Cyber trends for 2023

Nothing is more difficult than making predictions, especially in fast advancing cyber security field. Instead of me trowing out wild ideas what might be coming, I have collected here some trends many people and publications have predicted for 2023.

HTTPS: These days HTTPS has effectively become the default transport for web browsing. Most notably, the Chrome browser now marks any older HTTP website as “Not Secure” in the address bar. Chrome to attempt to “upgrade” to the HTTPS version of websites, if you ever accidentally navigate to the insecure version. If a secure version isn’t available, an on-screen warning is shown, asking if you would like to continue. As HTTPS has become more common across the web, Google Chrome is preparing to launch a security option that will block “insecure” downloads through HTTP on Chrome browser.

Malwertising: Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users also in 2023. The FBI is warning US consumers that cybercriminals are placing ads in search engine results that impersonate well-known brands, in an attempt to spread ransomware and steal financial information. Cybercriminals are purchasing ads that show up at the very top of search engine results, often purporting to link to a legitimate company’s website. However, anyone clicking on the link is instead taken to a lookalike page that may appear identical, but is in fact designed to phish for login credentials and financial details, or even trick the unwary into downloading ransomware. The FBI has advised consumers to use ad blockers to protect themselves from such threats.

Encrypted malware: The vast majority of malware arriving over encrypted connections that are typically HTTPS web sessions. The vast majority of cyber-attacks over the past year have used TLS/SSL encryption to hide from security teams traditional firewalls and many other security tools. Over 85% of Attacks Hide in Encrypted Channels. WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections. If you are not inspecting encrypted traffic when it enters your network, you will not be able to detect most malware at network level. Hopefully, you at least have endpoint protection implemented for a chance to catch it further down the cyber kill chain.

Software vulnerabilities: Weak configurations for encryption and missing security headers will be still very common in 2023. In 2022 nearly every application has at least one vulnerability or misconfiguration that affects security and a quarter of application tests found a highly or critically severe vulnerability. Read more at Misconfigurations, Vulnerabilities Found in 95% of Applications

Old vulnerabilities: You will see attackers try to use old vulnerabilities again in 2023 because they work. Attackers will take the path of least resistance, and as long as vendors don’t consistently perform thorough root-cause analysis when fixing security vulnerabilities, it will continue to be worth investing time in trying to revive known vulnerabilities before looking for novel ones. There are many companies that do not patch their systems at reasonable time or at all, so they stay vulnerable. Also new variations of old vulnerabilities are also developed: approximately 50% of the observed 0-days in the first half of 2022 were variants of previously patched vulnerabilities.

Security gaps: There are still big gaps in companies’ cyber security. The rapid advancement of technology in all industries has led to the threat of ever-increasing cyberattacks that target businesses, governments, and individuals alike. Lack of knowledge, maintenance of employees’ skills and indifference are the strongest obstacles in the development of many companies’ cyber security. While security screening and limiting who has access to your data are both important aspects of personnel security, they will only get you so far.

Cloud: In a hyperscale cloud provider, there can be potentially several thousand people, working around the globe that could potentially access our data. Security screening and limiting alone still leaves a significant risk of malicious or accidental access to data. Instead, you should expect your cloud provider to take a more layered approach.

MFA: MFA Fatigue attacks are putting your organization at risk in 2023. Multi-factor auth fatigue is real. A common threat targeting businesses is MFA fatigue attacks a technique where a cybercriminal attempts to gain access to a corporate network by bombarding a user with MFA prompts until they finally accept one. This attempt can be successful, especially when the target victim is distracted or overwhelmed by the notifications or misinterprets them with legitimate authentication requests. t’s a huge threat because it bypasses one of the most effective the security measures.

Passwords: Passwords will not go away completely even though new solutions to replace then will be pushed to users. When you create passwords or passphrases, make them good and long enough to be secure. Including a comma character to the password can make it harder for cyber criminals to use if for some reason it leaks out. The reason us that comma in password can obfuscate tabular comma separated values (csv) files, which are a common way to collect and distribute stolen passwords.

EU: The Network and Information Security (NIS) Directive was the first piece of EU-wide legislation on cybersecurity: Network and Information Security 2 also known as NIS2. Rules requiring EU countries to meet stricter supervisory and enforcement measures and harmonise their sanctions were approved by MEPs on late 2022. They will start to affect security decisions in 2023. The new rules will set tighter cybersecurity obligations for risk management, reporting obligations and information sharing. The requirements cover incident response, supply chain security, encryption and vulnerability disclosure, among other provisions. The new rules will also protect so-called “important sectors” such as postal services, waste management, chemicals, food, manufacturing of medical devices, electronics, machinery, motor vehicles and digital providers. All medium-sized and large companies in selected sectors would fall under the legislation. The NIS Directive has impacted the cybersecurity budget of operators over the past year with deep-dives into the Energy and Health sectors. Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards?

USA: CISA has released cross-sector cybersecurity performance goals (CPGs) in response to President Biden’s 2021 National Security Memorandum on improving cybersecurity for critical infrastructure control systems. Since then, the CPGs have been observed by the cybersecurity community as “the floor” and “a baseline” to cybersecurity hygiene and practices. Many organizations overlook OT as part of their cybersecurity strategy, remaining their focus solely to IT systems. Especially in the critical infrastructure sectors, overlooking OT can have serious risks to all operations. As a result, the CPGs released explicitly are scoped to include OT devices.

Android: Android security will advance in 2023 in many ways. Android is adding support for updatable root certificates in the next Android 14 release. Google Play now lets children send purchase requests to guardians.

Loosing the trust: The world’s biggest tech companies have lost confidence in one of the Internet’s behind-the-scenes gatekeepers. Microsoft, Mozilla, and Google are dropping TrustCor Systems as a root certificate authority in their products.

Need for better communication: At a time when less than a fifth (18%) of risk and compliance professionals profess to be very confident in their ability to clearly communicate risk to the board, it’s clear that lines of communication—not to mention understanding—must be improved.

Supply chain risks: Watch for geopolitical instability to continue to be a governance issue, particularly with the need to oversee third-party and supply chain risk.

Governance: For boards and management, heightened pressure around climate action dovetails with the SEC’s proposed rules about cybersecurity oversight, which may soon become law. When they do, companies will need to prepare for more disclosures about their cybersecurity policies and procedures. With fresh scrutiny on directors’ cybersecurity expertise, or lack thereof, boards will need to take their cyber savviness to the next level as well.

Privacy and data protection:Privacy and data protection are the big story for compliance officers in 2023, with expanding regulations soon expected to cover five billion citizens.

Auditing: Audit’s role in corporate governance and risk management has been evolving. Once strictly focused on finance and compliance, internal audit teams are now increasingly expected to help boards and executive management identify, prioritize, manage and mitigate interconnected risks across the organization.

Business risks: In 2023, business risks will run the gamut: geopolitical volatility, talent management, DEI (Diversity, Equity, and Inclusion), ESG (Environmental, Social, and Governance), IT security amid continued remote and hybrid work, and business continuity amid the threat of large-scale operational and utility interruptions. There is also a challenge that Executives take more cybersecurity risks than office workersleaders engage in more dangerous behavior and are four times more likely to be victims of phishing compared to office workers.

Integrated Risk Management: Look for risk to be increasingly viewed as a driver of business performance and value as digital landscapes and business models evolve. Forward-looking companies will embed integrated risk management (IRM) into their business strategy, so they can better understand the risks associated with new strategic initiatives and be able to pivot as necessary. Keep in mind that Executives take more cybersecurity risks than office workers

Zero trust: Many people think that Zero Trust is pretty optimal security practice in 2023. It is good for those new systems to whom it’s model suits, but Zero Trust has also challenges. Incorporating zero trust into an existing network can be very expensive. Zero Trust Shouldnt Be The New Normal article says that the zero trust model starts to erode when the resources of two corporations need to play together nicely. Federated activity, ranging from authentication to resource pooled cloud federation, doesnt coexist well with zero trust. To usefully emulate the kind of informed trust model that humans use every day, we need to flip the entire concept of zero trust on its head. In order to do that, network interactions need to be evaluated in terms of risk. Thats where identity-first networking comes in. In order for a network request to be accepted, it needs both an identity and explicit authorization; System for Cross-domain Identity Management (SCIM) based synchronization is used to achieve this. This securely automates the exchange of a user identity between cloud applications, diverse networks, and service providers.

Poor software: There will be a lot of poor software in use in 2023 and it will cost lots of money. Poor software costs the US 2.4 trillion: cyberattacks due to existing vulnerabilities, complex issues involving the software supply chain, and the growing impact of rapidly accumulating technical debt have led to a build-up of historic software deficiencies.

Microsoft: Microsoft will permanently turn off Exchange Online basic authentication starting early January 2023 to improve security. A future Microsoft Edge update would permanently disable the Internet Explorer 11 desktop web browser on some Windows 10 systems in February. This means that “The out-of-support Internet Explorer 11 (IE11) desktop application is scheduled to be permanently disabled on certain versions of Windows 10 devices on February 14, 2023, through a Microsoft Edge update, not a Windows update as previously communicated”

Google Workplace: Google Workspace Gets Client-Side Encryption in Gmail. Long waited Client-side encryption for Gmail available in beta .
Google is letting businesses try out client-side encryption for Gmail, but it’s probably not coming to personal accounts anytime soon. Google has already enabled optional client-side encryption for many Workspace services.

