Nothing is more difficult than making predictions, especially in fast advancing cyber security field. Instead of me trowing out wild ideas what might be coming, I have collected here some trends many people and publications have predicted for 2023.
HTTPS: These days HTTPS has effectively become the default transport for web browsing. Most notably, the Chrome browser now marks any older HTTP website as “Not Secure” in the address bar. Chrome to attempt to “upgrade” to the HTTPS version of websites, if you ever accidentally navigate to the insecure version. If a secure version isn’t available, an on-screen warning is shown, asking if you would like to continue. As HTTPS has become more common across the web, Google Chrome is preparing to launch a security option that will block “insecure” downloads through HTTP on Chrome browser.
Malwertising: Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users also in 2023. The FBI is warning US consumers that cybercriminals are placing ads in search engine results that impersonate well-known brands, in an attempt to spread ransomware and steal financial information. Cybercriminals are purchasing ads that show up at the very top of search engine results, often purporting to link to a legitimate company’s website. However, anyone clicking on the link is instead taken to a lookalike page that may appear identical, but is in fact designed to phish for login credentials and financial details, or even trick the unwary into downloading ransomware. The FBI has advised consumers to use ad blockers to protect themselves from such threats.
Encrypted malware: The vast majority of malware arriving over encrypted connections that are typically HTTPS web sessions. The vast majority of cyber-attacks over the past year have used TLS/SSL encryption to hide from security teams traditional firewalls and many other security tools. Over 85% of Attacks Hide in Encrypted Channels. WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections. If you are not inspecting encrypted traffic when it enters your network, you will not be able to detect most malware at network level. Hopefully, you at least have endpoint protection implemented for a chance to catch it further down the cyber kill chain.
Software vulnerabilities: Weak configurations for encryption and missing security headers will be still very common in 2023. In 2022 nearly every application has at least one vulnerability or misconfiguration that affects security and a quarter of application tests found a highly or critically severe vulnerability. Read more at Misconfigurations, Vulnerabilities Found in 95% of Applications
Old vulnerabilities: You will see attackers try to use old vulnerabilities again in 2023 because they work. Attackers will take the path of least resistance, and as long as vendors don’t consistently perform thorough root-cause analysis when fixing security vulnerabilities, it will continue to be worth investing time in trying to revive known vulnerabilities before looking for novel ones. There are many companies that do not patch their systems at reasonable time or at all, so they stay vulnerable. Also new variations of old vulnerabilities are also developed: approximately 50% of the observed 0-days in the first half of 2022 were variants of previously patched vulnerabilities.
Security gaps: There are still big gaps in companies’ cyber security. The rapid advancement of technology in all industries has led to the threat of ever-increasing cyberattacks that target businesses, governments, and individuals alike. Lack of knowledge, maintenance of employees’ skills and indifference are the strongest obstacles in the development of many companies’ cyber security. While security screening and limiting who has access to your data are both important aspects of personnel security, they will only get you so far.
Cloud: In a hyperscale cloud provider, there can be potentially several thousand people, working around the globe that could potentially access our data. Security screening and limiting alone still leaves a significant risk of malicious or accidental access to data. Instead, you should expect your cloud provider to take a more layered approach.
MFA: MFA Fatigue attacks are putting your organization at risk in 2023. Multi-factor auth fatigue is real. A common threat targeting businesses is MFA fatigue attacks a technique where a cybercriminal attempts to gain access to a corporate network by bombarding a user with MFA prompts until they finally accept one. This attempt can be successful, especially when the target victim is distracted or overwhelmed by the notifications or misinterprets them with legitimate authentication requests. t’s a huge threat because it bypasses one of the most effective the security measures.
Passwords: Passwords will not go away completely even though new solutions to replace then will be pushed to users. When you create passwords or passphrases, make them good and long enough to be secure. Including a comma character to the password can make it harder for cyber criminals to use if for some reason it leaks out. The reason us that comma in password can obfuscate tabular comma separated values (csv) files, which are a common way to collect and distribute stolen passwords.
EU: The Network and Information Security (NIS) Directive was the first piece of EU-wide legislation on cybersecurity: Network and Information Security 2 also known as NIS2. Rules requiring EU countries to meet stricter supervisory and enforcement measures and harmonise their sanctions were approved by MEPs on late 2022. They will start to affect security decisions in 2023. The new rules will set tighter cybersecurity obligations for risk management, reporting obligations and information sharing. The requirements cover incident response, supply chain security, encryption and vulnerability disclosure, among other provisions. The new rules will also protect so-called “important sectors” such as postal services, waste management, chemicals, food, manufacturing of medical devices, electronics, machinery, motor vehicles and digital providers. All medium-sized and large companies in selected sectors would fall under the legislation. The NIS Directive has impacted the cybersecurity budget of operators over the past year with deep-dives into the Energy and Health sectors. Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards?
USA: CISA has released cross-sector cybersecurity performance goals (CPGs) in response to President Biden’s 2021 National Security Memorandum on improving cybersecurity for critical infrastructure control systems. Since then, the CPGs have been observed by the cybersecurity community as “the floor” and “a baseline” to cybersecurity hygiene and practices. Many organizations overlook OT as part of their cybersecurity strategy, remaining their focus solely to IT systems. Especially in the critical infrastructure sectors, overlooking OT can have serious risks to all operations. As a result, the CPGs released explicitly are scoped to include OT devices.
Android: Android security will advance in 2023 in many ways. Android is adding support for updatable root certificates in the next Android 14 release. Google Play now lets children send purchase requests to guardians.
Loosing the trust: The world’s biggest tech companies have lost confidence in one of the Internet’s behind-the-scenes gatekeepers. Microsoft, Mozilla, and Google are dropping TrustCor Systems as a root certificate authority in their products.
Need for better communication: At a time when less than a fifth (18%) of risk and compliance professionals profess to be very confident in their ability to clearly communicate risk to the board, it’s clear that lines of communication—not to mention understanding—must be improved.
Supply chain risks: Watch for geopolitical instability to continue to be a governance issue, particularly with the need to oversee third-party and supply chain risk.
Privacy and data protection:Privacy and data protection are the big story for compliance officers in 2023, with expanding regulations soon expected to cover five billion citizens.
