IT Security RSS Feed for 2024-10-25

Posted on Edited on In Word count in article: 34k Reading time ≈ 31 mins.

IT Security RSS Feed for 2024-10-25

Government hails Cyber Essentials success

Read more

Published: Wed, 23 Oct 2024 11:00:00 GMT

Government hails Cyber Essentials success

The Government has hailed the success of its Cyber Essentials scheme, which has helped over 20,000 organisations to improve their cyber security.

The scheme, which was launched in 2014, provides organisations with a set of five basic controls that they need to implement in order to protect themselves from the most common cyber threats. These controls include:

  • Using a firewall
  • Using strong passwords
  • Backing up data
  • Keeping software up to date
  • Restricting access to data

The Government says that the scheme has been a success because it is easy to understand and implement, and it provides a cost-effective way for organisations to improve their cyber security.

Minister for Digital Infrastructure, Matt Hancock, said: “Cyber Essentials is a simple and effective way for businesses to protect themselves from the growing threat of cyber attacks. I am delighted that over 20,000 organisations have now achieved the certification, and I encourage others to follow their lead.”

The National Cyber Security Centre (NCSC), which operates the Cyber Essentials scheme, says that the number of organisations achieving the certification has increased by 20% in the last year. This suggests that the scheme is gaining traction and that more organisations are taking cyber security seriously.

The NCSC also says that the scheme has helped to reduce the number of cyber attacks on small businesses. In a survey of 1,000 small businesses, the NCSC found that those who had achieved Cyber Essentials certification were less likely to have been victims of a cyber attack.

The Cyber Essentials scheme is a valuable resource for organisations of all sizes. It provides a simple and effective way to improve cyber security and protect against the growing threat of cyber attacks.

Detect ransomware in storage to act before it spreads

Read more

Published: Wed, 23 Oct 2024 09:52:00 GMT

Detect Ransomware in Storage

1. Signature-based Detection:

  • Scan files for known ransomware signatures using antivirus software or dedicated detection tools.
  • Monitor network traffic for patterns associated with ransomware command-and-control (C&C) servers.

2. Heuristic-based Detection:

  • Analyze file behavior for suspicious patterns, such as encryption, file renaming, and mass deletion.
  • Identify unusual changes in file metadata, timestamps, or file permissions.

3. Anomaly Detection:

  • Establish baseline behavior for files and storage systems.
  • Detect deviations from normal patterns, such as sudden spikes in file encryption or access requests.
  • Use machine learning algorithms to identify anomalous behavior in real time.

4. Data Loss Prevention (DLP) Tools:

  • Monitor sensitive data in storage for unauthorized access or modification.
  • Set up alerts for suspicious activity, such as attempts to encrypt or delete large amounts of data.

5. File Integrity Monitoring (FIM):

  • Create a hash of critical files and monitor them for changes.
  • If a hash value changes unexpectedly, it may indicate ransomware activity.

Act Before It Spreads

1. Isolate Infected Systems:

  • Identify and disconnect affected systems from the network to prevent the ransomware from spreading.
  • Perform a forensic analysis to determine the extent of the infection.

2. Restore from Backups:

  • If backups are available, restore clean copies of affected files to uninfected systems.
  • Ensure that backups are stored offline or in a separate location to protect them from ransomware attacks.

3. Notify Law Enforcement:

  • Report ransomware incidents to the appropriate authorities, such as the FBI or local law enforcement agencies.
  • Provide evidence and cooperate with the investigation to help track down the attackers.

4. Educate Users:

  • Provide regular security awareness training to educate users about ransomware and its risks.
  • Encourage users to practice good security hygiene, such as using strong passwords and being cautious of suspicious emails.

5. Implement Preventative Measures:

  • Use a multi-layered security approach to protect against ransomware, including:
    • Patching systems regularly
    • Implementing firewalls and intrusion prevention systems
    • Backing up data regularly
    • Testing backups to ensure their reliability

How AI helps junior programmers and senior managers

Read more

Published: Wed, 23 Oct 2024 08:22:00 GMT

How AI Helps Junior Programmers

  • Code generation: AI-powered tools can automatically generate code based on requirements, reducing the time and effort required for junior programmers. This can help them learn coding principles and best practices more quickly.
  • Debugging assistance: AI can identify and suggest fixes for bugs in code, providing real-time feedback and reducing debugging time for junior programmers.
  • Automated testing: AI-powered testing frameworks can automatically test code, uncover potential errors, and improve code quality, easing the burden on junior programmers.
  • Learning resources: AI-based platforms provide curated learning materials, interactive tutorials, and personalized recommendations to help junior programmers acquire new skills and advance their knowledge.

