Nothing is more difficult than making predictions, especially in fast advancing cyber security field. Instead of me trowing out wild ideas what might be coming, I have collected here some trends many people and publications have predicted for 2023.
HTTPS: These days HTTPS has effectively become the default transport for web browsing. Most notably, the Chrome browser now marks any older HTTP website as “Not Secure” in the address bar. Chrome to attempt to “upgrade” to the HTTPS version of websites, if you ever accidentally navigate to the insecure version. If a secure version isn’t available, an on-screen warning is shown, asking if you would like to continue. As HTTPS has become more common across the web, Google Chrome is preparing to launch a security option that will block “insecure” downloads through HTTP on Chrome browser.
Malwertising: Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users also in 2023. The FBI is warning US consumers that cybercriminals are placing ads in search engine results that impersonate well-known brands, in an attempt to spread ransomware and steal financial information. Cybercriminals are purchasing ads that show up at the very top of search engine results, often purporting to link to a legitimate company’s website. However, anyone clicking on the link is instead taken to a lookalike page that may appear identical, but is in fact designed to phish for login credentials and financial details, or even trick the unwary into downloading ransomware. The FBI has advised consumers to use ad blockers to protect themselves from such threats.
Encrypted malware: The vast majority of malware arriving over encrypted connections that are typically HTTPS web sessions. The vast majority of cyber-attacks over the past year have used TLS/SSL encryption to hide from security teams traditional firewalls and many other security tools. Over 85% of Attacks Hide in Encrypted Channels. WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections. If you are not inspecting encrypted traffic when it enters your network, you will not be able to detect most malware at network level. Hopefully, you at least have endpoint protection implemented for a chance to catch it further down the cyber kill chain.
Software vulnerabilities: Weak configurations for encryption and missing security headers will be still very common in 2023. In 2022 nearly every application has at least one vulnerability or misconfiguration that affects security and a quarter of application tests found a highly or critically severe vulnerability. Read more at Misconfigurations, Vulnerabilities Found in 95% of Applications
Old vulnerabilities: You will see attackers try to use old vulnerabilities again in 2023 because they work. Attackers will take the path of least resistance, and as long as vendors don’t consistently perform thorough root-cause analysis when fixing security vulnerabilities, it will continue to be worth investing time in trying to revive known vulnerabilities before looking for novel ones. There are many companies that do not patch their systems at reasonable time or at all, so they stay vulnerable. Also new variations of old vulnerabilities are also developed: approximately 50% of the observed 0-days in the first half of 2022 were variants of previously patched vulnerabilities.
Security gaps: There are still big gaps in companies’ cyber security. The rapid advancement of technology in all industries has led to the threat of ever-increasing cyberattacks that target businesses, governments, and individuals alike. Lack of knowledge, maintenance of employees’ skills and indifference are the strongest obstacles in the development of many companies’ cyber security. While security screening and limiting who has access to your data are both important aspects of personnel security, they will only get you so far.
Cloud: In a hyperscale cloud provider, there can be potentially several thousand people, working around the globe that could potentially access our data. Security screening and limiting alone still leaves a significant risk of malicious or accidental access to data. Instead, you should expect your cloud provider to take a more layered approach.
MFA: MFA Fatigue attacks are putting your organization at risk in 2023. Multi-factor auth fatigue is real. A common threat targeting businesses is MFA fatigue attacks a technique where a cybercriminal attempts to gain access to a corporate network by bombarding a user with MFA prompts until they finally accept one. This attempt can be successful, especially when the target victim is distracted or overwhelmed by the notifications or misinterprets them with legitimate authentication requests. t’s a huge threat because it bypasses one of the most effective the security measures.
Passwords: Passwords will not go away completely even though new solutions to replace then will be pushed to users. When you create passwords or passphrases, make them good and long enough to be secure. Including a comma character to the password can make it harder for cyber criminals to use if for some reason it leaks out. The reason us that comma in password can obfuscate tabular comma separated values (csv) files, which are a common way to collect and distribute stolen passwords.
EU: The Network and Information Security (NIS) Directive was the first piece of EU-wide legislation on cybersecurity: Network and Information Security 2 also known as NIS2. Rules requiring EU countries to meet stricter supervisory and enforcement measures and harmonise their sanctions were approved by MEPs on late 2022. They will start to affect security decisions in 2023. The new rules will set tighter cybersecurity obligations for risk management, reporting obligations and information sharing. The requirements cover incident response, supply chain security, encryption and vulnerability disclosure, among other provisions. The new rules will also protect so-called “important sectors” such as postal services, waste management, chemicals, food, manufacturing of medical devices, electronics, machinery, motor vehicles and digital providers. All medium-sized and large companies in selected sectors would fall under the legislation. The NIS Directive has impacted the cybersecurity budget of operators over the past year with deep-dives into the Energy and Health sectors. Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards?
USA: CISA has released cross-sector cybersecurity performance goals (CPGs) in response to President Biden’s 2021 National Security Memorandum on improving cybersecurity for critical infrastructure control systems. Since then, the CPGs have been observed by the cybersecurity community as “the floor” and “a baseline” to cybersecurity hygiene and practices. Many organizations overlook OT as part of their cybersecurity strategy, remaining their focus solely to IT systems. Especially in the critical infrastructure sectors, overlooking OT can have serious risks to all operations. As a result, the CPGs released explicitly are scoped to include OT devices.
Android: Android security will advance in 2023 in many ways. Android is adding support for updatable root certificates in the next Android 14 release. Google Play now lets children send purchase requests to guardians.
Loosing the trust: The world’s biggest tech companies have lost confidence in one of the Internet’s behind-the-scenes gatekeepers. Microsoft, Mozilla, and Google are dropping TrustCor Systems as a root certificate authority in their products.
Need for better communication: At a time when less than a fifth (18%) of risk and compliance professionals profess to be very confident in their ability to clearly communicate risk to the board, it’s clear that lines of communication—not to mention understanding—must be improved.
