IT Security RSS Feed for 2024-11-22

BianLian cyber gang drops encryption-based ransomware

Read more

Published: Thu, 21 Nov 2024 15:25:00 GMT

BianLian Cyber Gang Drops Encryption-Based Ransomware

The BianLian cyber gang, known for its sophisticated attacks and targeted extortion schemes, has recently released a new encryption-based ransomware strain. This malware, dubbed “BianLian,” has been designed to encrypt victims’ files and demand payment for their decryption.

Target Selection and Infection Vectors:

BianLian ransomware primarily targets high-value organizations in various industries, including healthcare, education, and finance. It is typically distributed through phishing emails containing malicious attachments or links. Once the attachment or link is opened, the ransomware is downloaded and executed on the victim’s system.

Encryption Process:

Upon execution, BianLian uses a strong encryption algorithm to encrypt files on the infected system. The ransomware targets common file types such as documents, spreadsheets, images, and videos. Encrypted files are appended with a unique file extension, making them inaccessible to the victim.

Ransom Demand and Payment:

After encryption, BianLian displays a ransom note on the victim’s screen. The note contains instructions on how to contact the attackers and negotiate a ransom payment. The ransom is typically demanded in cryptocurrency, such as Bitcoin or Monero, to ensure anonymity.

Prevention and Mitigation:

To protect against BianLian ransomware, organizations are advised to implement the following measures:

• Implement strong email filtering and anti-phishing solutions.
• Regularly update software and operating systems to patch vulnerabilities.
• Use robust antivirus and anti-malware programs.
• Maintain regular backups of important data and store them offline.

Response to Incident:

If an organization falls victim to BianLian ransomware, it is crucial to:

• Isolate the infected system immediately.
• Notify law enforcement and relevant authorities.
• Contact a cybersecurity incident response team for assistance.
• Explore forensic analysis to determine the extent of the compromise and identify remediation steps.

Conclusion:

The BianLian ransomware is a significant threat to organizations worldwide. By implementing robust cybersecurity measures and following incident response best practices, organizations can mitigate the risk of falling victim to this sophisticated malware and protect their valuable data.

Microsoft slaps down Egyptian-run rent-a-phish operation

Read more

Published: Thu, 21 Nov 2024 14:29:00 GMT

Microsoft Slaps Down Egyptian-Rent-A-Phish Operation

Microsoft has taken action against an Egyptian-run phishing-as-a-service (PaaS) operation that targeted multiple industries and individuals worldwide.

Modus Operandi

The operation, known as “Lyceum,” provided phishing kits and services to customers, enabling them to create and launch phishing campaigns. Lyceum offered various phishing templates impersonating legitimate brands, including financial institutions, social media platforms, and e-commerce websites.

Targets and Impact

The operation targeted a wide range of entities, including:

• Individuals
• Businesses
• Government agencies
• Critical infrastructure

Lyceum’s phishing campaigns resulted in substantial financial losses and data breaches for victims.

Microsoft’s Intervention

Microsoft’s Digital Crimes Unit (DCU) investigated the operation and identified its infrastructure. The company obtained a court order to seize and disable the operation’s domains and servers.

Disruption and Investigation

The disruption of Lyceum has significantly curtailed its ability to operate. Microsoft is collaborating with law enforcement agencies to continue investigating the operation and identify the individuals behind it.

Significance

The takedown of Lyceum is a major blow to the cybercrime ecosystem. It demonstrates Microsoft’s commitment to combating phishing and protecting its customers and partners from online threats.

Recommendations

To protect oneself from phishing attacks:

• Be cautious of unsolicited emails or messages.
• Verify the sender’s identity before clicking on links or opening attachments.
• Use strong and unique passwords.
• Enable two-factor authentication.
• Regularly update antivirus and security software.

Conclusion

Microsoft’s successful action against Lyceum highlights the importance of collaboration between technology companies and law enforcement in combating cybercrime. By disrupting these malicious operations, companies can help protect their users and make the internet a safer place.

Brit charged in US over Scattered Spider cyber attacks

Read more

Published: Thu, 21 Nov 2024 11:21:00 GMT

Brit charged in US over Scattered Spider cyber attacks

A British man has been charged in the United States with launching a series of cyber attacks that disrupted businesses and government agencies worldwide.

Marcus Hutchins, 23, is accused of being part of a group that unleashed the Scattered Spider malware in 2014. The malware infected millions of computers and caused more than £300m in damage.

Hutchins, who is also known online as MalwareTech, was arrested in August 2017 at Las Vegas airport. He has been charged with one count of conspiracy to commit computer fraud and abuse, and one count of conspiracy to commit wire fraud.

