IT Security RSS Feed for 2025-01-12

Posted on 2025-01-12 Edited on 2025-04-06 In IT Security Word count in article: 39k Reading time ≈ 35 mins.

IT Security RSS Feed for 2025-01-12

US bank FNBO uses Pindrop to tackle voice fraud, deepfakes

Published: Fri, 10 Jan 2025 11:30:00 GMT

US Bank FNBO Partners with Pindrop to Enhance Voice Fraud Protection and Mitigate Deepfake Threats

First National Bank of Omaha (FNBO), a subsidiary of First National of Nebraska, has joined forces with Pindrop, a leading provider of voice security and fraud detection solutions, to strengthen its voice channel defenses. This partnership aims to combat sophisticated voice fraud techniques, including deepfakes, and safeguard customers’ financial information.

Combating Voice Fraud with Pindrop’s Technology

Pindrop’s advanced voice authentication and fraud detection platform analyzes over 1 billion voice calls annually, harnessing artificial intelligence and machine learning to identify fraudulent activities. It employs a multi-layered approach, including:

Voice Biometrics: Analyzes unique vocal patterns to verify caller identity.
Device Reputation: Assesses the trustworthiness of devices used to make calls.
Call Pattern Analysis: Detects anomalies in call behavior that may indicate fraud.

Mitigating Deepfake Threats

Deepfakes, realistic audio or video forgeries, pose a significant threat to voice fraud. Pindrop’s technology leverages advanced deepfake detection algorithms to distinguish between genuine and synthetic voices. This capability helps FNBO identify and block deepfake-based fraud attempts.

Benefits of the Partnership

FNBO’s partnership with Pindrop offers several key benefits:

Reduced Fraud Losses: Enhanced detection capabilities minimize financial losses due to fraudulent transactions.
Improved Customer Experience: Seamless and secure voice interactions enhance customer satisfaction.
Increased Regulatory Compliance: Adherence to industry standards and regulations regarding voice fraud prevention.
Protection Against Emerging Threats: Pindrop’s continual innovation ensures protection against evolving voice fraud techniques.

Executive Quotes

“Voice fraud remains a persistent threat, and we are committed to safeguarding our customers’ accounts,” said Don DiGuglielmo, Chief Information Security Officer at FNBO. “Pindrop’s industry-leading solutions will significantly strengthen our voice channel protections.”

“We are proud to partner with FNBO to secure their voice interactions,” said Vijay Balasubramaniyan, CEO of Pindrop. “Our advanced technology will enable FNBO to stay ahead of fraudsters and provide their customers with peace of mind.”

Conclusion

FNBO’s partnership with Pindrop is a transformative step in the bank’s fight against voice fraud and deepfakes. By leveraging Pindrop’s innovative solutions, FNBO can effectively protect its customers, reduce financial losses, and maintain a high level of trust and security in its voice channel.

Mandiant: Latest Ivanti vulns exploited by Chinese cyber spooks

Published: Fri, 10 Jan 2025 09:45:00 GMT

Mandiant: Latest Ivanti vulns exploited by Chinese cyber spooks

Summary

Mandiant, a cybersecurity firm, has revealed that Chinese state-sponsored hackers are actively exploiting zero-day vulnerabilities in the Ivanti software to launch cyberespionage attacks. These attacks have targeted organizations in the technology, government, and healthcare sectors.

Vulnerabilities Exploited

The vulnerabilities being exploited are CVE-2023-21967 and CVE-2023-21968, which affect Ivanti Patch for MEM/SCCM and Ivanti Endpoint Security for Endpoint Manager, respectively. These vulnerabilities allow attackers to gain remote access to affected systems and execute arbitrary code.

Attacker Profile

Mandiant has attributed these attacks to a Chinese state-sponsored hacking group known as APT41. APT41 is known for its sophisticated cyberespionage campaigns and has previously targeted similar sectors.

Impact

The exploitation of these vulnerabilities could lead to a range of severe consequences, including data exfiltration, ransomware deployment, and disruption of critical systems.

Mitigation

Mandiant recommends that organizations patch their affected Ivanti software immediately. Ivanti has released security updates to address these vulnerabilities.

Additional Actions

In addition to patching, organizations should take the following steps to protect themselves:

Enable multi-factor authentication (MFA) for all remote access
Monitor network activity for suspicious traffic
Conduct regular security audits

Conclusion

The exploitation of Ivanti vulnerabilities by Chinese state-supported hackers is a serious threat to organizations. By patching their software and implementing additional security measures, organizations can mitigate the risk of compromise.