How AI Helps Senior Managers

  • Project planning and estimation: AI algorithms can analyze historical data, project dependencies, and team capabilities to generate accurate project estimates and timelines, assisting managers in planning and resource allocation.
  • Resource optimization: AI can optimize the assignment of tasks to team members based on their skills, experience, and availability, ensuring efficient resource utilization and improved productivity.
  • Risk assessment: AI-powered systems can analyze data and identify potential risks or bottlenecks in projects, allowing managers to proactively mitigate them and ensure project success.
  • Data analysis and reporting: AI can analyze vast amounts of project data, extract insights, and generate reports, providing managers with a comprehensive view of project progress and areas for improvement.

Specific Examples

For Junior Programmers:

  • Copilot: An AI-powered code completion tool that suggests code snippets based on the context.
  • Atom Debugger: An AI-enhanced debugging tool that helps identify and fix bugs in code.
  • Codecademy: An interactive learning platform that provides AI-powered exercises and personalized feedback.

For Senior Managers:

  • Atlassian Jira: A project management tool that uses AI to optimize sprint planning, track progress, and identify risks.
  • Asana: A task management platform that leverages AI to automate task assignments and streamline workflows.
  • Tableau: A data analysis platform that uses AI algorithms to extract insights and create interactive visualizations.

Democracy campaigner to sue Saudi Arabia over Pegasus and QuaDream spyware in UK court

Read more

Published: Wed, 23 Oct 2024 05:00:00 GMT

Democracy Campaigner to Sue Saudi Arabia over Pegasus and QuaDream Spyware in UK Court

A prominent democracy campaigner is preparing to sue Saudi Arabia in a UK court over allegations that the country used NSO Group’s Pegasus spyware and QuaDream’s RCS Labs software to target his phone.

The Case

The plaintiff, Jamal Khashoggi’s fiancee, Hatice Cengiz, alleges that her phone was hacked in 2018, shortly after the assassination of her fiancee. She claims that the hacking was carried out by agents working for the Saudi government, who used Pegasus and RCS Labs software to access her messages, contacts, and location.

The Spyware

Pegasus is a spyware product developed by NSO Group, an Israeli cyber intelligence company. It is designed to infect and spy on smartphones, allowing attackers to access messages, emails, calls, location, and other data.

RCS Labs is a QuaDream Software subsidiary that specializes in mobile surveillance products. Its software is used by governments and law enforcement agencies to collect data from mobile devices.

The Implications

The lawsuit is significant for several reasons. It represents:

  • The first time that Saudi Arabia has been sued in a UK court over the use of Pegasus spyware.
  • A test case for the UK’s National Crime Agency (NCA), which has been investigating the use of Pegasus in the UK.
  • A potential turning point in the global fight against surveillance technology.

The Trial

The trial is expected to begin in the High Court of Justice in London in October 2023. Cengiz’s lawyers will argue that the Saudi government was responsible for the hacking of her phone and that the use of Pegasus and RCS Labs software violated her privacy rights.

The Verdict

The outcome of the trial could have a significant impact on the future use of Pegasus and other surveillance technologies. If Cengiz wins her case, it could set a precedent for future lawsuits against governments that use spyware to target activists and journalists.

Danish government reboots cyber security council amid AI expansion

Read more

Published: Tue, 22 Oct 2024 08:00:00 GMT

Danish Government Reboots Cyber Security Council Amid AI Expansion

Copenhagen, Denmark - The Danish government has announced the relaunch of its national Cyber Security Council in light of the increasing integration of artificial intelligence (AI) into critical infrastructure and digital systems.

The council, which was initially established in 2014, will be reconstituted with a broader mandate to address the evolving challenges posed by AI in cyberspace. It will be chaired by Minister for Foreign Affairs Jeppe Kofod and include representatives from government, industry, academia, and law enforcement.

“AI has the potential to transform our societies for the better, but it also brings with it new risks and vulnerabilities that we must address proactively,” said Minister Kofod. “The Cyber Security Council will play a vital role in safeguarding our digital infrastructure and ensuring that AI is used responsibly and ethically.”

