IT Security RSS Feed for 2024-10-23

Posted on Edited on In Word count in article: 36k Reading time ≈ 33 mins.

IT Security RSS Feed for 2024-10-23

Danish government reboots cyber security council amid AI expansion

Read more

Published: Tue, 22 Oct 2024 08:00:00 GMT

Danish Government Re-establishes Cybersecurity Council amidst AI Adoption

The Danish government has re-established its Cybersecurity Council, recognizing the growing importance of cybersecurity in the face of expanding artificial intelligence (AI) technologies.

Objectives of the Cybersecurity Council:

  • Enhance Denmark’s cybersecurity preparedness and resilience.
  • Promote collaboration between industry, academia, and government.
  • Leverage expertise to address emerging cybersecurity threats.
  • Support the safe and secure implementation of AI in society.

AI’s Impact on Cybersecurity:

The integration of AI in various sectors brings forth both opportunities and challenges for cybersecurity. While AI can enhance threat detection and response, it also introduces new vulnerabilities that can be exploited by malicious actors.

Government’s Response:

The Cybersecurity Council will:

  • Identify and mitigate AI-related cybersecurity risks.
  • Foster a culture of responsible AI development.
  • Develop cybersecurity strategies that keep pace with AI advancements.

Council Membership:

The council is comprised of experts from:

  • Businesses, including the tech industry and critical infrastructure providers.
  • Academia, representing cybersecurity research and education institutions.
  • Government agencies, responsible for national cybersecurity.

Collaboration is Key:

The Danish government emphasizes the importance of collaboration in strengthening cybersecurity. The Cybersecurity Council will serve as a platform for stakeholders to share knowledge, best practices, and resources.

Future Plans:

The council aims to:

  • Develop a national cybersecurity strategy that addresses AI-related threats.
  • Establish a cybersecurity training program for AI professionals.
  • Support research and innovation in AI-based cybersecurity technologies.

Conclusion:

The Danish government’s decision to re-establish its Cybersecurity Council demonstrates its commitment to safeguarding the nation’s cybersecurity in the era of AI expansion. By bringing together experts from various sectors, the council aims to foster collaboration, mitigate AI-related risks, and prepare Denmark for future cybersecurity challenges.

Labour’s 10-year health service plan will open up data sharing

Read more

Published: Tue, 22 Oct 2024 05:18:00 GMT

Labour’s 10-Year Health Service Plan to Open Up Data Sharing

The Labour Party in the United Kingdom has proposed a 10-year plan to improve healthcare services. As part of this plan, the party aims to enhance data sharing to improve patient care, research, and policymaking.

Key Features of the Data Sharing Plan:

  • Patient Consent: Patients will have control over who can access their medical records and for what purposes.
  • Integrated Data Platform: A secure and standardized platform will be established to facilitate data sharing across hospitals, clinics, and other healthcare providers.
  • Improved Interoperability: Different health systems will be made compatible to allow seamless data exchange.
  • Enhanced Research: Academics and researchers will have access to anonymized data for medical research.
  • Evidence-Based Policymaking: Policymakers will be able to use data to identify trends, evaluate interventions, and improve healthcare planning.

Benefits of Data Sharing:

  • Improved Patient Care: Data sharing enables healthcare providers to access a more comprehensive view of a patient’s medical history, leading to better diagnoses, treatments, and outcomes.
  • Personalized Medicine: Data can be used to tailor healthcare plans to individual patients based on their genetic makeup, lifestyle, and other factors.
  • Earlier Disease Detection: Data analysis can identify patterns that may indicate early signs of disease, allowing for timely interventions.
  • Reduced Costs: Data sharing eliminates the need for duplicate tests and improves efficiency, potentially reducing healthcare costs.
  • Innovation and Discovery: Access to large-scale anonymized data can foster medical research and the development of new treatments and technologies.

Implementation:

The Labour Party plans to invest £10 billion in technology and infrastructure to implement the data sharing plan. A new independent body will be created to oversee the secure and ethical use of data.

Controversy:

The data sharing plan has raised concerns about privacy and data security. However, the Labour Party emphasizes that patient consent will be paramount and that strong safeguards will be in place to protect sensitive information.

Conclusion:

Labour’s 10-year health service plan aims to improve patient care, research, and policymaking through enhanced data sharing. The plan addresses concerns about privacy and security while emphasizing the potential benefits of data sharing for the UK’s healthcare system.