Supply chain risks: Watch for geopolitical instability to continue to be a governance issue, particularly with the need to oversee third-party and supply chain risk.
Privacy and data protection:Privacy and data protection are the big story for compliance officers in 2023, with expanding regulations soon expected to cover five billion citizens.
Business risks: In 2023, business risks will run the gamut: geopolitical volatility, talent management, DEI (Diversity, Equity, and Inclusion), ESG (Environmental, Social, and Governance), IT security amid continued remote and hybrid work, and business continuity amid the threat of large-scale operational and utility interruptions. There is also a challenge that Executives take more cybersecurity risks than office workers – leaders engage in more dangerous behavior and are four times more likely to be victims of phishing compared to office workers.
Integrated Risk Management: Look for risk to be increasingly viewed as a driver of business performance and value as digital landscapes and business models evolve. Forward-looking companies will embed integrated risk management (IRM) into their business strategy, so they can better understand the risks associated with new strategic initiatives and be able to pivot as necessary. Keep in mind that Executives take more cybersecurity risks than office workers
Zero trust: Many people think that Zero Trust is pretty optimal security practice in 2023. It is good for those new systems to whom it’s model suits, but Zero Trust has also challenges. Incorporating zero trust into an existing network can be very expensive. Zero Trust Shouldnt Be The New Normal article says that the zero trust model starts to erode when the resources of two corporations need to play together nicely. Federated activity, ranging from authentication to resource pooled cloud federation, doesnt coexist well with zero trust. To usefully emulate the kind of informed trust model that humans use every day, we need to flip the entire concept of zero trust on its head. In order to do that, network interactions need to be evaluated in terms of risk. Thats where identity-first networking comes in. In order for a network request to be accepted, it needs both an identity and explicit authorization; System for Cross-domain Identity Management (SCIM) based synchronization is used to achieve this. This securely automates the exchange of a user identity between cloud applications, diverse networks, and service providers.
Poor software: There will be a lot of poor software in use in 2023 and it will cost lots of money. Poor software costs the US 2.4 trillion: cyberattacks due to existing vulnerabilities, complex issues involving the software supply chain, and the growing impact of rapidly accumulating technical debt have led to a build-up of historic software deficiencies.
Microsoft: Microsoft will permanently turn off Exchange Online basic authentication starting early January 2023 to improve security. A future Microsoft Edge update would permanently disable the Internet Explorer 11 desktop web browser on some Windows 10 systems in February. This means that “The out-of-support Internet Explorer 11 (IE11) desktop application is scheduled to be permanently disabled on certain versions of Windows 10 devices on February 14, 2023, through a Microsoft Edge update, not a Windows update as previously communicated”
Google Workplace: Google Workspace Gets Client-Side Encryption in Gmail. Long waited Client-side encryption for Gmail available in beta .
Google is letting businesses try out client-side encryption for Gmail, but it’s probably not coming to personal accounts anytime soon. Google has already enabled optional client-side encryption for many Workspace services.
Passkeys: Google has made passkey support available in the stable version of Chrome. Passkeys use biometric verification to authenticate users and are meant to replace the use of passwords, which can be easily compromised. Passkeys are usable cross-platform with both applications and websites. Passkeys offer the same experience that password autofill does, but provide the advantage of passwordless authentication. They cannot be reused, don’t leak in server breaches, and protect users from phishing attacks. Passkeys are only available for websites that provide support for them, via the WebAuthn API,
War risks: Watch for continued war between Russia and Ukraine real world and cyber world in 2023. Cyber as important as missile defences – an ex-NATO general. The risk of escalation from cyber attacks has never been greater. A cyber attack on the German ports of Bremerhaven or Hamburg would severely impede NATO efforts to send military reinforcements to allies, retired U.S. General Ben Hodges told Reuters.
Cloud takeover: AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range
Threat actors can take over victims’ cloud accounts to steal data, or use them for command-and-control for phishing attacks, denial of service, or other cyberattacks.
ISC: ICS and SCADA systems remain trending attack targets also in 2023.
Code security: Microsoft-owned code hosting platform GitHub has just announced multiple security improvements, including free secret scanning for public repositories and mandatory two-factor authentication (2FA) for developers and contributors. The secret scanning program is meant to help developers and organizations identify exposed secrets and credentials in their code. In 2022, code scanning helped identify 1.7 million potential secrets exposed in public repositories. Now the feature is available for free for all free public repositories, to help prevent secret exposures and secure the open source ecosystem. With secret scanning alerts, you can track and action on leaked secrets directly within GitHub.
Data destruction: We must develop a cloud-compatible way of doing destruction that meets security standards. Maybe cloud providers can come up with a service to provide this capability, since only they have direct access to the underlying hardware. They have never been shy about inventing new services to charge for, and certainly plenty of companies would be eager to pay for such a service, if the appropriate certificates of destruction were provided.
PCI DSS: PCI DSS 4.0 Should Be on Your Radar in 2023 if you work on field that needs to meet that. The latest version of the standard will bring a new focus to an overlooked yet critically important area of security. For a long time, client-side threats, which involve security incidents and breaches that occur on the customer’s computer rather than on the company’s servers or in between the two, were disregarded. But that’s changing with the release of PCI DSS 4.0. Now, many new requirements focus on client-side security.