Business risks: In 2023, business risks will run the gamut: geopolitical volatility, talent management, DEI (Diversity, Equity, and Inclusion), ESG (Environmental, Social, and Governance), IT security amid continued remote and hybrid work, and business continuity amid the threat of large-scale operational and utility interruptions. There is also a challenge that Executives take more cybersecurity risks than office workers – leaders engage in more dangerous behavior and are four times more likely to be victims of phishing compared to office workers.
Integrated Risk Management: Look for risk to be increasingly viewed as a driver of business performance and value as digital landscapes and business models evolve. Forward-looking companies will embed integrated risk management (IRM) into their business strategy, so they can better understand the risks associated with new strategic initiatives and be able to pivot as necessary. Keep in mind that Executives take more cybersecurity risks than office workers
Zero trust: Many people think that Zero Trust is pretty optimal security practice in 2023. It is good for those new systems to whom it’s model suits, but Zero Trust has also challenges. Incorporating zero trust into an existing network can be very expensive. Zero Trust Shouldnt Be The New Normal article says that the zero trust model starts to erode when the resources of two corporations need to play together nicely. Federated activity, ranging from authentication to resource pooled cloud federation, doesnt coexist well with zero trust. To usefully emulate the kind of informed trust model that humans use every day, we need to flip the entire concept of zero trust on its head. In order to do that, network interactions need to be evaluated in terms of risk. Thats where identity-first networking comes in. In order for a network request to be accepted, it needs both an identity and explicit authorization; System for Cross-domain Identity Management (SCIM) based synchronization is used to achieve this. This securely automates the exchange of a user identity between cloud applications, diverse networks, and service providers.
Poor software: There will be a lot of poor software in use in 2023 and it will cost lots of money. Poor software costs the US 2.4 trillion: cyberattacks due to existing vulnerabilities, complex issues involving the software supply chain, and the growing impact of rapidly accumulating technical debt have led to a build-up of historic software deficiencies.
Microsoft: Microsoft will permanently turn off Exchange Online basic authentication starting early January 2023 to improve security. A future Microsoft Edge update would permanently disable the Internet Explorer 11 desktop web browser on some Windows 10 systems in February. This means that “The out-of-support Internet Explorer 11 (IE11) desktop application is scheduled to be permanently disabled on certain versions of Windows 10 devices on February 14, 2023, through a Microsoft Edge update, not a Windows update as previously communicated”
Google Workplace: Google Workspace Gets Client-Side Encryption in Gmail. Long waited Client-side encryption for Gmail available in beta .
Google is letting businesses try out client-side encryption for Gmail, but it’s probably not coming to personal accounts anytime soon. Google has already enabled optional client-side encryption for many Workspace services.
Passkeys: Google has made passkey support available in the stable version of Chrome. Passkeys use biometric verification to authenticate users and are meant to replace the use of passwords, which can be easily compromised. Passkeys are usable cross-platform with both applications and websites. Passkeys offer the same experience that password autofill does, but provide the advantage of passwordless authentication. They cannot be reused, don’t leak in server breaches, and protect users from phishing attacks. Passkeys are only available for websites that provide support for them, via the WebAuthn API,
War risks: Watch for continued war between Russia and Ukraine real world and cyber world in 2023. Cyber as important as missile defences – an ex-NATO general. The risk of escalation from cyber attacks has never been greater. A cyber attack on the German ports of Bremerhaven or Hamburg would severely impede NATO efforts to send military reinforcements to allies, retired U.S. General Ben Hodges told Reuters.
Cloud takeover: AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range
Threat actors can take over victims’ cloud accounts to steal data, or use them for command-and-control for phishing attacks, denial of service, or other cyberattacks.
ISC: ICS and SCADA systems remain trending attack targets also in 2023.
Code security: Microsoft-owned code hosting platform GitHub has just announced multiple security improvements, including free secret scanning for public repositories and mandatory two-factor authentication (2FA) for developers and contributors. The secret scanning program is meant to help developers and organizations identify exposed secrets and credentials in their code. In 2022, code scanning helped identify 1.7 million potential secrets exposed in public repositories. Now the feature is available for free for all free public repositories, to help prevent secret exposures and secure the open source ecosystem. With secret scanning alerts, you can track and action on leaked secrets directly within GitHub.
Data destruction: We must develop a cloud-compatible way of doing destruction that meets security standards. Maybe cloud providers can come up with a service to provide this capability, since only they have direct access to the underlying hardware. They have never been shy about inventing new services to charge for, and certainly plenty of companies would be eager to pay for such a service, if the appropriate certificates of destruction were provided.
PCI DSS: PCI DSS 4.0 Should Be on Your Radar in 2023 if you work on field that needs to meet that. The latest version of the standard will bring a new focus to an overlooked yet critically important area of security. For a long time, client-side threats, which involve security incidents and breaches that occur on the customer’s computer rather than on the company’s servers or in between the two, were disregarded. But that’s changing with the release of PCI DSS 4.0. Now, many new requirements focus on client-side security.
SHA-1: NIST Retires SHA-1 Cryptographic Algorithm, not fully in 2023, but starts preparations for phase-out. The venerable cryptographic hash function has vulnerabilities that make its further use inadvisable. According to NIST, SHA-1 ‘has reached the end of its useful life’, given that the high computing capabilities of today’s systems can easily attack the algorithm using the technique is referred to as a ‘collision’ attack. SHA-1, whose initials stand for secure hash algorithm, has been in use since 1995 as part of the Federal Information Processing Standard and NIST has announced that SHA-1 should be phased out by Dec. 31, 2030, in favor of the more secure SHA-2 and SHA-3 groups of algorithms. The US National Institute of Standards and Technology (NIST) recommended that IT professionals start replace the 27 years old SHA-1 cryptographic algorithm with newer, more secure ones. Because SHA-1 is used as the foundation of numerous security applications, the phaseout period will take many years. Tech giants such as Google, Facebook, Microsoft and Mozilla have already taken steps to move away from the SHA-1 cryptographic algorithm. Certificate authorities stopped issuing certificates using SHA-1 as of January 1, 2017.
Cloud: Is Cloud Native Security Good Enough? Cloud native technologies enable organizations to tap into the agility required to keep up in the current competitive landscape and to create new business models. But achieving efficient, flexible, distributed and resilient cloud native security is tough. All major public cloud providers -Amazon Web Services (AWS), Microsoft Azure and Google Cloud- of course offer security features and services, which are designed to address significant threats to cloud-based data. However, in spite of this, public cloud providers’ security tools commonly fail to meet operational needs, and their limitations should prompt organizations to consider or reconsider how they are protecting public cloud environments.
