Nothing is more difficult than making predictions. For this reason I did not do any “predictions for 2021 cyber security” posting before year 2021 started. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
The State of internet security in 2020 was hard. The trends that stormed last year will continue long to 2021: “Rapidly accelerated digital transformations, opportunistic phishing campaigns, discontinuity of information security operations and financial constraints are creating the perfect storm in a COVID-19-disrupted world.” Last year trend was Instead of ‘bring your own device’, these days it’s rather ‘bring your own office’.
2020 was a bumper year for cybercriminals, and this boom is expected to continue into 2021. 2021 Cybersecurity and IT Failures Roundup article presents you Lessons learned from the many failures, interruptions, crimes and other IT-related setbacks that made the news in 2020. Smart cyber security people have read about them and learned their lesson.
Kaspersky’s top three cybersecurity predictions for 2021 are increase in targeted attacks, attacks that are more disruptive exploiting contemporary issues and we will continue to have frequent and significant data breaches. I can pretty much agree on those. Cybersecurity must adapt to counter new threats in a transformed world
Head of Europol’s European Cybercrime Centre: there are no systems that cannot be breached article says that humankind has to choose between evolution by digitization, and stagnation. Naturally, the world is moving ahead. We can’t be naive and expect that bad things will not happen along with it. “We can’t be naive and expect that bad things will not happen along with it. Resilience is important.”
In 2021 Trend Micro predicts that cybercriminals will look to home networks as a critical launch pad to compromising corporate IT and IoT networks. New Cybersecurity Threat Predictions for 2021 article points out the the traditional network perimeter has been replaced with multiple edge environments, WAN, multi-cloud, data center, remote worker, IoT, and more, each with its unique risks.
DDoS attacks: Big rise in threats to overload business networks. Cyber attackers are threatening to take organisations offline with DDoS attacks if they aren’t paid bitcoin by a deadline – but victims are being urged not to give in to demands.
One sure bet is that ransomware attacks will only escalate further over this year. Pay-or-Get-Breached Ransomware Schemes Take Off in 2021. In 2020, ransomware attackers moved quickly to adopt so-called “double extortion” schemes, which means that first they encrypt your data so you can’t access it and then they say they will publish your most secret data for other people to see if you don’t pay up. Ransomware victims that have backups are paying ransoms to stop hackers leaking their stolen data.
Modern cybercrime is becoming increasingly open-sourced which means that already some of the most sophisticated and notorious cybercriminals are utilizing open-source tools to conduct their criminal activities and this will increase.
Trend Micro survey results claim that AI set to replace humans in cybersecurity by 2030. I am just wondering what this claim means and have people who have answered to the survey really understood AI and cyber security? My predictions is that we will need humans and AI and even traditional solutions for a long long time.
The lack of people with cyber security skills is still a problem for many companies because AI will not replace them any time soon. There are different views how the situation has developed. Cybersecurity Skills Shortage Falls for First Time article claims that that shortfall in skills has therefore dropped from 4.07 million last year to 3.12 million. As The End Of 2020 Approaches, The Cybersecurity Talent Drought Gets Worse article says that information technology industry has a real problem on its hands – and it’s only getting worse. While cybercrime grows exponentially, businesses are facing a severe cybersecurity talent drought. The supply of available, qualified security professionals is insufficient and the competition for services has dramatically increased. Some companies try to make claims that they have invented a “silver bullet” for educating cyber professionals like This educator claims to have invented an entertaining way to learn cybersecurity. Some of the cyber security issues move to cloud, so we need more people who know security and cloud. The Cloud Talent Drought Continues (And Is Even Larger Than You Thought)
Hackers leverage sophisticated and novel techniques to break into networks article tells that recent SolarWinds and JetBrains attacks are prime examples of why state-sponsored attacks are so dangerous. The hackers leveraged sophisticated, novel techniques to break into networks and obtain backdoor access to government agencies and enterprises. Expect to see more break-ins connected to those incidents and expect more similar incidents that have not just year been revealed.
Want to avoid having your online accounts hacked? Enable two-factor authentication. Better than the best password: How to use 2FA to improve your security article tells that this is a crucial security measure that requires an extra step when signing in to high-value services. The article explains how to set up 2FA and which accounts to focus on first.