German court finds hacked EncroChat phone evidence inadmissible

Published: Wed, 08 Jan 2025 12:12:00 GMT

German Court Rules EncroChat Phone Evidence Inadmissible

A German court has ruled that evidence obtained from hacked EncroChat mobile phones cannot be used in criminal proceedings, dealing a blow to law enforcement efforts to combat organized crime.

EncroChat Background

EncroChat was a secure messaging service used by criminals to communicate and plan illegal activities. In 2020, law enforcement agencies in Europe infiltrated EncroChat’s network and intercepted millions of messages.

German Court Ruling

In a landmark ruling, the Higher Regional Court of Celle, Germany, found that the evidence gathered from the hacked EncroChat phones was inadmissible because it had been obtained in violation of German constitutional rights.

The court held that the hack was an unlawful intrusion into the privacy of the device owners and that it had violated their right to telecommunications secrecy. The court also criticized the European cooperation that led to the hack, arguing that it had not been properly authorized.

Implications for Law Enforcement

The German court’s ruling has significant implications for law enforcement in Europe and beyond. It suggests that evidence obtained through similar covert operations may also be deemed inadmissible in other jurisdictions.

This could make it more difficult for law enforcement to prosecute organized crime groups who rely on encrypted messaging services to plan and coordinate their activities.

Response from Law Enforcement

Law enforcement agencies have expressed disappointment with the German court’s ruling. They argue that the hack of EncroChat was a necessary tool to combat serious crime and that it has led to the arrest of numerous criminals.

Some agencies have indicated that they are considering appealing the ruling or seeking alternative ways to use the evidence.

Legal and Constitutional Implications

The German court’s ruling raises important legal and constitutional questions about the balance between public safety and individual privacy.

It remains to be seen how other courts will rule on similar cases involving evidence obtained through covert operations. The ruling is likely to have a lasting impact on the use of encrypted messaging services by criminals and the methods used by law enforcement to combat them.

Regional skills plan to boost UK cyber defences

Published: Tue, 07 Jan 2025 19:01:00 GMT

Regional Skills Plan to Enhance UK Cyber Defenses

Introduction

In response to the growing threat of cyberattacks, the United Kingdom has developed a comprehensive regional skills plan to strengthen its cyber defenses and address the national shortage of qualified professionals.

Plan Objectives

Increase the number of skilled cybersecurity professionals: Target to train and develop 20,000 new cybersecurity experts by 2025.
Enhance existing skills: Train and upskill current professionals in cybersecurity best practices and emerging technologies.
Promote diversity and inclusion: Encourage underrepresented groups to pursue careers in cybersecurity and create a more inclusive workforce.
Foster collaboration between industry, academia, and government: Establish partnerships and share resources for effective training and workforce development.

Key Components

Education and Training: Develop specialized cybersecurity degree programs, certifications, and vocational training initiatives.
Industry Partnerships: Engage with employers to identify skills gaps and provide tailored training programs.
Apprenticeships and Work-Based Learning: Offer apprenticeship programs and work placements to provide practical experience.
Research and Innovation: Support research and development in cybersecurity technologies and solutions.
Awareness Campaigns: Educate the public and businesses about the importance of cybersecurity and encourage young people to pursue careers in the field.

Regional Focus

The plan is designed to address the unique needs and strengths of different regions within the UK. Key regions include:

London: Home to a large concentration of cybersecurity firms and government agencies.
Scotland: Renowned for cybersecurity research and development.
Northern Ireland: A hub for tech and innovation, including cybersecurity.
West Midlands: A manufacturing and logistics center with increasing cybersecurity demands.
North East England: A region with a growing cybersecurity sector.

Benefits

Strengthened National Cybersecurity: A skilled workforce will protect critical infrastructure, businesses, and individuals from cyber threats.
Economic Growth: Cybersecurity is a high-growth industry with significant employment opportunities.
Improved Resilience: A robust cybersecurity workforce will enhance the UK’s resilience to cyberattacks and improve public confidence in digital services.
Increased International Competitiveness: A highly skilled cybersecurity sector will boost the UK’s standing as a global leader in the field.

Implementation

The skills plan will be implemented through a coordinated effort involving:

Government funding and support
Collaboration between industry and educational institutions
Engagement with professional organizations and certifying bodies
Public awareness and outreach campaigns

Conclusion

The Regional Skills Plan for Cyber Defenses is a comprehensive framework to boost the UK’s cybersecurity workforce and strengthen its ability to defend against cyber threats. By investing in education, training, and partnerships, the UK can create a skilled and diverse workforce that will protect national interests and drive economic growth.

Why CISOs should build stronger bonds with the legal function in 2025

Published: Tue, 07 Jan 2025 16:03:00 GMT

Enhanced Cyber Resilience:

Legal expertise can guide CISOs in developing comprehensive security policies, incident response plans, and compliance frameworks that align with industry best practices.
Legal support can help CISOs navigate complex regulatory landscapes, ensuring compliance and mitigating legal risks.

