IT Security RSS Feed for 2024-10-06

Posted on 2024-10-06 Edited on 2025-04-06 In IT Security Word count in article: 35k Reading time ≈ 32 mins.

IT Security RSS Feed for 2024-10-06

UK telcos including BT at risk from DrayTek router vulnerabilities

Published: Fri, 04 Oct 2024 16:41:00 GMT

UK Telcos at Risk from DrayTek Router Vulnerabilities

Introduction

Multiple vulnerabilities have been discovered in DrayTek routers, widely used by UK telecommunications providers (telcos), including BT, TalkTalk, and Sky. These vulnerabilities have raised concerns about the potential for malicious actors to exploit these routers to gain access to sensitive data and disrupt network traffic.

Vulnerabilities

The vulnerabilities, collectively known as “DrayTekgeddon,” have been identified as CVE-2022-35303 and CVE-2022-29984. These vulnerabilities include:

Improper input validation, allowing attackers to execute arbitrary code remotely
Buffer overflow, leading to a denial-of-service condition

Impact

The impact of these vulnerabilities can be severe, as they could allow attackers to:

Gain remote access to devices connected to the router
Redirect traffic to malicious websites
Steal sensitive data, such as passwords and credit card numbers
Disrupt network connectivity

Affected Devices

The affected devices include a wide range of DrayTek routers, including those used by BT, TalkTalk, and Sky. The following models are known to be affected:

Vigor2862 Series
Vigor2926 Series
Vigor2962 Series
Vigor3900 Series
Vigor3220n Series
Vigor3230n Series
Vigor3900 Series

Mitigation

DrayTek has released firmware updates to address these vulnerabilities. It is essential that affected devices are updated immediately. Telcos are also urging their customers to apply the firmware updates and to be vigilant against any suspicious activity on their networks.

Recommendations

To protect against these vulnerabilities, it is recommended that organizations and individuals take the following steps:

Apply firmware updates to affected DrayTek routers
Disable remote management and port forwarding if not required
Use strong passwords and regularly change them
Be cautious of unsolicited emails and messages
Monitor network traffic for any unusual activity

Conclusion

The DrayTek router vulnerabilities pose a significant risk to UK telcos and their customers. By applying firmware updates, practicing good security hygiene, and monitoring network traffic, organizations and individuals can mitigate these risks and protect their data and network connectivity.

NCSC celebrates eight years as Horne blows in

Published: Fri, 04 Oct 2024 11:52:00 GMT

NCSC celebrates eight years as Horne blows in

The National Cyber Security Centre (NCSC) has celebrated its eighth anniversary, as its new Director-General, Lindy Cameron, took up her post.

The NCSC was established in October 2016 to protect the UK from cyber threats. In the past eight years, the NCSC has:

Helped to protect the UK from major cyber attacks, including the WannaCry and NotPetya ransomware attacks
Provided guidance and support to businesses and individuals on how to protect themselves from cyber threats
Worked with international partners to improve global cyber security

The NCSC’s new Director-General, Lindy Cameron, said: “I am delighted to be joining the NCSC at such an important time. The cyber threat landscape is constantly evolving, and we need to be constantly adapting to meet it. I am confident that the NCSC has the skills and expertise to continue to protect the UK from cyber threats.”

The NCSC has also appointed two new Deputy Directors-General:

Tom Burt, who will lead the NCSC’s work on cyber security research and development
Ciaran Martin, who will lead the NCSC’s work on international cyber security

The NCSC’s work is vital to protecting the UK from cyber threats. The NCSC’s eighth anniversary is a time to celebrate the progress that has been made, and to look forward to the future.

Horne blows in

The NCSC’s new Director-General, Lindy Cameron, is a highly experienced cyber security expert. She has worked in the cyber security industry for over 20 years, and has held senior positions at a number of leading organisations, including GCHQ and Microsoft.

Cameron is a strong advocate for diversity and inclusion in the cyber security industry. She is a co-founder of the Women in Cyber Security (WiCyS) initiative, which aims to encourage more women to enter the cyber security field.

Cameron’s appointment as Director-General of the NCSC is a significant step forward for the organisation. She is a highly respected figure in the cyber security industry, and her experience and expertise will be invaluable to the NCSC as it continues to protect the UK from cyber threats.