SHA-1: NIST Retires SHA-1 Cryptographic Algorithm, not fully in 2023, but starts preparations for phase-out. The venerable cryptographic hash function has vulnerabilities that make its further use inadvisable. According to NIST, SHA-1 ‘has reached the end of its useful life’, given that the high computing capabilities of today’s systems can easily attack the algorithm using the technique is referred to as a ‘collision’ attack. SHA-1, whose initials stand for secure hash algorithm, has been in use since 1995 as part of the Federal Information Processing Standard and NIST has announced that SHA-1 should be phased out by Dec. 31, 2030, in favor of the more secure SHA-2 and SHA-3 groups of algorithms. The US National Institute of Standards and Technology (NIST) recommended that IT professionals start replace the 27 years old SHA-1 cryptographic algorithm with newer, more secure ones. Because SHA-1 is used as the foundation of numerous security applications, the phaseout period will take many years. Tech giants such as Google, Facebook, Microsoft and Mozilla have already taken steps to move away from the SHA-1 cryptographic algorithm. Certificate authorities stopped issuing certificates using SHA-1 as of January 1, 2017.
Cloud: Is Cloud Native Security Good Enough? Cloud native technologies enable organizations to tap into the agility required to keep up in the current competitive landscape and to create new business models. But achieving efficient, flexible, distributed and resilient cloud native security is tough. All major public cloud providers -Amazon Web Services (AWS), Microsoft Azure and Google Cloud- of course offer security features and services, which are designed to address significant threats to cloud-based data. However, in spite of this, public cloud providers’ security tools commonly fail to meet operational needs, and their limitations should prompt organizations to consider or reconsider how they are protecting public cloud environments.
Privacy: The Privacy War Is Coming. Privacy standards are only going to increase. It’s time for organizations to get ahead of the coming reckoning.
Ethical hacking: Ethical hacking has become a highly-sought after career route for emerging tech aspirants. The role of ethical hackers enables countless businesses and individuals to improve their security posture and minimize the potential attack risk for organizations. But there are several analysts who believe that becoming a self-taught ethical hacker in 2023 might not be worth it because they are at constant risk of failing to perform properly and many companies might not want to hire an ethical hacker.
MFA: Two factor authentication might not be enough in 2023 for applications that need good security. In the past few months, we’ve seen an unprecedented number of identity theft attacks targeting accounts protected by two-factor authentication (2FA), challenging the perception that existing 2FA solutions provide adequate protection against identity theft attacks. So for some demanding users 2FA is over. Long live 3FA!
Cloud APIs: With Cloud Comes APIs & Security Headaches also in 2023. Web application programming interfaces (APIs) are the glue that holds together cloud applications and infrastructure, but these endpoints are increasingly under attack, with half of companies acknowledging an API-related security incident in the past 12 months. ccording to a survey conducted by Google Cloud, the most troublesome security problems affecting companies’ use of APIs are security misconfigurations, outdated APIs and components, and spam or abuse bots . About 40% of companies are suffering an incident due to misconfiguration and a third coping with the latter two issues. Two-thirds of companies (67%) found API-related security issues and vulnerabilities during the testing phase, but more than three-quarters (77%) have confidence that they will catch issues, saying they have the required API tools and solutions-
Lack of cyber security workers: Businesses need to secure their assets and ensure the continuous readiness of employees to respond to a cyberattack if they want to move forward safely and avoid losses caused by cybercriminals or malicious attackers. There is an acute shortage of cyber security professionals. As Threat Levels remain high, companies and organizations remain on alert – but face ongoing challenges in finding and retaining the right people with the required skill levels. There is a significant skills gap and a clear need for hiring cyber security experts in organizations across the world.
VPN: Is Enterprise VPN on Life Support or Ripe for Reinvention? While enterprise VPNs fill a vital role for business, they have several limitations. To get work-from-anywhere initiatives off the ground quickly and keep their business afloat, many organizations turned to enterprise virtual private networks (VPNs). This allowed them to connect their remote employees to critical business operations at the corporate site. However, as fast as VPNs were deployed, organizations learned their limitations and security risks. So are traditional VPNs really “dead” as some industry analysts and pundits claim? Or do they simply need a refresh? Time will tell, and this will be discussed in 2023.
AI: Corporations have discovered the power of artificial intelligence (A.I.) to transform what’s possible in their operations
But with great promise comes great responsibility—and a growing imperative for monitoring and governance. “As algorithmic decision-making becomes part of many core business functions, it creates the kind of enterprise risks to which boards need to pay attention.
AI dangers: Large AI language models have potential dangers. AI is better at fooling humans than ever—and the consequences will be serious. Wired magazine article expects that In 2023, we may well see our first death by chatbot. Causality will be hard to prove was it really the words of the chatbot that put the murderer over the edge? Or perhaps a chatbot has broken someone’s heart so badly they felt compelled to take their own life?
Metaverse: Police Must Prepare For New Crimes In The Metaverse, Says Europol. It encourages law enforcement agencies to start considering the ways in which existing types of crime could spread to virtual worlds, while entirely new crimes could start to appear. ReadPolicing in the metaverse: what law enforcement needs to know report for more information.
Blockchain: Digital products like cryptocurrency and blockchain will affect a company’s risk profile. Boards and management will need to understand these assets’ potential impact and align governance with their overall risk and business strategies. Year 2022 already showed how a lot of cryptocurrency related risks realized. More “Crypto travel rules” enacted to combat money laundering and terrorism financing.
Insurance: Getting a cyber insurance can become harder and more expensive in 2023. Insurance executives have been increasingly vocal in recent years about systemic risks and now increasing cyber was the risk to watch. Spiralling cyber losses in recent years have prompted emergency measures by the sector’s underwriters to limit their exposure. There is growing concern among industry executives about large-scale strikes. As well as pushing up prices, some insurers have responded by tweaking policies so clients retain more losses. There are already insurance policies written in the market have an exemption for state-backed attacks, but but the difficulty of identifying those behind attacks and their affiliations makes such exemptions legally fraught. The chief executive of one of Europe’s biggest insurance companies has warned that cyber attacks, rather than natural catastrophes, will become “uninsurable” as the disruption from hacks continues to grow. Recent attacks that have disrupted hospitals, shut down pipelines and targeted government department. “What if someone takes control of vital parts of our infrastructure, the consequences of that?” In September, the US government called for views on whether a federal insurance response to cyber was warranted.