A new version of OWASP Top-10 is coming this year. OWASP Top-10 2021 Statistics-based proposal article tries to make an OWASP Top-10 2021 predictions calculated by understandable metrics, make everyone able to reproduce the results, and present to an entire community for the feedback.
Privacy is an illusion. But that‘s a good thing article says that everyone’s information is available. It doesn’t matter who you are. Some people would pay lots of money to get that privacy illusion back and some just don’t care. With the Death of Cash, Privacy Faces a Deeply Uncertain Future article says that in One Future We have a Private, Anonymous Alternative to Cash but in the Black Mirror Future the Money in Your Pocket Knows Everything About You. Cash is dying that’s for sure. There are still ways to sen anonymous emails and it is a good idea to prepare to your digital life after death.
Ransomware attacks will explode in 2021 article claims that the Capitol riot and its aftermath makes the case for tech regulation more urgent, but no simpler. Against increased regulation there are freedom of speech sounding issues like Should Jack Dorsey be able to silence the president of the United States? Whether the storming of the US Capitol was an attempted coup, an insurrection, or an assault on democracy is merely a question of semantics. The US is now the focus of global instability. EU chief warns over ‘unfiltered’ hate speech and calls for Biden to back rules for big tech.
Legal requirements for IoT security start to emerge article tells that legislative activities are starting to make security a legal requirement for consumer IoT designs to have vaguely defined “reasonable security features”. US Government is beginning to create legislation mandating IoT security. The US House of Representatives, for instance, introduced H.R. 1668 – The Internet of Things Cybersecurity Improvement Act of 2020. There are NIST recommendations such as NISTIR 8259 — Foundational Cybersecurity Activities for IoT Device Manufacturers. EU introduces a cyber security IoT standard to protect its citizens and ENISA Publishes Guidelines on Securing the IoT Supply Chain.
7 Cybersecurity Predictions for Smart Buildings and Infrastructure for 2021: Continuous patch management and security updates, OT transparency for IT stakeholders, Natively secure OT network, Cloud-based access to remote sites instead of VPN, Zero touch onboarding, More cybersecurity in small facilities, Certified cybersecurity products and solutions.
IoT security is still complicated. For many development teams, the idea of building cybersecurity into their IoT design can seem daunting. 6 essential activities to help developers build in IoT cybersecurity article gives some ideas to improve cyber security in your IoT development.
2,204 Comments
Tomi Engdahl says:
https://theintercept.com/2021/09/21/surveillance-social-media-police-microsoft-shadowdragon-kaseware/
“Kaseware and ShadowDragon are part of a shadowy industry of software firms that exploit what they call “open source intelligence,” or OSINT: the trails of information that people leave on the internet. Clients include intelligence agencies, government, police, corporations, and even schools.”
Tomi Engdahl says:
From Beginner to Expert as Penetration Tester
https://pentestmag.com/from-beginner-to-expert-as-penetration-tester/
Tomi Engdahl says:
CISA Alert (AA21-265A) – Conti Ransomware https://us-cert.cisa.gov/ncas/alerts/aa21-265a
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed the increased use of Conti ransomware in more than 400 attacks on U.S. and international organizations. In typical Conti ransomware attacks, malicious cyber actors steal files, encrypt servers and workstations, and demand a ransom payment.
Tomi Engdahl says:
Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation https://thehackernews.com/2021/09/microsoft-warns-of-wide-scale-phishing.html
Microsoft has opened the lid on a large-scale phishing-as-a-service
(PHaaS) operation that’s involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts.
Tomi Engdahl says:
TikTok, GitHub, Facebook Join Open-Source Bug Bounty https://threatpost.com/tiktok-github-facebook-open-source-bug-bounty/174898/
As more businesses rely on open-source software for mission-critical infrastructure, HackerOne, along with sponsors including Elastic, Facebook, Figma, GitHub, Shopify and TikTok, announced they are throwing a new round of resources behind an Internet Bug Bounty Program (IBB) to lure threat hunters’ attention to open-source supply chains.
Tomi Engdahl says:
Providing Developers Value-Focused Feedback in Security Software Development
https://www.securityweek.com/providing-developers-value-focused-feedback-security-software-development
I recently wrote an article on attracting and retaining A-Players, and one of the key elements was to ensure that leadership share the mission with developers to create a sense of purpose. Having purpose and seeing impact is incredibly important for anyone, but for engineers, understanding their impact in the context of a larger program or product can be particularly challenging. I wanted to dig into this further and share a few anecdotes that might help managers of security software development teams be very deliberate in providing feedback.
