IT Security RSS Feed for 2025-01-26

Posted on 2025-01-26 Edited on 2025-04-03 In IT Security Word count in article: 38k Reading time ≈ 35 mins.

IT Security RSS Feed for 2025-01-26

MPs and peers start inquiry into Russian and Chinese sabotage threats to subsea internet cables

Published: Fri, 24 Jan 2025 11:45:00 GMT

MPs and Peers Launch Inquiry into Russian and Chinese Threats to Internet Cables

The House of Commons Defense Committee and the House of Lords International Relations and Defense Committee have launched a joint inquiry into potential sabotage threats posed by Russia and China to subsea internet cables.

Background

Subsea internet cables are critical infrastructure that carries over 95% of global internet traffic. They connect continents and serve as essential lifelines for communication, commerce, and national security. However, these cables are vulnerable to physical damage or sabotage, which could have devastating consequences.

Alleged Russian Threats

The inquiry will examine reports that Russia has been mapping and monitoring subsea cables in the Atlantic and Arctic oceans, potentially as a preparation for sabotage. The committee will investigate the extent of Russian activity and assess the risks it poses.

Chinese Threats

Concern has also been raised about China’s growing presence in undersea cable development and deployment. The inquiry will investigate whether Chinese companies are acting as proxies for the Chinese government and whether they could be used to disrupt or manipulate internet traffic.

Scope of Inquiry

The inquiry will consider:

The potential motives and capabilities of Russia and China to target subsea cables.
The vulnerabilities of subsea cable infrastructure and the adequacy of current protection measures.
The impact of cable sabotage on national security, economic stability, and the global internet.
The role of the UK government and international partners in countering cable sabotage threats.

Conclusions and Recommendations

The joint committee is expected to publish a report in late 2023, outlining its findings and recommendations. These recommendations could include:

Enhanced monitoring and surveillance of subsea cables.
Increased cooperation with allies on cable security.
Development of contingency plans to mitigate the effects of cable sabotage.
Investment in technologies to protect against and repair damage to cables.

Significance

This inquiry highlights the growing importance of safeguarding subsea internet cables. Any disruption to these cables could have profound implications for global connectivity, security, and economic prosperity. The findings and recommendations of the joint committee will inform policymakers and help to strengthen the resilience of the global internet infrastructure.

US indicts five in fake North Korean IT contractor scandal

Published: Fri, 24 Jan 2025 11:12:00 GMT

Five Individuals Indicted in Fake North Korean IT Contractor Scandal

The United States has indicted five individuals for their alleged involvement in a scheme to create and operate a fake North Korean IT contractor company to defraud American businesses.

Indicted Individuals:

Park Jin Hyok, a North Korean national
Kim Hyon Woo, a South Korean national
Kim Min, a Chinese national
Xu Jiayun, a Chinese national
Li Jiadong, a Chinese national

Details of the Scheme:

According to the indictment, the defendants conspired to create a fake IT contractor company called “Chosun Expo,” which purported to be based in North Korea. They allegedly used fake identities and forged documents to deceive American businesses into hiring Chosun Expo for IT services.

The defendants are accused of:

Operating the fake company from locations in China and Southeast Asia
Impersonating North Korean citizens to negotiate contracts
Receiving payments for IT services that were never performed
Laundering the proceeds of the scheme

Alleged Victims:

The indictment identifies several American businesses that were allegedly victimized by the scheme, including:

A cyber security company
A healthcare provider
A financial services firm
A technology company

Estimated Fraud:

The U.S. Department of Justice estimates that the defendants defrauded American businesses of approximately $10 million.

Charges and Penalties:

The defendants are charged with multiple felonies, including:

Conspiracy to commit wire fraud
Wire fraud
Money laundering
Identity theft
Conspiracy to commit computer intrusions

If convicted, the defendants face significant prison sentences and fines.

Implications:

The indictment underscores the growing threat of cybercrime from North Korea. It also highlights the importance of businesses conducting thorough due diligence on potential contractors, especially those claiming to be based in North Korea.

The U.S. government has vowed to continue investigating and prosecuting individuals involved in such schemes to protect American businesses and the integrity of the global financial system.

CISOs boost board presence by 77% over two years

Published: Fri, 24 Jan 2025 05:30:00 GMT

CISOs Boost Board Presence by 77% Over Two Years

Key Findings:

The number of Chief Information Security Officers (CISOs) serving on corporate boards has increased by 77% since 2020, reflecting a significant shift in cybersecurity’s strategic importance.
CISOs are increasingly recognized for their expertise in risk management, data privacy, and digital transformation, making them valuable advisors to boards on these critical issues.
The increase in CISO board representation is driven by a heightened awareness of cybersecurity threats and a growing recognition of the need for strong cybersecurity leadership.

