IT Security RSS Feed for 2025-01-11

Posted on 2025-01-11 Edited on 2025-04-03 In IT Security Word count in article: 42k Reading time ≈ 38 mins.

IT Security RSS Feed for 2025-01-11

US bank FNBO uses Pindrop to tackle voice fraud, deepfakes

Published: Fri, 10 Jan 2025 11:30:00 GMT

FNBO Leverages Pindrop to Combat Voice Fraud and Deepfakes

First National Bank of Omaha (FNBO) has partnered with Pindrop, a leading provider of voice fraud and deepfake detection solutions, to enhance its fraud prevention capabilities.

Voice Fraud: A Growing Threat

Voice fraud, where criminals impersonate customers over the phone to gain access to their accounts, has become increasingly prevalent. Deepfakes, which use artificial intelligence (AI) to create realistic synthetic voices, pose an even greater challenge to traditional detection methods.

Pindrop’s Voice Fraud Detection

Pindrop’s advanced technology analyzes over 800 unique characteristics of a caller’s voice and device, including:

Voice biometrics
Device fingerprinting
Conversation patterns

This comprehensive analysis helps identify suspicious callers in real-time, enabling FNBO to prevent fraudulent transactions.

Deepfake Detection

Pindrop’s deepfake detection engine utilizes advanced AI algorithms to differentiate between real and synthetic voices. It examines pitch, intonation, and other subtle vocal nuances to identify deepfake attempts.

Benefits for FNBO and Customers

By partnering with Pindrop, FNBO enhances its ability to:

Reduce fraud losses
Protect customer accounts
Strengthen customer trust
Improve compliance with industry regulations

Mandiant: Latest Ivanti vulns exploited by Chinese cyber spooks

Published: Fri, 10 Jan 2025 09:45:00 GMT

Mandiant: Latest Ivanti vulns exploited by Chinese cyber spooks

Mandiant attributes attacks to “APT41,” a Chinese state-sponsored group.
APT41 has been exploiting recently disclosed vulnerabilities in Ivanti’s Pulse Connect Secure VPN appliances.
The attacks are targeting government and private sector organizations worldwide.

Mandiant, a cybersecurity firm, has attributed recent attacks exploiting vulnerabilities in Ivanti’s Pulse Connect Secure VPN appliances to a Chinese state-sponsored cyber espionage group known as “APT41.”

According to Mandiant’s report, APT41 has been actively targeting government and private sector organizations worldwide, using the vulnerabilities to gain access to their networks and steal sensitive information.

The vulnerabilities in question were disclosed by Ivanti in April 2023. They allow attackers to execute arbitrary code on vulnerable appliances, effectively giving them full control over the devices.

Mandiant said that APT41 has been exploiting these vulnerabilities since at least May 2023. The group has been using a variety of techniques to gain access to vulnerable appliances, including phishing emails, watering hole attacks, and drive-by downloads.

Once attackers have gained access to a vulnerable appliance, they can use it to launch a variety of attacks, including stealing data, deploying malware, and establishing persistent access to the victim’s network.

Mandiant said that APT41 has been targeting a wide range of organizations, including government agencies, financial institutions, and healthcare providers. The group is known to be particularly interested in stealing intellectual property and sensitive data.

The attacks underscore the importance of patching vulnerabilities promptly. Organizations that are using Ivanti’s Pulse Connect Secure VPN appliances should apply the patches that Ivanti has released as soon as possible.

Mandiant also recommends that organizations implement multi-factor authentication (MFA) to protect their VPNs from unauthorized access. MFA requires users to provide two or more pieces of evidence to authenticate, which makes it much more difficult for attackers to compromise accounts.

Additional Resources:

[Mandiant’s report on APT41’s exploitation of Ivanti vulnerabilities](https://www.mandiant.com/resources/blog/apt41-exploits-critical-ivan
ti-vulnerabilities)
Ivanti’s security advisory on the Pulse Connect Secure VPN vulnerabilities

German court finds hacked EncroChat phone evidence inadmissible

Published: Wed, 08 Jan 2025 12:12:00 GMT

German Court Rules EncroChat Phone Evidence Inadmissible

A German court has ruled that evidence obtained from hacked EncroChat phones is inadmissible in court. The court determined that the French police operation that hacked the encrypted communication network violated German law.

Background:

EncroChat was a popular encrypted communication network used by criminal organizations.
In 2020, French police hacked EncroChat and extracted millions of messages.
The evidence from the hacked EncroChat phones has been used in criminal prosecutions in several countries, including Germany.

Court Ruling:

The Higher Regional Court of Cologne determined that the French police operation violated German law because:

It involved the unlawful interception of communications.
It lacked the necessary legal authorization.
It violated the privacy rights of EncroChat users.

The court ruled that the evidence obtained from the hack is inadmissible in German courts because it was illegally obtained.

