has shown almost no activity, and now it’s distributing malicious spam. Let’s dive into details and discuss all you need to know about the notorious malware to combat it.
    Emotet is by far one of the most dangerous trojans ever created. The malware became a very destructive program as it grew in scale and sophistication. The victim can be anyone from corporate to private users exposed to spam email campaigns. The botnet distributes through phishing containing malicious Excel or Word documents. When users open these documents and enable macros, the Emotet DLL downloads and then loads into memory. It searches for email addresses and steals them for spam campaigns. Moreover, the botnet drops additional payloads, such as Cobalt Strike or other attacks that lead to ransomware.

    Reply
  10. Tomi Engdahl says:

    What Twitter Users Need To Know About Mastodon Security https://www.forbes.com/sites/daveywinder/2022/11/26/what-twitter-users-need-to-know-about-mastodon-security/
    Twitter users are turning to the long-established federated community system known as Mastodon as the Musk era brings chaos to the ‘bird site’ social network. But how can you best secure a Mastodon account?
    The first mistake that people migrating to Mastodon from Twitter make is expecting it to be a like-for-like replacement. It isn’t, and it’s all the better for that. This article is not a guide to what Mastodon is and isn’t; there are plenty of those already out there.

    Reply
  11. Tomi Engdahl says:

    Worms of Wisdom: How WannaCry Shapes Cybersecurity Today https://securityintelligence.com/articles/how-wannacry-shapes-cybersecurity/
    WannaCry wasnt a particularly complex or innovative ransomware attack.
    What made it unique, however, was its rapid spread. Using the EternalBlue exploit, malware could quickly move from device to device, leveraging a flaw in the Microsoft Windows Server Message Block (SMB) protocol. As a result, when the WannaCry ransomworm hit networks in 2017, it expanded to wreak havoc on high-profile systems worldwide.
    While the discovery of a kill switch in the code blunted the spread of the attack and newly developed patches countered the SMB vulnerability, WannaCry ultimately set the stage for the development of collective defense efforts that focused on information sharing to help limit attack impact. What vulnerabilities did the attack expose in common security frameworks, and how did it change the course of cybersecurity? Five years later, its worth a look back on WannaCry for any worms of wisdom.

    Reply
  12. Tomi Engdahl says:

    Emotet Strikes Again LNK File Leads to Domain Wide Ransomware https://thedfirreport.com/2022/11/28/emotet-strikes-again-lnk-file-leads-to-domain-wide-ransomware/
    In June of 2022, we observed a threat actor gaining access to an environment via Emotet and operating over a eight day period. During this time period, multiple rounds of enumeration and lateral movement occurred using Cobalt Strike. Remote access tools were used for command and control, such as Tactical RMM and Anydesk. The threat actors final actions included data exfiltration using Rclone and domain wide deployment of Quantum Ransomware. We have observed similar traits in previous cases where Emotet and Quantum were seen.

    Reply
  13. Tomi Engdahl says:

    US Offshore Oil and Gas Infrastructure at Significant Risk of Cyberattacks
    https://www.securityweek.com/us-offshore-oil-and-gas-infrastructure-significant-risk-cyberattacks

    The offshore oil and gas infrastructure faces cybersecurity risks that the Department of Interior should immediately address, the US Government Accountability Office (GAO) notes in a new report.

    Consisting of more than 1,600 facilities, the offshore oil and gas infrastructure is divided into two categories, namely exploitation and drilling (including mobile offshore drilling units and fixed and floating production facilities), and midstream (pipelines and related equipment used for transportation).

