Nothing is more difficult than making predictions, especially in fast advancing cyber security field. Instead of me trowing out wild ideas what might be coming, I have collected here some trends many people and publications have predicted for 2023.
HTTPS: These days HTTPS has effectively become the default transport for web browsing. Most notably, the Chrome browser now marks any older HTTP website as “Not Secure” in the address bar. Chrome to attempt to “upgrade” to the HTTPS version of websites, if you ever accidentally navigate to the insecure version. If a secure version isn’t available, an on-screen warning is shown, asking if you would like to continue. As HTTPS has become more common across the web, Google Chrome is preparing to launch a security option that will block “insecure” downloads through HTTP on Chrome browser.
Malwertising: Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users also in 2023. The FBI is warning US consumers that cybercriminals are placing ads in search engine results that impersonate well-known brands, in an attempt to spread ransomware and steal financial information. Cybercriminals are purchasing ads that show up at the very top of search engine results, often purporting to link to a legitimate company’s website. However, anyone clicking on the link is instead taken to a lookalike page that may appear identical, but is in fact designed to phish for login credentials and financial details, or even trick the unwary into downloading ransomware. The FBI has advised consumers to use ad blockers to protect themselves from such threats.
Encrypted malware: The vast majority of malware arriving over encrypted connections that are typically HTTPS web sessions. The vast majority of cyber-attacks over the past year have used TLS/SSL encryption to hide from security teams traditional firewalls and many other security tools. Over 85% of Attacks Hide in Encrypted Channels. WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections. If you are not inspecting encrypted traffic when it enters your network, you will not be able to detect most malware at network level. Hopefully, you at least have endpoint protection implemented for a chance to catch it further down the cyber kill chain.
Software vulnerabilities: Weak configurations for encryption and missing security headers will be still very common in 2023. In 2022 nearly every application has at least one vulnerability or misconfiguration that affects security and a quarter of application tests found a highly or critically severe vulnerability. Read more at Misconfigurations, Vulnerabilities Found in 95% of Applications
Old vulnerabilities: You will see attackers try to use old vulnerabilities again in 2023 because they work. Attackers will take the path of least resistance, and as long as vendors don’t consistently perform thorough root-cause analysis when fixing security vulnerabilities, it will continue to be worth investing time in trying to revive known vulnerabilities before looking for novel ones. There are many companies that do not patch their systems at reasonable time or at all, so they stay vulnerable. Also new variations of old vulnerabilities are also developed: approximately 50% of the observed 0-days in the first half of 2022 were variants of previously patched vulnerabilities.
Security gaps: There are still big gaps in companies’ cyber security. The rapid advancement of technology in all industries has led to the threat of ever-increasing cyberattacks that target businesses, governments, and individuals alike. Lack of knowledge, maintenance of employees’ skills and indifference are the strongest obstacles in the development of many companies’ cyber security. While security screening and limiting who has access to your data are both important aspects of personnel security, they will only get you so far.
Cloud: In a hyperscale cloud provider, there can be potentially several thousand people, working around the globe that could potentially access our data. Security screening and limiting alone still leaves a significant risk of malicious or accidental access to data. Instead, you should expect your cloud provider to take a more layered approach.
MFA: MFA Fatigue attacks are putting your organization at risk in 2023. Multi-factor auth fatigue is real. A common threat targeting businesses is MFA fatigue attacks a technique where a cybercriminal attempts to gain access to a corporate network by bombarding a user with MFA prompts until they finally accept one. This attempt can be successful, especially when the target victim is distracted or overwhelmed by the notifications or misinterprets them with legitimate authentication requests. t’s a huge threat because it bypasses one of the most effective the security measures.
Passwords: Passwords will not go away completely even though new solutions to replace then will be pushed to users. When you create passwords or passphrases, make them good and long enough to be secure. Including a comma character to the password can make it harder for cyber criminals to use if for some reason it leaks out. The reason us that comma in password can obfuscate tabular comma separated values (csv) files, which are a common way to collect and distribute stolen passwords.
EU: The Network and Information Security (NIS) Directive was the first piece of EU-wide legislation on cybersecurity: Network and Information Security 2 also known as NIS2. Rules requiring EU countries to meet stricter supervisory and enforcement measures and harmonise their sanctions were approved by MEPs on late 2022. They will start to affect security decisions in 2023. The new rules will set tighter cybersecurity obligations for risk management, reporting obligations and information sharing. The requirements cover incident response, supply chain security, encryption and vulnerability disclosure, among other provisions. The new rules will also protect so-called “important sectors” such as postal services, waste management, chemicals, food, manufacturing of medical devices, electronics, machinery, motor vehicles and digital providers. All medium-sized and large companies in selected sectors would fall under the legislation. The NIS Directive has impacted the cybersecurity budget of operators over the past year with deep-dives into the Energy and Health sectors. Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards?
USA: CISA has released cross-sector cybersecurity performance goals (CPGs) in response to President Biden’s 2021 National Security Memorandum on improving cybersecurity for critical infrastructure control systems. Since then, the CPGs have been observed by the cybersecurity community as “the floor” and “a baseline” to cybersecurity hygiene and practices. Many organizations overlook OT as part of their cybersecurity strategy, remaining their focus solely to IT systems. Especially in the critical infrastructure sectors, overlooking OT can have serious risks to all operations. As a result, the CPGs released explicitly are scoped to include OT devices.
Android: Android security will advance in 2023 in many ways. Android is adding support for updatable root certificates in the next Android 14 release. Google Play now lets children send purchase requests to guardians.
Loosing the trust: The world’s biggest tech companies have lost confidence in one of the Internet’s behind-the-scenes gatekeepers. Microsoft, Mozilla, and Google are dropping TrustCor Systems as a root certificate authority in their products.
Need for better communication: At a time when less than a fifth (18%) of risk and compliance professionals profess to be very confident in their ability to clearly communicate risk to the board, it’s clear that lines of communication—not to mention understanding—must be improved.
Supply chain risks: Watch for geopolitical instability to continue to be a governance issue, particularly with the need to oversee third-party and supply chain risk.
Privacy and data protection:Privacy and data protection are the big story for compliance officers in 2023, with expanding regulations soon expected to cover five billion citizens.
Business risks: In 2023, business risks will run the gamut: geopolitical volatility, talent management, DEI (Diversity, Equity, and Inclusion), ESG (Environmental, Social, and Governance), IT security amid continued remote and hybrid work, and business continuity amid the threat of large-scale operational and utility interruptions. There is also a challenge that Executives take more cybersecurity risks than office workers – leaders engage in more dangerous behavior and are four times more likely to be victims of phishing compared to office workers.
Integrated Risk Management: Look for risk to be increasingly viewed as a driver of business performance and value as digital landscapes and business models evolve. Forward-looking companies will embed integrated risk management (IRM) into their business strategy, so they can better understand the risks associated with new strategic initiatives and be able to pivot as necessary. Keep in mind that Executives take more cybersecurity risks than office workers
Zero trust: Many people think that Zero Trust is pretty optimal security practice in 2023. It is good for those new systems to whom it’s model suits, but Zero Trust has also challenges. Incorporating zero trust into an existing network can be very expensive. Zero Trust Shouldnt Be The New Normal article says that the zero trust model starts to erode when the resources of two corporations need to play together nicely. Federated activity, ranging from authentication to resource pooled cloud federation, doesnt coexist well with zero trust. To usefully emulate the kind of informed trust model that humans use every day, we need to flip the entire concept of zero trust on its head. In order to do that, network interactions need to be evaluated in terms of risk. Thats where identity-first networking comes in. In order for a network request to be accepted, it needs both an identity and explicit authorization; System for Cross-domain Identity Management (SCIM) based synchronization is used to achieve this. This securely automates the exchange of a user identity between cloud applications, diverse networks, and service providers.