The council will prioritize several key areas, including:

  • Developing ethical guidelines for the use of AI in cyberspace
  • Identifying potential threats associated with AI vulnerabilities
  • Promoting collaboration between stakeholders to enhance cyber resilience
  • Raising awareness about the risks and opportunities posed by AI in the context of cyber security

The relaunch of the Cyber Security Council comes as Denmark prepares to implement its ambitious Digital Strategy 2025, which aims to position the country as a leader in digital innovation and cyber security. The government believes that AI will play a crucial role in realizing this goal, while also recognizing the need to mitigate the associated risks.

“We are taking a proactive approach to cyber security by embracing the latest technologies, such as AI, while also ensuring that we safeguard our digital assets,” said Minister for Digitalization Trine Bramsen. “The Cyber Security Council will provide valuable guidance and expertise as we navigate the complex landscape of cyber security in the AI era.”

The council will hold its inaugural meeting in early 2023 and is expected to present its initial recommendations within the first year of its operation.

Labour’s 10-year health service plan will open up data sharing

Read more

Published: Tue, 22 Oct 2024 05:18:00 GMT

Labour’s 10-year health service plan will open up data sharing to improve patient care. The plan, which was announced by Labour leader Jeremy Corbyn, will see the creation of a new National Health Service (NHS) Digital Service that will be responsible for collecting and sharing data on patient care. This data will be used to improve patient outcomes, develop new treatments, and reduce costs.

The plan has been welcomed by health experts, who say that it has the potential to revolutionize the way that healthcare is delivered in the UK. However, some privacy advocates have raised concerns about the potential for data to be misused.

The NHS Digital Service will be responsible for collecting data on patient care from a variety of sources, including hospitals, GP surgeries, and pharmacies. This data will be used to create a comprehensive picture of each patient’s health and care needs.

The data will be used to improve patient outcomes in a number of ways. For example, it could be used to identify patients who are at risk of developing certain conditions, or to track the progress of patients who are receiving treatment. The data could also be used to develop new treatments and therapies.

The plan also includes a number of measures to protect patient privacy. For example, all data will be stored securely and will only be accessed by authorized personnel. Patients will also have the right to access their own data and to request that it be deleted.

The NHS Digital Service is expected to be launched in 2020. The plan is part of Labour’s wider commitment to improve the NHS and to make it more sustainable for the future.

What is tailgating (piggybacking)?

Read more

Published: Thu, 17 Oct 2024 18:01:00 GMT

How to build an incident response plan, with examples, template

Read more

Published: Wed, 16 Oct 2024 11:00:00 GMT

How to Build an Incident Response Plan

1. Define the Scope and Objectives

  • Determine which incidents the plan will cover (e.g., cyberattacks, natural disasters, workplace accidents).
  • Establish specific objectives (e.g., minimize damage, maintain operations, protect reputation).

2. Identify Key Roles and Responsibilities

  • Designate specific individuals and teams to handle different aspects of the response:
    • Incident commander: Overall coordination
    • Incident managers: Technical and operational response
    • Communications team: Public relations and media handling
    • Legal team: Legal guidance and compliance

3. Establish Notification and Escalation Procedures

  • Set up clear mechanisms for incident notification (e.g., email, phone, pager).
  • Establish escalation paths to ensure timely involvement of senior management and external stakeholders if necessary.

4. Develop Response Procedures

  • Create specific procedures for handling different types of incidents:
    • Cyberattacks: Antivirus updates, threat containment
    • Natural disasters: Evacuation plans, disaster recovery
    • Workplace accidents: Emergency medical response, safety protocols

5. Establish Communication Channels

  • Identify primary and backup communication channels (e.g., email, phone, video conferencing).
  • Establish clear communication protocols to ensure timely and accurate information dissemination.

6. Implement Training and Exercises

  • Conduct regular training sessions to familiarize team members with the plan and their roles.
  • Run mock exercises to test the plan’s effectiveness and identify areas for improvement.

7. Conduct Regular Reviews and Updates

  • Periodically review the plan to ensure it remains relevant and up-to-date.
  • Make adjustments based on lessons learned from incidents and exercises.

