Nothing is more difficult than making predictions. Instead of trowing out wild ideas what might be coming, I have collected here some trends other people have predicted or reported.
Why the Future Needs Passwordless Authentication
https://securityintelligence.com/future-needs-passwordless-authentication/
As of September, Microsoft users no longer have to rely on passwords when logging in to their accounts. Passwords were suitable for authentication when users had fewer accounts, but things have changed.
Nowadays, everyone’s digital footprint is larger, making passwords more of a burden than a security necessity.
Cyber Warfare: What To Expect in 2022
https://securityintelligence.com/articles/cyber-warfare-what-to-expect-2022/
Cyberwarfare is not a future threatit’s a clear and present danger.
While the concept of cyber terrorism might sound like something from a fictional movie, our interconnected world is riddled with security flaws that make it an unfortunate reality. Read on as we cover seven cyber warfare and cybersecurity threats to watch out for in 2022.
Prediction Season: What’s in Store for Cybersecurity in 2022?
https://www.securityweek.com/prediction-season-whats-store-cybersecurity-2022
The past year has been quite challenging and tiring for many IT and security professionals, as threat actors capitalized on the rapidly changing environment created by accelerated digitalization and cloud transformation in response to the COVID-19 pandemic. And while we all hope that the next year is better when it comes to the onslaught of daily phishing, ransomware, and credential stuffing attacks; cyber criminals will likely learn from this year’s successful tactics, retool, and pivot them into next year’s campaigns to wreak even more havoc in all lives.
Consider the following threats that are on the horizon in 2022 and start preparing for them now:
Compromised Identities Continue to Fuel the Cyberattack Engine
Ransomware Attacks Evolve to Multifaceted Extortion Schemes
Pay Attention to the Supply Chain Threats
The Work from Anywhere Era Creates New Threats
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
We are proceeding in an era of “Malthusian” advances in science and technology, enabled by faster computing and ever-expanding data analytics. Those emerging technologies are significantly impacting cybersecurity. They include artificial intelligence (AI), machine learning, high-performance computing, cloud, edge computing, 5G, and eventually quantum technologies.
Computing systems that employ AI and ML are becoming more pervasive and critical to cyber operations and have become a major focus of cybersecurity research development and investments. Advanced 5G and wireless networks will benefit higher traffic capacities, lower latency, increased reliability, and enable processing and analytics in real-time. Edge computing strives to bring real-time computation, data storage, and operations closer to the device, rather than relying on a central location, avoiding latency issues. Technologies that improve capabilities for discovering, categorizing, monitoring, synthesizing, and automating the analysis of data are advantages in mitigating cybersecurity threats. Specifically, such tech can be used to bolster botnet detection and mitigation technology, data visualization tools, active malware protection, rootkit detection and mitigation technology, and incident response analytics.
Emerging tech can be a two-way street for good and bad. Artificial intelligence and machine learning can be used by hackers to automate target selection and more. Threat actors, especially state-sponsored and criminal enterprises, are becoming more sophisticated by searching for vulnerabilities and infiltrating malware by adapting (and automating), enabling machine learning, deep learning, artificial intelligence, and other analytic tools.
Also, the emergence of the Internet of Things presents special security challenges. There are an estimated 44 billion IoT endpoints today and trillions of sensors connected to those endpoints. Hackers have many attack options and entries for inserting malware into such a large and unregulated attack surface.
Google Finds 35,863 Java Packages Using Defective Log4j
https://www.securityweek.com/google-finds-35863-java-packages-using-defective-log4j
The computer security industry is bracing for travel on long, bumpy roads littered with Log4j security problems as experts warn that software dependency patching hiccups will slow global mitigation efforts.
The sheer scale and impact of the crisis became a bit clearer this week with Google’s open-source team reporting that a whopping 35,863 Java packages in Maven Central are still using defective versions of Log4j library.
The vulnerability, flagged as CVE-2021-44228, was first discovered and reported by the Alibaba cloud security team on November 24 this year. Less than two weeks later, exploitation was spotted in the wild, prompting the release of multiple high-priority patches and an industry-wide scramble to apply practical mitigations.
Many actors have exploited the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices. Apache has released several Log4j versions to fix the original Log4j vulnerability (CVE-2021-44228) and newer findings on the same software (CVE-2021-44832, CVE-2021-45046, CVE-2021-45105, CVE-2021-42550).
Threat Intelligence on Log4j CVE: Key Findings and Their Implications
https://www.akamai.com/blog/security/threat-intelligence-on-log4j-cve-key-findings-and-their-implications
Expect this vulnerability to have a long attack tail. We anticipate that due to how widely used this software is and the large number of exploit variations, we will continue to see exploit attempts for months to come and expect many breaches will get uncovered going forward.
Attackers used opportunistic injections and became more targeted. Consequences of the reconnaissance may not be fully understood for months. While the attacks can be mitigated by patching and other methods, it’s unclear how many breaches have happened already. It will take time for the breaches to come to light and for us to understand their magnitude.
Ransomware in 2022: We’re all screwed
https://www.zdnet.com/article/ransomware-in-2022-were-all-screwed/
Over the past few years, we’ve seen ransomware operators evolve from disorganized splinter groups and individuals to highly sophisticated operations, with separate teams collaborating to target everything from SMBs to software supply chains. Ransomware infection is no longer an end goal of a cyberattack. We are experiencing the “golden era of ransomware,” now in part due to multiple monetization options.
Burnout: The next great security threat at work
https://blog.1password.com/state-of-access-report-burnout-breach/
Many companies feel like they’ve successfully pivoted to remote and hybrid work. Team members have learned the tools and processes required to be successful outside the office, and IT departments have adjusted their security rules and policies accordingly. But now, nearly two years into the pandemic, another cybersecurity threat has
emerged: employee burnout.
In 2022, security will be Linux and open-source developers job number one
https://www.zdnet.com/article/in-2022-security-will-be-linux-and-open-source-developers-job-number-one/
Linux is everywhere. It’s what all the clouds, even Microsoft Azure, run. It’s what makes all 500 of the Top 500 supercomputers work. Heck, even desktop Linux is growing if you can believe Pornhub, which claims Linux users grew by 28%, while Windows users declined by 3%. Its real trouble isn’t so much with open-source itself. There’s nothing magical about open-source methodology and security. Security mistakes can still enter the code. Linus’s law is that given enough eyeballs, all bugs are shallow. But, if not enough developers are looking, security vulnerabilities will still go unnoticed. As what I’m now calling Schneier’s law, “Security is a process, not a product, ” points out constant vigilance is needed to secure all software.