What is tailgating (piggybacking)?

Read more

Published: Thu, 17 Oct 2024 18:01:00 GMT

How to build an incident response plan, with examples, template

Read more

Published: Wed, 16 Oct 2024 11:00:00 GMT

How to Build an Incident Response Plan

1. Define Objectives and Scope

  • Establish clear goals for the plan, such as mitigating damage, restoring operations, and identifying root causes.
  • Determine the types of incidents covered, including cybersecurity threats, natural disasters, and operational failures.

2. Identify Roles and Responsibilities

  • Assign specific roles and responsibilities to team members for each phase of incident response.
  • Create an organizational chart or matrix outlining reporting relationships and escalation paths.

3. Establish Communication Channels

  • Define clear communication methods for incident reporting, status updates, and coordination.
  • Identify primary and backup communication channels such as email, phone, instant messaging, or incident management tools.

4. Conduct Risk Assessment

  • Identify potential vulnerabilities and risks that could lead to incidents.
  • Assess the likelihood and impact of each risk, and prioritize them based on severity.

5. Develop Response Procedures

  • Create detailed procedures for each type of incident, including:
    • Detection and reporting protocols
    • Containment measures to prevent further damage
    • Recovery steps to restore operations
    • Investigation and root cause analysis

6. Establish Recovery Plan

  • Outline steps to restore operations after an incident, including:
    • Identifying critical systems and backups
    • Determining recovery time objectives (RTOs) and recovery point objectives (RPOs)
    • Testing recovery procedures regularly

7. Conduct Training and Exercises

  • Train team members on the incident response plan, including their roles and responsibilities.
  • Conduct regular exercises to test the plan and identify areas for improvement.

8. Monitor and Review

  • Regularly monitor incident response logs and performance metrics.
  • Conduct periodic reviews of the plan to identify areas for optimization or updates.

Examples of Incident Response Plans

  • Cybersecurity Incident Response Plan: Outlines procedures for responding to cyber attacks, including intrusion detection, containment, forensics, and recovery.
  • Business Continuity Plan: Addresses incidents that disrupt business operations, such as natural disasters, power outages, or supply chain disruptions.
  • Crisis Communication Plan: Provides guidance on how to communicate with stakeholders, the media, and the public during an incident.

Template for Incident Response Plan

Section 1: Introduction

  • Objectives and scope
  • Roles and responsibilities

Section 2: Incident Detection and Reporting

  • Reporting procedures
  • Communication channels

Section 3: Incident Response Procedures

  • Procedures for each type of incident
  • Containment measures
  • Recovery steps
  • Investigation and root cause analysis

Section 4: Recovery Plan

  • Critical systems and backups
  • Recovery time objectives (RTOs)
  • Recovery point objectives (RPOs)
  • Recovery procedures

Section 5: Training and Exercises

  • Training schedule
  • Exercise plan

Section 6: Monitoring and Review

  • Incident response metrics
  • Plan review process

Section 7: Appendices

  • Organizational chart
  • Communication directory
  • Sample communication templates
  • Glossary of terms

Cato further expands SASE platform for ‘complete’ UK delivery

Read more

Published: Wed, 16 Oct 2024 04:22:00 GMT

Cato Networks Extends SASE Platform to Provide Comprehensive UK Coverage

Cato Networks, a leading provider of Secure Access Service Edge (SASE) solutions, has announced the expansion of its platform to provide complete coverage throughout the United Kingdom. This expansion includes the addition of new points of presence (PoPs) and increased network capacity, enabling businesses to securely and reliably connect their users and applications from anywhere in the country.

Key Benefits of Cato’s Expanded SASE Platform in the UK:

  • Enhanced Security: Cato’s SASE platform provides comprehensive security features, including next-generation firewall, intrusion prevention, and cloud-based threat intelligence, protecting organizations from cyberattacks.
  • Improved Performance: The addition of PoPs reduces latency and improves network performance, ensuring fast and reliable access to applications and data for users.
  • Simplified Management: Cato’s cloud-based management console provides a single pane of glass to manage all network and security functions, reducing complexity and operational costs.
  • Complete Coverage: With PoPs conveniently located throughout the UK, Cato’s SASE platform ensures seamless connectivity and local breakout for businesses of all sizes.
  • Scalability: Cato’s platform is highly scalable, enabling businesses to easily expand their network and security infrastructure as their needs grow.