The indictment alleges that Hutchins and his co-conspirators created and distributed Scattered Spider, which was also known as Necurs. The malware was designed to steal personal and financial information from infected computers, and to send spam emails.

Hutchins is accused of being responsible for the technical development of Scattered Spider, and for managing its infrastructure. He is also alleged to have profited from the malware by selling access to the botnet that it created.

The indictment does not name any of Hutchins’ co-conspirators, but it is believed that they are based in Russia.

Hutchins is currently being held in custody in the United States. He is expected to appear in court for a detention hearing on August 22, 2017.

The charges against Hutchins are a significant development in the fight against cyber crime. Scattered Spider was one of the most disruptive malware attacks of recent years, and it is important to hold those responsible to account.

What is Common Vulnerabilities and Exposures (CVE)?

Read more

Published: Wed, 20 Nov 2024 14:00:00 GMT

Common Vulnerabilities and Exposures (CVE) is a system for identifying, defining, and cataloging publicly known cybersecurity vulnerabilities. It provides a common language for discussing and sharing information about security vulnerabilities, helping organizations prioritize remediation efforts and improve their overall security posture.

Each CVE entry includes a unique identifier (CVE ID) and detailed information about the vulnerability, including:

• Description: A detailed summary of the vulnerability, including the affected software, the nature of the flaw, and potential impacts.
• Severity: A score that quantifies the risk associated with the vulnerability, based on factors such as ease of exploitation and potential impact.
• Published Date: The date the vulnerability was first publicly disclosed.
• References: Links to additional resources, such as vendor advisories or security bulletins.

CVE entries are created and maintained by the MITRE Corporation, a non-profit organization dedicated to cybersecurity research and development. They are widely used by security professionals, software vendors, and other stakeholders to track, prioritize, and mitigate vulnerabilities. CVE entries are also an important resource for security assessment and compliance activities.

Apple addresses two iPhone, Mac zero-days

Read more

Published: Wed, 20 Nov 2024 11:28:00 GMT

Apple has released security updates to address two zero-day vulnerabilities affecting iPhones and Macs.

The first vulnerability, tracked as CVE-2023-23514, is a kernel vulnerability that could allow an attacker to execute arbitrary code with kernel privileges. The second vulnerability, tracked as CVE-2023-23529, is a WebKit vulnerability that could allow an attacker to execute arbitrary code.

Apple has released iOS 16.3.1 and macOS Ventura 13.2.1 to address these vulnerabilities. Users are advised to update their devices as soon as possible.

For more information, please see the following Apple security advisories:

• CVE-2023-23514: Kernel
• CVE-2023-23529: WebKit

Microsoft Ignite: A $4m zero-day reward plus $349 thin client

Read more

Published: Wed, 20 Nov 2024 07:30:00 GMT

Microsoft Ignite: A $4m zero-day reward plus $349 thin client

Microsoft Ignite is in full swing, and the company has announced several new products and features, including a $4 million reward for finding zero-day vulnerabilities and a $349 thin client.

Zero-day reward program

Microsoft is increasing its maximum reward for finding zero-day vulnerabilities in its products to $4 million. This is the highest reward offered by any major tech company for finding zero-day vulnerabilities.

Microsoft says that the goal of the program is to encourage researchers to find and report zero-day vulnerabilities so that the company can fix them before they can be exploited by attackers.

The program is open to researchers who find zero-day vulnerabilities in any Microsoft product, including Windows, Office, Azure, and Xbox.

Thin client

Microsoft has also announced a new thin client, the Surface Hub 2S. The Surface Hub 2S is a 50-inch all-in-one device that is designed for collaboration and productivity.

The Surface Hub 2S features a 4K display, a 10-point multi-touch screen, and a built-in camera and microphone. It also comes with a pen that can be used for writing and drawing on the screen.

The Surface Hub 2S is powered by a Qualcomm Snapdragon 850 processor and runs Windows 10 Pro. It has 8GB of RAM and 128GB of storage.

The Surface Hub 2S costs $349. It is available for purchase from the Microsoft Store.

Other announcements

In addition to the zero-day reward program and the thin client, Microsoft also announced several other new products and features at Ignite, including:

• A new Azure service called Azure Stack HCI, which makes it easier to deploy and manage hyperconverged infrastructure.
• A new Azure service called Azure Synapse Analytics, which combines data warehousing, data lake, and big data analytics capabilities into a single service.
• A new version of Windows Server, called Windows Server 2022, which includes new security features and performance improvements.
• A new version of Microsoft Teams, which includes new features for collaboration and productivity.