Tomi Engdahl says:
IT-päättäjät eivät usko tämän hetken suojauksiin
https://etn.fi/index.php/13-news/12546-it-paeaettaejaet-eivaet-usko-taemaen-hetken-suojauksiin
Dell Technologies on julkistanut tämän vuoden Global Data Protection Index -raporttinsa ja sen mukaan tietoturvan tila on heikko. 82 prosenttia IT-päätöksentekijöistä on huolissaan siitä, että nykyiset tietosuojaratkaisut eivät vastaa kaikkiin liiketoiminnan tuleviin haasteisiin. 62 prosenttia pelkää, että nykyiset tietosuojatoimenpiteet eivät ehkä riitä kyberuhkien torjumiseen.
GDPI-raportti paljastaa, että organisaatiot kohtaavat useita tietosuojahaasteita, jotka johtuvat jatkuvasta ransomware-uhasta ja uusista teknologioista. Tällaisia ovat esimerkiksi pilvipohjaiset sovellukset, konttien hallinta kubernetes-ohjelmistoilla ja tekoälyn lisääntyminen järjestelmissä.
Tuoreen IDC:n tutkimuksen mukaan yli kolmannes organisaatioista maailmanlaajuisesti on viimeisen vuoden aikana kokenut ransomware-hyökkäyksen tai tietomurron, joka esti pääsyn järjestelmiin tai dataan.
Tomi Engdahl says:
Älylaitteisiin jo puolitoista miljardia hyökkäystä
https://etn.fi/index.php/13-news/12551-aelylaitteisiin-jo-puolitoista-miljardia-hyoekkaeystae
Vuoden 2021 ensimmäisellä puoliskolla älylaitteisiin kohdistui 1,5 miljardia hyökkäystä. Tietoturvayhtiö Kasperskyn mukaan IoT-laitteisiin kohdistuneiden hyökkäysten määrä kasvoi yli sata prosenttia vuoden 2021 ensimmäisten kuuden kuukauden aikana.
Edeltäneen puolen vuoden aikana hyökkäyksiä havaittiin 639 miljoonaa, joten määrä on yli kaksinkertaistunut. Kasperskyn mukaan on huomattava, että ongelma ei ole vain yksityishenkilöiden. Koska miljoonat työskentelevät edelleen kotoa käsin, verkkorikolliset kohdistavat yrityksen resursseja kotiverkkojen ja kotona olevien älylaitteiden kautta.
Todellisissa hyökkäyksissä IoT-laitteisiin kohdistuvien hyökkäysten lopputulos kehittyy, Kaspersky havaitsi. Tartunnan saaneita laitteita käytetään varastamaan henkilökohtaisia tai yritystietoja, ja louhimaan kryptovaluuttoja perinteisten DDoS-hyökkäysten lisäksi, joissa laitteisiin lisätään botti.
Tomi Engdahl says:
New Treasury sanctions take aim at blocking ransomware groups from cashing out
https://techcrunch.com/2021/09/23/us-treasury-sanctions-suex-ransomware/?tpcc=ECFB2021
The U.S. Treasury is wading into the fight against ransomware by sanctioning virtual cryptocurrency exchange Suex for its role in facilitating ransomware payments.
The sanctions are the first of its kind against a cryptocurrency exchange, and prohibit Americans from doing business with the company.
Tomi Engdahl says:
Cyber Threats to Global Electric Sector on the Rise https://www.dragos.com/blog/industry-news/cyber-threats-to-global-electric-sector-on-the-rise/
The number of cyber intrusions and attacks targeting the Electric sector is increasing and in 2020 Dragos identified three new Activity Groups (AGs) targeting the Electric Sector: TALONITE, KAMACITE, and STIBNITE. A full two-thirds of the 15 AGs that Dragos actively tracks are performing Industrial Control Systems (ICS)-specific targeting activities focused on electric utility operations.