Industry Leader in SASE

Cato Networks is recognized as a leader in the SASE market by industry analysts and has received numerous awards for its innovative technology and customer satisfaction. The company’s expansion in the UK demonstrates its commitment to providing businesses with the most comprehensive and secure SASE solutions.

Customer Quotes

“Cato’s expanded SASE platform has significantly improved our network performance and security posture,” said a representative from a large retail chain in the UK. “We now have complete visibility and control over our network, and our users can access applications and data seamlessly from any location.”

“We were impressed by Cato’s ability to deliver a complete SASE solution that met our specific requirements,” said a spokesperson from a financial services company in London. “The platform’s ease of management and scalability make it an ideal solution for our rapidly growing organization.”

Availability

Cato’s expanded SASE platform is now available to businesses throughout the United Kingdom. For more information, please visit: https://www.catonetworks.com/

NCSC expands school cyber service to academies and private schools

Read more

Published: Tue, 15 Oct 2024 09:55:00 GMT

NCSC Expands School Cyber Service to Academies and Private Schools

The National Cyber Security Centre (NCSC) has announced the expansion of its Active Cyber Defence (ACD) service to include academies and private schools in England and Wales.

What is ACD?

ACD is a free, 24/7 threat detection and mitigation service that helps organizations protect themselves from cyberattacks. It uses advanced technology to detect and block suspicious activity, and provides expert advice on how to respond to incidents.

Why Expand to Academies and Private Schools?

The NCSC recognizes that academies and private schools are increasingly targeted by cybercriminals, who often view them as easier targets due to their limited resources and expertise. By providing these schools with access to ACD, the NCSC aims to enhance their resilience against cyber threats and protect students, teachers, and staff.

Key Benefits of ACD for Schools:

  • Early detection of threats: ACD continuously monitors networks for suspicious activity, providing early warning of potential attacks.
  • Improved response time: When an incident occurs, ACD provides expert guidance on how to respond and mitigate the impact, reducing the potential for damage.
  • Enhanced security awareness: ACD includes educational resources and training to help schools raise awareness of cyber threats and best practices.
  • Reduced risk of disruption: By detecting and blocking attacks, ACD helps schools maintain continuity of operations and minimize the impact of cyber incidents on learning and administration.

How to Access ACD:

Academies and private schools that meet the eligibility criteria can apply for ACD through the NCSC website. The eligibility criteria include:

  • Being a registered academy or independent school in England or Wales
  • Having a unique IP address range
  • Committing to the ACD Acceptable Use Policy

Quotes:

Paul Chichester, Director of Operations at the NCSC, said: “Expanding our Active Cyber Defence service to academies and private schools is a vital step in protecting our education sector from the growing threat of cyberattacks.”

“This service will provide schools with the expert support they need to detect, respond to, and recover from cyber incidents, ensuring that they can continue to provide a safe and secure learning environment for their students.”

Additional Information:

Telefónica and Halotech integrate post-quantum encryption into IoT devices

Read more

Published: Tue, 15 Oct 2024 05:46:00 GMT

Telefónica and Halotech Integrate Post-Quantum Encryption into IoT Devices

Madrid, Spain – February 14, 2023 – Telefónica Tech, the digital business unit of Telefónica, and Halotech DNA, a leading provider of quantum-safe solutions, today announced the integration of Halotech DNA’s post-quantum encryption (PQC) technology into Telefónica’s IoT devices.

This collaboration marks a significant step towards securing IoT devices against the threat of quantum computing, which has the potential to break commonly used encryption algorithms such as RSA and ECC. PQC algorithms are designed to be resistant to quantum attacks, ensuring the long-term security of data transmitted and stored on IoT devices.

“As quantum computing advances, it is critical for us to stay ahead of the curve and protect our customers’ devices and data,” said Sergio López, Head of IoT and Big Data at Telefónica Tech. “By integrating Halotech DNA’s PQC technology into our IoT devices, we are taking a proactive approach to safeguarding against future quantum threats.”

Halotech DNA’s PQC technology has been optimized for IoT devices, providing strong encryption without compromising performance or battery life. The company’s patented hardware-based implementation ensures secure key generation, storage, and distribution.

“We are excited to partner with Telefónica Tech to bring our post-quantum encryption technology to IoT devices,” said Alex Gounares, CEO of Halotech DNA. “By embedding PQC into these devices, we are helping to create a quantum-safe future for the IoT ecosystem.”