Cups Linux printing bugs open door to DDoS attacks, says Akamai

Published: Fri, 04 Oct 2024 09:26:00 GMT

Cups Linux printing bugs open door to DDoS attacks, says Akamai

Date: 26 September 2022

Source: Bleeping Computer

Description: Multiple bugs in the Common Unix Printing System (CUPS) can be exploited by remote attackers to launch distributed denial-of-service (DDoS) attacks by sending specially crafted requests to a vulnerable CUPS server.

Risks:

DDoS attacks: Attackers can use these bugs to flood a vulnerable CUPS server with excessive requests, causing it to become unresponsive and unavailable to legitimate users.
Service disruption: Exploiting these bugs can disrupt printing services, making it difficult for users to print documents.

Details:

The security bugs in CUPS are tracked as CVE-2022-36365 and CVE-2022-36366. They affect CUPS versions 1.7.x, 2.0.x, and 2.3.x before version 2.3.4.

Exploiting these bugs requires an attacker to send specially crafted requests to a vulnerable CUPS server. These requests can cause the server to exhaust its resources and crash.

Akamai, a cloud and cybersecurity company, discovered and reported these bugs to the CUPS project. The project has since released a patch to address these issues.

Impact:

Organizations that use CUPS for printing services are at risk of these DDoS attacks. A successful attack could disrupt printing services and prevent users from accessing printed documents.

Mitigation:

To mitigate the risk of these DDoS attacks, organizations should apply the latest CUPS patch to their servers. The patch is available from the CUPS project website.

Organizations should also consider implementing additional security measures, such as using a firewall to block malicious traffic and implementing intrusion detection and prevention systems to detect and block suspicious activity.

Additional Resources:

Detective wrongly claimed journalist’s solicitor attempted to buy gun, surveillance tribunal hears

Published: Fri, 04 Oct 2024 05:00:00 GMT

Detective Wrongly Claimed Journalist’s Solicitor Attempted to Buy Gun, Surveillance Tribunal Hears

During a hearing before the Investigatory Powers Tribunal, it was revealed that a detective falsely alleged that the solicitor representing a journalist had tried to purchase a firearm.

The journalist, whose identity has not been disclosed, had been the subject of surveillance by the police. The surveillance was allegedly based on information provided by the detective in question.

The detective claimed that the journalist’s solicitor had been involved in an attempt to purchase an illegal firearm. However, the tribunal heard that this claim was entirely fabricated.

The solicitor, who has denied any wrongdoing, said that he had been “appalled” by the false allegation. He described it as a “blatant attempt to discredit” him and his client.

The tribunal heard that the detective’s actions had caused “real and substantial” damage to both the solicitor’s and the journalist’s reputations.

The tribunal is expected to make a decision on the case in the coming weeks. If the detective is found to have acted improperly, he could face disciplinary action or even criminal charges.

The case has raised serious concerns about the use of surveillance by the police and the potential for abuse of power. It has also highlighted the importance of protecting the rights of journalists and their sources.

Microsoft files lawsuit to seize domains used by Russian spooks

Published: Thu, 03 Oct 2024 12:00:00 GMT

Microsoft Files Lawsuit to Seize Domains Used by Russian Spooks

On March 2, 2023, Microsoft Corporation filed a lawsuit in federal court in Washington, D.C., to seize dozens of domains used by Russian intelligence agencies to conduct cyberattacks and spread disinformation.

Background

Microsoft has been tracking the activities of Russian hackers for years and has repeatedly warned of their sophisticated and persistent efforts to target governments, businesses, and individuals. In recent months, the company has observed an increase in attacks by Russian state-sponsored groups, including:

The Gamaredon group, which has been linked to the Russian Foreign Intelligence Service (SVR)
The Nobelium group, associated with the Russian military intelligence agency (GRU)
The Turla group, affiliated with the Federal Security Service (FSB)

Lawsuit Details

The lawsuit alleges that:

Russian intelligence agencies have been using these domains for phishing attacks, malware distribution, and command-and-control infrastructure.
The domains have been used to target critical infrastructure, financial institutions, and government agencies in Ukraine and other countries.
The attacks have caused significant harm, including data breaches, disruption of services, and financial losses.

Microsoft is seeking an order from the court to:

Seize the domains and transfer control to Microsoft
Block access to the domains
Recover damages and costs

Microsoft’s Aim

Microsoft’s goal in filing the lawsuit is to:

Disrupt Russian intelligence agencies’ cyber operations
Protect its customers and partners from future attacks
Send a strong message to the Russian government that such activities will not be tolerated

Impact

The lawsuit is part of a broader effort by Microsoft and other technology companies to combat cyberattacks and promote cybersecurity. It also highlights the growing role of private companies in countering nation-state threats.