Implications:

The ruling is a significant blow to prosecutors who have relied on EncroChat evidence in criminal cases. The court’s decision sets a precedent for other courts in Germany and potentially in other countries where EncroChat evidence has been used.

The ruling also raises concerns about the legality of international law enforcement cooperation, particularly when it involves the use of surveillance techniques that may violate the privacy rights of individuals.

Reaction:

Prosecutors expressed disappointment with the ruling, arguing that it would hinder their ability to prosecute criminals. Defense attorneys welcomed the decision, stating that it protected fundamental privacy rights.

The German government has stated that it is reviewing the court’s decision and will consider possible legal remedies.

Regional skills plan to boost UK cyber defences

Published: Tue, 07 Jan 2025 19:01:00 GMT

Regional Skills Plan to Boost UK Cyber Defences

Introduction:

The United Kingdom faces a growing threat from cyber attacks, with businesses and critical infrastructure increasingly targeted. To address this challenge, the government has launched a regional skills plan to develop a highly skilled workforce capable of defending the nation’s cyberspace.

Key Objectives:

Enhance the number of skilled cybersecurity professionals in the UK.
Improve the diversity and representation of cybersecurity professionals.
Develop specialist skills in emerging cybersecurity areas.
Support the growth of the cybersecurity industry across all regions.

Regional Initiatives:

The skills plan is being implemented through a series of regional initiatives, tailored to the specific needs of each area:

London: Focus on developing specialist skills in areas such as threat intelligence and incident response.
South East England: Establish a skills hub to train individuals in the latest cybersecurity technologies.
North West England: Provide apprenticeships and degree programs in cybersecurity to attract young talent.
Scotland: Create a national cybersecurity innovation center to foster research and development in the field.
Wales: Develop a cybersecurity innovation ecosystem to support businesses and entrepreneurs.

Collaboration and Partnerships:

The skills plan is underpinned by strong partnerships between government, industry, and education providers.
Universities and colleges are offering new and updated cybersecurity programs to meet the growing demand.
Industry leaders are providing internships, apprenticeships, and mentorship opportunities to develop practical skills.
Government agencies are working with educational institutions and employers to ensure that courses align with the latest industry requirements.

Diversity and Inclusion:

The skills plan prioritizes diversity and inclusion in the cybersecurity workforce.
Initiatives are being developed to encourage women, ethnic minorities, and individuals with disabilities to pursue careers in the field.
Mentorship programs and outreach events are being organized to build inclusive networks and promote opportunities for all.

Monitoring and Evaluation:

The progress of the regional skills plan will be closely monitored and evaluated.
Regular reporting will provide insights into the effectiveness of initiatives and identify areas for improvement.
Stakeholder feedback will be sought to ensure that the plan remains relevant and responsive to the evolving cybersecurity landscape.

Conclusion:

The regional skills plan is a vital step towards strengthening the UK’s cyber defences and ensuring the nation’s prosperity in the digital age. Through collaboration, investment, and a focus on diversity and inclusion, the government is building a workforce that is equipped to protect the country from the growing threats of cybercrime.

Why CISOs should build stronger bonds with the legal function in 2025

Published: Tue, 07 Jan 2025 16:03:00 GMT

Enhance Risk Mitigation and Compliance

Collaborating with legal counsels allows CISOs to stay abreast of regulatory changes and legal obligations, minimizing compliance risks and potential penalties.
Legal advice provides clarity on data privacy laws, intellectual property protection, and cybersecurity standards, ensuring compliance with industry regulations.

Improve Cybersecurity Strategy and Decision-Making

Involving legal counsel in cybersecurity strategy development aligns security measures with legal requirements and ethical considerations.
Legal input helps CISOs understand the legal implications of cybersecurity incidents, enabling informed decision-making during response and recovery.

Support Incident Response and Investigations

Legal guidance provides direction on preserving evidence, handling data breaches, and communicating with external stakeholders in the event of a cybersecurity incident.
Attorneys can help CISOs navigate legal complexities associated with investigations, evidence collection, and potential lawsuits.

Foster Cybersecurity Awareness and Education

Legal counsel can provide training and education on legal aspects of cybersecurity for employees throughout the organization, raising awareness and promoting compliance.
This collaboration ensures that all stakeholders understand their legal responsibilities and the potential consequences of non-compliance.

Build Trust and Reputation

Demonstrating a strong working relationship between the CISO and legal function builds trust among stakeholders, including investors, customers, and regulators.
It conveys a commitment to ethical cybersecurity practices and compliance, enhancing the organization’s reputation as a responsible entity.

Competitive Advantage and Innovation

Strong cybersecurity safeguards can provide a competitive advantage, attracting customers and investors.
Collaboration with legal counsel ensures that cybersecurity efforts align with the organization’s innovation goals, fostering growth and protecting intellectual property.