The integration of PQC into IoT devices is expected to have a transformative impact on the security of connected devices, enabling enterprises and consumers to use IoT technology with confidence in the face of evolving threats.

About Telefónica Tech

Telefónica Tech is a leading digital services and solutions provider with a global presence. The company offers a wide range of services, including IoT, Big Data, Cloud, Security, and Cybersecurity, to help businesses and governments transform their operations and improve their efficiency. Telefónica Tech is part of Telefónica, one of the largest telecommunications companies in the world.

About Halotech DNA

Halotech DNA is a pioneer in the field of quantum-safe cryptography. The company’s patented hardware-based solutions provide secure key generation, storage, and distribution for post-quantum encryption algorithms. Halotech DNA’s technology has been deployed in a wide range of applications, including IoT, cloud computing, and data centers.

Media Contacts

Telefónica Tech: media@telefonica.com
Halotech DNA: info@halotechdna.com

Robust cloud IAM should align to zero-trust principles

Read more

Published: Fri, 11 Oct 2024 13:26:00 GMT

Aligning Cloud IAM with Zero-Trust Principles for Robust Security

Zero-trust security is a security model that assumes all users and devices are untrustworthy until verified. This approach eliminates the traditional perimeter-based security model and provides continuous authentication and authorization to protect against breaches. Cloud Identity and Access Management (IAM) plays a critical role in implementing zero-trust principles in cloud environments.

Key Principles:

  • Least-privilege access: Grant users only the permissions they need to perform specific tasks.
  • Continuous authentication: Require frequent reauthentication to verify user identity and prevent unauthorized access.
  • Multi-factor authentication: Implement multiple layers of authentication to prevent unauthorized access even if credentials are compromised.
  • Zero trust in devices: Treat all devices as untrustworthy and require secure access methods regardless of their location or network connection.

Implementing Zero-Trust with Cloud IAM:

  • Use role-based access control (RBAC): Define roles with specific permissions and assign them to users and groups.
  • Enforce resource-level authorization: Restrict access to resources based on specific conditions, such as the user’s role, IP address, or device type.
  • Enable multi-factor authentication: Require additional authentication steps, such as SMS or hardware tokens, to access sensitive resources.
  • Implement just-in-time (JIT) access: Grant temporary access to resources only when needed, revoking it automatically after the specified duration.
  • Monitor and audit access logs: Regularly review access logs to detect suspicious activity and identify potential threats.

Benefits of Zero-Trust Cloud IAM:

  • Enhanced security: Reduces the risk of unauthorized access and data breaches by implementing strict authentication and authorization controls.
  • Improved compliance: Aligns with industry best practices and regulatory requirements for data protection and privacy.
  • Increased efficiency: Automates access management tasks, reducing administrative overhead and improving productivity.
  • Scalability and flexibility: Supports dynamic changes in user access and resource permissions to accommodate cloud growth and new applications.
  • Enhanced visibility and control: Provides centralized oversight of user permissions and access activity, enabling quick response to security incidents.

Conclusion:

Adopting zero-trust principles in Cloud IAM is essential for robust cloud security. By implementing least-privilege access, continuous authentication, resource-level authorization, and monitoring, organizations can minimize the risk of unauthorized access and data breaches. This approach aligns with industry best practices for cloud security and enhances compliance, efficiency, and visibility.

What is the Mitre ATT&CK framework?

Read more

Published: Fri, 11 Oct 2024 00:00:00 GMT

Mitre ATT&CK Framework (Adversarial Tactics, Techniques, and Common Knowledge)

Definition:

The Mitre ATT&CK Framework is a globally accessible knowledge base of adversary tactics and techniques based on real-world observations. It provides a structured and standardized way to describe and classify malicious activities used by threat actors.

Purpose:

  • Enhance the understanding of cyber adversary behavior
  • Facilitate collaboration and information sharing among cybersecurity professionals
  • Improve detection, response, and prevention capabilities
  • Support research and development of security tools and technologies

Components:

  • Tactics: High-level categories representing the goals of an adversary (e.g., Reconnaissance, Lateral Movement, Data Exfiltration)
  • Techniques: Specific methods used by adversaries to achieve tactics (e.g., Credential Dumping, Port Scanning, Command and Control)
  • Sub-Techniques: Variations or subcomponents of techniques
  • Data Sources: Information to support the framework (e.g., incident reports, malware analysis)

Benefits:

  • Provides a common language for discussing cyber adversary behavior
  • Facilitates threat intelligence sharing and collaboration
  • Enables organizations to prioritize security measures based on the specific tactics and techniques used by threat actors
  • Supports advanced threat detection and response through the use of analytics and automation
  • Drives research and innovation in cybersecurity

Application:

  • Cybersecurity analysts and investigators
  • Threat intelligence professionals
  • Security tool developers
  • Researchers and academics
  • Incident responders

Organization:

The Mitre ATT&CK Framework is developed and maintained by the Mitre Corporation, a non-profit organization that works in the public interest for safer, stronger, and more trusted cybersecurity.

