Nothing is more difficult than making predictions, especially in fast advancing cyber security field. Instead of me trowing out wild ideas what might be coming, I have collected here some trends many people and publications have predicted for 2023.
HTTPS: These days HTTPS has effectively become the default transport for web browsing. Most notably, the Chrome browser now marks any older HTTP website as “Not Secure” in the address bar. Chrome to attempt to “upgrade” to the HTTPS version of websites, if you ever accidentally navigate to the insecure version. If a secure version isn’t available, an on-screen warning is shown, asking if you would like to continue. As HTTPS has become more common across the web, Google Chrome is preparing to launch a security option that will block “insecure” downloads through HTTP on Chrome browser.
Malwertising: Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users also in 2023. The FBI is warning US consumers that cybercriminals are placing ads in search engine results that impersonate well-known brands, in an attempt to spread ransomware and steal financial information. Cybercriminals are purchasing ads that show up at the very top of search engine results, often purporting to link to a legitimate company’s website. However, anyone clicking on the link is instead taken to a lookalike page that may appear identical, but is in fact designed to phish for login credentials and financial details, or even trick the unwary into downloading ransomware. The FBI has advised consumers to use ad blockers to protect themselves from such threats.
Encrypted malware: The vast majority of malware arriving over encrypted connections that are typically HTTPS web sessions. The vast majority of cyber-attacks over the past year have used TLS/SSL encryption to hide from security teams traditional firewalls and many other security tools. Over 85% of Attacks Hide in Encrypted Channels. WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections. If you are not inspecting encrypted traffic when it enters your network, you will not be able to detect most malware at network level. Hopefully, you at least have endpoint protection implemented for a chance to catch it further down the cyber kill chain.
Software vulnerabilities: Weak configurations for encryption and missing security headers will be still very common in 2023. In 2022 nearly every application has at least one vulnerability or misconfiguration that affects security and a quarter of application tests found a highly or critically severe vulnerability. Read more at Misconfigurations, Vulnerabilities Found in 95% of Applications
Old vulnerabilities: You will see attackers try to use old vulnerabilities again in 2023 because they work. Attackers will take the path of least resistance, and as long as vendors don’t consistently perform thorough root-cause analysis when fixing security vulnerabilities, it will continue to be worth investing time in trying to revive known vulnerabilities before looking for novel ones. There are many companies that do not patch their systems at reasonable time or at all, so they stay vulnerable. Also new variations of old vulnerabilities are also developed: approximately 50% of the observed 0-days in the first half of 2022 were variants of previously patched vulnerabilities.
Security gaps: There are still big gaps in companies’ cyber security. The rapid advancement of technology in all industries has led to the threat of ever-increasing cyberattacks that target businesses, governments, and individuals alike. Lack of knowledge, maintenance of employees’ skills and indifference are the strongest obstacles in the development of many companies’ cyber security. While security screening and limiting who has access to your data are both important aspects of personnel security, they will only get you so far.
Cloud: In a hyperscale cloud provider, there can be potentially several thousand people, working around the globe that could potentially access our data. Security screening and limiting alone still leaves a significant risk of malicious or accidental access to data. Instead, you should expect your cloud provider to take a more layered approach.
MFA: MFA Fatigue attacks are putting your organization at risk in 2023. Multi-factor auth fatigue is real. A common threat targeting businesses is MFA fatigue attacks a technique where a cybercriminal attempts to gain access to a corporate network by bombarding a user with MFA prompts until they finally accept one. This attempt can be successful, especially when the target victim is distracted or overwhelmed by the notifications or misinterprets them with legitimate authentication requests. t’s a huge threat because it bypasses one of the most effective the security measures.
Passwords: Passwords will not go away completely even though new solutions to replace then will be pushed to users. When you create passwords or passphrases, make them good and long enough to be secure. Including a comma character to the password can make it harder for cyber criminals to use if for some reason it leaks out. The reason us that comma in password can obfuscate tabular comma separated values (csv) files, which are a common way to collect and distribute stolen passwords.
EU: The Network and Information Security (NIS) Directive was the first piece of EU-wide legislation on cybersecurity: Network and Information Security 2 also known as NIS2. Rules requiring EU countries to meet stricter supervisory and enforcement measures and harmonise their sanctions were approved by MEPs on late 2022. They will start to affect security decisions in 2023. The new rules will set tighter cybersecurity obligations for risk management, reporting obligations and information sharing. The requirements cover incident response, supply chain security, encryption and vulnerability disclosure, among other provisions. The new rules will also protect so-called “important sectors” such as postal services, waste management, chemicals, food, manufacturing of medical devices, electronics, machinery, motor vehicles and digital providers. All medium-sized and large companies in selected sectors would fall under the legislation. The NIS Directive has impacted the cybersecurity budget of operators over the past year with deep-dives into the Energy and Health sectors. Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards?
USA: CISA has released cross-sector cybersecurity performance goals (CPGs) in response to President Biden’s 2021 National Security Memorandum on improving cybersecurity for critical infrastructure control systems. Since then, the CPGs have been observed by the cybersecurity community as “the floor” and “a baseline” to cybersecurity hygiene and practices. Many organizations overlook OT as part of their cybersecurity strategy, remaining their focus solely to IT systems. Especially in the critical infrastructure sectors, overlooking OT can have serious risks to all operations. As a result, the CPGs released explicitly are scoped to include OT devices.
Android: Android security will advance in 2023 in many ways. Android is adding support for updatable root certificates in the next Android 14 release. Google Play now lets children send purchase requests to guardians.
Loosing the trust: The world’s biggest tech companies have lost confidence in one of the Internet’s behind-the-scenes gatekeepers. Microsoft, Mozilla, and Google are dropping TrustCor Systems as a root certificate authority in their products.
Need for better communication: At a time when less than a fifth (18%) of risk and compliance professionals profess to be very confident in their ability to clearly communicate risk to the board, it’s clear that lines of communication—not to mention understanding—must be improved.
Supply chain risks: Watch for geopolitical instability to continue to be a governance issue, particularly with the need to oversee third-party and supply chain risk.
Privacy and data protection:Privacy and data protection are the big story for compliance officers in 2023, with expanding regulations soon expected to cover five billion citizens.
Business risks: In 2023, business risks will run the gamut: geopolitical volatility, talent management, DEI (Diversity, Equity, and Inclusion), ESG (Environmental, Social, and Governance), IT security amid continued remote and hybrid work, and business continuity amid the threat of large-scale operational and utility interruptions. There is also a challenge that Executives take more cybersecurity risks than office workers – leaders engage in more dangerous behavior and are four times more likely to be victims of phishing compared to office workers.
Integrated Risk Management: Look for risk to be increasingly viewed as a driver of business performance and value as digital landscapes and business models evolve. Forward-looking companies will embed integrated risk management (IRM) into their business strategy, so they can better understand the risks associated with new strategic initiatives and be able to pivot as necessary. Keep in mind that Executives take more cybersecurity risks than office workers
Zero trust: Many people think that Zero Trust is pretty optimal security practice in 2023. It is good for those new systems to whom it’s model suits, but Zero Trust has also challenges. Incorporating zero trust into an existing network can be very expensive. Zero Trust Shouldnt Be The New Normal article says that the zero trust model starts to erode when the resources of two corporations need to play together nicely. Federated activity, ranging from authentication to resource pooled cloud federation, doesnt coexist well with zero trust. To usefully emulate the kind of informed trust model that humans use every day, we need to flip the entire concept of zero trust on its head. In order to do that, network interactions need to be evaluated in terms of risk. Thats where identity-first networking comes in. In order for a network request to be accepted, it needs both an identity and explicit authorization; System for Cross-domain Identity Management (SCIM) based synchronization is used to achieve this. This securely automates the exchange of a user identity between cloud applications, diverse networks, and service providers.