The future of OT security in an IT-OT converged world
https://www.theregister.com/2021/11/09/securing_ics_in_the_cloud/
Securing ICS in the cloud requires ‘fundamentally different’ approach
If you thought the industrial internet of things (IIoT) was the cutting edge of industrial control systems, think again. Companies have been busy allowing external access to sensors and controllers in factories and utilities for a while now, but forward-thinking firms are now exploring a new development; operating their industrial control systems (ICS) entirely from the cloud. That raises a critical question: who’s going to protect it all?
Dave Masson, Director of Enterprise Security at Darktrace, calls this new trend ‘ICSaaS’. “ICS for the cloud is starting to happen now. That represents a whole new world for industrial technology and security.”
This trend has been possible for the last decade or so, he explains, but the uptake has been slow. Now, Masson is hearing from clients who are actioning it.
Operational technology admins may be nervous about allowing cloud-based control of their infrastructures, but they’re attracted by the potential benefits. If operators are accessing ICS remotely anyway, then it makes it easier to consider cloud-based interfaces. These make the management infrastructure cheaper and easier to operate.
In this scenario, the hardware components that make up ICS stay where they are. We’re not talking about virtualizing programmable logic controllers here. It’s the data governing their operation that moves to the cloud. That means the applications, databases, and other services that operators rely on to keep those components running smoothly.
Security is just as important in these new cloud-enabled environments as it was in the old legacy walled gardens, but the challenges facing defenders are different. The cloud is eroding the gap between IT and OT. OT is now part of what looks increasingly like a common IT network.
“Now, anybody can access this network from anywhere, so you’ve got to make sure you have good controls around who’s got permission”
“This raises questions about data security, compliance, and regulation.”
OT admins, used to maintaining an iron grip on their infrastructure, now risk a loss of visibility and control. There are organizational worries to consider beyond the technological ones. Converging IT/OT infrastructures is only part of the story. You must also decide who is managing security for the expanded network. Is it the IT security team, or the OT team, or both?
Zero trust architecture is a common talking point today when discussing cloud-based security, and that will be important. ICSaaS is only one part of a broader shift towards OT/IT convergence. The advent of 5G, along with the development of edge computing, will accelerate the trend still further.
Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!
https://nakedsecurity.sophos.com/2021/11/09/2022-threat-report/
we’ve covered five main topics: 1 Malware, 2 Mobile, 3 Machine Learning and AI, 4 Ransomware (because we simply couldn’t not give it a section of its own), and 5 Where next?. PDF:
https://www.sophos.com/en-us/medialibrary/pdfs/technical-papers/sophos-2022-threat-report.pdf
“AI and ML will be an enabler for cybersecurity for the foreseeable future”
https://cisomag.eccouncil.org/ai-and-ml-will-be-an-enabler-for-cybersecurity-for-the-foreseeable-future/
What are some of the emerging technologies in security? Would these generate opportunities and create challenges?
Critical Infrastructure (CI) and supply chain will be targeted even more in 2022 (state-sponsored, cybercriminal gangs) with ransomware and malware attacks.
• Investment and risk strategies will expand in conducting vulnerability assessments and filling operational gaps with cybersecurity tools. Tools include Data Loss Prevention (DLP), encryption, identity and access management solutions, log management, and SIEM platforms.
• Despite efforts to attract workers to security and tech jobs, the qualified cybersecurity worker shortage will continue to pose major operational challenges. Both the public and private sectors are currently facing challenges from a dearth of cybersecurity talent. A report out from the firm Cybersecurity Ventures estimates there are 3.5 million unfilled cybersecurity jobs in 2021. 2022 is not showing any signs of improvement in hiring.
• The Internet of Things (IoT) will pose a growing cybersecurity risk. IoT’s exponential connectivity is an ever-expanding mesh of networks and devices.
There are some specific areas where AI technology will contribute to making cybersecurity smarter include:
• AI can provide a faster means to detect and identify cyberthreats. Cybersecurity companies will be using software and a platform powered by AI that monitors real-time activities on the network by scanning data and files to recognize unauthorized communication attempts, unauthorized connections, abnormal/malicious credential use, brute force login attempts, unusual data movement, and data exfiltration. This allows businesses to draw statistical inferences and protect against anomalies before they are reported and patched.
• AI will impact Incident Diagnosis and Response capabilities.
While descriptive analytics provided by network surveillance and threat detection tools can answer the question “what happened,” incident diagnosis analytics address the question of “why and how it happened.” To answer those questions, new software applications and platforms powered by AI can examine past data sets to find root causes of the incident by looking back at change and anomaly indicators in the network activities
• AI will also enable better cyberthreat intelligence reports by analysts. Next year analysts will be able to use AI tools to generate automated cyberthreat intelligence reports (CTI). Cyberthreat intelligence reports provide the indicators and early warning necessary to better monitor unusual activities on a given network and detect more rapidly cyber threats.
AI and ML will be an enabler for cybersecurity for the foreseeable future. AI-powered tools and automation enablement will play an increased and integral role in keeping us cyber-safe in 2022 and beyond.
Kännyköiden tietoturva menee uusiksi
https://etn.fi/index.php/13-news/12788-kaennykoeiden-tietoturva-menee-uusiksi
In smartphones, security has been in place for more than a decade, with trusted processing performed in the TEE (Trusted Execution Environment) section of device memory. The current standard solution for smartphone security is typically created with Arm’s TrustZone technology. The phone’s own security comes from TEE. A secure boot usually includes a TEE. TEE has been an elegant solution for smartphones, although it is becoming old-fashioned (Arm TrustZone was developed 15 years ago).
The memory required by the TEE has not been available in the small controller chips used for embedded applications. Manufacturers have promoted Safe Boot and Memory Encryption or Flash Encryption, but they have been pretty weak solutions. Recently, Arm’s TrustZone M has introduced a new security model for controllers.
In recent years, this picture has begun to diversify. A revolution is underway now. Google has launched a keystone technology that allows an application to generate a system-maintained key and authenticate services (still uses TEE).
In the future, for example, encryption keys will be stored in an isolated memory area, an enclave, says Jan-Erik Ekberg, head of Huawei’s HSSL laboratory (Helsinki System Security Lab). Five years ago, Intel introduced SGX technology for PC servers, which simply means security extension commands added to the CPU chip. In this solution, TEE type protections are provided by a secure enclave. The use of this type of security enclave needs less code than traditional TEE structure. An enclave is a temporary structure in the memory of a device. It is created only for security processes and exits when it has completed its task. The difference is significant in the TEE structure, where another kernel runs all the time alongside the operating system. When there is no other parallel kernel, there is one component less to attack.
In Intel’s SGX, enclaves were implemented through caching, which limited their use. Intel has sought to overcome this limitation with newer TDX (Trust Domain Extensions) technology. AMD aims to do the same with its own SEV (Secure Encrypted Virtualization) technology.