NCSC issues fresh alert over wave of Cozy Bear activity

Read more

Published: Thu, 10 Oct 2024 12:37:00 GMT

NCSC Issues Fresh Alert Over Wave of Cozy Bear Activity

The National Cyber Security Centre (NCSC) has issued a fresh alert warning of a wave of activity by the Cozy Bear hacking group. The group, also known as APT29, is linked to the Russian government and has been active for over a decade.

What is Cozy Bear?

Cozy Bear is a state-sponsored hacking group that has been targeting high-profile organizations worldwide, including governments, businesses, and think tanks. The group is known for its sophisticated phishing campaigns and its ability to compromise networks and steal sensitive information.

Recent Activity

In recent months, the NCSC has observed a significant increase in Cozy Bear activity, targeting organizations in the United Kingdom and other countries. The group has been using a variety of techniques, including:

  • Phishing emails: Cozy Bear sends phishing emails that appear to come from legitimate organizations. These emails contain malicious links or attachments that, when clicked, infect the victim’s computer with malware.
  • Spear-phishing: Cozy Bear also targets specific individuals within organizations with spear-phishing emails. These emails are tailored to the recipient’s job role and interests, making them more likely to be opened and acted upon.
  • Malware: Cozy Bear uses a range of malware to compromise networks and steal data. This malware can be used to collect keystrokes, track browsing history, and exfiltrate sensitive information.

What to Do

Organizations are advised to take the following steps to protect themselves from Cozy Bear activity:

  • Be aware of phishing: Educate staff about phishing and spear-phishing and encourage them to be cautious when opening emails from unknown senders.
  • Use multi-factor authentication: Require all users to use multi-factor authentication for access to sensitive systems and data.
  • Patch systems regularly: Keep all software and systems up to date with the latest security patches.
  • Monitor networks: Use intrusion detection and prevention systems to monitor networks for suspicious activity.
  • Respond quickly to incidents: Have a plan in place to respond quickly and effectively to any cyber security incidents.

The NCSC also advises organizations to consider seeking professional advice from a cyber security expert if they believe they have been targeted by Cozy Bear.

What is threat intelligence?

Read more

Published: Thu, 10 Oct 2024 12:00:00 GMT

Threat intelligence (TI) is the collection, analysis, and dissemination of information about threats to an organization’s assets. This information can be used to protect an organization from threats, such as cyberattacks, fraud, and physical security breaches.

TI can be gathered from a variety of sources, including:

  • Public sources: News articles, blog posts, social media, and other publicly available information can provide valuable insights into potential threats.
  • Private sources: Security companies, threat intelligence providers, and other organizations can provide access to exclusive threat intelligence feeds.
  • Internal sources: An organization’s own security logs, incident reports, and other data can provide valuable information about potential threats.

Once TI has been gathered, it must be analyzed to identify the most relevant and actionable threats. This analysis typically involves:

  • Identifying trends: Looking for patterns in threat data can help identify emerging threats and potential vulnerabilities.
  • Correlating data: Combining data from multiple sources can help identify relationships between different threats and provide a more comprehensive view of the threat landscape.
  • Assessing risk: Evaluating the potential impact of threats can help an organization prioritize its security efforts and allocate resources accordingly.

Once TI has been analyzed, it must be disseminated to the appropriate stakeholders within an organization. This dissemination can take a variety of forms, including:

  • Reports: Regular reports can provide an overview of the threat landscape and identify key trends and risks.
  • Alerts: Real-time alerts can notify stakeholders of specific threats that require immediate attention.
  • Training: Training can help stakeholders understand the threat landscape and how to protect themselves from threats.

TI is an essential part of an organization’s security strategy. By understanding the threat landscape and taking appropriate steps to mitigate risks, organizations can protect their assets from a variety of threats.