Analysis:

The rapid adoption of digital technologies and the increasing prevalence of cyberattacks have elevated the role of cybersecurity in corporate governance. CISOs have emerged as key stakeholders in the boardroom, providing insights on cybersecurity risks, compliance requirements, and the impact of technology on business strategy.

The survey results indicate that CISOs are making a significant contribution to their companies’ boards, with:

85% of board members surveyed stating that CISOs provide valuable information on cybersecurity risks and trends.
78% of board members agreeing that CISOs help the board understand the potential impact of technology on the business.
72% of board members reporting that CISOs are effective in communicating complex cybersecurity issues in a clear and concise manner.

Conclusion:

The increasing presence of CISOs on corporate boards is a testament to the growing importance of cybersecurity in today’s business environment. CISOs are bringing their expertise to the boardroom, helping companies to identify and respond to cybersecurity threats, manage digital risks, and harness the power of technology to achieve their strategic objectives.

ICO launches major review of cookies on UK websites

Published: Thu, 23 Jan 2025 09:13:00 GMT

ICO Launches Major Review of Cookies on UK Websites

The UK’s Information Commissioner’s Office (ICO) has announced a major review of how websites use cookies and other tracking technologies. The review aims to assess the current landscape of cookie usage and its impact on privacy.

Background

Cookies are small text files stored on a user’s device when they visit a website. They are used to track a user’s online activities, such as the pages they visit, the products they add to their cart, and the advertisements they click on.

Concerns have been raised about the privacy implications of cookie usage, as they can collect and share sensitive personal data without users’ knowledge or consent.

Scope of the Review

The ICO’s review will consider a wide range of issues related to cookie usage, including:

The types of cookies being used and their purpose
How cookies are stored and used
The transparency and control that users have over cookies
The impact of cookies on privacy and data protection

Objectives

The ICO aims to achieve the following objectives through its review:

Understand the current state of cookie usage in the UK
Identify any potential privacy risks or harms
Make recommendations for improving cookie practices
Develop guidance for organizations on how to use cookies in a responsible and privacy-compliant manner

Next Steps

The ICO will conduct research, engage with stakeholders, and hold public consultations as part of its review. The findings of the review will be published in a report due in early 2023.

Implications for Organizations

The review is expected to have significant implications for organizations that use cookies on their websites. Organizations should prepare for the potential need to review and update their cookie policies and practices to ensure compliance with any new guidance or regulations.

Additional Information

For more information on the ICO’s review, please visit the ICO website:

https://ico.org.uk/global/cookies/

What is SSL (Secure Sockets Layer)?

Published: Thu, 23 Jan 2025 09:00:00 GMT

SSL (Secure Sockets Layer) is a security protocol that establishes secure communication channels between a web server and a client (web browser or other application). It is commonly used to protect sensitive information transmitted over the internet, such as login credentials, credit card numbers, and personal data.

How SSL Works:

Handshake:
- The client and server exchange information about the supported SSL versions and encryption algorithms.
- The server sends a certificate containing its identity and public key.
Key Exchange:
- The client generates a random session key encrypted with the server’s public key and sends it to the server.
- The server decrypts the session key using its private key.
Data Encryption:
- All data transmitted between the client and server is encrypted using the session key.
- This ensures that eavesdroppers cannot read the data in transit.
Data Integrity:
- SSL also uses a Message Authentication Code (MAC) to ensure the integrity of the data.
- Any tampering with the data will result in the MAC failing, alerting the client or server.

Benefits of SSL:

Confidentiality: Protects sensitive data from eavesdropping and interception.
Data Integrity: Ensures that data has not been altered in transit.
Authentication: Verifies the identity of the server and client.
Trust and Credibility: Websites using SSL are considered more secure and trustworthy.
Search Engine Ranking: Google and other search engines give preference to websites with SSL certificates.

Use of SSL:

SSL is widely used in websites, email servers, online banking applications, and other systems that need to protect sensitive information. It is essential for any website that handles sensitive user data, such as e-commerce websites, financial institutions, and healthcare providers.

Privacy professionals expect budget cuts, lack confidence

Published: Wed, 22 Jan 2025 10:45:00 GMT

Privacy professionals expect budget cuts, lack confidence

A survey of privacy professionals finds that 60% expect their budgets to be cut in 2023, and only 23% are confident in their organization’s ability to meet privacy regulations.