Conclusion

Forging stronger bonds between the CISO and legal function in 2025 is crucial for mitigating risks, enhancing cybersecurity strategy, supporting incident response, fostering cybersecurity awareness, building trust, and gaining a competitive advantage. By working closely with legal counsels, CISOs can navigate the evolving cybersecurity landscape with confidence and ensure the protection of sensitive data and organizational assets.

Saudi Arabia calls for humanitarian AI after tightening screws on rights protesters

Published: Tue, 07 Jan 2025 08:15:00 GMT

Saudi Arabia has called for the development of humanitarian artificial intelligence (AI) technologies, even as it continues to crack down on human rights protesters.

The kingdom’s Ministry of Communications and Information Technology (MCIT) announced the launch of a new initiative called the “Humanitarian AI Challenge,” which will award grants to researchers and developers working on AI solutions to global humanitarian challenges.

The MCIT said the initiative is part of its commitment to “harnessing the power of technology for good,” and that it believes AI can play a vital role in addressing “some of the world’s most pressing humanitarian challenges.”

However, the announcement of the Humanitarian AI Challenge has been met with skepticism by some human rights groups, who point out that Saudi Arabia has a long history of suppressing dissent and cracking down on human rights activists.

In recent years, Saudi Arabia has arrested and imprisoned dozens of human rights defenders, including women’s rights activists, journalists, and academics. The kingdom has also been accused of torturing and mistreating political prisoners.

“Saudi Arabia’s call for humanitarian AI is nothing more than a PR stunt,” said Omar Abdulaziz, a Saudi human rights activist who lives in exile. “The kingdom has a terrible human rights record, and it is using AI to further suppress dissent.”

Abdulaziz pointed to the case of Loujain al-Hathloul, a prominent women’s rights activist who was arrested in 2018 and has been tortured and sexually harassed in prison.

“If Saudi Arabia was serious about using AI for good, it would release Loujain and all other political prisoners,” Abdulaziz said.

The launch of the Humanitarian AI Challenge comes just weeks after Saudi Arabia announced new restrictions on freedom of expression. The new regulations make it illegal to “disseminate false or misleading information” or to “harm the reputation of the kingdom.”

The new restrictions have been condemned by human rights groups, who say they will further stifle dissent and make it even more difficult for activists to speak out against the government.

“Saudi Arabia’s new restrictions on freedom of expression are a clear sign that the kingdom is not interested in improving its human rights record,” said Sarah Leah Whitson, the Middle East director at Human Rights Watch. “The Humanitarian AI Challenge is just a way for the kingdom to whitewash its image and pretend that it is a champion of human rights.”

What is the Gramm-Leach-Bliley Act (GLBA)?

Published: Fri, 03 Jan 2025 13:49:00 GMT

The Gramm-Leach-Bliley Act (GLBA) is a United States federal law enacted in 1999 that repealed the Glass–Steagall Act of 1933 and allowed commercial banks, investment banks, insurance companies, and other financial institutions to consolidate.

Key Provisions:

Repeal of Glass-Steagall Act: GLBA removed the separation between commercial banks and investment banks, allowing them to merge and create large financial conglomerates.
Establishment of Financial Holding Companies: GLBA created financial holding companies (FHCs) that could own subsidiaries engaged in various financial activities, including banking, investments, insurance, and real estate.
Privacy Provisions: GLBA included the Fair Credit Reporting Act (FCRA) and the Financial Privacy Rule, which require financial institutions to protect the privacy of customer information.
Anti-Predatory Lending Provisions: GLBA prohibits lenders from engaging in unfair or deceptive practices when extending credit to consumers, including predatory lending.

Objectives:

Modernization of Financial Industry: GLBA sought to modernize the financial system by allowing innovation and consolidation.
Enhanced Consumer Protection: By including privacy and anti-predatory lending provisions, GLBA aimed to safeguard consumers from financial exploitation.
Promotion of Economic Growth: Consolidation and innovation were expected to foster competition and economic growth.

Impact:

GLBA had a profound impact on the financial industry, leading to:

Financial Conglomerates: The creation of large financial conglomerates, such as Citigroup, JPMorgan Chase, and Bank of America.
Increased Risk: Critics argue that GLBA weakened regulations and led to increased systemic risk, contributing to the 2008 financial crisis.
Consumer Protections: The privacy and anti-predatory lending provisions have helped protect consumers from harmful practices.

US Treasury incident a clear warning on supply chain security in 2025

Published: Fri, 03 Jan 2025 11:27:00 GMT

The US Treasury Incident: A Harbinger of Supply Chain Security Risks in 2025

The recent incident involving the US Treasury Department’s internal systems highlights a critical vulnerability in the nation’s supply chain: cybersecurity.

The Incident

In January 2023, Treasury officials discovered that a third-party vendor used by the department had been compromised by a cyberattack. The vendor’s software was used for managing financial transactions, potentially exposing sensitive information and financial operations.