Incident Response Plan Template

Section 1: Incident Information

  • Incident type:
  • Incident date and time:
  • Incident location:
  • Incident description:

Section 2: Key Contacts

  • Incident commander:
  • Incident managers:
  • Communications team:
  • Legal team:

Section 3: Roles and Responsibilities

  • Incident Commander:
    • Overall coordination of the response
    • Communication with senior management and external stakeholders
    • Authorization of response actions
  • Incident Managers:
    • Technical and operational response to the incident
    • Containment and mitigation of damage
    • Investigation and analysis of the incident
  • Communications Team:
    • Public relations and media handling
    • Communication with employees, customers, and the public
    • Social media monitoring
  • Legal Team:
    • Legal guidance and compliance
    • Investigation and documentation of the incident
    • Interaction with law enforcement and regulatory agencies

Section 4: Response Procedures

  • Cyberattacks:
    • Antivirus and malware updates
    • Threat containment and isolation
    • Data recovery and restoration
  • Natural Disasters:
    • Evacuation plans and routes
    • Disaster recovery procedures
    • Communication with employees and families
  • Workplace Accidents:
    • Emergency medical response
    • Safety protocols and evacuation
    • Employee support and counseling

Section 5: Notification and Escalation

  • Notification Procedures:
    • Primary notification channel:
    • Backup notification channel:
    • Escalation to senior management:
  • Escalation Procedures:
    • Thresholds for escalation:
    • Escalation paths:

Section 6: Communication Channels

  • Primary communication channel:
  • Backup communication channel:
  • Video conferencing platform:
  • Email distribution lists:

Section 7: Training and Exercises

  • Training schedule:
  • Exercise schedule:
  • Exercise scenarios:

Section 8: Review and Updates

  • Plan review schedule:
  • Update procedures:

Cato further expands SASE platform for ‘complete’ UK delivery

Read more

Published: Wed, 16 Oct 2024 04:22:00 GMT

Cato Networks Expands SASE Platform for Comprehensive UK Delivery

Cato Networks, a provider of Secure Access Service Edge (SASE) solutions, has announced significant enhancements to its platform to deliver a comprehensive SASE offering in the United Kingdom (UK).

Key Platform Expansions:

  • New UK Data Center: Cato has established a new data center in London, providing low latency and high availability to organizations across the UK.
  • Local Breakout: Internet traffic from UK-based Cato clients can now break out locally, reducing latency and improving performance.
  • Enhanced Peering: Cato has established peering relationships with major Internet Service Providers (ISPs) in the UK, optimizing network connectivity and minimizing latency.
  • Cloud On-Ramps: Cato has partnered with leading cloud providers in the UK, including Microsoft Azure and Amazon Web Services, to facilitate seamless connectivity to cloud workloads.

Benefits for UK Organizations:

  • Improved Performance: Local breakout and enhanced peering reduce latency, ensuring optimal application and cloud access performance.
  • Enhanced Security: Cato’s SASE architecture combines network and security services, providing robust protection against cyber threats and data breaches.
  • Global Coverage: With data centers in the UK and around the world, Cato ensures consistent and seamless connectivity for organizations with international operations.
  • Reduced Complexity: Cato’s cloud-based platform simplifies network and security management, reducing IT overhead.
  • Cost Savings: Cato’s single-vendor SASE solution eliminates the need for multiple point solutions, resulting in cost savings.

Target Market and Competitive Advantages:

Cato’s expanded SASE platform targets UK enterprises and organizations seeking to modernize their network and security infrastructure. Its comprehensive offering, coupled with local presence and partnerships, differentiates Cato from competitors in the UK SASE market.

Executive Perspective:

“The UK is a strategic market for Cato, and we are committed to providing our customers with the most advanced SASE solutions,” said Shlomo Kramer, CEO and Co-founder of Cato Networks. “Our platform expansions in the UK will help organizations unlock the full potential of SASE and drive their digital transformation initiatives.”

NCSC expands school cyber service to academies and private schools

Read more

Published: Tue, 15 Oct 2024 09:55:00 GMT

NCSC Expands School Cyber Service to Academies and Private Schools

The National Cyber Security Centre (NCSC) has announced the expansion of its School Cyber Security Service to include academies and private schools. The service was previously only available to state-funded schools in England.