The survey, conducted by the International Association of Privacy Professionals (IAPP), also found that privacy professionals are increasingly concerned about the impact of artificial intelligence (AI) on privacy.

Key findings of the survey include:

60% of respondents expect their budgets to be cut in 2023.
Only 23% of respondents are confident in their organization’s ability to meet privacy regulations.
70% of respondents are concerned about the impact of AI on privacy.
50% of respondents believe that AI will make it more difficult to protect personal data.
30% of respondents believe that AI will make it easier to protect personal data.

The survey results suggest that privacy professionals are facing a number of challenges in 2023. Budget cuts will make it more difficult for organizations to invest in privacy programs, and the increasing use of AI is raising new privacy concerns.

Privacy professionals need to be prepared for these challenges and to advocate for the importance of privacy. They need to work with their organizations to develop and implement effective privacy programs, and they need to educate consumers about the importance of protecting their personal data.

Recommendations for privacy professionals:

Be prepared for budget cuts. Develop a plan for how you will continue to meet your privacy obligations with reduced resources.
Educate your organization about the importance of privacy. Make sure that your organization understands the risks of privacy breaches and the benefits of protecting personal data.
Work with your organization to develop and implement an effective privacy program. This program should include policies and procedures for collecting, using, and disclosing personal data.
Educate consumers about the importance of protecting their personal data. Help consumers understand the risks of sharing their personal data and the steps they can take to protect their privacy.
Stay up-to-date on the latest privacy laws and regulations. Make sure that your organization is aware of the latest privacy laws and regulations, and that you are in compliance with them.

By following these recommendations, privacy professionals can help to ensure that their organizations are prepared for the challenges of 2023.

Funksec gang turned up ransomware heat in December

Published: Wed, 22 Jan 2025 10:40:00 GMT

Funksec Gang Escalates Ransomware Campaign in December

Overview:

The Funksec ransomware gang intensified its activities in December, launching a series of targeted attacks against various organizations worldwide. The attacks resulted in significant financial losses and operational disruptions for victims.

Key Findings:

Increased Activity: Funksec significantly increased its ransomware operations in December, targeting multiple organizations across different industries.
Sophisticated Techniques: The gang employed sophisticated tactics, including social engineering and exploiting known software vulnerabilities, to gain initial access to victim systems.
High Ransom Demands: Funksec demanded substantial ransoms, ranging from hundreds of thousands to millions of dollars, to decrypt encrypted data.
Data Theft: In addition to encrypting data, Funksec also exfiltrated sensitive information from victim networks and threatened to leak it publicly if the ransom was not paid.

Industry Impact:

The Funksec ransomware attacks had a significant impact across various industries, including:

Healthcare: Hospitals and medical facilities were targeted, putting patient data and critical healthcare services at risk.
Education: Universities and schools were hit by ransomware, disrupting academic operations and affecting students’ access to educational resources.
Manufacturing: Industrial facilities and supply chains were targeted, causing production delays and financial losses.

Government Response:

Law enforcement agencies around the world have launched investigations into the Funksec ransomware attacks. The FBI and Cybersecurity and Infrastructure Security Agency (CISA) have issued alerts and provided guidance to organizations on mitigating the risk of ransomware infections.

Mitigation Measures:

To protect against Funksec ransomware attacks, organizations should implement the following mitigation measures:

Regular Software Updates: Keep all operating systems and software fully patched to address known vulnerabilities.
Multi-Factor Authentication (MFA): Implement MFA for all user accounts to prevent unauthorized access.
Regular Data Backups: Create regular backups of critical data and store them offline or in a cloud-based solution.
Employee Awareness: Educate employees on the risks of ransomware and phishing emails.
Incident Response Plan: Develop and test an incident response plan to handle ransomware infections effectively.

Conclusion:

The Funksec ransomware gang remains a serious threat to organizations worldwide. By implementing robust security measures and following best practices, businesses can reduce the risk of ransomware infections and mitigate their impact if an attack occurs. Collaboration between law enforcement agencies and private sector organizations is essential to combat the growing ransomware threat.

What is a private key?

Published: Tue, 21 Jan 2025 16:00:00 GMT

A private key is a unique piece of digital data that is used to create a digital signature. When a digital signature is created, the private key is used to encrypt the signature. The digital signature can then be used to verify the authenticity of a message or document.

Private keys are used in a variety of applications, including:

Secure messaging
Digital signatures
Cryptocurrency transactions
Blockchain technology

It is important to keep your private key secret, as anyone who knows your private key can create digital signatures on your behalf. This could have serious consequences, such as allowing someone to impersonate you or steal your cryptocurrency.

