Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
10 Questions to Ask Suppliers as Part of Third-Party Security Reviews https://www.dragos.com/blog/10-questions-to-ask-suppliers-as-part-of-third-party-security-reviews/
Supply chain attacks are inevitable. History has shown that at some point in time an adversary will compromise a supplier. In fact, there have been numerous examples of this in the last 12-18 months a prime example being the SolarWinds incident. A recent Dragos analysis of MITRE ATT&CK for ICS initial access techniques indicated that at least six Dragos-designated threat groups utilized supply chain attacks to facilitate initial access into their target environment. The specific threat groups using this technique include: ALLANITE, CHRYSENE, DYMALLOY, HEXANE, RASPITE, and XENOTIME. However, even in cases when a supply chain compromise is not the adversary’s primary intent or objective, adversaries can still discover valuable customer information through a supplier compromise. This information can include troubleshooting tickets or other technical information, which the adversary can leverage to enable future attacks against customer networks. This can also occur when criminal operations employ data extortion techniques and leak the associated data of a supplier a technique often leveraged by groups such as the Conti ransomware group.
Tomi Engdahl says:
Report: The state of industrial security in 2022 https://blog.barracuda.com/2022/07/12/report-the-state-of-industrial-security-in-2022/
Organizations are struggling to protect operational technology and getting breached as a result. In fact, Barracuda research finds that 94% of the organizations surveyed have experienced a security incident in the last 12 months. Barracuda examines this and other key findings in the new report, The state of industrial security in 2022. To capture perspectives on industrial internet of things (IIoT)/ operational technology (OT) security projects, implementation challenges, security incidents, technology investments, and a variety of issues related to cybersecurity risks, Barracuda commissioned independent market research firm Vanson Bourne to survey IT decision makers. The results of that research were published today in the new report. The survey includes responses from 800 senior IT managers, senior IT security managers, and project managers responsible for IIoT/OT in their organization. They came from organizations with more than 500 employees in the U.S., EMEA, and Australia.
Tomi Engdahl says:
Unohda hölmöt nigerialaiskirjeet huijausviestit käyvät pelottavan henkilökohtaisiksi https://www.tivi.fi/uutiset/tv/3b0557e4-a75f-4579-ae0c-b40477a6900f
On helppo naurahtaa ajatukselle hölmöstä huijausviestistä, jossa houkutellaan uhria huonolla kieliopilla ja räikeillä valheilla. Totuus kuitenkin on, että huijausbisnes on hyvin ammattimaista ja viestejä voidaan räätälöidä uhreille henkilökohtaisesti. Taitavimpia viestejä voi asiantuntijankin olla jo hyvin vaikea erottaa, kirjoittavat brittiläiset kyberturvallisuuden ja psykologian asiantuntijat Oliver Buckley, Max Eiza ja Gareth Norris. Takavuosien nigerialaiskirjeet eivät enää ole muodissa. Sen sijaan huijarit tonkivat ihmisten someprofiileja ja etsivät kohteita, joille räätälöidä viestejä.
Työelämään liittyvä somepalvelu LinkedIn on erityisen otollinen ympäristö ja maailmanlaajuisesti yli puolet kalasteluhuijauksista liittyvätkin juuri LinkedIniin.
Tomi Engdahl says:
The Long Tail of Log4Shell Exploitation
https://www.horizon3.ai/the-long-tail-of-log4shell-exploitation/
It’s been more than six months since the Log4Shell vulnerability
(CVE-2021-44228) was disclosed, and a number of post-mortems have come out talking about lessons learned and ways to prevent the next Log4Shell-type event from happening. The reality on the ground though is that the vulnerability is far from dead. For the first six months of this year, NodeZero, our autonomous pentesting tool, has detected and exploited Log4Shell in close to a quarter of the environments it’s run in, and that rate has held steady month over month. This is consistent with the recent CISA advisory sounding the alarm that threat actors are continuing to exploit VMWare Horizon servers using Log4Shell.
Tomi Engdahl says:
Why Threat Analysis Will Continue to Play a Vital Role in Security https://securityintelligence.com/posts/threat-analysis-vital-role-security/
Today, the cybersecurity industry faces many challenges. Highly skilled attackers, a daily flood of data full of irrelevant information and false alarms across multiple systems come in amid a severe shortage of skilled workers. In this industry, performing detailed threat analysis with the data you already have will help protect your business. For that, you need threat analysts. These are dedicated specialists within a security team responsible for identifying and assessing security threats. They have high levels of technical, analytical and communication skills. They often conduct specialized investigations and write high-level technical reports. The threat analyst is a highly skilled role that requires a lot of attention and dedication to ongoing learning and improvement. How can threat analysts make a difference?