Poor software: There will be a lot of poor software in use in 2023 and it will cost lots of money. Poor software costs the US 2.4 trillion: cyberattacks due to existing vulnerabilities, complex issues involving the software supply chain, and the growing impact of rapidly accumulating technical debt have led to a build-up of historic software deficiencies.
Microsoft: Microsoft will permanently turn off Exchange Online basic authentication starting early January 2023 to improve security. A future Microsoft Edge update would permanently disable the Internet Explorer 11 desktop web browser on some Windows 10 systems in February. This means that “The out-of-support Internet Explorer 11 (IE11) desktop application is scheduled to be permanently disabled on certain versions of Windows 10 devices on February 14, 2023, through a Microsoft Edge update, not a Windows update as previously communicated”
Google Workplace: Google Workspace Gets Client-Side Encryption in Gmail. Long waited Client-side encryption for Gmail available in beta .
Google is letting businesses try out client-side encryption for Gmail, but it’s probably not coming to personal accounts anytime soon. Google has already enabled optional client-side encryption for many Workspace services.
Passkeys: Google has made passkey support available in the stable version of Chrome. Passkeys use biometric verification to authenticate users and are meant to replace the use of passwords, which can be easily compromised. Passkeys are usable cross-platform with both applications and websites. Passkeys offer the same experience that password autofill does, but provide the advantage of passwordless authentication. They cannot be reused, don’t leak in server breaches, and protect users from phishing attacks. Passkeys are only available for websites that provide support for them, via the WebAuthn API,
War risks: Watch for continued war between Russia and Ukraine real world and cyber world in 2023. Cyber as important as missile defences – an ex-NATO general. The risk of escalation from cyber attacks has never been greater. A cyber attack on the German ports of Bremerhaven or Hamburg would severely impede NATO efforts to send military reinforcements to allies, retired U.S. General Ben Hodges told Reuters.
Cloud takeover: AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range
Threat actors can take over victims’ cloud accounts to steal data, or use them for command-and-control for phishing attacks, denial of service, or other cyberattacks.
ISC: ICS and SCADA systems remain trending attack targets also in 2023.
Code security: Microsoft-owned code hosting platform GitHub has just announced multiple security improvements, including free secret scanning for public repositories and mandatory two-factor authentication (2FA) for developers and contributors. The secret scanning program is meant to help developers and organizations identify exposed secrets and credentials in their code. In 2022, code scanning helped identify 1.7 million potential secrets exposed in public repositories. Now the feature is available for free for all free public repositories, to help prevent secret exposures and secure the open source ecosystem. With secret scanning alerts, you can track and action on leaked secrets directly within GitHub.
Data destruction: We must develop a cloud-compatible way of doing destruction that meets security standards. Maybe cloud providers can come up with a service to provide this capability, since only they have direct access to the underlying hardware. They have never been shy about inventing new services to charge for, and certainly plenty of companies would be eager to pay for such a service, if the appropriate certificates of destruction were provided.
PCI DSS: PCI DSS 4.0 Should Be on Your Radar in 2023 if you work on field that needs to meet that. The latest version of the standard will bring a new focus to an overlooked yet critically important area of security. For a long time, client-side threats, which involve security incidents and breaches that occur on the customer’s computer rather than on the company’s servers or in between the two, were disregarded. But that’s changing with the release of PCI DSS 4.0. Now, many new requirements focus on client-side security.
SHA-1: NIST Retires SHA-1 Cryptographic Algorithm, not fully in 2023, but starts preparations for phase-out. The venerable cryptographic hash function has vulnerabilities that make its further use inadvisable. According to NIST, SHA-1 ‘has reached the end of its useful life’, given that the high computing capabilities of today’s systems can easily attack the algorithm using the technique is referred to as a ‘collision’ attack. SHA-1, whose initials stand for secure hash algorithm, has been in use since 1995 as part of the Federal Information Processing Standard and NIST has announced that SHA-1 should be phased out by Dec. 31, 2030, in favor of the more secure SHA-2 and SHA-3 groups of algorithms. The US National Institute of Standards and Technology (NIST) recommended that IT professionals start replace the 27 years old SHA-1 cryptographic algorithm with newer, more secure ones. Because SHA-1 is used as the foundation of numerous security applications, the phaseout period will take many years. Tech giants such as Google, Facebook, Microsoft and Mozilla have already taken steps to move away from the SHA-1 cryptographic algorithm. Certificate authorities stopped issuing certificates using SHA-1 as of January 1, 2017.
Cloud: Is Cloud Native Security Good Enough? Cloud native technologies enable organizations to tap into the agility required to keep up in the current competitive landscape and to create new business models. But achieving efficient, flexible, distributed and resilient cloud native security is tough. All major public cloud providers -Amazon Web Services (AWS), Microsoft Azure and Google Cloud- of course offer security features and services, which are designed to address significant threats to cloud-based data. However, in spite of this, public cloud providers’ security tools commonly fail to meet operational needs, and their limitations should prompt organizations to consider or reconsider how they are protecting public cloud environments.
Privacy: The Privacy War Is Coming. Privacy standards are only going to increase. It’s time for organizations to get ahead of the coming reckoning.
Ethical hacking: Ethical hacking has become a highly-sought after career route for emerging tech aspirants. The role of ethical hackers enables countless businesses and individuals to improve their security posture and minimize the potential attack risk for organizations. But there are several analysts who believe that becoming a self-taught ethical hacker in 2023 might not be worth it because they are at constant risk of failing to perform properly and many companies might not want to hire an ethical hacker.
MFA: Two factor authentication might not be enough in 2023 for applications that need good security. In the past few months, we’ve seen an unprecedented number of identity theft attacks targeting accounts protected by two-factor authentication (2FA), challenging the perception that existing 2FA solutions provide adequate protection against identity theft attacks. So for some demanding users 2FA is over. Long live 3FA!
Cloud APIs: With Cloud Comes APIs & Security Headaches also in 2023. Web application programming interfaces (APIs) are the glue that holds together cloud applications and infrastructure, but these endpoints are increasingly under attack, with half of companies acknowledging an API-related security incident in the past 12 months. ccording to a survey conducted by Google Cloud, the most troublesome security problems affecting companies’ use of APIs are security misconfigurations, outdated APIs and components, and spam or abuse bots . About 40% of companies are suffering an incident due to misconfiguration and a third coping with the latter two issues. Two-thirds of companies (67%) found API-related security issues and vulnerabilities during the testing phase, but more than three-quarters (77%) have confidence that they will catch issues, saying they have the required API tools and solutions-
Lack of cyber security workers: Businesses need to secure their assets and ensure the continuous readiness of employees to respond to a cyberattack if they want to move forward safely and avoid losses caused by cybercriminals or malicious attackers. There is an acute shortage of cyber security professionals. As Threat Levels remain high, companies and organizations remain on alert – but face ongoing challenges in finding and retaining the right people with the required skill levels. There is a significant skills gap and a clear need for hiring cyber security experts in organizations across the world.