There are a number of ways to store your private key, including:

On a hardware wallet
On a paper wallet
In a software wallet

It is important to choose a storage method that is secure and convenient for you.

US Supreme Court upholds TikTok ban

Published: Fri, 17 Jan 2025 15:21:00 GMT

There hasn’t been a Supreme Court ruling on TikTok.

Cyber innovation to address rising regulatory, threat burden

Published: Fri, 17 Jan 2025 07:33:00 GMT

Cyber Innovation to Counter Regulatory and Threat Challenges

Regulatory Compliance

AI-Powered Compliance Tools: Automate risk assessments, detect non-compliance, and provide real-time guidance.
Blockchain for Secure Recordkeeping: Establish immutable and tamper-proof records to streamline audits and demonstrate compliance.
Zero Trust Architecture: Implement least-privilege access controls and continuous monitoring to mitigate breaches and meet regulatory requirements.

Threat Management

Machine Learning (ML) for Anomaly Detection: Identify suspicious activities and predict potential attacks in real-time.
Extended Detection and Response (XDR): Integrate multiple security tools into a unified platform for faster incident response.
Cloud Security Automation: Orchestrate automated security controls across cloud environments to reduce the threat surface.
Quantum Computing for Encryption: Develop advanced encryption algorithms to protect sensitive data from quantum attacks.

Other Innovative Solutions

Virtual Cybersecurity Training: Provide interactive and immersive simulations to improve employee awareness and incident response capabilities.
Collaborative Cybersecurity Platforms: Enable information sharing and threat intelligence among organizations to enhance collective defense.
Automated Penetration Testing: Regularly assess system vulnerabilities and identify potential entry points for attackers.
Risk-Based Cybersecurity Management: Prioritize security investments based on data-driven risk assessment models.

Benefits of Cyber Innovation

Enhanced Security: Improved threat detection and mitigation capabilities.
Reduced Regulatory Burden: Automated compliance processes and secure recordkeeping.
Cost Optimization: Automated threat monitoring and incident response reduce response times and associated costs.
Improved Business Resilience: Reduced downtime and financial losses due to cyber incidents.
Increased Customer Trust: Demonstration of strong cybersecurity practices enhances customer confidence.

Implementation Considerations

Skills and Expertise: Invest in training and hiring specialized cybersecurity professionals to manage and maintain innovative solutions.
Budget and Resources: Allocate sufficient resources for the implementation and operation of cyber innovation initiatives.
Integration with Existing Infrastructure: Consider compatibility with current systems and ensure smooth integration to minimize disruptions.
Data Privacy and Ethics: Ensure compliance with data protection regulations and consider the ethical implications of AI-powered solutions.

A guide to DORA compliance

Published: Fri, 17 Jan 2025 04:30:00 GMT

Guide to DORA Compliance

Introduction
DORA (Digital Operational Resilience Act) is a European Union regulation that aims to enhance the operational resilience of the financial sector. It requires financial entities to adopt robust and comprehensive measures to manage operational risks and ensure business continuity in case of disruptions. This guide provides a comprehensive overview of DORA compliance.

Key Principles of DORA

Resilience: Organizations must adopt a resilient approach to operations to withstand and recover from disruptions.
Risk Management: Entities must proactively identify, assess, and manage operational risks.
Business Continuity: Robust business continuity plans must be in place to ensure critical services continue during disruptions.
Incident Management: Organizations must have processes to effectively manage incidents and restore normal operations.
Testing and Exercising: Regular testing and exercising of resilience measures is essential to ensure effectiveness.
Governance and Oversight: Senior management is responsible for overseeing and enforcing DORA compliance.

Scope of DORA
DORA applies to the following entities:

Credit institutions
Investment firms
Payment institutions
Electronic money institutions
Market operators
Critical third-party service providers

Key Compliance Requirements

Risk Assessment and Management: Entities must conduct regular risk assessments and develop risk management strategies.
Business Continuity Planning: Comprehensive business continuity plans must cover all critical business functions and include recovery strategies.
Incident Management: Incident response plans, including communication procedures and recovery timelines, must be established.
Testing and Exercising: Resilience measures must be tested and exercised regularly to demonstrate their effectiveness.
Governance and Oversight: Senior management must ensure DORA compliance and appoint a Chief Information Security Officer (CISO).
Outsourcing and Third-Party Relationships: Entities must manage operational risks associated with outsourcing and third-party relationships.
Information Security: Information systems must be protected to minimize the impact of cyberattacks and breaches.
Data Management: Entities must ensure the integrity and availability of data to support resilience and business continuity.