Passkeys: Google has made passkey support available in the stable version of Chrome. Passkeys use biometric verification to authenticate users and are meant to replace the use of passwords, which can be easily compromised. Passkeys are usable cross-platform with both applications and websites. Passkeys offer the same experience that password autofill does, but provide the advantage of passwordless authentication. They cannot be reused, don’t leak in server breaches, and protect users from phishing attacks. Passkeys are only available for websites that provide support for them, via the WebAuthn API,

War risks: Watch for continued war between Russia and Ukraine real world and cyber world in 2023. Cyber as important as missile defences – an ex-NATO general. The risk of escalation from cyber attacks has never been greater. A cyber attack on the German ports of Bremerhaven or Hamburg would severely impede NATO efforts to send military reinforcements to allies, retired U.S. General Ben Hodges told Reuters.

Cloud takeover: AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range
Threat actors can take over victims’ cloud accounts to steal data, or use them for command-and-control for phishing attacks, denial of service, or other cyberattacks.

ISC: ICS and SCADA systems remain trending attack targets also in 2023.

Code security: Microsoft-owned code hosting platform GitHub has just announced multiple security improvements, including free secret scanning for public repositories and mandatory two-factor authentication (2FA) for developers and contributors. The secret scanning program is meant to help developers and organizations identify exposed secrets and credentials in their code. In 2022, code scanning helped identify 1.7 million potential secrets exposed in public repositories. Now the feature is available for free for all free public repositories, to help prevent secret exposures and secure the open source ecosystem. With secret scanning alerts, you can track and action on leaked secrets directly within GitHub.

Data destruction: We must develop a cloud-compatible way of doing destruction that meets security standards. Maybe cloud providers can come up with a service to provide this capability, since only they have direct access to the underlying hardware. They have never been shy about inventing new services to charge for, and certainly plenty of companies would be eager to pay for such a service, if the appropriate certificates of destruction were provided.

PCI DSS: PCI DSS 4.0 Should Be on Your Radar in 2023 if you work on field that needs to meet that. The latest version of the standard will bring a new focus to an overlooked yet critically important area of security. For a long time, client-side threats, which involve security incidents and breaches that occur on the customer’s computer rather than on the company’s servers or in between the two, were disregarded. But that’s changing with the release of PCI DSS 4.0. Now, many new requirements focus on client-side security.

SHA-1: NIST Retires SHA-1 Cryptographic Algorithm, not fully in 2023, but starts preparations for phase-out. The venerable cryptographic hash function has vulnerabilities that make its further use inadvisable. According to NIST, SHA-1 ‘has reached the end of its useful life’, given that the high computing capabilities of today’s systems can easily attack the algorithm using the technique is referred to as a ‘collision’ attack. SHA-1, whose initials stand for secure hash algorithm, has been in use since 1995 as part of the Federal Information Processing Standard and NIST has announced that SHA-1 should be phased out by Dec. 31, 2030, in favor of the more secure SHA-2 and SHA-3 groups of algorithms. The US National Institute of Standards and Technology (NIST) recommended that IT professionals start replace the 27 years old SHA-1 cryptographic algorithm with newer, more secure ones. Because SHA-1 is used as the foundation of numerous security applications, the phaseout period will take many years. Tech giants such as Google, Facebook, Microsoft and Mozilla have already taken steps to move away from the SHA-1 cryptographic algorithm. Certificate authorities stopped issuing certificates using SHA-1 as of January 1, 2017.

Cloud: Is Cloud Native Security Good Enough? Cloud native technologies enable organizations to tap into the agility required to keep up in the current competitive landscape and to create new business models. But achieving efficient, flexible, distributed and resilient cloud native security is tough. All major public cloud providers -Amazon Web Services (AWS), Microsoft Azure and Google Cloud- of course offer security features and services, which are designed to address significant threats to cloud-based data. However, in spite of this, public cloud providers’ security tools commonly fail to meet operational needs, and their limitations should prompt organizations to consider or reconsider how they are protecting public cloud environments.

Privacy: The Privacy War Is Coming. Privacy standards are only going to increase. It’s time for organizations to get ahead of the coming reckoning.

Ethical hacking: Ethical hacking has become a highly-sought after career route for emerging tech aspirants. The role of ethical hackers enables countless businesses and individuals to improve their security posture and minimize the potential attack risk for organizations. But there are several analysts who believe that becoming a self-taught ethical hacker in 2023 might not be worth it because they are at constant risk of failing to perform properly and many companies might not want to hire an ethical hacker.

MFA: Two factor authentication might not be enough in 2023 for applications that need good security. In the past few months, we’ve seen an unprecedented number of identity theft attacks targeting accounts protected by two-factor authentication (2FA), challenging the perception that existing 2FA solutions provide adequate protection against identity theft attacks. So for some demanding users 2FA is over. Long live 3FA!

Cloud APIs: With Cloud Comes APIs & Security Headaches also in 2023. Web application programming interfaces (APIs) are the glue that holds together cloud applications and infrastructure, but these endpoints are increasingly under attack, with half of companies acknowledging an API-related security incident in the past 12 months. ccording to a survey conducted by Google Cloud, the most troublesome security problems affecting companies’ use of APIs are security misconfigurations, outdated APIs and components, and spam or abuse bots . About 40% of companies are suffering an incident due to misconfiguration and a third coping with the latter two issues. Two-thirds of companies (67%) found API-related security issues and vulnerabilities during the testing phase, but more than three-quarters (77%) have confidence that they will catch issues, saying they have the required API tools and solutions-

Lack of cyber security workers: Businesses need to secure their assets and ensure the continuous readiness of employees to respond to a cyberattack if they want to move forward safely and avoid losses caused by cybercriminals or malicious attackers. There is an acute shortage of cyber security professionals. As Threat Levels remain high, companies and organizations remain on alert – but face ongoing challenges in finding and retaining the right people with the required skill levels. There is a significant skills gap and a clear need for hiring cyber security experts in organizations across the world.

VPN: Is Enterprise VPN on Life Support or Ripe for Reinvention? While enterprise VPNs fill a vital role for business, they have several limitations. To get work-from-anywhere initiatives off the ground quickly and keep their business afloat, many organizations turned to enterprise virtual private networks (VPNs). This allowed them to connect their remote employees to critical business operations at the corporate site. However, as fast as VPNs were deployed, organizations learned their limitations and security risks. So are traditional VPNs really “dead” as some industry analysts and pundits claim? Or do they simply need a refresh? Time will tell, and this will be discussed in 2023.

AI: Corporations have discovered the power of artificial intelligence (A.I.) to transform what’s possible in their operations
But with great promise comes great responsibility—and a growing imperative for monitoring and governance. “As algorithmic decision-making becomes part of many core business functions, it creates the kind of enterprise risks to which boards need to pay attention.

AI dangers: Large AI language models have potential dangers. AI is better at fooling humans than ever—and the consequences will be serious. Wired magazine article expects that In 2023, we may well see our first death by chatbot. Causality will be hard to prove was it really the words of the chatbot that put the murderer over the edge? Or perhaps a chatbot has broken someone’s heart so badly they felt compelled to take their own life?

Metaverse: Police Must Prepare For New Crimes In The Metaverse, Says Europol. It encourages law enforcement agencies to start considering the ways in which existing types of crime could spread to virtual worlds, while entirely new crimes could start to appear. ReadPolicing in the metaverse: what law enforcement needs to know report for more information.

Blockchain: Digital products like cryptocurrency and blockchain will affect a company’s risk profile. Boards and management will need to understand these assets’ potential impact and align governance with their overall risk and business strategies. Year 2022 already showed how a lot of cryptocurrency related risks realized. More “Crypto travel rules” enacted to combat money laundering and terrorism financing.

Insurance: Getting a cyber insurance can become harder and more expensive in 2023. Insurance executives have been increasingly vocal in recent years about systemic risks and now increasing cyber was the risk to watch. Spiralling cyber losses in recent years have prompted emergency measures by the sector’s underwriters to limit their exposure. There is growing concern among industry executives about large-scale strikes. As well as pushing up prices, some insurers have responded by tweaking policies so clients retain more losses. There are already insurance policies written in the market have an exemption for state-backed attacks, but but the difficulty of identifying those behind attacks and their affiliations makes such exemptions legally fraught. The chief executive of one of Europe’s biggest insurance companies has warned that cyber attacks, rather than natural catastrophes, will become “uninsurable” as the disruption from hacks continues to grow. Recent attacks that have disrupted hospitals, shut down pipelines and targeted government department. “What if someone takes control of vital parts of our infrastructure, the consequences of that?” In September, the US government called for views on whether a federal insurance response to cyber was warranted.

Sources:

Asiantuntija neuvoo käyttämään pilkkua sala­sanassa – taustalla vinha logiikka

Overseeing artificial intelligence: Moving your board from reticence to confidence

Android is adding support for updatable root certificates amidst TrustCor scare

Google Play now lets children send purchase requests to guardians

Diligent’s outlook for 2023: Risk is the trend to watch

Microsoft will turn off Exchange Online basic auth in January

Google is letting businesses try out client-side encryption for Gmail

Google Workspace Gets Client-Side Encryption in Gmail

The risk of escalation from cyberattacks has never been greater

Client-side encryption for Gmail available in beta

AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range

Microsoft: Edge update will disable Internet Explorer in February

Is Cloud Native Security Good Enough?