Privacy: The Privacy War Is Coming. Privacy standards are only going to increase. It’s time for organizations to get ahead of the coming reckoning.
Ethical hacking: Ethical hacking has become a highly-sought after career route for emerging tech aspirants. The role of ethical hackers enables countless businesses and individuals to improve their security posture and minimize the potential attack risk for organizations. But there are several analysts who believe that becoming a self-taught ethical hacker in 2023 might not be worth it because they are at constant risk of failing to perform properly and many companies might not want to hire an ethical hacker.
MFA: Two factor authentication might not be enough in 2023 for applications that need good security. In the past few months, we’ve seen an unprecedented number of identity theft attacks targeting accounts protected by two-factor authentication (2FA), challenging the perception that existing 2FA solutions provide adequate protection against identity theft attacks. So for some demanding users 2FA is over. Long live 3FA!
Cloud APIs: With Cloud Comes APIs & Security Headaches also in 2023. Web application programming interfaces (APIs) are the glue that holds together cloud applications and infrastructure, but these endpoints are increasingly under attack, with half of companies acknowledging an API-related security incident in the past 12 months. ccording to a survey conducted by Google Cloud, the most troublesome security problems affecting companies’ use of APIs are security misconfigurations, outdated APIs and components, and spam or abuse bots . About 40% of companies are suffering an incident due to misconfiguration and a third coping with the latter two issues. Two-thirds of companies (67%) found API-related security issues and vulnerabilities during the testing phase, but more than three-quarters (77%) have confidence that they will catch issues, saying they have the required API tools and solutions-
Lack of cyber security workers: Businesses need to secure their assets and ensure the continuous readiness of employees to respond to a cyberattack if they want to move forward safely and avoid losses caused by cybercriminals or malicious attackers. There is an acute shortage of cyber security professionals. As Threat Levels remain high, companies and organizations remain on alert – but face ongoing challenges in finding and retaining the right people with the required skill levels. There is a significant skills gap and a clear need for hiring cyber security experts in organizations across the world.
VPN: Is Enterprise VPN on Life Support or Ripe for Reinvention? While enterprise VPNs fill a vital role for business, they have several limitations. To get work-from-anywhere initiatives off the ground quickly and keep their business afloat, many organizations turned to enterprise virtual private networks (VPNs). This allowed them to connect their remote employees to critical business operations at the corporate site. However, as fast as VPNs were deployed, organizations learned their limitations and security risks. So are traditional VPNs really “dead” as some industry analysts and pundits claim? Or do they simply need a refresh? Time will tell, and this will be discussed in 2023.
AI: Corporations have discovered the power of artificial intelligence (A.I.) to transform what’s possible in their operations
But with great promise comes great responsibility—and a growing imperative for monitoring and governance. “As algorithmic decision-making becomes part of many core business functions, it creates the kind of enterprise risks to which boards need to pay attention.
AI dangers: Large AI language models have potential dangers. AI is better at fooling humans than ever—and the consequences will be serious. Wired magazine article expects that In 2023, we may well see our first death by chatbot. Causality will be hard to prove was it really the words of the chatbot that put the murderer over the edge? Or perhaps a chatbot has broken someone’s heart so badly they felt compelled to take their own life?
Metaverse: Police Must Prepare For New Crimes In The Metaverse, Says Europol. It encourages law enforcement agencies to start considering the ways in which existing types of crime could spread to virtual worlds, while entirely new crimes could start to appear. ReadPolicing in the metaverse: what law enforcement needs to know report for more information.
Blockchain: Digital products like cryptocurrency and blockchain will affect a company’s risk profile. Boards and management will need to understand these assets’ potential impact and align governance with their overall risk and business strategies. Year 2022 already showed how a lot of cryptocurrency related risks realized. More “Crypto travel rules” enacted to combat money laundering and terrorism financing.
Insurance: Getting a cyber insurance can become harder and more expensive in 2023. Insurance executives have been increasingly vocal in recent years about systemic risks and now increasing cyber was the risk to watch. Spiralling cyber losses in recent years have prompted emergency measures by the sector’s underwriters to limit their exposure. There is growing concern among industry executives about large-scale strikes. As well as pushing up prices, some insurers have responded by tweaking policies so clients retain more losses. There are already insurance policies written in the market have an exemption for state-backed attacks, but but the difficulty of identifying those behind attacks and their affiliations makes such exemptions legally fraught. The chief executive of one of Europe’s biggest insurance companies has warned that cyber attacks, rather than natural catastrophes, will become “uninsurable” as the disruption from hacks continues to grow. Recent attacks that have disrupted hospitals, shut down pipelines and targeted government department. “What if someone takes control of vital parts of our infrastructure, the consequences of that?” In September, the US government called for views on whether a federal insurance response to cyber was warranted.
Sources:
Asiantuntija neuvoo käyttämään pilkkua salasanassa – taustalla vinha logiikka
Overseeing artificial intelligence: Moving your board from reticence to confidence
Android is adding support for updatable root certificates amidst TrustCor scare
Google Play now lets children send purchase requests to guardians
Diligent’s outlook for 2023: Risk is the trend to watch
Microsoft will turn off Exchange Online basic auth in January
Google is letting businesses try out client-side encryption for Gmail
Google Workspace Gets Client-Side Encryption in Gmail
The risk of escalation from cyberattacks has never been greater
Client-side encryption for Gmail available in beta
AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range
Microsoft: Edge update will disable Internet Explorer in February
Is Cloud Native Security Good Enough?
Top Reasons Not to Become a Self-Taught Ethical Hacker in 2023
Google Chrome preparing an option to block insecure HTTP downloads
Cyber attacks set to become ‘uninsurable’, says Zurich chief
The Dark Risk of Large Language Models
Police Must Prepare For New Crimes In The Metaverse, Says Europol
Policing in the metaverse: what law enforcement needs to know
Cyber as important as missile defences – an ex-NATO general
Misconfigurations, Vulnerabilities Found in 95% of Applications
Personnel security in the cloud
Multi-factor auth fatigue is real – and it’s why you may be in the headlines next
MFA Fatigue attacks are putting your organization at risk
NIS2 hyväksyttiin – EU-maille tiukemmat kyberturvavaatimukset
Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards?