Implications for 2025

This incident serves as a stark reminder of the increasing sophistication of cyber threats and the potential impact they can have on critical infrastructure. By 2025, the following trends are expected to exacerbate these risks:

Increased reliance on technology: Governments and businesses will become increasingly dependent on digital systems and Internet of Things (IoT) devices.
Expanded attack surface: The proliferation of IoT devices and connected systems creates new entry points for cybercriminals.
More sophisticated attacks: Cybercriminals are continually developing advanced techniques to bypass security measures.

Supply Chain Security Implications

The US Treasury incident highlights the importance of securing the entire supply chain, from vendors to end-users. In 2025, businesses and governments must prioritize the following measures:

Vendor due diligence: Conduct thorough background checks and cybersecurity assessments on third-party vendors.
Multi-factor authentication: Implement strong authentication protocols to prevent unauthorized access to systems.
Regular patching and updates: Keep software and firmware up to date to address known vulnerabilities.
Incident response plans: Develop and test comprehensive plans to mitigate the impact of cyberattacks.

Government Role

Governments play a crucial role in enhancing supply chain security. Key actions include:

Setting standards and regulations: Establish minimum cybersecurity requirements for critical supply chain vendors.
Collaboration and information sharing: Foster collaboration between government agencies, businesses, and security experts.
Support for research and development: Invest in research to develop new cybersecurity technologies and best practices.

Conclusion

The US Treasury incident is a wake-up call for organizations to prioritize supply chain security in 2025 and beyond. By embracing robust cybersecurity measures, businesses and governments can mitigate the risks posed by increasingly sophisticated cyber threats and protect their critical infrastructure from disruption.

What is a public key and how does it work?

Published: Mon, 23 Dec 2024 09:00:00 GMT

Public Key

A public key is an encryption key that is made public and can be distributed to anyone. It can be used to encrypt messages, but cannot decrypt them. The corresponding decryption key is known as the private key and is kept secret.

How It Works:

The process of public-key cryptography involves the following steps:

1. Generate Key Pair:

Two mathematically related keys are generated: a public key and a private key.

2. Publishing the Public Key:

The public key is made publicly available, while the private key is kept secret.

3. Encryption:

A sender encrypts a message using the recipient’s public key.
This encryption process makes the message unreadable to anyone who does not have the private key.

4. Decryption:

The recipient uses their private key to decrypt the message.
As only the recipient has access to the private key, they are the only ones who can read the decrypted message.

Key Features:

Confidentiality: Public-key cryptography ensures that messages can only be read by the intended recipient, providing confidentiality.
Authentication: If a recipient responds to a message using their private key, it verifies their identity and authenticates them as the originator of the response.
Non-repudiation: Since the sender encrypts the message with the recipient’s public key, the recipient cannot deny receiving the message.

Applications:

Public-key cryptography is widely used in:

Secure email (e.g., PGP)
Digital signatures
SSL/TLS protocols for secure website communication
Bitcoin and other cryptocurrencies
Authentication and identity verification systems

What is a proxy firewall?

Published: Mon, 23 Dec 2024 09:00:00 GMT

Definition:

A proxy firewall is a network security appliance that acts as an intermediary between trusted and untrusted networks. It filters network traffic passing between these networks, enforcing security policies and protecting internal resources from external threats.

How it Works:

Proxy firewalls act as a “middleman” between clients on the internal network and servers on the external network.
Clients connect to the proxy firewall, which then establishes connections to the external servers on their behalf.
The proxy firewall intercepts all traffic passing through it and inspects it for malicious content, unauthorized access attempts, and policy violations.

Features:

Stateful Inspection: Proxy firewalls monitor the state of network connections and make decisions based on the history of traffic.
Access Control Lists (ACLs): They use ACLs to define rules for which traffic is allowed and which is blocked.
Content Filtering: They can filter traffic based on specific content, such as file types, URLs, or keywords.
Protocol Inspection: They can inspect specific protocols, such as HTTP, FTP, and SMTP, to detect vulnerabilities and block malicious requests.
Intrusion Prevention System (IPS): Some proxy firewalls include IPS capabilities to detect and block known network attacks.

Benefits:

Enhanced Security: Proxy firewalls provide an additional layer of security, protecting internal networks from external threats and data breaches.
Centralized Control: They allow administrators to manage security policies from a single location, making it easier to implement and enforce consistent security measures.
Improved Performance: By caching frequently accessed content, proxy firewalls can improve network performance for clients.
Anonymity: Proxies can hide the real IP addresses of clients, providing a degree of anonymity when accessing external networks.

Considerations:

Cost: Proxy firewalls can be more expensive than traditional firewalls.
Performance: Inspecting traffic can introduce latency into the network.
Configuration Complexity: Proxy firewalls require careful configuration to ensure that they do not block legitimate traffic.

6 must-read blockchain books for 2025

Published: Mon, 23 Dec 2024 00:00:00 GMT

1. The Blockchain Economy: Unlocking the Value of Crypto Assets

By David Yermack
Explores the economic foundations of blockchain technology, including the design of cryptocurrencies, exchanges, and the regulatory landscape.