    Cybersecurity risks to offshore oil and gas infrastructure are “significant and increasing” and they include threat actors, vulnerabilities, and potential impacts, GAO says.

    https://www.gao.gov/assets/gao-23-105789.pdf

    Reply
  14. Tomi Engdahl says:

    Digesting CISA’s Cross-Sector Cybersecurity Performance Goals
    https://www.securityweek.com/digesting-cisas-cross-sector-cybersecurity-performance-goals
    Last month, CISA released cross-sector cybersecurity performance goals (CPGs) in response to President Biden’s 2021 National Security Memorandum on improving cybersecurity for critical infrastructure control systems. Since then, the CPGs have been observed by the cybersecurity community as “the floor” and “a baseline” to cybersecurity hygiene and practices. Even as basics to cyber hygiene, it is important to understand the released voluntary practices.
    The CPGs were established after analysis on the public and private sectors efforts to protect, detect, and respond to cyber incidents in the past years. Through the analysis, four key challenges were uncovered that leave the United States at high risk. These four challenges were then confronted through the development of the cross-sector CPGs and include:
    • Lack of Basic Cyber Hygiene: Without basic fundamental security protections, organizations expose unnecessary risks to cyber incidents as threat actors target intrusions against basic protections. The CPGs developed hope to address these fundamental security protections in eight domains defined below.
    • Unclear Investment Prioritization: As stated in the report, “small and medium-sized organizations are left behind”. Due to resource constraints and insufficient cyber maturity, organizations struggle to understand where to make the most impactful cybersecurity investment with the limited resources and funds at their disposal. With the baseline CPGs, the goal is to aid organizations with actionable, cost conscious activities to focus on for basic cyber hygiene. By including cost, impact and complexity for each CPG, it is easy for organizations to prioritize the basic cyber practices.
    • Inconsistent Standards and Cyber Maturity: Inadequate capabilities, investments and cyber hygiene make essential cybersecurity practices hard to define. Specifically, across the critical infrastructure sectors, CPGs look to address the fundamental inconsistencies to minimize cascading impacts of exploitations.
    • Limited Scope: Many organizations overlook OT as part of their cybersecurity strategy, remaining their focus solely to IT systems. Especially in the critical infrastructure sectors, overlooking OT can have serious risks to all operations. As a result, the CPGs released explicitly are scoped to include OT devices.

    Reply
  15. Tomi Engdahl says:

    Census Bureau Chief Defends New Privacy Tool Against Critics
    https://www.securityweek.com/census-bureau-chief-defends-new-privacy-tool-against-critics

    Report says Census Bureau failed to stop simulated cyberattacks conducted under an operation to test for vulnerabilities

    Reply
  16. Tomi Engdahl says:

    US Bans Huawei, ZTE Telecoms Gear Over Security Risk
    https://www.securityweek.com/us-bans-huawei-zte-telecoms-gear-over-security-risk

    US authorities announced a ban Friday on the import or sale of communications equipment deemed “an unacceptable risk to national security” — including gear from Chinese giants Huawei Technologies and ZTE.

    Both firms have been on a roster of companies listed as a threat by the Federal Communications Commission (FCC), and the new rules bar future authorizations of their equipment.

    The move is the latest in a series of actions to limit the access of Chinese telecoms firms in United States networks, and comes amid a long-running standoff between the world’s two biggest economies.

    Reply
  17. Tomi Engdahl says:

    Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice https://www.proofpoint.com/us/blog/threat-insight/nighthawk-and-coming-pentest-tool-likely-gain-threat-actor-notice
    In September 2022, Proofpoint researchers identified initial delivery of a penetration testing framework called Nighthawk. Launched in late
    2021 by MDSec, Nighthawk is similar to other frameworks such as Brute Ratel and Cobalt Strike and, like those, could see rapid adoption by threat actors wanting to diversify their methods and add a relatively unknown framework to their arsenal. This possibility, along with limited publicly available technical reporting on Nighthawk, spurred Proofpoint researchers into a technical exploration of the tool and a determination that sharing our findings would be in the best interest of the cybersecurity community.