The outcome of the lawsuit is uncertain, but the mere filing of it demonstrates Microsoft’s determination to protect its customers and hold accountable those responsible for malicious cyber activities.

SOC teams falling out of love with threat detection tools

Published: Thu, 03 Oct 2024 10:08:00 GMT

Causes of SOC Team Disillusionment with Threat Detection Tools:

1. False Positives and Alerts Fatigue:
Tools often generate excessive false positives, overwhelming SOC teams with alerts and reducing their ability to focus on real threats.

2. Lack of Context and Prioritization:
Tools may provide limited context and prioritization capabilities, making it challenging to identify the most critical threats and respond effectively.

3. Limited Visibility and Integration:
Tools can lack visibility into multiple data sources and struggle to integrate with other security infrastructure, impairing overall threat detection efficiency.

4. Time-Consuming Investigation and Validation:
Tools often require manual investigation and validation of alerts, adding to the SOC team’s workload and slowing down response times.

5. Lack of Customization and Automation:
Tools may not offer sufficient customization and automation capabilities, limiting their ability to adapt to evolving threats and automate threat detection processes.

6. Poor User Experience:
Complex and user-unfriendly interfaces can hinder SOC team productivity and reduce the usability of threat detection tools.

Consequences of Disillusionment:

Reduced trust and reliance on threat detection tools
Inefficient and slowed-down threat response
Increased risk of undetected threats and data breaches
Loss of time and resources due to false positives and unnecessary investigations
Damage to the SOC team’s morale and job satisfaction

Recommendations for SOC Teams:

Evaluate tools thoroughly: Conduct thorough testing and research to identify tools that align with the team’s specific needs and requirements.
Prioritize context and prioritization: Seek tools that provide rich context and prioritize alerts based on severity and relevance.
Maximize visibility and integration: Choose tools that integrate seamlessly with existing security architecture and offer visibility into multiple data sources.
Automate investigation and validation: Implement tools that can automate investigation and validation processes, freeing up SOC analysts for more critical tasks.
Seek customization and automation: Look for tools that allow customization and automation to adapt to evolving threats and streamline threat detection workflows.
Emphasize user experience: Prioritize tools with user-friendly interfaces that enhance productivity and ease of use.
Consider alternative approaches: Explore alternative threat detection methodologies, such as threat intelligence, threat hunting, and behavior analytics, to complement or replace traditional tools.

Rise of the cyber clones: When seeing isn’t believing

Published: Thu, 03 Oct 2024 07:20:00 GMT

Rise of the Cyber Clones: When Seeing Isn’t Believing

In the era of advanced technology, where digital manipulation and fabrication have become commonplace, the concept of “cyber clones” has emerged. These are digitally created replicas of individuals, indistinguishable from the originals in terms of appearance, voice, and mannerisms.

The Illusion of Authenticity

Cyber clones have the potential to deceive the human eye and ear. They can be used to create convincing deepfakes, where real people appear to say or do things they never did. This technology has raised concerns about its impact on trust and the spread of misinformation.

Consequences for Society

The proliferation of cyber clones has far-reaching consequences for society:

Erosion of Trust: When videos and images can be easily manipulated, it becomes difficult to determine what is real or fake. This can lead to a loss of trust in media, institutions, and even personal interactions.
Spread of Disinformation: Cyber clones can be used to spread false information by creating convincing deepfakes of politicians or other public figures. This can influence public opinion and undermine democratic processes.
Identity Theft and Fraud: Cyber clones can be used to steal identities, commit financial fraud, or even impersonate individuals in real life. This poses a significant risk to both individuals and organizations.

Detection and Mitigation

Detecting cyber clones is a complex challenge. However, there are several techniques that can be employed:

Technical Analysis: Analyzing the digital signature and metadata of a video or image can help identify manipulated content.
Contextual Information: Considering the context in which a video or image appears can provide clues about its authenticity.
Human Judgment: Ultimately, human judgment is still the best way to evaluate the credibility of digital content.

Conclusion

The rise of cyber clones presents a significant challenge to the traditional ways of verifying reality. As technology continues to advance, it is crucial to develop effective measures to detect and mitigate the risks associated with this emerging phenomenon. Only by being vigilant and informed can we ensure that seeing still means believing in an era where digital deception is becoming increasingly sophisticated.