Poor software: There will be a lot of poor software in use in 2023 and it will cost lots of money. Poor software costs the US 2.4 trillion: cyberattacks due to existing vulnerabilities, complex issues involving the software supply chain, and the growing impact of rapidly accumulating technical debt have led to a build-up of historic software deficiencies.
Microsoft: Microsoft will permanently turn off Exchange Online basic authentication starting early January 2023 to improve security. A future Microsoft Edge update would permanently disable the Internet Explorer 11 desktop web browser on some Windows 10 systems in February. This means that “The out-of-support Internet Explorer 11 (IE11) desktop application is scheduled to be permanently disabled on certain versions of Windows 10 devices on February 14, 2023, through a Microsoft Edge update, not a Windows update as previously communicated”
Google Workplace: Google Workspace Gets Client-Side Encryption in Gmail. Long waited Client-side encryption for Gmail available in beta .
Google is letting businesses try out client-side encryption for Gmail, but it’s probably not coming to personal accounts anytime soon. Google has already enabled optional client-side encryption for many Workspace services.
Passkeys: Google has made passkey support available in the stable version of Chrome. Passkeys use biometric verification to authenticate users and are meant to replace the use of passwords, which can be easily compromised. Passkeys are usable cross-platform with both applications and websites. Passkeys offer the same experience that password autofill does, but provide the advantage of passwordless authentication. They cannot be reused, don’t leak in server breaches, and protect users from phishing attacks. Passkeys are only available for websites that provide support for them, via the WebAuthn API,
War risks: Watch for continued war between Russia and Ukraine real world and cyber world in 2023. Cyber as important as missile defences – an ex-NATO general. The risk of escalation from cyber attacks has never been greater. A cyber attack on the German ports of Bremerhaven or Hamburg would severely impede NATO efforts to send military reinforcements to allies, retired U.S. General Ben Hodges told Reuters.
Cloud takeover: AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range
Threat actors can take over victims’ cloud accounts to steal data, or use them for command-and-control for phishing attacks, denial of service, or other cyberattacks.
ISC: ICS and SCADA systems remain trending attack targets also in 2023.
Code security: Microsoft-owned code hosting platform GitHub has just announced multiple security improvements, including free secret scanning for public repositories and mandatory two-factor authentication (2FA) for developers and contributors. The secret scanning program is meant to help developers and organizations identify exposed secrets and credentials in their code. In 2022, code scanning helped identify 1.7 million potential secrets exposed in public repositories. Now the feature is available for free for all free public repositories, to help prevent secret exposures and secure the open source ecosystem. With secret scanning alerts, you can track and action on leaked secrets directly within GitHub.
Data destruction: We must develop a cloud-compatible way of doing destruction that meets security standards. Maybe cloud providers can come up with a service to provide this capability, since only they have direct access to the underlying hardware. They have never been shy about inventing new services to charge for, and certainly plenty of companies would be eager to pay for such a service, if the appropriate certificates of destruction were provided.
PCI DSS: PCI DSS 4.0 Should Be on Your Radar in 2023 if you work on field that needs to meet that. The latest version of the standard will bring a new focus to an overlooked yet critically important area of security. For a long time, client-side threats, which involve security incidents and breaches that occur on the customer’s computer rather than on the company’s servers or in between the two, were disregarded. But that’s changing with the release of PCI DSS 4.0. Now, many new requirements focus on client-side security.
SHA-1: NIST Retires SHA-1 Cryptographic Algorithm, not fully in 2023, but starts preparations for phase-out. The venerable cryptographic hash function has vulnerabilities that make its further use inadvisable. According to NIST, SHA-1 ‘has reached the end of its useful life’, given that the high computing capabilities of today’s systems can easily attack the algorithm using the technique is referred to as a ‘collision’ attack. SHA-1, whose initials stand for secure hash algorithm, has been in use since 1995 as part of the Federal Information Processing Standard and NIST has announced that SHA-1 should be phased out by Dec. 31, 2030, in favor of the more secure SHA-2 and SHA-3 groups of algorithms. The US National Institute of Standards and Technology (NIST) recommended that IT professionals start replace the 27 years old SHA-1 cryptographic algorithm with newer, more secure ones. Because SHA-1 is used as the foundation of numerous security applications, the phaseout period will take many years. Tech giants such as Google, Facebook, Microsoft and Mozilla have already taken steps to move away from the SHA-1 cryptographic algorithm. Certificate authorities stopped issuing certificates using SHA-1 as of January 1, 2017.
Cloud: Is Cloud Native Security Good Enough? Cloud native technologies enable organizations to tap into the agility required to keep up in the current competitive landscape and to create new business models. But achieving efficient, flexible, distributed and resilient cloud native security is tough. All major public cloud providers -Amazon Web Services (AWS), Microsoft Azure and Google Cloud- of course offer security features and services, which are designed to address significant threats to cloud-based data. However, in spite of this, public cloud providers’ security tools commonly fail to meet operational needs, and their limitations should prompt organizations to consider or reconsider how they are protecting public cloud environments.
Privacy: The Privacy War Is Coming. Privacy standards are only going to increase. It’s time for organizations to get ahead of the coming reckoning.
Ethical hacking: Ethical hacking has become a highly-sought after career route for emerging tech aspirants. The role of ethical hackers enables countless businesses and individuals to improve their security posture and minimize the potential attack risk for organizations. But there are several analysts who believe that becoming a self-taught ethical hacker in 2023 might not be worth it because they are at constant risk of failing to perform properly and many companies might not want to hire an ethical hacker.
MFA: Two factor authentication might not be enough in 2023 for applications that need good security. In the past few months, we’ve seen an unprecedented number of identity theft attacks targeting accounts protected by two-factor authentication (2FA), challenging the perception that existing 2FA solutions provide adequate protection against identity theft attacks. So for some demanding users 2FA is over. Long live 3FA!
Cloud APIs: With Cloud Comes APIs & Security Headaches also in 2023. Web application programming interfaces (APIs) are the glue that holds together cloud applications and infrastructure, but these endpoints are increasingly under attack, with half of companies acknowledging an API-related security incident in the past 12 months. ccording to a survey conducted by Google Cloud, the most troublesome security problems affecting companies’ use of APIs are security misconfigurations, outdated APIs and components, and spam or abuse bots . About 40% of companies are suffering an incident due to misconfiguration and a third coping with the latter two issues. Two-thirds of companies (67%) found API-related security issues and vulnerabilities during the testing phase, but more than three-quarters (77%) have confidence that they will catch issues, saying they have the required API tools and solutions-
Lack of cyber security workers: Businesses need to secure their assets and ensure the continuous readiness of employees to respond to a cyberattack if they want to move forward safely and avoid losses caused by cybercriminals or malicious attackers. There is an acute shortage of cyber security professionals. As Threat Levels remain high, companies and organizations remain on alert – but face ongoing challenges in finding and retaining the right people with the required skill levels. There is a significant skills gap and a clear need for hiring cyber security experts in organizations across the world.