Enclave-style solution structure will also come in the smart phones. The new Armv9-A architecture last year offers a realm mode that is very close to the technologies offered on the server side (Intel SGX). With the coming enclaves, an infinite number of secured environments will be available in principle.
In the mobile ecosystem, TEE is so deeply rooted that the transition will probably take five years. During the transition period TEE and more dynamic solutions will be on the market in parallel.
Kyberhyökkäykset uhkaavat jo tavarantoimituksiakin
https://www.uusiteknologia.fi/2021/11/08/kyberhyokkaykset-uhkaavat-jo-tavarantoimituksiakin/
Cyber attacks will cause chaos in product supply chains in the future, estimates Japanese security firm Trend Micro in its latest report. They can also cause physical harm to people, so it’s not just about problems with production or distribution.
According to Trend Micro, network connectivity by 2030 will affect our everyday lives even more, both physically and mentally. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Artificial intelligence tools democratize cybercrime from technically savvy individuals and criminal organizations to all. The new “Everything as a Service” service model also makes cloud service providers very attractive targets for cyber attackers.
Massive IoT (MIoT) environments in industrial facilities, logistics centers, transportation systems, healthcare, education, commerce, and homes are attractive targets for saboteurs and blackmailers. The new 5G and subsequent 6G networks are also making attacks more sophisticated and targeted.
In the future, user manipulation and fake news will become increasingly important and difficult to ignore when fed to smart glasses. Reality can be badly distorted.
https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf
Jarno Limnéll varoittaa “kyberpandemiasta” internetin häiriö voi panna maailman taas sekaisin
https://www.tivi.fi/uutiset/tv/211df5c9-7909-47b7-842b-719f6a496206
Cyber harassment and sports doping have a lot in common. Tracing and testing methods are evolving, but so are scams. And scammers always seem to be one step ahead. Sometimes they are only revealed years later. “The world is moving in the direction that technology is evolving faster and faster, and rather increasing the possibility of various disruptions and creating new types of vulnerabilities. There is no seamless security,” Limnagl says. So even with technology, the world will not be completed. In addition, crises always come as a surprise: New York on September 11, the Bosnian war, Hitler’s rise to power, the shots in Sarajevo. “In light of history, we’re always surprised. And if you think about it, technology only adds to the complexity and surprise of crises.”
Kyberhyökkäykset kiihtyvät, mutta yritykset voivat vastata niihin
https://etn.fi/index.php/new-products/13-news/12920-kyberhyoekkaeykset-kiihtyvaet-mutta-yritykset-voivat-vastata-niihin
Cyber attacks are accelerating, but companies can respond to them A new study by security firm Trend Micro predicts that the number of cyber attacks will increase, with a particular focus on IoT devices. At the same time in 2022 global organizations will be more vigilant and better prepared to face new cyber threats. Research, foresight, and automation are critical to risk management and employee protection. The shift of workers to telecommuting has opened up new avenues for attackers, so the attack area of companies and organizations has grown exponentially. Fortunately, hybrid work is becoming more established and more predictable, allowing security decision-makers to plan and refine their security strategies. Those are:
• Enhanced server security and application management policies to combat blackmail
• A risk-based update plan and an effort to detect security vulnerabilities in advance
• Improved basic protection for SMEs using cloud services
• Active network monitoring, especially in IoT environments
• Zero Trust security model to secure international supply chains
• Cloud security focused on the risks assessed by the DevOps team and industry best practices
• Advanced Detection and Response (XDR) model to detect attacks on large networks
Trend Micron raportti: tulevaisuudessa kaikki on vaarassa
https://etn.fi/index.php/13-news/12785-trend-micro-raportti-tulevaisuudessa-kaikki-on-vaarassa
Security company Trend Micro has released its 2030 future report. Videos also tell us what the world could look like at the beginning of the next decade. From the perspective of cyber threats and cybersecurity, the future looks bleak. By 2030, connectivity, or continuous online presence, will affect our daily lives on both a physical and mental level. At the same time, cyber threats are constantly evolving and abusing technological innovation in ever new ways.
Trend Micro hopes that this review will spark debate both within the security industry and in society at large. We can only prepare for the cyber challenges of the next decade by comprehensively anticipating all possible situations and advising how governments, the business world and individuals can prepare for them.
Project 2030
https://2030.trendmicro.com/?utm_campaign=ADC2021_Corporate_2030_Predictions&utm_medium=Press-Release&utm_source=Press-Release_Glimpse-into-future_PR&utm_content=Watch-video
Welcome to your new reality, more connected than ever to all the riches modern life has to offer, yet where truth has never been more insubstantial.
3,062 Comments
Tomi Engdahl says:
Googlelta avoimen koodin kehittäjille joululahja: työkalu automatisoi reikien etsimisen ja tilkitsemisen
https://www.tivi.fi/uutiset/googlelta-avoimen-koodin-kehittajille-joululahja-tyokalu-automatisoi-reikien-etsimisen-ja-tilkitsemisen/3941c009-3a09-4974-9210-124f857bd9b7
Google on julkaissut OSV-Scanner-nimisen ilmaisen haavoittuvuusskannerin, jonka on tarkoitus auttaa ohjelmistokehittäjiä avoimen koodin sovellusten tietoturvan ylläpitämisessä, VentureBeat kertoo.
Announcing OSV-Scanner: Vulnerability Scanner for Open Source
https://security.googleblog.com/2022/12/announcing-osv-scanner-vulnerability.html
Today, we’re launching the OSV-Scanner, a free tool that gives open source developers easy access to vulnerability information relevant to their project.
Last year, we undertook an effort to improve vulnerability triage for developers and consumers of open source software. This involved publishing the Open Source Vulnerability (OSV) schema and launching the OSV.dev service, the first distributed open source vulnerability database. OSV allows all the different open source ecosystems and vulnerability databases to publish and consume information in one simple, precise, and machine readable format.
The OSV-Scanner is the next step in this effort, providing an officially supported frontend to the OSV database that connects a project’s list of dependencies with the vulnerabilities that affect them.
Software projects are commonly built on top of a mountain of dependencies—external software libraries you incorporate into a project to add functionalities without developing them from scratch. Each dependency potentially contains existing known vulnerabilities or new vulnerabilities that could be discovered at any time. There are simply too many dependencies and versions to keep track of manually, so automation is required.
Scanners provide this automated capability by matching your code and dependencies against lists of known vulnerabilities and notifying you if patches or updates are needed.
The OSV-Scanner generates reliable, high-quality vulnerability information that closes the gap between a developer’s list of packages and the information in vulnerability databases.
