Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
Jared Newman / Fast Company:
1Password unveils “passkey” support for secure user logins to apps, and says it will work across platforms, including iOS and Android, coming in early 2023
1Password wants to ditch passwords without locking you in to one platform
Here’s a passwordless system that won’t lock you into one company’s computing platform forever.
https://www.fastcompany.com/90812818/1password-wants-to-ditch-passwords-without-locking-you-in-to-one-platform
When Apple and Google announced their passwordless login systems earlier this year, they glossed over one major problem: By relying on either company to eliminate passwords, you’re effectively locking yourself into their respective platforms.
Now 1Password is coming out with a different approach that lets you ditch passwords without pledging allegiance to any particular tech giant. The company’s passwordless system, which replaces traditional passwords with simpler and more secure “passkeys,” is launching early next year, and it’ll work across iOS, Android, Windows, Mac, Chrome OS, and Linux. 1Password users can check out a live demo.
1Password is also announcing that its chief experience officer, Matt Davey, has joined the board of the FIDO (Fast Identity Online) Alliance, the industry standards group that’s pushing passwordless logins in tandem with the tech giants. With a seat at the table, 1Password wants to make sure that security doesn’t just become another form of lock-in.
Tomi Engdahl says:
Jared Newman / Fast Company:
1Password unveils “passkey” support for secure user logins to apps, and says it will work across platforms, including iOS and Android, coming in early 2023
1Password wants to ditch passwords without locking you in to one platform
Here’s a passwordless system that won’t lock you into one company’s computing platform forever.
https://www.fastcompany.com/90812818/1password-wants-to-ditch-passwords-without-locking-you-in-to-one-platform
When Apple and Google announced their passwordless login systems earlier this year, they glossed over one major problem: By relying on either company to eliminate passwords, you’re effectively locking yourself into their respective platforms.
Now 1Password is coming out with a different approach that lets you ditch passwords without pledging allegiance to any particular tech giant. The company’s passwordless system, which replaces traditional passwords with simpler and more secure “passkeys,” is launching early next year, and it’ll work across iOS, Android, Windows, Mac, Chrome OS, and Linux. 1Password users can check out a live demo.
1Password is also announcing that its chief experience officer, Matt Davey, has joined the board of the FIDO (Fast Identity Online) Alliance, the industry standards group that’s pushing passwordless logins in tandem with the tech giants. With a seat at the table, 1Password wants to make sure that security doesn’t just become another form of lock-in.
Tomi Engdahl says:
Mikko Hyppönen: Tietoturvatilanne ei ole koskaan ollut parempi kuin nyt
https://www.tivi.fi/uutiset/tv/eac3adc5-1f2c-4899-92aa-905a407a83f4
JÄRJESTELMIEN TEKNINEN TURVATASO on Hyppösen mukaan huomattavasti parempi kuin 510 vuotta sitten. Myös käyttöjärjestelmät ovat turvallisempia kuin koskaan ja iPhonen kaltaisten suljettujen laitteiden käyttäminen on lisääntynyt. Tietojen siirtäminen pilveen tuo mukanaan Amazonin ja Googlen tietojen suojaamiseen käyttämät miljoonabudjetit. Hyppösen mukaan tietoturva parantuu teknisesti katsoen koko ajan. Myös
https://www.tivi.fi/uutiset/tv/60f8f77e-9973-457b-95ce-a029aa999bd0
“Mikko Hyppönen antaa ohjeen kriisitilanteisiin: Tärkeintä on se, että kerrotaan totuus””
Tomi Engdahl says:
Onko älykotisi turvallinen?
https://www.tivi.fi/uutiset/tv/538836ba-b7d3-4f48-8c12-2a02d383340f
Regulaatiolla voitaisiin pyrkiä määräämään, että kun älylaitteita otetaan käyttöön, hallintasovelluksen on ohjattava käyttäjää asettamaan niihin salasana. Tämä voisi usein hoitua automaattisestikin. Oletusarvon tulisi olla, että uudet laitteet suojataan aina. Käyttäjän pitäisi sitten erikseen poistaa salasana käytöstä, jos todella niin haluaa.