VPN: Is Enterprise VPN on Life Support or Ripe for Reinvention? While enterprise VPNs fill a vital role for business, they have several limitations. To get work-from-anywhere initiatives off the ground quickly and keep their business afloat, many organizations turned to enterprise virtual private networks (VPNs). This allowed them to connect their remote employees to critical business operations at the corporate site. However, as fast as VPNs were deployed, organizations learned their limitations and security risks. So are traditional VPNs really “dead” as some industry analysts and pundits claim? Or do they simply need a refresh? Time will tell, and this will be discussed in 2023.
AI: Corporations have discovered the power of artificial intelligence (A.I.) to transform what’s possible in their operations
But with great promise comes great responsibility—and a growing imperative for monitoring and governance. “As algorithmic decision-making becomes part of many core business functions, it creates the kind of enterprise risks to which boards need to pay attention.
AI dangers: Large AI language models have potential dangers. AI is better at fooling humans than ever—and the consequences will be serious. Wired magazine article expects that In 2023, we may well see our first death by chatbot. Causality will be hard to prove was it really the words of the chatbot that put the murderer over the edge? Or perhaps a chatbot has broken someone’s heart so badly they felt compelled to take their own life?
Metaverse: Police Must Prepare For New Crimes In The Metaverse, Says Europol. It encourages law enforcement agencies to start considering the ways in which existing types of crime could spread to virtual worlds, while entirely new crimes could start to appear. ReadPolicing in the metaverse: what law enforcement needs to know report for more information.
Blockchain: Digital products like cryptocurrency and blockchain will affect a company’s risk profile. Boards and management will need to understand these assets’ potential impact and align governance with their overall risk and business strategies. Year 2022 already showed how a lot of cryptocurrency related risks realized. More “Crypto travel rules” enacted to combat money laundering and terrorism financing.
Insurance: Getting a cyber insurance can become harder and more expensive in 2023. Insurance executives have been increasingly vocal in recent years about systemic risks and now increasing cyber was the risk to watch. Spiralling cyber losses in recent years have prompted emergency measures by the sector’s underwriters to limit their exposure. There is growing concern among industry executives about large-scale strikes. As well as pushing up prices, some insurers have responded by tweaking policies so clients retain more losses. There are already insurance policies written in the market have an exemption for state-backed attacks, but but the difficulty of identifying those behind attacks and their affiliations makes such exemptions legally fraught. The chief executive of one of Europe’s biggest insurance companies has warned that cyber attacks, rather than natural catastrophes, will become “uninsurable” as the disruption from hacks continues to grow. Recent attacks that have disrupted hospitals, shut down pipelines and targeted government department. “What if someone takes control of vital parts of our infrastructure, the consequences of that?” In September, the US government called for views on whether a federal insurance response to cyber was warranted.
Sources:
Asiantuntija neuvoo käyttämään pilkkua salasanassa – taustalla vinha logiikka
Overseeing artificial intelligence: Moving your board from reticence to confidence
Android is adding support for updatable root certificates amidst TrustCor scare
Google Play now lets children send purchase requests to guardians
Diligent’s outlook for 2023: Risk is the trend to watch
Microsoft will turn off Exchange Online basic auth in January
Google is letting businesses try out client-side encryption for Gmail
Google Workspace Gets Client-Side Encryption in Gmail
The risk of escalation from cyberattacks has never been greater
Client-side encryption for Gmail available in beta
AWS Elastic IP Transfer Feature Gives Cyberattackers Free Range
Microsoft: Edge update will disable Internet Explorer in February
Is Cloud Native Security Good Enough?
Top Reasons Not to Become a Self-Taught Ethical Hacker in 2023
Google Chrome preparing an option to block insecure HTTP downloads
Cyber attacks set to become ‘uninsurable’, says Zurich chief
The Dark Risk of Large Language Models
Police Must Prepare For New Crimes In The Metaverse, Says Europol
Policing in the metaverse: what law enforcement needs to know
Cyber as important as missile defences – an ex-NATO general
Misconfigurations, Vulnerabilities Found in 95% of Applications
Personnel security in the cloud
Multi-factor auth fatigue is real – and it’s why you may be in the headlines next
MFA Fatigue attacks are putting your organization at risk
NIS2 hyväksyttiin – EU-maille tiukemmat kyberturvavaatimukset
Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards?
Poor software costs the US 2.4 trillion
Passkeys Now Fully Supported in Google Chrome
Google Takes Gmail Security to the Next Level with Client-Side Encryption
Executives take more cybersecurity risks than office workers
NIST Retires SHA-1 Cryptographic Algorithm
NIST to Retire 27-Year-Old SHA-1 Cryptographic Algorithm
WatchGuard Threat Lab Report Finds Top Threat Arriving Exclusively Over Encrypted Connections
Over 85% of Attacks Hide in Encrypted Channels
GitHub Announces Free Secret Scanning, Mandatory 2FA
Leaked a secret? Check your GitHub alerts…for free
Data Destruction Policies in the Age of Cloud Computing
Why PCI DSS 4.0 Should Be on Your Radar in 2023
Google: With Cloud Comes APIs & Security Headaches
Digesting CISA’s Cross-Sector Cybersecurity Performance Goals
Zero Trust Shouldnt Be The New Normal
Don’t click too quick! FBI warns of malicious search engine ads
FBI Recommends Ad Blockers as Cybercriminals Impersonate Brands in Search Engine Ads
Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users
Kyberturvan ammattilaisista on huutava pula
1,768 Comments
Tomi Engdahl says:
Following the LNK metadata trail
https://blog.talosintelligence.com/following-the-lnk-metadata-trail/
Microsoft announced at the beginning of 2022 that they would soon start to disable macros by default in Office documents downloaded from the Internet. They implemented the changes around June, only to remove the feature later that month. The feature was finally re-enabled by the end of July. Cisco Talos observed threat actors reacting to these changes by moving away from malicious macros as an initial access method in favor of other types of executable attachments. While tracking some prevalent commodity malware threat actors, Talos observed the popularization of malicious LNK files as their initial access method to download and execute payloads. A closer look at the LNK files illustrates how their metadata could be used to identify and track new campaigns.
Tomi Engdahl says:
Scientists Are Getting Eerily Good at Using WiFi to ‘See’ People Through Walls in Detail https://www.vice.com/en/article/y3p7xj/scientists-are-getting-eerily-good-at-using-wifi-to-see-people-through-walls-in-detail
Researchers at Carnegie Mellon University developed a method for detecting the three dimensional shape and movements of human bodies in a room, using only WiFi routers. To do this, they used DensePose, a system for mapping all of the pixels on the surface of a human body in a photo. DensePose was developed by London-based researchers and Facebooks AI researchers. From there, according to their recently-uploaded preprint paper published on arXiv, they developed a deep neural network that maps WiFi signals phase and amplitude sent and received by routers to coordinates on human bodies.
Tomi Engdahl says:
Exploiting null-dereferences in the Linux kernel https://googleprojectzero.blogspot.com/2023/01/exploiting-null-dereferences-in-linux.html
For a fair amount of time, null-deref bugs were a highly exploitable kernel bug class. Back when the kernel was able to access userland memory without restriction, and userland programs were still able to map the zero page, there were many easy techniques for exploiting null-deref bugs. However with the introduction of modern exploit mitigations such as SMEP and SMAP, as well as mmap_min_addr preventing unprivileged programs from mmaping low addresses, null-deref bugs are generally not considered a security issue in modern kernel versions.