Running OSV-Scanner on your project will first find all the transitive dependencies that are being used by analyzing manifests, SBOMs, and commit hashes. The scanner then connects this information with the OSV database and displays the vulnerabilities relevant to your project.
OSV-Scanner is also integrated into the OpenSSF Scorecard’s Vulnerabilities check, which will extend the analysis from a project’s direct vulnerabilities to also include vulnerabilities in all its dependencies. This means that the 1.2M projects regularly evaluated by Scorecard will have a more comprehensive measure of their project security.
There’s still a lot to do! Our plan for OSV-Scanner is not just to build a simple vulnerability scanner; we want to build the best vulnerability management tool—something that will also minimize the burden of remediating known vulnerabilities.
https://osv.dev//#use-the-cli
https://github.com/google/osv-scanner
Use OSV-Scanner to find existing vulnerabilities affecting your project’s dependencies.
OSV-Scanner provides an officially supported frontend to the OSV database that connects a project’s list of dependencies with the vulnerabilities that affect them.
https://osv.dev/
https://security.googleblog.com/2021/02/launching-osv-better-vulnerability.html
Tomi Engdahl says:
Viola Zhou / Rest of World:
Some Chinese students are using remote access software to cheat on TOEFL, GRE, and other US college entry exams, fueled by the introduction of at-home testing
“Online testing is a joke”: How Chinese students cheat on U.S. college entry exams
For just $5,000, students can buy their way to acing English exams.
https://restofworld.org/2022/chinese-software-cheat-sat-exams/
Watching through a camera, a proctor monitors a Chinese student taking an English exam. Sitting in a Beijing living room, the student appears to be taking the test seriously. They frown during the listening session, as if trying hard to think about the answer. And for the written portion, their arms move about, with the tapping of a keyboard being heard.
But the student wasn’t typing anything. They weren’t even looking at the screen. Sitting next to the student, just outside of the camera’s field of view, was 34-year-old Tony Wang. As he’d done for dozens of students before, Wang was answering the questions by typing on a wireless keyboard, sometimes while eating barbecued skewers. For the speaking portion, he’d type the answers on an iPad or a smartphone for students to read out. And students who couldn’t speak English at all would silently move their lips while Wang invisibly spoke aloud the answer on their behalf.
Wang, who runs an agency that helps Chinese students study abroad, told Rest of World he had helped more than 100 students cheat on the Test of English as a Foreign Language (Toefl) exam since at-home tests became available in 2020. “To insiders like us, ETS online testing is just a joke,”
Hundreds of thousands of students from China head overseas to study every year. Many are able to pass admission tests or hand in applications on their own, while others have resorted to professional help. Wang is just one of many people in an industry that coaches prospective students on everything from studying for English-language tests to writing their personal statements for them.
The introduction of at-home testing for Toefl, GRE, the GMAT management admission exam, and even the LSAT law school aptitude tests during the pandemic has made it easier to cheat, fueling the practice in China. For a few thousand U.S. dollars, professionals like Wang make sure students obtain test scores high enough to land them places at the world’s top universities.
Our investigation found that these test-prep professionals have taken exams for students not only from across China but also overseas, by sitting next to them or remotely controlling their computers. To pass spoken tests, some imposters, dubbed “teachers,” even appear on camera dressed up as their student clients.
The lucrative business has grown into what some test-prep professionals say is a multimillion-dollar industry specializing in baofen, meaning “guaranteed scores” in Chinese. On social media, those who post about studying for Toefl or GRE tests are bombarded with direct messages from self-proclaimed test-prep centers seeking new clients. More than 10 thousand people may have cheated on international tests during the pandemic, two managers from cheating businesses told Rest of World. For some Toefl sessions, they could even obtain test materials, dubbed jijing in Chinese, in advance, the cheating professionals say.
Wang said some of his clients had studied hard and could have scored 90 out of 120 by themselves in a Toefl exam, but still resorted to cheating to pump up their scores to above 100. Some others, he said, could not understand English at all. Some were brought in by their parents, while others asked him to keep the dishonesty from their families.
ETS’ chief security officer, Wallace Dalrymple, said the company is aware of cheating attempts around the world, and is spending tens of millions of dollars each year to detect and prevent cheating
In June, the company admitted that at-home assessments have contributed to an increase in cheating globally. Test-takers have attempted to cheat using remote-access software, proxy testing, or cellphones to send and receive messages. “To prevent the potential for proxy test takers, we have a comprehensive security check, identification review and test environment scan prior to the start of a test administration,” Dalrymple said, adding that test materials are stored securely. “We know that they exist and we are catching them.”
Despite the best efforts of test agencies, Chinese companies are still offering a variety of methods
Another test-prep company owner in China, who spoke on condition of anonymity due to privacy concerns, told Rest of World about one popular service the company provides that answers questions for students using remote-access software. For 12,000 yuan ($1,678), it makes sure clients receive a total of at least 85 points out of 90 — from reading, listening, and writing sessions. For the spoken test, the company provides a script, but students are responsible for reading it out.
This company has more expensive options too: Having someone sit for an entire remote Toefl or GRE exam costs about $4,000. Clients first send over their photos, and the company searches for look-alikes among its professional test-takers. They put on makeup and sit for the test, bearing the identities of their clients.
The owner said this service, dubbed quanti or “entirely substituted,” was popular among affluent Chinese students who were enrolled in American high schools or colleges. They would be applying to undergraduate or postgraduate programs, but would be unable to obtain the scores they needed. “I’m helping them,” he said.
help her with the Toefl test by sending answers to her phone during an at-home exam. The company initially asked for 18,000 yuan ($2,548), but she bargained it down to 15,000 ($2,124). The student said she felt bad for cheating, but she was eager to obtain a high score
Helping others cheat on state exams is a criminal offense in China. But test-prep professionals say Chinese authorities have little interest in how they exploit the security lapses of international tests. On social platforms including WeChat, Xiaohongshu, and Douban, test-prep agencies openly advertise cheating services for other online-proctored exams such as GMAT, the PTE Academic exam, IELTS Indicator, and the Duolingo English Test. One company contacted by Rest of World offered cheating services for the LSAT, a rigorous exam required by most law schools in the U.S., charging 40,000 yuan ($5,662) to obtain a score of 160 out of 180, and 60,000 yuan ($8,494) to hit 170, good enough for a Harvard Law School applicant.
Testing authorities say they have imposed stringent security measures to combat cheating. A Duolingo spokesperson told Rest of World the company has an “extremely secure” testing system, powered by human proctors and artificial intelligence
Dishonest acts do get detected. ETS, for example, cancels test-takers’ scores when it suspects cheating. The company said it recorded a 200% increase in Toefl and GRE score cancellations in the second year of at-home testing during the 2021 financial year, compared to 2020.