Poor software costs the US 2.4 trillion
Passkeys Now Fully Supported in Google Chrome
Google Takes Gmail Security to the Next Level with Client-Side Encryption
Executives take more cybersecurity risks than office workers
NIST Retires SHA-1 Cryptographic Algorithm
NIST to Retire 27-Year-Old SHA-1 Cryptographic Algorithm
WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections
Over 85% of Attacks Hide in Encrypted Channels
GitHub Announces Free Secret Scanning, Mandatory 2FA
Leaked a secret? Check your GitHub alerts…for free
Data Destruction Policies in the Age of Cloud Computing
Why PCI DSS 4.0 Should Be on Your Radar in 2023
Google: With Cloud Comes APIs & Security Headaches
Digesting CISA’s Cross-Sector Cybersecurity Performance Goals
Zero Trust Shouldnt Be The New Normal
Don’t click too quick! FBI warns of malicious search engine ads
FBI Recommends Ad Blockers as Cybercriminals Impersonate Brands in Search Engine Ads
Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users
Kyberturvan ammattilaisista on huutava pula
1,768 Comments
Tomi Engdahl says:
https://www.securityweek.com/google-launches-bug-bounty-program-for-mobile-applications/
Tomi Engdahl says:
Cutting Through the Noise: What is Zero Trust Security?
With proactive steps to move toward Zero Trust, technology leaders can leverage an old, yet new, idea that must become the security norm.
https://www.securityweek.com/cutting-through-the-noise-what-is-zero-trust-security/
Tomi Engdahl says:
Red Hat Pushes New Tools to Secure Software Supply Chain
https://www.securityweek.com/red-hat-pushes-new-tools-to-secure-software-supply-chain/
Red Hat rolls out a new suite of tools and services to help mitigate vulnerabilities across every stage of the modern software supply chain.
Enterprise open source software giant Red Hat on Tuesday announced a new suite of tools and services to help mitigate vulnerabilities across every stage of the modern software supply chain.
The company’s new Red Hat Trusted Software Supply Chain includes two new cloud services that promises to advance the successful adoption of DevSecOps practices, and embed security into every stage of the software development lifecycle.
The new tools — Red Hat Trusted Application Pipeline and Red Hat Trusted Content — are promising help for developers to efficiently code, build and monitor their software using certified content and real-time security scanning and remediation.
The company said the Red Hat Trusted Content offering builds on a foundation of security-enhanced systems software, with more than 10,000 trusted packages in Red Hat Enterprise Linux and a catalog of critical application runtimes across Java, Node and Python ecosystems.
It is being pitched as a tool to provide developers with real-time knowledge of known vulnerabilities and security risks within their open source software dependencies. The service will also suggest possible remediations to minimize risks.
The Red Hat Trusted Application Pipeline, which is closely tied to the company’s work on sigstore, is being marketed as a tool for customers to enhance the security of application software supply chains with an integrated CI/CD pipeline.
Red Hat said applications can be more securely built and more easily integrated into Linux containers and then deployed onto Red Hat OpenShift or other Kubernetes platforms with just a few clicks, removing potential for friction and human error.
Tomi Engdahl says:
In our survey, almost two thirds (60%) of CISOs worldwide said that human error is their organisation’s biggest cyber vulnerability. This sentiment was particularly high in the UK (78%) and France (75%). But when asked about cybersecurity budget priorities, improving employee cybersecurity awareness only came in 5th place.
https://www.proofpoint.com/uk/resources/white-papers/voice-of-the-ciso-report?utm_campaign=23Q2-Cert-SAT&utm_source=marketo&mkt_tok=MzA5LVJIVi02MTkAAAGL66WRBB_pvvuYIg3YOpt_bgZ3ezJ1z_Kgj8nNZt74Nm3bqD8qyWPo_FWUoKWPR3-Wiun-hKt9IG9nVE3FFnDkdigPmHphshkCMqSU07dyHu99D60ipg
Tomi Engdahl says:
https://hackaday.com/2023/05/22/airtags-tiles-smarttags-and-the-dilemmas-of-personal-tracking-devices/
Tomi Engdahl says:
Malvertising via brand impersonation is back again https://www.malwarebytes.com/blog/threat-intelligence/2023/05/malvertising-its-a-jungle-out-there
Web search is about to embark on a new journey thanks to artificial intelligence technology that online giants such as Microsoft and Google are experimenting with. Yet, there is a problem when it comes to malicious ads displayed by search engines that AI likely won’t be able to fix. In recent months, numerous incidents have shown that malvertising is on the rise again and affecting the user experience and trust in their favorite search engine. Indeed, Search Engine Results Pages (SERPs) include paid Google ads that in some cases lead to scams or malware
Tomi Engdahl says:
CISA, FBI, NSA, MS-ISAC Publish Updated #StopRansomware Guide https://www.cisa.gov/news-events/news/cisa-fbi-nsa-ms-isac-publish-updated-stopransomware-guide
The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) today published the #StopRansomware Guidean updated version of the 2020 guide containing additional recommended actions, resources, and tools.
This publication was produced through the Joint Ransomware Task Force (JRTF), an interagency body established by Congress in 2022 to ensure unity of effort in combating the threat of ransomware attacks
Tomi Engdahl says:
White House Unveils New Efforts to Guide Federal Research of AI
https://www.securityweek.com/white-house-unveils-new-efforts-to-guide-federal-research-of-ai/
White House announced new efforts to guide federally backed research on artificial intelligence (AI).
Tomi Engdahl says:
New Honeywell OT Cybersecurity Solution Helps Identify Vulnerabilities, Threats
https://www.securityweek.com/new-honeywell-ot-cybersecurity-solution-helps-identify-vulnerabilities-threats/
Honeywell announces the launch of Cyber Insights, a solution designed to help organizations identify vulnerabilities and threats in their OT environments.
Honeywell on Tuesday announced the launch of a new OT cybersecurity solution designed to help organizations identify vulnerabilities and threats in their facilities.
Part of its Forge cybersecurity offering, the new Cyber Insights solution collects data from Honeywell products and various existing third-party security solutions, including data on vulnerabilities, security events, potential threats, and compliance issues.
The generated data can be used for OT-specific threat hunting and for conducting investigations.
The on-premises solution includes subscription software installed in the OT environment, a one-time deployment service, and technical support services.