VPN: Is Enterprise VPN on Life Support or Ripe for Reinvention? While enterprise VPNs fill a vital role for business, they have several limitations. To get work-from-anywhere initiatives off the ground quickly and keep their business afloat, many organizations turned to enterprise virtual private networks (VPNs). This allowed them to connect their remote employees to critical business operations at the corporate site. However, as fast as VPNs were deployed, organizations learned their limitations and security risks. So are traditional VPNs really “dead” as some industry analysts and pundits claim? Or do they simply need a refresh? Time will tell, and this will be discussed in 2023.
AI: Corporations have discovered the power of artificial intelligence (A.I.) to transform what’s possible in their operations
But with great promise comes great responsibility—and a growing imperative for monitoring and governance. “As algorithmic decision-making becomes part of many core business functions, it creates the kind of enterprise risks to which boards need to pay attention.
AI dangers: Large AI language models have potential dangers. AI is better at fooling humans than ever—and the consequences will be serious. Wired magazine article expects that In 2023, we may well see our first death by chatbot. Causality will be hard to prove was it really the words of the chatbot that put the murderer over the edge? Or perhaps a chatbot has broken someone’s heart so badly they felt compelled to take their own life?
Metaverse: Police Must Prepare For New Crimes In The Metaverse, Says Europol. It encourages law enforcement agencies to start considering the ways in which existing types of crime could spread to virtual worlds, while entirely new crimes could start to appear. ReadPolicing in the metaverse: what law enforcement needs to know report for more information.
Blockchain: Digital products like cryptocurrency and blockchain will affect a company’s risk profile. Boards and management will need to understand these assets’ potential impact and align governance with their overall risk and business strategies. Year 2022 already showed how a lot of cryptocurrency related risks realized. More “Crypto travel rules” enacted to combat money laundering and terrorism financing.
Insurance: Getting a cyber insurance can become harder and more expensive in 2023. Insurance executives have been increasingly vocal in recent years about systemic risks and now increasing cyber was the risk to watch. Spiralling cyber losses in recent years have prompted emergency measures by the sector’s underwriters to limit their exposure. There is growing concern among industry executives about large-scale strikes. As well as pushing up prices, some insurers have responded by tweaking policies so clients retain more losses. There are already insurance policies written in the market have an exemption for state-backed attacks, but but the difficulty of identifying those behind attacks and their affiliations makes such exemptions legally fraught. The chief executive of one of Europe’s biggest insurance companies has warned that cyber attacks, rather than natural catastrophes, will become “uninsurable” as the disruption from hacks continues to grow. Recent attacks that have disrupted hospitals, shut down pipelines and targeted government department. “What if someone takes control of vital parts of our infrastructure, the consequences of that?” In September, the US government called for views on whether a federal insurance response to cyber was warranted.
Sources:
Asiantuntija neuvoo käyttämään pilkkua salasanassa – taustalla vinha logiikka
Overseeing artificial intelligence: Moving your board from reticence to confidence
Android is adding support for updatable root certificates amidst TrustCor scare
Google Play now lets children send purchase requests to guardians
Diligent’s outlook for 2023: Risk is the trend to watch
Microsoft will turn off Exchange Online basic auth in January
Google is letting businesses try out client-side encryption for Gmail
Google Workspace Gets Client-Side Encryption in Gmail
The risk of escalation from cyberattacks has never been greater
Client-side encryption for Gmail available in beta
AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range
Microsoft: Edge update will disable Internet Explorer in February
Is Cloud Native Security Good Enough?
Top Reasons Not to Become a Self-Taught Ethical Hacker in 2023
Google Chrome preparing an option to block insecure HTTP downloads
Cyber attacks set to become ‘uninsurable’, says Zurich chief
The Dark Risk of Large Language Models
Police Must Prepare For New Crimes In The Metaverse, Says Europol
Policing in the metaverse: what law enforcement needs to know
Cyber as important as missile defences – an ex-NATO general
Misconfigurations, Vulnerabilities Found in 95% of Applications
Personnel security in the cloud
Multi-factor auth fatigue is real – and it’s why you may be in the headlines next
MFA Fatigue attacks are putting your organization at risk
NIS2 hyväksyttiin – EU-maille tiukemmat kyberturvavaatimukset
Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards?
Poor software costs the US 2.4 trillion
Passkeys Now Fully Supported in Google Chrome
Google Takes Gmail Security to the Next Level with Client-Side Encryption
Executives take more cybersecurity risks than office workers
NIST Retires SHA-1 Cryptographic Algorithm
NIST to Retire 27-Year-Old SHA-1 Cryptographic Algorithm
WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections
Over 85% of Attacks Hide in Encrypted Channels
GitHub Announces Free Secret Scanning, Mandatory 2FA
Leaked a secret? Check your GitHub alerts…for free
Data Destruction Policies in the Age of Cloud Computing
Why PCI DSS 4.0 Should Be on Your Radar in 2023
Google: With Cloud Comes APIs & Security Headaches
Digesting CISA’s Cross-Sector Cybersecurity Performance Goals
Zero Trust Shouldnt Be The New Normal
Don’t click too quick! FBI warns of malicious search engine ads
FBI Recommends Ad Blockers as Cybercriminals Impersonate Brands in Search Engine Ads
Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users
Kyberturvan ammattilaisista on huutava pula
1,768 Comments
Tomi Engdahl says:
ReconAIzer – A Burp Suite Extension To Add OpenAI (GPT) On Burp And Help You With Your Bug Bounty Recon To Discover Endpoints, Params, URLs, Subdomains And More!
https://www.kitploit.com/2023/06/reconaizer-burp-suite-extension-to-add.html?fbclid=IwAR12I1jq1A2AEcAgmB8AI8fPOF_qxYycmRKY-dwK5_x9Qq1p395ateyZLb8&m=1
Tomi Engdahl says:
https://www.ghacks.net/2023/07/01/all-chrome-users-will-see-popups-in-the-coming-weeks-here-is-why/
Tomi Engdahl says:
https://ktul.com/news/offbeat/california-man-creates-chatbot-to-waste-the-time-of-telemarketers-scam-calls-chatgpt-ai-jolly-roger-artificial-intelligence-roger-anderson-chatgpt-wsj#
Tomi Engdahl says:
GCHQ reveals British government was hacked by foreign cyber spies 20 years ago https://therecord.media/britain-gchq-2003-hack-espionage-revealed
This month marks the 20th anniversary of the first time cyber experts at GCHQ responded to a foreign state hacking the British government, the agency revealed on Friday.
Even 20 years on, the full details of the hack weren’t disclosed. The National Cyber Security Centre — a part of GCHQ — said the agency scrambled its cyber experts in 2003 to respond “after a government employee detected suspicious activity on one of their workstations.”
Tomi Engdahl says:
MEPs prepare to battle on spyware exemption in EU media law https://www.euractiv.com/section/media/news/meps-prepare-to-battle-on-spyware-exemption-in-eu-media-law/
As the Media Freedom Act moves on in the European Parliament, the real elephant in the room has become a provision introduced in the EU Council’s version that would allow authorities to spy on journalists for national security reasons.