Tomi Engdahl says:
Ransomware incidents now make up majority of British governments crisis management COBRA meetings https://therecord.media/ransomware-incidents-now-make-up-majority-of-british-governments-crisis-management-cobra-meetings/
Ransomware incidents in the United Kingdom are now so impactful that the majority of the British governments recent crisis management COBRA meetings have been convened in response to them rather than other emergencies.
Tomi Engdahl says:
DHS Secretary: Cyberattacks are the most significant threat to port infrastructure https://therecord.media/dhs-secretary-cyberattacks-are-the-most-significant-threat-to-port-infrastructure/
One of the concerns that we have is the cybersecurity threat to ports.
We are increasing the level of technology by which our ports operate and that is why not only Customs and Border Protection have a focus on cybersecurity but so does the United States Coast Guard, Mayorkas said.
Tomi Engdahl says:
Transportation sector targeted by both ransomware and APTs https://www.helpnetsecurity.com/2022/11/18/cybersecurity-trends-q3-2022/
US ransomware activity leads the pack: In the US alone, ransomware activity increased 100% quarter over quarter in transportation and shipping. Globally, transportation was the second most active sector (following telecom). APTs were also detected in transportation more than in any other sector.
Tomi Engdahl says:
Ukraine’s ‘IT Army’ Stops 1,300 Cyberattacks in 8 Months of War https://www.darkreading.com/endpoint/ukraine-it-army-stops-1300-cyberattacks-war
Zelensky noted that Ukraine’s “IT army,” made up of talent pooled from companies across the country, has successfully stopped more than 1,300 Russian cyberattacks over the past eight months of the Russian invasion. That experience, he said, offers lessons for protecting civilian populations from the kinds of brutal cyberattacks that have been leveled against his country as part of Russia’s invasion.
Tomi Engdahl says:
Shocker: EV charging infrastructure is seriously insecure https://www.theregister.com/2022/11/15/ev_charging_infrastructure_sandia/
“Can the grid be affected by electric vehicle charging equipment?
Absolutely,” said Sandia’s Brian Wright, a cybersecurity expert who worked on the project. “It is within the realm of what bad guys could and would do in the next 10 to 15 years. That’s why we need to get ahead of the curve in solving these issues,” Wright said.
Tomi Engdahl says:
Kasinomainokset voivat täyttää puhelimen operaattoreilla niukasti keinoja puuttua roskapostiin https://www.hs.fi/kotimaa/art-2000009212700.html
PUHELIMEEN luvatta tulevat mainostekstiviestit ovat monelle sinnikäs riesa, johon operaattorit eivät useinkaan pysty puuttumaan. Kun viestejä lähetetään ilman vastaanottajan suostumusta tai jopa markkinointikielloista piittaamatta, voidaan puhua laittomasta roskapostista.
Tomi Engdahl says:
IT threat evolution Q3 2022
https://securelist.com/it-threat-evolution-q3-2022/107957/
[Kaspersky Q3 roundup]
Tomi Engdahl says:
Google looking outside the usual channels to fix security skills gap https://www.theregister.com/2022/11/20/google_cisco_diversity_inclusion/
Instead of waiting for workers to find the industry, “you gotta go where the diverse talent is, and make them aware there’s an opportunity available to them,” [MK Palmore] said. “When I say go where they are, I’m talking about college-level folks who are women and underrepresented minorities who maybe he would have never considered a career in cybersecurity. I’m talking about mid-career transitioning folks who are looking for a new opportunity in an industry that represents growth and is going to be around for a significant number of years. That is cybersecurity.”
Tomi Engdahl says:
US Gov Issues Software Supply Chain Security Guidance for Customers
https://www.securityweek.com/us-gov-issues-software-supply-chain-security-guidance-customers
The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI) this week released the last part of a three-part joint guidance on securing the software supply chain.
The guidance was created by the Enduring Security Framework (ESF), a cross-sector working group focused on mitigating risks to critical infrastructure and national security, and provides recommendations on software supply chain security best practices to developers, suppliers, and organizations.