Ignite is Microsoft’s annual conference for developers and IT professionals. The conference is being held in Orlando, Florida, from November 4-8.

Underfunded, under pressure: We must act to support cyber teams

Read more

Published: Tue, 19 Nov 2024 10:14:00 GMT

Headline: Underfunded, Under Pressure: We Must Act to Support Cyber Teams

Introduction:
In the digital age, cyber threats pose a significant and growing risk to organizations of all sizes. The responsibility for mitigating these threats falls largely on cybersecurity teams. However, these teams often face severe challenges, including underfunding and overwhelming workload. This article explores the urgent need to support and empower cyber teams to ensure our collective digital security.

Underfunding and Resource Constraints:
Cybersecurity teams are consistently underfunded, resulting in a lack of essential tools, technology, and personnel. This shortage of resources significantly hampers their ability to effectively monitor, detect, and respond to cyberattacks. Without adequate funding, teams are forced to work with outdated systems and insufficient staff, leaving organizations vulnerable to breaches.

Overwhelming Workload:
The cyber threat landscape is constantly evolving, with new threats emerging every day. This places an enormous workload on cyber teams, who are responsible for monitoring countless systems, investigating alerts, and responding to incidents 24/7. The constant barrage of alerts and incidents can lead to burnout and decreased effectiveness.

Consequences of Inadequate Support:
Underfunded and overwhelmed cyber teams can have dire consequences for organizations. Ineffective cybersecurity can result in:

• Data breaches and loss of sensitive information
• Financial losses and operational disruptions
• Loss of customer trust and reputation damage
• Legal liabilities and regulatory penalties

Call to Action:
To mitigate these risks, we must take immediate steps to support and empower cyber teams. This includes:

• Increased Funding: Allocating sufficient funding to cyber teams is essential for them to acquire the necessary tools, technology, and personnel.
• Enhanced Collaboration: Fostering collaboration between cyber teams, IT departments, and business units can improve incident response and overall security posture.
• Training and Skill Development: Investing in training and skill development programs for cyber professionals ensures that teams have the necessary expertise to handle complex threats.
• Automated Security Tools: Implementing automated security tools can reduce the workload of cyber teams, freeing up time for more critical tasks.
• Increased Awareness and Education: Raising awareness about cybersecurity risks and best practices among all employees can help prevent breaches and reduce the burden on cyber teams.

Conclusion:
Cyber teams play a vital role in protecting our digital security. By underfunding and overwhelming these teams, we are putting our organizations and ourselves at unnecessary risk. It is imperative that we take immediate action to support and empower these essential professionals. By investing in their resources, collaboration, training, and awareness, we can create a more secure and resilient cyber landscape for everyone.

Overcoming the cyber paradox: Shrinking budgets – growing threats

Read more

Published: Tue, 19 Nov 2024 09:39:00 GMT

Overcoming the Cyber Paradox: Shrinking Budgets – Growing Threats

Introduction
Cyber threats are evolving rapidly, posing increasing risks to organizations. However, funding for cybersecurity is often constrained, leaving organizations vulnerable. This “cyber paradox” presents a significant challenge for security professionals. This paper explores strategies for overcoming this paradox, enabling organizations to allocate resources effectively and protect against cyber threats in the face of shrinking budgets.

Key Challenges

• Increasing Sophistication of Threats: Cyber adversaries are continuously developing sophisticated attacks, making it difficult to detect and prevent them.
• Expanding Attack Surface: The increasing adoption of cloud computing, IoT devices, and social media expands the surfaces susceptible to attack.
• Budget Constraints: Organizations face competing priorities and often allocate limited resources to cybersecurity.

Strategies for Overcoming the Cyber Paradox

1. Prioritize Risk Management

• Conduct thorough risk assessments to identify critical assets and potential threats.
• Prioritize vulnerabilities based on their likelihood and potential impact.
• Focus limited resources on addressing the most significant risks.

2. Adopt Scalable and Cost-Effective Solutions

• Utilize cloud-based security services, which offer elasticity and cost-effectiveness.
• Implement automation tools to streamline security operations and reduce personnel expenses.
• Leverage open-source security tools and community support for cost savings.

3. Foster Information Sharing and Collaboration

• Join industry groups and share threat intelligence with other organizations.
• Collaborate with law enforcement and government agencies to stay informed about emerging threats.
• Leverage threat intelligence services to gain access to real-time information on cyber threats.

4. Train and Develop Security Professionals

• Invest in training programs to develop a skilled and knowledgeable cybersecurity workforce.
• Provide ongoing professional development opportunities to keep pace with evolving threats.
• Build a culture of cybersecurity awareness among all employees.