Tomi Engdahl says:
HR on guard for cybersecurity
https://www.kaspersky.com/blog/hr-on-guard-for-cybersecurity/44863/
Did you know you need to enlist the help of a Human Resources expert to successfully combat cyberthreats? Is that a surprise? It shouldn’t be. Sure, there are technical experts who are responsible for cybersecurity on the server, computer and software levels. But the company’s security cannot be ensured by technical measures alone; organizational ones are also needed. In particular, someone needs to train employees to recognize cybercriminals’ tricks and to counter them. This is where the experience and skills of HR specialists can come in handy.
Tomi Engdahl says:
Microsoft Releases Open Source Toolkit for Generating SBOMs: Redmond’s Salus tool works across platforms including Windows, Linux, and Mac to generate SBOMs based on the SPDX specification. Read More
https://www.securityweek.com/microsoft-releases-open-source-toolkit-generating-sboms
Software giant Microsoft has open-sourced its internal tool for generating SBOMs (software bill of materials) as part of a move to help organizations be more transparent about supply chain relationships between components used when building a software product.
The tool, called Salus, works across platforms including Windows, Linux, and Mac to generate SBOMs based on the SPDX specification, Redmond said in a note announcing the toolkit release.
Redmond’s decision to open source the Salus tool is directly linked to the U.S. government’s push for mandatory SBOMs to provide software transparency in the face of supply chain attacks.
https://github.com/microsoft/sbom-tool
Tomi Engdahl says:
10, 000 organisations targeted by phishing attack that bypasses multi-factor authentication https://www.tripwire.com/state-of-security/featured/10000-organisations-targeted-by-phishing-attack-that-bypasses-multi-factor-authentication/
Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication
(MFA) defences. The attackers used AiTM (Attacker-in-The-Middle) reverse-proxy sites to pose as Office 365 login pages which requested MFA codes, and then use them to log into the genuine site. Alkup.
https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/
Tomi Engdahl says:
Do top websites collect typed data even if never submitted?
https://www.pandasecurity.com/en/mediacenter/mobile-news/websites-collect-data/
A paper developed by researchers from multiple European universities uncovered that some of the most popular websites collect data you type in online forms, even if you don’t hit the submit button. Some websites collect partial data, but others store literally everything you type in sections such as contact us, comment, ‘ etc. Most users would think that if they do not hit that submit button, they will not be giving away the info they’ve typed, but the paper developed by the EU cyber researchers appears to prove that on many occasions, the data entered ends up linked to you. Logging such information is very similar to what malicious key-logger programs do. Some sites log just keystrokes, but others log all the typed information from all fields when a user moves to the next part of the form. The researchers looked predominantly at EU and US-based websites, and the results of data-collecting sites in North America were shockingly higher when compared to the numbers from the EU.
Tomi Engdahl says:
Experts concerned about ransomware groups creating searchable databases of victim data https://therecord.media/experts-concerned-about-ransomware-groups-creating-searchable-databases-of-victim-data/
Several ransomware gangs and extortion groups are creating searchable databases of information stolen during attacks, according to several cybersecurity experts. Ransomware groups have long extorted organizations with the threat of data leaks, but often leave the stolen data on leak sites buried on the dark web. Over the last month, ransomware groups AlphV and LockBit have debuted features on their leak sites that allow anyone to search through troves of data by company name or other signifiers. ALPHV ransomware group (alternatively referred to as BlackCat ransomware group) put out a message today to its affiliates. In summary: they are creating a searchable database of individuals and/or companies who do not pay.
https://pic.twitter.com/p1KWyr7e8j
Tomi Engdahl says:
Journalists Emerge as Favored Attack Target for APTs https://threatpost.com/journalists-target-apts/180224/
Since 2021, various state-aligned threat groups have turned up their targeting of journalists to siphon data and credentials
Tomi Engdahl says:
Security for the Atomized Network
A White Paper
https://content.netography.com/atomized-network-security-whitepaper
We are facing an entirely different model of networking and computing, where applications and data are scattered across a complex environment consisting of multi-cloud, on-premise, and legacy infrastructure, being accessed by increasingly mobile and remote workers.
We call this the Atomized Network and it is increasingly difficult to secure.