Since it’s difficult for remote proctors to catch someone cheating on the spot, Wang said, the worst penalty the ETS might inflict is to ban someone from taking the tests for one year. The owner of the other test-prep center said that even if clients get their scores canceled after their first cheating attempt, most of them would succeed the second time around. His clients have never been caught with remote-control software. “10,000% undetectable,” he said. “As long as the students are not too stupid.”
Wang said he has had his own ethical struggles, but to free himself from the moral burden, he tells himself students would cheat anyway without his participation, and that those who could not access his service would be at a disadvantage compared to their cheating peers. “Everyone is doing that,”
Tomi Engdahl says:
Lauren Feiner / CNBC:
US lawmakers introduce legislation that aims to ban TikTok or any social media company in, or under the influence of, China, Russia, and other US adversaries — – A new bill from a bipartisan group of lawmakers would ban TikTok in the U.S. — The bill comes after years of broad concern across …
Lawmakers unveil bipartisan bill that aims to ban TikTok in the U.S.
https://www.cnbc.com/2022/12/13/lawmakers-unveil-bipartisan-bill-that-aims-to-ban-tiktok-in-the-us.html
A new bill from a bipartisan group of lawmakers would ban TikTok in the U.S.
The bill comes after years of broad concern across the Trump and Biden administrations about potential Chinese government influence on the company.
TikTok has insisted U.S. user data is safely stored outside of China, which it says should keep it out of reach of government officials.
Tomi Engdahl says:
Brian Krebs / Krebs on Security:
A database of the FBI’s threat information sharing program InfraGard, containing contact details of its 80K+ members, has been up for sale since December 10 — InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships …
FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked
https://krebsonsecurity.com/2022/12/fbis-vetted-info-sharing-network-infragard-hacked/
InfraGard, a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO that was vetted by the FBI itself.
Tomi Engdahl says:
Zack Whittaker / TechCrunch:
Apple confirms iOS 16.1.2, released on November 30, fixed a WebKit zero-day flaw, found and reported by Google, that allowed RCE and was actively exploited — Apple has confirmed that an iPhone software update it released two weeks ago fixed a zero-day security vulnerability that it now says was actively exploited.
Apple fixes ‘actively exploited’ zero-day security vulnerability affecting most iPhones
Zack Whittaker
https://techcrunch.com/2022/12/13/apple-zero-day-webkit-iphone/
Apple has confirmed that an iPhone software update it released two weeks ago fixed a zero-day security vulnerability that it now says was actively exploited.
The update, iOS 16.1.2, landed on November 30 and rolled out to all supported iPhones — including iPhone 8 and later — with unspecified “important security updates.”
In a disclosure to its security updates page on Tuesday, Apple said the update fixed a flaw in WebKit,
Tomi Engdahl says:
Beatrice Peterson / ABC News:
Meta plans to release Hasher Matcher Actioner, a moderation tool to help platforms identify terrorist or human trafficking content, for free and as open source
Meta says it will share software in attempt to combat terrorism, human trafficking
It said it will help prevent the spread of violent images on the internet.
https://abcnews.go.com/Technology/meta-share-software-attempt-combat-terrorism-human-trafficking/story?id=94882414
Meta, formerly named Facebook, said it’s opening up a piece of its technology to combat terrorism and human trafficking across the internet. It said it will allow other companies to share data and prevent the spread of violent images on the internet.
This software will be shared in advance of Meta’s yearlong chairmanship of the Global Internet Forum to Counter Terrorism (GIFCT), which begins in January.
Meta’s Hasher Matcher Actioner will be a free, open-source content moderation software tool “that will help platforms identify copies of images or videos and take action against them en masse,” Meta President of Global Affairs Nick Clegg said in a release.
The Hasher Matcher Actioner allows companies to find duplicated images by looking at hashes, or digital fingerprints. Those fingerprints or hashes are created after images or videos are run through an algorithm developing a series of numbers or letters specific to that image, the company said.
The hash allows for that data to be matched in mass, allowing images that violate the platform’s terms of service to be quickly addressed and taken offline, a tool Meta said will be helpful to smaller tech platforms.
Meta said it spent $5 billion on safety and security in 2021 and had over 40,000 employees dedicated to the company’s efforts on online safety.
Meta is a founding member of GIFCT, which is a non-governmental organization that was created by tech companies in 2017 to combat extremist content online, including terrorism.
When a terrorist attack happens, the GIFCT works collaboratively to create a hash based on the online video created by a perpetrator or accomplice during a terrorist attack. That hash allows companies to remove the images offline quickly. Companies in the GIFCT, including Microsoft, Airbnb, Amazon, and current chair YouTube, often use a hash-sharing database that works to block videos and images that violate their terms of service from their platforms.
He said releasing open-source software is critical in limiting the places where violating content can appear. However, he said it’s not clear how this will affect what happens on the dark web.
“The internet is infinite; there’s not going to be a good way to prevent this from continuing because they’ll just move somewhere else. Where the algorithm isn’t.”
Schmidt said most efforts to prevent violent content sharing have come from the private sector, not the government, which has relied on social media companies for moderation.
He said the government has allowed “private companies to establish their own speech norms like we’ve been talking about with Twitter, and use those norms to prohibit behavior on their platforms.”
Companies work with law enforcement agencies to then prosecute what they believe to be criminal behavior.
“What we’re hoping to do, is lift up our baseline best practices for the entire industry,”
Tomi Engdahl says:
Wall Street Journal:
The EU publishes a draft approval of its preliminary US data sharing deal, struck in March 2022 to help businesses, after the US promised surveillance changes
EU Advances Its Data-Flow Deal After U.S. Makes Surveillance Changes
Brussels gives tentative approval as part of pending deal to allow companies to transfer European data across the Atlantic
https://www.wsj.com/articles/eu-to-advance-its-data-flow-deal-after-u-s-makes-surveillance-changes-11670927692?mod=djemalertNEWS
The European Union took a significant step toward completing a deal with the U.S. that would allow personal information about Europeans to be stored legally on U.S. soil, reducing the threat of regulatory action against thousands of companies that routinely transmit such information.
The European Commission, the EU’s executive arm, on Tuesday published a draft approval of the preliminary deal it struck in March with the U.S. government. The agreement would re-establish a framework that makes it easy for businesses to transfer such information again following the invalidation of a previous agreement by an EU court in 2020.
As part of the new deal, the U.S. is offering—and has started to implement—new safeguards on how its intelligence authorities can access that data.
If concluded, the deal could resolve one of the thorniest outstanding issues between the two economic giants. Hanging in the balance has been the ability of businesses to use U.S.-based data centers to do things such as sell online ads, measure their website traffic or manage company payroll in Europe.