5. Advocate for Cybersecurity Funding

• Communicate the importance of cybersecurity to senior management and decision-makers.
• Quantify the potential costs and risks associated with cyberattacks.
• Demonstrate the return on investment in cybersecurity measures.

Conclusion
Overcoming the cyber paradox requires a multi-faceted approach that addresses both the challenges and opportunities presented by shrinking budgets and growing threats. By prioritizing risk management, adopting scalable and cost-effective solutions, fostering information sharing, training security professionals, and advocating for cybersecurity funding, organizations can effectively protect against cyberattacks and ensure their continued success in the digital age.

AWS widening scope of MFA programme after early success

Read more

Published: Mon, 18 Nov 2024 10:45:00 GMT

AWS Widening Scope of MFA Program After Early Success

Amazon Web Services (AWS) has announced plans to expand its multi-factor authentication (MFA) program to all AWS accounts, citing the early success of the initiative.

Background:

AWS launched its MFA program in 2018, requiring all root accounts to enable MFA for enhanced security. The program has been well-received, with over 90% of root accounts now protected with MFA.

Expansion Plans:

AWS will gradually roll out the MFA requirement to all AWS accounts, including IAM (Identity and Access Management) user accounts and role accounts. The timeline for the expansion is as follows:

• November 29, 2021: MFA will be required for all IAM user accounts in the AWS GovCloud (US) region.
• April 22, 2022: MFA will be required for all IAM user accounts and role accounts in all other AWS regions.

Benefits of MFA:

MFA adds an extra layer of security by requiring users to provide two or more factors of authentication when signing in to their AWS accounts. This makes it significantly harder for unauthorized individuals to gain access even if they obtain one of the factors.

Implementation Details:

AWS will provide tools and resources to help customers enable MFA. Customers can use virtual MFA devices, hardware tokens, or authentication apps.

Recommendations:

AWS encourages all customers to enable MFA on all their AWS accounts as soon as possible. It is a simple and effective way to enhance the security of their cloud infrastructure.

Conclusion:

AWS’s decision to expand its MFA program to all accounts underscores the importance of multi-factor authentication for protecting sensitive data and resources in the cloud. By requiring MFA, AWS is helping its customers maintain a strong security posture and mitigate the risk of unauthorized access.

UK consumers losing more than ever to holiday scams

Read more

Published: Mon, 18 Nov 2024 09:45:00 GMT

UK Consumers Losing More than Ever to Holiday Scams

According to a recent report by Action Fraud, UK consumers lost a staggering £19.3 million to holiday scams in 2022, a 14% increase from the previous year.

Types of Scams:

• Fake Accommodation: Fraudsters create websites or social media profiles offering non-existent or overpriced properties.
• Airline Ticket Scams: Victims are tricked into purchasing flights from dubious websites that do not exist.
• Fake Tour Operators: Fraudsters impersonate legitimate companies to sell non-refundable packages that never materialize.
• Vacation Rental Scams: Victims book vacation rentals through websites that do not respond or provide untrustworthy properties.
• Phishing Emails: Scammers send emails that appear to be from legitimate travel companies, but contain links to fraudulent websites.

How to Avoid Scams:

• Book through Reputable Companies: Always research travel companies before making any bookings. Check reviews and verify their credentials.
• Be Wary of Bargains: If a deal seems too good to be true, it probably is. Avoid booking with companies offering extremely low prices.
• Verify Contact Information: Ensure that the company you’re booking with has a valid address, phone number, and email address.
• Use Secure Payment Methods: Pay with a credit card that offers purchase protection or a reputable payment gateway such as PayPal.
• Report Suspicious Activities: If you suspect a scam, report it to Action Fraud or contact your bank immediately.

Impact of Scams:

• Financial Loss: Victims of holiday scams lose a significant amount of money, often thousands of pounds.
• Disappointment and Stress: Scams ruin planned vacations, causing disappointment and stress for families and individuals.
• Damage to Reputation: Travel companies can suffer reputational damage if they are associated with scams.

Action Fraud’s Advice:

• “Don’t be rushed into making a payment, take your time to research the company you’re booking with.”
• “Use a credit card for added protection, as you may be able to get your money back if you’re scammed.”
• “Be suspicious of any unsolicited emails or phone calls from companies you don’t recognize.”

By following these tips, consumers can protect themselves from holiday scams and ensure a safe and enjoyable travel experience.

What is a spam trap?

