Cybersecurity reduces the risk of cyber attacks and protects against the unauthorized exploitation of systems, networks and technologies.
Cyber risk management is complex and there is no one-size-fits-all solution. IT Governanceâs range of cybersecurity products and services can be tailored to suit any organizationâs needs and requirements.
From training, staff awareness programs, security testing, documentation toolkits, standards, software, books and guides, ITG have everything you need to support and enhance your security program.
A white hat hacker, with over 30 years of experience as a cybersecurity analyst at a major Silicon Valley company, talks about why he turned his back on black hat hacking for the greater good. He talks about the reality of just how vulnerable our systems are â from the very real threat of hackers taking the American power grid or medical facilities offline to how easily accessible our private information is to anyone with Wi-Fi and some time on their hands.
The number of businesses falling victim to ransomware attacks each year is snowballing. Hackers have realized how lucrative these attacks are, with ransoms in the millions regularly being paid out. This documentary examines how hackers make their money and how much a victim can lose. Cyber security experts tell us how cybercriminals carry out the attacks and who is helping them.
For weeks, a cyberattack paralyzed the German district of Anhalt-Bitterfeld in 2021, bringing its whole administration to a standstill. It was a stark illustration of how hackers can knock out entire communities in milliseconds â and how digital technology has become vital for running our societies. DW investigates how a criminal industry makes billions by taking computers hostage â and how governments can use similar methods as a political weapon.
A shadow war is a war that, officially, does not exist. Shadow wars are rising as mercenaries, hackers, and drones take over the role armies once played. States are evading their responsibilities and driving the privatization of violence. War in the grey zone is a booming business: Mercenaries and digital weaponry regularly carry out attacks while those giving orders remain in the shadows.
Millions of Australians have had their data stolen in malicious attacks, costing some businesses tens of millions of dollars in ransom. Four Corners investigates the cyber gangs behind these assaults, cracking open their inner operations and speaking to a hacker who says he targets Australians.
Look behind the cheerful veneer of social media, communication apps, and platforms that have made our lives easier and more connected, and youâll find criminals using the same apps and platforms to run illicit and dangerous activities.
Singapore aims to be a âSmart Nationâ but the more it depends on IT, the more it opens itself to cyber threats. This is the cybersecurity dilemma. Explore global incidents of cyber espionage, disinformation, disruption and pandemics and how they endanger nations.
In this documentary, learn about white hat hackers, and the U.S. Secret Serviceâs cybercrime division working to protect us from the risks associated with persistent connectivity.
The rise of cyber conflict as the primary way nations now compete and sabotage each other.
The cybersecurity industry is constantly changing, and market conditions can shift quickly. To identify potential underserved market segments, it is crucial to regularly conduct updated market research. Staying informed about the latest developments helps businesses recognize new opportunities and areas where cybersecurity solutions are in demand but currently lacking.
There are some areas where there might have been or still are underserved market segments in cybersecurity include:
Small and Medium-sized Enterprises (SMEs): Smaller businesses often lack the resources and expertise to implement robust cybersecurity measures. They may not have access to dedicated cybersecurity teams or the budget to invest in expensive security solutions.
Nonprofit Organizations: Nonprofits, especially smaller ones, may face similar challenges as SMEs when it comes to cybersecurity. They might not have the necessary funds or expertise to adequately protect their data and digital assets.
Individuals and Consumers: With the increasing prevalence of cyber threats targeting individuals, there may be a market segment for user-friendly and affordable cybersecurity solutions tailored to the needs of regular consumers.
Internet of Things (IoT) Devices: As the number of IoT devices continues to grow, there is a potential underserved market for specialized cybersecurity solutions designed to secure these devices and the data they generate.
Cloud Security: With the widespread adoption of cloud computing, ensuring the security of cloud-based data and services has become critical. There may be opportunities for specialized cloud security solutions catering to different industries and use cases.
Critical Infrastructure: Industries such as energy, transportation, and healthcare that rely heavily on interconnected systems and technologies may have specific cybersecurity needs that could be underserved.
Emerging Technologies: As new technologies like artificial intelligence, blockchain, and quantum computing gain traction, there may be a need for cybersecurity solutions that address the unique risks associated with these technologies.
Cybersecurity Workforce Development: With the growing demand for cybersecurity professionals, there may be an underserved market segment for training and educational programs to address the workforce shortage in the industry.