Tomi Engdahl says:
Italian mafia cybercrime sting leads to 100+ arrests https://blog.malwarebytes.com/scams/2021/09/italian-mafia-cybercrime-sting-leads-to-100-arrests/
The Spanish National Police (Policía Nacional) has successfully dismantled an organized crime ring of hundreds of members in a sting operation supported by Europol, the Italian National Police (Polizia di Stato), and Eurojust. This is the end result of a year-long investigation.
Tomi Engdahl says:
Improving Security Posture to Lower Insurance Premiums
https://www.securityweek.com/improving-security-posture-lower-insurance-premiums
Cyber insurance is a new branch of an old industry. That industry has centuries of experience in insuring shipping and a hundred or more years of insuring motor cars — but only a few decades of cyber knowledge. It has comparatively little knowledge of either cyber risk or the financial insurance risk – and nobody yet knows where this new journey will take it.
The one thing we do know is that there is a direct relationship between insurance cost (the premium paid by the customer) and insurance settlements (the amount paid out in insurance claims). Premiums must exceed claims for the industry to survive. If claims are low, premiums can be low; but if claims are high, premiums must also be high.
Tomi Engdahl says:
CISA Opens IPv6 Guidance to Public Feedback
https://www.securityweek.com/cisa-opens-ipv6-guidance-public-feedback
The United States Cybersecurity and Infrastructure Security Agency (CISA) on Thursday announced that it’s asking for public feedback on new IPv6 guidance for federal agencies.
Named IPv6 Considerations for TIC 3.0, the document was issued in line with Office of Management and Budget (OMB) Memorandum 21-07, which mandates CISA to enhance the Trusted Internet Connections (TIC) program to ensure Internet Protocol version 6 (IPv6) is implemented within federal IT systems.
The new IPv6 guidance is meant to provide information on IPv6 itself, to inform agencies of their responsibilities in regard to OMB M-21-07, to share security considerations regarding the protocol and the TIC 3.0 security capabilities, and to raise awareness on IPv6 security features.
“This document is intended to be architecture-agnostic and broadly supports the government-wide deployment and use of the IPv6 network protocol,” CISA explains.
Starting September 23, the document is open for public comment, and will remain so until October 15.
IPv6 Considerations for TIC 3.0
https://www.cisa.gov/publication/ipv6-considerations-tic-30
CISA’s “IPv6 Considerations for TIC 3.0″ supports federal agencies as they implement Internet Protocol version 6 (IPv6) network protocol, in accordance with the Office of Management and Budget’s (OMB) Memorandum (M) 21-07: “Completing the Transition to Internet Protocol Version 6.” The “IPv6 Considerations for TIC 3.0″ explains the background of IPv6, lists security considerations for the protocol in relation to the TIC 3.0 security capabilities, and provides awareness of IPv6 security features according to TIC guidance. This document is intended to be architecture-agnostic and broadly supports the government-wide deployment and use of the IPv6 network protocol.
Public Comment Period – NOW OPEN!
CISA is releasing the “IPv6 Considerations for TIC 3.0″ for public comment beginning Thursday, September 23 until Friday, October 15. Agencies, industry, and academia are encouraged to submit feedback that will help support the successful deployment of IPv6 across federal information technology (IT) systems. CISA is interested in gathering feedback focused on the following key questions:
Are there other TIC 3.0 IPv6-related considerations and/or security challenges that should be considered?
While “IPv6 Considerations for TIC 3.0” is designed to be high-level, CISA may produce additional IPv6 guidance related to TIC 3.0 in the future. Is there specific guidance on IPv6 as it pertains to TIC 3.0 that your agency would find helpful?
Tomi Engdahl says:
https://pentestmag.com/the-automated-soc-reviewing-the-future-of-layered-security-solutions/
Tomi Engdahl says:
Treasury Takes Robust Actions to Counter Ransomware
https://home.treasury.gov/news/press-releases/jy0364
As part of the whole-of-government effort to counter ransomware, the U.S. Department of the Treasury today announced a set of actions focused on disrupting criminal networks and virtual currency exchanges responsible for laundering ransoms, encouraging improved cyber security across the private sector, and increasing incident and ransomware payment reporting to U.S. government agencies, including both Treasury and law enforcement. Treasury’s actions today advance the United States government’s broader counter-ransomware strategy, which emphasizes the need for a collaborative approach to counter ransomware attacks, including partnership between the public and private sector and close relationships with international partners.