    Proofpoint: Watch Out for Nighthawk Hacking Tool Abuse
    https://www.securityweek.com/proofpoint-watch-out-nighthawk-hacking-tool-abuse
    Security researchers at Proofpoint are calling attention to the discovery of a commercial red-teaming tool called Nighthawk, warning that the command-and-control framework is likely to be abused by threat actors.
    According to a new report from Proofpoint, Nighthawk is an advanced C2 framework sold by MDSec, a European outfit that sells adversary simulation and penetration testing tools and services.
    “Nighthawk is at its core a commercially distributed remote access trojan (RAT) that is similar to other frameworks such as Brute Ratel and Cobalt Strike. Like those, Nighthawk could see rapid adoption by threat actors wanting to diversify their methods and add a relatively unknown framework to their arsenal,” Proofpoint said.

    Reply
  18. Tomi Engdahl says:

    Mark Harris / Wired:
    A look at the FBI’s January 6 investigation geofence warrant: Google identified 5K+ devices; dozens appear to have been in airplane mode or had data deleted — Google provided investigators with location data for more than 5,000 devices as part of the federal investigation into the attack on the US Capitol.

    A Peek Inside the FBI’s Unprecedented January 6 Geofence Dragnet
    https://www.wired.com/story/fbi-google-geofence-warrant-january-6/

    Google provided investigators with location data for more than 5,000 devices as part of the federal investigation into the attack on the US Capitol.

    Reply
  19. Tomi Engdahl says:

    Thinking about taking your computer to the repair shop? Be very afraid
    Not surprisingly, female customers bear the brunt of the privacy violations.
    https://arstechnica.com/information-technology/2022/11/half-of-computer-repairs-result-in-snooping-of-sensitive-data-study-finds/

    Reply
  20. Tomi Engdahl says:

    Million-dollar bug bounties: The rise of record-breaking payouts https://portswigger.net/daily-swig/million-dollar-bug-bounties-the-rise-of-record-breaking-payouts
    Bug bounty rewards have breached the $1 million mark, and there are reports of even higher payouts within the ethical hacking community.
    But are these mega bounties good for security researchers, and the firms that offer them? And are they truly achievable for those partaking? In early 2022, a security researcher named satya0x earned
    $10 million for discovering a vulnerability in crypto platform Wormhole. The reward was paid through Immunefi and so far, at least stands as the largest bug bounty payout so far. Although another eight-figure bounty reward has yet to be awarded, there is clearly a trend of growing payouts. For example, another Immunefi user, pwning.eth, recently earned $6 million for reporting a critical vulnerability in the Aurora crypto service.

    Reply
  21. Tomi Engdahl says:

    Malicious Android app found powering account creation service https://www.bleepingcomputer.com/news/security/malicious-android-app-found-powering-account-creation-service/
    A fake Android SMS application, with 100,000 downloads on the Google Play store, has been discovered to secretly act as an SMS relay for an account creation service for sites like Microsoft, Google, Instagram, Telegram, and Facebook. A researcher says the infected devices are then rented out as “virtual numbers” for relaying a one-time passcode used to verify a user while creating new accounts. While the app has an overall rating of 3.4, many user reviews complain that it is fake, hijacks their phones, and generates multiple OTPs (one-time passwords) upon installation. “Fake app I just download this app 4-5 times of OTP by Google, Airtel payment, Bank OTP, dream11 OTP, etc. Type of OTP comes at the time of login,” reads one of the reviews.

    Reply
  22. Tomi Engdahl says:

    Frederic Lardinois / TechCrunch:
    AWS unveils Amazon Security Lake, a service that automatically centralizes an organization’s security data from cloud and on-premises sources into a data lake — AWS today announced Amazon Security Lake, a new purpose-built data lake for security-related data.

    Amazon Security Lake is a standards-based data lake for security data
    https://techcrunch.com/2022/11/29/awss-new-amazon-security-lake-is-a-standards-based-data-lake-for-security-data/

    AWS today announced Amazon Security Lake, a new purpose-built data lake for security-related data. It can aggregate data from cloud and on-premises infrastructure, firewalls and endpoint security solutions. It helps enterprises centralize all of their security data in a single data lake, using a standards-based format, and manage the life cycle of this data.