Improved Risk Management:

Legal counsel can provide insights into legal liability and potential consequences of cybersecurity incidents.
This knowledge enables CISOs to assess risks more effectively, prioritize mitigation efforts, and make informed decisions.

Enhanced Incident Response:

Legal guidance is crucial in coordinating with law enforcement, insurance providers, and external legal counsel during cyber incidents.
Legal expertise ensures adherence to legal obligations, protects evidence, and facilitates communication with stakeholders.

Data Protection and Privacy:

Legal input is essential for developing robust data protection and privacy programs that comply with evolving regulations.
Legal review helps ensure that data is handled securely, respecting individual rights and minimizing legal exposure.

Emerging Cybersecurity Threats:

The legal function can provide insights into novel cybersecurity threats and emerging legal challenges.
Collaboration empowers CISOs to stay abreast of legal and technological developments that impact cybersecurity.

Reputation Management:

Legal advice can help CISOs manage the reputational risks associated with cybersecurity incidents.
Legal counsel can guide communication strategies, protect company reputation, and mitigate legal liability.

Long-Term Planning:

Legal perspectives contribute to strategic planning by identifying legal considerations that may impact cybersecurity initiatives.
Collaboration ensures that cybersecurity initiatives align with legal objectives and mitigate future risks.

Cost Savings:

Strong bonds between CISOs and the legal function can prevent costly legal disputes, fines, or liabilities resulting from inadequate cybersecurity measures.
Legal insights can help CISOs make informed decisions that optimize cybersecurity investments and reduce legal expenses.

Compliance and Assurance:

Legal support enables CISOs to demonstrate compliance with industry regulations and internal policies.
This provides assurance to stakeholders, customers, and regulatory bodies that cybersecurity risks are being managed effectively.

Saudi Arabia calls for humanitarian AI after tightening screws on rights protesters

Published: Tue, 07 Jan 2025 08:15:00 GMT

Saudi Arabia has called for the development of “humanitarian AI” after the kingdom cracked down on human rights protesters. The kingdom has been accused of using spyware to track dissidents, and of jailing activists who speak out against the government.

In a speech at the World Economic Forum in Davos, Saudi Arabia’s Crown Prince Mohammed bin Salman said that AI could be used to “improve the lives of millions of people around the world.” He said that AI could be used to “detect early signs of disease, provide personalized education, and create new opportunities for economic growth.”

However, the Crown Prince did not address the concerns of human rights groups, who are concerned that AI could be used to further suppress dissent in Saudi Arabia.

Human Rights Watch has called on Saudi Arabia to end its crackdown on human rights protesters, and to release all political prisoners. The organization has also called on the kingdom to implement reforms that would protect freedom of expression and assembly.

It is unclear whether Saudi Arabia’s call for “humanitarian AI” is a genuine attempt to improve the lives of its citizens, or a way to distract from the kerajaan’s human rights abuses.

What is the Gramm-Leach-Bliley Act (GLBA)?

Published: Fri, 03 Jan 2025 13:49:00 GMT

The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, is a United States federal law that repealed the Glass-Steagall Act of 1933. GLBA was enacted to modernize the financial services industry and allow banks, securities firms, and insurance companies to consolidate.

Key provisions of the GLBA include:

Repeal of the Glass-Steagall Act, which had prohibited banks from engaging in securities underwriting and dealing
Creation of the Financial Services Coordinating Council (FSCC), which is responsible for coordinating the supervision of financial institutions
Establishment of the Office of Thrift Supervision (OTS), which is responsible for supervising savings and loan associations
Creation of the Consumer Financial Protection Bureau (CFPB), which is responsible for enforcing consumer financial protection laws

US Treasury incident a clear warning on supply chain security in 2025

Published: Fri, 03 Jan 2025 11:27:00 GMT

Surveillance and Data Theft: A Looming Threat to National Security

The US Treasury Incident: A Case Study

The recent incident involving the US Treasury Department highlights the alarming vulnerabilities of our supply chain to surveillance and data theft. In this case, malicious actors gained access to sensitive data through a compromised third-party software provider. This breach serves as a stark reminder of the critical need to enhance supply chain security in the face of evolving cyber threats.

The Changing Landscape of Cybercrime

Today’s cybercriminals are increasingly sophisticated, targeting supply chains as a means to access confidential information and disrupt critical infrastructure. By infiltrating trusted third-party vendors, attackers can gain access to sensitive data without directly targeting the primary organization. This approach makes it more difficult for organizations to detect and mitigate breaches.