Tomi Engdahl says:
How designers are fighting the rise of facial recognition technology
From LED-equipped visors to transparent masks, these inventions aim to thwart facial recognition cameras.
https://bigthink.com/technology-innovation/facial-recognition/
Tomi Engdahl says:
IT leaders facing backlash from remote workers over cybersecurity measures: HP study
More than 30% of workers under the age of 24 admitted to outright bypassing certain corporate security policies to get work done
https://www.zdnet.com/article/it-leaders-facing-backlash-from-remote-workers-over-cybersecurity-measures-hp-study/
Tomi Engdahl says:
Exclusive: Wide-ranging SolarWinds probe sparks fear in Corporate America
https://www.reuters.com/technology/exclusive-wide-ranging-solarwinds-probe-sparks-fear-corporate-america-2021-09-10/
Tomi Engdahl says:
Developing Cyber-Resilient Systems: Draft SP 800-160 Volume 2 Revision 1 is Available for Comment
August 05, 2021
https://csrc.nist.gov/news/2021/developing-cyber-resilient-systems-draft-rev-1
Tomi Engdahl says:
https://pentestmag.com/download/pentest-splunk-and-cybersecurity/
Tomi Engdahl says:
What it was like inside Microsoft during the worst cyberattack in history
Microsoft president Brad Smith describes the chaos inside the tech giant during the SolarWinds hack.
https://www.fastcompany.com/90672384/microsoft-president-brad-smith-solarwinds-exclusive
Tomi Engdahl says:
Guntrader breach perp: I don’t think it’s a crime to dump 111k people’s details online in Google Earth format
Plus: Police aren’t treating breaches as terror offence
https://www.theregister.com/2021/09/07/guntrader_hack_perp_interview/
The person who reformatted the Guntrader hack data as a Google Earth-compatible CSV has said they are prepared to go to prison – while denying their actions amounted to a criminal offence.
The pseudonymous person spoke to The Register by email late last week after dumping the personal data of 111,000 UK firearm and shotgun certificate owners online in a CSV formatted for ease of importing into Google Earth, pinpointing gun owners’ homes.
Tomi Engdahl says:
Cybersecurity is tough work, so beware of burnout
Making sure that information security staff are taking care of their mental wellbeing is vitally important.
https://www.zdnet.com/article/cybersecurity-is-tough-work-so-beware-of-burnout/
Tomi Engdahl says:
Former hacker reveals how to spot hidden cameras in hotel rooms
https://www.indy100.com/viral/airbnb-hidden-camera-hotel-room-b1914237
A former hacker turned to TikTok to teach his 117K followers users about cybersecurity. In one of Marcus Hutchins’ (@malwaretech) most-watched clips, he shows fellow TikTokers how to detect if there are any hidden cameras in their vacation accommodation.
Marcus explains: “The first thing you are going to want to look for is devices that are conveniently placed where a creeper would want to look.
Tomi Engdahl says:
SHADOWDRAGON: INSIDE THE SOCIAL MEDIA SURVEILLANCE SOFTWARE THAT CAN WATCH YOUR EVERY MOVE
https://theintercept.com/2021/09/21/surveillance-social-media-police-microsoft-shadowdragon-kaseware/
The tool is the product of a growing industry whose work is usually kept from the public and utilized by police.
A MICHIGAN STATE POLICE CONTRACT, obtained by The Intercept, sheds new light on the growing use of little-known surveillance software that helps law enforcement agencies and corporations watch people’s social media and other website activity.
The software, put out by a Wyoming company called ShadowDragon, allows police to suck in data from social media and other internet sources, including Amazon, dating apps, and the dark web, so they can identify persons of interest and map out their networks during investigations. By providing powerful searches of more than 120 different online platforms and a decade’s worth of archives, the company claims to speed up profiling work from months to minutes. ShadowDragon even claims its software can automatically adjust its monitoring and help predict violence and unrest. Michigan police acquired the software through a contract with another obscure online policing company named Kaseware for an “MSP Enterprise Criminal Intelligence System.”
Tomi Engdahl says:
https://pentestmag.com/making-aws-console-passwordless/
Tomi Engdahl says:
Meme: nsa backup
https://knowyourmeme.com/photos/559644-2013-nsa-surveillance-scandal
Tomi Engdahl says:
Blinding EDR On Windows
https://synzack.github.io/Blinding-EDR-On-Windows/
What is an EDR?Permalink
EDR stands for Endpoint Detection and Response. EDRs are the next generation of anti-virus and detecting suspicious activities on host systems. They provide the tools needed for continuous monitoring and advanced threats.