The Privacy War Is Coming

Top Reasons Not to Become a Self-Taught Ethical Hacker in 2023

Google Chrome preparing an option to block insecure HTTP downloads

Cyber attacks set to become ‘uninsurable’, says Zurich chief

The Dark Risk of Large Language Models

Police Must Prepare For New Crimes In The Metaverse, Says Europol

Policing in the metaverse: what law enforcement needs to know

Cyber as important as missile defences – an ex-NATO general

Misconfigurations, Vulnerabilities Found in 95% of Applications

Mind the Gap

Yritysten kyberturvassa edelleen isoja aukkoja Asiantuntija: Kysymys jopa kansallisesta turvallisuudesta

Personnel security in the cloud

Multi-factor auth fatigue is real – and it’s why you may be in the headlines next

MFA Fatigue attacks are putting your organization at risk

Cybersecurity: Parliament adopts new law to strengthen EU-wide resilience | News | European Parliament

NIS2 hyväksyttiin – EU-maille tiukemmat kyberturvavaatimukset

Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards?

Poor software costs the US 2.4 trillion

Passkeys Now Fully Supported in Google Chrome

Google Takes Gmail Security to the Next Level with Client-Side Encryption

Executives take more cybersecurity risks than office workers

NIST Retires SHA-1 Cryptographic Algorithm

NIST to Retire 27-Year-Old SHA-1 Cryptographic Algorithm

WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections

Over 85% of Attacks Hide in Encrypted Channels

GitHub Announces Free Secret Scanning, Mandatory 2FA

Leaked a secret? Check your GitHub alerts…for free

Data Destruction Policies in the Age of Cloud Computing

Why PCI DSS 4.0 Should Be on Your Radar in 2023

2FA is over. Long live 3FA!

Google: With Cloud Comes APIs & Security Headaches

Digesting CISA’s Cross-Sector Cybersecurity Performance Goals

Zero Trust Shouldnt Be The New Normal

Don’t click too quick! FBI warns of malicious search engine ads

FBI Recommends Ad Blockers as Cybercriminals Impersonate Brands in Search Engine Ads

Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users

Kyberturvan ammattilaisista on huutava pula

Is Enterprise VPN on Life Support or Ripe for Reinvention?

Cyber as important as missile defences – an ex-NATO general

1,768 Comments

  1. Tomi Engdahl says:

    Independently Confirming Amnesty Security Lab’s finding of Predator targeting of U.S. & other elected officials on Twitter/X https://citizenlab.ca/2023/10/predator-spyware-targets-us-eu-lawmakers-journalists/

    Amnesty International’s Security Lab has just published Caught in the Net as part of the European Investigative Collaborations‘ Predator Files, which details a threat actor sending what they assess to be Predator infection links on social media in replies to Twitter / X posts by officials, journalists and other members of civil society.

    The Citizen Lab independently received and collected a set of since-deleted posts by this threat actor, which we call REPLYSPY. Our findings align with the Security Lab’s conclusions concerning Cytrox infrastructure, and we assess with high confidence that REPLYSPY included Cytrox Predator infection links in replies to numerous U.S. and international officials and others.

    Reply
  2. Tomi Engdahl says:

    https://www.databreaches.net/

    Why One Of The Largest Cyber-Attacks Is Still A Mystery
    Posted on October 8, 2023 by Dissent

    Ketaki Bhojnagarwala writes:
    https://www.databreaches.net/why-one-of-the-largest-cyber-attacks-is-still-a-mystery/

    It’s widely assumed that the Chinese government orchestrated the infamous GhostNet spy system that breached over 1,000 computers of military, political, economic, and diplomatic targets worldwide. For various political and legal reasons, though, China was never officially named as the culprit. As a result, the origins of GhostNet are still a mystery.

    Reply
  3. Tomi Engdahl says:

    ChatGPT iso uhka, NIS2 tuo lisää vastuita
    https://etn.fi/index.php/13-news/15407-chatgpt-iso-uhka-nis2-tuo-lisaeae-vastuita

    Tietoturvayhtiö Fortinet järjesti eilen teknologiapäivän Helsingin messukeskuksessa. Keynote-puheessaan yhtiön tietoturvajohtaja Ricardo Ferreira kertoi EU:n uudesta NIS2-tietoturvadirektiivistä. Se tuo yrityksille lisää vastuita samalla, kun rikollisten käytössä on yhä edistyneempiä työkaluja ChatGPT:stä lähtien.

    Tekoälyn myötä tilanne alkaa olla tietoturvan osalta hälyttävä. Ferreira muistutti tutkimuksesta, jossa oli tarkasteltu ChatGPT:llä luotua haitakoodia. Jopa 62 prosenttia botin luomasta haittakoodista sisälsi aitoja API-haavoittuvuuksia hyödyntäviä hyökkäyksiä.

    Käytännössä tämä tarkoittaa, että kynnys rakentaa aidosti vaarallisia haittaohjelmia alenee koko ajan. Ferreira kuvasi, millaisia riskejä on olemassa jo nyt. – Koko Costa Rican kriittinen infrastruktuuri kaapattiin ransomware-ohjelmistolla. Maata siis pidettiin pankkivankina.

    ChatGPTllä on jo luotu polymorfisia eli itseään muokkaavia haittaohjelmia. – Voiko suuriin kielimalleihin luottaa, jos niissä voi olla piilotettuja riskejä, Ferreira kysyi. Vastauksia näihin kysymyksiin ei taida vielä olla.

    Riskien ja uhkien monipuolistuessa myös regulaatio lisääntyy. EU:ssa tulee 17.102024 voimaan uusi kyberturvadirektiivi NIS2. Ferreira muistutti, että NIS2 on direktiivi jäsenmaille, ei organisaatioille. – Maiden pitää siis rakentaa kriisinhallintajärjestelmä ja raportointijärjestelmä. NIS2 esimerkiksi vaatii, että tietoturmurrosta pitää raportoida 245 tunnin kuluessa.

    Lisäksi jäsenmaiden pitää jakaa tietoa uhkista ja hyökkäyksistä. Kuten Ferreira muistutti, esimerkiksi pankkitoimintaan liittyy systeeminen riski: yhden järjestelmän kaatuminen voi aiheuttaa dominoefektin. Finanssipuolella NIS2:sta vastaa DORA-direktiivi (Digital Operational Resilience Act).

    NIS2 on alkuperäistä NIS-sääntelyä tiukempi. Ns. olennaisiksi toimijoiksi (essential entities) on nimetty paljon laajemmin toimijoita eri sektoreilta. Lisäksi nämä olennaiset toimijat joutuvat diektiivin määräyksiä laiminlyödessään maksamaan suurempia sakkoja kuin tärkeät toimijat (important entities).

    Reply
  4. Tomi Engdahl says:

    Suomalaisia yrityksiä pommitetaan verkossa entistä enemmän: 3 uhkaa kansalaisille https://www.is.fi/digitoday/tietoturva/art-2000009910781.html

    Yritysten kärsimät tietoturvavahingot heijastuvat tavallisiin asiakkaisiin eri tavoin, mutta jokainen niistä on kurja.

    Reply
  5. Tomi Engdahl says:

    Former US Cyber Director Inglis on Israel, Russia and ONCD’s future
    https://therecord.media/chris-inglis-interview-predict-2023

    Chris Inglis, the first-ever national cyber director, said Tuesday that cyberattacks would likely become a part of the unfolding conflict between Israel and Hamas, but he is confident in Israel’s ability to defend itself both on the battlefield and in cyberspace.

    “Cyber is involved in everything… it’s certainly involved in this and I think in two ways,” said Inglis, who stepped down from his post in February. “One, cyber, the digital infrastructure, is being used to synchronize, coordinate activities, whether that’s diplomacy or actions on the battlefield, and therefore needs to work well, needs to work with optimal performance.”

    The other front is the “information war” between the two sides to push their perspectives, according to Inglis.

    Reply
  6. Tomi Engdahl says:

    CISA, FBI, NSA, and Treasury Release Guidance on OSS in IT/ICS Environments https://www.cisa.gov/news-events/alerts/2023/10/10/cisa-fbi-nsa-and-treasury-release-guidance-oss-itics-environments

    Today, CISA, the Federal Bureau of Investigation, the National Security Agency, and the U.S. Department of the Treasury released guidance on improving the security of open source software (OSS) in operational technology (OT) and industrial control systems (ICS).

    Reply
  7. Tomi Engdahl says:

    STAYIN’ ALIVE – TARGETED ATTACKS AGAINST TELECOMS AND GOVERNMENT MINISTRIES IN ASIA https://research.checkpoint.com/2023/stayin-alive-targeted-attacks-against-telecoms-and-government-ministries-in-asia/

    In the last few months, Check Point Research has been tracking “Stayin’
    Alive”, an ongoing campaign that has been active since at least 2021. The campaign operates in Asia, primarily targeting the Telecom industry, as well as government organizations.

    The “Stayin’ Alive” campaign consists of mostly downloaders and loaders, some of which are used as an initial infection vector against high-profile Asian organizations. The first downloader found called CurKeep, targeted Vietnam, Uzbekistan, and Kazakhstan. As we conducted our analysis, we realized that this campaign is part of a much wider campaign targeting the region.

    Reply
  8. Tomi Engdahl says:

    >From chaos to cadence: Celebrating two decades of Microsoft’s Patch
    >Tuesday
    https://www.theregister.com/2023/10/11/microsoft_patch_tuesday_turns_20/

    Twenty years ago this month, Microsoft did something pretty revolutionary at the time when it formalized the Windows software release schedule.

    So instead of shipping updates whenever they were ready – Redmond says this typically happened on Wednesdays, while most customers recall it being late Friday afternoons – Microsoft began pushing software fixes on the second Tuesday of each month, beginning in October 2003.

    And thus, Patch Tuesday sprung into existence.