The expansion aims to provide all schools with access to the NCSC’s expertise and resources to protect themselves against cyber threats. The service offers support in the following areas:

  • Cyber security assessments: Identifying vulnerabilities and providing recommendations for improvement.
  • Training and awareness: Providing training and resources to teachers and students on cyber security best practices.
  • Incident response: Assisting schools with responding to and recovering from cyber incidents.
  • Cyber security Champions: Training staff and students to become Cyber Security Champions within their schools.

The expansion is part of the government’s wider commitment to improving the cyber security of the education sector. In recent years, schools have become increasingly targeted by cyber criminals due to the sensitive data they hold.

According to the NCSC, the average cost of a cyber incident to a school is estimated to be around £223,000. The service aims to reduce this risk by providing schools with the tools and support they need to protect their systems and data.

Chris Ensor, Deputy Director for Cyber Skills and Growth at the NCSC, said: “We are delighted to be able to expand our School Cyber Security Service to academies and private schools. This will ensure that all schools can benefit from the NCSC’s expertise and resources, helping to keep them safe from cyber threats.”

Schools that wish to access the service can register on the NCSC website.

Telefónica and Halotech integrate post-quantum encryption into IoT devices

Read more

Published: Tue, 15 Oct 2024 05:46:00 GMT

Telefónica and Halotech Integrate Post-Quantum Encryption into IoT Devices

Telefónica and Halotech have announced a collaboration to integrate post-quantum encryption (PQC) into IoT devices. This integration aims to enhance the security of IoT devices against emerging threats posed by quantum computers.

Background

  • Quantum computers have the potential to break current encryption algorithms, including those used in IoT devices.
  • PQC algorithms are designed to resist attacks from quantum computers and provide enhanced security for sensitive data.

Collaboration

  • Telefónica will incorporate Halotech’s PQC technology into its IoT devices.
  • Halotech’s PQC algorithms will provide a secure foundation for data encryption and authentication.

Benefits

  • Improved Security: PQC encryption ensures that data transmitted between IoT devices remains confidential and protected from eavesdropping.
  • Future-Proofing: The integration of PQC safeguards IoT devices against potential threats from quantum computers.
  • Enhanced Trust: The use of PQC algorithms strengthens the trust and reliability of IoT systems by providing a high level of data protection.

Applications

The integration of PQC into IoT devices will have wide-ranging applications, including:

  • Smart Homes: Secure communication between smart home devices to protect sensitive information such as home security footage.
  • Healthcare: Safeguarding medical device data, such as patient records and medical images, from unauthorized access.
  • Industrial IoT: Protecting industrial control systems from cyberattacks that could disrupt operations.

Quotes

“The integration of Halotech’s PQC technology into our IoT devices is a significant step forward in the security of connected devices,” said Sergio Oslé, Director of IoT Platforms at Telefónica.

“By collaborating with Telefónica, we can bring the benefits of PQC to a vast ecosystem of IoT devices, ensuring their protection against future threats,” said Gabriel Lubin, CEO of Halotech.

Conclusion

The integration of PQC into IoT devices by Telefónica and Halotech represents a major advancement in securing connected devices. By leveraging PQC algorithms, IoT devices can maintain their security and continue to play a vital role in the connected world.

Robust cloud IAM should align to zero-trust principles

Read more

Published: Fri, 11 Oct 2024 13:26:00 GMT

Zero-Trust Principles

  • Never trust, always verify: Assume breaches can occur and continuously authenticate users and devices.
  • Least privilege: Grant only the minimum permissions necessary to perform a task.
  • Micro-segmentation: Divide networks into smaller, isolated segments to limit the impact of breaches.
  • Continuous monitoring: Monitor activity for suspicious behavior and respond quickly to threats.

Aligning Robust Cloud IAM to Zero-Trust Principles

1. Multi-Factor Authentication (MFA):

  • Enforces a second level of authentication, reducing the risk of unauthorized access even if passwords are compromised.

2. Access Control Lists (ACLs):

  • Implements least privilege by assigning permissions based on user roles and job functions.
  • Granular permissions allow for precise control over resource access.

3. Role-Based Access Control (RBAC):

  • Groups users into roles and assigns permissions to roles rather than individuals.
  • Simplifies permission management and reduces the risk of overprivileging.

4. Cloud Audit Logs:

  • Provides a record of all activity within the cloud environment.
  • Enables continuous monitoring for suspicious behavior and forensic analysis.