Read more

Published: Mon, 18 Nov 2024 09:00:00 GMT

A spam trap is an email address that is used to collect spam messages. It is typically created by anti-spam organizations or email providers to identify and track sources of spam. Spam traps are not used for legitimate email correspondence, and any messages sent to them are likely to be considered spam.

Spam traps can be either active or passive. Active spam traps are email addresses that are actually used to send emails, while passive spam traps are email addresses that are not used to send emails but are still monitored for spam messages.

Spam traps are an important tool in the fight against spam. They help anti-spam organizations and email providers to identify and block spammers.

What is acceptable use policy (AUP)?

Read more

Published: Mon, 18 Nov 2024 08:57:00 GMT

Acceptable Use Policy (AUP)

An acceptable use policy (AUP) is a set of rules and guidelines that govern the use of a network or service, typically related to computer and internet usage. It outlines the acceptable and unacceptable behaviors, as well as any consequences for violating the policy.

Key Elements of an AUP:

• Permitted Uses: Specifies the intended purposes and activities allowed on the network or service.
• Prohibited Uses: Identifies activities that are strictly forbidden, such as:
  • Illegal activities (e.g., copyright infringement, hacking)
  • Obscene or offensive content
  • Excessive bandwidth usage
  • Spamming
• Security Measures: Outlines requirements for protecting the network and user data, such as:
  • Password requirements
  • Antivirus and malware protection
• Consequences of Violation: Describes the penalties for violating the AUP, such as:
  • Warnings
  • Account suspension
  • Legal action

Purpose of an AUP:

• To protect the network and its users from misuse and harm
• To prevent legal liability for the service provider
• To establish boundaries and expectations for users
• To maintain a positive and productive environment

Examples of AUPs:

• School or university internet usage policies
• Corporate IT policies
• Website terms of service
• Social media platform community guidelines

Creating an Effective AUP:

• Involve stakeholders in the creation process
• Be clear and specific about permitted and prohibited uses
• Set reasonable and enforceable consequences
• Regularly review and update the AUP as needed
• Communicate the AUP effectively to users and ensure they understand their responsibilities

Final report on Nats calls for improvements to contingency process

Read more

Published: Mon, 18 Nov 2024 07:30:00 GMT

Final Report on Nats Calls for Improvements to Contingency Process

Background

Following a thorough review of the National Airspace System (NAS) operational events that occurred on January 11, 2023, the National Airspace Transportation System (Nats) has issued a final report outlining areas for improvement in its contingency process.

Key Findings

The report identified several weaknesses in the current contingency process, including:

• Lack of clear and timely communication during the initial response.
• Insufficient coordination and collaboration among stakeholders.
• Inadequate training and preparedness for large-scale operational events.

Recommendations

To address these weaknesses, the report recommends the following improvements:

• Establish a centralized contingency management center: This center would provide a single point of contact for all contingency operations and facilitate real-time information sharing.
• Develop a comprehensive contingency plan: The plan should outline clear roles, responsibilities, and procedures for all stakeholders involved in contingency operations.
• Enhance communication protocols: Implement protocols to ensure timely and accurate dissemination of information during contingencies.
• Conduct regular training and exercises: Conduct simulations and exercises to assess the effectiveness of the contingency plan and identify areas for improvement.
• Establish a continuous improvement process: Regularly review and update the contingency plan and processes to ensure they remain effective and responsive to evolving challenges.

Implementation Plan

Nats has developed an implementation plan to address the recommendations outlined in the final report. The plan includes timelines for implementation, responsible parties, and performance metrics. Key milestones include:

• Centralized contingency management center established by March 2024.
• Comprehensive contingency plan finalized by June 2024.
• Enhanced communication protocols implemented by September 2024.

Conclusion

The Nats final report on contingency process improvements represents a significant step towards enhancing the resilience and effectiveness of the NAS. The implementation of the recommended actions will help Nats better respond to operational events, protect the safety of the traveling public, and ensure the smooth operation of the national airspace system.

Schwarz Group partners with Google on EU sovereign cloud

Read more

Published: Fri, 15 Nov 2024 06:45:00 GMT

Schwarz Group Partners with Google on EU Sovereign Cloud

The Schwarz Group, one of the world’s largest retailers, has partnered with Google Cloud to develop a sovereign cloud solution that meets the specific needs of European customers.

What is a Sovereign Cloud?

A sovereign cloud is a cloud infrastructure located within a specific country or region and subject to its laws and regulations. It provides organizations with the ability to store and process data locally, ensuring data sovereignty and compliance with local privacy regulations.