    Reply
  9. Tomi Engdahl says:

    Microsoft to kill off VBScript in Windows to block malware delivery
    https://www.bleepingcomputer.com/news/security/microsoft-to-kill-off-vbscript-in-windows-to-block-malware-delivery/
    Microsoft is planning to phase out VBScript in future Windows releases after 30 years of use, making it an on-demand feature until it is removed.

    VBScript (also known as Visual Basic Script or Microsoft Visual Basic Scripting Edition) is a programming language similar to Visual Basic or Visual Basic for Applications (VBA) and was introduced almost 30 years ago, in August 1996.
    “VBScript is being deprecated. In future releases of Windows, VBScript will be available as a feature on demand before its removal from the operating system,” the company said this week.
    Although not officially explained, Microsoft’s decision to deprecate VBScript is likely tied to the earlier discontinuation of Internet Explorer this year.
    Malicious actors have used VBScript to distribute malware, including notorious strains like Lokibot, Emotet, Qbot, and, more recently, DarkGate malware, among others, onto victims’ computers.
    Deprecated features for Windows client
    https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features

    Reply
  10. Tomi Engdahl says:

    US Government Releases Security Guidance for Open Source Software in OT, ICS
    https://www.securityweek.com/us-government-releases-open-source-security-guidance-for-ot-ics/
    CISA, FBI, NSA, and US Treasury published new guidance on improving the security of open source software in OT and ICS.
    Several US government agencies have teamed up to create new cybersecurity guidance for the use of open source software (OSS) in operational technology (OT).
    Designed in line with CISA’s Open Source Software Security Roadmap, which was released in September, the new document (PDF) is meant to promote the understanding of OSS and its implementation in industrial control systems (ICS) and other OT environments, and to detail best practices on the secure use of OSS.
    Authored by CISA, the FBI, the NSA, and the US Department of Treasury, the guidance provides recommendations on supporting OSS development, patching vulnerabilities, and using the Cross-Sector Cybersecurity Performance Goals (CPGs) for adopting security best practices.
    Improving Security of Open Source Software in Operational Technology and Industrial Control Systems
    https://www.cisa.gov/sites/default/files/2023-10/Fact_Sheet_Improving_OSS_in_OT_ICS_508c.pdf

    Reply
  11. Tomi Engdahl says:

    Organizations Respond to HTTP/2 Zero-Day Exploited for DDoS Attacks
    https://www.securityweek.com/organizations-respond-to-http-2-zero-day-exploited-for-ddos-attacks/

    Organizations respond to HTTP/2 Rapid Reset zero-day vulnerability exploited to launch the largest DDoS attacks seen to date.

    Major tech companies and other organizations have rushed to respond to the newly disclosed HTTP/2 zero-day vulnerability that has been exploited to launch the largest distributed denial-of-service (DDoS) attacks seen to date.

    The existence of the attack method, named HTTP/2 Rapid Reset, and the underlying vulnerability, tracked as CVE-2023-44487, were disclosed on Tuesday by Cloudflare, AWS and Google.

    Each of the tech giants saw DDoS attacks aimed at customers peaking at hundreds of millions of requests per second, far more than they had previously seen. One noteworthy aspect is that the attacks came from relatively small botnets powered by just tens of thousands of devices.

    While their existing DDoS protections were largely able to block the attacks, Google, Cloudflare and AWS implemented additional mitigations for this specific attack vector. In addition, they notified web server software companies, which have started working on patches.

    NETWORK SECURITY‘HTTP/2 Rapid Reset’ Zero-Day Exploited to Launch Largest DDoS Attacks in History
    https://www.securityweek.com/rapid-reset-zero-day-exploited-to-launch-largest-ddos-attacks-in-history/

    Reply
  12. Tomi Engdahl says:

    Microsoft has announced it is taking steps to eventually disable NTLM (NT LAN Manager) for authentication features in Windows 11 and add new features to Kerberos to take its place.
    .https://www.neowin.net/news/microsoft-wants-to-eventually-disable-ntlm-authentication-in-windows-11/?fbclid=IwAR1aTGeDS5iEnSJ7kiagGdO17z4hbz0IRhlB5ZSnq_OZsejIeC1s_PtOL28

    Reply
  13. Tomi Engdahl says:

    Suojelupoliisi varoittaa: Venäjä on valmis toimiin Suomea vastaan, jos katsoo sen tarpeelliseksi
    https://yle.fi/a/74-20054729

    Supon mukaan venäläisten vakoojien toiminta Suomessa on vaikeutunut hyökkäyssodan ja diplomaattien karkotusten vuoksi. Tämän vuoksi Venäjä joutuu erittäin todennäköisesti siirtämään tiedonhankintansa painopistettä kyberympäristöön.

    Myös Kiina vakoilee Suomea. Kiinan tiedustelu kohdistuu muun muassa ulko- ja turvallisuuspoliittiseen päätöksentekoon ja huipputeknologiaan. Yhdysvaltojen Kiinalle asettamat vientirajoitteet kasvattavat Kiinan tarvetta hankkia tietoa kybervakoilulla.

    Supo korostaa, että suurin osa suomalaisista ei ole Venäjän tai Kiinan kybervakoilun kohteena, mutta kuka tahansa verkkoon kiinteästi kytketyn suojaamattoman laitteen, kuten kotireitittimen, haltija voi olla sen mahdollistaja.

    Erityisesti suojaamattomat ja päivittämättömät kotireitittimet muodostavat supon mukaan tällä hetkellä merkittävän riskin kansalliselle turvallisuudelle.

    Reply
  14. Tomi Engdahl says:

    Yritykset saavat uusia tietoturvavaatimuksia – ”voi tulla haastavaa, jos Nis on uusi asia”
    https://www.tivi.fi/uutiset/tv/828eb178-d280-4cbc-a66a-d5f3209d668c

    [TILAAJILLE]

    Kun päivitetty Nis2-kyberturvallisuus­direktiivi tulee voimaan lokakuussa 2024, yhä useampi yritys joutuu ottamaan kyberturvalusikan kauniiseen käteen.

    ”Tässä vaiheessa yritysten ei kannata jäädä odottamaan ylhäältäpäin tulevaa tietoa mukaan kuulumisesta, vaan tehdä kotiläksynsä ja selvittää itse, koskeeko Nis2 heitä”, sanoo WithSecuren johtava tietoturvakonsultti Antti Laatikainen.

    Reply
  15. Tomi Engdahl says:

    Mastering your supply chain
    https://www.ncsc.gov.uk/blog-post/mastering-your-supply-chain

    A new collection of resources from the NCSC can help take your supply chain knowledge to the next level

    Reply
  16. Tomi Engdahl says:

    Automatic disruption of human-operated attacks through containment of compromised user accounts https://www.microsoft.com/en-us/security/blog/2023/10/11/automatic-disruption-of-human-operated-attacks-through-containment-of-compromised-user-accounts/

    In this blog we will share our analysis of real-world incidents and demonstrate how automatic attack disruption protected our customers by containing compromised user accounts. We then explain how this capability fits in our automatic attack disruption strategy and how it works under the hood.

    Reply
  17. Tomi Engdahl says:

    ToddyCat: Keep calm and check logs
    https://securelist.com/toddycat-keep-calm-and-check-logs/110696/

    ToddyCat is an advanced APT actor that we described in a previous publication last year. The group started its activities in December 2020 and has been responsible for multiple sets of attacks against high-profile entities in Europe and Asia.

    During the last year, we discovered a new set of loaders developed from scratch and collected additional information about their post-exploitation activities. The discovered information allowed us to expand our knowledge of this group and obtain new information about the attacker’s TTPs (Tactics, Techniques and Procedures). In this article, we’ll describe their new toolset, the malware used to steal and exfiltrate data, and the techniques used by this group to move laterally and conduct espionage operations.

    Reply
  18. Tomi Engdahl says:

    Everest cybercriminals offer corporate insiders cold, hard cash for remote access https://www.theregister.com/2023/10/12/everest_courting_corporate_insiders/

    The Everest ransomware group is stepping up its efforts to purchase access to corporate networks directly from employees amid what researchers believe to be a major transition for the cybercriminals.

    In a post at the top of its dark web victim blog, Everest said it will offer a “good percentage” of the profits generated from successful attacks to those who assist in its initial intrusion.

    Reply
  19. Tomi Engdahl says:

    Phylum Discovers SeroXen RAT in Typosquatted NuGet Package https://blog.phylum.io/phylum-discovers-seroxen-rat-in-typosquatted-nuget-package/

    SeroXen is a newly emerged RAT advertised as a legitimate tool. It is marketed as a ready-to-use package, sold via a designated website making it easily accessible and deployable without the need for deep technical know-how.

    The discovery of SeroXen RAT in NuGet packages only underscores how attackers continue to exploit open source ecosystems and the developers that use them.
    No ecosystem is safe from attackers. That’s the nature of them; they are open to everyone, good and bad.

    Reply
  20. Tomi Engdahl says:

    How to Scan Your Environment for Vulnerable Versions of Curl https://www.darkreading.com/dr-tech/how-to-scan-environment-vulnerable-curl

    This Tech Tip outlines how enterprise defenders can mitigate the risks of the curl and libcurl vulnerabilities in their environments.

    Security teams don’t have to swing into crisis mode to address the recently fixed vulnerabilities in the command-line tool curl and the libcurl library, but that doesn’t mean they don’t have to worry about identifying and remediating impacted systems. If the systems are not immediately exploitable, security teams have some time to make those updates.

    This Tech Tip aggregates guidance on what security teams need to do to ensure they aren’t at risk.