It’s important to note that while some segments may have been underserved, the cybersecurity industry is competitive, and companies are continually looking for new opportunities. As the threat landscape changes, new niche areas may emerge, and existing underserved segments may receive more attention from cybersecurity companies and entrepreneurs.
Small and medium-sized businesses (SMBs) are targeted by cyberattackers as much as large companies, the 2023 Verizon Data Breach Investigations Report (DBIR) has revealed; here are some cybersecurity controls they should prioritize.
Company size does not matter to cyber attackers
SMBs often underestimate their appeal as a potential target. They assume they are âlittle fishâ not worth the attackersâ effort and that their data holds little value. But thatâs not true: their systems store sensitive information, including employee and customer data and financial information.
Whatâs more, they are often used to access systems at larger organizations (partners, customers or suppliers) â and as a recent Proofpoint study has shown, cybercriminals frequently target SMBs (especially through regional MSPs) as a means to breach larger agencies and organizations in the public and private sectors.
Unfortunately, SMBs typically allocate only a small fraction of their budget to strengthening their cybersecurity defenses, and are often ill-equipped to effectively combat cyber threats.
One critical factor exacerbating SMBsâ vulnerability is the shortage of dedicated security personnel; bigger organizations can offer bigger salaries to cybersecurity professionals and smaller companies canât compete on that front.
With limited staff and expertise, SMBs face an uphill battle in defending themselves against sophisticated cyberattacks.
How can SMBs up their cybersecurity game?
But not all hope is lost.
First and foremost, the notion that cybersecurity is solely the responsibility of the IT department must be dispelled; every individual within an organization plays a vital role in minimizing the risk of cyber incidents.
The Verizon 2023 DBIR report outlines three essential cybersecurity controls that will help SMBs with limited IT and cybersecurity expertise thwart general, non-targeted attacks:
Security awareness and skills training â Make sure employees have the skills and knowledge to minimize general cybersecurity risks
Data recovery â Create data recovery practices that can restore business assets to their original, trusted state in case of attack
Access control management â Create processes for creating, assigning, managing and revoking access credentials and privileges for user, administrator and service accounts for enterprise assets and software.
Once essential cyber hygiene is achieved with those and after a company begins moving closer to the larger end of the SMB scale and has more resources available, itâs time to add other security controls:
Incident response management â Establish and sustain an incident response program for prompt attack response
Application software security â Identify and address vulnerabilities in internally developed, hosted, or acquired software to prevent potential harm to the company
Penetration testing â Test the efficacy and resilience of enterprise assets and implemented controls by simulating attackersâ actions
âNow that youâve already looked at the Controls and prioritized them, you know what youâre most likely to be hit with and youâre working your way through to the endâyour ducks are almost all in a row. You have balanced preventive and detective capabilities and are on your way to being able to not only detect when something bad has happened but also respond quickly and appropriately. You have moved from the basics of putting your plan together to implementing a road map,â Verizonâs analysts pointed out.
âA few final things to consider at this point: Are you looking at aligning with a particular compliance framework? Do you track metrics around security in your environment? Do your efforts result in ongoing improvements to your security posture, or do they just provide a point-in-time snapshot that says, âI was good at this moment, but then things changedâ? There is quite a bit you can do when you use good information about what is happening in your organization to steer your security strategy.â
In todayâs rapidly evolving digital landscape, organizations face constant cyber threats that can compromise their sensitive data, disrupt operations, and damage their reputation. Staying informed about the latest cyberattacks and understanding effective protection methods is crucial.
This list of free cybersecurity whitepapers that donât require registration covers a wide range of common cyber risks (ransomware, DDoS attacks, social network account hijacking). It explores the possible risks that could originate from new technologies such as generative AI (GenAI) and large language models (LLMs).
MS-ISAC guide to DDoS attacks
The Multi-State Information Sharing and Analysis Center (MS-ISAC) has created a guide to shed light on denial of service (DoS) and distributed denial of service (DDoS) attacks. A DoS attack aims to overwhelm a system and hinder its intended usersâ access, while a DDoS attack involves multiple sources working together towards the same goal.
These attacks deplete network, application, or system resources, leading to issues such as network slowdowns, application crashes, and server failures. The MS-ISAC guide examines various techniques employed by cyber threat actors (CTAs) to execute successful DDoS attacks. The guide also provides recommendations for defending against these types of attacks.
Ransomware has become one of the most concerning types of attacks. To be able to effectively tackle these attacks, IT professionals and managed services providers need to be prepared to respond quickly and appropriately.
The first step towards readiness lies in acquiring a comprehensive understanding of the primary issues and possible pitfalls that can significantly impact the outcome.