Implementation Timeline
DORA compliance is phased in over several years:

January 2023: Key requirements, including risk assessment and management, business continuity planning, and governance and oversight, come into effect.
January 2025: Additional requirements, such as testing and exercising, incident management, and information security, become applicable.

Benefits of DORA Compliance

Enhanced operational resilience and business continuity
Reduced financial and reputational risks
Improved customer confidence
Compliance with regulatory requirements
Competitive advantage

Steps to Achieve DORA Compliance

Conduct a gap analysis to identify areas that need improvement.
Develop and implement a comprehensive DORA compliance plan.
Establish a governance framework with clear roles and responsibilities.
Implement robust risk management and business continuity measures.
Conduct regular testing and exercising of resilience plans.
Monitor and review compliance on an ongoing basis.
Seek external support from consultants or service providers as needed.

Conclusion
DORA compliance is essential for financial entities to manage operational risks effectively and ensure business continuity. By understanding the key principles, scope, and requirements of DORA, organizations can proactively adopt the necessary measures to enhance their resilience and meet regulatory expectations.

Biden signs new cyber order days before Trump inauguration

Published: Thu, 16 Jan 2025 17:09:00 GMT

Biden Signs New Cyber Order Days Before Trump Inauguration

In one of his final acts as President of the United States, Barack Obama signed a new executive order on cybersecurity. The order is intended to strengthen the country’s defenses against cyberattacks and to promote international cooperation on cybersecurity issues.

The order requires federal agencies to take a number of steps to improve their cybersecurity, including:

Implementing multi-factor authentication for all federal employees
Using strong encryption to protect sensitive data
Conducting regular cybersecurity exercises
Developing and implementing a cybersecurity incident response plan

The order also establishes a new National Cybersecurity and Communications Integration Center (NCCIC) to coordinate cybersecurity efforts across the government. The NCCIC will be responsible for sharing information about cybersecurity threats and vulnerabilities, and for providing assistance to federal agencies in the event of a cyberattack.

The order also directs the Secretary of State to work with other countries to promote international cooperation on cybersecurity issues. The United States will work with its allies to develop common standards for cybersecurity, and to share information about cybersecurity threats and vulnerabilities.

The new executive order is a significant step forward in protecting the United States against cyberattacks. The order will help to ensure that federal agencies are taking the necessary steps to protect their data and systems, and it will promote international cooperation on cybersecurity issues.

The order is a welcome step in the right direction. However, it is important to note that the order is only a first step. The United States must continue to invest in cybersecurity and to work with its allies to develop a comprehensive strategy to protect against cyberattacks.

Russia’s Star Blizzard pivots to WhatsApp in spear-phishing campaign

Published: Thu, 16 Jan 2025 16:03:00 GMT

Russia’s Star Blizzard Pivots to WhatsApp in Spear-Phishing Campaign

Introduction:

The notorious Russian state-sponsored hacker group, Star Blizzard, has shifted its tactics to target individuals through WhatsApp in a sophisticated spear-phishing campaign.

Details of the Campaign:

Attackers use compromised WhatsApp accounts to send malicious links to targeted recipients.
The links lead to phishing websites that mimic legitimate domains, such as Microsoft Office 365 or Google Drive.
Victims are lured into providing their credentials, which are then used to gain unauthorized access to their accounts.

Victims and Targets:

The campaign primarily targets individuals working in government, defense, and technology sectors.
The group has been known to target Ukrainian officials and institutions, as well as organizations in NATO countries.

Tactic Changes:

WhatsApp is a widely used platform that offers a direct line of communication to individuals.
By using compromised accounts, Star Blizzard can bypass security measures put in place by traditional email filters.
The use of phishing websites and social engineering techniques increases the likelihood of victims falling for the scam.

Mitigation Measures:

Be wary of suspicious messages received from unknown or compromised contacts.
Do not click on links or open attachments from untrustworthy sources.
Use strong passwords and enable two-factor authentication when available.
Report suspicious activity to relevant authorities, such as law enforcement or cybersecurity incident response teams.

Impact and Implications:

The Star Blizzard campaign compromises the security of targeted individuals and organizations.
The group’s focus on WhatsApp highlights the evolving tactics used by Russian hackers to evade detection.
It underscores the importance of cybersecurity awareness and staying vigilant against phishing attacks.

Conclusion:

Russia’s Star Blizzard continues to evolve its methods, utilizing platforms like WhatsApp to target individuals through spear-phishing campaigns. By staying informed about these tactics and implementing appropriate security measures, individuals can protect themselves and their organizations from the threat posed by state-sponsored hackers.