Implications for 2025 and Beyond

As technology continues to advance and supply chains become more complex, the potential for supply chain surveillance and data theft will only increase. By 2025, we can expect the following:

Increased sophistication of cyberattacks: Attackers will adopt more advanced techniques, such as artificial intelligence (AI) and machine learning (ML), to automate and enhance their attacks.
Greater reliance on third-party vendors: Organizations will continue to outsource more services to third-party providers, creating a broader attack surface for cybercriminals.
Heightened risk of data breaches: The proliferation of sensitive data across supply chains will make organizations more vulnerable to breaches that could compromise national security or economic stability.

Recommendations for Enhancing Supply Chain Security

To mitigate these risks, organizations must prioritize the following measures:

Conduct thorough due diligence: Evaluate and monitor third-party vendors to ensure their cybersecurity practices meet industry standards.
Implement robust security protocols: Establish clear security policies and procedures to protect data and systems throughout the supply chain.
Foster collaboration and information sharing: Share threat intelligence and best practices with industry partners to stay abreast of emerging threats and vulnerabilities.
Invest in advanced technologies: Deploy AI and ML to detect and respond to suspicious activity in real time.
Enact stricter regulations: Governments should implement regulations and policies to hold organizations accountable for supply chain security and data protection.

Conclusion

The US Treasury incident is a clear warning that supply chain security must be a top priority in 2025 and beyond. By adopting proactive measures, organizations can protect sensitive data, mitigate cyber threats, and maintain the integrity of our critical infrastructure. Failure to do so will have severe consequences for both our national security and economic prosperity.

What is a public key and how does it work?

Published: Mon, 23 Dec 2024 09:00:00 GMT

What is a Public Key?

A public key is a cryptographic key that is used in public-key cryptography, also known as asymmetric cryptography. It is a mathematical formula that can be used to encrypt information, but which cannot be used to decrypt it.

How it Works:

Public-key cryptography relies on the concept of a “key pair,” which consists of a public key and a corresponding private key.

Public key: Made public and can be shared with anyone.
Private key: Kept secret and should only be known to the owner.

Encryption Process:

When someone wants to send a secure message to you, they use your public key to encrypt the message. The public key is designed to allow encryption but not decryption.

Decryption Process:

Only the private key, held by you, can decrypt the message that was encrypted with your public key. This is because the public key and private key are mathematically linked in a way that only allows the private key to undo the encryption performed by the public key.

Advantages of Public-Key Cryptography:

Confidentiality: Only the recipient with the private key can decrypt the encrypted message.
Authentication: If a message is encrypted with your public key and can be decrypted with your private key, it proves that it originated from you (since only you have the private key).
Digital signatures: Public keys can be used to create digital signatures, which can certify the authenticity and integrity of a digital document.

Examples of Public Key Use:

Public-key cryptography is widely used in various applications, including:

Secure email (e.g., PGP, S/MIME)
Website security (e.g., SSL/TLS)
Code signing
Blockchain technology (e.g., Bitcoin wallets)

What is a proxy firewall?

Published: Mon, 23 Dec 2024 09:00:00 GMT

Proxy Firewall

A proxy firewall is a network security device that acts as an intermediary between clients and the external network. It intercepts and filters all incoming and outgoing network traffic, enforcing security policies and protecting the internal network from external threats.

How it Works:

Client-Proxy Connection: Clients (e.g., computers, smartphones) connect to the proxy firewall instead of directly to the external network.
Request Forwarding: When a client sends a request to an external server, the proxy firewall forwards the request to the server on behalf of the client.
Response Handling: The proxy firewall receives the response from the server and forwards it back to the client.
Filtering and Inspection: Before forwarding requests and responses, the proxy firewall inspects the traffic for malicious content, viruses, or other threats based on predefined security rules.
Logging and Reporting: The proxy firewall logs all network traffic, providing visibility into activity and enabling security auditing.

Benefits of a Proxy Firewall:

Enhanced Security: Filters and blocks malicious traffic, preventing unauthorized access and data breaches.
Anonymity: Hides the real IP addresses of clients, enhancing privacy and protecting from identity theft.
Content Filtering: Blocks or limits access to inappropriate or restricted websites based on organizational policies.
Traffic Control: Manages network bandwidth by enforcing bandwidth limits, prioritizing critical applications, and preventing network congestion.
Centralized Security: Allows administrators to manage security policies from a single interface, providing consistent protection across the network.

Types of Proxy Firewalls:

Forward Proxy: Accepts client requests and forwards them to the destination server without modifying the data.
Reverse Proxy: Accepts server responses and distributes them to multiple clients, providing load balancing and caching capabilities.
Intercepting Proxy: Inspects and modifies data before forwarding it, enabling deep packet inspection and data filtering.