In this white paper, we closely examine the Atomized Network, why it is difficult to defend, the limitations of the most prevalent solutions, and the new paradigm needed to secure it.
Tomi Engdahl says:
https://www.securityweek.com/pendulum-effect-and-security-automation
Tomi Engdahl says:
As Cybercriminals Recycle Ransomware, They’re Getting Faster
https://www.securityweek.com/cybercriminals-recycle-ransomware-theyre-getting-faster
Tomi Engdahl says:
Is an Infrastructure War on the Horizon?
https://www.securityweek.com/infrastructure-war-horizon
On February 24, Russia launched its full-scale assault on Ukraine. The invader’s weapons included tanks, heavy artillery… and software. On April 8, attackers armed with Industroyer2, a species of malware designed to incapacitate power stations and plunge whole cities into darkness, managed to briefly penetrate Ukrainian defenses, putting two million homes at risk. The attack was successfully repelled, but it communicated a chilling message to the world: The era of cyberwarfare has begun.
As newscaster Ted Koppel detailed in his 2016 best-seller, Lights Out, America’s infrastructure is all too vulnerable. Since then, things have only gotten worse. According to a recent IBM report, the manufacturing sector is now the number one target for ransomware, accounting for 23 percent of all attacks. The top vectors for these attacks were vulnerabilities that organizations hadn’t or couldn’t patch (47%) and, no surprise, phishing (43%).
The typical targets of attack within a manufacturing organization are the Industrial Control Systems (ICS), which control the operation of everything from turbines and values to robotic welding stations. Because an ICS manages physical machinery, successful exploits by bad actors can have extremely serious consequences, including enormous economic damage and even loss of human life. And because the same types of systems manage municipal water supplies and regional power generation, the potential for a real catastrophe exists. The problem of defending critical infrastructure has both technical and governmental aspects.
Tomi Engdahl says:
https://www.securityweek.com/cyber-physical-security-benchmarking-advance-your-journey
Tomi Engdahl says:
Nato-jäsenyys avaa uusia ovia suomalaisille kyberosaajille
https://www.tivi.fi/uutiset/tv/5365a0b8-358c-4b0a-9ce3-e3d628518109
Nato-jäsenyyden myötä suomalaiselle yrityskentälle avautuu uusia mahdollisuuksia niin Yhdysvalloissa kuin muissa puolustusliiton maissa. Washingtonista on viime kuukausina kantautunut viestiä ennennäkemättömästi virinneestä kiinnostuksesta Suomea kohtaan. Nato myös uudisti kesäkuussa strategisen konseptinsa, mikä parantaa entisestään suomalaisfirmojen näkymiä markkinoilla, arvioi Aalto-yliopiston kyberturvallisuuden työelämäprofessori, sotatieteiden tohtori Jarno Limnéll. Hän toimii myös Innofactorin kyberturvallisuuspalveluiden johtajana.
Tomi Engdahl says:
NISTs Post-Quantum Cryptography Standards https://www.schneier.com/blog/archives/2022/08/nists-post-quantum-cryptography-standards.html
Quantum computing is a completely new paradigm for computers. A quantum computer uses quantum properties such as superposition, which allows a qubit (a quantum bit) to be neither 0 nor 1, but something much more complicated. In theory, such a computer can solve problems too complex for conventional computers. Current quantum computers are still toy prototypes, and the engineering advances required to build a functionally useful quantum computer are somewhere between a few years away and impossible. Even so, we already know that that such a computer could potentially factor large numbers and compute discrete logs, and break the RSA and Diffie-Hellman public-key algorithms in all of the useful key sizes.
Tomi Engdahl says:
Phishers Swim Around 2FA in Coinbase Account Heists https://threatpost.com/phishers-2fa-coinbase/180356/
Threat actors are making their way around two-factor authentication
(2FA) and using other clever evasion tactics in a recently observed phishing campaign aimed at taking over Coinbase accounts to defraud users of their crypto balances. Attackers are using emails that spoofed the popular cryptocurrency exchange to trick users into logging into their accounts so they could gain access to them and steal victim funds, researchers from PIXM Software have found
Tomi Engdahl says:
North Korean hackers target crypto experts with fake Coinbase job offers https://www.bleepingcomputer.com/news/security/north-korean-hackers-target-crypto-experts-with-fake-coinbase-job-offers/
A new social engineering campaign by the notorious North Korean Lazarus hacking group has been discovered, with the hackers impersonating Coinbase to target employees in the fintech industry. A common tactic the hacking group uses is to approach targets over LinkedIn to present a job offer and hold a preliminary discussion as part of a social engineering attack. According to Hossein Jazi, a security researcher at Malwarebytes who has been following Lazarus activity closely since February 2022, the threat actors are now pretending to be from Coinbase, targeting candidates suitable for the role of “Engineering Manager, Product Security.”