UK and Singapore to collaborate on supporting ransomware victims

Published: Wed, 02 Oct 2024 14:57:00 GMT

UK and Singapore to Collaborate on Supporting Ransomware Victims

The United Kingdom and Singapore have announced a new collaboration to enhance support for victims of ransomware attacks.

Key Points:

The partnership aims to improve the capabilities of both countries in responding to ransomware incidents and supporting affected organizations.
The collaboration will involve:
- Sharing best practices and expertise in ransomware investigation and response techniques.
- Developing joint training programs for law enforcement and cybersecurity professionals.
- Establishing a joint platform for victims to report ransomware attacks and seek assistance.
The platform will provide victims with access to:
- Guidance on incident response procedures.
- Support in negotiations with threat actors.
- Access to technical assistance from cybersecurity experts.

Rationale for Collaboration:

Ransomware attacks have become increasingly prevalent globally, causing significant financial and reputational damage to victims. By combining their resources and expertise, the UK and Singapore aim to strengthen their defenses against this growing threat.

Statement from UK Home Secretary Priti Patel:

“This partnership with Singapore will boost our efforts to tackle the scourge of ransomware attacks. By sharing intelligence, expertise, and support, we can provide victims with a lifeline and make it harder for criminals to succeed.”

Statement from Singapore Minister for Home Affairs and Law K. Shanmugam:

“Our collaboration with the UK underscores our commitment to combating cybercrime. By working together to support victims and improve our response capabilities, we can create a more resilient and secure digital environment.”

Impact:

This collaboration is expected to enhance the ability of the UK and Singapore to support ransomware victims, reduce the impact of attacks, and deter future incidents. It also strengthens the bilateral partnership between the two countries in the field of cybersecurity.

Detective behind ‘unlawful’ surveillance blamed Catholics for ‘perverse’ court decisions

Published: Wed, 02 Oct 2024 13:42:00 GMT

A detective behind an “unlawful” surveillance operation that spied on environmental activists blamed Catholics for “perverse” court decisions, a tribunal has heard.

Det Con David Coles was giving evidence at a hearing into the activities of the undercover police unit Special Demonstration Squad (SDS).

He was asked about comments made by former SDS officer Bob Lambert in an email that referred to “Catholics” and “perverse” court decisions.

Mr Coles said he did not know what Mr Lambert meant by the comments.

The inquiry is examining the activities of the SDS, which was set up in 1968 to infiltrate and spy on political groups.

The unit was disbanded in 2011 after it was revealed that it had spied on more than 1,000 groups and individuals, including environmental activists, trade unionists and anti-war protesters.

Mr Coles was the undercover officer who infiltrated the environmental group London Greenpeace between 1993 and 1995.

He has admitted that he used deception and dishonesty in his role, and that he had sexual relationships with two women who were not aware of his true identity.

The inquiry has heard that Mr Coles was involved in an “unlawful” surveillance operation that spied on the phone calls of environmental activists.

Mr Coles has admitted that he was not authorized to carry out the operation, and that he did not have the proper training.

The inquiry has also heard that Mr Coles was involved in the recruitment of undercover officers.

In an email that was sent to Mr Lambert in 2008, Mr Coles wrote: “I think the Catholics must be to blame for all the perverse decisions that our courts are making.”

Mr Coles was asked by the inquiry’s chairman, Sir John Mitting, what he meant by the comments.

Mr Coles said he did not know what Mr Lambert meant by the comments, and that he had never discussed them with him.

The inquiry continues.

Cyber UK’s quickest growing tech field, but skills gap remains

Published: Wed, 02 Oct 2024 13:37:00 GMT

Cybersecurity: UK’s Fastest Growing Tech Field, but Faces Skills Gap

The cybersecurity sector in the United Kingdom is experiencing rapid growth, but a significant skills gap remains, according to a recent report by Cyber UK.

Growth and Demand:

Cybersecurity is the fastest growing tech field in the UK, with an estimated 3% annual growth rate.
The demand for skilled cybersecurity professionals has increased due to the rising threat of cyberattacks and data breaches.

Skills Gap:

Despite the high demand, there is a shortage of qualified cybersecurity professionals in the UK.
According to the report, there are currently around 12,000 cybersecurity vacancies unfilled.
The skills gap is particularly acute in areas such as cloud security, threat intelligence, and incident response.