6 must-read blockchain books for 2025

Published: Mon, 23 Dec 2024 00:00:00 GMT

Blockchain Revolution 2.0 by Don Tapscott (2025)
- An updated and expanded version of Tapscott’s seminal work on blockchain technology, exploring its transformative potential for industries and society.
The Blockchain Economy by David Wachsman (2025)
- A comprehensive guide to the economic principles and implications of blockchain technology, including its impact on value creation, market structures, and global governance.
Decentralized Finance: The Future of Money by Camila Russo (2025)
- An in-depth examination of the emerging field of decentralized finance (DeFi) and its potential to revolutionize the financial sector through blockchain-based protocols and applications.
Web3.0: The Next Revolution of the Internet by Gavin Wood (2025)
- A visionary look at the future of the internet, powered by blockchain technology and characterized by decentralization, user ownership, and privacy.
The Quantum Blockchain by David Deutsch and Peter Shor (2025)
- An exploration of the potential for quantum computing and blockchain technology to converge, creating new possibilities and challenges for security, scalability, and innovation.
Blockchain for Social Impact by Jessica Wachter Boettcher (2025)
- An analysis of the ways in which blockchain technology can be harnessed to address social and environmental challenges, enabling transparency, accountability, and empowerment.

LockBit ransomware gang teases February 2025 return

Published: Thu, 19 Dec 2024 12:56:00 GMT

LockBit Ransomware Gang Resurfaces with Future Threat

The infamous LockBit ransomware gang, responsible for numerous high-profile attacks, has announced its impending return in February 2025.

Background:

LockBit has been responsible for several major ransomware attacks in recent years, including targeting companies like Accenture, Royal Mail, and NTT Data.
The gang’s modus operandi involves encrypting victims’ files and demanding payment in cryptocurrency to unlock them.

February 2025 Return:

In a recent message posted on its dark web blog, LockBit declared that it will “be back in charge” on February 10, 2025.
The gang claimed to have been “restructured” and “refreshed” in preparation for this comeback.

Implications:

The announcement has raised concerns among cybersecurity experts and potential targets.
LockBit’s return could lead to a surge in ransomware attacks, particularly in the targeted sectors.
Organizations should take proactive measures to bolster their cybersecurity defenses and prepare for potential threats.

Cybersecurity Measures:

Regularly update software and firmware to patch vulnerabilities.
Implement strong access controls and multi-factor authentication.
Back up data regularly and test restoration procedures.
Deploy anti-malware and intrusion detection systems.
Conduct cybersecurity training for employees.

Additional Details:

LockBit’s announcement did not provide specific details about its plans or targets.
The gang has previously used various tactics, including phishing emails, compromised software, and brute-force attacks.
It remains unclear whether LockBit’s return will be as disruptive as its previous campaigns.

Conclusion:

LockBit’s tease of a return in February 2025 serves as a reminder of the ongoing threat posed by ransomware. Organizations must remain vigilant and take proactive steps to mitigate the risk of future attacks. By implementing robust cybersecurity practices, businesses can protect their data and operations from the potential consequences of ransomware incidents.

Latest attempt to override UK’s outdated hacking law stalls

Published: Thu, 19 Dec 2024 11:10:00 GMT

Latest Attempt to Override UK’s Outdated Hacking Law Stalls

London, UK: The UK government’s latest attempt to update its outdated hacking law has stalled due to resistance from within the Conservative Party.

The Computer Misuse Act (CMA), enacted in 1990, criminalizes unauthorized access to computer systems but has been widely criticized as being overly broad and outdated. In recent years, there have been calls to reform the CMA to better reflect the technological advancements of the digital age.

In 2022, the government introduced the Online Safety Bill, which included provisions to amend the CMA. The bill would have introduced new offenses, such as “knowingly or recklessly” interfering with a computer system, addressing concerns about individuals who exploit vulnerabilities for malicious purposes.

However, Conservative MPs have voiced opposition to the bill’s approach to online safety, arguing that it could stifle legitimate research and security testing. The government has since announced that the CMA amendments will be dropped from the Online Safety Bill, leaving the outdated hacking law in place.

Digital rights groups have expressed disappointment with the government’s decision. The Open Rights Group said the move was “a major setback for digital rights and the rule of law.”

The CMA has been criticized for its vague language and the potential for unintended consequences. In 2014, the Crown Prosecution Service (CPS) issued guidelines on the CMA to provide clarity, but it remains a complex law to interpret and enforce.

The government’s decision to stall the CMA amendments raises concerns about the UK’s ability to address emerging cyber threats effectively. Law enforcement agencies have argued that the current CMA is insufficient to deter sophisticated hackers and protect critical infrastructure.