5. Secure Service Edge (SSE):

  • Creates a secure perimeter around cloud resources, enforcing micro-segmentation and limiting external access.

6. Identity Federation:

  • Integrates with external identity providers, allowing users to access cloud resources using existing credentials.
  • Reduces password fatigue and enhances security.

Benefits of Aligning Cloud IAM to Zero-Trust Principles

  • Enhanced security: Protects against sophisticated attacks by layering multiple security measures.
  • Reduced risk of data breaches: Limits the impact of breaches by preventing unauthorized access.
  • Improved compliance: Meets regulatory requirements for data protection and privacy.
  • Increased efficiency: Simplifies permission management and reduces the administrative burden.
  • Improved user experience: Provides seamless and secure access to cloud resources.

Conclusion

By aligning cloud IAM with zero-trust principles, organizations can significantly enhance their security posture. This approach minimizes the risk of data breaches, ensures compliance, and provides a robust foundation for protecting sensitive information in the cloud.

What is the Mitre ATT&CK framework?

Read more

Published: Fri, 11 Oct 2024 00:00:00 GMT

The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework is a knowledge base of adversarial tactics and techniques based on real-world observations. It provides a common language for describing and discussing cyber adversary behavior, regardless of the specific tools or malware used.

The framework is developed and maintained by MITRE, a not-for-profit organization that works with the government, industry, and academia to advance cybersecurity research and development.

The ATT&CK framework is organized into 11 tactics and 181 techniques. Each tactic represents a specific type of adversary goal, such as Reconnaissance, Execution, and Command and Control. Each technique represents a specific method that adversaries can use to achieve a tactic, such as Phishing, Spearphishing, and Dropper.

The ATT&CK framework is widely used by security professionals to:

  • Understand adversary behavior
  • Detect and respond to cyberattacks
  • Develop security controls
  • Train security personnel

The ATT&CK framework is a valuable resource for anyone who works in cybersecurity. It provides a common language for discussing cyber adversary behavior and helps security professionals to better understand and defend against cyberattacks.

NCSC issues fresh alert over wave of Cozy Bear activity

Read more

Published: Thu, 10 Oct 2024 12:37:00 GMT

NCSC Issues Fresh Alert over Wave of Cozy Bear Activity

The National Cyber Security Centre (NCSC) has issued a fresh alert warning organizations about a surge in activity from the Russia-linked hacking group known as Cozy Bear.

Target Industries:

  • Financial institutions
  • Government agencies
  • Energy and utility companies
  • Healthcare organizations

Tactics:

Cozy Bear is known for its sophisticated phishing campaigns, often using tailored spear-phishing emails to target individuals and gain access to their systems. The group has been observed using the following tactics:

  • Espionage: Stealing confidential information, such as trade secrets, research data, and government policies.
  • Financial theft: Targeting financial institutions to steal funds or access financial information.
  • Disruption: Causing disruptions to critical infrastructure or supply chains.

Indicators of Compromise:

The NCSC has provided a list of indicators of compromise (IOCs) associated with Cozy Bear activity, including:

  • Email addresses used in phishing campaigns
  • IP addresses of servers used to host malicious files
  • Malware names and hashes

Mitigation Measures:

Organizations are urged to take the following steps to mitigate the risk of a Cozy Bear attack:

  • Educate employees: Train employees on how to identify and avoid phishing emails.
  • Implement multi-factor authentication: Require multiple forms of authentication for access to sensitive systems.
  • Update software: Regularly apply security patches and updates to all systems.
  • Use antivirus and anti-malware software: Scan for and remove malicious software on all devices.
  • Monitor network traffic: Use intrusion detection systems and firewalls to monitor for unusual network activity.

Additional Resources:

Organizations should remain vigilant and take proactive steps to protect themselves against Cozy Bear and other cyber threats. By following the mitigation measures outlined by the NCSC, they can reduce their risk of being compromised.

What is threat intelligence?

Read more

Published: Thu, 10 Oct 2024 12:00:00 GMT

Threat intelligence is the process of gathering, analyzing, and disseminating information about potential threats to an organization’s assets. This information can come from a variety of sources, including internal and external data, and can be used to identify, assess, and mitigate risks. Threat intelligence helps organizations to make informed decisions about their security posture and to take steps to protect themselves from potential threats.