This blog post provides an exploit technique demonstrating that treating these bugs as universally innocuous often leads to faulty evaluations of their relevance to security.
Tomi Engdahl says:
Hook: a new Ermac fork with RAT capabilities https://www.threatfabric.com/blogs/hook-a-new-ermac-fork-with-rat-capabilities.html
Ermac has been publicly rented by its actor DukeEugene for roughly one year and a half, with multiple actors being associated with the operations we had been observing. In March 2022, the actors behind this malware family tried to sell the botnet code on different hacking
forums: from this point onwards, we started observing a rise in quantity of samples from Ermac, together with the appearance of different names and actors rebranding the bot and trying to rent it.
In this sphere of Ermac forks, ThreatFabric identified botnets such as MetaDroid and OWL, created from the Ermac source code and presenting minor differences. In the case of MetaDroid for example, the author removed the Locale check which was in place to ensure that the bot would not operate on devices from CIS countries. Recently however, we encountered a new fork, which spiked our interest. This new malware variant, clearly based on Ermac, introduced the capability to manipulate files on the devices file system, as well as create a remote session able to interact with the Systems UI. Based on the malwares panel, we named this malware variant Hook.
Tomi Engdahl says:
ChatGPT can apparently make malware code on the fly, too
Welp.
https://mashable.com/article/chatgpt-malware-ai-code
Tomi Engdahl says:
Fed up with facial recognition cameras monitoring your every move? Italian fashion may have the answer
https://www.cnn.com/2023/01/16/tech/facial-recognition-fashion/index.html
The red-headed man wearing what looks like the ultimate Christmas sweater walks up to the camera. A yellow quadrant surrounds him. Facial recognition software immediately identifies the man as … a giraffe?
This case of mistaken identity is no accident — it’s literally by design. The sweater is part of the debut Manifesto collection by Italian startup Cap_able. As well as tops, it includes hoodies, pants, t-shirts and dresses. Each one sports a pattern, known as an “adversarial patch,” designed by artificial intelligence algorithms to confuse facial recognition software: either the cameras fail to identify the wearer, or they think they’re a giraffe, a zebra, a dog, or one of the other animals embedded into the pattern.
Tomi Engdahl says:
Russian criminals can’t wait to hop over OpenAI’s fence, use ChatGPT for evil
Scriptkiddies rush to machine intelligence to make up for lack in skills
https://www.theregister.com/2023/01/18/russia_openai_chatgpt_workarounds/
Tomi Engdahl says:
Hacking a Locked Windows 10 Computer With Kali Linux
https://pentestmag.com/hacking-a-locked-windows-10-computer-with-kali-linux/
A neat trick I learned to hack locked Windows computers and access files. No, it’s not clickbait, but a bit of prior cli knowledge is recommended.
For a while now, Windows has deferred and disappointed hackers with somewhat secure lock screens for their computers. However, this exploit can bypass these login screens and gain access to internal files. I’ll be doing a full walkthrough on exactly how I did it and hopefully you can get some use out of it.
Disclaimer: Do not do anything mentioned or explained in this article to another person or entity without their permission, and I am not responsible for any actions taken using information from this post.
Tomi Engdahl says:
How to Securely Leak to the Press
https://data-flair.training/blogs/how-to-securely-leak-to-the-press/
Tomi Engdahl says:
Inglourious Drivers – A Journey of Finding Vulnerabilities in Drivers
https://www.cyberark.com/resources/threat-research-blog/inglourious-drivers-a-journey-of-finding-vulnerabilities-in-drivers
I discovered multiple bugs in OEM vendors for peripheral devices, which affected many users of these OEM vendors (Razer, EVGA, MSI, AMI).
Many of the vulnerabilities originated in a well-known vulnerable driver that often is called WinIO / WinRing0.
This blog post focuses on an interesting case of TOCTOU vulnerability (CVE-2022-25637), alongside trivial exploitation.
Tomi Engdahl says:
How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
https://www.cyberciti.biz/security/how-to-set-up-ssh-keys-with-yubikey-as-two-factor-authentication-u2f-fido2/
All Linux and Unix servers are managed manually or by automation tools such as Ansible using ssh. For example, say you have a server at Linode or AWS. Then you copy your public ssh key to a remote cloud server. Once copied, you can now login to those servers without a password as long as ssh keys are matched. It is the best practice. Unfortunately, you are not protecting ssh keys stored on a local desktop or dev machine at $HOME/.ssh/ directory. If your keys are stolen, an attacker can get access to all of your cloud servers, including backup servers. To avoid this mess, we can protect our ssh keys stored on local dev/desktop machines using physical security keys such as YubiKey.
Tomi Engdahl says:
https://www.cyberciti.biz/faq/how-to-find-out-aes-ni-advanced-encryption-enabled-on-linux-system/
Tomi Engdahl says:
Popular password managers auto-filled credentials on untrusted websites
https://portswigger.net/daily-swig/popular-password-managers-auto-filled-credentials-on-untrusted-websites
Security shortcomings mean that multiple password managers could be tricked into auto-filling credentials on untrusted pages, security researchers at Google warn.
The team from Google went public with their findings on Tuesday (17 January), 90 days after notifying the applications – Dashlane, Bitwarden, and the built-in password manager bundled with Apple’s Safari browser – of the vulnerabilities.
Tomi Engdahl says:
DNS DriveBy: Stealthy GPS Tracking Using Open Wi-Fi
How I created a $10 ESP8266 GPS Tracker that uses Open Wi-Fi networks & DNS exfiltration for communication.
https://www.hackster.io/alexlynd/dns-driveby-stealthy-gps-tracking-using-open-wi-fi-65730a
Tomi Engdahl says:
Hyväuskoisia on helppo höynäyttää: näin tunnistat vaikuttamispyrkimykset
https://www.dna.fi/yrityksille/blogi/-/blogs/hyvauskoisia-on-helppo-hoynayttaa-nain-tunnistat-vaikuttamispyrkimykset?utm_source=facebook&utm_medium=linkad&utm_content=ILTE-artikkeli-hyvauskoisia-on-helppo-hoynayttaa-nain-tunnistat-vaikuttamispyrkimykset&utm_campaign=H_ILTE_MES_23-01-04_artikkelikampanja&fbclid=IwAR3NKqjteiFUp8gQJxo0M9L8FKgJC2CpSvZg5X3178fvDsGILrRrjR_4TFw
Hybridivaikuttaminen on puhuttanut suomalaisia ennennäkemättömällä tavalla viime aikoina. Monia erilaisia keinoja käyttävän vieraan tahon vihamielistä vaikuttamista voi olla vaikea tunnistaa tai huomata. Erityistä huomiota on kiinnitetty erityisesti informaatiovaikuttamisen tunnistamiseen ja kybervaikuttamiseen torjuntaan.
Tomi Engdahl says:
Cybercriminals Target Telecom Provider Networks
The growing use of mobile devices for MFA and the proliferation of 5G and VoIP in general could result in more attacks in future, experts say.
https://www.darkreading.com/threat-intelligence/cybercriminals-target-telecom-provider-networks
Tomi Engdahl says:
Is WordPress Secure?
https://blog.sucuri.net/2023/01/is-wordpress-secure.html
In this post, Ill be breaking down the WordPress ecosystem along with some security best practices to help you understand whether WordPress is safe and how to protect your site from attacks
Tomi Engdahl says:
Is WordPress Secure?
https://blog.sucuri.net/2023/01/is-wordpress-secure.html
In this post, Ill be breaking down the WordPress ecosystem along with some security best practices to help you understand whether WordPress is safe and how to protect your site from attacks
According to W3Techs, 43.2% of all websites on the internet use WordPress. And of all websites that use a CMS (Content Management System) more than half (64%) leverage WordPress to power their blog or website. Unfortunately, since WordPress has such a large market share it has also become a prime target for attackers.