    Security Lake will obviously aggregate data from AWS’s own services, be those CloudTrail or Lambda, as well as its own security tools like AWS Security Hub, GuardDuty or the AWS Firewall Manager. But what’s important here is that the company is also supporting the new Open Cybersecurity Schema Framework (OCSF), for which it recently announced support. This framework provides an open specification for security telemetry data. With this, it’ll be able to ingest data from the likes of Cisco, CrowdStrike and Palo Alto networks, too.

    Security data is usually scattered across your environment from applications, firewalls and identity providers,” AWS CEO Adam Selipsky said today. “To uncover insights like coordinated malicious activity into your business, you have to collect and aggregate all of this data, make it accessible to all of the analytics tools that you use to support threat detection, investigation and incident response — and then keep the data pipelines updated and continuously do that as events evolve. What this adds up to is that what you really want is a tool that makes it easy to store, to analyze, to understand trends and to generate insights from security data.”

    Reply
  23. Tomi Engdahl says:

    Manish Singh / TechCrunch:
    The European Central Bank says that bitcoin is “rarely used for legal transactions” and is on the “road to irrelevance”, without citing any strong data points — European Central Bank officials alleged on Wednesday that bitcoin is “rarely used for legal transactions …

    Bitcoin ‘rarely’ used for legal transactions, on ‘road to irrelevance’, say European Central Bank officials
    Manish Singh@refsrc / 2:42 PM GMT+2•November 30, 2022
    https://techcrunch.com/2022/11/30/bitcoin-rarely-used-for-legal-transactions-on-road-to-irrelevance-say-european-central-bank-officials/

    European Central Bank officials alleged on Wednesday that bitcoin is “rarely used for legal transactions,” is fuelled by speculation and the recent erosion in its value indicates that it is on the “road to irrelevance,” in a series of stringent criticism (bereft of strong data points) of the cryptocurrency industry as they urged regulators to not lend legitimacy to digital tokens in the name of innovation.

    The value of bitcoin recently finding stability at around $20,000 was “an artificially induced last gasp before the road to irrelevance – and this was already foreseeable before FTX went bust and sent the bitcoin price to well down below $16,000,” wrote Ulrich Bindseil and Jürgen Schaaf on ECB’s blog.

    The central bankers argue that bitcoin’s conceptual design and “technological shortcomings” make it “questionable” as a means of payment. “Real bitcoin transactions are cumbersome, slow and expensive. Bitcoin has never been used to any significant extent for legal real-world transactions,” they wrote.

    Bitcoin also “does not generate cash flow (like real estate) or dividends (like equities), cannot be used productively (like commodities) or provide social benefits (like gold). The market valuation of bitcoin is therefore based purely on speculation,” they wrote.

    Reply
  24. Tomi Engdahl says:

    #02 – How To Find The UART Interface – Hardware Hacking Tutorial
    https://www.youtube.com/watch?v=6_Q663YkyXE

    This is the second episode of the Hardware Hacking Tutorial series.

    This series is to share information on how to do hardware hacking and how to do reverse engineering. The series is useful both for beginners and experts.

    In this episode we will talk about how the find tue UART interface on an IoT device; we will take an home router (Gemtek WVRTM-127ACN) and show how to find the UART interface using simple tools like a multi-meter and using more advanced tools like a JTagulator board.