Blocking data transfers could upend billions of dollars of trade from cross-border data activities, including cloud services, human resources, marketing and advertising, if they involve sending or storing information about Europeans on U.S. soil, tech advocates say.
The deal still isn’t sealed. Before the Commission can complete its approval of the new agreement—called the EU-U.S. data privacy framework—it will need to consult with a board representing EU privacy regulators as well as EU member states. The European Parliament can also weigh in.
Significant debate is possible in Europe, where some privacy activists have said they expect the new deal to be challenged, and eventually struck down, in EU courts.
Details of the new data deal will be closely scrutinized because two previous data agreements were rejected by the EU’s top court, most recently in 2020, in part because the U.S. failed to give what the court said were actionable rights to challenge U.S. surveillance.
The Commission said its decision published Tuesday reflects a conclusion that the updated U.S. legal framework “provides comparable safeguards to those of the EU. ”
Tomi Engdahl says:
Syväkurkun väite: Apple sallii sovellusten vapaan asentamisen iPhoneille 2023
https://www.tivi.fi/uutiset/tv/7280ad69-2ac8-496f-8d96-53a0e22ad6c8
Bloombergin Apple-syväkurkku Mark Gurman kirjoittaa, että Apple tulee pian sallimaan iOS-käyttöjärjestelmässään sovellusten vapaan asentamisen ja muiden kehittäjien sovelluskaupat.
Tomi Engdahl says:
Reuters:
Microsoft will roll out its “EU data boundary”, allowing EU cloud customers to process and store data in the region, starting with customer data, from January 1
Microsoft to roll out ‘data boundary’ for EU customers from Jan. 1
https://www.reuters.com/technology/microsoft-roll-out-data-boundary-eu-customers-jan-1-2022-12-15/
Tomi Engdahl says:
https://www.securityweek.com/mapping-threat-intelligence-nist-compliance-framework
Tomi Engdahl says:
https://www.uusiteknologia.fi/2022/12/13/tekoaly-muuttaa-kyberhyokkayksia-uusia-vaaratilanteita/
Tomi Engdahl says:
Al Weaver / The Hill:
The US Senate unanimously passed the “No TikTok on Government Devices Act” over security concerns related to the app, after 13 states imposed similar bans
Senate votes to ban TikTok use on government devices
https://thehill.com/policy/technology/3775845-senate-votes-to-ban-tiktok-use-on-government-devices/
Tomi Engdahl says:
Kat Tenbarge / NBC News:
The SEC charges eight influencers with securities fraud, allegedly using Twitter and Discord to manipulate stocks since at least January 2020 in a ~$100M scheme — The Securities and Exchange Commission has charged eight influencers with securities fraud, the agency said Wednesday.
SEC says social media influencers used Twitter and Discord to manipulate stocks
https://www.nbcnews.com/tech/tech-news/sec-says-social-media-influencers-used-twitter-discord-manipulate-stoc-rcna61673
The regulatory agency charged them in what it says was a $100 million securities fraud scheme run by people who portrayed themselves as successful stock traders.
The Securities and Exchange Commission has charged seven social media influencers with securities fraud, saying Wednesday that they were part of a $100 million scheme to use social media platforms Twitter and Discord, as well as podcasts, to manipulate the price of certain stocks.
Though the influencers are not household names, they had accrued more than 2 million followers across various social media platforms, where they routinely posted photos of their wealth including of exotic sports cars.
The influencers charged include “PJ Matlock,” whose real name is Perry Matlock. On Wednesday, he had deactivated his Twitter account, which had more than 340,000 followers.
Tomi Engdahl says:
Paresh Dave / Reuters:
Ex-Twitter employee Ahmad Abouammo is sentenced to 3.5 years in prison, after being found guilty in August 2022 of spying for Saudi Arabia by sharing user data — A former Twitter Inc manager convicted of spying for Saudi Arabia was sentenced to 3-1/2 years in U.S. prison, prosecutors said on Wednesday.
Ex-Twitter worker gets 3-1/2-year U.S. prison term for spying for Saudi Arabia
https://www.reuters.com/legal/ex-twitter-worker-gets-3-12-year-prison-sentence-spying-saudi-arabia-2022-12-15/
Tomi Engdahl says:
Cat Zakrzewski / Washington Post:
A tech industry group that includes Google and Meta sues to block California’s Age-Appropriate Design Code, saying it would result in content “over-moderation” — It’s the latest legal salvo over the future of social media regulation, an issue that has been appealed to the Supreme Court.
https://www.washingtonpost.com/technology/2022/12/14/california-internet-lawsuit-filed/
Tomi Engdahl says:
US Government Agencies Issue Guidance on Threats to 5G Network Slicing
https://www.securityweek.com/us-government-agencies-issue-guidance-threats-5g-network-slicing
The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) have released guidance on the security risks associated with 5G network slicing and mitigation strategies.
The document explains that “a network slice is an end-to-end logical network that provides specific network capabilities and characteristics to fit a user’s needs” and that it can run on the same physical network with other slices, albeit users are authenticated for a network area only.
Spanning physical components of a network – including computing, storage, and infrastructure – network slicing provides component virtualization and enables data and security isolation by restricting user authentication to specific network areas.
“It is important to note that network slicing components can span multiple operators, so interoperability, security, and robustness become important challenges to address. From a security standpoint, the resources of one network slice should be isolated from other network slices to ensure confidentiality, integrity, and availability,” the guidance reads.
The architecture relies on a network-as-a-service (NaaS) model, where infrastructure-as-a-service is combined with network and security services, to improve the efficiency and resilience of 5G infrastructure. Mobile network operators need to use management and network orchestration (MANO) systems to create end-to-end network slices and operate them, the three agencies say.
According to the Enduring Security Framework (ESF), network slicing adds complexity to the network and improper management of network slices could allow threat actors to access data in other network slices or deny access to it.
https://media.defense.gov/2022/Dec/13/2003132073/-1/-1/0/POTENTIAL%20THREATS%20TO%205G%20NETWORK%20SLICING_508C_FINAL.PDF
Tomi Engdahl says:
Lopulta emme voi havaita tekoälyn tekemiä kyberhyökkäyksiä
https://etn.fi/index.php/13-news/14383-lopulta-emme-voi-havaita-tekoaelyn-tekemiae-kyberhyoekkaeyksiae
Kyberturva-alalla on jo pitkään puhuttu siitä, että jollakin aikataululla hyökkäyksistä ja niiden torjunnasta tulee kahden tekoälyn vastaista taistelua. Vielä tänään näin ei ole, mutta pitkällä aikavälillä, noin kuuvan vuosikymmenen lopulla tekoäly kykenee tekemään kyberhyökkäyksiä, joita puolustajien on hyvin vaikea edes havaita.