Tomi Engdahl says:
Everything CISOs Need to Know About NIST https://securityintelligence.com/articles/everything-cisos-know-nist/
Its never been harder to be a chief information security officer (CISO). In 2021, there were 50% more attacks each week compared to 2020. Without a plan, maintaining a robust security posture is an uphill struggle. Thankfully, the National Institute of Standards and Technology (NIST) offers CISOs the guidance they need. Read on to learn more about NIST, why it matters and how it can help your company protect against cybersecurity threats.
Tomi Engdahl says:
JSON All the Logs!
https://isc.sans.edu/diary/JSON+All+the+Logs%21/28920
My recent obsession has been creating all of my logs in JSON format.
The reasons for that are pretty simple: I like to log with Elasticsearch, so creating JSON formatted logs makes working with Elasticsearch easier. Command line tools like ‘jq’ make parsing JSON logs on the command line simpler than “good old” standard Syslog format and a string of ‘cut,’ ‘sed,’ and ‘awk’ commands. Before going into examples, first a few caveats when it comes to creating JSON logs.
Tomi Engdahl says:
Kyberrikos yllättää netissä varovaisenkin
https://www.kauppalehti.fi/uutiset/kyberrikos-yllattaa-netissa-varovaisenkin/f8c50b44-839f-4eab-9b2b-5206e77c4c93
Kevään ja kesän aikana on kuhistu kyberhyökkäyksistä. Elintärkeään infrastruktuuriin kohdistuvia hyökkäyksiä pelätään, mutta samalla niihin varautumista on parannettu. Yksityishenkilön paikka tietoturvamaailmassa on kuitenkin vielä epäselvä, vaikka rikosriski on kasvanut merkittävästi. Kuluttajaliiton arvion mukaan suomalaiset ovat menettäneet nettihuijauksissa vuonna 2021 yhteensä 47 miljoonaa euroa.
Huijaukset ja kalasteluyritykset ovat kehittyneet, ja sama pätee kyberhyökkäyksiin. On inhimillistä tuudittautua ajatukseen, että kyberhyökkäykset eivät osu omalle kohdalle. Onhan Vastaamonkin laajasta tietomurrosta vierähtänyt jo tovi.
Tomi Engdahl says:
How Hash-Based Safe Browsing Works in Google Chrome https://security.googleblog.com/2022/08/how-hash-based-safe-browsing-works-in.html
There are various threats a user faces when browsing the web. Users may be tricked into sharing sensitive information like their passwords with a misleading or fake website, also called phishing. They may also be led into installing malicious software on their machines, called malware, which can collect personal data and also hold it for ransom.
Google Chrome, henceforth called Chrome, enables its users to protect themselves from such threats on the internet. When Chrome users browse the web with Safe Browsing protections, Chrome uses the Safe Browsing service from Google to identify and ward off various threats.
Tomi Engdahl says:
Government Data Requests Rise Globally
https://www.forbes.com/sites/emmawoollacott/2022/08/08/government-data-requests-rise-globally/
Global surveillance is increasing, with governments requesting almost
40 per cent more user data from Apple, Google, Facebook, and Microsoft during 2020 than in the year before. According to a report from privacy firm Surfshark, the US topped the list, with nearly two million user accounts affected since 2013 and 469,000 in 2020 alone.
This represents a little over 585 accounts per 100,000 population.
Second on the list was Germany, with 489 requests per 100,000, followed by the UK, with 486. Singapore and France round out the top five.
Tomi Engdahl says:
16-31 July 2022 Cyber Attacks Timeline
https://www.hackmageddon.com/2022/08/09/16-31-july-2022-cyber-attacks-timeline/
The second cyber attacks timeline of July 2022 confirms the sustained level of activity. In this fortnight I have collected 139 entries, once again the higher number in the last three months. Ransomware continues to dominate the threat landscape, characterizing 21 out of
139 events (corresponding to 15.1%, a sharp decrease compared to 25.2%, of the previous timeline). 13 out of 139 events were characterized by the exploitation of vulnerabilities (corresponding to 9.35%, more than the double of 4.58% of the previous fortnight).