    #03 – How To Find The JTAG Interface – Hardware Hacking Tutorial
    https://www.youtube.com/watch?v=_FSM_10JXsM

    Reply
  25. Tomi Engdahl says:

    UK introducing mandatory cyber incident reporting for managed service providers https://therecord.media/uk-introducing-mandatory-cyber-incident-reporting-for-managed-service-providers/
    The British government is introducing a new mandatory reporting obligation on managed service providers (MSPs) to disclose cyber incidents, alongside minimum security requirements which could see MSPs fined up to £17 million ($20 million) for non-compliance. The government said on Wednesday that MSPs play a central role in supporting the UK economy and warned they are an attractive and high value target for malicious threat actors, and can be used as staging points through which threat actors can compromise the clients of those managed services. Financially-motivated ransomware attacks have impacted MSPs such as Kaseya in the United States and the NHS supplier Advanced in Britain, with the latter severely impacting patient care according to BBC News.

    Reply
  26. Tomi Engdahl says:

    Serious Security: MD5 considered harmful to the tune of $600,000 https://nakedsecurity.sophos.com/2022/11/30/serious-security-md5-considered-harmful-to-the-tune-of-600000/
    In a fascinating legal deliberation handed down by the French data protection regulator CNIL (Commission Nationale de lInformatique et des Libertés), the energy company Électricité de France, or EDF for short, has been fined EUR 600,000 (about $600,000). The legal declaration is, in the manner of such things, rather long and (to non-lawyers, at least) legally orotund, which means you need reasonable proficiency in French to understand all the ins and outs of the matter, but the overall case boils down to four infringements. The first three are concerned with general data-related interactions with customers, but its the last complaint that piqued our interest: Sur le manquement à lobligation dassurer la sécurité des données. In English, this loosely translates as failure to store data securely, and relates very specifically to the insecure handling of passwords.

    Reply
  27. Tomi Engdahl says:

    Experts: EU regulation of spy software needed, but unlikely https://www.euractiv.com/section/justice-home-affairs/news/experts-eu-regulation-of-spy-software-needed-but-unlikely/
    MEPs are concerned that eavesdropping with Pegasus-type software is escalating, but the bloc is unlikely to impose rules as the final word rests with member states who dislike such oversight, experts said on Monday (28 November). Pegasus and other software, such as Predator, have gained significant notoriety in recent years after it came to light they were being used by governments and politicians against political rivals, journalists, and activists, amongst others. Such software monitor activity on digital devices, including calls, messages, and social media. Jeroen Lenars, chair of the PEGA European Parliaments Committee of Inquiry to investigate the use of Pegasus and equivalent surveillance spyware, said It was pretty scary how much information about personal life the Pegasus-type spyware can get.

    Reply
  28. Tomi Engdahl says:

    Poliisi saamassa laajennuksia salaiseen tiedon­hankintaan näistä asioista edus­kunta päättää https://www.is.fi/digitoday/art-2000009233023.html
    Poliisin tiedonhankintakeinoja ollaan laajentamassa. Eduskunnalle 17.11. jätetyn esityksen mukaan poliisi saisi käyttää peiteltyä tiedonhankintaa tietoverkossa rikosten ennalta ehkäisemiseksi.
    Kyseessä on tarkkailun ja peitetoiminnan väliin sijoittuva tiettyyn henkilöön kohdistuva lyhytkestoisessa vuorovaikutuksessa tapahtuva tiedonhankinta, jossa poliisimiehen tehtävän salaamiseksi käytetään vääriä, harhauttavia tai peiteltyjä tietoja. Toinen suuri muutos on se, että poliisin tekemä telekuuntelu ei olisi sidottu vain niihin laitteisiin, jotka ovat tiedossa luvan hakemishetkellä.