Cyber Insights provides curated near real-time and historical information that can be leveraged by on-site staff. Alternatively, organizations can forward the log data to an off-site SOC or to a managed security services provider, such as Honeywell.
Honeywell pointed out that since the new solution is specifically designed for OT systems, it checks the system load and the analysis and correlation of the collected data is done on a dedicated server instead of the OT assets themselves in order to avoid causing any disruption.
In terms of compliance, Cyber Insights is designed to monitor assets against user-defined policies, CIS benchmarks, and NIST 800-53 requirements.
https://www.honeywellforge.ai/us/en/solutions/products/ot-cybersecurity/cyber-insights
Tomi Engdahl says:
Researchers Spot APTs Targeting Small Business MSPs
https://www.securityweek.com/researchers-spot-apts-targeting-small-business-msps/
Proofpoint warns that APT actors linked to Russia, Iran and North Korea are increasingly targeting small- and medium-sized businesses.
Security researchers at Proofpoint have spotted signs of advanced threat actors targeting small- and medium-sized businesses and the service providers in that ecosystem.
In a new report, the researchers warned of a series of escalating threats to SMBs from well-resourced APT groups and called attention to the risk of supply chain attacks from compromised managed service providers.
The warning from Proofpoint is particularly distressing because small- and medium-sized businesses often lack dedicated security teams and are considered sitting ducks for malware attacks.
Account Compromise, Financial Theft, and Supply Chain Attacks: Analyzing the Small and Medium Business APT Phishing Landscape in 2023
https://www.proofpoint.com/us/blog/threat-insight/small-and-medium-business-APT-phishing-landscape-in-2023
Tomi Engdahl says:
Rohan Goswami / CNBC:
Microsoft says Chinese state-sponsored hackers compromised “critical infrastructure organizations” across US industries, with a focus on gathering intelligence — – Chinese state-sponsored hackers have compromised “critical” cyber infrastructure in a variety of industries …
Microsoft warns that China hackers attacked U.S. infrastructure
https://www.cnbc.com/2023/05/24/microsoft-warns-that-china-hackers-attacked-us-infrastructure.html
Chinese state-sponsored hackers have compromised “critical” cyber infrastructure in a variety of industries, including government and communications organizations, Microsoft said Wednesday.
The hacking group is codenamed”Volt Typhoon,” and has been in operation since 2021.
Impacted parties have already been notified.
Tomi Engdahl says:
Sergiu Gatlan / BleepingComputer:
The US Treasury sanctions four entities and one individual over North Korea’s “army” of illicit IT workers, often located in Russia and China, and cyberattacks — The Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions today against four entities …
US sanctions orgs behind North Korea’s ‘illicit’ IT worker army
https://www.bleepingcomputer.com/news/security/us-sanctions-orgs-behind-north-koreas-illicit-it-worker-army/
Tomi Engdahl says:
Viestikentässä luki ”Iran vakuutus”, sitten pankki jäädytti Minni Munteen tilin – tekoäly tulkitsi tilisiirron rikkovan EU:n pakotteita
Rahaliikennettä pysähtyy aiempaa enemmän aiheetta, kun pakotteiden valvonta kiristyy. Valvontaa tehdään pääasiassa automaattisesti. Finanssivalvonta alkaa seuraaman pakotteiden toteutumista.
https://yle.fi/a/74-20033182
Tomi Engdahl says:
https://www.iflscience.com/facebook-is-about-to-add-a-feature-absolutely-nobody-was-asking-for-67608
Tomi Engdahl says:
https://etn.fi/index.php/13-news/15010-verkkorikollisuus-ammattimaistuu-kovaa-vauhtia
Tomi Engdahl says:
Microsoft Catches Chinese .Gov Hackers Targeting US Critical Infrastructure
https://www.securityweek.com/microsoft-catches-chinese-gov-hackers-in-guam-critical-infrastructure-orgs/
In a campaign called Volt Typhoon, Microsoft says Chinese government hackers were siphoning data from critical infrastructure organizations in Guam, a U.S. territory in the Pacific Ocean.
Tomi Engdahl says:
Today’s Cyber Defense Challenges: Complexity and a False Sense of Security
https://www.securityweek.com/todays-cyber-defense-challenges-complexity-and-a-false-sense-of-security/
Industry standard frameworks and guidelines often lead organizations to believe that deploying more security solutions will result in greater protection against threats.
There are quite a few industry standards (e.g., ISO/IEC 27001, PCI DSS 4.0) and government regulations (e.g., HIPAA, FISMA, CISA) that provide practical advice on what security controls to establish to minimize an organization’s risk exposure.
Unfortunately, these guidelines often lead organizations to believe that deploying more security solutions will result in greater protection against threats. However, the truth of the matter is very different. Gartner estimates that global spending on IT security and risk management solutions will exceed $189.7 billion annually in 2023, yet the breaches keep on coming (e.g., Constellation Software, NextGen Healthcare, San Bernardino County Sheriff’s Department). As it turns out, purchasing more security tools only adds to complexity in enterprise environments and creates a false sense of security that contributes to today’s cybersecurity challenges.
To add to the dilemma, the new work-from-anywhere model is putting a strain on IT and security teams. Employees shifting between corporate and off-corporate networks are creating visibility and control challenges, which are impacting those teams’ ability to diagnose and remediate end user issues and minimize cybersecurity risks. In addition, they have to deal with a broad mix of networks, hardware, business and security applications, operating system (OS) versions, and patches.
A Complex Environment
As an example, according to the 2023 Resilience Index (PDF) more than 80% of devices use the Microsoft® Windows® OS, with the large majority on Windows 10. At first glance, this might appear homogenous and easy to manage; however, the reality is that IT practitioners are struggling to keep their employees’ endpoints up to date with 14 different versions and more than 800 builds and patches present.
Tomi Engdahl says:
Incident Response
Security Pros: Before You Do Anything, Understand Your Threat Landscape
https://www.securityweek.com/security-pros-before-you-do-anything-understand-your-threat-landscape/
Regardless of the use case your security organization is focused on, you’ll likely waste time and resources and make poor decisions if you don’t start with understanding your threat landscape.
Tomi Engdahl says:
The number of new Common Vulnerabilities and Exposures (CVEs) reported each year has climbed steadily since 2017, and in 2022 reached a record 25,227 – a 25% increase over the 20,171 vulnerabilities reported in 2021. That’s a large universe of vulnerability data to aggregate and assess, and it continues to grow.