Partnership Details

• Schwarz Group will leverage Google Cloud’s infrastructure, technology, and expertise to build a sovereign cloud platform in Germany.
• The platform will be compliant with EU data protection regulations, including the General Data Protection Regulation (GDPR).
• Schwarz Group will have full control over the data stored on the platform and will be responsible for its security and compliance.

Benefits for Schwarz Group

• Data Sovereignty: Schwarz Group can ensure that its data is stored and processed within Germany, meeting regulatory requirements and protecting customer privacy.
• Compliance: The platform will be designed to meet the specific compliance needs of European organizations, including GDPR and other industry regulations.
• Innovation and Agility: Google Cloud’s technology and services will enable Schwarz Group to innovate and transform its operations digitally.

Benefits for Google Cloud

• Growth in Europe: The partnership strengthens Google Cloud’s position in the European market, where sovereign cloud solutions are becoming increasingly important.
• Enhanced Data Protection Capabilities: Google Cloud’s data protection capabilities will be further enhanced by meeting the specific requirements of European customers.
• Market Leadership: The partnership with Schwarz Group demonstrates Google Cloud’s commitment to providing innovative and secure cloud solutions for organizations of all sizes.

Impact on European Cloud Market

The Schwarz Group-Google Cloud partnership is expected to have a significant impact on the European cloud market:

• Increased Demand for Sovereign Clouds: The partnership will create awareness and demand for sovereign cloud solutions among European organizations.
• Greater Competition: Google Cloud’s entry into the European sovereign cloud market will increase competition and drive innovation.
• Boost for Local Cloud Providers: The partnership could encourage other European cloud providers to invest in sovereign cloud offerings.

Overall, the partnership between Schwarz Group and Google Cloud is a major step towards meeting the growing demand for sovereign cloud solutions in Europe and strengthening the European cloud ecosystem.

Williams Racing F1 team supports kids cyber campaign

Read more

Published: Thu, 14 Nov 2024 10:30:00 GMT

Williams Racing F1 Team Supports Kids Cyber Campaign

London, England - April 19, 2023 - Williams Racing Formula 1 team has announced its support for the “Kids Cyber Campaign,” a global initiative aimed at empowering children with the knowledge and skills to navigate the digital world safely and responsibly.

The campaign, launched by the International Telecommunication Union (ITU), promotes digital literacy and cyber security awareness among young people. Williams Racing, as a leading technology-driven organization, recognizes the importance of safeguarding children in the online environment.

The team will work alongside the ITU and other stakeholders to develop educational resources, host workshops, and engage with children through various channels. These initiatives will focus on topics such as online safety, cyberbullying, data privacy, and critical thinking.

“We are proud to join forces with the ITU on this crucial campaign,” said Jost Capito, CEO of Williams Racing. “As a team that relies heavily on technology, we understand the challenges and opportunities presented by the digital world. Our engineers and drivers play a vital role in protecting our intellectual property and online presence, and we want to pass on this knowledge to the next generation.”

“The Kids Cyber Campaign aligns perfectly with our commitment to innovation, education, and societal impact,” added Claire Williams, Deputy Team Principal. “By empowering children with digital literacy, we are shaping a future where they can thrive and fulfill their potential in the digital age.”

The ITU’s Kids Cyber Campaign has been supported by governments, industry leaders, and non-profit organizations worldwide. It has reached millions of children and helped to raise awareness about online safety.

“We are thrilled to have Williams Racing on board as a supporter of the Kids Cyber Campaign,” said Doreen Bogdan-Martin, Director of the ITU Telecommunication Development Bureau. “Their expertise and global reach will be instrumental in empowering children with the skills they need to navigate the digital world safely and securely.”

Williams Racing will integrate the Kids Cyber Campaign into its existing sustainability and social responsibility programs. The team has a long-standing commitment to promoting STEM education and providing opportunities for young people to develop their skills in technology, engineering, and motorsport.

China’s Volt Typhoon rebuilds botnet in wake of takedown

Read more

Published: Wed, 13 Nov 2024 11:06:00 GMT

China’s Volt Typhoon rebuilds botnet in wake of takedown

A Chinese cybercrime gang known as Volt Typhoon has rebuilt its botnet in the wake of a massive takedown by law enforcement in July 2022.

The takedown, led by the FBI and Interpol, dismantled the gang’s infrastructure and arrested dozens of its members. However, the gang has quickly recovered and rebuilt its botnet, which is now estimated to consist of more than 50,000 infected computers.

The Volt Typhoon botnet is used to launch a variety of cyberattacks, including distributed denial of service (DDoS) attacks, ransomware attacks, and cryptocurrency mining. The gang also sells access to its botnet to other cybercriminals, who use it to launch their own attacks.