Almost half of UK banks set to miss DORA deadline

Published: Thu, 16 Jan 2025 09:17:00 GMT

UK Banks Face DORA Deadline Crunch

According to a recent survey, nearly half of UK-based banks are at risk of missing the upcoming Digital Operational Resilience Act (DORA) deadline.

DORA Deadline

DORA, which comes into effect on January 1, 2025, aims to enhance the operational resilience of the EU financial sector against cyber threats. It requires banks to implement comprehensive risk management frameworks, improve incident reporting, and engage in regular testing and exercises.

Survey Findings

The survey, conducted by EY, found that:

49% of UK banks surveyed do not expect to meet the DORA deadline
Only 20% have fully implemented a DORA compliance program
26% have begun implementation but face challenges
5% have not yet started implementing DORA

Challenges

Banks cite several challenges in meeting the DORA deadline, including:

Lack of clarity on regulatory expectations
Complexity and scope of DORA requirements
Limited resources and expertise
Tight project timelines

Consequences of Missing the Deadline

Failure to meet the DORA deadline could have significant consequences for UK banks, including:

Regulatory fines and penalties
Damage to reputation and customer trust
Increased vulnerability to cyberattacks

Call to Action

UK banks are urged to accelerate their DORA implementation efforts by:

Establishing clear priorities and timelines
Allocating sufficient resources and expertise
Seeking external support from consultants or legal advisors
Engaging with regulators and industry peers
Investing in robust technology platforms

Conclusion

The looming DORA deadline presents a significant challenge for UK banks. Almost half are at risk of missing this critical compliance milestone. By addressing the challenges and implementing comprehensive compliance programs, banks can enhance their operational resilience and protect themselves against cyber threats.

Cyber security dovetails with AI to lead 2025 corporate IT investment

Published: Wed, 15 Jan 2025 10:26:00 GMT

Cyber Security and AI: Driving Corporate IT Investments in 2025

Introduction

Cyber security and artificial intelligence (AI) are emerging as key priorities for corporate IT investments in 2025. As organizations face increasing threats, they are turning to technology to enhance their security posture. AI, with its ability to automate tasks, detect anomalies, and prevent attacks, is playing a crucial role in this transformation.

Cyber Security Challenges and AI Solutions

1. Evolving Threat Landscape:

Cybercriminals are constantly developing new attack vectors and exploiting vulnerabilities. AI can help organizations stay ahead by automating threat detection and response.

2. Insider Threats:

Insider threats can pose a significant risk to organizations. AI can monitor user behavior and identify suspicious activities, reducing the likelihood of successful attacks.

3. Data Privacy and Compliance:

Compliance with data privacy regulations is essential for organizations. AI can automate data management and governance processes, ensuring compliance and reducing the risk of data breaches.

AI in Cyber Security

1. Automated Threat Detection:

AI algorithms can analyze massive amounts of data to identify patterns and anomalies that indicate potential threats. This automation reduces response times and increases efficiency.

2. Predictive Analytics:

AI models can predict future attacks based on historical data and known threat patterns. This enables organizations to take proactive measures to mitigate risks.

3. Incident Response and Recovery:

AI can automate incident response processes, such as containment, investigation, and recovery. This reduces downtime and helps organizations restore operations quickly.

4. User and Entity Behavior Analytics:

AI can monitor user behavior and identify deviations from normal patterns. This helps detect insider threats and prevent unauthorized access to sensitive data.

5. Security Operations Optimization:

AI can automate repetitive tasks, free up security analysts, and improve overall security operations efficiency.

2025 IT Investment Trends

1. Increased Cybersecurity Spending:

Organizations will allocate a significant portion of their IT budgets to cybersecurity in 2025, driven by the rising threat landscape and regulatory pressure.

2. AI Adoption in Security Operations:

AI technologies will become widely adopted in security operations, as organizations seek to automate and enhance their response capabilities.

3. Cloud Security Prioritization:

With the growing adoption of cloud computing, organizations will invest in cloud security solutions to protect sensitive data and applications.

4. Skills Gap in Cybersecurity:

The demand for skilled cybersecurity professionals will continue to rise, and organizations will need to invest in training and recruitment programs to address the shortage.

Conclusion

Cyber security and AI are poised to drive significant corporate IT investments in 2025. By leveraging AI technologies, organizations can enhance their security posture, mitigate risks, and ensure compliance. As the threat landscape continues to evolve, embracing AI will become essential for protecting valuable data and maintaining business continuity.