    Curl Bug Hype Fizzles After Patching Reveal
    Touted for days as potentially catastrophic, the curl flaws only impact a narrow set of deployments.
    https://www.darkreading.com/vulnerabilities-threats/curl-bug-hype-fizzles-after-patching-reveal

    For days now, the cybersecurity community has waited anxiously for the big reveal about two security flaws that, according to curl founder Daniel Stenberg, included one that was likely “the worst curl security flaw in a long time.”

    Curl is an open source proxy resolution tool used as a “middle man” to transfer files between various protocols, which is present in literally billions of application instances. The suggestion of a massive open source library flaw evoked memories of the catastrophic log4j flaw from 2021. As Alex Ilgayev, head of security research at Cycode, worried, “the vulnerability in the curl library might prove to be more challenging than the Log4j incident two years ago.”

    But following today’s unveiling of patches and bug details, neither vulnerability lived up to the hype. However, it’s still important for organizations to uncover whether the bugs are present in their environments (Dark Reading’s latest Tech Tip covers how to scan environments for the curl vulnerabilities), and remediate accordingly.

    How to Scan Your Environment for Vulnerable Versions of Curl
    This Tech Tip outlines how enterprise defenders can mitigate the risks of the curl and libcurl vulnerabilities in their environments.
    https://www.darkreading.com/dr-tech/how-to-scan-environment-vulnerable-curl

    A foundational networking tool for Unix and Linux systems, cURL is used in command lines and scripts to transfer data. Its prevalence is due to the fact that it is used as both a standalone utility (curl) as well as a library that is included in many different types of applications (libcurl). The libcurl library, which allows developers to access curl APIs from their own code, can be introduced directly into the code, used as a dependency, used as part of an operating system bundle, included as part of a Docker container, or installed on a Kubernetes cluster node.

    According to Yair Mizrahi, a senior security researcher at JFrog, the libcurl library is vulnerable only if the following environment variables are set: CURLOPT_PROXYTYPE set to type CURLPROXY_SOCKS5_HOSTNAME; or CURLOPT_PROXY or CURLOPT_PRE_PROXY set to scheme socks5h://. The library is also vulnerable if one of the proxy environment variables is set to use the socks5h:// scheme. The command-line tool is vulnerable only if it is executed with the -socks5-hostname flag, or with –proxy (-x) or –preproxy set to use the scheme socks5h://. It is also vulnerable if curl is executed with the affected environment variables.

    “The set of pre-conditions needed in order for a machine to be vulnerable (see previous section) is more restrictive than initially believed. Therefore, we believe the vast majority of curl users won’t be affected by this vulnerability,” Mizrahi wrote in the analysis.

    Scan the Environment for Vulnerable Systems
    The first thing organizations need to do is to scope their environments to identify all systems using curl and libcurl to assess whether those preconditions exist. Organizations should inventory their systems and evaluate their software delivery processes using software composition analysis tools for code, scanning containers, and application security posture management utilities, notes Alex Ilgayev, head of security research at Cycode. Even though the vulnerability does not affect every implementation of curl, it would be easier to identify the impacted systems if the team starts with a list of potential locations to look.

    The following commands identify which versions of curl are installed:

    Linux/MacOS:

    find / -name curl 2>/dev/null -exec echo “Found: {}” \; -exec {} –version \;
    Windows:

    Get-ChildItem -Path C:\ -Recurse -ErrorAction SilentlyContinue -Filter curl.exe | ForEach-Object { Write-Host “Found: $($_.FullName)”; & $_.FullName –version }
    GitHub has a query to run in Defender for Endpoint to identify all devices in the environment that have curl installed or use curl. Qualys has published its rules for using its platform.

    Organizations using Docker containers or other container technologies should also scan the images for vulnerable versions. A sizable number of rebuilds are expected, particularly in docker images and similar entities that incorporate liburl copies. Docker has pulled together a list of instructions on assessing all images.

    To find existing repositories:

    docker scout repo enable –org /scout-demo
    To analyze local container images:

    docker scout policy [IMAGE] –org [ORG]
    This issue highlights the importance of keeping meticulous track of all open source software being used in an organization, according to Henrik Plate, a security researcher at Endor Labs.

    “Knowing about all the uses of curl and libcurl is the prerequisite for assessing the actual risk and taking remediation actions, be it patching curl, restricting access to affected systems from untrusted networks, or implementing other countermeasures,” Plate said.

    Just because the flaws are not exploitable doesn’t mean the updates are not necessary. Patches are available directly for curl and libcurl, and many of the operating systems (Debian, Ubuntu, Red Hat, etc.) have also pushed fixed versions. Keep an eye out for security updates from other applications, as libcurl is a library used by many operating systems and applications.

    One workaround until the updates can be deployed is to force curl to use local hostname resolving when connecting to a SOCKS5 proxy, according to JFrog’s Mizrahi. This syntax uses the socks5 scheme and not socks5h: curl -x socks5://someproxy.com. In the library, replace the environment variable CURLPROXY_SOCKS5_HOSTNAME with CURLPROXY_SOCKS5.

    According to Benjamin Marr, a security engineer at Intruder, security teams should be monitoring curl flags for excessive large strings, as that would indicate the system had been compromised. The flags are –socks5-hostname, or –proxy or –preproxy set to use the scheme socks5h://.

    CURL High Severity Vulnerability
    https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules/blob/main/Vulnerability%20Management/Curl-CVE-2023-38545.md
    Curl 8.4.0 – Proactively Identifying Potential Vulnerable Assets
    https://blog.qualys.com/vulnerabilities-threat-research/2023/10/05/curl-8-4-0-proactively-identifying-potential-vulnerable-assets

    Reply
  21. Tomi Engdahl says:

    Microsoft plans to kill off NTLM authentication in Windows 11 https://www.bleepingcomputer.com/news/security/microsoft-plans-to-kill-off-ntlm-authentication-in-windows-11/

    Microsoft announced earlier this week that the NTLM authentication protocol will be killed off in Windows 11 in the future.

    NTLM (short for New Technology LAN Manager) is a family of protocols used to authenticate remote users and provide session security.

    Kerberos, another authentication protocol, has superseded NTLM and is now the current default auth protocol for domain-connected devices on all Windows versions above Windows 2000.

    While it was the default protocol used in old Windows versions, NTLM is still used today, and if, for any reason, Kerberos fails, NTLM will be used instead.

    Reply
  22. Tomi Engdahl says:

    Explained: Quishing
    https://www.malwarebytes.com/blog/news/2023/10/explained-quishing

    Quishing is phishing using QR (Quick Response) codes. QR codes are basically two-dimensional barcodes that hold encoded data, and they can be used to work as a link. Point your phone’s camera at a QR code and it will ask you if you want to visit the link.

    The use of QR codes in malicious campaigns is not new, and because they can provide contactless access to a product or service they grew in popularity during the Covid-19 pandemic.

    Reply
  23. Tomi Engdahl says:

    Yksi kuva kertoo: Näin huijaus­puheluille kävi https://www.is.fi/digitoday/tietoturva/art-2000009897593.html

    SUOMEN teleoperaattorit ottivat viime viikolla käyttöön tekniikan, joka estää ulkomailta toimivia huijaussoittajia väärentämästä käyttöönsä suomalaisia puhelinnumeroita.

    Väärennettyjä puhelinnumeroita on käytetty niin petoksiin kuin häirintään.
    Ongelma räjähti käsiin vuonna 2021. Sen jälkeen soitot vähenivät, kunnes ne tänä kesänä räjähtivät uudelleen.

    Suodatusvelvoite astui voimaan maanantaina 2.10. Elisa kertoi aluksi estäneensä nyt kymmeniä tuhansia huijauspuheluita päivittäin.
    Prosentuaalisesti tämä on 70–80 oli prosenttia ulkomailta tulevista puheluista.

    Reply
  24. Tomi Engdahl says:

    Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure https://thehackernews.com/2023/10/discord-playground-for-nation-state.html

    In what’s the latest evolution of threat actors abusing legitimate infrastructure for nefarious ends, new findings show that nation-state hacking groups have entered the fray in leveraging the social platform for targeting critical infrastructure.

    Discord, in recent years, has become a lucrative target, acting as a fertile ground for hosting malware using its content delivery network (CDN) as well as allowing information stealers to siphon sensitive data off the app and facilitating data exfiltration by means of webhooks.

    “The usage of Discord is largely limited to information stealers and grabbers that anyone can buy or download from the Internet,” Trellix researchers Ernesto Fernández Provecho and David Pastor Sanz said in a Monday report.

    But that may be changing, for the cybersecurity firm said it found evidence of an artifact targeting Ukrainian critical infrastructures. There is currently no evidence linking it to a known threat group.

    “”The potential emergence of APT malware campaigns exploiting Discord’s functionalities introduces a new layer of complexity to the threat landscape,”
    the researchers noted.

    Reply
  25. Tomi Engdahl says:

    Kyberhyökkäyksistä on aiheutunut kustannuksia joka kolmannelle suomalaiselle suuryritykselle
    https://www.kauppalehti.fi/uutiset/kyberhyokkayksista-on-aiheutunut-kustannuksia-joka-kolmannelle-suomalaiselle-suuryritykselle/64f959a8-9bb4-425f-a127-b5d4afd7be92

    Suomen kyberturvallisuudessa keskeisiä pelaajia ovat organisaatiot ja yritykset, joista 71 prosenttia on Elisan kyselytutkimuksen mukaan kiihdyttänyt varautumistaan kyberhyökkäyksiin.

    Yrityksiä velvoitetaan suojautumaan kyberhyökkäyksiltä vuonna 2024 voimaanastuvassa NIS2-direktiivissä.