Tomi Engdahl says:
Check Point Research: Education sector experiencing more than double monthly attacks, compared to other industries https://blog.checkpoint.com/2022/08/09/check-point-research-education-sector-experiencing-more-than-double-monthly-attacks-compared-to-other-industries/
Check Point Research (CPR) recently published its Cyber Attack Trends:
2022 Mid-Year Report which reported that similar to 2021s top industry ranking, the first half of 2022 displays significant rises in attacks across all sectors. Topping them all, Education and Research still leads as the most targeted industry, with an average of 2,297 attacks against organizations every week in the 1H of 2022, showing a 44% increase compared to the 1H of 2021.In todays report, we shed some more insights to that sector, and present indepth though alarming numbers.
Tomi Engdahl says:
Implementing the Castryck-Decru SIDH Key Recovery Attack in SageMath https://research.nccgroup.com/2022/08/08/implementing-the-castryck-decru-sidh-key-recovery-attack-in-sagemath/
Last weekend (July 30th) a truly incredible piece of mathematical/cryptanalysis research was put onto eprint. Wouter Castryck and Thomas Decru of KU Leuven published a paper An efficient key recovery attack on SIDH (preliminary version) describing a new attack on the Supersingular Isogeny Diffie-Hellman (SIDH) protocol together with a corresponding proof-of-concept implementation. SIDH is at the core of the Post-Quantum key encapsulation mechanism SIKE, which was expected to continue to round four of the NIST Post-Quantum Project for consideration of standardisation. The paper says that their proof of concept code can break the proposed NIST level 1 parameters (supposedly approximating security on-par with AES-128) in an hour of single core computation, and the strongest parameter set in less than 24 hours.
Tomi Engdahl says:
Oil and Gas Cybersecurity: Industry Overview Part 1 https://www.trendmicro.com/en_us/research/22/h/oil-gas-cybersecurity-part-1.html
The oil and gas industry is no stranger to major cybersecurity attacks, attempting to disrupt operations and services. Most of the best understood attacks against the oil industry are initial attempts to break into the corporate networks of oil companies. Geopolitical tensions can cause major changes not only in physical space, but also in cyberspace. In March 2022, our researchers observed several alleged cyberattacks perpetrated by different groups. It has now become important more than ever to identify potential threats that may disrupt oil and gas companies, especially in these times when tensions are high.
Tomi Engdahl says:
GitHub Moves to Guard Open Source Against Supply Chain Attacks https://www.wired.com/story/github-code-signing-sigstore/
FOLLOWING THE 2020 SolarWinds cyberespionage campaign, in which Russian hackers slipped tainted updates into a widely used IT management platform, a series of further software supply chain attacks continues to highlight the urgent need to lock down software chains of custody. And the issue is particularly pressing in open source, where projects are inherently decentralized and often ad hoc endeavors.
After a series of worrying compromises to widely downloaded JavaScript software packages from the prominent npm registry, which is owned by GitHub, the company laid out a plan this week to offer expanded defenses for open source security.
Tomi Engdahl says:
Dragos Industrial Ransomware Analysis: Q2 2022 https://www.dragos.com/blog/dragos-industrial-ransomware-analysis-q2-2022/
Not surprisingly, ransomware groups continued to target industrial organizations and infrastructures and disrupt operational technology
(OT) operations in the second quarter of 2022. Even though the number of reported ransomware incidents is slightly less than the numbers we reported in the last quarter, the impact of those attacks remains significant to the targeted industrial organizations, dependent sectors, and their subsidiaries. Even in instances where OT is not the intended target, ransomware attacks on enterprise IT where OT is present can negatively impact OT operations.
Tomi Engdahl says:
Understanding XDR Security: Concepts, Features & Use Cases
https://www.cynet.com/xdr-security/understanding-xdr-security-concepts-features-and-use-cases&utm_source=securityweek&utm_medium=newsletter
What is XDR?
XDR is designed to help security teams:
Identify threats that are highly sophisticated or hidden
Track threats across multiple system components
Improve detection and response speed
Investigate threats more effectively and efficiently
XDR was developed as an alternative to point security solutions which were limited to only one security layer, or could only perform event correlation without response. It is the evolution of solutions like endpoint detection and response (EDR) and network traffic analysis (NTA).
While still useful, these layer-specific tools tend to generate greater volumes of alerts, require more time to investigate and respond to events, and require more maintenance and management. In contrast, XDR consolidates tooling and enables security teams to work more effectively and efficiently.