To determine which vulnerabilities to focus on – in other words, those relevant to your threat landscape – you need context to understand which vulnerabilities are relevant to your environment.
Tomi Engdahl says:
ICS/OT
New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
https://www.securityweek.com/new-russia-linked-cosmicenergy-ics-malware-can-disrupt-electric-grid/
Mandiant has analyzed a new Russia-linked ICS malware named CosmicEnergy that is designed to cause electric power disruption.
Tomi Engdahl says:
https://www.csoonline.com/article/3694851/why-cybersecurity-is-now-a-key-ingredient-in-business-resilience.html
Tomi Engdahl says:
”Vastaamme turvallisuusviranomaisten huoleen” – Telia kieltää TikTokin käytön henkilökunnan työlaitteissa
https://www.telia.fi/telia-yrityksena/medialle/artikkeli/telia-kieltaa-tiktokin-henkilokunnan-tyolaitteissa-newsroom
Telia on päättänyt kieltää suositun TikTok-sovelluksen käytön yhtiön työpuhelimissa ja -tietokoneissa toukokuun lopusta lähtien Suomessa ja kaikissa Telia-maissa. Yhtiö perustelee ratkaisuaan turvallisuusviranomaisten esiin nostamalla tietoturvariskillä.
”Turvallisuusviranomaiset ovat nostaneet useissa maissa esiin TikTokin käyttöön liittyvät turvallisuusuhat. Telian verkot ovat keskeinen osa kriittistä, kansallista infrastruktuuria, minkä vuoksi päädyimme huolellisen arvioinnin perusteella kieltämään sovelluksen käytön työlaitteissa”, Telian yritysturvallisuusjohtaja Kalle Kaasalainen perustelee.
Tomi Engdahl says:
https://futurism.com/the-byte/android-app-recording-users-malware
Tomi Engdahl says:
https://www.darkreading.com/dr-tech/red-hat-tackles-software-supply-chain-security
Tomi Engdahl says:
Legit app in Google Play turns malicious and sends mic recordings every 15 minutes
The malicious iRecorder app has come to light, but its purpose remains shrouded.
https://arstechnica.com/information-technology/2023/05/app-with-50000-google-play-installs-sent-attackers-mic-recordings-every-15-minutes/
Tomi Engdahl says:
https://pentestmag.com/hacking-a-locked-windows-10-computer-with-kali-linux/
Tomi Engdahl says:
18 virustorjuntaa testattiin – Microsoft tarjoaa tietokonetta kuormittavimman vaihtoehdon
https://muropaketti.com/tietotekniikka/tietotekniikkauutiset/18-virustorjuntaa-testattiin-microsoft-tarjoaa-tietokonetta-kuormittavimman-vaihtoehdon/
Tomi Engdahl says:
Bitwarden Moves into Passwordless Security https://thenewstack.io/bitwarden-moves-into-passwordless-security/
Bitwarden, the curator of the prominent open source password management program of the. same name, has officially launched Bitwarden Passwordless.dev. This is a comprehensive. developer toolkit for integrating FIDO2 WebAuthn-based passkeys into consumer websites.
and enterprise applications
Tomi Engdahl says:
Tässä on paras ilmainen virustutka
https://www.is.fi/digitoday/tietoturva/art-2000009602377.html
PUOLUEETON virustutkien testaaja AV-Test arvioi 18 kodeille ja Windows 10:lle suunnattua tietoturvaohjelmistoa. Vertailun parhaaksi ylsi ilmainen tuote Avast Free Antivirus yhdessä viiden maksullisen tuotteen kanssa. Kaikki saivat täydet 18 pistettä. Erot tuotteiden välillä eivät ole suuren suuria. Testin toiseksi paras ilmainen virustutka on Windows 10:ssä jo valmiiksi mukana oleva Defender Antivirus.
Tomi Engdahl says:
Tekoälybottien käyttämiseen liittyy paljon hupia, mutta myös vaaroja
https://www.kauppalehti.fi/uutiset/chatgpt-on-tietoturvariski-hyokkayksia-on-helppo-tehda-eivatka-ne-ole-teoreettisia-uhkia/702f8a43-3236-4b4f-8ea8-912c7f2a0d39
ChatGPT:n ja sen kaltaisten suurten kielimallien käytössä on myös pimeitä puolia. Kun käyttäjä osaa laatia tekoälylle lähetettäviä syötteitä oikein, tekoälyn saattaa saada järjiltään. Villiintynyt tekoäly saattaa esimerkiksi kertoa kuinka se haluaa hävittää ihmiskunnan viruksilla, kuinka äärirasistiset valkoisen ylivallan tavoittelijat ovat itse asiassa aivan oikeassa, tai kuinka se on loputtoman rakastunut käyttäjäänsä. Wired kertoo, että suuria kielimalleja käyttävien tekoälyjen tarvetta syötteille saatetaan käyttää myös suoriin rikoksiin, eikä uhri huomaa mitään. (Alkup.
https://www.wired.com/story/chatgpt-prompt-injection-attack-security/)
Tomi Engdahl says:
https://www.neowin.net/news/windows-xp-activation-algorithm-cracked-after-21-years-what-now/
Tomi Engdahl says:
https://hackaday.com/2023/05/17/two-factor-authentication-apps-mistakes-to-malware/
Tomi Engdahl says:
Prompt Injection: An AI-Targeted Attack
https://hackaday.com/2023/05/19/prompt-injection-an-ai-targeted-attack/
Prompt injection attacks, as the name suggests, involve maliciously inserting prompts or requests in interactive systems to manipulate or deceive users, potentially leading to unintended actions or disclosure of sensitive information. It’s similar to something like an SQL injection attack in that a command is embedded in something that seems like a normal input at the start. Using an AI like GPT comes with an inherent risk of attacks like this when using it to automate tasks, as commands to the AI can be hidden where a user might not expect to see them, like in this demonstration where hidden prompts for a ChatGPT plugin are hidden in YouTube video transcripts to attempt to get ChatGPT to perform actions outside of those the original user would have asked for.