    Suurista ja keskisuurista yrityksistä joka toinen arvioi, että tietomurtojen, murron yritysten ja kiristyshaittaohjelmien määrä on kasvanut viimeisen vuoden aikana. Joka kolmas yli 500 henkilöä työllistävä yritys on saanut kuuden kuukauden aikana liiketoiminnallisia kustannuksia kyberhyökkäyksistä johtuen, tiedotteessa kerrotaan.

    Reply
  26. Tomi Engdahl says:

    The forgotten malvertising campaign
    https://www.malwarebytes.com/blog/threat-intelligence/2023/10/the-forgotten-malvertising-campaign

    In recent weeks, we have noted an increase in malvertising campaigns via Google searches. Several of the threat actors we are tracking have improved their techniques to evade detection throughout the delivery chain.

    We believe this evolution will have a real world impact among corporate users getting compromised via malicious ads eventually leading to the deployment of malware and ransomware.

    In this blog post, we look at a malvertising campaign that seems to have flown under the radar entirely for at least several months. It is unique in its way to fingerprint users and distribute time sensitive payloads.

    Reply
  27. Tomi Engdahl says:

    Beyond Quantum: MemComputing ASICs Could Shatter 2048-bit RSA Encryption
    https://www.securityweek.com/beyond-quantum-memcomputing-asics-could-shatter-2048-bit-rsa-encryption/

    The feared ‘cryptopocalypse’ (the death of current encryption) might be sooner than expected – caused by in-memory computing ASICs rather than quantum computers.

    San Diego-based MemComputing is researching the use of in-memory processing ASICs (Application Specific Integrated Circuits) to potentially crack 2048 bit RSA in real time.

    MemComputing is a company and computing philosophy born out of theory. The theory is that if processing and data can be combined in memory, the so-called ‘von Neumann bottleneck’ can be broken. This bottleneck is latency introduced by having storage and processing separate, and the consequent necessity of communicating between the two.

    As the computational complexity increases, the processing time required by classical computers also increases – but exponentially. The result of the bottleneck is that a category of complex mathematical problems cannot be solved by classical (basic von Neumann architecture) in any meaningful time frame.

    “Among intractable combinatorial problems, large-scale prime factorization is a well-known challenge,” MemComputing researchers wrote in a paper titled Scaling up prime factorization with self-organizing gates: A memcomputing approach (PDF). It is the intractability of this problem that has kept RSA-based encryption theoretically secure for so long. It’s not that it is mathematically impossible, merely that it would take too long to be realistic using classical computers.

    Reply
  28. Tomi Engdahl says:

    Data Breaches
    Equifax Fined $13.5 Million Over 2017 Data Breach
    https://www.securityweek.com/equifax-gets-13-5-million-fine-over-2017-data-breach/

    UK’s financial watchdog FCA imposes a £11 million (approximately $13.5 million) fine to Equifax over the 2017 data breach.

    Reply
  29. Tomi Engdahl says:

    Toteutuuko hurja ennustus: haittaohjelma tappaa ihmisen ensi vuonna?
    https://etn.fi/index.php/13-news/15426-toteutuuko-hurja-ennustus-haittaohjelma-tappaa-ihmisen-ensi-vuonna

    Jo kaksi vuotta sitten Gartner ennusti, että ensi vuoden aikana OT-ympäristöihin kehitetyt haittaohjelmat ovat edistyneet niin paljon, että ne aiheuttavat jonkun kuoleman. Ennustus nousi esille uudestaan Fortinetin teknologiatapahtumassa.

    Hyökkäykset järjestelmien ohjaamiseen ja valvomiseen tarkoitettuihin laitteisiin ovat yleistyneet viime vuosina nopeasti. Telian Cygaten tietoturvaratkaisujen myynnistä vastaava Toni Laaksonen muistutti Fortinetin Security Dayssa, että monet OT-järjestelmät ovat vanhempia kuin laitosten tietoturvasta vastaavat operaattorit. On selvää, että OT-järjestelmien tietoturva laahaa kaukana IT:n perässä.

    Gartnerin tutkimusjohtaja Wam Voster sanoikin jo kaksi vuotta sitten, että turvallisuus- ja riskienhallintajohtajien tulisi olla enemmän huolissaan todellisista ihmisille ja ympäristölle aiheutuvista vaaroista eikä tietovarkauksista.

    Gartnerin mukaan tietoturvaloukkauksilla OT:ssä ja muissa kyberfyysisissa järjestelmissä (CPS) on kolme päämotivaatiota: todellinen vahinko, kaupallinen ilkivalta (pienempi tuotanto) ja mainevandalismi (valmistajan tekeminen epäluotettavaksi tai epäluotettavaksi).

    Gartner ennustaa, että kuolemaan johtaneiden kyberhyökkäysten taloudelliset vaikutukset nousevat yli 50 miljardiin dollariin vuoteen 2023 mennessä. Vaikka ihmishenkien arvoa ei otettaisi huomioon, organisaatioille aiheutuvat kustannukset korvauksina, oikeudenkäynteinä, vakuutuksina, viranomaismaksuina ja maineen menettämisenä tulee olemaan merkittävää. Gartner ennustaa myös, että useimmat toimitusjohtajat ovat henkilökohtaisesti vastuussa tällaisista tapauksista.

    Reply
  30. Tomi Engdahl says:

    Tietoturvan takia vanhat reitittimet vaihtoon?
    https://www.uusiteknologia.fi/2023/10/13/tietoturvan-takia-vanhat-reitittimet-vaihtoon/

    Suomalaiskodeissa ja mökeillä hurisee miljoonia reitittimiä, jotka eivät täytä enää uusimpia verkon turvallisuusvaateita tai niitä ei ole asennettu edes alkuaankaan oikein. Traficomin ja reititinmyyjien lisäksi Suojelupoliisi nosti eilen esiin päivittämättömien kotireitittimien muodostaman kansallisen tietoturvauhan.

    Suojelupoliisi mukaan suojaamattomia reitittimiä voidaan esimerkiksi kaapata kyberhyökkäyksiin. Telian arvion mukaan miljoonista suomalaisten käytössä olevista reitittimistä merkittävä osa vaatisi toimenpiteitä uhan torjumiseksi. Myös muut ovat nostaneet esille reitittimien ongelmat.

    ”Yli viisi vuotta vanhat reitittimet muodostavat suurimman riskin, sillä niihin ei välttämättä ole enää saatavissa tietoturvapäivityksiä. Tällaisia reitittimiä löytyy suomalaiskodeista useita satoja tuhansia”, arvioi teleoperaattori Telian laiteliiketoiminnasta vastaava johtaja Markku Saranpää kertoo.

    Saranpään mukaan suomalaisilla on käytössään yli kolme miljoonaa kiinteää ja langatonta reititintä. ”Digitaalinen turvallisuutemme rakentuu reitittimien lisäksi älylaitteista, verkon turvallisuudesta ja ihmisten huolellisuudesta niiden käytössä. Jokainen voi siis itse vaikuttaa paitsi oman digielämänsä turvallisuuteen, myös koko Suomen kansalliseen tietoturvaan’’, Saranpää sanoo.

    Reply
  31. Tomi Engdahl says:

    IoT Security
    Academics Devise Cyber Intrusion Detection System for Unmanned Robots
    https://www.securityweek.com/academics-devise-cyber-intrusion-detection-system-for-unmanned-robots/

    Australian AI researchers teach an unmanned military robot’s operating system to identify MitM cyberattacks.

    Two Australian academic researchers have devised a new cyber intrusion detection system that relies on AI to help unmanned military robots identify man-in-the-middle (MitM) cyberattacks.

    Relying on deep learning convolutional neural networks (CNNs), the new cyber-physical system is meant to reduce the vulnerabilities of the robot operating system (ROS), which is used in both civilian and military robots.

    Tested on a US Army GVT-BOT ground vehicle, the algorithm demonstrated a 99% accuracy, Fendy Santoso of Charles Sturt University and Anthony Finn of the University of South Australia (UniSA) note in their research paper (PDF).

    The cyber-intrusion detection framework primarily focuses on detecting MitM attacks, but vulnerabilities in ROS make it prone to breaches, hijacking, denial-of-service (DoS), and other types of cyberattacks, the academics say.

    These robots, the academics point out, are highly networked, because their different components, including sensors, actuators, and controllers rely on cloud services to transfer information and communicate.

    “Robotic systems can be compromised at multiple different levels, namely, at the system, sub-system, component, or sub-component levels. Preventing these attacks is by no means trivial, especially for sophisticated, complex, and modern robots, which can work even under a fault-tolerant mode, blurring the line between normal operations and fault conditions,” the researchers note.

    Trusted Operations of a Military Ground Robot in
    the Face of Man-in-the-Middle Cyber-Attacks Using
    Deep Learning Convolutional Neural Networks:
    Real-Time Experimental Outcome
    https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10210500

    Reply
  32. Tomi Engdahl says:

    Artificial Intelligence
    Applying AI to API Security
    https://www.securityweek.com/applying-ai-to-api-security/

    While there is quite a bit of buzz and hype around AI, it is a technology that can add tremendous value to security programs.

    It is hard to go anywhere in the security profession these days without the topic of artificial intelligence (AI) coming up. Indeed, AI is a popular topic. Like many popular topics, there is quite a bit of buzz and hype around it. All of a sudden, it seems that everyone you meet is leveraging AI in a big way.

    As you can imagine, this creates quite a bit of fog around the topic of AI. In particular, it can be difficult to understand when AI can add value and when it is merely being used for its buzz and hype. Beyond buzz and hype, however, how can we know when AI is being leveraged in a useful way to creatively solve problems?