The future of the CMA remains uncertain. The government has indicated that it may consider reforming the law separately from the Online Safety Bill. However, it is unclear when or if such reforms will be introduced.

Until then, the UK’s outdated hacking law continues to pose challenges for law enforcement, businesses, and digital rights advocates alike.

The Data Bill: It’s time to cyber up

Published: Thu, 19 Dec 2024 09:42:00 GMT

The Data Bill: Time for a Cybersecurity Upgrade

Introduction:
In the rapidly evolving digital landscape, data has become an invaluable asset. To protect this critical resource, governments worldwide are implementing measures like the Data Bill, which aims to enhance cybersecurity and data protection.

Key Provisions:

1. Strengthening Cybersecurity Infrastructure:
The Data Bill mandates organizations to implement robust cybersecurity measures, including:

Regular security audits
Incident response plans
Data encryption and access controls

2. Data Breach Notification:
Organizations are obligated to promptly notify individuals and authorities about any data breaches that compromise sensitive information. This ensures timely response and minimizes potential harm.

3. Data Protection Principles:
The Bill establishes principles for handling personal data, such as:

Legality, fairness, and transparency
Purpose limitation and data minimization
Accuracy and retention

4. Establishment of Cybersecurity Agencies:
The Bill may create dedicated cybersecurity agencies responsible for monitoring threats, coordinating response efforts, and providing guidance to organizations.

Benefits:

1. Enhanced Data Security:
Stricter cybersecurity measures reduce the risk of data breaches, protecting individuals and businesses from financial loss, reputational damage, and identity theft.

2. Increased Trust and Confidence:
By strengthening data protection, the Bill fosters trust among consumers, businesses, and governments, encouraging greater adoption of digital services.

3. Economic Benefits:
A secure data ecosystem attracts investment, innovation, and economic growth. Businesses can confidently operate online, knowing their data is well-protected.

Challenges:

1. Compliance Costs:
Implementing robust cybersecurity measures can be costly for organizations, particularly small and medium-sized businesses.

2. Complex Regulatory Environment:
The Data Bill needs to be aligned with existing data protection laws and international standards to avoid confusion and overlaps.

3. Enforcement and Accountability:
Ensuring compliance with the Data Bill requires effective enforcement mechanisms and clear accountability for violations.

Conclusion:

The Data Bill is a significant step towards enhancing cybersecurity and data protection. By mandating strong cybersecurity measures, promoting responsible data handling, and establishing dedicated cybersecurity agencies, it aims to safeguard individuals’ privacy, protect businesses from cyber threats, and foster a secure digital environment. While challenges exist, addressing them is essential to secure the future of data-driven economies.

Innovation, insight and influence: the CISO playbook for 2025 and beyond

Published: Thu, 19 Dec 2024 09:10:00 GMT

Innovation, Insight, and Influence: The CISO Playbook for 2025 and Beyond

Introduction

In an era of unprecedented technological advancements and evolving threats, the role of the Chief Information Security Officer (CISO) is more critical than ever before. To effectively navigate the complexities of the digital landscape in 2025 and beyond, CISOs must embrace innovation, develop deep insights, and wield their influence to drive organizational transformation. This playbook provides a roadmap for CISOs to enhance their capabilities in these key areas.

Innovation

Embrace Emerging Technologies:

Explore cutting-edge technologies like artificial intelligence (AI), machine learning (ML), and blockchain to automate tasks, enhance threat detection, and improve cybersecurity resilience.
Collaborate with research institutions and technology vendors to stay informed about advancements and potential applications.

Foster a Culture of Innovation:

Encourage a mindset that values experimentation and risk-taking.
Establish frameworks for idea generation and rapid prototyping.
Recognize and reward innovative contributions.

Insight

Develop a Deep Understanding of the Business:

Align cybersecurity strategies with business goals and objectives.
Engage with business leaders to comprehend their risk tolerance, operational needs, and strategic priorities.
Conduct regular assessments to identify areas of convergence and friction between cybersecurity and business requirements.

Leverage Data Analytics:

Collect and analyze data from diverse sources to gain insights into threat patterns, security vulnerabilities, and user behavior.
Develop predictive models to forecast potential risks and anticipate threats.
Use data visualization tools to communicate insights effectively.

Influence

Build Strong Relationships:

Establish trust and credibility with key stakeholders, including executives, business unit leaders, and IT teams.
Communicate cybersecurity risks and opportunities in a clear and compelling manner.
Foster collaboration and cooperation to align security initiatives with organizational objectives.

Advocate for Cybersecurity Investments:

Quantify the value of cybersecurity investments and demonstrate their impact on business resilience and reputation.
Align cybersecurity budgets with risk appetite and business priorities.
Seek support from senior management and the board of directors.