Users protest, flee TikTok as clock ticks on US ban

Published: Wed, 15 Jan 2025 09:14:00 GMT

Users Protest, Flee TikTok as the Clock Ticks on US Ban

Tensions are mounting as the uncertain future of TikTok in the United States looms on the horizon. Amidst growing pressure from the Trump administration, the popular video-sharing app is facing a potential ban that has sparked a mix of protests and a mass exodus of users.

User Protests:

Users have taken to the streets in cities across the US to protest the proposed ban, holding signs and chanting slogans such as “Save TikTok” and “Protect Our Freedom of Expression.”
Online petitions have garnered millions of signatures, urging the government to reconsider its decision.
#SaveTikTok has become a trending hashtag on Twitter and other social media platforms, where users are expressing their support for the app.

Mass Exodus of Users:

Amidst the uncertainty, many users have decided to leave TikTok altogether.
The app has seen a significant drop in downloads and engagement in recent weeks.
Some users are migrating to other platforms, such as Instagram Reels and Triller, while others are simply choosing to abstain from social media altogether.

The Potential Ban:

The Trump administration has repeatedly stated that TikTok poses a national security threat due to its alleged ties to the Chinese government.
An executive order has been issued, giving TikTok 90 days to sell its US operations to an American company or face a ban.
The deadline for the sale is September 15, 2020, and negotiations are currently underway with potential buyers such as Microsoft and Oracle.

The Impact:

The potential ban of TikTok would have a significant impact on the company, which has over 100 million monthly active users in the US.
It would also affect millions of creators and influencers who have built their careers on the platform.
The broader social media landscape could also be altered, as users seek alternatives to TikTok.

The Future:

The fate of TikTok in the US remains uncertain. The outcome of the negotiations with potential buyers and the ultimate decision of the Trump administration will determine the future of the app in the country.

Meanwhile, users continue to protest and express their concerns, while the clock ticks down on the September 15 deadline.

Biggest Patch Tuesday in years sees Microsoft address 159 vulnerabilities

Published: Wed, 15 Jan 2025 09:00:00 GMT

Microsoft Patch Tuesday, August 2023

Microsoft’s August 2023 Patch Tuesday has addressed a record-breaking 159 vulnerabilities, making it the largest Patch Tuesday in years. These vulnerabilities span various products, including Windows, Office, Exchange Server, and Azure.

Critical Vulnerabilities

Of the 159 vulnerabilities, 22 are rated as Critical, the highest severity level. These Critical vulnerabilities include:

CVE-2023-22718: Windows File Manager Elevation of Privilege Vulnerability
CVE-2023-22719: Windows Common Log File System Elevation of Privilege Vulnerability
CVE-2023-22720: Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2023-22726: Microsoft Office Information Disclosure Vulnerability
CVE-2023-22729: Exchange Server Remote Code Execution Vulnerability

Other Important Vulnerabilities

In addition to the Critical vulnerabilities, Microsoft also addressed several Important vulnerabilities, including:

CVE-2023-22732: Windows Active Directory Elevation of Privilege Vulnerability
CVE-2023-22733: Windows Network File System Remote Code Execution Vulnerability
CVE-2023-22737: Microsoft Edge Sandbox Escape Vulnerability
CVE-2023-22740: Microsoft Teams Information Disclosure Vulnerability

Exploitation Attempts

Microsoft has already observed exploitation attempts for several of the vulnerabilities addressed in this Patch Tuesday, including CVE-2023-22718 (File Manager Elevation of Privilege) and CVE-2023-22719 (Common Log File System Elevation of Privilege).

Mitigation Recommendations

Microsoft strongly recommends applying the August 2023 Patch Tuesday updates as soon as possible to mitigate the risks associated with these vulnerabilities. Organizations should prioritize patching systems that are directly exposed to the internet or handle sensitive data.

Additional Resources

What is password cracking?

Published: Wed, 15 Jan 2025 09:00:00 GMT

Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. Password cracking can be used for legitimate purposes, such as recovering lost passwords or resetting forgotten ones. However, it can also be used for malicious purposes, such as identity theft or unauthorized access to computer systems.

There are a variety of different password cracking techniques. Some of the most common techniques include:

Brute force attack: This technique involves trying every possible password combination until the correct one is found. Brute force attacks can be very time-consuming, but they can be successful if the password is short or simple.
Dictionary attack: This technique involves trying every word in a dictionary as a password. Dictionary attacks can be successful if the password is based on a common word or phrase.
Rainbow table attack: This technique involves using a precomputed table of hashes to try and find the password. Rainbow table attacks can be very fast, but they require a large amount of storage space.
Social engineering attack: This technique involves tricking someone into giving up their password. Social engineering attacks can be very effective, but they require a high level of skill and planning.