Sources:
Asiantuntija neuvoo käyttämään pilkkua salasanassa – taustalla vinha logiikka
Overseeing artificial intelligence: Moving your board from reticence to confidence
Android is adding support for updatable root certificates amidst TrustCor scare
Google Play now lets children send purchase requests to guardians
Diligent’s outlook for 2023: Risk is the trend to watch
Microsoft will turn off Exchange Online basic auth in January
Google is letting businesses try out client-side encryption for Gmail
Google Workspace Gets Client-Side Encryption in Gmail
The risk of escalation from cyberattacks has never been greater
Client-side encryption for Gmail available in beta
AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range
Microsoft: Edge update will disable Internet Explorer in February
Is Cloud Native Security Good Enough?
Top Reasons Not to Become a Self-Taught Ethical Hacker in 2023
Google Chrome preparing an option to block insecure HTTP downloads
Cyber attacks set to become ‘uninsurable’, says Zurich chief
The Dark Risk of Large Language Models
Police Must Prepare For New Crimes In The Metaverse, Says Europol
Policing in the metaverse: what law enforcement needs to know
Cyber as important as missile defences – an ex-NATO general
Misconfigurations, Vulnerabilities Found in 95% of Applications
Personnel security in the cloud
Multi-factor auth fatigue is real – and it’s why you may be in the headlines next
MFA Fatigue attacks are putting your organization at risk
NIS2 hyväksyttiin – EU-maille tiukemmat kyberturvavaatimukset
Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards?
Poor software costs the US 2.4 trillion
Passkeys Now Fully Supported in Google Chrome
Google Takes Gmail Security to the Next Level with Client-Side Encryption
Executives take more cybersecurity risks than office workers
NIST Retires SHA-1 Cryptographic Algorithm
NIST to Retire 27-Year-Old SHA-1 Cryptographic Algorithm
WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections
Over 85% of Attacks Hide in Encrypted Channels
GitHub Announces Free Secret Scanning, Mandatory 2FA
Leaked a secret? Check your GitHub alerts…for free
Data Destruction Policies in the Age of Cloud Computing
Why PCI DSS 4.0 Should Be on Your Radar in 2023
Google: With Cloud Comes APIs & Security Headaches
Digesting CISA’s Cross-Sector Cybersecurity Performance Goals
Zero Trust Shouldnt Be The New Normal
Don’t click too quick! FBI warns of malicious search engine ads
FBI Recommends Ad Blockers as Cybercriminals Impersonate Brands in Search Engine Ads
Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users
Kyberturvan ammattilaisista on huutava pula
1,768 Comments
Tomi Engdahl says:
The open source Snapchange can replay an application execution in a KVM virtual machine, making for easier debugging and security checks.
Amazon Web Services Open Sources a KVM-Based Fuzzing Framework
https://thenewstack.io/amazon-web-services-open-sources-a-kvm-based-fuzzing-framework/?utm_source=Facebook&utm_medium=Paid+Social+Media&utm_campaign=Jun+Spon+Articles&utm_content=Fuzzing&fbclid=IwAR32FpHB7hEMZfeSPrhaWRjcRMnQGrlLT4kGTy53Xu3WjWol6Q-oiTNUVSE_aem_AZdr6V5alao-krBH6UbOjOnIpV0woAbagSl6_3tS6bK6jq-49maMwpoOzDN6WakD6cjpOnd-pBUVyYpCIsJWNaYL
The open source Snapchange can replay an application execution in a KVM virtual machine, making for easier debugging and security checks.
Tomi Engdahl says:
How Application Allowlisting Combats Ransomware Attacks https://securityintelligence.com/posts/how-allowlisting-combats-ransomware-attacks/
Ransomware attacks are on the rise in both volume and sophistication. Triple extortion (a ransomware attack on one business leading to extortion threats on its business partners) is raising the cost of attacks. Ransomware-as-a-Service puts the means to attack in the hands of smaller criminal entities, making the tactic a commodity and not just the tool of masterminds. It’s no surprise that ransomware attacks are now substantially more expensive to recover from than other types of data breaches.
Keeping attackers out of your systems altogether is ideal, but cyber criminals are persistent and inventive. So what can you do to stop ransomware attacks from succeeding?
Tomi Engdahl says:
The Trickbot/Conti Crypters: Where Are They Now?
https://securityintelligence.com/posts/trickbot-conti-crypters-where-are-they-now/
In IBM Security X-Force, we have been following the crypters used by the Trickbot/Conti syndicate, who we refer to as ITG23, since 2021 and demonstrated the intelligence that can be revealed through tracking their use in a blog we published last May. One year on, ITG23 has experienced many organizational changes, splintering into factions and forging new relationships. Despite these events, ITG23 crypters remain fundamental to tracking post-ITG23 factions and their activity; so much so that we believe identifying and tracking the crypters is just as important, if not even more so, than tracking the malware itself.
In this blog, we revisit the crypters to see where they are being deployed and examine how their presence in recent campaigns can provide insight into the current workings of the syndicate.
Tomi Engdahl says:
EU Council mulls pan-European platform to handle cyber vulnerabilities https://www.euractiv.com/section/cybersecurity/news/eu-council-mulls-pan-european-platform-to-handle-cyber-vulnerabilities/
Managing cyber vulnerabilities exploited by hackers remains the pain point of a new cybersecurity law, with the idea of a pan-European reporting platform entering the scene.
The Cyber Resilience Act is a legislative proposal introducing security requirements manufacturers must comply with before launching connected devices in the EU market.
The critical point of contention remains the reporting obligations on actively exploited vulnerability, with significant changes being discussed as shown in an updated Council text dated 15 June and seen by EURACTIV.