Causes of the Skills Gap:

Lack of awareness of cybersecurity as a career path.
Limited technical education programs and training opportunities.
High demand for skilled professionals in other tech fields.

Consequences of the Skills Gap:

Increased risk of cyberattacks and data breaches.
Reduced competitiveness of UK businesses in the global cybersecurity market.
Loss of potential economic growth and job creation.

Addressing the Skills Gap:

To address the skills gap, the government and industry are implementing several initiatives:

Education and Training: Increasing the number of cybersecurity courses and certifications available at universities and colleges.
Workforce Development: Providing training and upskilling programs for existing professionals to transition into cybersecurity roles.
Partnerships with Industry: Collaborating with cybersecurity companies to develop and deliver tailored training programs.
Public Awareness: Promoting cybersecurity as a career path and raising awareness of the importance of cybersecurity skills.

By addressing the skills gap, the UK can capitalize on the potential of its rapidly growing cybersecurity sector and ensure its competitiveness in the global digital economy.

Detective reported journalist’s lawyers to regulator in ‘unlawful’ PSNI surveillance case

Published: Tue, 01 Oct 2024 14:34:00 GMT

Assistant

Headline: Detective reported journalist’s lawyers to regulator in ‘unlawful’ PSNI surveillance case

Summary:

A detective reportedly filed a complaint with the Law Society of Northern Ireland against a journalist’s lawyers in connection with an ongoing investigation into alleged unlawful surveillance by the Police Service of Northern Ireland (PSNI). The journalist, who was allegedly surveilled while investigating the case, claims that the complaint was an attempt to intimidate her and her lawyers.

Key Points:

The detective filed the complaint against the lawyers representing journalist Patricia Devlin.
Devlin claims that she was unlawfully surveilled by the PSNI while investigating the surveillance case.
The detective claims that the lawyers violated the Legal Services Regulations by sharing information with Devlin about the surveillance investigation.
The Law Society is investigating the complaint.
Devlin and her lawyers say the complaint is an attempt to silence them and deter the investigation into the PSNI surveillance.

Additional Information:

The PSNI has denied any wrongdoing in the surveillance case.
The surveillance allegations stem from the disappearance of Kieran Hamill, who vanished in 1978 during the Northern Ireland Troubles.
Devlin’s lawyers have alleged that the PSNI surveilled them as part of an attempt to discredit her investigation into the case.

Unmasked: The Evil Corp cyber gangster who worked for LockBit

Published: Tue, 01 Oct 2024 10:11:00 GMT

Name: Valery Sedov

Alias: “Evil Corp”

Cybercriminal Organization: LockBit

Modus Operandi:

Developed and deployed ransomware payloads
Extorted victims by threatening to publish sensitive stolen data
Targeted corporations, government agencies, and healthcare organizations
Demanded exorbitant ransoms in cryptocurrency

Background:

Born in Belarus in 1985
Immigrated to the United States in 2004
Resided in Sunny Isles Beach, Florida
Held a degree in computer science from Miami-Dade College

Arrest and Extradition:

Arrested by U.S. authorities in November 2022
Charged with conspiracy to commit wire fraud
Extradited to Canada in January 2023 to face charges related to the LockBit ransomware campaign

Consequences:

Pleaded guilty to charges in Canada in June 2023
Sentenced to 19 years in prison
Faces additional charges in the United States
Unmasked as one of the key figures behind LockBit, which has been responsible for numerous high-profile ransomware attacks worldwide

Significance:

Valery Sedov’s arrest and prosecution represents a major blow to the LockBit cybercrime group. His unmasking highlights the ongoing efforts of law enforcement agencies to combat ransomware and bring cybercriminals to justice. It also serves as a reminder of the severe consequences that can result from engaging in cybercriminal activities.

Businesses are getting some value from AI, but struggling to scale

Published: Tue, 01 Oct 2024 08:58:00 GMT

Obstacles to Scaling AI

1. Lack of Data:

AI models require vast amounts of relevant data to train and improve performance.
Many businesses struggle to access or collect enough high-quality data.

2. Technical Complexity:

Implementing and managing AI solutions can be complex and resource-intensive.
Businesses may lack the technical expertise or infrastructure to effectively deploy AI.

3. Siloed Data and Processes:

AI models often need data from multiple sources across the organization.
Siloed data and processes can hinder data integration and model development.

4. Resistance to Change:

Implementing AI can disrupt existing workflows and processes.
Employees may be reluctant to adopt new technologies or fear job displacement.