You might be wondering whether WordPress is safe to use. And the short answer is yes — WordPress core is safe to use, but only if you maintain it to the latest version and employ some additional protections on the admin login page.
Is WordPress core secure?
In short, yes — WordPress core is secure, but only if you maintain it to the latest version.
But at the time of writing, only 60% of WordPress sites are using the latest version of WordPress. That means the other 40% of outdated sites are at risk of hackers targeting known vulnerabilities.
Hackers are constantly scanning the internet for outdated core WordPress installations or websites using plugins or themes with known vulnerabilities. They even have automated scripts that make it easy to find and exploit vulnerable websites.
How to secure
1 – Keep your WordPress plugins and themes patched
WordPress has literally thousands of options when it comes to plugins and themes. WordPress
2 – Use strong usernames and passwords for WordPress login and hosting
When you set up your hosting account or WordPress website login credentials, it’s important to use complex usernames and passwords. Stay away from simple or default usernames and passwords.
3 – Protect your WordPress login pages
The WordPress default login pages /wp-login.php and /wp-admin are commonly crawled by bots. Hackers use scripts to brute force attack and guess admin login credentials.
Enable two factor authentication
Change your default login page
Changing your default login page to a unique URL is yet another way to help mitigate attacks.
Deny all unnecessary access
With all that being said, by far the most secure method is to outright deny any and all attempts at accessing the login or admin panel from IP addresses which do not require it.
This can be done very easily by adding protected pages with our website firewall but can also be done free-of-charge by using .htaccess file rules within Apache environments.
4 — Setup Daily Website Backups
Website backups are the foundation of a strong security posture. When your WordPress website encounters an error or is infected with malware, you’ll want the ability to recover as quickly as possible.
5 — Install an SSL Certificate
An SSL (Secure Socket Layer) certificate is a digital certificate that encrypts the data that is being sent through your website. Although SSL encryption is not going to help protect your website from attackers, it does still play an important role in the overall security and trustworthiness of your website. Strong encryption is vital to ensuring your (and your site visitors) privacy is protected whenever they submit data on your site.
6 — Use the latest version of PHP
Out of date versions of PHP do contain vulnerabilities, so it’s important to patch to the latest version.
7 — Advanced DIY Protection (.htaccess & wp-config.php)
Restrict logins to a specific IP range
Disable browser viewing of directories: Options All -Indexes
Disable XML-RPC
This will disable trackbacks and ping-backs among other nuisances, but keep in mind it can also prevent users from placing comments on the website.
Add security headers
Disallow file modifications in wp-config.php
Disable PHP execution in /wp-content/uploads
Summary
While WordPress core receives frequent updates and has a default software security policy in place, there are many ways you can harden the installation to enhance the security of your WordPress website.
Tomi Engdahl says:
Turvallisena pidetty salaustekniikka petti käyttäjänsä – terrorismin avustamisesta epäilty paljastui https://www.is.fi/digitoday/tietoturva/art-2000009334711.html
FBI tunnisti anonyymin Tor-verkon käyttäjän. Tämä on tehokas muistutus siitä, etteivät edes sen käyttäjät ole täysin nimettömiä. Asiasta kertoi Vice Motherboard
Tomi Engdahl says:
Thinking of Hiring or Running a Booter Service? Think Again.
https://krebsonsecurity.com/2023/01/thinking-of-hiring-or-running-a-booter-service-think-again/
In December 2022, the U.S. Department of Justice seized Dobbss IPStresser website and charged him with one count of aiding and abetting computer intrusions. Prosecutors say his service attracted more than two million registered users, and was responsible for launching a staggering 30 million distinct DDoS attacks
Tomi Engdahl says:
ICS Confronted by Attackers Armed With New Motives, Tactics, and Malware https://www.darkreading.com/ics-ot/ics-confronted-by-attackers-armed-with-new-motives-tactics-and-malware
Threat actors are diversifying across all aspects to attack critical infrastructure, muddying the threat landscape, and forcing industrial organizations to rethink their security
Tomi Engdahl says:
Fingrid ja ammattikorkeakoulu lyövät päänsä yhteen – tavoitteena kyberturvallisuuden kehittäminen [TILAAJILLE]
https://www.tivi.fi/uutiset/tv/fa84fc78-2781-49ae-b183-7638655595f2
Kantaverkkoyhtiö Fingrid ja Jyväskylän ammattikorkeakoulu (Jamk) aloittavat yhteistyön liittyen tieto- ja viestintäteknologian sekä kyberturvallisuuden monialaisen osaamisen kehittämiseen sekä soveltavaan tutkimukseen
Tomi Engdahl says:
Ukraine signs agreement to join NATO cyber defense center https://therecord.media/ukraine-signs-agreement-to-join-nato-cyber-defense-center/
Ukraine has taken another step to deepen its cooperation with NATO in the cybersecurity field as its war with Russia both kinetic and digital approaches the one-year mark. On Thursday, Ukraine signed an agreement to join the Estonia-based NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE). Before it is official, all of CCDCOEs members will have to sign this agreement. Both sides stand to benefit from this partnership. Ukraine will get access to NATOs cutting-edge technology and research, while CCDCOE members will learn more from Ukraine about how to defend against cyberattacks during wartime.
Tomi Engdahl says:
Phishing and ransomware amongst biggest threats to charity sector https://www.ncsc.gov.uk/blog-post/phishing-and-ransomware-amongst-biggest-threats-to-charity-sector
A new threat report published today reveals why the charity sector is particular vulnerable to cyber attacks, the methods used by criminals, and how charities can best defend themselves. Cyber attacks affecting a charity’s services, funds, or compromising the sensitive data of donors can be devastating financially and reputationally, potentially putting vulnerable people at risk. Taking steps to ensure that charities are resilient is not an optional extra for trustees, but a core part of good governance. The report, published by the NCSC in association with the Charity Commission for England and Wales, explains why charities might be targeted and the challenges they face when compared to business and government organisations.
Tomi Engdahl says:
WhatsApp-tilisi voidaan kaapata nukkuessasi näin suojaudut https://www.is.fi/digitoday/tietoturva/art-2000009340308.html
WhatsApp-tili on mahdollista kaapata ilman että tilin omistaja tekee virhettä. Tähän mennessä nähdyt huijaukset, kuten hei äiti -viestit, ovat edellyttäneet käyttäjän erehdyttämistä ja toimia tältä.
Tietoturvatutkija Zuk Avraham selittää Twitterissä, miten tilikaappaus toimii. Murtautuja yrittää siirtää WhatsApp-tilisi uuteen puhelinnumeroon. Tästä tulee tilin oikealle omistajalle varoitusviesti, jonka yhteydessä on numeron vaihtamiseen tarvittava vahvistuskoodi. Huijauksen ydin on siinä, että pyynnön tehtyään hyökkääjä klikkaa en saanut viestiä -toimintoa. Tämä mahdollistaa numeron vaihtamista edellyttävän koodin toimittamisen robottipuhelulla. Seuraavassa vaiheessa hyökkääjä soittaa kohteen vastaajapalveluun ja yrittää saada kuunneltua viestit vastaajan oletusarvoista pin-koodia käyttäen. Jos uhrilla on käytössään vastauspalvelu, jonka pin-koodia ei ole vaihdettu, hyökkääjä saa numeron vaihtamiseen tarvittavan koodin haltuunsa.