Tomi Engdahl says:
The Benefits of Red Zone Threat Intelligence
https://www.securityweek.com/the-benefits-of-red-zone-threat-intelligence/
Incorporating Red Zone threat intelligence into your security strategy will help you stay on top of the latest threats and better protect your organization.
Exploit trends help reveal the areas that cybercriminals are actively investigating for potential attacks and what they’re currently targeting. New intelligence allows CISOs to prioritize risk mitigation and reduce the active attack surface with an expanded “Red Zone” approach.
Tomi Engdahl says:
These days Bluetooth-based gadgets are everywhere, including for car and solar batteries. After connecting them up to the battery, you download the accompanying app on your smartphone, open it up and like magic you can keep tabs on your precious pile of chemistry that keeps things ticking along. Yet as discovered during an analysis, many of these devices will happily pass your location and other information along to remote servers….
BLUETOOTH BATTERY MONITORS THAT ALSO MONITOR YOUR POSITION, WITHOUT ASKING
https://hackaday.com/2023/06/27/bluetooth-battery-monitors-that-also-monitor-your-position-without-asking/?fbclid=IwAR374EwzKszPHmGmQ_ovj89QqdcrHjjtqwiRvYcwA_Zd6Fe8U82Y-G9MqTo
Tomi Engdahl says:
How the Navy Detected the Titan Implosion on a Secret Undersea Sensor Network
Listening posts designed to pick up on enemy submarines heard the implosion first. Here’s how it all works.
https://www.popularmechanics.com/military/weapons/a44319369/sub-implosion-detection-underwater-acoustics/?utm_medium=social-media&utm_source=facebook&utm_campaign=socialflowFBPOP&fbclid=IwAR1DavQZMB7CXUxlWHcPA3qyv5vceVcVknFh6ygfDwC2nre_B1vCT7KDV3k
Tomi Engdahl says:
https://thehackernews.com/2023/06/new-mockingjay-process-injection.html?fbclid=IwAR0UNyD82ZnzWfF2p_TrXimp0wIqAuLPuUrud9j2oHy6u4tk7icPhZUS-XU&m=1
Tomi Engdahl says:
Alert: New Electromagnetic Attacks on Drones Could Let Attackers Take Control https://thehackernews.com/2023/06/alert-new-electromagnetic-attacks-on.html
Drones that don’t have any known security weaknesses could be the target of electromagnetic fault injection (EMFI) attacks, potentially enabling a threat actor to achieve arbitrary code execution and compromise their functionality and safety.
The research comes from IOActive, which found that it is “feasible to compromise the targeted device by injecting a specific EM glitch at the right time during a firmware update.”
Tomi Engdahl says:
The Current State of Business Email Compromise Attacks https://www.bleepingcomputer.com/news/security/the-current-state-of-business-email-compromise-attacks/
Business Email Compromise (BEC) poses a growing threat to businesses of all sizes. As BEC attacks have almost doubled across the Verizon DBIR entire incident dataset and represent more than 50% of incidents within the social engineering pattern.
Attackers use various tactics to access sensitive information, such as email account compromise and using a legitimate email address to initiate the attack.
Tomi Engdahl says:
Closing The Cybersecurity Gap For Nonprofits https://www.forbes.com/sites/tonybradley/2023/06/27/closing-the-cybersecurity-gap-for-nonprofits/
In an increasingly digital world, the threat of cyberattacks looms large, affecting organizations of all sizes and across all regions and industries.
Nonprofit and humanitarian organizations, in particular, face unique challenges as they work tirelessly to provide assistance and support to vulnerable communities. Okta recognizes the importance of cybersecurity for these organizations and has taken significant steps to address the widening gap. Okta for Good, the company’s social impact initiative, recently announced several initiatives aimed at bolstering cybersecurity for nonprofits.
Tomi Engdahl says:
Securing the AI Pipeline
https://www.mandiant.com/resources/blog/securing-ai-pipeline
Artificial intelligence (AI) is a hot topic these days, and for good reason.
AI is a powerful tool.
Organizations are keen to understand how best to integrate it into their own existing business processes, technology stacks, and delivery pipelines, and ultimately drive business value.
In this blog post we will look briefly at the current state of AI, and then explore perhaps the most important question of them all: How do we secure it?
Tomi Engdahl says:
5 Things CISOs Need to Know About Securing OT Environments https://thehackernews.com/2023/06/5-things-cisos-need-to-know-about.html
For too long the cybersecurity world focused exclusively on information technology (IT), leaving operational technology (OT) to fend for itself.
Traditionally, few industrial enterprises had dedicated cybersecurity leaders.
Any security decisions that arose fell to the plant and factory managers, who are highly skilled technical experts in other areas but often lack cybersecurity training or knowledge.
Tomi Engdahl says:
https://hackaday.com/2023/06/27/bluetooth-battery-monitors-that-also-monitor-your-position-without-asking/
Tomi Engdahl says:
2,700 People Tricked Into Working for Cybercrime Syndicates Rescued in Philippines
https://www.securityweek.com/2700-people-tricked-into-working-for-cybercrime-syndicates-rescued-in-philippines/
Philippine police backed by commandos staged a massive raid and rescued more than 2,700 workers who were allegedly swindled into working for cybercrime groups.
Philippine police backed by commandos staged a massive raid on Tuesday and said they rescued more than 2,700 workers from China, the Philippines, Vietnam, Indonesia and more than a dozen other countries who were allegedly swindled into working for fraudulent online gaming sites and other cybercrime groups.
The number of human trafficking victims rescued from seven buildings in Las Pinas city in metropolitan Manila and the scale of the nighttime police raid were the largest so far this year and indicated how the Philippines has become a key base of operations for cybercrime syndicates.
Cybercrime scams have become a major issue in Asia with reports of people from the region and beyond being lured into taking jobs in countries like strife-torn Myanmar and Cambodia. However, many of these workers find themselves trapped in virtual slavery and forced to participate in scams targeting people over the internet.