Elevate the Cybersecurity Function:

Enhance the visibility and stature of the cybersecurity function within the organization.
Position cybersecurity as a strategic enabler and a competitive advantage.
Seek opportunities to present at industry events and share best practices.

Implementation Considerations

Establish a Transformation Roadmap: Outline a clear plan for embracing innovation, developing insights, and wielding influence.
Secure Leadership Buy-In: Gain support from senior management and the board of directors for cybersecurity transformation initiatives.
Develop a Skilled Workforce: Invest in training and development programs to equip cybersecurity professionals with the necessary knowledge and skills.
Foster a Learning Environment: Create a culture of continuous learning and improvement, encouraging knowledge sharing and experimentation.
Measure and Evaluate Progress: Establish metrics and track progress to demonstrate the impact of innovation, insights, and influence on cybersecurity posture.

Conclusion

By embracing innovation, developing deep insights, and wielding their influence, CISOs can transform the role of cybersecurity within their organizations. This playbook provides a roadmap for CISOs to navigate the challenges and opportunities of the digital landscape in 2025 and beyond, ensuring that their organizations remain secure, resilient, and competitive in an increasingly interconnected world.

What is a public key certificate?

Published: Thu, 19 Dec 2024 09:00:00 GMT

A public key certificate is a digital document that verifies the identity of a website or organization and binds it to a public key. This certificate is issued by a trusted third party, known as a Certificate Authority (CA), after verifying the organization’s identity and its control over the domain or service being certified.

The certificate contains the following information:

• The organization’s identity (represented by its domain name or other identifying information)
• The public key (which is used to encrypt communications)
• The digital signature of the CA that issued the certificate
• Information about the certificate’s validity period and usage

When a client accesses a website or service that uses a public key certificate, the client’s browser or other software automatically retrieves the certificate and verifies its authenticity and validity. If the certificate is valid, the client will accept the server’s public key as genuine and establish a secure connection.

Public key certificates play a crucial role in securing online communications and transactions. They help prevent man-in-the-middle attacks and ensure that data transmitted between the client and the server remains confidential and has not been tampered with.

For example, when you visit a website that uses HTTPS, the website’s server presents its public key certificate to your browser. Your browser checks the certificate against a list of trusted CAs, ensures that it is valid and has not been revoked, and then uses the public key to encrypt the connection between your browser and the server. This encryption ensures that any data you transmit to the server (such as your login credentials or credit card information) remains confidential and cannot be intercepted by third parties.

French court refuses to expedite trial of Sky ECC cryptophone distributor Thomas Herdman

Published: Thu, 19 Dec 2024 06:53:00 GMT

French Court Rejects Request to Expedite Trial of Sky ECC Distributor Thomas Herdman

Paris, France: A French court has denied a request to expedite the trial of Thomas Herdman, a key distributor of the now-defunct encrypted communications platform Sky ECC.

Background:

Sky ECC was a popular encrypted messaging service used by organized crime groups to facilitate illegal activities, such as drug trafficking and money laundering.
In 2021, global law enforcement agencies coordinated an operation that seized servers and decrypted millions of Sky ECC messages.
Herdman, based in the United Kingdom, was arrested in France in 2022 and charged with distributing and promoting Sky ECC.

Request for Expedited Trial:

Herdman’s lawyers filed a request to expedite the trial due to his deteriorating health and the risk of ongoing detention without trial.
The defense argued that the trial could take several years to commence, causing significant hardship for Herdman.

Court’s Ruling:

The French court rejected the request, stating that the trial would not be expedited.
The court cited the complexity of the case, the large number of defendants involved, and the need for a fair and thorough process.
Herdman will remain in custody and is scheduled to appear in court for a preliminary hearing in March 2024.

Significance:

The decision delays the progress of the Sky ECC case, which involves numerous individuals and has significant implications for transnational crime.
The trial is expected to provide insights into the use of encrypted communications platforms and the challenges law enforcement faces in combating organized crime.

Reactions:

Herdman’s lawyers expressed disappointment and called the decision “shocking.”
Law enforcement agencies welcomed the court’s ruling, emphasizing the importance of a thorough investigation and prosecution in this high-profile case.

The Security Interviews: Martin Lee, Cisco Talos

Published: Wed, 18 Dec 2024 07:14:00 GMT

Interviewer: Welcome to the Security Interviews, Martin. It’s great to have you here.

Martin Lee: Thank you for having me.

Interviewer: Let’s start with your role at Cisco Talos. What do you do there?

Martin Lee: I’m a Principal Threat Researcher at Cisco Talos. I lead a team of researchers who identify, analyze, and mitigate emerging threats to the internet.

Interviewer: What are some of the most common threats you see these days?