    Reply
  29. Tomi Engdahl says:

    Lets Encrypt issued over 3 billion certificates, securing 309M sites for free https://www.bleepingcomputer.com/news/security/let-s-encrypt-issued-over-3-billion-certificates-securing-309m-sites-for-free/
    Let’s Encrypt has been providing websites with the X.509 digital certificates needed to enable HTTPS (SSL/TLS) and encrypted communications for free since September 2015, when it issued the first certificate for the helloworld.letsencrypt.org domain. The free and automated CA allows any domain owner to obtain a trusted certificate at zero cost. Right now, the CA says it issues millions of them daily.
    As ISRG revealed today, this has allowed it to reach a new record this year, as it is now providing services to over 300 million websites.
    “As of November 1, 2022, Let’s Encrypt provides TLS to over 309 million domains via 239 million active certificates. Let’s Encrypt usage grew by more than 33 million domains in 2022,” ISRG said today in its 2022 annual report. The report:
    https://www.abetterinternet.org/documents/2022-ISRG-Annual-Report.pdf

    Reply
  30. Tomi Engdahl says:

    Vieras kynä: Kybersota ja kyberrauha
    https://www.tivi.fi/uutiset/tv/2c2a615a-57e2-4257-9455-5e4b2aefa2b5
    Viimeisten parin vuosikymmenen aikana kyber­sodasta on puhuttu paljon, ja monet uskoivat tulevaisuuden sotien tapahtuvan enemmän tai vähemmän kyberavaruudessa. Nyt Ukrainan sodan kiihdyttyä Venäjän laajamittaiseksi hyökkäykseksi viime keväänä suurta kybersotaa ja
    - -tuhoa ei ole varsinaisesti nähty. Merkittävimmät sotanäyttämöt ovat edelleen perinteisillä kartoilla esitettävissä. Ovatko arviot kybersodasta osoittautuneet vääriksi, vai onko pahin vielä tulossa?
    Yksi merkittävä huomio on se, että perinteisen sodan ja rauhan välillä on meidän jokaisen mielessä ja kokemuksissa hyvin suuri ero. Kun emme ole sodassa, olemme rauhassa ja monet asiat ovat meille itsestään selviä, kuten esimerkiksi fyysinen turvallisuus. Emme odota joutuvamme vieraan valtion sotilaiden väkivaltaisen hyökkäyksen kohteeksi, eikä tällaista ole varsinkaan Suomessa perusteltua pelätä tavallisessa arjessa.

    Reply
  31. Tomi Engdahl says:

    New details on commercial spyware vendor Variston https://blog.google/threat-analysis-group/new-details-on-commercial-spyware-vendor-variston/
    TAGs research underscores that the commercial surveillance industry is thriving and has expanded significantly in recent years, creating risk for Internet users around the globe. Commercial spyware puts advanced surveillance capabilities in the hands of governments who use them to spy on journalists, human rights activists, political opposition and dissidents. Continuing this work, today, were sharing findings on an exploitation framework with likely ties to Variston IT, a company in Barcelona, Spain that claims to be a provider of custom security solutions. Their Heliconia framework exploits n-day vulnerabilities in Chrome, Firefox and Microsoft Defender and provides all the tools necessary to deploy a payload to a target device. Google, Microsoft and Mozilla fixed the affected vulnerabilities in 2021 and early 2022.
    While we have not detected active exploitation, based on the research below, it appears likely these were utilized as zero-days in the wild.

    Reply
  32. Tomi Engdahl says:

    What becomes of accounts and passwords after death?
    https://www.pandasecurity.com/en/mediacenter/tips/accounts-passwords-death/
    Many of our users have been asking us lately what happens to peoples passwords, accounts, and digital assets when they pass away. It is a logical question and raises a very interesting topic about digital and online life, although we understand that it is a delicate one for some people sensitivities. We will try to answer it as well as we can in this post. Just as with tangible property, what happens to them depends on the will of their owner and the regulations to which they are subject, both by the state and the services that host them. In the course of this post, we will go into detail about the different alternatives.

    Reply
  33. Tomi Engdahl says:

    Should you learn to code before you learn to hack?
    https://labs.detectify.com/2022/11/30/should-you-learn-to-code-before-you-learn-to-hack/
    You will find a common pattern if you read blog posts or watch interviews with some of todays top ethical hackers. When asked if coding knowledge is needed for hacking, the answer is almost always the same: Its possible to become a great hacker without coding knowledge, but having coding experience makes it a whole lot easier.
    Knowing how software is built in theory makes it easier to break. This blog post will discuss some of the advantages that coding knowledge can give you when you start hacking.