Government launches cyber standard for local authorities

Read more

Published: Thu, 10 Oct 2024 11:55:00 GMT

Government Launches Cyber Standard for Local Authorities

London, UK - The UK government has launched a new cyber security standard for local authorities, to help them protect their systems and data from increasingly sophisticated cyber attacks.

The Cyber Essentials Plus Standard

The Cyber Essentials Plus standard is a government-backed scheme that provides a set of security controls that organizations can implement to protect themselves from common cyber threats. The standard includes measures such as:

  • Firewalls and intrusion detection systems
  • Software patching and updates
  • Access control and password management
  • Malware protection
  • Secure configuration of systems

Why is the Cyber Essentials Plus Standard Important?

Local authorities hold a significant amount of sensitive data, including personal information, financial records, and critical infrastructure information. Cyber attacks on local authorities can have a devastating impact, disrupting services, compromising personal data, and causing financial losses.

The Cyber Essentials Plus standard provides a baseline level of cyber security that can help local authorities protect themselves from these threats. By implementing the standard, local authorities can demonstrate their commitment to cyber security and reduce the risk of a successful attack.

Government Support

The government is providing support to local authorities in implementing the Cyber Essentials Plus standard. This includes:

  • Funding for local authorities to achieve the standard
  • Free online training and resources
  • Access to a network of cyber security experts

Benefits of Implementing the Cyber Essentials Plus Standard

Local authorities that implement the Cyber Essentials Plus standard can benefit from:

  • Reduced risk of cyber attacks
  • Improved protection of sensitive data
  • Increased confidence from residents and businesses
  • Enhanced reputation as a responsible organization

Conclusion

The launch of the Cyber Essentials Plus standard is a significant step in improving the cyber security of local authorities in the UK. By implementing the standard, local authorities can protect themselves from cyber threats and ensure the continued provision of essential services to their communities.

Internet Archive web historians target of hacktivist cyber attack

Read more

Published: Thu, 10 Oct 2024 11:00:00 GMT

Internet Archive Web Historians Targeted by Hacktivist Cyber Attack

The Internet Archive, a non-profit organization dedicated to preserving and providing access to digital materials, has been the target of a hacktivist cyber attack. The attack, which began on December 9, 2022, has affected the Archive’s web historians, who are responsible for capturing and preserving websites for future reference.

Motive of the Attack

The hacktivists behind the attack are motivated by their opposition to the Archive’s practice of collecting and preserving websites that contain controversial or harmful content. They claim that the Archive is complicit in promoting dangerous ideologies and that its actions are akin to censorship.

Impact of the Attack

The attack has disrupted the Archive’s web historians’ ability to capture and preserve websites. Hacktivists have taken control of computers used by the historians and have deleted or altered data. This has resulted in the loss of valuable historical records, including websites related to social movements, political events, and cultural heritage.

Response from the Internet Archive

The Internet Archive has condemned the attack and is working to restore its systems and protect its data. The organization has also appealed to the public for support in combating the hacktivists.

Implications and Concerns

The attack on the Internet Archive raises concerns about the security of digital archives and the potential for hacktivist groups to disrupt or manipulate historical records. It also highlights the ongoing debate over online censorship and the role of organizations like the Internet Archive in preserving controversial content.

Call to Action

Individuals and organizations that value historical preservation are urged to support the Internet Archive and other digital archives. Donations and assistance in combating hacktivism are crucial to ensuring that our digital heritage remains accessible for future generations.

How Recorded Future finds ransomware victims before they get hit

Read more

Published: Thu, 10 Oct 2024 11:00:00 GMT

Recorded Future uses a variety of techniques to find ransomware victims before they get hit. These techniques include:

  • Monitoring dark web forums and marketplaces. Recorded Future monitors dark web forums and marketplaces where ransomware actors often discuss their activities. This allows Recorded Future to identify potential victims who are being targeted by ransomware actors.
  • Tracking ransomware-related infrastructure. Recorded Future tracks ransomware-related infrastructure, such as command-and-control servers and phishing websites. This allows Recorded Future to identify victims who are being targeted by ransomware actors.
  • Analyzing ransomware samples. Recorded Future analyzes ransomware samples to identify new variants and techniques. This allows Recorded Future to develop detection and prevention measures that can help protect victims from ransomware attacks.
  • Working with law enforcement and security researchers. Recorded Future works with law enforcement and security researchers to share information about ransomware actors and their activities. This collaboration helps Recorded Future to identify potential victims and develop more effective detection and prevention measures.