This whitepaper from N-able gives insights on one of the most common and disastrous type of attack and what are the frequent mistakes organizations do when trying to limit the damaging effects.
To establish a robust and successful security program for industrial control systems (ICS) or operational technology (OT), a combination of five cybersecurity controls can be employed.
This SANS whitepaper points out these controls, empowering organizations to customize and implement them according to their specific environment and risk factors.
Rather than being overly prescriptive, these controls prioritize outcomes, ensuring flexibility and adaptability. Moreover, they are informed by intelligence-driven insights derived from the analysis of recent breaches and cyberattacks in industrial companies worldwide.
How to identify the cybersecurity skills needed in the technical teams in your organization
To keep an organization safe from information security threats, it is essential to understand cybersecurity skills gaps within your IT and InfoSec teams. To enhance your companyâs protection, it is crucial to pinpoint these deficiencies and give importance to skills according to specific job roles.
This whitepaper from Offensive Security concentrates on optimal methods for nurturing internal cybersecurity talent within your technical teams, such as IT, information security, DevOps, or engineering.
The increasing use of GenAI and LLMs in enterprises has prompted CISOs to assess the associated risks. While GenAI offers numerous benefits in improving various daily tasks, it also introduces security risks that organizations need to address.
This whitepaper from Team8 aims to provide information on these risks and recommended best practices for security teams and CISOs, as well as encourage community involvement and awareness on the subject.
Traditional methods of data security and threat protection are inadequate in the face of evolving applications, users, and devices that extend beyond the corporate perimeter.
Legacy security approaches struggle to adapt to the hybrid work model, leading to visibility issues, conflicting configurations, and increased risks. To address these challenges, organizations need to update their risk mitigation strategies.
Remote browser isolation (RBI) technology offers a promising solution by separating internet browsing from local browsers and devices. However, traditional RBI approaches have limitations such as high costs, performance issues, and security vulnerabilities caused by deployment gaps.
This Cloudflare whitepaper examines the causes and consequences of these challenges, and shows how to approach browser isolation to tackle these common issues.
S1 deload stealer: Exploring the economics of social network account hijacking
Social networks have become an essential part of our lives, but they have also been exploited by criminals. Threat actors have been using legitimate social media accounts to engage in illegal activities, such as extortion and manipulating public opinion for influencing elections.
Financially motivated groups have also employed malvertising and spam campaigns, as well as operated automated content-sharing platforms, to increase revenue or sell compromised accounts to other malicious individuals.
This whitepaper from Bitdefender highlights an ongoing malware distribution campaign that takes advantage of social media by hijacking usersâ Facebook and YouTube accounts.
Building a budget for an insider threat program
To gain support from top-level executives when planning to implement a purpose-built insider threat solution, the value of the solution needs to be linked not just to reducing risks but also to providing additional business benefits.
The business case should show how an insider threat program can result in immediate cost savings, allow security resources to be allocated to other important projects in the future, and ultimately promote collaboration, productivity, and innovation.
This Code42 whitepaper provides a strategy for security teams to create a convincing business case.
The case for threat intelligence to defend against advanced persistent threats
Organizations are encountering an increasingly serious challenge posed by advanced persistent threats (APTs). Those responsible for managing business risk recognize that it is impossible to completely prevent such threats. Instead, the focus is on implementing defensive measures and utilizing threat intelligence to improve the chances of detecting attacks and reducing risk to an acceptable level.
Rather than fixating on the inevitability of being hacked, the emphasis is placed on minimizing the occurrence of attacks and efficiently identifying and responding to them, to mitigate their impact on the business.
This Cyberstash whitepaper examines the effectiveness and cost associated with threat intelligence in enhancing the security industryâs defensive capabilities against APTs.
The Toyota Motor Corporation confirmed on Friday that the car data of 2.15 million customers in Japan, including those of its premium brand Lexus, had been publicly accessible for almost a decade owing to âhuman error.â The statement was made in response to a report that the Toyota Motor Corporation had published on Friday. The disaster, which impacted virtually all of Toyotaâs clientele who had registered for the companyâs primary cloud service platforms after 2012, was brought on by a cloud system that had been inadvertently turned to the public rather than the private mode. Customers who had signed up for the T-Connect service, which offers a wide range of services such as AI voice-enabled driving assistance, automatic connection to call centers for vehicle management, and emergency support in the event of a situation such as a car accident or a sudden illness, were impacted as well. The G-Link services for Lexus vehicles were also impacted. According to the corporation, there have been no complaints of harmful usage; nonetheless, information such as car positions and identification numbers of vehicle devices may have been compromised. This is despite the fact that there have been no indications of malicious use.