The first part of the series offers recommendations for software developers, while the second part is aimed at software suppliers. The third part is aimed at the software customer, representing the organizations that purchase, deploy, and maintain software within their environments.
https://www.securityweek.com/us-gov-issues-guidance-developers-secure-software-supply-chain
https://www.securityweek.com/us-gov-issues-supply-chain-security-guidance-software-suppliers
Tomi Engdahl says:
Cyber Resilience: The New Strategy to Cope With Increased Threats
https://www.securityweek.com/cyber-resilience-new-strategy-cope-increased-threats
Tomi Engdahl says:
Google looking outside the usual channels to fix security skills gap
‘If your input continues to be monoculture, you can expect the same outcomes’
https://www.theregister.com/2022/11/20/google_cisco_diversity_inclusion/
Cybersecurity moves fast. New and bigger threats emerge all the time across an ever-expanding attack surface and there’s not enough people to fill vacant jobs.
Because of this, “not every organization is hyper-focused on the subject of diversity and inclusion,” MK Palmore, a director in Google Cloud’s Office of the Chief Information Security Officer, told The Register.
“We as an industry get hung up on looking for folks who have been there, done that, and want talent to jump in and hit the ground running,” he continued. “We need to slow down a bit and widen the optical on what represents new talent to bring into the field.”
This requires investing money and human resources into training folks who don’t come from a traditional infosec background, but Palmore said the payoff is worth it for a couple of reasons.
First, there’s the well-documented worker shortage of about three million people. The security skills gap isn’t going to close unless organizations hire people outside of the existing cybersecurity workforce. “We can’t just keep shipping people from one company to the next,” he said.
Plus, diverse people bring different perspectives and ideas about how to solve problems to the table. The infosec community — still mostly male (76 percent) and mostly white (72 percent) — needs diversity to produce better outcomes, Palmore said.
“If your input continues to be a singular focus or monoculture, or typically comes from the usual circles, you can expect the same outcomes,” he added. “It’s imperative that the cybersecurity industry continues to grow and thrive, and if we don’t understand the importance of diversity, we’re going to continue misfiring instead of making sure that we can get ahead of adversaries.”
To this end, Google Cloud recently partnered with Cyversity, a non-profit that seeks to bring more women and underrepresented minorities into infosec jobs.
‘Go where diverse talent is’
At Google, he spends a lot of his time talking to other organizations’ CISOs. Obviously, cloud security is a frequent topic of discussion. Diversity and inclusion — how to hire and then retain women and minorities — should get equal airtime, Palmore said.
Instead of waiting for workers to find the industry, “you gotta go where the diverse talent is, and make them aware there’s an opportunity available to them,” he said. “When I say go where they are, I’m talking about college-level folks who are women and underrepresented minorities who maybe he would have never considered a career in cybersecurity. I’m talking about mid-career transitioning folks who are looking for a new opportunity in an industry that represents growth and is going to be around for a significant number of years. That is cybersecurity.”
Within the industry, there’s enough “subdomains” that don’t require a background in coding or software development, he added. “Part of the challenge is we just have to do a better job of exposing folks to the opportunity and then subsequently getting them trained.”
Diversity Academy opens its doors
That’s where the Cyversity SANS Diversity Academy comes in. Applicants must be at least 18, not currently employed in a cybersecurity role (other IT jobs are OK) and have residency status in one of three regions: North America, South America or Europe, the Middle East and Africa.
Selected participants will receive a scholarship to attend at least one training course, plus certification, at no expense. Phase one of the six-month program includes vendor training, where applicants receive access to Google Cloud and Palo Alto Networks training. Applicants selected for phase two will attend SANS foundational SEC275 training course and receive GFACT certifications. And finally, those that move on to phase three will take more advanced SANS courses and receive GIAC certifications.
SANS offers several other similar “immersion” academy programs that provide technical training, and claims 90 percent of graduates land new jobs in cybersecurity within six months of completing the programs.