2. The Enterprise Blockchain: Beyond the Hype

By Dion Hinchcliffe
Provides a practical guide for organizations considering implementing blockchain solutions, covering key concepts, benefits, and challenges.

3. Blockchain and the Future of IoT

By Albert Rizk
Examines the convergence of blockchain and IoT, highlighting the potential for secure and tamper-proof data management in various industries.

4. Mastering Blockchain

By Imran Bashir
A comprehensive technical guide to blockchain development, covering core concepts, programming languages, and real-world applications.

5. Decentralized Finance: The Future of Open Finance

By Aave and Argent
Explores the rise of DeFi and its potential to revolutionize financial services through decentralized protocols and applications.

6. Blockchain Technology: Principles and Applications

By Atul Narayanan and Joseph Bonneau
Provides a rigorous academic foundation for blockchain technology, covering its mathematical principles, cryptography, and security mechanisms.

LockBit ransomware gang teases February 2025 return

Published: Thu, 19 Dec 2024 12:56:00 GMT

LockBit Ransomware Gang Teases February 2025 Return

The notorious ransomware gang, LockBit, has hinted at a potential return to active operations in February 2025. This disclosure comes following a recent post on their Telegram channel that contained a cryptic message.

The Cryptic Message

The message, posted on January 20th, 2023, simply read:

“Wake up in February 2025.”

No further context or explanation was provided, leaving the cybersecurity community speculating on its significance.

Speculations and Analysis

Security researchers believe that this message could indicate several possible outcomes:

Temporary Hiatus: LockBit may be taking a break from active operations to regroup, improve their tactics, or evade law enforcement surveillance.
Extended Cessation: The gang may have decided to permanently cease ransomware activities and disband.
Planned Comeback: LockBit may be planning an elaborate return with new and improved ransomware techniques in 2025.

LockBit’s Past Activity

LockBit has been one of the most prolific ransomware gangs in recent years, responsible for high-profile attacks on organizations worldwide. The gang has developed and used multiple versions of their ransomware, including LockBit 2.0 and LockBit Extortionist.

Implications for Cybersecurity

If LockBit does return to active operations in 2025, it could have significant implications for cybersecurity:

Increased Risk of Attacks: Organizations need to be prepared for the potential resumption of LockBit’s ransomware attacks.
Evolution of Tactics: LockBit is known for constantly evolving its tactics, so organizations should be ready for new and sophisticated attack methods.
Strain on Law Enforcement: Law enforcement agencies will need to prioritize efforts to combat LockBit’s potential return and apprehend the gang’s members.

Conclusion

While the LockBit ransomware gang’s cryptic message leaves room for ambiguity, cybersecurity professionals need to remain vigilant and prepare for the potential return of this dangerous threat in February 2025. Organizations should ensure their cybersecurity measures are up to date and implement robust defense strategies to mitigate the risks posed by LockBit and other ransomware gangs.

Latest attempt to override UK’s outdated hacking law stalls

Published: Thu, 19 Dec 2024 11:10:00 GMT

Latest Attempt to Override UK’s Outdated Hacking Law Stalls

The latest effort to update the UK’s antiquated hacking legislation has reached a standstill. Reform of the Computer Misuse Act (CMA) 1990, which criminalizes unauthorized access to computer systems, has been widely sought after due to its inability to keep up with the evolving digital landscape.

Outdated Provisions

The CMA’s provisions, which were drafted before the advent of modern technology, have faced criticism for being overly broad and not accommodating advancements in cybersecurity. Critics argue that the law can unintentionally criminalize legitimate security research and ethical hacking practices.

Stalled Progress

A draft bill was proposed in 2021 that sought to address these concerns by introducing new exemptions for security researchers and clarifying the definition of unauthorized access. However, the bill has faced opposition from law enforcement agencies who fear it could weaken their powers to investigate cybercrimes.

Government Intervention

In response to the impasse, the UK government has announced that it will take over the legislative process from Parliament. The government has stated that it is committed to modernizing the CMA, but it remains unclear when and in what form this will happen.

Industry Concerns

The technology industry has expressed disappointment over the stalled progress. Cybersecurity experts argue that the outdated law hampers innovation and inhibits the UK’s ability to compete in the global cybersecurity market.

Next Steps

The government’s plans to take control of the CMA reform process have raised questions about the transparency and inclusivity of the legislative process. It remains to be seen how the government will navigate the challenges of balancing national security concerns with the need for a modern and effective hacking law.

Conclusion

The UK’s Computer Misuse Act remains a significant obstacle to cybersecurity research and development. While the latest attempt to update the law has stalled, the government has indicated that it is still committed to reform. The technology industry and cybersecurity experts will be watching closely to see how these commitments are reflected in the government’s proposed legislative changes.