Tomi Engdahl says:
2022 CISO Survey of Small Security Teams
https://go.cynet.com/2022_ciso_survey?utm_source=securityweek&utm_medium=newsletter
Cynet’s 2022 survey analyzes the responses from 200 CISOs of small security teams to understand how they’re making budget, security technology, and strategy decisions as they plan for the year ahead.
Tomi Engdahl says:
Why Constant-Time Crypto?
https://www.bearssl.org/constanttime.html
In 1996, Paul Kocher published a novel attack on RSA, specifically on RSA implementations, that extracted information on the private key by simply measuring the time taken by the private key operation on various inputs. It took a few years for people to accept the idea that such attacks were practical and could be enacted remotely on, for instance, an SSL server; see this article from Boneh and Brumley in 2003, who conclude that:
Our results demonstrate that timing attacks against network servers are practical and therefore all security systems should defend against them.
Tomi Engdahl says:
Microsoft Publishes Office Symbols to Improve Bug Hunting
https://www.securityweek.com/microsoft-publishes-office-symbols-improve-bug-hunting
Microsoft Office has started publishing Office symbols for Windows in an effort to help bug hunters find and report security issues.
Symbols are pieces of information used during debugging, and are contained within Symbol files, which are created by the compiler during application build.
Some of these symbols are called ‘public symbols’. They contain basic information, such as function names and global variables, and are used in all forms of debugging. Symbol files that contain only public symbols are called ‘stripped symbol files’.
Starting August 9, Microsoft Office is publishing stripped symbol files via the Microsoft Public Symbol Server, to provide security researchers with additional information when hunting for bugs in Office products, and to help them create more detailed reports.
“Symbols empower customers and partners to better understand and potentially diagnose issues they’re encountering. They also open the door for the development of more advanced performance tools and insights,” Microsoft says.
https://msrc-blog.microsoft.com/2022/08/08/microsoft-office-to-publish-symbols-starting-august-2022/
Tomi Engdahl says:
The Ever-Increasing Issue of Cyber Threats – and the Zero Trust Answer
https://www.securityweek.com/ever-increasing-issue-cyber-threats-and-zero-trust-answer
The benefits of ZTNA make it hard to ignore
Ensuring that the right people have access to the proper resources when they need them whilst maintaining security and access controls across multiple data centers and cloud environments is one of the biggest technical challenges any organization faces.
Having too much security can slow business and create disgruntled employees who may look for ways to circumvent processes and make their job simpler. What they fail to realize is that unsanctioned solutions, which are not managed by the security team, increase risk, and can make it easier for an accidental breach to occur.
The world is hyper-connected. People have expectations of gaining instant access – safely and securely. However, we also live in a changing world – events of the last two years have proven this beyond doubt. With IT constantly moving, security needs to adapt and evolve whilst keeping ahead of current trends.
Tomi Engdahl says:
The Ever-Increasing Issue of Cyber Threats – and the Zero Trust Answer
https://www.securityweek.com/ever-increasing-issue-cyber-threats-and-zero-trust-answer
The benefits of ZTNA make it hard to ignore
Ensuring that the right people have access to the proper resources when they need them whilst maintaining security and access controls across multiple data centers and cloud environments is one of the biggest technical challenges any organization faces.
Having too much security can slow business and create disgruntled employees who may look for ways to circumvent processes and make their job simpler. What they fail to realize is that unsanctioned solutions, which are not managed by the security team, increase risk, and can make it easier for an accidental breach to occur.
The world is hyper-connected. People have expectations of gaining instant access – safely and securely. However, we also live in a changing world – events of the last two years have proven this beyond doubt. With IT constantly moving, security needs to adapt and evolve whilst keeping ahead of current trends.
This framework may sound complicated, but ZTNA has many benefits and can simplify or remove many challenges with managing security. Let’s take a deeper dive into the benefits of ZTNA:
• User management is simplified and clarified as accounts are not seen as internal, remote or external, but just as accounts all treated the same. Management is more straightforward, and users get equal treatment wherever they are located.
• Layered security using identity, location, device information and factored authentication guarantees that your security posture is always dialled up to the strongest setting, wherever the environment.
• Because ZTNA assumes a ‘trust no-one, assume nothing’ approach, anyone accessing the network will only see resources and applications through a lens of their direct access privileges. A benefit of this is that, should an attacker gain access to the network, their visibility will be hampered. Getting deeper into the system will be more difficult by the repeated need to check security, check device configuration and re-authenticate the user account.