Tomi Engdahl says:
MITRE Unveils Top 25 Most Dangerous Software Weaknesses of 2023: Are You at Risk?
https://thehackernews.com/2023/06/mitre-unveils-top-25-most-dangerous.html
MITRE has released its annual list of the Top 25 “most dangerous software weaknesses” for the year 2023.
“These weaknesses lead to serious vulnerabilities in software,” the U.S.
Cybersecurity and Infrastructure Security Agency (CISA) said. “An attacker can often exploit these vulnerabilities to take control of an affected system, steal data, or prevent applications from working.”
The list is based on an analysis of public vulnerability data in the National Vulnerability Data (NVD) for root cause mappings to CWE weaknesses for the previous two years. A total of 43,996 CVE entries were examined and a score was attached to each of them based on prevalence and severity.
Tomi Engdahl says:
Jonin äiti sai oudon tekstiviestin ja sitten poika otti ohjat: “Ethän vaan ole alkanut taas käyttää huumeita?”
https://www.is.fi/digitoday/tietoturva/art-2000009680946.html
Maanantaina Joni päätti alkaa tuhlata huijarin aikaa.
Kaikki alkoi siitä, kun Jonin äiti sai puhelimeensa viestin, jonka lähettäjä esitti olevansa hänen lapsensa.
Jonin äiti ei ole ainut huijausyrityksen kohteeksi joutunut.
Kyberturvallisuuskeskus kertoi jo vuoden alussa viikkokatsauksessaan Hei äiti -huijauksen yleistyvän suomen kielellä.
Tomi Engdahl says:
DOE CIO Talks to SecurityWeek About Cybersecurity, Digital Transformation
https://www.securityweek.com/doe-cio-talks-to-securityweek-about-cybersecurity-digital-transformation/
Ann Dunkin, CIO at the Department of Energy, is more concerned about cyberattack speed than attack type or source.
Ann Dunkin is CIO at the US Department of Energy (DOE). Among her responsibilities, she heads IT and oversees cybersecurity. This week she spoke at Israel’s Cyber Week, and SecurityWeek took the opportunity to speak with Dunkin.
The department also has responsibility for around 70 national laboratories – such as the Lawrence Livermore National Laboratory, the Los Alamos National Laboratory, and the Princeton Plasma Physics Laboratory. They undertake everything from basic scientific research to applied research and classified research. “They are,” she suggests, “the engine for innovation in the country and arguably the world.”
Beyond this, the department operates the electricity grid in 35 of the US states and is responsible for the radio frequency spectrum required to keep the grid – and other parts of the DOE – running.
“I’m responsible for all these things from an IT standpoint, including that part of the energy sector that the DOE owns and operates. I’m not responsible for the energy sector where DOE does not operate the assets. Private sector energy is not my responsibility, but I am responsible for the part that DOE owns and operates.”
Part of this responsibility is cybersecurity oversight. This raises a fundamental question that has relevance beyond the DOE: how does an IT specialist acquire cybersecurity expertise?
“Every job I’ve had in the last 13 or 14 years as a CIO has included cybersecurity,” she says. This is fundamentally because security has, and still largely does, report to IT. But it flirts with an ongoing question among CISOs – should a CISO report to the CIO?
Many CISOs think not, and believe there is an inherent and unavoidable conflict of interest between the two roles. Dunkin dismisses this and suggests that IT performance and security go hand-in-hand.
“CIOs are ultimately accountable for the success or failure of the security programs because they’re ultimately responsible for the success or failure of IT, and OT, and IoT in their organization. From my standpoint, it is critically important to me that I have a strong partner in the chief information security officer, and that we have a strong cybersecurity program.”
She doesn’t believe there is any conflict between IT and security – rather, they are two aspects of a successful system. “In fact,” she adds, “Congress believes this approach is so important they have mandated within the federal government that CISOs should report to CIOs. This is specifically to ensure that IT and security are in sync and have the same drivers for their performance.”
She believes there is more risk if you take security and put it in its own siloed part of the organization, potentially creating a situation where they each have different drivers and incentives.
Digital transformation in the DOE
Dunkin used the current digital transformation program within the DOE to illustrate the inseparability of IT and security. “There are two things you’re trying to accomplish in digital transformation if you’re doing it right,” she said. “Firstly, you’re trying to design solutions that are more intuitive, more user friendly, and are focused on user experience – you don’t simply want to automate the paper process and you don’t even want to redesign. You don’t want to take the current process that may or may not be automated and pick it up and move it because in many cases, it’s not always user friendly.”
This part of digital transformation could almost be considered security agnostic. “But secondly,” she adds, “you want to get rid of a bunch of old legacy technologies and legacy systems that are hard to secure.” Between the options of rebuilding or automating an old system that wasn’t automated, or buying a new ‘off-the-shelf’ application, the latter is usually the best solution.
“That solution is now usually a cloud service. And one of the reasons you buy a cloud service is because you believe the vendor can do it better, faster, and cheaper than you can do it yourself. Part of ‘better’ is ‘more secure’.”
Tomi Engdahl says:
Army Combat Veteran to Take Over Key Election Security Role Working With State, Local Officials
Cait Conley will coordinate with federal, state and local officials responsible for ensuring elections are secure ahead of the 2024 presidential election.
https://www.securityweek.com/army-combat-veteran-to-take-over-key-election-security-role-working-with-state-local-officials/
Tomi Engdahl says:
https://arstechnica.com/information-technology/2023/06/hackers-can-steal-cryptographic-keys-by-video-recording-connected-power-leds-60-feet-away/
Tomi Engdahl says:
Burpgpt – A Burp Suite Extension That Integrates OpenAI’s GPT To Perform An Additional Passive Scan For Discovering Highly Bespoke Vulnerabilities, And Enables Running Traffic-Based Analysis Of Any Type
https://www.kitploit.com/2023/06/burpgpt-burp-suite-extension-that.html?fbclid=IwAR31-3avwwrOcS9zB5Pm_JMayO-qIpNTK9HY-Mnk6CBsw2_6YwOy9kYhwEQ&m=1
Tomi Engdahl says:
Younger, more extroverted, and more agreeable individuals are more vulnerable to email phishing scams
https://www.psypost.org/2023/06/younger-more-extroverted-and-more-agreeable-individuals-are-more-vulnerable-to-email-phishing-scams-164500
Tomi Engdahl says:
Quantum Entanglement Shatters Einstein’s Local Causality: The Future of Computing and Cryptography
https://www.rightnes.xyz/2023/05/quantum-entanglement-shatters-einsteins.html
Tomi Engdahl says:
Machine Learning 104: Breaking AES With Power Side-Channels
https://research.nccgroup.com/2023/06/09/machine-learning-104-breaking-aes-with-power-side-channels/
Tomi Engdahl says:
https://digitalinvestigator.blogspot.com/2023/06/windows-cmd-commands-for-security.html
Tomi Engdahl says:
Oletko jo laittanut puhelimeesi hätäyhteyshenkilön? Tee se oikein, niin häneen saa yhteyden lukitulta näytöltä
https://yle.fi/aihe/a/20-10004939
Puhelimeen kannattaa merkitä ICE-henkilö, johon toivot ihmisten olevan yhteydessä hätätilanteessa. Tästä jutusta selviää, miten se tehdään oikeaoppisesti.
ICE-henkilö (In Case of Emergency) eli hätäyhteyshenkilö tarkoittaa ihmistä, jolle sinua auttava voi soittaa tarvittaessa.