Tomi Engdahl says:
Separating Wi-Fi Security Fact From Fiction https://www.forbes.com/sites/tonybradley/2023/01/21/separating-wi-fi-security-fact-from-fiction/
It seems like with each passing year we depend more and more on Wi-Fi technology. The number of appliances, devices, and gadgets that connect via Wi-Fi continues to rapidly expand, while Wi-Fi networks and Wi-Fi connectivity has become essentially ubiquitous.
Interestingly, while our use of Wi-Fi has grown exponentially and Wi-Fi technology has evolved significantly over the past couple decades, there are a number of myths and common misconceptions that are stubbornly persistent. Todays Wi-Fi is not invulnerable, but neither is any other networking technology. The problem is that the myths and misconceptions that drive much of the perception of Wi-Fi security are based on partial truths and outdated information. Its like having a debate about vehicle safety but using arguments that rely on partial data from before seatbelt laws, or before antilock brakes and airbags became standard. Those arguments are meaningless today.
Tomi Engdahl says:
Telegram secret? Yeah, right
https://www.kaspersky.com/blog/telegram-why-nobody-uses-secret-chats/46889/
Telegrams developers position their product as safe and protected. But in practice thats not entirely true: the reality is that Telegram has a number of quirks that make protecting your messages a little tricky, and its got nothing to do with the complexities of cryptography, but with much more prosaic stuff. Lets take a look at some rather dubious features in both the messengers interface and general logic that make it less secure than is commonly believed.
Tomi Engdahl says:
Valtio jakaa ensi kertaa yritystukea tietoturvan parantamiseen
https://yle.fi/a/74-20014069
Liikenne- ja viestintävirasto myöntää lähikuukausina kuuden miljoonan euron arvosta yritystukea tietoturvaan. Tietoturvaseteliksi nimetty tuki kohdennetaan yhteiskunnalle kriittisille toimialoille. Näitä aloja ovat muun muassa elintarvikehuolto, energiahuolto, finanssiala, media-ala, terveydenhuolto ja jätehuolto. Uudella tietoturvasetelillä halutaan parantaa nopeasti kriittisten yritysten tietoturvaa.
Taustalla vaikuttaa etenkin turvallisuusympäristön muuttuminen Ukrainan sodan myötä.
Tomi Engdahl says:
Dissecting and Exploiting TCP/IP RCE Vulnerability EvilESP https://securityintelligence.com/posts/dissecting-exploiting-tcp-ip-rce-vulnerability-evilesp/
Septembers Patch Tuesday unveiled a critical remote vulnerability in tcpip.sys, CVE-2022-34718. The advisory from Microsoft reads: An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPsec is enabled, which could enable a remote code execution exploitation on that machine. Pure remote vulnerabilities usually yield a lot of interest, but even over a month after the patch, no additional information outside of Microsofts advisory had been . From my side, it had been a long time since I attempted to do a binary patch diff analysis, so I thought this would be a good bug to do root cause analysis and craft a proof-of-concept
(PoC) for a blog post. In this blog my follow-up article to my exploit video I include an in-depth explanation of the reverse engineering of the bug and correct some inaccuracies I found in the Numen Cyber Labs blog.
Tomi Engdahl says:
The Low-Down On The Concept Of Personal Data https://www.forbes.com/sites/davidbalaban/2023/01/20/the-low-down-on-the-concept-of-personal-data/
Most people think of personal data as a self-explanatory term denoting any information that allows you to identify a specific individual.
This couldnt be truer, but with the caveat that numerous subtleties of this concept may complicate the categorization. For instance, a combination of a full name, date of birth, and gender may provide sufficient context to attribute an action to a particular person.
Still, in some scenarios, its a far cry from being enough for sure-shot identification. To get the bigger picture, lets zoom into what pieces of information can be labeled as personal data and under what circumstances.
Tomi Engdahl says:
Cristina Criddle / Financial Times:
A look at the challenge of moderating livestreams for children and vulnerable users, even if age verification can be improved and privacy concerns addressed — Abby Rayner was 13 when she first watched livestreams on Instagram that demonstrated self-harm techniques and encouraged viewers to participate.
Can Big Tech make livestreams safe?
https://www.ft.com/content/5280535a-4dd5-482d-ad0d-730e47354d4a
Tomi Engdahl says:
Zack Whittaker / TechCrunch:
Hackers leak police raid plans, confidential reports, AWS private keys, and other sensitive data from the servers of ODIN, which makes US police software
A hack at ODIN Intelligence exposes a huge trove of police raid files
Leaked files reveal tactical plans for police raids, surveillance, and facial recognition
https://techcrunch.com/2023/01/21/odin-intelligence-breach-police-surveillance/
Detailed tactical plans for imminent police raids, confidential police reports with descriptions of alleged crimes and suspects, and a forensic extraction report detailing the contents of a suspect’s phone. These are some of the files in a huge cache of data taken from the internal servers of ODIN Intelligence, a tech company that provides apps and services to police departments, following a hack and defacement of its website over the weekend.
The group behind the breach said in message left on ODIN’s website that it hacked the company after its founder and chief executive Erik McCauley dismissed a report by Wired, which discovered the company’s flagship app SweepWizard, used by police to coordinate and plan multi-agency raids, was insecure and spilling sensitive data about upcoming police operations to the open web.
Tomi Engdahl says:
Keri Blakinger / The Marshall Project:
How some US incarcerated people use contraband mobile phones to educate themselves, make TikToks, find love, publicize prison conditions, earn money, and more
The Many Ingenious Ways People in Prison Use (Forbidden) Cell Phones
https://www.themarshallproject.org/2023/01/19/cell-phones-in-prisons-tiktok-education
Despite the security concerns of administrators, incarcerated people use phones to hustle, make TikToks or publicize prison conditions.
Tomi Engdahl says:
International Counter Ransomware Task Force kicks off https://therecord.media/international-counter-ransomware-task-force-kicks-off/
An international counter-ransomware task force first announced at a White House event in November officially commenced operations on Monday, according to the Australian government which is the inaugural chair of the group. The International Counter Ransomware Task Forces
(ICRTF) operations are intended to drive collaboration among a coalition of 36 member states and the European Union to counter the spread and impact of ransomware which, despite typically being a criminal rather than state-based activity, has become a significant national security threat in recent years. The ICRTF was announced by members of the Counter Ransomware Initiative (CRI) after the conclusion of a two-day conference hosted by the Biden administration.
It aims to help member states exchange information and intelligence about the threats theyre facing, alongside sharing policy and legal authority frameworks and encouraging members law enforcement and cyber authorities to collaborate
Tomi Engdahl says:
Russias largest ISP says 2022 broke all DDoS attack records https://www.bleepingcomputer.com/news/security/russia-s-largest-isp-says-2022-broke-all-ddos-attack-records/
Russia’s largest internet service provider Rostelecom says 2022 was a record year for Distributed denial of service attacks (DDoS) targeting organizations in the country. DDoS attacks are cyberattacks aimed at making an internet-connected website or service unavailable by overwhelming it with many requests that deplete the server’s ability to accept new connections, causing the service to become unresponsive.