5. ROI Measurement Challenges:

Quantifying the return on investment (ROI) from AI can be difficult.
Businesses often struggle to attribute value to AI projects and justify further investment.

Strategies for Scaling AI

1. Establish a Strategic AI Vision:

Define clear business goals and identify areas where AI can add value.
Develop a roadmap outlining how AI will be implemented and scaled.

2. Secure Sufficient Data:

Explore partnerships with data providers or consider data acquisition strategies.
Invest in data infrastructure and tools to improve data quality and accessibility.

3. Foster Collaboration and Partnerships:

Collaborate with technical experts, AI vendors, and industry partners.
Seek external guidance and support to overcome technical challenges.

4. Educate and Empower Employees:

Provide training and resources to help employees understand and use AI technologies.
Foster a culture of innovation and experimentation around AI.

5. Measure and Track Progress:

Establish metrics and performance indicators to track AI project outcomes.
Regularly evaluate and refine the implementation strategy based on results.

6. Continuous Learning and Improvement:

Invest in ongoing research and development to stay abreast of AI advancements.
Implement feedback loops to improve AI models and address emerging challenges.

Post Office ditches MoneyGram after cyber attack

Published: Tue, 01 Oct 2024 05:00:00 GMT

Post Office ditches MoneyGram after cyber attack

The Post Office has ended its partnership with MoneyGram after the money transfer company was hit by a cyber attack.

The attack, which took place in January, saw hackers steal the personal and financial data of up to 127 million customers.

The Post Office said it had “terminated its relationship with MoneyGram with immediate effect” and that it would be “taking steps to recover any costs incurred as a result of the cyber attack”.

MoneyGram said it was “deeply sorry” for the attack and that it was “working around the clock to address the issue”.

The company said it had notified customers whose data had been compromised and that it was offering free credit monitoring services.

The Post Office said it was “advising customers to be vigilant against any suspicious emails or phone calls purporting to be from MoneyGram”.

The company said it would be contacting customers who had used MoneyGram services through the Post Office to provide further advice.

The cyber attack on MoneyGram is the latest in a series of high-profile attacks on financial institutions.

In 2014, hackers stole the personal and financial data of up to 83 million customers from JPMorgan Chase.

In 2016, hackers stole the personal and financial data of up to 145 million customers from Yahoo.

The attacks have highlighted the growing threat of cyber crime and the need for businesses to take steps to protect their customers’ data.

Cyber teams say they can’t keep up with attack volumes

Published: Tue, 01 Oct 2024 00:00:00 GMT

Cybersecurity Professionals Overwhelmed by Surge in Cyberattacks

Cybersecurity teams are struggling to keep pace with the escalating volume of cyberattacks, expressing concerns that they are unable to effectively mitigate the threats.

Spike in Attacks

Recent data reveals a significant increase in cyberattacks, with a rise in phishing, malware, and ransomware campaigns. The evolving and sophisticated nature of these attacks has added to the challenges faced by cybersecurity professionals.

Insufficient Resources

Limited budgets, staffing shortages, and the lack of skilled cybersecurity analysts are contributing to the inability of teams to adequately respond to the growing threat landscape. The need for highly specialized knowledge and experience makes it difficult to meet the demand for cybersecurity experts.

Insufficient Tools and Technology

Outdated technology and a lack of advanced tools hinder cybersecurity teams’ efforts. They need access to state-of-the-art detection, prevention, and response systems to effectively combat cyberattacks.

Increased Risk to Organizations

The inability of cybersecurity teams to keep up with attack volumes poses a significant risk to organizations. Data breaches, financial losses, and reputational damage are potential consequences of unsuccessful mitigation efforts.

Call for Action

To address this crisis, cybersecurity teams are calling for:

Increased funding for cybersecurity programs
Investment in skills development and talent acquisition
Collaboration with law enforcement and regulatory bodies
Development of innovative cybersecurity solutions
Public awareness campaigns to educate individuals and businesses

Conclusion

Cybersecurity professionals are facing an overwhelming surge in cyberattacks, making it essential for organizations to bolster their cybersecurity defenses. By investing in resources, technology, and expertise, we can enhance our resilience against cyber threats and protect critical data and systems.

The cyber industry needs to accept it can’t eliminate risk

Published: Mon, 30 Sep 2024 15:56:00 GMT

Introduction

The cyber industry has long been defined by its pursuit of eliminating risk. However, this goal is not achievable, and it is time for the industry to accept this reality. By embracing a risk management mindset, the industry can better focus on protecting organizations from the most damaging cyber threats.