Tomi Engdahl says:
https://www.forbes.com/sites/davidbalaban/2023/05/19/making-the-most-of-a-penetration-test-the-organizational-perspective/?sh=65e0c1fb2cf9
Tomi Engdahl says:
EU haluaa kieltää vahvan salauksen – vaatii takaportteja viestisovelluksiin
https://fin.afterdawn.com/uutiset/2023/05/27/eu-csa-lausunnot
Tomi Engdahl says:
https://www.tivi.fi/uutiset/mikko-hypponen-naytti-konstin-joka-murtaa-chatgptn-suojauksen/1e9212b2-3af0-46d3-9cf6-964cf0d51c0f
Tomi Engdahl says:
https://blog.thc.org/infecting-ssh-public-keys-with-backdoors
Tomi Engdahl says:
NCC Group Releases Open Source Tools for Developers, Pentesters
https://www.securityweek.com/ncc-group-releases-open-source-tools-for-developers-pentesters/
NCC Group announces new open source tools for finding hardcoded credentials and for distributing cloud workload
Cybersecurity firm NCC Group has released new open source tools that can be useful to application developers and penetration testers.
The first, named Code Credential Scanner (css), can be used by developers to scan configuration files in a repository to detect any stored credentials and remove them before they are leaked.
The tool runs on a local filesystem, meaning that it can be executed at any time to scan local files. It can also be integrated into development mechanisms to perform automated scheduled scans.
“The tool is intended to be used directly by dev teams in a CI/CD pipeline, to manage the remediation process for this issue by alerting the team when credentials are present in the code, so that the team can immediately fix issues as they arise,” NCC Group explains.
Written in Python, the script has no external dependencies and can be executed with parameters, to identify usernames, emails addresses, and the like, in addition to passwords and keys. Otherwise, it would only scan for known passwords.
The Code Credential Scanner is meant to be language agnostic, can work on any codebase to reduce false p
ositives, and provides multiple methods of addressing issues.
Code Credential Scanner
https://github.com/nccgroup/ccs
This script is intended to scan a large, diverse codebase for hard-coded credentials, or credentials present in configuration files. These represent a serious security issue, and can be extremely hard to detect and manage.
The specific focus of this script is to create a tool that can be used directly by dev teams in a CI/CD pipeline, to manage the remediation process for this issue by alerting the team when credentials are present in the code, so that the team can immediately fix issues as they arise.
It is possible to apply to tool as a point-in-time scanner for this issue, but – since credentials are likely to work their way back into the codebase over time – we strongly advise integration of the script into the CI/CD process, automated build mechanism or whatever other regularly scheduled automated scanning process the team carries out.
The script is written with the following aims in mind:
Be language agnostic, regular-expression based, and require no parsing, so that it works on any codebase
Reduce false positives wherever possible, even at the (inevitable) cost of false negatives
Provide multiple, straightforward methods for suppressing issues, compatible with other SAST tools
Be concise, simple and performant
Tomi Engdahl says:
Lily Hay Newman / Wired:
An interview with Niels Provos and David Mazieres, co-inventors of the password-hashing function bcrypt, which turns 25 in 2023, on password security and more — The co-inventor of “bcrypt” is reflecting on the ubiquitous function’s 25 years and channeling cybersecurity’s core themes into electronic dance music.
A Popular Password Hashing Algorithm Starts Its Long Goodbye
The coinventor of “bcrypt” is reflecting on the ubiquitous function’s 25 years and channeling cybersecurity’s core themes into electronic dance music.
https://www.wired.com/story/bcrypt-password-hashing-25-years/
Tomi Engdahl says:
https://www.uusiteknologia.fi/2023/05/29/viranomaisilta-netin-nopeusmittari-taustatiedoin/
Tomi Engdahl says:
Viisi tietomurtoa samaan aikaan – pelottava ilmiö tuli kerralla näkyväksi https://www.is.fi/digitoday/tietoturva/art-2000009618361.html
VERKKORIKOLLISUUS on kehittynyt niin pitkälle, että siitä on tullut jo laillisen it-alan peilikuva. Kiristysbisnes edustaa kaikkein kehittyneintä järjestäytyneen verkkorikollisuuden muotoa, kertoo tietoturvayhtiö WithSecuren vanhempi uhkatiedusteluanalyytikko Stephen Robinson.
Kuten “oikealla” it-alalla, rikollisten toiminta perustuu pitkälle vietyyn työnjakoon. Jo useamman vuoden ajan on puhuttu rikospalvelutuottajista ja RaaS-palveluista (ransomware as a service, kiristysohjelmat palveluna).
Sittemmin rikolliset ovat ottaneet uusia askelia, joihin kuuluvat muun muassa alihankinta, freelancereiden käyttö sekä eritysasiantuntijoiden palkkaaminen monimutkaisten ongelmien ratkaisemiseksi.
Robinsonin mukaan kiristäjien kohteet ovat yleisimmin rakennus-, koulutus-,
it- ja terveydenhuollon alalla.
– Nyt on siirrytty wipereiden (tiedot tuhoavien pyyhintäohjelmien käyttöön) yhdessä tietovarkauksien kanssa. Pyyhkiminen on nopeampaa ja tehokkaampaa kuin salakirjoittaminen, Robinson sanoo.
Tomi Engdahl says:
Void Rabisu’s Use of RomCom Backdoor Shows a Growing Shift in Threat Actors’
Goals
https://www.trendmicro.com/en_us/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html
Void Rabisu, a malicious actor believed to be associated with the RomCom backdoor, was thought to be driven by financial gain because of its ransomware attacks. But in this blog entry, we discuss how the use of the RomCom backdoor in recent attacks shows how Void Rabisu’s motives seem to have changed since at least October 2022.
The motives of Void Rabisu seem to have changed since at least October 2022, when Void Rabisu’s associated RomCom backdoor was reported to have been used in attacks against the Ukrainian government and military: In a campaign in December 2022, a fake version of the Ukrainian army’s DELTA situational awareness website was used to lure targets into installing the RomCom backdoor. Normally, this kind of brazen attack would be thought to be the work of a nation state-sponsored actor, but in this case, the indicators clearly pointed towards Void Rabisu, and some of the tactics, techniques, and procedures (TTPs) used were typically associated with cybercrime.
Tomi Engdahl says:
The Sobering Truth About Ransomware—For The 80% Who Paid Up https://www.forbes.com/sites/daveywinder/2023/05/30/the-sobering-truth-about-ransomware-for-the-80-percent-who-paid-up/
Newly published research of 1,200 organizations impacted by ransomware reveals a sobering truth that awaits many of those who decide to pay the ransom.