• Visibility and control are improved as resources are treated equally, the security team has visibility of everything from office applications to every cloud platform in use and spinning up shadow-IT or rogue systems is not possible because these un-managed systems will not be able to inherit system access and users will be unable to authenticate.
• Most importantly, ZTNA should be transparent to users, with agent-based management to gather essential information on users and devices, which is then used to provide seamless network access to applications and resources that users legitimately need to access.
Tomi Engdahl says:
The Secret to Automation? Eat the Elephant in Chunks.
https://www.securityweek.com/secret-automation-eat-elephant-chunks
The goal of security automation is to accelerate detection and response, but you’ll waste a lot of time if you try to eat the elephant all at once
One of my favorite phrases when strategizing how to approach a daunting challenge is “eat the elephant in chunks.” Whether you’re talking about running a marathon, going after that big promotion or saving for the future, the most effective and efficient way to achieve a larger goal is by breaking it down into smaller, discrete pieces. The approach is also highly applicable when talking about security automation.
Security orchestration, automation and response (SOAR) platforms that focus on automating processes are a great example. Organizations were drawn to the promise of SOAR to improve the throughput of analyst work by automatically running a playbook in reaction to an incident or issue without the need for human intervention. SOAR was an important step forward and off to a great start. But over time, organizations started to see the pitfalls of trying to eat the entire elephant all at once instead of in chunks. Here’s what I mean.
To run SOAR playbooks, you need to define and document a complex decision tree and then manage and maintain long, unwieldy processes. Engineering work is required to customize playbooks and standardize implementation. Playbooks are executed the same way over and over again, with no regard to the relevance or priority of data being processed. Decision-making criteria and logic are built into the playbooks, so it isn’t possible to adapt with agility to changes in the threat landscape and the environment. Playbooks need to be updated manually—pulling results and new learnings from reports and other sources—which becomes even more difficult and time consuming if the person who created the playbook is no longer with the organization.
Clearly, approaching security automation by trying to eat the entire elephant all at once isn’t effective or efficient. But what happens if, instead, you tackle automation from the standpoint of atomic-level actions (or chunks) that are data-driven and executed directly or from a simple playbook?
Tomi Engdahl says:
Securing Smart Cities from the Ground Up
https://www.securityweek.com/securing-smart-cities-ground
Smart City network infrastructure demands a proactive approach to find vulnerabilities before hackers find them
Smart technology continues to change how people live and interact with the cities around them. While the full value of a connected city evolves – one that leverages innovations powered by artificial intelligence and machine learning – cybersecurity stands as one of its greatest challenges.
The Smart City Conundrum
While the promise of Smart Cities provides municipalities and inhabitants with the efficiency and value of “smart” services, it also creates a cybersecurity challenge. Each connected component – from devices to the network infrastructure – offers a potential entry point for hackers to steal data, damage systems, and gain access to information they shouldn’t have.
Smart City ecosystems could be filled with tens of thousands of Internet of Things (IoT) devices communicating over public network infrastructure. In order for the Smart City to succeed, each IoT device must be low power, exhibit excellent performance, be able to withstand interference, and be reliable. They’ll operate with the free flow of data between devices and the network infrastructure that connects them. How do Smart Cities ensure that each part of the Smart City ecosystem – the devices and network infrastructure — remains secure?’
Tomi Engdahl says:
Books You Should Read: The Hardware Hacker’s Handbook
https://hackaday.com/2022/08/05/books-you-should-read-the-hardware-hackers-handbook/
Today, I’d like to highlight one of the most complete introductions to hardware hacking I’ve seen so far – from overall principles to technical details, spanning all levels of complexity, uniting theory and practice. This is The Hardware Hacking Handbook, by Jasper van Woudenberg and Colin O’Flynn. Across four hundred pages, you will find as complete of an introduction to subverting hardware as there is. None of the nuances are considered to be self-evident; instead, this book works to fill any gaps you might have, finding words to explain every relevant concept on levels from high to low.