This incidence comes to light at the same time that Toyota is ramping up its efforts in the areas of vehicle connection and cloud-based data management in order to provide autonomous driving and other functions supported by artificial intelligence. When asked why it took Toyota so long to realize the error, a spokeswoman for the firm said, âThere was a lack of active detection mechanisms, and activities to detect the presence or absence of things that became public.â In other words, the corporation did not have any mechanisms or activities in place to detect the presence or absence of things that became public. Â The problem first surfaced in November of last year and continued through the middle of April of this year.
The Personal Information Protection Commission in Japan was made aware of an occurrence, but in keeping with their standard procedure, the commission has chosen not to divulge any more information at this time. Toyota has implemented safeguards to prevent unauthorized third parties from gaining access to the companyâs data and is in the process of conducting an examination into all cloud environments that are administered by Toyota Connected Corp. Following a string of previous large data breaches in Japan, including one in March when mobile provider NTT DoCoMo revealed the data of up to 5.29 million users may have been compromised due to a firm to whom it had outsourced work.
The corporation said that it will be contacting individual consumers about the breach and that it has established a hotline for queries.
The problem comes after Toyota disclosed in October a second data breach affecting T-Connect that affected a far lesser amount of customers.
In April, Toyota revealed that there had been security breaches at its headquarters in Italy, which might have resulted in the exposure of customer information.
In a presentation that is being called the worldâs first ethical satellite hacking exercise, cybersecurity researchers will explain how they took control of a European Space Agency (ESA) satellite this week. The ESA satellite was part of an experiment that was touted as the worldâs first ethical satellite hacking exercise. The European Space Agency (ESA) issued a challenge to cybersecurity professionals working in the ecosystem of the space sector, asking them to interfere with the functioning of the OPS-SAT demonstration nanosatellite that the ESA operates. Participants made use of a wide array of ethical hacking approaches in order to seize control of the system that was used to operate the payloadâs onboard camera, global positioning system, and attitude control system. Unauthorized access to these systems poses a risk of severe damage to the satellite as well as a loss of command and control over the satelliteâs intended purpose. The offensive cybersecurity team at Thales collaborated with the Groupâs Information Technology Security Evaluation Facility (ITSEF2) to carry out this one-of-a-kind exercise. The goal of the exercise was to show the need of a high degree of cyber resilience in the very unusual operational environment of space.
Thales, a global defense and aerospace business, was able to successfully take control of a satellite that was being operated by the European Space Agency (ESA) during a test run that the company ran. In order to demonstrate how space systems are susceptible to cyberattacks, the experiment involves breaking into the satelliteâs command and control system and sending instructions. Even though the experiments were carried out in a safe and controlled setting, they shed light on the dangers that exist when it comes to the possibility of an evil actor seizing control of a satellite in the real world, which may lead to potentially catastrophic results. Due to the fact that cyber attacks continue to provide a substantial obstacle to space exploration and safety, this event highlights how important it is to ensure the security of space-based infrastructure.
The team of four cybersecurity experts from Thales gained access to the satelliteâs onboard system, utilized the conventional access permissions to take control of the satelliteâs application environment, and then exploited multiple vulnerabilities in order to install malicious code into the satelliteâs systems. This made it feasible to compromise the data that was transmitted back to Earth, in particular by changing the pictures that were collected by the satelliteâs camera, as well as to accomplish other goals, such as masking specific geographic regions in the satellite imaging while disguising their operations in order to escape discovery by ESA. The simulation was put on especially for CYSAT in order to assist in determining how a genuine cyberattack may affect civilian networks and the possible fallout from an attack of this kind.
ASM is a cybersecurity approach that continuously monitors an organizationâs IT infrastructure to identify and remediate potential points of attack. Hereâs how it can give your organization an edge.
Understanding Attack Surface Management
Here are some key terms in ASM:
Attack vectors are vulnerabilities or methods threat actors use to gain unauthorized access to a network. These vulnerabilities include vectors such as malware, viruses, email attachments, pop-ups, text messages and social engineering.
An attack surface is the sum of attack vectors that threat actors can potentially use in a cyberattack. In any organization, all internet-connected hardware, software and cloud assets add to the attack surface.
Shadow IT is any software, hardware or computing resource being used on a companyâs network without the consent or knowledge of the IT department. Quite often, shadow IT uses open-source software that is easy to exploit.