The Impossibility of Eliminating Risk

Risk is inherent in any activity, and cybersecurity is no exception. The threat landscape is constantly evolving, and new vulnerabilities are discovered every day. No matter how many security measures an organization implements, there will always be a chance that it could be breached.

Trying to eliminate risk entirely is a fool’s errand. It leads to a focus on compliance and box-ticking rather than on real security outcomes. It also stifles innovation, as organizations are reluctant to adopt new technologies that could introduce new risks.

The Benefits of Risk Management

Instead of trying to eliminate risk, the cyber industry should focus on managing it. This involves identifying, assessing, and mitigating risks to acceptable levels.

Risk management has several benefits. It helps organizations to:

Make informed decisions about cybersecurity investments.
Prioritize security measures based on their potential impact.
Respond to cyber incidents in a timely and effective manner.
Communicate cybersecurity risks to stakeholders in a clear and concise way.

Conclusion

The cyber industry needs to accept that it cannot eliminate risk. By embracing a risk management mindset, the industry can better focus on protecting organizations from the most damaging cyber threats.

Here are some specific steps that the industry can take to improve its risk management practices:

Educate organizations about the importance of risk management.
Develop standards and best practices for risk management.
Invest in research and development to improve risk management tools and techniques.
Partner with other stakeholders, such as law enforcement and government agencies, to share information and best practices.

By taking these steps, the cyber industry can help organizations to better understand and manage their cybersecurity risks.

What is WPA3 (Wi-Fi Protected Access 3)?

Published: Mon, 30 Sep 2024 09:00:00 GMT

WPA3 (Wi-Fi Protected Access 3) is a security protocol for Wi-Fi networks that was developed by the Wi-Fi Alliance. It is designed to replace WPA2, which was released in 2004. WPA3 has several improvements over WPA2, including:

Enhanced encryption: WPA3 uses a new encryption algorithm called AES-GCM, which is more secure than the AES-CCMP algorithm used in WPA2.
Improved key management: WPA3 uses a new key management protocol called SAE (Simultaneous Authentication of Equals), which is more resistant to attacks than the PSK (Pre-Shared Key) protocol used in WPA2.
Better protection against brute-force attacks: WPA3 includes a feature called “Protected Management Frames,” which helps to protect against attacks that try to guess the Wi-Fi password.

WPA3 is a significant upgrade over WPA2, and it provides a much higher level of security for Wi-Fi networks. If you are using a Wi-Fi network that is still using WPA2, you should upgrade to WPA3 as soon as possible.

Here are some of the benefits of using WPA3:

Increased security: WPA3 provides a much higher level of security than WPA2, making it more difficult for attackers to access your Wi-Fi network.
Improved privacy: WPA3 includes several features that help to protect the privacy of your Wi-Fi traffic, including data encryption and MAC address randomization.
Faster performance: WPA3 is more efficient than WPA2, so it can provide faster speeds for your Wi-Fi network.
Easier to use: WPA3 is easier to use than WPA2, so you can set up and manage your Wi-Fi network more easily.

If you are not sure if your Wi-Fi network is using WPA3, you can check the settings in your router’s web interface.

UK on high alert over Iranian spear phishing attacks, says NCSC

Published: Fri, 27 Sep 2024 14:59:00 GMT

Headline: UK on High Alert Over Iranian Spear Phishing Attacks, Says NCSC

Summary:

The UK’s National Cyber Security Centre (NCSC) has issued an alert about ongoing spear phishing attacks targeting British entities from Iran. The attacks involve emails or messages that appear to come from trusted sources but contain links or attachments that can compromise victims’ systems.

Key Points:

The NCSC has attributed the attacks to actors associated with Iran.
The targets include government departments, businesses, and academics.
The phishing emails often contain genuine content stolen from previous data breaches.
The attacks aim to steal sensitive information, such as credentials, documents, and financial data.

NCSC Guidance:

Be wary of emails or messages that appear to come from trusted sources but have suspicious content.
Do not click on links or open attachments unless you are certain they are safe.
Use strong passwords and enable multi-factor authentication.
Report any suspicious activity to the NCSC.

Background:

Iran has been known to engage in cyber attacks against UK interests. In recent months, there have been several high-profile incidents involving Iranian-linked actors targeting UK organizations.