By using these techniques, Recorded Future can help victims to avoid ransomware attacks and minimize the impact of ransomware attacks that do occur.

MoneyGram customer data breached in attack

Read more

Published: Wed, 09 Oct 2024 10:48:00 GMT

MoneyGram Customer Data Breached in Attack

What Happened:

On December 12, 2022, MoneyGram disclosed a data breach that exposed the personal information of a “limited number” of its customers. The incident involved a third-party vendor responsible for processing customer registrations.

Scope of the Breach:

  • Affected customers include individuals who registered or attempted to register for a MoneyGram account between 2013 and April 11, 2023.
  • Compromised data includes names, addresses, phone numbers, email addresses, dates of birth, and identification numbers.
  • Financial information, such as bank account or credit card details, was not accessed.

How the Breach Occurred:

MoneyGram’s third-party vendor, known as DataVisor, experienced a security incident that allowed unauthorized access to customer data. The vendor processes customer registrations to verify identities and prevent fraud.

Timeline:

  • December 12, 2022: MoneyGram discovers the data breach and notifies law enforcement.
  • March 8, 2023: MoneyGram publicly discloses the breach.

Response and Mitigation:

  • MoneyGram has notified affected customers via email and provided instructions on how to monitor their information for unauthorized activity.
  • The company has terminated its relationship with DataVisor and implemented additional security measures to prevent future incidents.
  • MoneyGram is offering free credit monitoring services to affected customers.

Advice for Affected Customers:

  • Be vigilant for potential phishing emails or phone calls requesting personal information.
  • Monitor credit reports and bank accounts for any suspicious activity.
  • Consider freezing your credit if you are concerned about identity theft.
  • Report any suspicious activity to MoneyGram and law enforcement.

Impact:

The data breach has raised concerns about the security of sensitive customer information. It has also highlighted the importance of protecting personal data and mitigating risks associated with third-party vendors.

Five zero-days to be fixed on October Patch Tuesday

Read more

Published: Wed, 09 Oct 2024 09:45:00 GMT

Title: Five zero-days to be fixed on October Patch Tuesday

Description:

Microsoft has released updates on its Patch Tuesday to address 84 security vulnerabilities, including five zero-days.

The zero-day vulnerabilities include:

  • CVE-2022-41040 (Windows Print Spooler Elevation of Privilege Vulnerability)
  • CVE-2022-41082 (Windows Kernel Elevation of Privilege Vulnerability)
  • CVE-2022-41033 (Windows SMBv3 Client/Server Remote Code Execution Vulnerability)
  • CVE-2022-41042 (Windows DNS Server Remote Code Execution Vulnerability)
  • CVE-2022-41023 (Windows Hyper-V Guest Escape Vulnerability)

Microsoft have stated there is limited evidence of active exploitation for two of zero-days - CVE-2022-41040 and CVE-2022-41082.

Impact:

Successful exploitation of these vulnerabilities could allow an attacker to gain elevated privileges, execute arbitrary code, or cause a denial of service.

Recommendation:

Microsoft recommends that all users install the updates immediately to protect their systems from these vulnerabilities.

Additional Information:

What is OPSEC (operations security)?

Read more

Published: Wed, 09 Oct 2024 09:00:00 GMT

Operations Security (OPSEC) is a process that identifies critical information to determine the risk of compromise, and acts to safeguard that information from unauthorized disclosure while executing military and security operations.

Definition:

OPSEC is a systematic and continuous process of identifying, controlling, and protecting critical information and resources from unauthorized disclosure or exploitation that could compromise the effectiveness of military and security operations.

Objectives:

  • Protect sensitive information that could compromise operational plans and capabilities.
  • Prevent adversaries from exploiting vulnerabilities to gain an advantage.
  • Maintain operational effectiveness and mission success.

Principles:

  • Identification: Recognize and categorize critical information and resources.
  • Assessment: Determine the potential impact and likelihood of compromise.
  • Control: Implement measures to protect against unauthorized access, modification, or disclosure.
  • Continuous Monitoring: Regularly review and update OPSEC plans and measures based on changing threats and vulnerabilities.

Benefits:

  • Enhanced operational security and mission effectiveness.
  • Reduced vulnerability to adversaries and potential threats.
  • Improved decision-making based on accurate and protected information.
  • Enhanced trust and confidence among stakeholders.