Attackers use sophisticated computer programs and programming techniques to target vulnerabilities in your attack surface, like shadow IT and weak passwords. These cyber criminals launch attacks to steal sensitive data, like account login credentials and personally identifiable information (PII).
Minimize human error by building a security-conscious culture where people are more aware of emerging cyber threats.
Prioritize your risk. You can get familiar with attack patterns and techniques that threat actors use.
How Attack Surface Management Works
There are four core processes in attack surface management:
Asset discovery is the process of automatically and continuously scanning for entry points that threat actors could attack. Assets include computers, IoT devices, databases, shadow IT and third-party SaaS apps. During this step, security teams use the following standards:
CVE (Common Vulnerabilities and Exposures): A list of known computer security threats that helps teams track, identify and manage potential risks.
CWE (Common Weakness Enumeration): A collection of standardized names and descriptions for common software weaknesses.
Classification and prioritization is the process of assigning a risk score based on the probability of attackers targeting each asset. CVEs refer to actual vulnerabilities, while CWEs focus on the underlying weaknesses that may cause those vulnerabilities. After analysis, teams can categorize the risks and establish a plan of action with milestones to fix the issues.
Remediation is the process of resolving vulnerabilities. You could fix issues with operating system patches, debugging application code or stronger data encryption. The team may also set new security standards and eliminate rogue assets from third-party vendors.
Monitoring is the ongoing process of detecting new vulnerabilities and remediating attack vectors in real-time. The attack surface changes continuously, especially when new assets are deployed (or existing assets are deployed in new ways). Â
Anyone who works in attack surface management must ensure the security team has the most complete picture of the organizationâs attack vectors â so they can identify and combat threats that present a risk to the organization.
Hiring companies look for people with a background and qualifications in information systems or security support. The minimum expectations typically include the following:
Strong technical security skills
Strong analytical and problem-solving skills
Working knowledge of cyber threats, defenses and techniques
Working knowledge of operating systems and networking technologies
Proficiency in scripting languages, like Perl, Python or Shell Scripting
Experience with attack surface management and offensive security identity technologies.
Whatâs Next in Attack Surface Management?
Cyber Asset Attack Surface Management (CAASM) is an emerging technology that presents a unified view of cyber assets. This powerful technology helps cybersecurity teams understand all the systems and discover security gaps in their environment.
There is no one-size-fits-all ASM tool â security teams must consider their companyâs situation and find a solution that fits their needs.
Some key criteria include the following:
Easy-to-use dashboards
Extensive reporting features to offer actionable insights
Comprehensive automated discovery of digital assets (including unknown assets, like shadow IT)
Options for asset tagging and custom addition of new assets
Continuous operation with little to no user interaction
Collaboration options for security teams and other departments.
With a good ASM solution, your security team can get a real cyber criminalâs perspective into your attack surface. You can find, prioritize and solve security issues quickly and continuously. Ultimately, a diligent attack surface management strategy helps protect your company, employees and customers.Â
A surge of cybersecurity incidents and a general feeling of work overload is leading to widespread burnout among IT security professionals, two surveys indicated.
A Cynet survey of chief information security officers (CISOs) of small to midsize businesses found nearly two-thirds (65%) said their ability to protect their organization is compromised due to an overwhelming workloadâwith nearly 100% admitting they needed additional resources.
The stress levels are affecting entire IT security teams, with nearly three-quarters (74%) of CISOs surveyed admitting they have lost team members because of work-related stress issues.
Nearly half (47%) of these CISOs have had more than one team member exit their role over the last 12 months.
Burning Out and Fading Away
Respondents to a Magnet Forensics survey said the rapid evolution of cybercrime is weighing on security teams substantially more than it did last year, leading to widespread burnout. Alert and investigation fatigue are twin contributing factors, the survey revealed.
The study also revealed that the evolving nature of threats is extending response times beyond what they feel is acceptableâ43% of respondents said it takes them between one week and more than a month.
Nearly a third of respondents said that identifying the root cause of an incident requires either a âcomplete overhaulâ or âmajor improvementsâ in the organizationâs threat posture.
âWeâre seeing a direct correlation between burnout and the increased activity of cybercriminals who are relying on more complex strategies and bombarding organizations with more attacks,â explained Adam Belsher, CEO of Magnet. âNew cybersecurity regulations also impacted our respondents who said theyâre now under increased pressure to get answers faster.â
He pointed out that a global talent shortage resulted in hiring challenges, and that digital forensics and incident response practitioners (DFIR) find themselves in a difficult situation.