In May, leaders from the Association of Southeast Asian Nations agreed in a summit in Indonesia to tighten border controls and law enforcement and broaden public education to fight criminal syndicates that traffic workers to other nations, where they are made to participate in online fraud.
Tomi Engdahl says:
Submarine Cables at Risk of Nation-State Sabotage, Spying: Report
https://www.securityweek.com/submarine-cables-at-risk-of-nation-state-sabotage-spying-report/
Recorded Future underlines threats to submarine telecommunication cables, such as the risk of intentional sabotage and spying by nation-state threat actors.
Submarine cables, the backbone of the global economy and telecommunications, are operating in an increasingly risky environment and are prone to geopolitical, physical, and cyber threats, including nation-state sabotage and spying, intelligence company Recorded Future says.
Fiber-optic submarine cables on the ocean floor transmit an estimated 99% of all intercontinental internet traffic and communications, including roughly $10 trillion of financial transactions daily and sensitive government and military communication, making them attractive targets for intelligence collection and sabotage.
The number of undersea cables has doubled over the past decade, reaching an estimated 529 cable systems in operation today, and their capacity is likely to increase, to meet the growing number of users and devices requiring internet connectivity.
In terms of intentional sabotage and spying, state-sponsored groups should be regarded as the greatest threat to submarine cables, especially with an increasing number of Chinese-owned companies operating cables, and with Russia interested in mapping the submarine cable system, very “likely for potential sabotage or disruption”, Recorded Future’s report (PDF) points out.
“Major geopolitical developments, specifically Russia’s war against Ukraine, China’s increasing coercive actions toward, and preparations for, a potential forceful unification with Taiwan, as well as the deepening rift between Beijing and Washington, will very likely be key drivers of the near-term risk environment,” Recorded Future notes.
https://go.recordedfuture.com/hubfs/reports/ta-2023-0627.pdf
Tomi Engdahl says:
Cyberwarfare
What is Cyberwar?
https://www.securityweek.com/what-is-cyberwar/
Ask any three people to define cyberwar and you will get three different answers. But as global geopolitics worsen and aggressive cyberattacks increase, this becomes more than an academic question.
https://www.securityweek.com/category/cyberwarfare/
Tomi Engdahl says:
“Brave is the only browser that will block requests to localhost resources from both secure and insecure public sites, while still maintaining a compatibility path for sites that users trust,” pledges the Brave team.
Brave Browser boosts privacy with new local resources restrictions
https://www.bleepingcomputer.com/news/security/brave-browser-boosts-privacy-with-new-local-resources-restrictions/?fbclid=IwAR1spsHomaKRFHzseGJdj5ypkLAcwox7mnVwBVY0RSl1Medpu5szj9JPgiI
Tomi Engdahl says:
Kim Zetter / Zero Day:
SolarWinds confirms the US SEC sent Wells notices to its CISO and CFO, a rare move, signaling they may face legal action over Russia’s 2020 hack of the company — In a highly rare move, the SEC sent notice to SolarWinds’ CISO, and other specific employees, indicating they may face legal action over Russia’s hack of their company.
SEC Targets SolarWinds’ CISO for Rare Legal Action Over Russian Hack
https://zetter.substack.com/p/sec-targets-solarwinds-ciso-for-possible
In a highly rare move, the SEC sent notice to SolarWinds’ CISO, and other specific employees, indicating they may face legal action over Russia’s hack of their company.
Tomi Engdahl says:
Romain Dillet / TechCrunch:
Proton launches its E2E encrypted open-source password manager Proton Pass, available for free on iOS, Android, Chrome, Firefox, Edge, and Brave — A couple of months after unveiling Proton Pass, Proton — the company behind end-to-end encrypted email service Proton Mail — is officially launching its password manager to everyone.
Proton launches its password manager Proton Pass
https://techcrunch.com/2023/06/28/proton-launches-its-password-manager-proton-pass/
A couple of months after unveiling Proton Pass, Proton — the company behind end-to-end encrypted email service Proton Mail — is officially launching its password manager to everyone. As a reminder, Proton Pass is an end-to-end encrypted password manager for individuals and (soon) families.
Everybody should use a password manager as it helps you use a different, sophisticated password for every website and service where you have an account. This way, when a service faces a data breach, your online accounts remain relatively safe. You can change your password on the targeted site and move on.
There are several options when it comes to password managers. Some enterprise-grade password managers like 1Password and Dashlane offer many features, such as the ability to store documents and receive security alerts when there’s a new data breach that could affect you.
Web browsers, such as Google Chrome and Mozilla Firefox, also have their own built-in password managers. They are more limited than dedicated products, but they are free. Apple’s operating systems (macOS, iOS, etc.) also offer a built-in password manager that works really well for people who like Apple’s ecosystem.
Tomi Engdahl says:
Submarine Cables Face Escalating Cybersecurity Threats, Report
https://www.hackread.com/submarine-cables-cybersecurity-threats/
The report also raises concerns about the increasing influence of hyperscale companies like Amazon, Google, Meta, and Microsoft in the global cable network, potentially leading to market monopolies and challenges to digital sovereignty.
Tomi Engdahl says:
MITRE releases new list of top 25 most dangerous software bugs https://www.bleepingcomputer.com/news/security/mitre-releases-new-list-of-top-25-most-dangerous-software-bugs/
MITRE shared today this year’s list of the top 25 most dangerous weaknesses plaguing software during the previous two years.
Software weaknesses encompass a wide range of issues, including flaws, bugs, vulnerabilities, and errors in software solutions’ code, architecture, implementation, or design.
In a collaborative effort involving cybersecurity authorities worldwide, a comprehensive compilation of the top 15 vulnerabilities commonly exploited in attacks throughout 2021 was released in April 2022. This joint endeavor involved notable organizations such as the NSA and the FBI.