    In my experience, AI works best when applied to specific problems. In other words, AI needs to be carefully, strategically, and methodically leveraged in order to tackle certain problems that suit it. While there are many such problems, API security is one such problem that I’ve experienced AI producing good results for.

    Let’s take a look at five ways in which AI can be leveraged to improve API security:

    API discovery: AI can be leveraged to study request and response data for APIs. Behavioral analysis can be performed to discover previously unknown API endpoints.

    Schema enforcement/access control: As AI studies request and response data for APIs, there are other benefits beyond API discovery. Schemas for specific API endpoints can be learned and then enforced, and subsequent departures from learned schemas can be observed and then mitigated.

    Exposure of sensitive data: Yet another benefit to AI studying request and response data for APIs is the ability to identify sensitive data in transit. This includes the detection and flagging of Personally Identifiable Information (PII) that is being exposed. The exposure of sensitive data, including PII, is a big risk for most enterprises. Improving the ability to detect and mitigate the exposure of sensitive data improves overall API security.

    Layer 7 DDoS protection: While most enterprises have DDoS protection at layers 3 and 4, they may not have it at layer 7. With APIs, layer 7 is where the bulk of the action is. Thus, AI can be leveraged to help protect API endpoints from the misuse and abuse that can happen at layer 7. AI can be applied to analyze metrics and log data collected from an enterprise’s API endpoints. The visibility generated by this continuous analysis and baselining of API endpoint behavior provides insights and alerting on anomalies, which can then be used to generate layer 7 protection policies. Improved layer 7 DDoS protection means improved API security.

    Malicious user detection: Malicious users, or clients, pose a significant risk to most enterprises. All client interactions, including those with API endpoints, can be analyzed for the enterprise over time, and outliers can be identified.

    Both AI and API security are top of mind for most security professionals these days. While there is quite a bit of buzz and hype around AI, it is a technology that can add tremendous value to security programs. Not surprisingly, like many technologies, AI works best when applied to specific problems that suit it. In my experience, API security happens to be one of those problems. By carefully, strategically, and methodically applying AI to API security, enterprises can improve their overall security postures.

    Reply
  33. Tomi Engdahl says:

    Data Protection
    Lost and Stolen Devices: A Gateway to Data Breaches and Leaks
    https://www.securityweek.com/lost-and-stolen-devices-a-gateway-to-data-breaches-and-leaks/

    By implementing strong security practices,, organizations can significantly reduce the risks associated with lost and stolen computers and safeguard their sensitive information.

    In our digital age, data is king. It drives businesses, informs decision-making, and plays an essential role in our everyday lives. However, with the convenience of technology comes the risk of data breaches and leaks.

    One often overlooked aspect of this risk is the role that lost and stolen computers play in compromising sensitive information. According to Forrester Research’s 2023 State of Data Security report, only 7% of security decision makers are concerned about a lost or stolen asset causing a breach, even though such incidents account for 17% of breaches. Such assets can include smartphones, tablets, laptops, external hard drives, and USB flash drives.

    While these types of breaches may not command the same attention-grabbing headlines as major cyberattacks, the theft or loss of laptops, desktops, and flash drives poses a very real problem. It underscores the pressing need for endpoint resilience and recovery.

    Reply
  34. Tomi Engdahl says:

    Data Protection
    Beyond Quantum: MemComputing ASICs Could Shatter 2048-bit RSA Encryption
    https://www.securityweek.com/beyond-quantum-memcomputing-asics-could-shatter-2048-bit-rsa-encryption/

    The feared ‘cryptopocalypse’ (the death of current encryption) might be sooner than expected – caused by in-memory computing ASICs rather than quantum computers.

    San Diego-based MemComputing is researching the use of in-memory processing ASICs (Application Specific Integrated Circuits) to potentially crack 2048 bit RSA in real time.

    MemComputing is a company and computing philosophy born out of theory. The theory is that if processing and data can be combined in memory, the so-called ‘von Neumann bottleneck’ can be broken. This bottleneck is latency introduced by having storage and processing separate, and the consequent necessity of communicating between the two.

    As the computational complexity increases, the processing time required by classical computers also increases – but exponentially. The result of the bottleneck is that a category of complex mathematical problems cannot be solved by classical (basic von Neumann architecture) in any meaningful time frame.

    Where theory cannot be demonstrated by fact, the problem and solution are emulated in software. For cracking RSA, “Presently, sieve methods represent the state-of-the-art algorithms showing promise, with the general number field sieve method being the most effective. Nevertheless, even these methods struggle to factor a 2048-bit RSA key within a sensible timeframe, and past instances have taken almost 2700-CPU-years to factor an 829-bit number using computer clusters.”

    The von Neumann bottleneck means that time-to-solution increases exponentially. “It is estimated that with current technology using the best-known algorithm (general number field sieve, GNFS), factoring a 2048-bit RSA key would take longer than the age of the universe,” the researchers added.

    Quantum computers will be able to solve this problem within a meaningful timeframe. Hence the NIST-driven drive for more complex post-quantum algorithms able to continue protecting encryption. Estimates of the arrival of quantum computers vary greatly, but ‘decades’ is usually quoted.

    Enter MemComputing’s combined memory/processing. Simulation shows that the complexity/time ratio for solving difficult problems increases only polynomially rather than exponentially. In other words, difficult problems can be solved very much faster — and the time taken to do so can be massively reduced.

    MemComputing effectively wanted to know how long it would take its patented in-memory processing to crack RSA, and whether it could be done in a shorter timeframe than waiting for the arrival of quantum computers.

    The approach taken was to use software emulation focusing on test problems from 30 to 150 bits. “Results showed that the circuit generated the appropriate congruences for benchmark problems up to 300 bits, and the time needed to factorize followed a 2nd-degree polynomial in the number of bits,” MemComputing announced. In other words, the increasing complexity of factoring large numbers with in-memory computing increases the necessary time far more slowly than the exponential increase afforded by classical computers.

    “The next step is to extend the effective range beyond 300 bits, which requires customizing the SOG design to even larger factorization problems, with the end goal of realizing the capability in an Application Specific Integrated Circuit (ASIC),” continued the company.

    Reply
  35. Tomi Engdahl says:

    Francesco Canepa / Reuters:
    The European Central Bank plans to start a two-year “preparation phase” for the digital euro on November 1, to finalize rules, select partners, and do testing — The European Central Bank took a further step on Wednesday towards launching a digital version of the euro …

    Future of Money

    ECB starts preparation for digital euro in multi-year project
    https://www.reuters.com/markets/currencies/ecb-starts-preparation-digital-euro-multi-year-project-2023-10-18/

    Reply
  36. Tomi Engdahl says:

    Zeba Siddiqui / Reuters:
    In a rare joint statement, Five Eyes chiefs from the US, the UK, Canada, Australia, and New Zealand warn about China’s IP “theft” and using AI to hack and spy — The Five Eyes countries’ intelligence chiefs came together on Tuesday to accuse China of intellectual property theft …

    Five Eyes intelligence chiefs warn on China’s ‘theft’ of intellectual property
    https://www.reuters.com/world/five-eyes-intelligence-chiefs-warn-chinas-theft-intellectual-property-2023-10-18/

    Reply
  37. Tomi Engdahl says:

    RT Watson / The Block:
    Chainalysis says recent media reports about the supposed use of crypto by terrorist organizations might be overstating metrics and using “flawed analyses” — – Chainalysis said some recent reports about the supposed use of crypto by terrorist organizations might be overstating metrics and using “flawed analyses.”

    Chainalysis says some reports might be overestimating crypto’s role in terrorist financing
    https://www.theblock.co/post/258284/chainalysis-says-some-reports-might-be-overestimating-cryptos-role-in-terrorist-financing

    Chainalysis said some recent reports about the supposed use of crypto by terrorist organizations might be overstating metrics and using “flawed analyses.”

    In the wake of the recent Hamas attack in Israel, crypto analytics firm Chainalysis said Wednesday that’s its been receiving lots of questions about how terrorist groups might be using cryptocurrency. But it said some reports about the supposed use might be overstating metrics and using “flawed analyses.”

    “Although terrorism financing is a very small portion of the already very small portion of cryptocurrency transaction volume that is illicit, some terrorist organizations raise, store, and transfer funds using cryptocurrency,” it wrote in a blog post. “Terrorist organizations have historically used and will likely continue to use traditional, fiat-based methods such as financial institutions, hawalas, and shell companies as their primary financing vehicles.”

    In the aftermath of Hamas’ terrorist attack on Israel various media outlets have sought to estimate the level of illicit crypto funds that may have been funneled into the offensive. Sen. Elizabeth Warren, D-Mass., along with more than a hundred other lawmakers, on Wednesday cited a report from the Wall Street Journal about Hamas’ suppose use of crypto and said she wants answers from the administration of President Joe Biden.

    Reply
  38. Tomi Engdahl says:

    Mike Wheatley / SiliconANGLE:
    SecureW2, whose zero-trust platform helps companies use certificate-based authentication from identity software providers, raised $80M from Insight Partners

    SecureW2 raises $80M to help companies adopt passwordless approach to zero-trust security
    https://siliconangle.com/2023/10/18/securew2-raises-80m-help-companies-adopt-passwordless-approach-zero-trust-security/?mid=1

    Reply
  39. Tomi Engdahl says:

    Jesse Hamilton / CoinDesk:
    The US Treasury’s FinCEN proposes labeling international crypto mixing as a “primary money laundering concern”, citing its use by Hamas and other illicit actors — Under pressure to address reports that Hamas and other terrorist groups are partially funded with crypto …

    U.S. Treasury Seeks to Name Crypto Mixers as ‘Money Laundering Concern’
    https://www.coindesk.com/policy/2023/10/19/us-treasury-seeks-to-name-crypto-mixers-as-money-laundering-concern/

    Under pressure to address reports that Hamas and other terrorist groups are partially funded with crypto, Treasury’s FinCEN proposed a rule to categorize mixers as a threat.