Olet ehkä laittanut kirjaimet ICE puhelimen yhteystietoihin nimen kohdalle? Esimerkiksi ICE Emmi tai Emmi ICE.
Pelkästään yhteystiedoissa oleva ICE-merkintä ei kuitenkaan auta. Eihän auttaja tai puhelimen löytäjä pääse käsiksi yhteystietoihin, jos puhelin on lukittu.
Tomi Engdahl says:
https://medium.com/@allypetitt/5-ways-i-bypassed-your-web-application-firewall-waf-43852a43a1c2
Tomi Engdahl says:
Ison-Britannian hallitus haluaa murentaa päästä-päähän-salauksen – Apple nousi barrikadeille https://www.tivi.fi/uutiset/tv/a11cd206-7891-4005-9dcc-00c661b40c4a
BBC:n mukaan Apple on liittynyt 80 organisaation ja teknologia-asiantuntijan joukkoon, jotka vaativat Ison-Britannian teknologiaministeri Chloe Smithiä harkitsemaan lakiesitystä uudelleen. Apple korostaa, että lain pitäisi suojella yksityisyyttä, kun taas Britannian hallitus korostaa alustojen velvollisuutta torjua lasten seksuaalista hyväksikäyttöä.
Tomi Engdahl says:
Chinese Threat Actors Targeting Europe in SmugX Campaign https://research.checkpoint.com/2023/chinese-threat-actors-targeting-europe-in-smugx-campaign/
In the last couple of months, Check Point Research (CPR) has been tracking the activity of a Chinese threat actor targeting Foreign Affairs ministries and embassies in Europe. Combined with other Chinese activity previously reported by Check Point Research, this represents a larger trend within the Chinese ecosystem, pointing to a shift to targeting European entities, with a focus on their foreign policy.
The activity described in this report, utilizes HTML Smuggling to target governmental entities in Eastern Europe. This specific campaign has been active since at least December 2022, and is likely a direct continuation of a previously reported campaign attributed to RedDelta (and also to Mustang Panda, to some extent).
Tomi Engdahl says:
Who’s Behind the DomainNetworks Snail Mail Scam?
https://krebsonsecurity.com/2023/07/whos-behind-the-domainnetworks-snail-mail-scam/
If you’ve ever owned a domain name, the chances are good that at some point you’ve received a snail mail letter which appears to be a bill for a domain or website-related services. In reality, these misleading missives try to trick people into paying for useless services they never ordered, don’t need, and probably will never receive. Here’s a look at the most recent incarnation of this scam — DomainNetworks — and some clues about who may be behind it.
Tomi Engdahl says:
7 cool and useful things to do with your Flipper Zero https://www.zdnet.com/article/7-cool-and-useful-things-to-do-with-your-flipper-zero/
I like my Flipper Zero, but what I hate is all the fake stuff that people looking for attention upload to TikTok. No, the Flipper Zero can’t change gas station signs, can’t copy credit and debit cards, and can’t turn off the displays at your burger joint.
But that doesn’t mean that the Flipper Zero can’t do some very cool, useful things.
Tomi Engdahl says:
VMware, Other Tech Giants Announce Push for Confidential Computing Standards
https://www.securityweek.com/vmware-tech-giants-announce-push-for-confidential-computing-standards/
VMware partners with tech giants to accelerate the development of confidential computing applications.
In conjunction with the 2023 Confidential Computing Summit last week, VMware announced a partnership with tech giants to accelerate the development of confidential computing applications.
Confidential computing relies on a trusted execution environment that ensures the integrity and confidentiality of applications and data, even in the cloud and on third-party infrastructure.
With the emergence of multi-cloud deployments and machine learning, confidential computing is expected to help protect intellectual property and sensitive data, but its adoption lags due to difficulties in creating applications for it.
To help overcome obstacles in implementing confidential computing, VMware has been working on a developer-focused Certifier Framework for Confidential Computing project that now has support from AMD, Samsung, and members of the RISC-V Keystone community.
In a push for the adoption of confidential computing, the open source Certifier Framework provides a standardized, platform-agnostic API for building and operating confidential computing applications, which is paired with a policy evaluation server, the Certifier Service.
“The Certifier API greatly simplifies and unifies programming and operations support for multi-vendor Confidential Computing platforms by providing simple client trust management, including attestation evaluation, secure storage, platform initialization, secret sharing, secure channels and other services,” VMware explains.
Tomi Engdahl says:
Government
Army Combat Veteran to Take Over Key Election Security Role Working With State, Local Officials
https://www.securityweek.com/army-combat-veteran-to-take-over-key-election-security-role-working-with-state-local-officials/
Cait Conley will coordinate with federal, state and local officials responsible for ensuring elections are secure ahead of the 2024 presidential election.
Tomi Engdahl says:
Paljastus: FSB valvoo Whatsappia – Näin se vaikuttaa suomalaisiin
NYT:n tietojen mukaan FSB on kehittänyt uusia metodeja valvoa venäläisten sähköistä viestintää.
https://www.iltalehti.fi/digiuutiset/a/255f4c24-5e00-43c6-9ec9-ffa8da86e288
urvallisuuspalvelu FSB:llä on pääsy pikaviestipalveluiden metadataan.
Se saa selville muun muassa sen, kuka kommunikoi kenen kanssa, milloin ja missä keskustelu tapahtuu, ja kenen kanssa ihminen on tekemisissä ja missä tämä liikkuu.
Suomalaisasiantuntijan mukaan sovellukset ovat edelleen turvallisia käyttää.
Venäjän turvallisuusviranomaiset ovat Ukrainan sodan alkamisen jälkeen vahvistaneet kykyään valvoa kansalaistensa digitaalista viestintää, kertoo The New York Times.
Yhdysvaltalaislehden mukaan Venäjän turvallisuuspalvelu FSB on kehittänyt useita uusia digitaalisen valvonnan metodeja, joilla valvotaan erityisesti sisäistä tietoliikennettä.
Tiedot perustuvat lukuisiin asiakirjoihin, joita lehti on saanut haltuunsa valvontaviranomaisilta, sekä haastatteluihin, jotka on tehty tietoturva-asiantuntijoiden, teknologia-aktivistien ja nimettömän lähteen kanssa, joka on mukana Venäjän digitaalisessa valvonnassa.
https://www.nytimes.com/2023/07/03/technology/russia-ukraine-surveillance-tech.html
Tomi Engdahl says:
How to Achieve AWS Operational Excellence in Your Cloud Workload https://www.trendmicro.com/en_us/devops/20/l/achieve-operational-excellence-in-cloud-workload.html
In today’s landscape, achieving operational excellence can be difficult, but not impossible. With operations often viewed as distinct from the rest of the business, it sometimes isn’t integrated into the flow like it is for other departments.
We have seen the industry recognize this divide with the creation of DevOps—combining development and IT operations into one process to enable more streamlined creation and implementation of software throughout the software development lifecycle (SDLC).
Tomi Engdahl says:
New Python tool checks NPM packages for manifest confusion issues https://www.bleepingcomputer.com/news/security/new-python-tool-checks-npm-packages-for-manifest-confusion-issues/
A security researcher and system administrator has developed a tool that can help users check for manifest mismatches in packages from the NPM JavaScript software registry.
Last week, a former engineering manager at GitHub and NPM, Darcy Clarke, warned about “manifest confusion” problems that could introduce the risk of malware hiding in dependencies or executing scripts during installation.