Tomi Engdahl says:
Joka kolmas yritys joutunut tietomurron uhriksi tänä vuonna
https://etn.fi/index.php/13-news/14281-joka-kolmas-yritys-joutunut-tietomurron-uhriksi-taenae-vuonna
Trend Micro julkisti tänään tutkimusyhtiö Ponemon Instituten laatiman Cyber Risk Index (CRI) -tutkimuksen, joka koostaa yhteen havainnot vuoden 2022 ensimmäiseltä puoliskolta. Tutkimuksen mukaan 32 prosenttia kansainvälisistä organisaatioista on joutunut viimeisten 12 kuukauden aikana toistuvasti onnistuneiden verkkohyökkäysten kohteiksi.
Hyökkääjät ovat päässeet käsiksi uhrien asiakastietoihin, mikä kertoo osaltaan karua tarinaa näiden jatkuvasta kamppailusta alati kasvavan hyökkäyspinta-alansa tunnistamisessa ja puolustamisessa. “Onnistuneen” kyberhyökkäyksen kohteiksi joutuneiden kansainvälisten organisaatioiden määrä kasvoi tänä ajanjaksona 84 prosentista 90 prosenttiin. Vähemmän yllättäen ennakko-odotukset tulevan vuoden aikana tapahtuvista onnistuneista hyökkäyksistä ovat kasvaneet 76 prosentista 85 prosenttiin.
Yritysmaailman näkökulmasta suurin huolenaihe on kuilu tietoturvajohtajien ja yritysjohdon välillä. Organisaatiot voivat merkittävästi vähentää haavoittuvuuttaan lisäämällä kyberturvallisuusammattilaisten määrää ja kehittämällä tietoturvaprosessejaan ja -teknologiaansa.
- Et voi suojata sitä, mitä et näe. Etä- ja hybridityöskentelyn myötä alkoi uusi entistä monimutkaisempien, hajautettujen IT-ympäristöjen aikakausi. Sen myötä monet organisaatiot ovat vaikeuksissa, kun ne yrittävät tunnistaa ja tukkia tietoturva-aukkojaan ja näkyvyysongelmiaan, kertoo Trend Micron kyberturva-asiantuntija Kalle Salminen.
Tomi Engdahl says:
Introducing Shufflecake: plausible deniability for multiple hidden filesystems on Linux
https://research.kudelskisecurity.com/2022/11/10/introducing-shufflecake-plausible-deniability-for-multiple-hidden-filesystems-on-linux/
Today we are excited to release Shufflecake, a tool aimed at helping people whose freedom of expression is threatened by repressive authorities or dangerous criminal organizations, in particular: whistleblowers, investigative journalists, and activists for human rights in oppressive regimes. Shufflecake is FLOSS (Free/Libre, Open Source Software). Source code in C is available and released under the GNU General Public License v3.0 or superior.
Shufflecake is originally based on the EPFL M.Sc. Thesis “Hidden Filesystems Design and Improvement” by our former student Elia Anzuoni (under supervision of Dr. Tommaso Gagliardoni and Prof. Edouard Bugnion) during his internship on the Kudelski Security Research Team.
Introduction
Shufflecake is a tool for Linux that allows creation of multiple hidden volumes on a storage device in such a way that it is very difficult, even under forensic inspection, to prove the existence of such volumes. Each volume is encrypted with a different secret key, scrambled across the empty space of an underlying existing storage medium, and indistinguishable from random noise when not decrypted. Even if the presence of the Shufflecake software itself cannot be hidden – and hence the presence of secret volumes is suspected – the number of volumes is also hidden.
https://shufflecake.net/
Tomi Engdahl says:
US offshore oil and gas installation at ‘increasing’ risk of cyberattack https://www.theregister.com/2022/11/21/us_oil_gas_cyber_threats/
The US Government Accountability Office (GAO) has warned that the time to act on securing the US’s offshore oil and natural gas installations is now because they are under “increasing” and “significant risk” of cyberattack. GAO report at https://www.gao.gov/assets/gao-23-105789.pdf
Tomi Engdahl says:
Malware-as-a-service continues to change the economic landscape of cybercrime https://www.sophos.com/en-us/content/security-threat-report
Much as the corporate IT realm has adopted the as-a-service model for an increasing scope of. Report at https://assets.sophos.com/X24WTUEQ/at/b5n9ntjqmbkb8fg5rn25g4fc/sophos-2023-threat-report.pdf
Tomi Engdahl says:
33 Attorneys General Send Letter to FTC on Commercial Surveillance Rules
https://www.securityweek.com/33-attorneys-general-send-letter-ftc-commercial-surveillance-rules
Attorneys general in 33 US states are urging the Federal Trade Commission (FTC) to take into consideration consumer risks as it looks into creating rules to crack down on commercial surveillance.