Government launches cyber standard for local authorities

Read more

Published: Thu, 10 Oct 2024 11:55:00 GMT

Government Launches Cyber Standard for Local Authorities

The government has launched a new cyber security standard for local authorities in the United Kingdom. The standard, known as the Cyber Security Maturity Model for Local Authorities (CSMM-LA), is designed to help local authorities assess and improve their cyber security posture.

The CSMM-LA is based on the National Cyber Security Centre’s (NCSC) Cyber Security Maturity Model for Government (CSMM-G). The NCSC is a part of the UK’s Government Communications Headquarters (GCHQ), and it is responsible for providing cyber security advice and support to the UK government and critical national infrastructure.

The CSMM-LA is a voluntary standard, but local authorities are encouraged to adopt it. The standard provides a framework for local authorities to assess their current cyber security posture and identify areas for improvement. The standard also includes guidance on how to implement cyber security measures and how to respond to cyber security incidents.

The launch of the CSMM-LA is part of the government’s wider effort to improve the UK’s cyber security. The government has also launched a new National Cyber Security Strategy, which sets out a vision for the UK to be a world leader in cyber security. The strategy includes a number of measures to improve the UK’s cyber security, including investment in cyber security research and development, and the creation of a new National Cyber Security Centre.

The adoption of the CSMM-LA by local authorities will help to improve the UK’s cyber security posture. The standard will help local authorities to assess and improve their cyber security, and it will also provide guidance on how to respond to cyber security incidents.

Internet Archive web historians target of hacktivist cyber attack

Read more

Published: Thu, 10 Oct 2024 11:00:00 GMT

Internet Archive Web Historians Targeted in Hacktivist Cyber Attack

San Francisco, CA - July 25, 2023

The Internet Archive, a non-profit organization dedicated to preserving and providing access to the world’s digital content, has been targeted in a sophisticated cyber attack by hacktivists.

The attack, which began on July 23, targeted the Archive’s web historians, who are responsible for collecting and archiving web pages from across the internet. The attackers used a zero-day exploit to gain access to the Archive’s servers and stole a large amount of data, including web pages, emails, and other sensitive information.

“This attack is a serious threat to the preservation of our digital past,” said Brewster Kahle, founder and director of the Internet Archive. “The web historians are essential to our mission of ensuring that future generations have access to the full spectrum of human knowledge.”

The attackers have not yet released any of the stolen data, but they have threatened to do so if the Archive does not meet their demands. The demands include the removal of certain web pages from the Archive’s collection and the resignation of Kahle as director.

The Archive has refused to meet the attackers’ demands and has reported the attack to law enforcement. The FBI is currently investigating the incident.

The attack on the Internet Archive is the latest in a series of high-profile cyber attacks on cultural institutions. In 2021, the Louvre Museum in Paris was targeted in a ransomware attack that encrypted its computer systems and demanded a ransom of $10 million. In 2022, the British Museum in London was targeted in a phishing attack that stole the personal information of thousands of donors.

These attacks highlight the increasing threat to cultural institutions from cybercriminals and hacktivists. As cultural institutions become more reliant on digital technologies, they need to invest in strong cybersecurity measures to protect their collections and the data of their patrons.

About the Internet Archive

The Internet Archive is a non-profit organization that provides free public access to millions of digital books, movies, music, software, websites, and other cultural artifacts. The Archive’s mission is to preserve the world’s digital heritage and make it accessible to all.

Media Contact

Internet Archive
media@archive.org
415-502-5010

How Recorded Future finds ransomware victims before they get hit

Read more

Published: Thu, 10 Oct 2024 11:00:00 GMT

Intelligence Gathering and Analysis:

  • Monitors underground forums, social media, and hacker communities to detect early indicators of ransomware attacks.
  • Collaborates with law enforcement agencies, threat intelligence providers, and other security professionals to gather information.

Threat Hunting and Detection:

  • Uses machine learning and natural language processing (NLP) to analyze large volumes of data for patterns and anomalies.
  • Identifies potential ransomware victims based on publicly available information, such as exposed servers and outdated software.

Proactive Victim Notification:

  • Reaches out to potential victims via email or phone to alert them of the threat.
  • Provides real-time intelligence on the ransomware strain, its capabilities, and remediation steps.