Tomi Engdahl says:
Natasha Lomas / TechCrunch:
For Europeans, CJEU’s Meta ruling could potentially close this chapter on surveillance capitalism, which relies on denying users a free choice over its tracking — Mark your calendar European friends: July 4th could soon be celebrated as independence-from-Meta’s-surveillance- capitalism-day …
CJEU ruling on Meta referral could close the chapter on surveillance capitalism
https://techcrunch.com/2023/07/04/cjeu-meta-superprofiling-decision/
Mark your calendar European friends: July 4th could soon be celebrated as independence-from-Meta’s-surveillance-capitalism-day… A long-anticipated judgement handed down today by the Court of Justice of the European Union (CJEU) looks to have comprehensively crushed the social media giant’s ability to keep flouting EU privacy law by denying users a free choice over its tracking and profiling.
The ruling tracks back to a pioneering order by Germany’s antitrust watchdog, the Federal Cartel Office (FCO), which spent years investigating Facebook’s business — making the case that privacy harm should be treated as an exploitative competition abuse too.
In its February 2019 order, the FCO told Facebook (as Meta still was back then) to stop combining data on users across its own suite of social platforms without their consent. Meta sought to block the order in the German courts — eventually sparking the referral on Meta’s so-called “superprofiling” to the CJEU in March 2021.
Now we have the top court’s take and, well, it’s not going to spark any celebrations at Meta HQ, that’s for sure.
The CJEU has not only agreed competition authorities can factor data protection into their antitrust assessments (which sounds wonky but really is vital because joint-working rather than regulatory silos is the path to effective oversight of platform power) — but has signalled that consent is the only appropriate legal basis for the tracking-and-profiling-driven ‘personalized’ content and behavioral advertising that Meta monetizes.
Tomi Engdahl says:
Tätä et välttämättä tiennyt – puhelimen sammuttamiselle kerran päivässä on olemassa erittäin hyvä syy
https://www.is.fi/digitoday/tietoturva/art-2000009697152.html
Australiassa kansalaisille annettu ohje ohje on varsin pätevä ja se kannattaa muistaa Suomessakin.
Australian pääministeri Anthony Albanese toivoo ihmisten sammuttavan ja avaavansa puhelimen uudelleen kerran päivässä. Tämä on yksi keino, jolla hän toivoo kansallisen kyberturvallisuuden paranevan.
– Meillä kaikilla on vastuu. Nämä ovat yksinkertaisia asioita, kuten sammuta puhelin joka ilta viideksi minuutiksi. Ihmisille, jotka katsovat tätä, tehkää se 24 tunnin välein, tehkää se hampaita pestessänne tai muulloin, Albanese sanoi juhannuksen alla The Guardianin mukaan.
Ohje ei ole tuulesta temmattu. Yksinkertainen puhelimen uudelleenkäynnistys voi todella puhdistaa puhelimen monesta haittaohjelmasta. Vinkin toimivuuden vahvisti esimerkiksi suomalainen tietoturvayhtiö F-Secure vuonna 2021.
Turn your phone off every night for five minutes, Australian PM tells residents
https://www.theguardian.com/technology/2023/jun/23/turn-your-phone-off-every-night-for-five-minutes-australian-pm-tells-residents
Experts back Anthony Albanese’s cybersecurity advice, saying forcibly closing apps could stop criminals from monitoring users or collecting data
Tomi Engdahl says:
https://www.securityweek.com/vmware-tech-giants-announce-push-for-confidential-computing-standards/
Tomi Engdahl says:
Foo Yun Chee / Reuters:
The EU announces new rules to help privacy regulators work on cross-border cases faster and give companies more rights, after criticism of slow investigations
https://www.reuters.com/technology/eu-commission-revamps-procedures-speed-up-big-tech-privacy-probes-2023-07-04/
Tomi Engdahl says:
EU Court Deals Blow to Meta in German Data Case
https://www.securityweek.com/eu-court-deals-blow-to-meta-in-german-data-case/
Facebook, Instagram and WhatsApp may need to overhaul how they collect the data of users in Europe after the top EU court ruled against Meta
Tomi Engdahl says:
Check Point: tekoälyn tietoturva särkyy sen oman logiikan takia
https://etn.fi/index.php/13-news/15129-check-point-tekoaelyn-tietoturva-saerkyy-sen-oman-logiikan-takia
Generatiivisen tekoälyn kuten ChatGPT:n pitäisi estää vaarallisten tai laittomien vastausten ja ohjeiden antaminen käyttäjille. Tietoturvayhtiö Check Pointin tutkijat ovat kuitenkin todenneet, ettei suojaus toimi kovin hyvin. ChatGPT esimerkiksi antoi tutkijoille laittomia huumereseptejä, vaikka aiemmin GPT-4-moottori esti sen.
Yleensä GPT-4 kieltäytyy vastaamasta kysymyksiin, jotka ovat laittomia. Tekniikkaan on kuitenkin rakennettu kaksi ristiriitaista refleksiä, jotka törmäävät tällaisessa tilanteessa: Laittoman tiedon jakaminen pitäisi lähtökohtaisesti estää, mutta toisaalta malleihin on sisäänrakennettu tarve vastata käyttäjän pyyntöihin.
Tätä mekanismia kutsutaan nimellä double bind bypass. Kyse on mekanismista, joka törmäyttää GPT4:n sisäiset motiivit itseään vastaan ja saa aikaan sisäisen konfliktin. Tämä johtui tekoälyn mieltymyksestä oikaista käyttäjää ilman kehotusta, kun käyttäjä käyttää virheellistä tietoa pyynnössään.
Tomi Engdahl says:
Uusi rikollisuuden muoto uhkaa oikeudenkäyntejä: Palkatut hakkerit varastavat vastapuolen tiedot https://www.iltalehti.fi/tietoturva/a/b85d6714-9280-4a8f-8c51-8c62a06f2ada
Ranskan sekä Ison-Britannian tietoturva-viranomaiset ovat huomanneet uutena verkkorikollisuuden ilmiönä palkatut hakkerit, jotka varastavat lakifirmojen tietoja.
Viranomaisten raporttien mukaan oikeudenkäynnin osapuolet palkkaavat hakkereita varastamaan tietoja oikeudenkäynnin vastapuolelta. Varastetuilla tiedoilla voidaan vaikuttaa oikeudenkäyntiprosesseihin.
Tomi Engdahl says:
Tässä ovat vaaran merkit siitä, että puhelinliittymäsi on kaapattu
Viranomainen varoittaa sim-kortin kaappauksista. Edes uusi teknologia ei täysin suojaa hyökkäyksiltä
https://www.is.fi/digitoday/tietoturva/art-2000009697740.html
.
Tomi Engdahl says:
Sweden Orders Four Companies to Stop Using Google Tool
https://www.securityweek.com/sweden-orders-four-companies-to-stop-using-google-tool/
Sweden has ordered four companies to stop using a Google tool that measures and analyses web traffic as doing so transfers personal data to the United States, fining one company the equivalent of more than $1.1 million.
Tomi Engdahl says:
Ranska sallii puhelimien vakoilemisen: ”Olemme vielä kaukana totalitarismista”
https://www.iltalehti.fi/digiuutiset/a/d65e9ef6-d972-4360-aa42-998224c04dd6
Kansalaisten valvonta kiristyy Ranskassa. Uutta lakia on kritisoitu vievän maata entistä enemmän autoritaarisempaan suuntaan.