    Reply
  34. Tomi Engdahl says:

    Cloud infrastructure today is all a patchwork of disparate hardware and software. The resulting solutions are complex to build and costly to operate—a nightmare for customers like you.

    Reply
  35. Tomi Engdahl says:

    One Year Later: Log4Shell Remediation Slow, Painful Slog
    https://www.securityweek.com/one-year-later-log4shell-remediation-slow-painful-slog

    Almost exactly a year after the Log4Shell security crisis sent defenders scrambling to reduce attack surfaces, new data shows that remediation has been a long, slow, painful slog for most organizations around the world.

    According to telemetry data from vulnerability scanning pioneer Tenable, more than 70 percent of scanned organizations remain vulnerable to the Log4Shell flaw (CVE-2021-44228) as of October this year, exposing major remediation challenges that continue to expose businesses to data breaches.

    Tenable said it collected data from more than 500 million tests and found a whopping 72% of organizations still struggling to fully remediate last December’s critical Log4j vulnerability exposure.

    “When Log4Shell was discovered in December 2021, organizations around the world scrambled to determine their risk. In the weeks following its disclosure, organizations significantly reallocated resources and invested tens of thousands of hours to identification and remediation efforts,” Tenable said, noting that one federal agency reported that its security team devoted 33,000 hours to Log4j vulnerability response alone.

    The Tenable telemetry found that 1 in 10 corporate assets remained vulnerable to Log4Shell as of December 2021. These exposed assets include a wide range of servers, web applications, containers and IoT devices.

    Tenable said the October 2022 data showed improvements, with 2.5% of assets vulnerable, but warned that nearly one third (29%) of these assets had recurrences of Log4Shell after full remediation was achieved.

    “Full remediation is very difficult to achieve for a vulnerability that is so pervasive and it’s important to keep in mind that vulnerability remediation is not a ‘one and done’ process,” said Tenable security chief Bob Huber.

    Reply
  36. Tomi Engdahl says:

    Google Links Exploitation Frameworks to Spanish Spyware Vendor Variston
    https://www.securityweek.com/google-links-exploitation-frameworks-spanish-spyware-vendor-variston

    Google’s Threat Analysis Group (TAG) has linked three exploitation frameworks, as well as several vulnerabilities that were likely used as zero-days at some point, to a Spanish commercial spyware vendor named Variston.

    On its website, Variston says it provides custom security solutions. The Barcelona-based company offers security products and custom patches for embedded systems, including industrial control systems (ICS) and IoT. It also offers data discovery services and training.

    Google became aware of Variston’s products after receiving an anonymous submission in the Chrome bug bounty program. The reporter provided information on three vulnerabilities and the analysis of the reports led TAG researchers to Variston.

    Google has identified three different exploitation frameworks designed for deploying exploits: Heliconia Noise, a web framework for deploying Chrome exploits; Heliconia Soft, a web framework that deploys a Windows Defender exploit via a PDF file; and Heliconia Files, which contains Firefox exploits for Windows and Linux.

    Reply
  37. Tomi Engdahl says:

    Most Organizations Still Vulnerable To The Log4j Vulnerability
    https://cisotimes.com/most-organizations-still-vulnerable-to-the-log4j-vulnerability/

    A study examining the scope and impact of the recent Log4j vulnerability has been conducted by Tenable and the results are extremely interesting.

    According to the data collected from over 500 million tests, 72% of organizations remain vulnerable to the Log4Shell vulnerability as of October 1, 2022. The data highlights legacy vulnerability remediation challenges, which are the root cause of the majority of data breaches.

    Tenable telemetry found that one in 10 assets was vulnerable to Log4Shell as of December 2021, including a wide range of servers, web applications, containers, and IoT devices. October 2022 data showed improvements, with 2.5% of assets vulnerable. Yet nearly one-third (29%) of these assets had recurrences of Log4Shell after full remediation was achieved.