Tämä käy ilmi WithSecuren, Liikenne- ja viestintävirasto Traficomin ja Huoltovarmuuskeskuksen yhdessä laatimasta raportista. Raportin mukaan tekoälyä hyödyntävät kyberhyökkäykset ovat tällä hetkellä harvinaisia ja ne rajoittuvat sosiaalisen manipuloinnin käyttötarkoituksiin (kuten yksilön imitointiin) tai niitä tehdään tavoilla, joita tutkijat ja analyytikot eivät kykene havaitsemaan suoraan (esimerkiksi taustajärjestelmien data-analyysi).
Raportissa kuitenkin korostetaan tekoälyn kehittyneen niin merkittävästi, että kehittyneemmät kyberhyökkäykset ovat entistä todennäköisempiä lähitulevaisuudessa. Kohteiden tunnistaminen, sosiaalinen manipulointi ja imitaatio ovat tällä hetkellä välittömimpiä tekoälyn mahdollistamia uhkia, ja niiden odotetaan kehittyvän ja määrän lisääntyvän entisestään seuraavan kahden vuoden aikana.
Tällä hetkellä kyberrikollisilla ei ole vielä suurta tarvetta ottaa tekoälyä käyttöön hyökkäyksissään. Niin kauan, kun perinteiset kyberhyökkäykset pääsevät tavoitteeseen ja generoivat hyökkääjille varoja, hyökkääjillä on rajoitetusti motivaatiota siirtyä tekoälyn käyttöön. Verkkorikolliset eivät lisäksi ole vielä opiskelleet tekoälyn käyttöön liittyviä tekniikoita. Kyse on komplesisista uusista teknologioista.
Entäpä pidemmällä aikavälillä? Mihin tekoäly pystyy kyberhyökkääjänä?
Jos katsotaan 10 vuotta eteenpäin, tekoäly todennäköisesti voisi vahvistavan oppimisen kautta rakentaa itsenäisiä haittaohjelmia. Iso ongelma tässä on tarvittavien koneoppimiskirjastojen puute. Näitä kirjastoja vaaditaan, jotta haittaohjelma toimisi kohdejärjestelmässä. Koneoppimiseen liittyviä kirjastoja ei vielä olla otettu tarpeeksi laajasti käyttöön tietokoneissa, älypuhelimissa ja tableteissa.
Koneoppimiseen liittyvät kirjastot olisivat käytännössä pakko sisällyttää haittaohjelmaan, joka itsessään lisäisi tietokuorman kokoa huomattavasti. Koneoppimiseen liittyvät mallit, jotka mahdollistavat haittaohjelman itsenäisyyden ovat myös hyvin isoja kooltaan ja vaativat isoja määriä suorituskykyä ja muistia toimiakseen. Näiden mallien koko ja vaatimat resurssit estävät niiden käytön olemassa olevissa järjestelmissä, ja on saattavat suoritusongelmien takia mahdollisesti helpottaa hyökkäyksen havainnointia. Näiden haasteiden takia on epätodennäköistä, että näkisimme itseohjautuvia tai älykkäitä itse levittyviä haittaohjelmia lähitulevaisuudessa.
Tekoälyn mahdollistamat kyberhyökkäykset
https://www.traficom.fi/sites/default/files/media/publication/TRAFICOM_Teko%C3%A4lyn_mahdollistamat_kyberhy%C3%B6kk%C3%A4ykset%202022-12-12_web.pdf
Tomi Engdahl says:
Top Cybersecurity Predictions 2023
https://www.forbes.com/sites/emilsayegh/2022/12/15/top-cybersecurity-predictions-2023/
1. Big Year of SASE 2. Zero Trust Adoption 3. Rise in Targeted Ransomware 4. Cyber regulations and the Effect on Cyber Insurance 5.
Space And Airline Hacks 6. A Major Crypto Event 7. Arresting Insider Threats 8. Growing Threat in 5G and APIs 9. Big Breaches? Big Fines 10. Flight from Point Products 11. Linux Wont be Immune
Tomi Engdahl says:
Ransomware Business Models: Future Pivots and Trends https://www.trendmicro.com/en_us/research/22/l/ransomware-business-models-future-trends.html
This blog post discusses some of the possible triggers [...] that can push Ransomware-as-a-Service (RaaS) groups to make small changes in their current operations (in the section we call Evolutions). Looking further ahead and considering the aggregation of these triggers and small changes, we look at the potentially larger modifications these groups can make to further other possible objectives in the long run (in the section Revolutions). Trigger 1: Governments implement regulations on cryptocurrencies Trigger 2: Changes in the IT security landscape and move to the cloud. Evolution 1: Change of targeted endpoints The internet of things (IoT)/Linux Evolution 2: Scale up through increased professionalism and automation. Revolution 1: Hack into cryptocurrency exchanges/Steal cryptocurrencies, Revolution 2:
Replace ransomware payload with business email compromise (BEC)
Tomi Engdahl says:
Number of command-and-control servers spiked in 2022: report https://therecord.media/number-of-command-and-control-servers-spiked-in-2022-report/
Researchers from Recorded Future said in a report published Thursday that they detected more than 17,000 of the servers in 2022, up from
13,629 the year before. The list was dominated by Cobalt Strike team servers, botnet families including IcedID and QakBot, and popular remote access trojans such as PlugX which is used by Chinese government hackers.
Tomi Engdahl says:
Unmasking MirrorFace: Operation LiberalFace targeting Japanese political entities https://www.welivesecurity.com/2022/12/14/unmasking-mirrorface-operation-liberalface-targeting-japanese-political-entities/
ESET researchers discovered a spearphishing campaign targeting Japanese political entities a few weeks before the House of Councillors elections, and in the process uncovered a previously undescribed MirrorFace credential stealer
Tomi Engdahl says:
Digging Inside Azure Functions: HyperV Is the Last Line of Defense https://unit42.paloaltonetworks.com/azure-serverless-functions-security/
Unit 42 researchers investigated Azures serverless architecture and found that we were able to break out of the serverless function to the underlying host. We also discovered that our host was actually a HyperV virtual machine that hosted several other serverless functions.
Tomi Engdahl says:
Iran-linked Charming Kitten espionage gang bares claws to pollies, power orgs https://www.proofpoint.com/us/blog/threat-insight/ta453-refuses-be-bound-expectations
Since at least late 2020, Proofpoint researchers have observed aberrations in TA453 (which overlaps with groups publicly known as Charming Kitten, PHOSPHORUS, and APT42) phishing activity in which the threat actor has stepped away from its typical phishing techniques and target victimology. A hallmark of TA453s email campaigns is that they almost always target academics, researchers, diplomats, dissidents, journalists, human rights workers, and use web beacons in the message bodies before eventually attempting to harvest a targets credentials.