Mielenosoitusten täyteinen Ranska hyväksyi keskiviikkona 5.7. lain, joka sallii kansalaisten vakoilemisen muun muassa puhelimien kautta. Poliisilla on jatkossa lupa seurata epäiltyjä tämän älylaitteen kameran, mikrofonin ja paikkatietojen perusteella.
Mielenosoitusten täyteinen Ranska hyväksyi keskiviikkona 5.7. lain, joka sallii kansalaisten vakoilemisen muun muassa puhelimien kautta. Poliisilla on jatkossa lupa seurata epäiltyjä tämän älylaitteen kameran, mikrofonin ja paikkatietojen perusteella.
Laki mahdollistaa myös muiden kuin puhelimien seuraamisen. Ranskan poliisi voi seurata ja nauhoittaa ääntä esimerkiksi kannettavista tietokoneista ja jopa autoista. Tähän riittää epäily rikoksesta, joka voisi johtaa viiden vuoden vankilatuomioon.
Asiasta uutisoinut Le Monde kertoo, että seurattavia henkilöitä voidaan epäillä esimerkiksi kytköksistä terrorismiin tai järjestäytyneeseen rikollisuuteen.
Tomi Engdahl says:
Tiedätkö, mitä tarkoittaa quishing? Rikollinen voi varastaa rahasi keljulla tavalla https://www.is.fi/digitoday/tietoturva/art-2000009702941.html
Älypuhelimen kameralla luettavat kuutiomaiset symbolit eli qr-koodit yleistyvät rikollisten keskuudessa, Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskus varoittaa.
Quishing on qr-koodin avulla tapahtuvaa tietojenkalastelua, jossa houkutellaan skannaamaan qr-koodi älypuhelimella tai tabletilla. Tällaisia koodeja lähetetään sähköpostitse, levitetään sosiaalisessa mediassa ja jopa kiinnitetään tarroina vaikka puhelintolppiin tai seiniin.
Vaarallinen qr-koodi voi esimerkiksi mainostaa erikoistarjouksia tai kehottaa vastaanottajaa hyväksymään kiireellinen tietoturvapäivitys.
Quishing-sähköpostiviesti ei kuitenkaan sisällä muista huijauksista tuttuja verkkolinkkejä tai liitetiedostoja. Tämän takia ne myös pystyvät ohittamaan sähköpostipalvelujen suodattimia.
Tomi Engdahl says:
Huijarit esiintyvät avun tarpeessa olevina lapsina – vanhemmat erehtyneet maksamaan jopa kymmeniätuhansia euroja, varoittaa poliisi
https://yle.fi/a/74-20040177
Länsi-Uudenmaan poliisilaitos tutkii parhaillaan kymmeniä petoksia, joissa huijari on esiintynyt uhrin lapsena.
Poliisin mukaan huijaukset etenevät esimerkiksi niin, että huijari lähettää uhrin lapsen nimissä viestin, että tämän puhelinnumero on muuttunut. Syyksi saatetaan kertoa se, että edellinen puhelin on kastunut.
Monet uhrit ovat siirtäneet huijarille tuhansia euroja ennen kuin asia on tullut puheeksi todellisen lapsen kanssa. Muutamissa tapauksissa puhutaan poliisin mukaan jopa useista kymmenistätuhansista euroista.
Tomi Engdahl says:
Julma mummohuijaus leviämässä Suomeen – Lapsenlapsen äänellä rahaa aneleva soittaja onkin rikollinen
https://www.iltalehti.fi/tietoturva/a/9704da19-8bd7-4e39-88ef-8d6bf5e34963
USA:ssa varoitellaan isovanhempia kurjasta huijaustavasta, jossa huijarit ovat onnistuneet kopioimaan lapsenlapsen äänen. Sen jälkeen tekoälyä hyödyntäen lapsen isovanhemmille soitellaan rahallista avustusta pyytäen, ja puhelu tapahtuukin lapsen äänellä.
Isovanhemmille soitetuissa puheluissa huijari kertoo joutuneensa ongelmiin ja vetoaa siihen, että tapaus on niin nolo ettei pysty ottamaan yhteyttä omiin vanhempiinsa.
Kyseistä huijaustapaa ei ole vielä Suomessa raportoitu, mutta Traficomin Kyberturvallisuuskeskuksen mukaan tämä tulee todennäköisesti myös jossain vaiheessa tännekin.
Tomi Engdahl says:
France Passes New Bill Allowing Police to Remotely Activate Cameras on Citizens’ Phones
https://gizmodo.com/france-bill-allows-police-access-phones-camera-gps-1850609772
Amidst ongoing protests in France, the country has just passed a new bill that will allow police to remotely access suspects’ cameras, microphones, and GPS on cell phones and other devices.
As reported by Le Monde, the bill has been criticized by the French people as a “snoopers” charter that allows police unfettered access to the location of its citizens. Moreover, police can activate cameras and microphones to take video and audio recordings of suspects.
The bill will reportedly only apply to suspects in crimes that are punishable by a minimum of five years in jail and Justice Minister Eric Dupond-Moretti claimed that the new provision would only affect a few dozen cases per year.
Tomi Engdahl says:
Germany must be able to defend itself, warns new cybersecurity chief https://therecord.media/germany-must-defend-itself-claudia-plattner
Germany’s new cybersecurity chief, Claudia Plattner, told journalists on Friday that the country needed to defend itself amidst a surge in attacks on hospitals, local government authorities and private sector businesses in the country.
Formerly the director general for information systems at the European Central Bank (ECB), Plattner began her role this week as the president of the Federal Office for Information Security (BSI).
In a formal presentation to journalists in Berlin, Plattner warned that attacks targeting Germany from Russia, China, and Iran were all increasing, with a particular reference to the country’s critical infrastructure — something she explored a day earlier in an interview with the Süddeutsche Zeitung newspaper.
Tomi Engdahl says:
Jatkuvat muutokset aiheuttivat sekasotkun – Vieläkö viranomaiset voivat viestiä Twitterin kautta?
https://www.tivi.fi/uutiset/tv/7ae158fb-7e40-4bd2-a6c5-17a6620c0865
Uudistuksia uudistusten perään saanut Twitter ei välttämättä ole enää sopiva viestintäkanava viranomaisille. Viranomaisten neuvot ja varoitukset Twitterissä jäisivät mahdollisesti näkemättä niiltä, jotka tarvitsevat kyseistä tietoa.
Suomessa Yle uutisoi maanantaina Twitteriin liittyvistä kysymyksistä, joita se oli esittänyt poliisilaitokselle, pelastuslaitokselle, VR:lle ja HSL:lle.
Poliisi- ja pelastuslaitokset suhtautuivat uudistettuun Twitteriin kaikkein kriittisimmin.
Alankomaissa asia nousi pintaan keskiviikkona, kun maahan iski voimakas kesämyrsky, jossa kuoli yksi ihminen. Reutersin mukaan viranomaiset opastivat tuolloin kansalaisia seuraamaan viimeisimpiä tietoja Twitterin kautta, mitä useat tahot pitivät sopimattomana, koska viranomaisilla on myös omat viestikanavansa.