Hacktivists have used DDoS attacks on both sides of the Ukraine-Russian conflict to disrupt critical services, usually as retaliation for actions or announcements made concerning the ongoing war. In a report published today, Rostelecom says its experts recorded
21.5 million critical web attacks aimed at roughly 600 Russian organizations from various industries, including telecom, retail, financial, and the public sector
Tomi Engdahl says:
ShareFinder: How Threat Actors Discover File Shares https://thedfirreport.com/2023/01/23/sharefinder-how-threat-actors-discover-file-shares/
Many of our reports focus on adversarial Tactics, Techniques, and Procedures (TTPs) along with the tools associated with them. After gaining a foothold in an environment, one challenge for all threat actors is discovery. One common target for discovery is the enumeration of network shares. Network shares are common targets of an intrusion to facilitate later actions on objectives such as data exfiltration or targets for ransomware encryption. For this reason, it is important for defenders to be able to detect and proactively hunt for signs of any unauthorized network share discovery in order to mitigate the impacts of data exfiltration and anything that may follow it, such as ransomware. In this report, well be profiling a commonly used tool for discovering shares in a network, the PowerShell script Invoke-ShareFinder, which we will call ShareFinder throughout the report. This publication will delve into the specific characteristics of the underlying mechanism Invoke-ShareFinder uses to enumerate network shares. This is vital for defenders to understand to detect Invoke-ShareFinder and similar tools in their environments
Tomi Engdahl says:
Serious Security: How dEliBeRaTe tYpOs might imProVe DNS security https://nakedsecurity.sophos.com/2023/01/23/serious-security-how-deliberate-typos-might-improve-dns-security/
Over the years, weve written and spoken on Naked Security many times about the thorny problem of DNS hijacking. DNS, as you probably know, is short for domain name system, and youll often hear it described as the internets telephone directory or gazetteer. This trick, astonishingly, was first proposed back in 2008, in a paper gloriously entitled Increased DNS Forgery Resistance Through 0×20-Bit Encoding:
SecURItY viA LeET QueRies. With this extra detail to guess, the attackers would need to get lucky with their timing, the UDP port number, the ID tag value, and the caPiTaLiSATion of the domain name, in order to inject a fake hijack reply that the requesting server would accept
Tomi Engdahl says:
Sliver C2 Leveraged by Many Threat Actors https://www.cybereason.com/blog/sliver-c2-leveraged-by-many-threat-actors
This particular Threat Analysis report is part of a series named Purple Team Series, covering widely used attack techniques, how threat actors are leveraging them and how to detect their use. Cybereasons GSOC and Incident Response teams have analyzed a growing C2 framework named Sliver and created by a cybersecurity company named Bishop Fox.
C2 frameworks or Command and Control (C&C) infrastructure are used by security professionals (red teamers and pentesters) to remotely control compromised machines during security assessments. They are also leveraged by threat actors for the same reason. Following this introduction, we describe in detail how this framework works, how to reproduce its use, how threat actors are leveraging it and how to implement detection and prevention mechanisms
Tomi Engdahl says:
Brand Phishing report Q4 2022
https://blog.checkpoint.com/2023/01/23/brand-phishing-report-q4-2022/
In the Q4 of 2022, 20% of all brand phishing attempts were related to Yahoo. We found campaigns which included malicious phishing emails that used Yahoos branding. Those contained the subject YAHOO AWARD and were sent by senders with names such as Award Promotion, Award Center, info winning or Award Winning. The content of the email distributed in the campaign informed the victims that they have won prize money organized by Yahoo and worth hundreds of thousands of dollars. It asks the recipients to send their personal details and the bank details, claiming to transfer the winning prize money to the account. In addition, the email contains a warning that the victim must not tell people about winning the prize because of legal issues. DHL reached second position in Q4 with 16% of all brand phishing attempts, ahead of Microsoft in the third place with 11%. Technology was the most likely industry to be imitated by brand phishing this quarter, followed by Shipping and Social Networks
Tomi Engdahl says:
The UK Online Safety Bill What you need to know right now https://www.pandasecurity.com/en/mediacenter/security/uk-online-safety-bill/
For several years now, the British government has been debating new legislation to make the internet safer for citizens. Known as the Online Safety Bill (OSB), this new law promises to update existing statutes to better regulate new websites and apps. The oversight process has been long and contentious, with many ideas being added and removed along the way. So what is the current state of play?
Tomi Engdahl says:
Dragos Industrial Ransomware Analysis: Q4 2022 https://www.dragos.com/blog/industry-news/dragos-industrial-ransomware-analysis-q4-2022/
During the fourth quarter of 2022, ransomware continued to pose substantial financial and operational risk to industrial organizations worldwide. Dragos actively monitors and analyzes the activities of 57 different ransomware groups that have impacted industrial organizations and infrastructure. Dragos observed through publicly disclosed incidents, network telemetry, and dark web postings that out of these 57 groups, only 24 were active during Q4 of 2022. During this time, Dragos became aware of 189 ransomware incidents, a 30 percent increase from the 128 incidents in the previous quarter
Tomi Engdahl says:
NSA Publishes Security Guidance for Organizations Transitioning to IPv6
https://www.securityweek.com/nsa-publishes-security-guidance-organizations-transitioning-ipv6/
NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.
The National Security Agency (NSA) has published guidance to help the Department of Defense (DoD) and other system administrators identify and mitigate cyber risks associated with transitioning to Internet Protocol version 6 (IPv6).
Developed by the Internet Engineering Task Force (IETF), IPv6 is the latest iteration of the protocol that is used to identify and locate systems and route traffic across the internet, offering technical benefits and security improvements over its predecessor, IPv4, including a much broader address space.
The transition to IPv6, the NSA points out, is expected to have the biggest impact on network infrastructure, with all networked hardware and software affected in one way or the other, and will also impact cybersecurity.
“IPv6 security issues are quite similar to those from IPv4. That is, the security methods used with IPv4 should typically be applied to IPv6 with adaptations as required to address the differences with IPv6. Security issues associated with an IPv6 implementation will generally surface in networks that are new to IPv6, or in early phases of the IPv6 transition,” the NSA’s IPv6 security guidance reads (PDF).
https://media.defense.gov/2023/Jan/18/2003145994/-1/-1/0/CSI_IPV6_SECURITY_GUIDANCE.PDF
Tomi Engdahl says:
Risk Management
A Change in Mindset: From a Threat-based to Risk-based Approach to Security
https://www.securityweek.com/a-change-in-mindset-from-a-threat-based-to-risk-based-approach-to-security/
A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.
Bad actors find themselves at a constant advantage. They can determine when, where, and how they will attack an enterprise, using time and patience to pick the moment they want to strike.
As cybersecurity professionals, we constantly find ourselves fighting an uphill battle. The growth of cloud computing, remote employees, and Software-as-a-Service applications continues to expand the attack surface, providing bad actors with increasing opportunities. Malicious hackers have the advantage of surprise that will only grow as networks become more complex.
The threat landscape continues to expand, and security teams must change their approach from a threat-based to a risk-based mindset. This is a substantial change in how to approach security, moving away from a structure based on compliance and regulations to one that looks to reduce overall risk.
As technology leaders pivot to ask themselves, “what’s the worst thing that could happen,” the answers to that question can help guide a risk-based approach as it highlights the worst-case scenario and what it would take to recover.
The shift to a risk-based methodology is already happening in many large organizations. Threat-based methods often focused on a checklist of tasks to meet unique industry requirements but overlooked the key component of security: reducing risk.