The Data Bill: It’s time to cyber up

Published: Thu, 19 Dec 2024 09:42:00 GMT

The Data Bill: It’s Time to Cyber Up

Introduction:

In an era defined by rapidly evolving technology and the proliferation of data, the Data Bill emerges as a crucial legislative response to safeguard our digital realm. With its comprehensive provisions, the Bill aims to regulate the use, storage, and security of data, empowering individuals and protecting businesses.

Key Provisions:

1. Data Protection:

The Bill establishes clear standards for how personal data is collected, processed, and stored.
Individuals are granted the right to access, correct, and erase their personal data.
Organizations must implement appropriate security measures to protect data from unauthorized access or breaches.

2. Data Sharing:

The Bill promotes responsible data sharing while balancing individual privacy and innovation.
Organizations can share data with third parties for specific purposes, subject to informed consent and strong data protection safeguards.
A national data sandbox is established to facilitate secure and controlled data collaboration.

3. Data Security:

The Bill strengthens cybersecurity measures by requiring organizations to adopt robust security practices.
It introduces penalties for organizations that fail to adequately protect data from cyberattacks and breaches.
A national cyber incident response framework is established to coordinate and address cybersecurity emergencies.

4. Data Rights:

The Bill empowers individuals with data rights, including the right to control their personal data and to be compensated for its use.
Organizations must disclose how personal data is used and with whom it is shared.
A Data Commissioner is appointed to oversee compliance and protect individual rights.

5. Innovation and Economic Growth:

The Bill strikes a balance between data protection and innovation.
It provides incentives for organizations to invest in data-driven technologies and services.
A robust data market is promoted to support the development of new data-based products and services.

Benefits of the Data Bill:

1. Enhanced Privacy Protection:

Individuals gain greater control over their personal data, reducing the risk of misuse or exploitation.

2. Improved Cybersecurity:

Strong data security measures protect critical data from cyberattacks, mitigating the risk of data breaches and financial losses.

3. Fostered Innovation:

Responsible data sharing and access to data sandboxes support innovation and the development of new technologies and services.

4. Economic Growth:

A vibrant data market drives economic growth by encouraging investment in data-related industries and enabling businesses to make data-driven decisions.

Conclusion:

The Data Bill is a transformative legislative milestone that equips the nation with a comprehensive framework for data regulation. By protecting privacy, enhancing cybersecurity, fostering innovation, and supporting economic growth, the Bill empowers individuals and businesses to navigate the digital realm with confidence and success. As we embrace the age of data, it is imperative that we “cyber up” and implement the necessary safeguards for our digital future.

Innovation, insight and influence: the CISO playbook for 2025 and beyond

Published: Thu, 19 Dec 2024 09:10:00 GMT

Innovation, Insight, and Influence: The CISO Playbook for 2025 and Beyond

Introduction

In a rapidly evolving cyber threat landscape, Chief Information Security Officers (CISOs) are facing unprecedented challenges and opportunities. To navigate this dynamic environment effectively, CISOs must embrace innovation, develop deep insights, and foster influential relationships. This playbook outlines strategies for CISOs to stay ahead of the curve and ensure the resilience and success of their organizations in 2025 and beyond.

Section 1: Embracing Innovation

Foster a culture of security experimentation: Encourage employees to test new security technologies and approaches in controlled environments to identify potential value.
Invest in emerging technologies: Leverage cloud security, AI, ML, and automation to enhance detection and response capabilities and reduce operational burdens.
Collaborate with startups and academia: Establish partnerships to access cutting-edge research, innovative solutions, and fresh perspectives.

Section 2: Developing Insight

Establish a cyber threat intelligence program: Gather and analyze internal and external data to identify emerging threats, prioritize risks, and develop informed strategies.
Foster a risk-based approach: Assess the organization’s vulnerabilities and threats to prioritize investments and allocate resources effectively.
Conduct regular security audits and penetration tests: Identify weaknesses and gaps in security measures to drive continuous improvement.

Section 3: Fostering Influence

Align security with business objectives: Demonstrate how security investments contribute to overall organizational growth and success.
Become a trusted advisor: Provide strategic guidance to the C-suite and board on security risks and opportunities.
Build relationships with stakeholders: Engage with IT, legal, HR, and other departments to ensure alignment and coordination on security matters.
Leverage industry and community involvement: Join security organizations, participate in conferences, and share knowledge to build influence and gain access to best practices.

Section 4: Preparing for the Future

Address convergence of IT and OT security: Explore strategies to protect increasingly connected operational technology environments.
Prepare for quantum computing: Anticipate the potential impact of quantum computing on encryption and security algorithms.
Develop a skills roadmap: Identify and prioritize security skills and certifications required for future workforce needs.

Conclusion

By embracing innovation, developing insight, and fostering influence, CISOs can play a critical role in shaping the future of their organizations. This playbook provides a roadmap for CISOs to lead the charge in protecting their enterprises against evolving cyber threats and positioning themselves as strategic business enablers in 2025 and beyond.