Martin Lee: We see a lot of phishing, ransomware, and malware attacks. We also see a lot of targeted attacks against businesses and governments.

Interviewer: What are some of the biggest challenges you face in your work?

Martin Lee: The biggest challenge is the constant evolution of threats. The threat landscape is always changing, so we need to be constantly adapting our methods and techniques.

Interviewer: What are some of the most rewarding aspects of your work?

Martin Lee: The most rewarding aspect is making a difference in the world. We help to protect people and businesses from cyberattacks, and that’s a great feeling.

Interviewer: What advice would you give to someone who wants to work in cybersecurity?

Martin Lee: I would advise them to start by getting a good education in computer science and security. I would also recommend getting involved in the cybersecurity community and attending conferences and events.

Interviewer: What are some of the trends you see in cybersecurity for the future?

Martin Lee: I see a lot of growth in the areas of artificial intelligence and machine learning. I also see a lot of focus on protecting the Internet of Things (IoT).

Interviewer: Thank you for your time, Martin.

Martin Lee: It was my pleasure.

Look to the future: How the threat landscape may evolve next

Published: Wed, 18 Dec 2024 06:48:00 GMT

Emerging Threat Vectors:

Quantum Computing: Advances in quantum computing could enable attackers to break encryption algorithms, posing a significant risk to data security.
Artificial Intelligence (AI): AI-powered threats, such as deepfakes and autonomous attacks, will become more sophisticated and widespread.
Internet of Things (IoT): The proliferation of IoT devices will expand the attack surface, making it easier for attackers to gain access to networks and systems.
5G Technology: The increased connectivity and bandwidth of 5G will facilitate faster and more efficient attacks.

Evolution of Existing Threats:

Ransomware: Attackers will continue to refine ransomware techniques, such as targeted attacks on critical infrastructure and double extortion schemes.
Phishing: Phishing emails will become more personalized and harder to detect, leveraging advanced social engineering tactics.
Social Engineering: Human-centric attacks, such as social engineering, will remain a prevalent threat as attackers exploit vulnerabilities in human behavior.
Supply Chain Attacks: The increasing reliance on third-party vendors and interconnected systems will make supply chains more vulnerable to targeted attacks.

Growing Convergence of Threats:

Cyber-Physical Attacks: Attacks that bridge the gap between the digital and physical worlds, such as those targeting critical infrastructure or autonomous vehicles, will pose significant risks.
AI-Enhanced Malware: Malware will incorporate AI capabilities, enabling it to evade detection, adapt to changing environments, and launch more targeted attacks.
Botnet as a Service (BaaS): Attackers will increasingly offer botnets for rent, making it easier for non-technical individuals to launch attacks.

Countermeasures and Challenges:

Zero Trust Architecture: Adopting a zero trust approach, where all entities are considered untrustworthy until verified, will mitigate the risks of insider threats and supply chain attacks.
Endpoint Protection and Detection: Implementing robust endpoint security solutions will prevent malware from infiltrating and compromising systems.
Continuous Vulnerability Management: Regularly patching vulnerabilities and updating security configurations will minimize the attack surface and reduce the impact of exploits.
Cybersecurity Skills Gap: The shortage of skilled cybersecurity professionals will hinder organizations’ ability to effectively respond to threats.
Increased Regulation: Governments and regulatory bodies will impose more stringent cybersecurity regulations, increasing the compliance burden on organizations.

IT Security RSS Feed for 2025-01-12

US bank FNBO uses Pindrop to tackle voice fraud, deepfakes

Mandiant: Latest Ivanti vulns exploited by Chinese cyber spooks

German court finds hacked EncroChat phone evidence inadmissible

Regional skills plan to boost UK cyber defences

Why CISOs should build stronger bonds with the legal function in 2025

Saudi Arabia calls for humanitarian AI after tightening screws on rights protesters

What is the Gramm-Leach-Bliley Act (GLBA)?

US Treasury incident a clear warning on supply chain security in 2025

What is a public key and how does it work?

What is a proxy firewall?

6 must-read blockchain books for 2025

LockBit ransomware gang teases February 2025 return

Latest attempt to override UK’s outdated hacking law stalls

The Data Bill: It’s time to cyber up

Innovation, insight and influence: the CISO playbook for 2025 and beyond

Innovation, Insight, and Influence: The CISO Playbook for 2025 and Beyond

Introduction

Innovation

Insight

Influence

Implementation Considerations

Conclusion

What is a public key certificate?

French court refuses to expedite trial of Sky ECC cryptophone distributor Thomas Herdman

The Security Interviews: Martin Lee, Cisco Talos

Top 10 cyber security stories of 2024

Look to the future: How the threat landscape may evolve next