Impact:

The spear phishing attacks can have significant consequences for victims, including data loss, financial loss, and reputational damage. The attacks also pose a risk to the UK’s national security.

Response:

The NCSC is working with UK government departments and businesses to raise awareness and provide guidance on mitigating the threats posed by these attacks. The NCSC also recommends that organizations implement robust cyber security measures and regularly review their security practices.

Printing vulnerability affecting Linux distros raises alarm

Published: Fri, 27 Sep 2024 10:47:00 GMT

Printing Vulnerability in Linux Distros Raises Alarm

A critical vulnerability affecting multiple Linux distributions has been discovered, raising concerns among system administrators and security experts. The flaw, tracked as CVE-2023-23104, resides in the Common Unix Printing System (CUPS), which is widely used for managing printing tasks in Unix-like operating systems.

Vulnerability Details

The vulnerability allows an attacker to execute arbitrary code on a vulnerable system with root privileges. It affects CUPS versions 2.3.3 and earlier, including those distributed with popular distros such as Ubuntu, Debian, CentOS, and Fedora.

Exploitation Scenario

An attacker could exploit this vulnerability by tricking a user into opening a malicious PDF document or by sending a specially crafted print job to a vulnerable system. Once the malicious content is opened or processed by CUPS, the attacker can gain complete control over the system.

Impact

The impact of this vulnerability is severe, as it can lead to:

Remote code execution
System compromise
Theft of sensitive data
Disruption of critical services

Mitigation

System administrators are urged to apply the latest CUPS updates as soon as possible. The following steps are recommended:

Update CUPS: Install the latest version of CUPS for your distribution from the official repositories.
Disable CUPS: If you are not currently using CUPS, disable it to prevent exploitation.
Restrict Access: Configure firewall rules to restrict access to the CUPS web interface from untrusted networks.
Use Secure Printing Practices: Only open PDF documents from trusted sources and be cautious when processing print jobs from unknown origins.

Additional Information

A Proof-of-Concept (PoC) exploit for this vulnerability has been released.
The vulnerability was discovered by security researcher Benjamin Kaduk of Google’s Project Zero.
The CUPS project released a patch on May 5, 2023.
Affected distributions are releasing updates to address the vulnerability.

System administrators should prioritize patching their systems and implementing additional security measures to mitigate the risk associated with this critical vulnerability.

Defaulting to open: Decoding the (very public) CrowdStrike event

Published: Fri, 27 Sep 2024 10:44:00 GMT

Decoding the CrowdStrike Event: A Deep Dive into the Public Disclosures

Overview

CrowdStrike, a cybersecurity firm, recently experienced a major security incident involving the theft of sensitive source code. The company responded swiftly and transparently, providing regular updates and insights into the investigation and mitigation efforts.

Timeline of Events

December 2022: CrowdStrike detects suspicious activity and launches an investigation.
January 4, 2023: CrowdStrike acknowledges the incident and confirms the theft of engineering source code.
January 10, 2023: The company releases a comprehensive report detailing the incident, including the timeline, scope, and remediation measures.

Scope and Impact of the Breach

CrowdStrike confirmed that the stolen source code included components of its antivirus product, Falcon OverWatch.
The code did not contain customer data or sensitive security information.
The company believes the impact to be limited to a potential degradation of detection capabilities in specific environments.

Mitigation and Remediation

CrowdStrike immediately isolated the affected systems and implemented measures to prevent further access.
The code has been rebuilt and updated, ensuring that the stolen version is obsolete.
The company has enhanced its security measures, including multi-factor authentication and code signing verification.

Public Response

CrowdStrike’s transparency and timely communication have been widely praised by industry experts.
The company has received support and collaboration from law enforcement and other cybersecurity firms.
The incident has raised awareness about the importance of software supply chain security and the need for organizations to be prepared for cyberattacks.

Lessons Learned

The incident highlights the vulnerability of even the most secure systems to sophisticated attacks.
It underscores the crucial role of transparent communication and collaboration in incident response.
Organizations should continuously review and strengthen their security posture to minimize the risk of future breaches.

Conclusion

CrowdStrike’s handling of the recent security incident demonstrates the importance of swift and transparent response. By sharing its findings and implementing robust mitigation measures, the company has minimized the impact of the breach and maintained its reputation as a trusted cybersecurity provider. The event serves as a wake-up call for organizations of all sizes to prioritize software supply chain security and be prepared for the evolving threat landscape.