As any security professional will say, compliance itself does not equate to security. It provides an organization with benchmarks and goals and reduces culpability during a breach, but often leaves security as an afterthought.
A risk-based approach to security takes a holistic view of a company to evaluate where its critical assets are and systematically identifies and prioritizes the threats facing the organization. Instead of looking at individual security controls in isolation, the risk-based mindset gives you a clearer picture of where and how likely, you are to be breached.
Tomi Engdahl says:
Let’s look at some key best practices for technology leaders:
Define and prioritize all assets critical to the business. Technology leaders must take stock of all their technology assets, including those on the Internet. Creating a list of assets and determining the value of each – and the inherent risks associated – provides a crucial first step.
Implement robust policies for defining which users and systems need access to critical assets. Organizations will focus more on user identity and access with a risk-based approach. Leverage technologies and tools that create strong authentication profiles that limit user movement.
Implement a zero-exception enforcement policy. Institute access controls and stick to them, even though it may prove difficult. This is critical and aligns with current popular security methods like Zero Trust.
Ensure that unauthorized access attempts are logged. Keeping and analyzing this information can help you understand where attack attempts come from. This also helps your organization to potentially strengthen security protocols around popular targets.
Conduct regular attack and user error simulations. An emergency is not the best time to learn. Conducting simulations provides invaluable experience for team members who get accustomed to stressful situations and prepares them for how to act quickly in case of an emergency.
https://www.securityweek.com/a-change-in-mindset-from-a-threat-based-to-risk-based-approach-to-security/
Tomi Engdahl says:
Suomeen tarvitaan tuhansia ja tuhansia kyberturvaosaajia
https://etn.fi/index.php/13-news/14506-suomeen-tarvitaan-tuhansia-ja-tuhansia-kyberturvaosaajia
Kyberturvallisuusalan kattojärjestö Kyberala ry arvioi viime syksynä, että Suomessa tarvitaan lähivuosina 8000 – 10 000 kyber- ja tietoturva-alan osaajaa. IT-yhtiö Gofore alkaa kouluttaa kyber- ja tietoturvan osaajia vastatakseen asiakkaidensa kasvavaan tietoturvapalveluiden kysyntään. Yhtiö rekrytoi huhtikuussa alkavaan, puoli vuotta kestävään palkalliseen koulutukseen IT-alan tehtävistä jo kokemusta kerryttäneitä teknisiä asiantuntijoita, jotka haluavat erikoistua ja työskennellä jatkossa tietoturvan parissa.
Tietoturvapalveluiden kysynnän voimakas kasvu vuoden 2022 aikana sekä rekrytoinnissa havaittu hakijoiden kiinnostus kehittyä tietoturvan osaajiksi antoivat Goforelle sysäyksen oman tietoturva-akatemian, Hackademyn käynnistämiseen.
- Olemme huomanneet keskusteluissa hakijoiden kanssa, että IT-alalla on iso joukko teknisiä asiantuntijoita, joiden osaaminen ja motivaatio antavat edellytykset kehittyä tietoturva-asiantuntijoiksi. Sopivaa mahdollisuutta uran suunnan muuttamiseksi ei vain ole ollut tarjolla. Kun samaan aikaan asiakkaiden kysyntä kyber- ja tietoturvaan kasvaa, Hackademy päätettiin perustaa, sanoo Goforen kyberturvallisuusliiketoiminnan johtaja Markus Asikainen.
Tomi Engdahl says:
Tekeekö ChatGPT tietoturvasta mahdotonta?
https://etn.fi/index.php/13-news/14505-tekeekoe-chatgpt-tietoturvasta-mahdotonta
Israelilainen Check Point Software on saanut uuden Suomen ja Baltian maajohtajan. Fortinetilta tullut Viivi Tynjälä aloittaa tilanteessa, jossa kybersodassa on astuttu kokonaan uuteen, tekoälyn hallitsemaan aikaan. – ChatGPT:tä on jo käytetty muun muassa haittaohjelmien koodin ja tietojenkalastelusähköpostien kirjoittamiseen, Tynjälä muistuttaa.
Check Pointin tietoturvatutkijat varoittavat, että hakkereiden nopeasti kasvava kiinnostus tekoälyteknologioita ja esimerkiksi ChatGPT:tä kohtaan voi entisestään lisätä kyberhyökkäysten määrää vuonna 2023. Yhtiön 30-vuotisjuhlavuoden painopisteenä onkin juuri ChatGPT:n kyberturvallisuus.
Suomessa ja Baltiassa painopistealueina jatkuvat myös hybridityö sekä organisaatioiden liikkuvien työntekijöiden päätelaitteiden ja yhteyksien suojaus.
Tomi Engdahl says:
Facebook Introduces New Features for End-to-End Encrypted Messenger App https://thehackernews.com/2023/01/facebook-introduces-new-features-for.html
Meta Platforms on Monday announced that it has started to expand global testing of end-to-end encryption (E2EE) in Messenger chats by default. “Over the next few months, more people will continue to see some of their chats gradually being upgraded with an extra layer of protection provided by end-to-end encryption,” Meta’s Melissa Miranda said. The social media behemoth said it intends to notify users in select individual chat threads as the security feature is enabled, while emphasizing that the process of choosing and upgrading the conversations to support E2EE is random
Tomi Engdahl says:
2022 Cyber Attacks Statistics
https://www.hackmageddon.com/2023/01/24/2022-cyber-attacks-statistics/
And finally I have aggregated all the data collected in 2022 from the cyber attacks timelines. In the past year I have collected 3074 events, a 21% increase compared to the 2539 events collected over the course of 2021. The war in Ukraine had an impact in the cyberspace, but the effects were visible starting from the Spring and during the Summer until the end of the year. Cyber crime continues to lead the Motivations chart with 76.8%, down from 84.1% of 2021. The impact of the war in Ukraine is visible in the percentage of Cyber Espionage, jumping at number two, exactly the same value of 2021 (10.4%), and even more in Hacktivism that soared to 7.1% from 1.3%. And obviously even the events motivated by Cyber Warfare doubled their percentage to 3.5% from 1.6% in 2021
Tomi Engdahl says:
The world is ‘clearly’ not prepared for cyberwarfare https://www.theregister.com/2023/01/24/armis_cyberwarfare_report/
One-third of IT and security professionals globally say they are either indifferent or unconcerned about the impact of cyberwarfare on their organizations as a whole, according to a survey of more than
6,000 across 14 countries. Security firm Armis commissioned the study, published today, in an effort to gage cyberwarfare preparedness while the first hybrid war wages on for nearly a year in Ukraine and nation-state cyberspies make headlines almost daily. The survey asked
6,021 respondents if they were confident that their organization and government could defend against cyberwarfare. “The answer is clearly no,” the report says
Tomi Engdahl says:
What is the Android Files Safe folder and how do you use it?
https://www.zdnet.com/article/what-is-the-android-files-safe-folder-and-how-do-you-use-it/
Way back on Android 8, Google introduced a protected folder in the Files application that password protects access to any files within.
That protected folder is called Safe folder and it’s built-in and free to use. If you’re uncertain as to why you might need to use such a file, consider this: You have sensitive documents on your phone. Maybe they were sent to you from your place of employment, or maybe it’s travel documentation, bank documentation, images of your driver’s license, or your COVID vaccine card. Whatever it is you want to safeguard from prying eyes, this folder is where you want to save it