EDRs not only can look for malicious files, but also monitor endpoint and network events and record them in a database for further analysis, detection, and investigation. In many EDR consoles, you can see process trees, execution flows, process injections, and much more. If you were or are currently a security analyst, you may have even directly used these tools in your work.
Tomi Engdahl says:
https://www.advanced-ip-scanner.com/
Scan a network in seconds
Free Advanced IP Scanner is trusted
by 60 million users
Tomi Engdahl says:
https://pentestmag.com/increasing-enterprise-visibility-integrated-defense-with-mitre-attck/
Tomi Engdahl says:
New Chip Can Decode Any Type of Data Sent Across a Network
https://scitechdaily.com/new-chip-can-decode-any-type-of-data-sent-across-a-network/
New chip eliminates the need for specific decoding hardware, could boost efficiency of gaming systems, 5G networks, the internet of things, and more.
Every piece of data that travels over the internet — from paragraphs in an email to 3D graphics in a virtual reality environment — can be altered by the noise it encounters along the way, such as electromagnetic interference from a microwave or Bluetooth device. The data are coded so that when they arrive at their destination, a decoding algorithm can undo the negative effects of that noise and retrieve the original data.
Since the 1950s, most error-correcting codes and decoding algorithms have been designed together. Each code had a structure that corresponded with a particular, highly complex decoding algorithm, which often required the use of dedicated hardware.
Tomi Engdahl says:
Opinion: We’re sleepwalking toward a cyber 9/11
https://www.washingtonpost.com/opinions/2021/09/14/were-sleepwalking-toward-cyber-911/
In a recent interview for my podcast, cybersecurity consultant Ken Munro told me about the extremely lax security around various Internet of Things devices, from dolls and sex toys to Internet-connected suitcases. Hacking these devices, Munro said, is often “off-the-scale easy and requires no technical skill at all.” In other words, the devices functionally have zero security. The products have been designed to connect to the Internet with no serious thought about how to secure that digital traffic.
Tomi Engdahl says:
New System Can Decode Any Data Without the Need for Specific Hardware
This new chip can decode any error-correcting code through the use of an algorithm called Guessing Random Additive Noise Decoding (GRAND).
https://www.hackster.io/news/new-system-can-decode-any-data-without-the-need-for-specific-hardware-27c1de45a3ee
Tomi Engdahl says:
THIS 34-YEAR-OLD CONSULTANT MADE OVER $1,000,000 TEACHING CYBERSECURITY COURSES DURING THE PANDEMIC
https://www.blackenterprise.com/this-34-year-old-consultant-made-over-1000000-teaching-cybersecurity-courses-during-the-pandemic/
Tomi Engdahl says:
This Collection Teaches Engineers How to Protect Data Learn the strategies, policies, and techniques on data privacy
https://spectrum.ieee.org/data-protection-training
Tomi Engdahl says:
New Chip Can Decode Any Type of Data Sent Across a Network
TOPICS:5gElectrical EngineeringMITPopularSemiconductorsTelecommunications
By ADAM ZEWE, MASSACHUSETTS INSTITUTE OF TECHNOLOGY SEPTEMBER 14, 2021
https://scitechdaily.com/new-chip-can-decode-any-type-of-data-sent-across-a-network/
Tomi Engdahl says:
The NSA and CIA Use Ad Blockers Because Online Advertising Is So Dangerous
https://www.vice.com/en/article/93ypke/the-nsa-and-cia-use-ad-blockers-because-online-advertising-is-so-dangerous
The Intelligence Community has deployed ad-blocking technology, according to a letter sent by Congress and shared with Motherboard.
Lots of people who use ad blockers say they do it to block malicious ads that can sometimes hack their devices or harvest sensitive information on them. It turns out, the NSA, CIA, and other agencies in the U.S. Intelligence Community (IC) are also blocking ads potentially for the same sorts of reasons.