The FTC announced in August that it wants to take action against commercial online surveillance, in which companies collect and analyze user data in an effort to monetize it.
Companies often track every aspect of a user’s online activities, including their browsing history, the purchases they make, their physical location, and their friend and family networks. This and other data is automatically analyzed and then sold to others to help them boost advertising and sales.
Tomi Engdahl says:
Google Making Cobalt Strike Pentesting Tool Harder to Abuse
https://www.securityweek.com/google-making-cobalt-strike-pentesting-tool-harder-abuse
Google has announced the release of YARA rules and a VirusTotal Collection to help detect Cobalt Strike and disrupt its malicious use.
Released in 2012, Cobalt Strike is a legitimate red teaming tool that consists of a collection of utilities in a JAR file that can emulate real cyberthreats. It uses a server/client approach to provide the attacker with control over infected systems, from a single interface.
Cobalt Strike has evolved into a point-and-click system for deploying remote access tools on targeted systems, with threat actors abusing its capabilities for lateral movement into victim environments.
The tool’s vendor has in place a vetting system to prevent selling the software to malicious entities, but cracked versions of Cobalt Strike have been available for years.
“These unauthorized versions of Cobalt Strike are just as powerful as their retail cousins except that they don’t have active licenses, so they can’t be upgraded easily,” Google notes.
By releasing open-source YARA rules and a VirusTotal Collection that integrates them, Google aims to help organizations flag and identify Cobalt Strike’s components, to improve protections.
Tomi Engdahl says:
Security Researchers Looking at Mastodon as Its Popularity Soars
https://www.securityweek.com/security-researchers-looking-mastodon-its-popularity-soars
Cybersecurity researchers are increasingly looking at Mastodon now that the decentralized social media platform’s popularity has soared, and they have started finding vulnerabilities and other security issues.
After Elon Musk acquired Twitter, he made a series of significant changes, including firing staff and modifying features, which have had a negative impact on the platform’s security. This has led to a Twitter security chief resigning and the FTC saying that they were deeply concerned.
Tomi Engdahl says:
Tatum Hunter / Washington Post:
Victims of hacked Facebook accounts say Meta’s customer support is largely unhelpful; Meta has no new initiatives for helping people recover their accounts
https://www.washingtonpost.com/technology/2022/11/21/hacked-facebook-account/
Tomi Engdahl says:
10 Things You Should Never Post On Social Media
https://awarenessact.com/10-things-you-should-never-post-on-social-media-ever/
Tomi Engdahl says:
https://hackersonlineclub.com/netdiscover-to-scan-live-hosts-in-network/
Tomi Engdahl says:
Misconfigurations, Vulnerabilities Found in 95% of Applications
https://www.darkreading.com/application-security/misconfigurations-vulnerabilities-found-in-95-of-applications
Weak configurations for encryption and missing security headers topped the list of software issues found during a variety of penetration and application security tests.
Tomi Engdahl says:
“Thinking about taking your computer to the repair shop? Be very afraid”
Thinking about taking your computer to the repair shop? Be very afraid
Not surprisingly, female customers bear the brunt of the privacy violations.
https://arstechnica.com/information-technology/2022/11/half-of-computer-repairs-result-in-snooping-of-sensitive-data-study-finds/
If you’ve ever worried about the privacy of your sensitive data when seeking a computer or phone repair, a new study suggests you have good reason. It found that privacy violations occurred at least 50 percent of the time, not surprisingly with female customers bearing the brunt.
Researchers at University of Guelph in Ontario, Canada, recovered logs from laptops after receiving overnight repairs from 12 commercial shops. The logs showed that technicians from six of the locations had accessed personal data and that two of those shops also copied data onto a personal device.