Tomi Engdahl says:
Pro-Russia DDoSia hacktivist project sees 2,400% membership increase https://www.bleepingcomputer.com/news/security/pro-russia-ddosia-hacktivist-project-sees-2-400-percent-membership-increase/
The pro-Russia crowdsourced DDoS (distributed denial of service) project, ‘DDoSia,’ has seen a massive 2,400% growth in less than a year, with over ten thousand people helping conduct attacks on Western organizations.
The project was launched by a pro-Russian hacktivist group known as “NoName057(16)” last summer, quickly reaching 400 active members and 13,000 users on its Telegram channel.
Tomi Engdahl says:
Criminal IP Unveils Bug Bounty Program to Boost User Safety, Security https://www.bleepingcomputer.com/news/security/criminal-ip-unveils-bug-bounty-program-to-boost-user-safety-security/
Criminal IP, an OSINT-based CTI search engine provided by AI SPERA, has recently announced the introduction of a bug bounty program aimed at strengthening the safety of its services and protecting its users. Recognized globally for its exceptional performance and notable features such as IoT device exposure search and URL scanning, Criminal IP aims to address potential threats proactively.
The bug bounty program introduced by Criminal IP encourages security researchers to identify and report potentially exploitable vulnerabilities within its systems.
Tomi Engdahl says:
Rapid7: Japan Threat Landscape Takes on Global Significance
https://www.securityweek.com/rapid7-japan-threat-landscape-takes-on-global-significance/
Rapid7 analyzes the Japan threat landscape and warns that attacks against the third-largest economy in the world have global consequences
Japan is the world’s third largest economy. It attracts both criminal and nation-state cyberattacks. The effects of these attacks can be felt on a global scale.
The primary cause of cyberattacks against Japanese computer systems are the strength and quality of its manufacturing base. The size of Japanese manufacturers makes them an attractive target for criminal extortion. The quality of Japanese products makes the manufacturers’ IP an attractive target for nation-state attackers seeking to improve their own knowledge and economy.
The nature and effect of the attacks turns attacks against Japan into global events – as explained in a Rapid7 report (PDF) titled Japan and Its Global Business Footprint.
The geographical and geopolitical position of Japan places it adjacent and opposed to three of the world’s four greatest wielders of state-affiliated cyberattacks: to the east of China, the south of Russia, and close to North Korea. China and Russia have a history of using cyberespionage to steal IP for their own military or economic use. North Korea is more concerned with stealing money to support its government against global sanctions, but has been known to use ransomware to these ends. For both money and IP, Japan is an attractive target.
Tomi Engdahl says:
DOE CIO Talks to SecurityWeek About Cybersecurity, Digital Transformation
https://www.securityweek.com/doe-cio-talks-to-securityweek-about-cybersecurity-digital-transformation/
Ann Dunkin, CIO at the Department of Energy, is more concerned about cyberattack speed than attack type or source.
Tomi Engdahl says:
https://www.securityweek.com/what-is-cyberwar/
Tomi Engdahl says:
Julia Love / Bloomberg:
Police in San Francisco and other cities are obtaining warrants for Waymo and Cruise driverless car camera footage to help solve murders and other crimes — In December 2021, San Francisco police were working to solve the murder of an Uber driver. As detectives reviewed local surveillance footage …
Police Are Requesting Self-Driving Car Footage For Video Evidence
https://www.bloomberg.com/news/articles/2023-06-29/self-driving-car-video-from-waymo-cruise-give-police-crime-evidence#xj4y7vzkg
San Francisco police request driverless car footage from Waymo and Cruise to solve crimes from robberies to murders
In December 2021, San Francisco police were working to solve the murder of an Uber driver. As detectives reviewed local surveillance footage, they zeroed in on a gray Dodge Charger they believed the shooter was driving. They also noticed a fleet of Waymo’s self-driving cars, covered with cameras and sensors, happen to drive by around the same time.
Tomi Engdahl says:
Sachin Ravikumar / Reuters:
The UK amends its Online Safety Bill, requiring higher age verification standards for porn sites and holding executives personally responsible for child safety — Britain said on Friday it had tightened protections in its Online Safety Bill that will prevent children from viewing pornography …
Britain tightens planned tech law to stop children viewing porn
https://www.reuters.com/world/uk/britain-tightens-planned-tech-law-stop-children-viewing-porn-2023-06-29/
Britain said on Friday it had tightened protections in its Online Safety Bill that will prevent children from viewing pornography in an update to long-delayed legislation that is being closely watched by the tech industry.
Under the government’s latest amendments after debates in parliament, Britain will set higher standards for age verification tools used by services that publish or allow porn on their platforms, to ensure they are effective in establishing whether a user is a child.
Tomi Engdahl says:
The Citizen Lab:
An analysis of WeChat’s tracking ecosystem using reverse engineering: the app records and tracks user behavior when executing Mini Programs, a privacy risk
Twitter: @citizenlab
https://citizenlab.ca/2023/06/privacy-in-the-wechat-ecosystem-full-report/
Tomi Engdahl says:
Ina Fried / Axios:
ADL survey of 2,139 US people: 33% of adults and 51% of teens aged 13 to 17 reported being harassed online in 2023, up from 23% and 36%, respectively, in 2022
https://www.axios.com/2023/06/28/online-hate-harassment-rise-adl
Tomi Engdahl says:
Cyber Command to expand ‘canary in the coal mine’ unit working with private sector
https://therecord.media/cyber-command-under-advisement-team-cyberthreat-collaboration?fbclid=IwAR3D1sPGcvNcrB_oVWTD2qcnEA48Gu9Q2-z6CM0AS699IZY3Jdx1mmBP2p0
U.S. Cyber Command is doubling the size of a little-known program that serves as one of the military’s chief links to private industry in order to bolster the country’s defenses against cyberthreats.
The team of tech-savvy military and civilian experts, dubbed “Under Advisement,” will grow from one dozen to two dozen people by this time next year, according to Army Lt. Col. Jason Seales, the command’s chief of private sector partnerships.