Such campaigns may kick off with weeks of benign conversations from actor-created accounts before attempted exploitation.
Tomi Engdahl says:
Microsoft to Europe: We’re setting an EU ‘data boundary’ from 2023 https://www.theregister.com/2022/12/15/microsoft_launches_eu_data_boundary/
Microsoft said it would expand the EU Data Boundary to include the storage and processing of additional categories of personal data, including data provided when receiving technical support, in future phases. Although it mentioned no specific EU laws, Microsoft promised the solution would help customers meet “regulatory requirements and industry-specific standards.”
Tomi Engdahl says:
Mikko Hyppönen antaa ohjeen kriisitilanteisiin: Tärkeintä on se, että kerrotaan totuus
https://www.tivi.fi/uutiset/mikko-hypponen-antaa-ohjeen-kriisitilanteisiin-tarkeinta-on-se-etta-kerrotaan-totuus/60f8f77e-9973-457b-95ce-a029aa999bd0
Hyppönen muistuttaa oppineensa vuosien varrella, ettei organisaatio menetä asiakkaidensa tai markkinoiden luottamusta sen vuoksi, että siihen on kohdistunut tietomurto. Luottamus menetetään silloin, kun tilanteesta valehdellaan.
Tomi Engdahl says:
StingBox is a simple network honeypot with advanced alert features and additional (optional) scans of your LAN, WAN and Network Shares. Visit https://StingBox.com for more info.
https://m.facebook.com/story.php?story_fbid=pfbid02DnbumXuuLY7dookFTX2f7XeWe81wknvhKny6yEZSUdUoLf6ZFN9kEvEt7faD6knql&id=103503821473486
Tomi Engdahl says:
How to Make Your Phone (Nearly) Impossible to Track—and Keep Personal Information Safe
https://www.rd.com/article/how-to-make-your-phone-impossible-to-track/
The more we use our phones, the more personal information we give up. So how do you make your phone impossible to track and keep your online data secure? We asked tech experts for their top tips.
Tomi Engdahl says:
Kuka vastaa kyberturvallisuudesta? ”Tulevassa hallitusohjelmassa pitäisi olla selkeä kirjaus”
Kauko Ollila12.12.202206:05KYBER
https://www.tivi.fi/uutiset/kuka-vastaa-kyberturvallisuudesta-tulevassa-hallitusohjelmassa-pitaisi-olla-selkea-kirjaus/05618ac2-f3f4-4426-88ce-0544658f1f85
Julkisoikeuden professori Tomi Voutilainen kehottaa tulevaa hallitusta ottamaan kantaa kyberturvallisuushallinnon järjestämiseen.
Tomi Engdahl says:
https://hackersonlineclub.com/exploiting-authentication-issues-in-web-application/
Tomi Engdahl says:
https://medium.com/@nynan/bug-bounty-recon-horizontal-correlation-b7c81a32951a
Tomi Engdahl says:
https://www.darkreading.com/threat-intelligence/machine-learning-models-dangerous-new-attack-vector
Tomi Engdahl says:
https://securityaffairs.co/wordpress/139445/hacking/web-application-firewalls-waf-bypass.html
Tomi Engdahl says:
The Most Vulnerable Place on the Internet
Underwater cables keep the internet online. When they congregate in one place, things get tricky.
https://www.wired.com/story/submarine-internet-cables-egypt/
Tomi Engdahl says:
https://pentestmag.com/making-small-things-big/
Tomi Engdahl says:
https://www.f-secure.com/en/home/articles/f-alert
Tomi Engdahl says:
3 Ways Attackers Bypass Cloud Security
At Black Hat Europe, a security researcher details the main evasion techniques attackers are currently using in the cloud.
https://www.darkreading.com/cloud/3-ways-attackers-bypass-cloud-security
Tomi Engdahl says:
The Unique Challenges of Securing APIs
https://pentestmag.com/the-unique-challenges-of-securing-apis/
Tomi Engdahl says:
Report: Air-Gapped Networks Vulnerable to DNS Attacks
Common mistakes in network configuration can jeopardize the security of highly protected assets and allow attackers to steal critical data from the enterprise.
https://www.darkreading.com/attacks-breaches/report-air-gapped-networks-vulnerable-dns-attacks
Tomi Engdahl says:
Salakuunteleeko mainostaja meitä?
https://yrityksille.otavamedia.fi/blogit-ja-ajankohtaista/salakuunteleeko-mainostaja-meita/
Tomi Engdahl says:
For Cyberattackers, Popular EDR Tools Can Turn into Destructive Data Wipers
Microsoft, three others release patches to fix a vulnerability in their respective products that enables such manipulation. Other EDR products potentially are affected as well.
https://www.darkreading.com/vulnerabilities-threats/cyberattackers-popular-edr-tools-destructive-data-wipers
Tomi Engdahl says:
How I created an undetectable Backdoor for Windows — Ethical Hacking
https://pentestmag.com/how-i-created-an-undetectable-backdoor-for-windows-ethical-hacking-2/
Tomi Engdahl says:
Gobuster Tutorial – How to Find Hidden Directories, Sub-Domains, and S3 Buckets
https://www.freecodecamp.org/news/gobuster-tutorial-find-hidden-directories-sub-domains-and-s3-buckets/
Tomi Engdahl says:
https://pentestmag.com/the-biggest-risks-of-client-side-scanning/
Tomi Engdahl says:
https://www.cnbc.com/2022/12/07/apple-announces-plans-to-encrypt-icloud-backups.html
Tomi Engdahl says:
https://hackersonlineclub.com/xerosploit-advanced-man-in-the-middle-attack-framework/
Tomi Engdahl says:
https://hackersonlineclub.com/subzuf-smart-dns-response-guided-subdomain-fuzzer/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/sneaky-hackers-reverse-defense-mitigations-when-detected/
Tomi Engdahl says:
https://www.cyberciti.biz/tips/linux-how-to-find-all-failed-login-attempts.html
Tomi Engdahl says:
CSAF Is the Future of Vulnerability Management
Version 2.0 of the Common Security Advisory Framework will enable organizations to automate vulnerability remediation.
https://www.darkreading.com/threat-intelligence/csaf-is-the-future-of-vulnerability-management
Tomi Engdahl says:
Moving from checkers to chess: Cyber tips for today’s boards
http://shared.sponsoredcontent.com/article/503891
Corporate board members have made great strides in cyber literacy in recent years, recognizing cybersecurity’s importance and getting up to speed on topics from patching and zero-day vulnerabilities to the need for cyber insurance.