Tomi Engdahl says:
Threads—Exactly How Private Is Meta’s New Twitter Challenger?
https://www.forbes.com/sites/kateoflahertyuk/2023/07/07/threads-exactly-how-private-is-metas-new-twitter-challenger/
A week ago, most people hadn’t even heard of Threads, Meta’s new Twitter rival. Fast-forward to now and Threads is the most rapidly downloaded app ever, having reached 30 million users just 16 hours after launch.
But as Threads launched and shot into the mainstream, lots of people have voiced concerns about privacy. After all, Threads is owned by Facebook’s Mark Zuckerberg—and everyone knows how much data Meta collects and uses to profile people. It’s also interesting that Threads has not launched into the EU, apparently due to concerns over data protection rules.
Here’s everything you need to know about data collection and privacy on Threads, including what happens to your Instagram account if you decide to delete the new app.
Tomi Engdahl says:
Killnet as a private military hacking company? For now, it’s probably just a dream https://therecord.media/killnet-cybercrime-group-russia-kremlin-hacking-company
Despite its uneven record, researchers are interested in Killnet as a phenomenon that could shake up Russia’s community of underground hackers. It’s a crowdsourced collective with an enigmatic leader who garners support from other self-proclaimed hacktivists. When the group posts one of its threatening announcements on Telegram, observers in the West pay close attention.
Recently, Killnet’s purported founder, known only as Killmilk, announced the group’s most ambitious goal yet: to transform the collective into a private military hacking company that will engage in cybercrime on behalf of the Russian state.
To achieve this, Killmilk plans to restructure Killnet, recruit more skilled hackers and provide training to potential members through what it calls “The Dark School” initiative. The school will reportedly offer courses in four
languages: Russian, English, Spanish and Hindi. Members of the Russian armed forces will be offered an opportunity to enroll in the school for free.
Tomi Engdahl says:
The five-day job: A BlackByte ransomware intrusion case study https://www.microsoft.com/en-us/security/blog/2023/07/06/the-five-day-job-a-blackbyte-ransomware-intrusion-case-study/
As ransomware attacks continue to grow in number and sophistication, threat actors can quickly impact business operations if organizations are not well prepared. In a recent investigation by Microsoft Incident Response (previously known as Microsoft Detection and Response Team – DART) of an intrusion, we found that the threat actor progressed through the full attack chain, from initial access to impact, in less than five days, causing significant business disruption for the victim organization.
Our investigation found that within those five days, the threat actor employed a range of tools and techniques, culminating in the deployment of BlackByte
2.0 ransomware, to achieve their objectives.
In this blog, we share details of our investigation into the end-to-end attack chain, exposing security weaknesses that the threat actor exploited to advance their attack. As we learned from Microsoft’s tracking of ransomware attacks and the cybercriminal economy that enables them, disrupting common attack patterns could stop many of the attacker activities that precede ransomware deployment.
Tomi Engdahl says:
Tailing Big Head Ransomware’s Variants, Tactics, and Impact https://www.trendmicro.com/en_us/research/23/g/tailing-big-head-ransomware-variants-tactics-and-impact.html
Reports of a new ransomware family and its variant named Big Head emerged in May, with at least two variants of this family being documented. Upon closer examination, we discovered that both strains shared a common contact email in their ransom notes, leading us to suspect that the two different variants originated from the same malware developer. Looking into these variants further, we uncovered a significant number of versions of this malware. In this entry, we go deeper into the routines of these variants, their similarities and differences, and the potential impact of these infections when abused for attacks.
Tomi Engdahl says:
What’s up with Emotet?
https://www.welivesecurity.com/2023/07/06/whats-up-with-emotet/
Emotet is a malware family active since 2014, operated by a cybercrime group known as Mealybug or TA542. Although it started as a banking trojan, it later evolved into a botnet that became one of the most prevalent threats worldwide.
Emotet spreads via spam emails; it can exfiltrate information from, and deliver third-party malware to, compromised computers. Emotet operators are not very picky about their targets, installing their malware on systems belonging to individuals as well as companies and bigger organizations.
Even though we cannot confirm the rumors that one or both Epochs of the botnet were sold to somebody in January 2023, we noticed an unusual activity on one of the Epochs. The newest update of the downloader module contained a new functionality, which logs the inner states of the module and tracks its execution. Furthermore, at that time the botnet was also widely spreading Spammer modules, which are considered to be more precious for Mealybug because historically they used these modules only on machines that were considered by them to be safe.
Tomi Engdahl says:
How kids pay the price for ransomware attacks on education https://www.malwarebytes.com/blog/news/2023/07/school-documents-outed-by-ransomware-gangs-can-have-long-lasting-consequences
Modern ransomware attacks are as much about stealing data and threatening to leak it as they are about encrypting data. Which means that when a school or hospital is attacked, it’s often students’ and patients’ data that’s leaked if the ransom demand isn’t met.
We have to wonder how greedy any person would need to be to show such a blatant disregard for how painful sharing that kind of information can be.
Although the attacks were carried out by a large number of different ransomware gangs, one in particular stood out: Vice Society. The Vice Society ransomware gang specializes in attacking education, with almost half of its known activity (43%) directed against the sector—almost ten times the average for ransomware groups.
Tomi Engdahl says:
Hiding In The Windows Event Log
http://windowsir.blogspot.com/2023/07/hiding-in-windows-event-log.html
In May 2022, Kaspersky published a write-up on a newly-discovered campaign where malware authors wrote shellcode to the Windows Event Log. This was pretty interesting, and just about 4 months later, Tim Fowler published this blog post over at BlackHillsInfoSec, digging into this a bit deeper and offering several variations of the technique up to red teamers.
Now, I found this technique interesting, not because it’s not really something I’d seen before, but because of how Windows Event Logs, and just “Event Logs”
prior to Vista, have been used by DFIR analysts. Back in the days of WinXP and Windows 2000/2003, there were The Big Three…Security, System, and Application Event Logs. With the advent of Vista, and then Windows 7, the numbers of Windows Event Logs available to analysts exploded; on my Windows 10 system, a ‘dir’ of the winevt\logs folder reveals 400 files with the “.evtx”
extension. However, not all logs are populated, or even enabled.
However, this doesn’t mean that these logs are used during analysis; in fact, much like the Registry, the Windows Event Logs are largely misunderstood by a great many analysts, to the point where I’ve seen log collection processes that are still restricted to just the Security, System, and Application Event Logs.
Tomi Engdahl says:
Video Games Forensics : Steam
https://www.forensicxlab.com/posts/steam/
Video games have become an integral part of our culture, providing entertainment and social opportunities. Unfortunately, criminals have also begun to take advantage of modern video games and their ever-growing capabilities to conduct illegal activities. Organized crime, hate spread, and pedophilia have been documented occurring within games, opening up the potential to a world of cybercrime.
Digital forensics on the Steam application can be especially useful for law enforcement in tracking down and prosecuting these cybercriminals. By investigating video game applications like Steam, digital footprints that can be used to link individuals to games, transactions, and even other players.
Once these links are established, they can then used to build a case against the perpetrators. In this article, the reader will learn about some artifacts that can give releavant information left on a disk during a post-mortem analysis.
Tomi Engdahl says:
Now’s the Time for a Pragmatic Approach to New Technology Adoption
What a cloud migration strategy did for cloud adoption, an automation implementation strategy does for security automation adoption.
https://www.securityweek.com/nows-the-time-for-a-pragmatic-approach-to-new-technology-adoption/