The IC, which also includes the parts of the FBI, DEA, and DHS, and various DoD elements, has deployed ad-blocking technology on a wide scale, according to a copy of a letter sent by Congress and shared with Motherboard.
https://www.documentcloud.org/documents/21068028-wyden-letter-to-omb-on-ad-blocking
Tomi Engdahl says:
How to Go Passwordless on Your Microsoft Account https://www.wired.com/story/how-to-no-password-microsoft-account/
Despite being the default way that you get into most of your digital accounts, passwords aren’t really that securecertainly not compared to a fingerprint or a device that can act as a physical key. If someone gets hold of or guesses your password, they can pretend to be you from wherever they are in the world, especially if you don’t have two-factor authentication in place.
Tomi Engdahl says:
States at Disadvantage in Race to Recruit Cybersecurity Pros
https://www.securityweek.com/states-disadvantage-race-recruit-cybersecurity-pros
Austin Moody wanted to apply his cybersecurity skills in his home state of Michigan, teaming up with investigators for the State Police to analyze evidence and track down criminals.
But the recent graduate set the idea aside after learning an unpaid internship was his only way into the Michigan agency.
“I don’t know many people that can afford to take an unpaid internship, especially when it’s in such high demand in the private sector,” Moody said of fellow cybersecurity job seekers. “Unpaid internships in cyber aren’t really a thing beyond the public sector.”
Hiring and keeping staff capable of helping fend off a constant stream of cyberattacks and less severe online threats tops the list of concerns for state technology leaders. There’s a severe shortage of those professionals and not enough financial firepower to compete with federal counterparts, global brands and specialized cybersecurity firms.
“People who are still in school are being told, ‘There’s a really good opportunity in cybersecurity, really good opportunities for high pay,’” said Drew Schmitt, a principal threat intelligence analyst with the cybersecurity firm GuidePoint Security. “And ultimately these state and local governments just can’t keep up from a salary perspective with a lot of private organizations.”
Tomi Engdahl says:
Securing your organization from modern ransomwareRansomware attacks are now a team effort
https://www.trendmicro.com/explore/fi_ransomware?utm_source=mkto&utm_medium=email&utm_campaign=aw_e_fi+baltic_int_fi+baltic+ransomware+track+1&mkt_tok=OTQ1LUNYRC0wNjIAAAF_xW6MjvGeEJssiQO5E2M1Vn89HaPP_zxxVYbaVGlQRV7bKoutA0w5IJ9uGPWGi1gpgmArFcipUOqFKoBlIeKvENHhCnwnqWy_FnCK2Ujkccv2K7m7KKgJ
Tomi Engdahl says:
Quad Nations Commit to Fostering a Secure Technology Ecosystem
https://www.securityweek.com/quad-nations-commit-fostering-secure-technology-ecosystem
The Quad countries (Australia, India, Japan, and the United States) on Friday announced a partnership to foster the development of secure technology.
At the first-ever in-person Leaders’ Summit of the Quad, the four committed to working together on initiatives to improve global health and infrastructure, to combat climate change, and ensure the security of critical and emerging technology.
The Quad committed to building trust, integrity and interoperability, but underlined that suppliers, vendors, and distributors are expected to ensure the transparency and accountability of their practices.
Furthermore, technology developers are expected to adopt a security-by-design approach, ensuring that robust safety and security practices are implemented in the development process.
“Resilient, diverse, and secure technology supply chains – for hardware, software, and services – are vital to our shared national interests,” a White House announcement reads. “Close cooperation on supply chains with allies and partners who share our values will enhance our security and prosperity, and strengthen our capacity to respond to international disasters and emergencies.”
Tomi Engdahl says:
Microsoft will disable Basic Auth in Exchange Online in October 2022 https://www.bleepingcomputer.com/news/microsoft/microsoft-will-disable-basic-auth-in-exchange-online-in-october-2022/
Microsoft announced that Basic Authentication will be turned off for all protocols in all tenants starting October 1st, 2022, to protect millions of Exchange Online users.
Tomi Engdahl says:
Cloudflare Introduces Email Security Tools
https://www.securityweek.com/cloudflare-introduces-email-security-tools
Internet security and performance company Cloudflare is celebrating its 11th anniversary this week and on Monday introduced several email security tools.
Cloudflare is entering the email security market with some free tools that its customers can use to create custom email addresses, manage email routing, and prevent email phishing and spoofing.