Tomi Engdahl says:
SFPD authorized to kill suspects using robots in draft policy
“This is not normal. No legal professional or ordinary resident should carry on as if it is normal.”
https://missionlocal.org/2022/11/killer-robots-to-be-permitted-under-sfpd-draft-policy/
Tomi Engdahl says:
Cybersecurity: Parliament adopts new law to strengthen EU-wide resilience
https://www.europarl.europa.eu/news/en/press-room/20221107IPR49608/cybersecurity-parliament-adopts-new-law-to-strengthen-eu-wide-resilience
Rules requiring EU countries to meet stricter supervisory and enforcement measures and harmonise their sanctions were approved by MEPs on Thursday.
The legislation, already agreed between MEPs and the Council in May, will set tighter cybersecurity obligations for risk management, reporting obligations and information sharing. The requirements cover incident response, supply chain security, encryption and vulnerability disclosure, among other provisions.
Tomi Engdahl says:
73% of retail applications have security flaws, yet only a quarter of them have been fixed
https://www.realinfosec.net/trending-infosec-news/73-of-retail-applications-have-security-flaws-yet-only-a-quarter-of-them-have-been-fixed/
Almost three-quarters of apps in the retail and hospitality sectors have security problems, but only 25% of them have been patched, according to a top global provider of modern application security testing tools. Furthermore, 17% of these issues are classified as “high severity,” which means that, if exploited, they pose a significant risk to the company.
Tomi Engdahl says:
Intel Says Its Deepfake Detector Has 96% Accuracy
The company says its FakeCatcher can operate in real-time to detect deepfake videos.
https://gizmodo.com/intel-deep-fake-ai-1849795542
Tomi Engdahl says:
https://www.realinfosec.net/trending-infosec-news/a-new-gold-standard-to-shield-hackers-acting-in-good-faith/
Tomi Engdahl says:
Netmaker connects servers spread across multiple locations with WireGuard
https://techcrunch.com/2022/10/20/netmaker-connects-servers-spread-across-multiple-locations-with-wireguard/
Tomi Engdahl says:
14 BANNED GADGETS YOU STILL CAN BUY ON AMAZON
https://m.youtube.com/watch?v=CNk5TDeG-X8&feature=youtu.be
Tomi Engdahl says:
Cyber as important as missile defences – ex-NATO general https://www.reuters.com/world/cyber-important-missile-defences-ex-nato-general-2022-11-21/
A cyber attack on the German ports of Bremerhaven or Hamburg would severely impede NATO efforts to send military reinforcements to allies, retired U.S. General Ben Hodges told Reuters.
Tomi Engdahl says:
How to hack an unpatched Exchange server with rogue PowerShell code https://nakedsecurity.sophos.com/2022/11/22/how-to-hack-an-unpatched-exchange-server-with-rogue-powershell-code/
ZDIs explanation of this vulnerability makes for a fascinating tale of how complex it can be to chain together all the parts you need to turn a vulnerability into a viable exploit. [...] In the hope of helping you follow the high-level details more easily if you decide to read the ZDI report, heres a hopefully-not-too-simplified summary with the steps listed in reverse
Tomi Engdahl says:
RansomExx Upgrades to Rust
https://securityintelligence.com/posts/ransomexx-upgrades-rust/
Malware written in Rust often benefits from lower AV detection rates (compared to those written in more common languages) and this may have been the primary reason to use the language. For example, the sample analyzed in this report was not detected as malicious in the VirusTotal platform for at least 2 weeks after its initial submission.
As of the time of writing, the new sample is still only detected by 14 out of the 60+ AV providers represented in the platform.