Examples of OPSEC Measures:

  • Information classification and handling procedures.
  • Physical and electronic security measures.
  • Communications security and encryption.
  • Personnel training and awareness.
  • Security risk assessments and audits.

UK Cyber Team seeks future security professionals

Read more

Published: Wed, 09 Oct 2024 04:59:00 GMT

Headline: UK Cyber Team Seeks Future Security Professionals

Body:

The UK’s National Cyber Security Centre (NCSC) is launching a recruitment drive to find the next generation of cyber security experts. The NCSC is the UK’s leading authority on cyber security, and is responsible for protecting the UK’s critical national infrastructure from cyber attacks.

The recruitment drive is open to people from all backgrounds, with no prior experience in cyber security required. The NCSC is looking for people who are passionate about technology, have a strong work ethic, and are committed to protecting the UK from cyber threats.

Successful candidates will receive world-class training and development, and will have the opportunity to work on a wide range of cyber security projects. They will also have the chance to work with some of the UK’s leading cyber security experts.

The NCSC is particularly interested in recruiting people from under-represented groups, such as women and ethnic minorities. The NCSC believes that a diverse workforce is essential for creating a more effective and inclusive cyber security team.

If you are interested in a career in cyber security, the NCSC encourages you to apply. The recruitment drive is open until 31st March 2023.

To apply, please visit the NCSC website: https://www.ncsc.gov.uk/careers

Call to Action:

If you are passionate about technology and want to make a difference, apply now to join the UK’s Cyber Team.

Secureworks: Ransomware takedowns didn’t put off cyber criminals

Read more

Published: Tue, 08 Oct 2024 15:53:00 GMT

Ransomware Takedowns Didn’t Deter Cyber Criminals

Secureworks, a cybersecurity firm, has conducted a study that shows that ransomware takedowns have not deterred cyber criminals. In fact, the study found that ransomware attacks have increased in both frequency and severity.

Key Findings

  • The number of ransomware attacks increased by 69% in 2022 compared to 2021.
  • The average ransomware payment increased by 13% in 2022, to $812,000.
  • Ransomware attacks are becoming more targeted and sophisticated.

Reasons for Increase in Ransomware Attacks

Secureworks attributes the increase in ransomware attacks to several factors, including:

  • The rise of ransomware-as-a-service (RaaS), which makes it easier for less skilled criminals to launch attacks.
  • The growth of cryptocurrency, which makes it easier for criminals to collect and launder ransom payments.
  • The shortage of cybersecurity professionals, which makes it harder for organizations to defend against attacks.

Impact of Ransomware Takedowns

Secureworks’ study found that ransomware takedowns have not had a significant impact on the overall volume of ransomware attacks. This is because takedowns often target the infrastructure used by ransomware gangs, but the gangs themselves can simply move to new infrastructure.

Conclusion

Secureworks’ study concludes that ransomware takedowns are not an effective deterrent against cyber criminals. Instead, organizations need to focus on implementing strong cybersecurity measures and educating employees about the risks of ransomware.

UK’s cyber incident reporting law to move forward in 2025

Read more

Published: Tue, 08 Oct 2024 11:10:00 GMT

UK’s Cyber Incident Reporting Law to Move Forward in 2025

The United Kingdom (UK) is set to implement a new law in 2025 that will require organizations to report cyber incidents to the government. The law, known as the National Cyber Security Centre (NCSC) Cyber Incident Reporting Regulations 2022, was announced by the UK government in March 2022.

The law will require organizations to report all cyber incidents that have a “significant impact” on their operations or the UK’s national security. Organizations will have 72 hours to report an incident to the NCSC after it occurs.

The NCSC will use the information reported by organizations to develop a better understanding of the cyber threat landscape and to improve its response to cyber incidents. The NCSC will also share information with other government agencies and law enforcement agencies.

The law is expected to have a significant impact on organizations in the UK. Organizations will need to develop and implement procedures for reporting cyber incidents to the NCSC. They will also need to train their employees on how to recognize and report cyber incidents.

The law is part of the UK government’s broader strategy to improve the UK’s cybersecurity. The government has also invested in new cybersecurity technologies and initiatives, and it has worked to raise awareness of cybersecurity issues.

The UK’s cyber incident reporting law is an important step forward in the fight against cybercrime. The law will help the UK government to better understand the cyber threat landscape and to improve its response to cyber incidents. It will also help organizations to better protect themselves from cyberattacks.