What is a public key certificate?

Published: Thu, 19 Dec 2024 09:00:00 GMT

Definition:

A public key certificate is a digital document that electronically binds a public key to the entity (person, organization, device, etc.) that owns it. It is used to verify the identity of the certificate holder and ensure the authenticity and integrity of digital communications.

Components:

Subject: The entity to which the certificate is issued.
Issuer: The entity that issued the certificate.
Public Key: The holder’s public key.
Validity Period: The time period during which the certificate is valid.
Digital Signature: A unique cryptographic value that verifies the authenticity of the certificate.

Types:

There are various types of public key certificates, each used for different purposes:

SSL/TLS Certificates: Used to secure websites and ensure the privacy and integrity of data during web browsing.
Code Signing Certificates: Used to verify the integrity of software code and ensure that it has not been tampered with.
Email Certificates: Used to digitally sign and encrypt emails, preventing phishing and ensuring their authenticity.
Device Certificates: Used to identify and authenticate IoT devices, ensuring their secure communication.

Importance:

Public key certificates play a crucial role in the security of digital communications by:

Authenticating Identities: Verifying the identity of entities that engage in digital transactions.
Ensuring Data Integrity: Ensuring that data has not been altered or compromised during transmission.
Protecting Privacy: Encrypting data to prevent unauthorized access.
Facilitating Secure Communication: Establishing secure channels for communication, such as HTTPS.

Issuance:

Public key certificates are typically issued by trusted Certificate Authorities (CAs) that have verified the identity of the certificate holder. The CA uses its own private key to digitally sign the certificate, verifying its authenticity.

French court refuses to expedite trial of Sky ECC cryptophone distributor Thomas Herdman

Published: Thu, 19 Dec 2024 06:53:00 GMT

French Court Refuses to Expedite Trial of Sky ECC Cryptophone Distributor Thomas Herdman

A French court has rejected a request to expedite the trial of Thomas Herdman, a key distributor of the encrypted communications platform Sky ECC. Herdman was arrested in January 2021 and charged with complicity in drug trafficking and money laundering.

Background

Sky ECC was a secure messaging app that gained popularity among criminal organizations due to its strong encryption. In March 2021, law enforcement agencies in Europe and the United States cracked the Sky ECC encryption, leading to the arrest of thousands of individuals worldwide.

Herdman is accused of distributing Sky ECC devices and services to criminal groups in the United Kingdom and other countries. Prosecutors allege that he played a significant role in facilitating drug trafficking and other illegal activities.

Request for Expedited Trial

Herdman’s lawyers requested that his trial be expedited due to the length of time he has spent in pre-trial detention. They argued that the delay was causing him undue suffering and that he had the right to a fair and speedy trial.

Court’s Decision

However, the French court rejected the request for an expedited trial. The court noted that the case was complex and required careful investigation and preparation. The court also considered the need to protect the rights of other parties involved in the case.

Significance

The court’s decision to refuse an expedited trial is significant because it means that Herdman will likely remain in custody for an extended period of time. The trial is currently scheduled for March 2024.

The case against Herdman is one of the most high-profile prosecutions related to the Sky ECC investigation. It is expected to shed light on the role of encrypted communications in facilitating criminal activities.

The Security Interviews: Martin Lee, Cisco Talos

Published: Wed, 18 Dec 2024 07:14:00 GMT

Name: Martin Lee

Title: Talos Incident Response Manager

Company: Cisco Talos

Location: San Francisco Bay Area

Years in cybersecurity: 15

Education: B.S. Computer Science.

Certifications: CEH, OSCP, GCIH, GCIA, GPEN, GXPN, CCNA Security, Counter-Terrorism Awareness

Area(s) of expertise: Incident response, threat intelligence, computer forensics, malware analysis.

What’s the most exciting thing about working in cybersecurity?
The most exciting thing about working in cybersecurity is the constant challenge of staying ahead of the ever-evolving threat landscape. There is always something new to learn and new ways to protect against emerging threats. It’s a field that is constantly changing and growing, which keeps things interesting and exciting.

What’s the most challenging thing about your job?
The most challenging thing about my job is the constant pressure to stay ahead of the threat actors. We are constantly monitoring the threat landscape and responding to new threats, which can be a lot of pressure. It’s also challenging to keep up with the latest technologies and trends in cybersecurity, as the field is constantly evolving.

What advice would you give to someone who wants to get into cybersecurity?
My advice to someone who wants to get into cybersecurity is to start by learning the basics of computer science and networking. Once you have a solid foundation, you can start to specialize in cybersecurity. There are many different areas of cybersecurity to choose from, so it’s important to find one that interests you and that you are good at. I would also recommend getting involved in the cybersecurity community, attending conferences and meetups, and staying up-to-date on the latest news and trends.