Tomi Engdahl says:
Crimeware and financial cyberthreats in 2023 https://securelist.com/crimeware-financial-cyberthreats-2023/108005/
Forecasts for 2023: Led by gaming and other entertainment sectors,
Web3 continues to gain traction and so will threats for it. Malware loaders to become the hottest goods on the underground market. More new Red Team penetration testing frameworks deployed by cybercriminals. Ransomware negotiations and payments begin to rely less on Bitcoin as a transfer of value. Ransomware groups following less financial interest, but more destructive activity. Other end of the year material: https://securelist.com/policy-trends-2023/108008/
https://securelist.com/ics-cyberthreats-in-2023/108011/
Tomi Engdahl says:
Aurora infostealer malware increasingly adopted by cybergangs https://www.bleepingcomputer.com/news/security/aurora-infostealer-malware-increasingly-adopted-by-cybergangs/
According to cybersecurity firm SEKOIA, at least seven notable cybergangs with significant activity have adopted Aurora exclusively, or along with Redline and Raccoon, two other established information-stealing malware families.
Tomi Engdahl says:
Log4Shell campaigns are using Nashorn to get reverse shell on victim’s machines
https://isc.sans.edu/diary/rss/29266
In an incident case I got last week, attackers started a reverse shell on the victims machine in a way I have not seen in Log4Shell exploitations. The reverse shell was issued using Nashorn, a JavaScript scripting engine used to execute JavaScript code dynamically at JVM. Similar use of Nashorn was seen in Confluence
CVE-2022-26134 exploitations.
Tomi Engdahl says:
Cybersecurity Investments in the EU: Is the Money Enough to Meet the New Cybersecurity Standards?
https://www.enisa.europa.eu/news/cybersecurity-investments-in-the-eu-is-the-money-enough-to-meet-the-new-cybersecurity-standards
The European Union Agency for Cybersecurity publishes the latest report on Network and Information Security Investments in the EU providing an insight on how the NIS Directive has impacted the cybersecurity budget of operators over the past year with deep-dives into the Energy and Health sectors.
Tomi Engdahl says:
Professional stealers: opportunistic scammers targeting users of Steam, Roblox, and Amazon in 111 countries https://www.group-ib.com/media-center/press-releases/professional-stealers/
Group-IB, one of the global leaders in cybersecurity, has identified
34 Russian-speaking groups that are distributing info-stealing malware under the stealer-as-a-service model. The cybercriminals use mainly Racoon and Redline stealers to obtain passwords for gaming accounts on Steam and Roblox, credentials for Amazon and PayPal, as well as users payment records and crypto wallet information. In the first seven months of 2022, the gangs collectively infected over 890,000 user devices and stole over 50 mln passwords. All the identified groups orchestrate their attacks through Russian-language Telegram groups, although they mainly target users in the United States, Brazil, India, Germany, and Indonesia. In 2022, info-stealing malware has grown into one of the most serious digital threats.
Tomi Engdahl says:
The Yanluowang ransomware group in their own words https://therecord.media/the-yanluowang-ransomware-group-in-their-own-words/
It announced that the contents of one of the groups discussion channels some 2,700 messages sent between January and September 2022 had been breached and was now uploaded to a leak site that allowed researchers, law enforcement, and even competitors to understand how the group was organized, how it interacted with other ransomware actors, and who might be in charge. The finding confirmed something researchers had long suspected: Yanluowang members were just masquerading as Chinese hackers. The name was a ruse. Cybersecurity firm Symantec first discovered the group in October 2021, and it soon got a reputation: It was clearly human-run, was reasonably skilled, and it targeted Western companies. Two of its most infamous targets:
Cisco and Walmart.
Tomi Engdahl says:
CISA releases updated infrastructure guide for local govt, tribal defenders https://therecord.media/cisa-releases-updated-infrastructure-guide-for-local-govt-tribal-defenders/
The updated framework, which was published on Tuesday, includes the Datasets for Critical Infrastructure Identification guide, a new tool that provides information on how to find publicly accessible information on critical infrastructure assets.