    Reply
  38. Tomi Engdahl says:

    Exec-avain on turvallinen patenttisuojan päätyttyäkin
    Tavallisimman kotiavaimen Abloy Execin patentilla vahvistettu kopiosuoja päättyy maaliskuussa 2013. Lukon ja avaimen turvallisuutta tämä ei käytännössä heikennä.
    https://yle.fi/a/3-6509798

    Reply
  39. Tomi Engdahl says:

    Singapore releases blueprint to combat ransomware attacks https://www.zdnet.com/article/singapore-releases-blueprint-to-combat-ransomware-attacks/
    Singapore has released what it says is a blueprint to combat growing ransomware threat and offer guidelines on how to mitigate such attacks. These include a reference ransomware “kill chain” and recommendations on whether to pay ransom demands. Ransomware risks had increased significantly in scale and impact, becoming an “urgent”
    problem that countries including Singapore must address, said Cyber Security Agency (CSA) in a statement Wednesday.

    Reply
  40. Tomi Engdahl says:

    The antidote to operational technology conservatism https://www.kaspersky.com/blog/updating-ot-infrastructure/46467/
    Ive been saying it often for years: antivirus is dead. Such a statement might at first seem strange especially from someone whos been a mover and shaker since the very earliest days of all things viruses and anti-virus in the late eighties and early nineties.
    However, if you dig a little deeper into the AV (RIP) topic and consult some authoritative sources in the (former) field, then the statement quickly becomes quite logical: first, antivirus has turned into protective solutions against everything; second, viruses as a particular species of malicious program have died out. Almost.

    Reply
  41. Tomi Engdahl says:

    Check Point Research analyzes files on the Dark Web and finds millions of records available https://blog.checkpoint.com/2022/12/01/check-point-research-analyzes-files-on-the-dark-web-and-finds-millions-of-records-available/
    Check Point Research (CPR) has analyzed the files that are for sale on the Dark Web, whose sellers claim are from WhatsApp users, revealing the leak includes 360 million phone numbers from 108 countries. Full list went on sale for 4 days, and is now being distributed freely amongst Dark Web users. Users are advised to be aware of links and unknown senders, while using any messaging services.

    Reply
  42. Tomi Engdahl says:

    Wipers Are Widening: Here’s Why That Matters
    https://www.securityweek.com/wipers-are-widening-heres-why-matters

    In the first half of this year, researchers saw a rising trend of wiper malware being deployed in parallel with the Russia-Ukraine war. However, those wipers haven’t stayed in one place – they’re emerging globally, which underscores the fact that cybercrime knows no borders.

    It’s not just the numbers that are growing; we’re also seeing a rise in variety and sophistication. These wiper varieties are also increasingly targeting critical infrastructure.

    Awash with wipers

    The war in Ukraine has undoubtedly fueled a major uptick in the use of wiper malware; FortiGuard Labs research identified at least seven new wiper variants in the first half of 2022 that were used in campaigns targeting government, military and private organizations. That’s almost as many wiper variants that have been publicly detected in total since 2012, when bad actors used the Shamoon wiper to attack a Saudi Arabian oil company.

    These variants include the following variants:

    • CaddyWiper: Bad actors used this variant to wiper data and partition information from drives on systems belonging to a select number of Ukrainian organizations shortly after the war began.

    • WhisperGate: Discovered by Microsoft in mid-January being used to target organizations in Ukraine.

    • HermeticWiper: Noted in February by SentinelLabs, this tool for triggering boot failures was also found targeting Ukrainian organizations

    • IsaacWiper: A malware tool for overwriting data in disk drives and attached storage to render them inoperable.

    We also observed three other variants targeting Ukrainian companies and organizations: WhisperKill, Double Zero and AcidRain.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*