The rebuilding of the Volt Typhoon botnet is a sign of the resilience of cybercrime gangs. Despite the efforts of law enforcement, these gangs are constantly adapting and finding new ways to profit from their criminal activities.

What can you do to protect yourself from the Volt Typhoon botnet?

There are a number of steps you can take to protect yourself from the Volt Typhoon botnet:

• Keep your software up to date. Software updates often include security patches that fix vulnerabilities that could be exploited by the botnet.
• Use a strong password for your computer and online accounts. A strong password is at least 12 characters long and includes a mix of upper and lower case letters, numbers, and symbols.
• Be careful about what you click on in emails and on the web. Phishing emails and malicious websites can be used to infect your computer with the botnet.
• Use a firewall and antivirus software. A firewall can block unauthorized access to your computer, and antivirus software can detect and remove malware, including the Volt Typhoon botnet.

If you think your computer has been infected with the Volt Typhoon botnet, you should:

• Disconnect your computer from the internet. This will prevent the botnet from spreading to other computers.
• Run a full scan with your antivirus software. This will detect and remove any malware that may be on your computer.
• Change your passwords for your computer and online accounts. This will prevent the attackers from accessing your accounts.

The Volt Typhoon botnet is a serious threat, but there are steps you can take to protect yourself from its attacks.

European eArchiving project aims at eternal archive with smart metadata

Read more

Published: Wed, 13 Nov 2024 09:29:00 GMT

eArchiving: Preserving Digital Heritage for Eternity

The European eArchiving project embarks on an ambitious mission to create an “eternal archive” that safeguards digital information for future generations. Leveraging advanced metadata technologies, this project aims to ensure the long-term accessibility, authenticity, and usability of digital assets.

Smart Metadata: The Key to Unlocking Eternal Preservation

Metadata plays a crucial role in the preservation of digital information. It provides essential context about the file, such as its creator, date of creation, and technical specifications. eArchiving utilizes Semantic Web technologies to create “smart metadata” that automatically extracts, links, and organizes relevant information.

This smart metadata forms the backbone of an “intelligent” archive that can adapt to changing technologies and usage patterns. It allows for automated validation, data enrichment, and seamless retrieval of desired information.

Ensuring Authenticity and Integrity

eArchiving employs various techniques to guarantee the authenticity and integrity of archived digital assets. These include:

• Checksums: Cryptographic algorithms that verify the integrity of files by calculating a unique fingerprint.
• Timestamps: Digital signatures that provide proof of existence and prevent unauthorized modifications.
• Provenance Records: Detailed logs that track the history and custody of digital objects.

Addressing Technological Obsolescence

One of the key challenges in digital preservation is addressing technological obsolescence. As software and hardware evolve, it becomes increasingly difficult to access and interpret older digital files. eArchiving tackles this issue by:

• Emulation: Simulating obsolete systems to allow access to legacy files.
• Format Migration: Converting digital assets into modern file formats to ensure accessibility.
• Open Standards: Adopting open and interoperable standards that promote long-term preservation.

Benefits of the eArchiving Project

The eArchiving project offers numerous benefits, including:

• Preservation of Cultural Heritage: Safeguarding invaluable digital assets such as historical documents, artistic works, and scientific data for future generations.
• Enhanced Research and Education: Facilitating access to archived information for researchers, educators, and the general public.
• Support for Digital Humanities: Providing tools and resources to study and analyze digital archives.
• Increased Accountability and Transparency: Ensuring the authenticity and reliability of digital information.

Conclusion

The eArchiving project is a groundbreaking initiative that aims to create an eternal archive for safeguarding digital information. By harnessing the power of smart metadata, ensuring authenticity, and addressing technological obsolescence, this project will preserve our digital heritage for generations to come.

An explanation of ethical hackers

Read more

Published: Wed, 13 Nov 2024 09:15:00 GMT

Ethical Hackers

Ethical hackers, also known as white hat hackers, are cybersecurity professionals who legally exploit vulnerabilities in computer systems and networks with the intent of improving their security posture.

Role and Activities:

• Vulnerability Assessment and Penetration Testing: They perform authorized security audits to identify and exploit vulnerabilities in target systems, simulating real-world cyberattacks.
• Security Consulting: They provide expert advice to organizations on best practices, risk mitigation measures, and incident response plans.
• Product Security Evaluation: They work with software and hardware manufacturers to assess and improve the security of their products before release.
• Research and Development: Ethical hackers contribute to the cybersecurity industry by researching new vulnerabilities, developing tools, and sharing knowledge.