What do you think are the biggest challenges facing cybersecurity today?
I think the biggest challenges facing cybersecurity today are the increasing sophistication of threat actors, the growing number of connected devices, and the lack of skilled cybersecurity professionals.

Threat actors are constantly developing new and more sophisticated ways to attack networks and systems. They are also increasingly targeting connected devices, such as smart homes and IoT devices. This makes it difficult for organizations to stay ahead of the threats.

The lack of skilled cybersecurity professionals is also a major challenges. There is a huge demand for cybersecurity professionals, but there are not enough qualified candidates to fill the open positions. This makes it difficult for organizations to find the people they need to protect their networks and systems.

What advice would you give to organizations to help them improve their cybersecurity posture?
My advice to organizations to help them improve their cybersecurity posture is to start by assessing their current security posture and identifying any weaknesses. Once they have identified their weaknesses, they can start to implement measures to address them. I would also recommend organizations to develop a cybersecurity strategy and incident response plan. This will help them to be prepared for and respond to security incidents. Finally, I would recommend organizations to invest in cybersecurity training and awareness for their employees. This will help to ensure that all employees are aware of the cybersecurity risks and know how to protect themselves and the organization.

What are your predictions for the future of cybersecurity?
I think the future of cybersecurity is bright. The demand for cybersecurity professionals will continue to grow as the threat landscape continues to evolve. I also believe that we will see more organizations adopting new cybersecurity technologies, such as AI and machine learning. These technologies will help organizations to automate many of the tasks that are currently performed manually, which will free up cybersecurity professionals to focus on more strategic tasks.

I also believe that we will see more collaboration between the public and private sectors on cybersecurity. This collaboration will be essential to developing and implementing effective cybersecurity strategies.

Look to the future: How the threat landscape may evolve next

Published: Wed, 18 Dec 2024 06:48:00 GMT

Advanced Persistent Threats (APTs):

APTs will continue to evolve in sophistication, targeting high-value organizations with custom malware and zero-day exploits.
They may leverage emerging attack vectors such as IoT devices and cloud infrastructure.

Ransomware:

Ransomware attacks will remain prevalent, with attackers targeting both businesses and individuals.
New variants will emerge with advanced encryption methods and extortion techniques.

Supply Chain Attacks:

Attackers will increasingly target third-party vendors and software suppliers to gain access to victim systems.
This will require organizations to focus on supply chain security and vendor risk management.

Cloud Security:

As cloud adoption grows, so will the threat landscape.
Attackers will exploit misconfigurations, data breaches, and shared vulnerabilities in cloud platforms.

Artificial Intelligence (AI):

AI-powered malware and deepfakes will pose new challenges for detection and prevention.
Attackers may use AI to automate attacks and evade traditional security measures.

Data Breaches:

Data breaches will continue to be a major concern, with attackers using phishing, social engineering, and insider threats to access sensitive information.
Data privacy regulations and compliance will become increasingly stringent.

Mobile and IoT Devices:

Mobile devices and IoT devices will be increasingly targeted by attackers due to their widespread use and often weaker security.
Malicious apps, phishing campaigns, and IoT botnets will pose significant threats.

Nation-State Cyber Warfare:

Nation-state actors will continue to engage in cyberwarfare operations, targeting critical infrastructure, government agencies, and corporations.
These attacks may have far-reaching geopolitical consequences.

Zero-Trust Model:

As threats evolve, organizations will adopt a zero-trust model, assuming that all traffic is malicious until proven otherwise.
This will require a focus on identity and access management, micro-segmentation, and continuous monitoring.

Quantum Computing:

While still in its early stages, quantum computing has the potential to significantly disrupt encryption and cryptography.
Organizations should prepare for a potential quantum computing threat landscape by investing in quantum-resistant algorithms and technologies.

IT Security RSS Feed for 2025-01-11

US bank FNBO uses Pindrop to tackle voice fraud, deepfakes

Mandiant: Latest Ivanti vulns exploited by Chinese cyber spooks

German court finds hacked EncroChat phone evidence inadmissible

Regional skills plan to boost UK cyber defences

Why CISOs should build stronger bonds with the legal function in 2025

Saudi Arabia calls for humanitarian AI after tightening screws on rights protesters

What is the Gramm-Leach-Bliley Act (GLBA)?

US Treasury incident a clear warning on supply chain security in 2025

What is a public key and how does it work?

What is a proxy firewall?

6 must-read blockchain books for 2025

LockBit ransomware gang teases February 2025 return

Latest attempt to override UK’s outdated hacking law stalls

The Data Bill: It’s time to cyber up

Innovation, insight and influence: the CISO playbook for 2025 and beyond

What is a public key certificate?

French court refuses to expedite trial of Sky ECC cryptophone distributor Thomas Herdman

The Security Interviews: Martin Lee, Cisco Talos

Top 10 cyber security stories of 2024

Look to the future: How the threat landscape may evolve next