Tomi Engdahl says:
Mind the Gap
https://googleprojectzero.blogspot.com/2022/11/mind-the-gap.html
In June 2022, Project Zero researcher Maddie Stone gave a talk at
FirstCon22 titled 0-day In-the-Wild Exploitation in 2022so far. A key takeaway was that approximately 50% of the observed 0-days in the first half of 2022 were variants of previously patched vulnerabilities. This finding is consistent with our understanding of attacker behavior: attackers will take the path of least resistance, and as long as vendors don’t consistently perform thorough root-cause analysis when fixing security vulnerabilities, it will continue to be worth investing time in trying to revive known vulnerabilities before looking for novel ones. Note: The vulnerabilities discussed in this blog post (CVE-2022-33917) are fixed by the upstream vendor, but at the time of publication, these fixes have not yet made it downstream to affected Android devices (including Pixel, Samsung, Xiaomi, Oppo and others). Devices with a Mali GPU are currently vulnerable.
Tomi Engdahl says:
Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice https://www.proofpoint.com/us/blog/threat-insight/nighthawk-and-coming-pentest-tool-likely-gain-threat-actor-notice
In September 2022, Proofpoint researchers identified initial delivery of a penetration testing framework called Nighthawk. Launched in late
2021 by MDSec, Nighthawk is similar to other frameworks such as Brute Ratel and Cobalt Strike and, like those, could see rapid adoption by threat actors wanting to diversify their methods and add a relatively unknown framework to their arsenal. This possibility, along with limited publicly available technical reporting on Nighthawk, spurred Proofpoint researchers into a technical exploration of the tool and a determination that sharing our findings would be in the best interest of the cybersecurity community.
Tomi Engdahl says:
Threat actors extend attack techniques to new enterprise apps and services https://www.helpnetsecurity.com/2022/11/23/cyber-threats-rise/
Perception Point announced the publication of a report, The Rise of Cyber Threats Against Email, Browsers and Emerging Cloud-Based Channels. [It] finds that malicious incidents against these new cloud-based apps and services already occur at 60% of the frequency with which they occur on email-based services, with some attacks, like those involving malware installed on an endpoint, occurring on cloud collaboration apps at 87% of the frequency with which they occur on email-based services.
Tomi Engdahl says:
CVE-2022-40300: SQL INJECTION IN MANAGEENGINE PRIVILEGED ACCESS MANAGEMENT https://www.zerodayinitiative.com/blog/2022/11/22/cve-2022-40300-sql-injection-in-manageengine-privileged-access-management
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Justin Hung and Dusan Stevanovic of the Trend Micro Research Team detail a recently patched SQL injection vulnerability in Zoho ManageEngine products. The bug is due to improper validation of resource types in the AutoLogonHelperUtil class. Successful exploitation of this vulnerability could lead to arbitrary SQL code execution in the security context of the database service, which runs with SYSTEM privileges. The following is a portion of their write-up covering CVE-2022-3236, with a few minimal modifications.
Tomi Engdahl says:
The gang behind Quantum Locker used a particular modus operandi to target large enterprises relying on cloud services in the NACE region.
https://securityaffairs.co/wordpress/138873/cyber-crime/quantum-locker-lands-in-the-cloud.html
Quantum Locker gang demonstrated capabilities to operate ransomware extortion even on cloud environments such as Microsoft Azure. Criminal operators of the Quantum gang demonstrated the ability to hunt and delete secondary backup copies stored in cloud buckets and blobs.
Quantum Locker gang targets IT administration staff to gather sensitive network information and credential access. During their intrusions, Quantum operators steal access to enterprise cloud file storage services such as Dropbox, to gather sensitive credentials.
Cloud root account takeovers have been observed in q4 2022 during Quantum gang intrusions in North Europe.
Tomi Engdahl says:
Vulnerabilities in BMC Firmware Affect OT/IoT Device Security Part 1 https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/
Over the past year, Nozomi Networks Labs has conducted research on the security of Baseboard Management Controllers (BMCs), with a special focus on OT and IoT devices. In part one of this blog series, we reveal thirteen vulnerabilities that affect BMCs of Lanner devices based on the American Megatrends (AMI) MegaRAC SP-X. By abusing these vulnerabilities, an unauthenticated attacker may achieve Remote Code Execution (RCE) with root privileges on the BMC, completely compromising it and gaining control of the managed host. During our research, we uncovered other vulnerabilities whose patching is still in progress and thus cannot be disclosed as of yet; those will be covered in a follow-up blog post.