    U.S. authorities are looking to target the whole class of crypto mixers as a money-laundering threat, a sweeping move they’ve never taken before.
    If declared a ‘primary money laundering concern,’ U.S. financial firms could face restrictions in their interactions with mixers.

    The U.S. Department of the Treasury’s financial crimes arm is proposing to label crypto mixers as a “primary money laundering concern” in its effort to combat illicit crypto finance, highlighting the terrorist groups that have benefited from anonymous crypto funds, including possibly Hamas.

    Reply
  40. Tomi Engdahl says:

    Uutta suojaa pilviratkaisuihin – tietoturva-aukoista 80 prosenttia pilvestä
    https://www.uusiteknologia.fi/2023/10/20/uutta-suojaa-pilviratkaisuihin-tietoturva-aukoista-80-prosenttia-pilvesta/

    Tietoturvayhtiö Palo Alto Networksin mukaan pilvipalvelut ovat kaiken pahan alkua ja samalla merkittävän bisneksen tuoja. Yrityksen tietoturvayksikön mukaan peräti 80 prosenttia tietoturva-aukoista löytyy pilviympäristöistä. Siihen yritys on esitellyt suojaksi Code to Cloud -ratkaisun Prisma Cloud-alustaansa.

    Kaikenkokoiset yritykset ja yhteisöt ovat ottaneet käyttöön kuluneen vuosikymmenen runsain mitoin pilvisovelluksia ennennäkemättömällä tahdilla eikä merkkejä vauhdin hidastumisesta ole nähtävissä.

    Tutkimuslaitos Gartner-tutkimusyhtiön mukaan vuoteen 2027 mennessä peräti 65 prosenttia sovellusten työtaakasta tapahtuu ainakin osittain pilvipalveluissa. Kasvua ennustetaan peräti 20 prosenttia vuoden 2022 luvuista.

    Samalla myös tietoturva-uhat ovat pahentuneet. Palo Alto Networksin tietoturvayksikkö Unit 42:n selvityksen mukaan peräti 80 prosenttia tietoturva-aukoista löytyy pilviympäristöistä. Se voi osaltaan vaarantaa järjestelmän laaja-alaisille murroille.

    Samalla pilvipalveluihin kohdistuneet uhkien määrät ovat nousseet niin suuriksi, että monella turvallisuustiimillä on vaikeuksia pysyä hyökkäysten ja murtoyritysten perässä. Siihen Palo Alto Networks on kehittänyt ratkaisuksi yhtiön mukaan alan ensimmäisellä integroidulla Code to Cloud -ratkaisun. Se on osa yrityksen Prisma Cloud Darwin -julkaisua.

    Prisma® Cloud: Darwin Release Introduces Code-to-Cloud™ Intelligence
    https://www.paloaltonetworks.com/blog/2023/10/announcing-innovations-cnapp-prisma-cloud/

    Reply
  41. Tomi Engdahl says:

    Google’s upcoming “IP Protection” feature to hide users’ IP addresses by routing traffic through a proxy.

    #Google #chrome #privacy #cybersecurity

    Google Chrome’s new “IP Protection” will hide users’ IP addresses
    https://www.bleepingcomputer.com/news/google/google-chromes-new-ip-protection-will-hide-users-ip-addresses/?fbclid=IwAR1GxoZZFc25ct-R9OLYJbrZAwle8TXquWLjGRmZ9HHwj91-R1_w3ccCO74

    Google is getting ready to test a new “IP Protection” feature for the Chrome browser that enhances users’ privacy by masking their IP addresses using proxy servers.

    Recognizing the potential misuse of IP addresses for covert tracking, Google seeks to strike a balance between ensuring users’ privacy and the essential functionalities of the web.

    IP addresses allow websites and online services to track activities across websites, thereby facilitating the creation of persistent user profiles. This poses significant privacy concerns as, unlike third-party cookies, users currently lack a direct way to evade such covert tracking.

    While IP addresses are potential vectors for tracking, they are also indispensable for critical web functionalities like routing traffic, fraud prevention, and other vital network tasks.

    The “IP Protection” solution addresses this dual role by routing third-party traffic from specific domains through proxies, making users’ IP addresses invisible to those domains. As the ecosystem evolves, so will IP Protection, adapting to continue safeguarding users from cross-site tracking and adding additional domains to the proxied traffic.

    “Chrome is reintroducing a proposal to protect users against cross-site tracking via IP addresses. This proposal is a privacy proxy that anonymizes IP addresses for qualifying traffic as described above,” reads a description of the IP Protection feature.

    Initially, IP Protection will be an opt-in feature, ensuring users have control over their privacy and letting Google monitor behavior trends.

    The feature’s introduction will be in stages to accommodate regional considerations and ensure a learning curve.

    The first phase, dubbed “Phase 0,” will see Google proxying requests only to its own domains using a proprietary proxy. This will help Google test the system’s infrastructure and buy more time to fine-tune the domain list.

    To start, only users logged into Google Chrome and with US-based IPs can access these proxies.

    Potential security concerns
    Google explains there are some cybersecurity concerns related to the new IP Protection feature.

    As the traffic will be proxied through Google’s servers, it may make it difficult for security and fraud protection services to block DDoS attacks or detect invalid traffic.

    Furthermore, if one of Google’s proxy servers is compromised, the threat actor can see and manipulate the traffic going through it.

    To mitigate this, Google is considering requiring users of the feature to authenticate with the proxy, preventing proxies from linking web requests to particular accounts, and introducing rate-limiting to prevent DDoS attacks.

    Reply
  42. Tomi Engdahl says:

    Inside a $30 Million Cash-for-Bitcoin Laundering Ring in the Heart of New York https://www.404media.co/inside-a-30-million-cash-for-bitcoin-laundering-ring-in-the-heart-of-new-york/

    For years, a gang operating in New York allegedly offered a cash-for-Bitcoin service that generated at least $30 million, with men standing on street corners with plastic shopping bags full of money, drive-by pickups, and hundreds of thousands of dollars laid out on tables, according to court records.

    The records provide rare insight into an often unseen part of the criminal
    underworld: how hackers and drug traffickers convert their Bitcoin into cash outside of the online Bitcoin exchanges that ordinary people use. Rather than turning to sites like Coinbase, which often collaborate with and provide records to law enforcement if required, some criminals use underground, IRL Bitcoin exchanges like this gang which are allegedly criminal entities in their own right.

    Reply
  43. Tomi Engdahl says:

    Lost and Stolen Devices: A Gateway to Data Breaches and Leaks
    https://www.securityweek.com/lost-and-stolen-devices-a-gateway-to-data-breaches-and-leaks/

    By implementing strong security practices,, organizations can significantly reduce the risks associated with lost and stolen computers and safeguard their sensitive information.

    Reply
  44. Tomi Engdahl says:

    Amazon passkey implementation leaves room for improvement

    Tech startup Corbado analyzes Amazon’s implementation of passkeys across devices and browsers, flagging issues leading to domain redirection, user confusion, and unnecessary verification steps. The firm also finds the implementation lacking features such as Conditional UI and native app support.

    https://www.securityweek.com/in-other-news-energy-services-firm-hacked-tech-ceo-gets-prison-time-x-glitch-leads-to-cia-channel-hijack/

    Reply
  45. Tomi Engdahl says:

    Philippine Military Ordered to Stop Using Artificial Intelligence Apps Due to Security Risks
    https://www.securityweek.com/philippine-military-ordered-to-stop-using-artificial-intelligence-apps-due-to-security-risks/

    The Philippine defense chief ordered the 163,000-member military to stop using applications that harness AI to generate personal portraits, saying they could pose security risks.

    Reply
  46. Tomi Engdahl says:

    Bypassing Firewalls With PING!
    https://www.youtube.com/watch?v=VNRr5qAA_l4

    In this video, I show you how you can modify the payload of an ICMP PING packet to send your own data back and forth through an ICMP tunnel. If a firewall allows pings, then there’s a good chance you can set up a tunnel.

    Reply
  47. Tomi Engdahl says:

    Bypassing Firewalls with DNS Tunnelling (Defence Evasion, Exfiltration and Command & Control)
    https://www.youtube.com/watch?v=49F0co_VrTY

    In this video we’ll be exploring how to attack, detect and defend against DNS Tunnelling, a technique that can bypass certain firewall restrictions and provide an attacker with a command & control and data transfer channel. It can also be used to bypass many of the Captive Portals found on public wifi networks.

    Reply
  48. Tomi Engdahl says:

    Quick and Easy SSL Certificates for Your Homelab!
    https://www.youtube.com/watch?v=qlcVx-k-02E

    Timestamps:
    00:00 Intro
    00:57 How does it work?
    01:34 Brilliant.org
    02:28 What will we need?
    04:40 Installing Docker – Tutorial starts here
    06:03 docker-compose Walkthrough
    06:46 Generating the certificate
    08:32 Setting up domains
    11:02 Outro

    Reply
  49. Tomi Engdahl says:

    SSH Honeypot in 4 Minutes – Trap Hackers in Your Server
    https://www.youtube.com/watch?v=SKhKNUo6rJU

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*