Tomi Engdahl says:
Don’t Let Google Manage Your Passwords
Experts tell us that relying on Google Chrome (or any browser) to manage your online passwords is a seriously bad idea. Here’s why.
https://uk.pcmag.com/password-managers/145831/warning-dont-let-google-manage-your-passwords
Tomi Engdahl says:
Kvanttitietokoneen teho kasvaa tietoturvaa uhaten – valtioiden kriittinen infrastruktuuri pian vaarassa
Mikko Pulliainen29.6.202310:28|päivitetty29.6.202313:13TIETOTURVAINFRAMAANPUOLUSTUS
Kun kvanttitietokoneen teho kasvaa tarpeeksi suureksi, se kykenee peittoamaan nykyiset salausmenetelmät. Tämä on vain ajan kysymys.
https://www.tivi.fi/uutiset/kvanttitietokoneen-teho-kasvaa-tietoturvaa-uhaten-valtioiden-kriittinen-infrastruktuuri-pian-vaarassa/632db686-5324-4252-9850-ee57cdf65372
Tomi Engdahl says:
https://www.neowin.net/news/psa-microsoft-has-kept-its-secret-emergency-restart-option-in-windows-11-too/
Tomi Engdahl says:
Are smartphone thermal cameras sensitive enough to uncover PIN codes?
I started out thinking that these cameras were gimmicks, but they’ve become an important tool in my toolbox. Here’s why – and a little test.
https://www.zdnet.com/home-and-office/are-smartphone-thermal-cameras-sensitive-enough-to-uncover-pin-codes/
Tomi Engdahl says:
California Man’s Plot to Avoid Tickets With ‘NULL’ Vanity Plate Nets Him $12K in Fines
After being told by the DMV and LAPD to change his plates, the I.T. professional refused, saying “No, I didn’t do anything wrong.”
https://www.thedrive.com/news/29388/california-mans-plot-to-avoid-tickets-with-null-vanity-plate-nets-him-12k-in-fines
Tomi Engdahl says:
https://sec-consult.com/blog/detail/dns-analyzer-finding-dns-vulnerabilities-with-burp-suite/
Tomi Engdahl says:
Flipper hacking device on track to make $80M worth of sales
https://techcrunch.com/2023/06/26/flipper-sales/
You may have stumbled across the Flipper Zero hacking device that’s been doing the rounds. The company, which started in Russia in 2020, left the country at the start of the war and moved on since then. It claims it no longer has ties to Russia and that it is on track to sell $80 million worth of its products this year after selling almost $5 million worth as Kickstarter preorders — and it claims it sold $25 million worth of the devices last year.
So what are they selling? Flipper Zero is a “portable gamified multi-tool” aimed at everyone with an interest in cybersecurity, whether as a penetration tester, curious nerd or student
Tomi Engdahl says:
ONLINE SAFETY BILL: CIVIL SOCIETY ORGANISATIONS URGE UK TO PROTECT GLOBAL DIGITAL SECURITY AND SAFEGUARD PRIVATE COMMUNICATION
https://www.openrightsgroup.org/publications/open-letter-protect-encrypted-messaging/
Tomi Engdahl says:
Cyber security’s biggest challenge isn’t AI – it’s the awareness gap
The disparity between perceived threat and positive action can be hard to bridge, but companies who safeguard themselves can make a difference to everyone
https://www.ft.com/partnercontent/cisco/cyber-securitys-biggest-challenge-isnt-ai-its-the-awareness-gap.html?utm_source=FB&utm_medium=technology&utm_content=paid&fbclid=IwAR0qsqqd0lkej4JY07oLNvrArHt5x5q_ug6OA2jmrAuXe1o8QVR2tFROFTc_aem_AbxoSEkaqhxYJf70mIJw8wWKGs6L2U7sv5JdepOfyWfGOKBJbhTvoV11YKZzEsZOaUFX2LEqfp3W8LpVK5LkOcMF
Tomi Engdahl says:
The end of plaintext: Fortanix launches breakthrough for searching encrypted data
https://venturebeat.com/security/the-end-of-plaintext-fortanix-launches-breakthrough-for-searching-encrypted-data/
Tomi Engdahl says:
https://littletechbree.com/how-to-get-rid-of-a-worm-trojan-virus-or-other-type-of-malware/
Tomi Engdahl says:
set dcf77 radio clocks through radio emissions of your display/monitor.
https://github.com/mazzoo/dcf77
Tomi Engdahl says:
Exclusive: TSA to expand its facial recognition program to over 400 airports
AI-ethics advocates say there’s evidence the program is already violating travelers’ consent.
https://www.fastcompany.com/90918235/tsa-facial-recognition-program-privacy?fbclid=IwAR0aFrAnXyQz7ldNXU9GmQ8OD0dLmHCU8pZ0rL9JbzhyxKJJWhTWSXa_qi0
Tomi Engdahl says:
https://blog.cybercx.co.nz/bypassing-bios-password
Tomi Engdahl says:
https://voidsec.com/reverse-engineering-terminator-aka-zemana-antimalware-antilogger-driver/
Tomi Engdahl says:
https://www.kitploit.com/2023/06/killer-is-tool-created-to-evade-avs-and.html?fbclid=IwAR1iOr-JYWGU-Z9rJWw6J70BbfHEdltjGvAxxyqEzF1yCmfK3ArRncS-J_Y&m=1
Tomi Engdahl says:
https://www.kitploit.com/2023/06/hardhatc2-c-command-and-control.html?fbclid=IwAR0vvTHefseONTd8zkZsGCf3Nd6xeE-wrVbaGgVfQBZsJ-iJ86kOFdKyWC8&m=1
Tomi Engdahl says:
https://futurism.com/the-byte/ai-wasting-scam-callers-time-forever