Email spoofing and phishing are addressed by a new tool that the company has started rolling out, the Email Security DNS Wizard, which enables users to create DNS records to prevent unauthorized parties from sending out emails on their behalf. The Email Security DNS Wizard also warns users if their domain has an insecure DNS configuration.
The feature is being rolled out to Free users and it will become available to Pro, Enterprise and Business customers over the next weeks.
Cloudflare also announced Email Routing, which it says provides an easy way to create and manage email addresses. The company says the feature is currently in private beta and interested users can sign up now for early access.
“Cloudflare Email Routing will give customers more control over their email and empower them to have professional addressing while relying on any email hosting provider, whether it’s hosted Exchange, managed Office 365, Gmail, Google Workplace, or an old Aol.com address,” the company said. “This is particularly powerful for small businesses who may want to have a custom domain on their email addresses, but behind the scenes still be managing everything out of a consumer Gmail account.”
Tomi Engdahl says:
Working Securely From Anywhere With Zero Trust
https://www.securityweek.com/working-securely-anywhere-zero-trust
Providing Developers Value-Focused Feedback in Security Software Development
https://www.securityweek.com/providing-developers-value-focused-feedback-security-software-development
Tomi Engdahl says:
Different RBAC role assignments in Azure might be inherited from subscription / management group level but there may come a time when that’s just way too broad spectrum to give permissions to an AD user group.
Using Azure policies to audit and automate RBAC role assignments
https://cloud.solita.fi/en/using-azure-policies-to-audit-and-automate-rbac-role-assignments/?utm_medium=paidsocial&utm_source=facebook&utm_campaign=fi-cloud-using-azure-policies-to-audit-9-2021&hsa_acc=1021896911210910&hsa_cam=6244509309508&hsa_grp=6259000941708&hsa_ad=6259000943108&hsa_src=fb&hsa_net=facebook&hsa_ver=3
Usually different RBAC role assignments in Azure might be inherited from subscription / management group level but there may come a time when that’s just way too broad spectrum to give permissions to an AD user group.
Tomi Engdahl says:
Lily Hay Newman / Wired:
Cloudflare announces Email Routing and Email Security DNS Wizard, built on top of Gmail, Outlook, Yahoo, and others to prevent phishing, spoofing, and more
Cloudflare Is Taking a Shot at Email Security
https://www.wired.com/story/cloudflare-taking-a-shot-at-email-security/
The internet infrastructure company wants to protect your inbox from targeted threats, starting with the launch of two new tools.
Cloudflare, The internet infrastructure company, already has its fingers in a lot of customer security pots, from DDoS protection to browser isolation to a mobile VPN. Now the company is taking on a classic web foe: email.
Tomi Engdahl says:
SHADOWDRAGON: INSIDE THE SOCIAL MEDIA SURVEILLANCE SOFTWARE THAT CAN WATCH YOUR EVERY MOVE
The tool is the product of a growing industry whose work is usually kept from the public and utilized by police.
https://theintercept.com/2021/09/21/surveillance-social-media-police-microsoft-shadowdragon-kaseware/
Tomi Engdahl says:
Kansallisen turvallisuuden katsaus 2021
https://supo.fi/kansallisen-turvallisuuden-katsaus
Kyberuhkista keskeisin on valtiollinen kybervakoilu. Suomeen kohdistuu jatkuvia kybervakoiluyrityksiä, eikä toiminnan odoteta laantuvan pitkälläkään aikavälillä.. katso myös https://supo.fi/kyberuhkat
Tomi Engdahl says:
Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns https://thehackernews.com/2021/09/atlassian-confluence-rce-flaw-abused-in.html
Opportunistic threat actors have been found actively exploiting a recently disclosed critical security flaw in Atlassian Confluence deployments across Windows and Linux to deploy web shells that result in the execution of crypto miners on compromised systems.
Tomi Engdahl says:
FinSpy: unseen findings
https://securelist.com/finspy-unseen-findings/104322/
FinSpy, also known as FinFisher or Wingbird, is an infamous surveillance toolset. Kaspersky has been tracking deployments of this spyware since 2011.. Apart from the Trojanized installers, we also observed infections involving usage of a UEFI or MBR bootkit. While the MBR infection has been known since at least 2014, details on the UEFI bootkit are publicly revealed in this article for the first time.