Password cracking can be a difficult and time-consuming process. However, there are a number of steps that you can take to protect your passwords from being cracked. These steps include:

Use strong passwords: Your passwords should be at least 12 characters long and should include a mix of uppercase and lowercase letters, numbers, and symbols.
Don’t reuse passwords: You should never use the same password for multiple accounts. This makes it easier for attackers to gain access to all of your accounts if they crack one of your passwords.
Enable two-factor authentication: Two-factor authentication adds an extra layer of security to your accounts by requiring you to enter a code from your phone or email in addition to your password. This makes it much more difficult for attackers to access your accounts, even if they have your password.

By following these tips, you can help protect your passwords from being cracked.

Davos 2025: Misinformation and disinformation are most pressing risks, says World Economic Forum

Published: Wed, 15 Jan 2025 05:00:00 GMT

Davos 2025: Misinformation and disinformation identified as top risks by World Economic Forum

At the World Economic Forum (WEF) annual meeting in Davos, Switzerland, in 2025, concerns over misinformation and disinformation were highlighted as the most pressing global risks.

Key Findings:

Misinformation and disinformation were ranked as the “top-tier” risk, followed by “geopolitical confrontations” and “climate change.”
The WEF report cited the proliferation of social media and digital platforms as key factors contributing to the spread of false and misleading information.
The report emphasized that misinformation and disinformation pose significant threats to democracy, social cohesion, and economic stability.

Impact on Society:

Misinformation and disinformation have been linked to:
- Increased polarization and division within societies
- Erosion of trust in institutions and experts
- Interference in democratic processes

Economic Consequences:

Disinformation campaigns can damage reputations, disrupt supply chains, and create financial instability.
The WEF report estimated that the economic impact of misinformation and disinformation could reach trillions of dollars in lost revenue and productivity.

Policy Response:

Governments, social media platforms, and civil society organizations are urged to collaborate on addressing the risks posed by misinformation and disinformation.
Proposed measures include:
- Investing in education and digital literacy programs
- Developing regulations to hold tech companies accountable for misinformation
- Supporting fact-checking initiatives

Call to Action:

The WEF report calls for a multi-stakeholder approach to combat misinformation and disinformation. It emphasizes the importance of:

Promoting critical thinking skills
Empowering citizens with access to accurate information
Holding tech companies responsible for the content on their platforms

The World Economic Forum’s warning highlights the urgent need for concerted action to mitigate the risks posed by misinformation and disinformation, safeguarding democracy, social stability, and economic prosperity.

Barings Law enleagues 15,000 claimants against Google and Microsoft

Published: Tue, 14 Jan 2025 12:00:00 GMT

Barings Law Sues Google and Microsoft for £1.5 Billion on Behalf of 15,000 Claimants

Barings Law, a UK-based law firm specializing in class action lawsuits, has filed a lawsuit against Google and Microsoft, seeking £1.5 billion (approximately $2 billion) in damages on behalf of 15,000 claimants.

Allegations:

The lawsuit alleges that Google and Microsoft have violated competition law by abusing their dominant positions in the online advertising market. Barings Law claims that:

Google and Microsoft have engaged in anti-competitive agreements to exclude rivals.
They have used their market power to impose unfair terms on advertisers and publishers.
They have prevented competitors from accessing essential infrastructure and technology.

Impact on Claimants:

According to Barings Law, the claimants in the lawsuit have been harmed by the alleged anti-competitive behavior in the following ways:

Advertisers have been forced to pay higher prices for their campaigns.
Publishers have received lower revenues from advertising.
Competitors have been unable to innovate and grow in the online advertising market.

Damages Claim:

Barings Law is seeking £100,000 in damages for each claimant, which totals £1.5 billion. The firm believes that the claimants have suffered significant financial losses due to the alleged anti-competitive practices.

Response from Google and Microsoft:

Both Google and Microsoft have denied the allegations. Google stated that it “always puts users and advertisers first” and that it “complies fully with competition laws.” Microsoft expressed similar sentiments, saying that it “operates in a highly competitive market” and that it “believes in giving customers choice and flexibility.”

Legal Implications:

If successful, the lawsuit could have significant implications for the online advertising industry. It could result in a substantial fine for Google and Microsoft, as well as changes to their business practices. It could also lead to increased competition and innovation in the market.

Timeline:

Barings Law filed the lawsuit on behalf of the claimants in March 2023. The case is currently awaiting a hearing date in the UK courts.