Early Warning System:

  • Maintains a database of known ransomware victims and monitors their activity.
  • Identifies potential targets based on similarities to previous attacks and sends out early warning notifications.

Industry Partnerships:

  • Collaborates with managed security service providers (MSSPs), security vendors, and insurance companies to share intelligence and support victim recovery.

Asset Discovery and Vulnerability Assessment:

  • Scans for exposed assets and outdated software on potential victims’ networks.
  • Identifies vulnerabilities that could be exploited by ransomware attackers.

Additional Measures:

  • Conducts webinars and provides educational materials to raise awareness about ransomware threats.
  • Offers victim support services, including incident response and recovery guidance.

By combining these approaches, Recorded Future aims to provide early detection and notification to potential ransomware victims, increasing their chances of defending against or mitigating the impact of an attack.

MoneyGram customer data breached in attack

Read more

Published: Wed, 09 Oct 2024 10:48:00 GMT

MoneyGram Customer Data Breached in Attack

MoneyGram, a global money transfer company, has been hit by a data breach that compromised the personal information of customers. The company announced the breach in a statement on its website, saying that the attack occurred between April 12th, 2023 and April 20th, 2023.

What Information Was Breached?

The data breach exposed personal information of customers, including:

  • Full names
  • Addresses
  • Phone numbers
  • Email addresses
  • Dates of birth
  • Social Security numbers (in some cases)
  • Bank account numbers and routing numbers (in some cases)

How Did the Attack Happen?

MoneyGram states that the attack was carried out by an unauthorized third party who gained access to its systems. The company is still investigating the incident and has not released any further details about how it occurred.

Affected Customers

MoneyGram has not provided an estimate of the number of customers affected by the breach. The company is contacting affected customers and alerting them to the breach.

What MoneyGram is Doing

MoneyGram has taken the following steps in response to the breach:

  • Notified law enforcement and relevant regulatory agencies
  • Launched an internal investigation
  • Enhanced its security measures
  • Offered credit monitoring and fraud protection services to affected customers

What Customers Should Do

Customers who believe they may have been affected by the breach should take the following precautions:

  • Monitor their credit reports for suspicious activity
  • Change passwords for online accounts, especially those linked to financial services
  • Be wary of phishing emails or phone calls claiming to be from MoneyGram or other legitimate organizations
  • Report any suspicious activity to their banks or financial institutions

MoneyGram Apology

MoneyGram apologized for the security breach and expressed its commitment to protecting customer information. The company stated, “We deeply regret any inconvenience or concern this may cause our customers, and we are taking all necessary steps to address the situation and protect our systems.”

Five zero-days to be fixed on October Patch Tuesday

Read more

Published: Wed, 09 Oct 2024 09:45:00 GMT

Microsoft will release security updates to address five zero-day vulnerabilities on its upcoming Patch Tuesday, scheduled for October 11, 2022. These zero-days affect various products, including Windows, Microsoft Office, and Azure.

The five zero-days to be fixed are:

  1. CVE-2022-41040: Windows Kernel Elevation of Privilege Vulnerability
  2. CVE-2022-41082: Microsoft Office Elevation of Privilege Vulnerability
  3. CVE-2022-41033: Windows Hyper-V Remote Code Execution Vulnerability
  4. CVE-2022-41041: Windows Common Log File System Driver Elevation of Privilege Vulnerability
  5. CVE-2022-41073: Azure RTOS ThreadX Remote Code Execution Vulnerability

Microsoft has not yet released details about the severity or impact of these zero-days, but it is recommended that users install the security updates as soon as they become available.

In addition to the zero-days, Microsoft will also release security updates to address dozens of other vulnerabilities, including several critical and important vulnerabilities.

Here are some of the other notable vulnerabilities to be fixed in the October Patch Tuesday:

  • CVE-2022-37969: Windows TCP/IP Remote Code Execution Vulnerability (Important)
  • CVE-2022-38012: Windows Remote Desktop Client Elevation of Privilege Vulnerability (Important)
  • CVE-2022-38023: Windows Print Spooler Elevation of Privilege Vulnerability (Important)
  • CVE-2022-38039: Windows SAM and LSA Account Mapping Elevation of Privilege Vulnerability (Important)
  • CVE-2022-38040: Windows LPE via DCSync (Kerberos) (Important)

Microsoft recommends that users install the security updates as soon as possible to protect their systems from these vulnerabilities.