Apart from the overall hardware hacking principles and examples, this book focuses on the areas of fault injection and power analysis – underappreciated areas of hardware security that you’d stand to learn, given that these two practices give you superpowers when it comes to taking control of hardware. It makes sense, since these areas are the focus of [Colin]’s and [Jasper]’s research, and they’re able to provide you something you wouldn’t learn elsewhere. You’d do well with a ChipWhisperer in hand if you wanted to repeat some of the things this book shows, but it’s not a requirement. For a start, the book’s theory of hardware hacking is something you would benefit from either way.
https://nostarch.com/hardwarehacking
Tomi Engdahl says:
Here’s How The Precursor Protects Your Privacy
https://hackaday.com/2022/08/06/heres-how-the-precursor-protects-your-privacy/
At the heart of it is an FPGA, and Precursor’s CPU is created out of the gates of that FPGA. This and a myriad of other design decisions make the Precursor fundamentally hard to backdoor, and you don’t have to take [bunnie]’s word for it — he’s made an entire video going through the architecture, boot protections and guarantees of the Precursor, teaching us what goes into a secure device that’s also practical to use.
Tomi Engdahl says:
ESP32 Powers Covert Pentesting Device
https://hackaday.com/2022/08/05/esp32-powers-covert-pentesting-device/
Looking to expand their hardware design experience, [mentalburden] recently put together a low-cost handheld gadget that can be used for various security-related tasks such as logging WiFi traffic, operating as a dead drop, and performing deauthentication attacks.
The custom PCB plays host to the essentials — an ESP32-S microcontroller, AMS1117 3.3 V regulator, a SSD1306 OLED, and a couple of buttons. This lets the user navigate through a simple menu system and select whatever function they wish to enable. During testing, a pair of 18650 cells kept the electronics running for an impressive 22 hours.
A second version of the PCB fixed a few bodges that were required to get the original prototype working, and given how energy efficient the hardware ended up being, [mentalburden] decided to drop the power supply down to a single 18650 for a total runtime of around 15 hours. A 3D printed case and some silicone buttons, produced with a simple clay mold, completed the package.
DropThrowie: Your WiFi Friend
https://mentalburden.medium.com/dropthrowie-your-wifi-friend-5284dabceeaf
The goal of this portfolio project was to build a device that can be surreptitiously placed to provide targeted and timed deauth of WiFi networks, ephemeral WiFi dead drop capabilities, and zero-log WiFi chat services. This device needed to be able to run for a minimum of 12 hours and have an extremely simple user interface. I wanted to include silicone squishy buttons and build the case so it can be attached to a fishing line for tree and rooftop deployment. I also wanted to ensure the device could be built for less than $10usd. It took 2 months to go from sketch to MVP and I learned a ton along the way.
Tomi Engdahl says:
MOBSFscan – To Find Insecure Code in Android and iOS
https://hackersonlineclub.com/mobsfscan-tfind-insecure-code-in-android-and-ios/
mobsfscan is a static analysis software that can find insecure code patterns in your Android and iOS source code. Supports Java, Kotlin, Swift, and Objective C Code. mobsfscan uses MobSF static analysis rules and is powered by semgrep and libsast pattern matcher.
Tomi Engdahl says:
DNS settings to avoid email spoofing and phishing for unused domain
https://www.cyberciti.biz/security/dns-settings-to-avoid-email-spoofing-and-phishing-for-unused-domain/
Tomi Engdahl says:
https://digitalinvestigator.blogspot.com/2022/08/windows-pe-forensics-section-table-and.html
Tomi Engdahl says:
Is Standardization Required For Security?
https://semiengineering.com/is-standardization-required-for-security/
Why and how the semiconductor ecosystem needs to come together on security.
SE: Security is a hot topic. Where does the industry stand on chip and system security today?
Fern: The biggest thing about approaching security is that there’s always going to be a tradeoff. There’s always intense time-to-market pressure. Most teams have a fixed budget they can spend on security. It’s just what it is. They have to work with what they’ve got, and the direction that companies should be taking with respect to security strategies is figuring out how to spend that budget in the wisest way possible. That begins with the process of threat modeling. Ultimately, there’s no silver bullet or single solution or single tool or single methodology that will magically solve security for everyone all the time. You know your design the best, you know your market the best, and you just have to put in the effort of doing threat modeling and figuring out where you are with respect to security, where you want to be, what resources you have to work with, and how to best use those.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-gets-better-security-defaults-on-less-popular-sites/
Tomi Engdahl says:
How a Crypto Developer Faked a DeFi Ecosystem
https://slashdot.org/story/22/08/05/1723258/how-a-crypto-developer-faked-a-defi-ecosystem
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/thousands-of-hackers-flock-to-dark-utilities-c2-as-a-service/
Tomi Engdahl says:
Cybersecurity agencies reveal last year’s top malware strains
https://www.bleepingcomputer.com/news/security/cybersecurity-agencies-reveal-last-year-s-top-malware-strains/