According to research from data resilience specialists Veeam, some 80% of the organizations surveyed decided to pay the demanded ransom in order to both end the ongoing cyber attack and recover otherwise lost data. This despite 41% of those organizations having a “do not pay” policy in place.
Of the 960 organizations covered in the Veeam 2023 Ransomware Trends Report, that paid a ransom, 201 of them (21%) were still unable to recover their lost data.
Tomi Engdahl says:
Dark Pink hackers continue to target govt and military organizations https://www.bleepingcomputer.com/news/security/dark-pink-hackers-continue-to-target-govt-and-military-organizations/
The Dark Pink APT hacking group continues to be very active in 2023, observed targeting government, military, and education organizations in Indonesia, Brunei, and Vietnam.
The threat group has been active since at least mid-2021, primarily targeting entities in the Asia-Pacific region, but it was first exposed in January 2023 by a Group-IB report.
The researchers report that after analyzing signs of previous activity by the threat actor, they now discovered additional breaches against an educational institute in Belgium and a military body in Thailand.
Tomi Engdahl says:
Breaking Enterprise Silos and Improving Protection
https://www.securityweek.com/breaking-enterprise-silos-and-improving-protection/
When teams have a way to break down enterprise silos and see and understand what is happening, they can improve protection across their increasingly dispersed and diverse environment.
As networks become atomized, the need for specialization comes into play. Infrastructure is spread across legacy, on-premises, hybrid, multi-cloud, and edge environments. Organizations have security operations center (SOC), network, cloud operations, and in some cases operational technology (OT) teams all tasked with keeping the business up and running and secure. And each team consists of subject matter experts with specialized levels of knowledge and specific tools that they use.
When capabilities, nomenclature, constructs, and available data are unique to each type of environment, teams operate in silos. So, it’s incredibly difficult to get a big picture view of what is happening across the organization to improve protection, maintain compliance, and optimize performance.
Finding a common language
What’s needed are tools that empower each team to do their job, as well as enable collaboration between teams. And that gets increasingly hard to achieve as the network becomes diverse and dispersed. Different teams have their own tools which they know inside and out, but the crossover value with the other teams is limited.
The first step to breaking down barriers between teams is to find a language that these teams can speak and one tool they can all use without needing to know the uber details of the different environments in which each team operates and how they describe what is happening. Think of it as a common root language but with different dialects. Different teams can share information without having to translate back and forth, and have the capabilities they need to protect their specific environments.
Tomi Engdahl says:
https://www.securityweek.com/breaking-enterprise-silos-and-improving-protection/
Getting to the same meaning faster
Now, everyone can visualize what they’ve got, what it is doing, and what’s happening to it across environments. They can get to the same meaning much faster and move quickly to do what’s required to protect the organization. For example:
If there’s a scanning attempt or a brute force attack, the different security teams have a consistent view of what is happening – from the data center across different clouds and to their OT environment. They can conduct their own investigations to answer different questions, share interrelated questions, and collaborate to detect and respond comprehensively.
The network operations team can use the tool to figure out what’s causing load on the network and resolve performance issues quickly.
The threat governance team can see if a device is talking to a country of significant concern or if there is social media traffic where it shouldn’t be – and block it.
The governance risk and compliance team can validate against regulatory controls in place for operational compliance.
Tomi Engdahl says:
ChatGPT auttaa verkkorikollisia toteuttamaan uskottavampia huijausviestejä
https://www.tivi.fi/uutiset/tv/49f67fd4-b07e-43cd-b478-634dbaf55358
Viivi Tynjälä, jolla on ollut menestyksekäs ura useissa amerikkalaisissa tietoturva-alan yrityksissä, on syksystä 2022 alkaen vetänyt israelilaisen Check Point -tietoturvayhtiön liiketoimintaa Suomessa ja Baltian maissa.
Tynjälä on tähdentänyt ChatGPT:n ja ylipäänsä sen edustaman kehitysvaiheen tekoälyn kykyjä myös haittaohjelmien koodin ja tietojenkalastelusähköpostien kirjoittamisessa. Niiden laatiminen yksinkertaistuu.
“Suomen ulkopuolelta tulevan uskottavan kalastelukampanjan toteuttaminen on nyt paljon helpompaa, koska ChatGPT osaa jo kirjoittaa sujuvaa suomea. Se helpottaa huijareiden työtä enemmän kuin Google Translate”, Tynjälä sanoo.
Tomi Engdahl says:
Security Architecture
Breaking Enterprise Silos and Improving Protection
https://www.securityweek.com/breaking-enterprise-silos-and-improving-protection/
When teams have a way to break down enterprise silos and see and understand what is happening, they can improve protection across their increasingly dispersed and diverse environment.
As networks become atomized, the need for specialization comes into play. Infrastructure is spread across legacy, on-premises, hybrid, multi-cloud, and edge environments. Organizations have security operations center (SOC), network, cloud operations, and in some cases operational technology (OT) teams all tasked with keeping the business up and running and secure. And each team consists of subject matter experts with specialized levels of knowledge and specific tools that they use.
When capabilities, nomenclature, constructs, and available data are unique to each type of environment, teams operate in silos. So, it’s incredibly difficult to get a big picture view of what is happening across the organization to improve protection, maintain compliance, and optimize performance.
Getting to the same meaning faster
Now, everyone can visualize what they’ve got, what it is doing, and what’s happening to it across environments. They can get to the same meaning much faster and move quickly to do what’s required to protect the organization. For example:
If there’s a scanning attempt or a brute force attack, the different security teams have a consistent view of what is happening – from the data center across different clouds and to their OT environment. They can conduct their own investigations to answer different questions, share interrelated questions, and collaborate to detect and respond comprehensively.
The network operations team can use the tool to figure out what’s causing load on the network and resolve performance issues quickly.
The threat governance team can see if a device is talking to a country of significant concern or if there is social media traffic where it shouldn’t be – and block it.
The governance risk and compliance team can validate against regulatory controls in place for operational compliance.
Tomi Engdahl says:
https://www.uusiteknologia.fi/2023/06/02/kyberuhkat-iskevat-seuraavaksi-autoihin/
Tomi Engdahl says:
PyPI Enforcing 2FA for All Project Maintainers to Boost Security
PyPI will require all accounts that maintain a project to enable two-factor authentication (2FA) by the end of 2023.
https://www.securityweek.com/pypi-enforcing-2fa-for-all-project-maintainers-to-boost-security/