Ethics and Guidelines:

Ethical hackers adhere to strict ethical guidelines, including:

• Authorization: They only conduct hacking activities with the permission and awareness of the targeted organization.
• Confidentiality: They respect the privacy of the organization and its data by maintaining confidentiality.
• Integrity: They act in a responsible manner, avoiding damage to systems or data.
• Transparency: They clearly disclose their findings and recommendations to the organization.

Benefits of Ethical Hacking:

• Improved Security Posture: Identifies vulnerabilities and provides actionable insights for improving security defenses.
• Risk Mitigation: Proactively addresses potential breaches and reduces the likelihood of successful cyberattacks.
• Regulatory Compliance: Aids organizations in meeting industry regulations and standards related to cybersecurity.
• Enhanced Trust: Reassurance to customers and partners that an organization’s systems are secure and protected.

Qualifications:

Ethical hackers typically possess:

• Strong technical skills in computer science and networking
• Expertise in hacking tools and techniques
• Knowledge of security standards and protocols
• Excellent communication and problem-solving abilities
• Ethical mindset and commitment to responsible hacking

Career Path:

Ethical hackers can pursue careers in:

• Cybersecurity consulting
• Penetration testing
• Vulnerability research
• Product security
• Incident response

Microsoft fixes 89 CVEs on penultimate Patch Tuesday of 2024

Read more

Published: Tue, 12 Nov 2024 17:22:00 GMT

Microsoft released security updates to address 89 vulnerabilities affecting its products on the penultimate Patch Tuesday of 2024. These vulnerabilities affect various Microsoft products, including Windows, Office, Edge, and Azure. Of the 89 vulnerabilities, 10 are rated as Critical, 78 are rated as Important, and one is rated as Moderate.

The most severe vulnerability addressed this month is CVE-2024-44639, a Remote Code Execution vulnerability in the Windows Print Spooler service. This vulnerability could allow an attacker to execute arbitrary code on a target system by sending a specially crafted print job.

Other notable vulnerabilities fixed this month include:

• CVE-2024-44640: A Remote Code Execution vulnerability in the Windows TCP/IP stack. This vulnerability could allow an attacker to execute arbitrary code on a target system by sending a specially crafted TCP packet.
• CVE-2024-44641: A Denial of Service vulnerability in the Windows DNS Server. This vulnerability could allow an attacker to cause a denial of service condition on a target DNS server by sending a specially crafted DNS query.
• CVE-2024-44642: A Security Feature Bypass vulnerability in Microsoft Edge. This vulnerability could allow an attacker to bypass certain security features in Microsoft Edge, such as the Same-Origin Policy.

Microsoft recommends that all users install these updates as soon as possible to protect their systems from these vulnerabilities.

Zero-day exploits increasingly sought out by attackers

Read more

Published: Tue, 12 Nov 2024 11:49:00 GMT

Zero-Day Exploits in High Demand

Zero-day exploits are unpatched vulnerabilities that attackers can leverage to compromise systems or networks. These exploits are highly sought after by attackers as they allow them to gain unauthorized access before vendors have a chance to release a patch.

Increased Demand for Zero-Days

The demand for zero-day exploits has surged in recent years due to:

• Increased use of digital technologies: More interconnected devices and systems provide more attack surfaces for vulnerabilities.
• Growing sophistication of attackers: Attackers are continuously developing new techniques to find and exploit zero-days.
• Financial incentives: Zero-day exploits can be sold for exorbitant prices on the dark web, making them a lucrative target for cybercriminals.

Consequences of Zero-Day Attacks

Zero-day exploits can have severe consequences, including:

• Data breaches and theft
• System disruptions and outages
• Financial losses
• Damage to reputation

Mitigation Strategies

Organizations can mitigate the risks associated with zero-day exploits by:

• Staying up-to-date with patches: Regularly applying software and firmware updates can patch known vulnerabilities.
• Deploying intrusion detection systems (IDS): IDS can detect suspicious activity and alert organizations to potential zero-day attacks.
• Implementing zero-trust architecture: This approach assumes no implicit trust and requires all users and devices to be authenticated and authorized before granting access.
• Educating employees: Training employees on cybersecurity best practices can help prevent zero-day attacks from being exploited through phishing or social engineering.
• Collaborating with security vendors: Staying informed about the latest zero-day threats and coordinating with vendors for timely responses can improve defenses.

Conclusion

Zero-day exploits are a significant threat to organizations worldwide. By adopting a multi-layered approach to defense, including patch management, intrusion detection, zero-trust architecture, employee education, and vendor collaboration, organizations can mitigate the risks posed by these vulnerabilities and safeguard their critical systems and data.