âThey need to respond to more incidents, get answers faster and do so while knowing no reinforcements are on the way,â Belsher noted. âItâs no surprise that theyâre burned out.â
George Tubin, director of product marketing for Cynet, added that what stood out most is what a vicious cycle this work-related stress is. Their stress at work spills over into their personal lives, which increases their stress at workâand repeat.
âBecause of their workload and stress, these CISOs said theyâre missing vacations and private events and theyâre also losing their tempers with family and friends. This only exacerbates their stress levels,â he says.
In addition, 80% of them have received complaints about how they handled security tasks and two-thirds said their ability to protect their organizations is compromised due to work overload and stress.
More Cybersecurity Staff Needed to Combat Burnout
The Cynet survey also asked CISOs whether they need more people, and the general consensus is that they could use 30% more staff.
They also said theyâve compromised on hiring decisions because itâs so hard to find good cybersecurity people.
âBut, when we asked them what initiatives could help them reduce stress levels, rather than say hire more, more CISOs stated technology consolidation and automation, as well as outsourcing,â Turbin says. âCybersecurity technology has become so complicated and so expensive that the cure is almost as bad as the disease.â
Belsher noted that each factor contributing to the burnout of DFIR practitioners is out of their hands.
âThey canât control how often cybercriminals attack their organizations or the methods they use,â he said. âCybercriminals have continued to find new threat vectors and ways to scale the volume of their attacks. That wonât change in 2023.â
That means organizations must adapt to this threat landscape beyond trying to hire themselves out of this problem.
âIf we maintain the status quo, burnout will only get worse,â he says. âAutomation is essential to scaling the capacity of DFIR teams.â
Turbin agreed, noting a couple of the survey questions asked the respondents to compare the past year with previous years; the results were consistent or have become slightly worse.
âUnless these security leaders can somehow relieve their stress, mainly through simplifying and automating their cybersecurity technology, I expect the situation to get worse before it gets any better,â he said.
He added that CEOs and the board should be concerned about the threat of burnout, especially considering that this stress is leading to a degradation in security outcomes that increased risk for the organization.
âCEOs and board members should proactively reach out to their security leaders to discuss ways to reduce stress and improve the companyâs security posture,â he advised.
Belsher pointed out that cybersecurity and IT personnel canât tackle burnout alone.
âMental health is a company-wide imperative that executives, HR departments and all people leaders should play an active role in addressing,â he said.
During the month of November, researchers at the cybersecurity firm LookingGlass examined the most significant vulnerabilities in the financial services industry in the United States.
The company looked at assets with public internet-facing assets from more than 7 million IP addresses in the industry and discovered that a seven-year-old Remote Code Execution vulnerability affecting Microsoft Windows was at the top of the list.
According to CISA, the âFinancial Services Sector includes thousands of depository institutions, providers of investment products, insurance companies, other credit and financing organizations, and the providers of the critical financial utilities and services that support these functions.â
Reports stated that the industry employs about 8 million Americans and contributes $1.5 trillion, or 7.4% of the nationâs overall GDP.
Microsoft Exchange Vulnerabilities
Over 900 times in the financial sector have been affected by a critical remote code execution vulnerability identified as (CVE-2015-1635), affecting Microsoft Windows and it has been around for seven years.
If this vulnerability is exploited successfully, a remote attacker may execute arbitrary code with system privileges and result in a buffer overflow.
The next most often exploited vulnerability was (CVE-2021-31206), which affects Microsoft Exchange Servers. Reports say in the month of November, this vulnerability was exploited 700 times in the financial services industry in the United States.
Top list of vulnerabilities in the financial services sector
âOur data holdings attribute roughly 7 million of these to the U.S. financial services sector, which includes insurance companies, rental & leasing companies, and creditors, among other subsectorsâ, explains LookingGlass researchers.
According to recent reports from the U.S. Department of Treasury, ransomware attacks alone cost U.S. financial institutions close to $1.2 billion in 2021, a nearly 200% increase from the year before.
The Financial Crimes Enforcement Network (FCEN) of the Treasury identified Russia as the main source of numerous ransomware variants hitting the industry in its study.
The impacted automotive giants include BMW, Toyota, Ford, Honda, Mercedes-Benz and many more…
These API vulnerabilities exposed vehicles to information theft, account takeover, remote code execution (RCE), and even hijacking of physical commands such as starting and stopping engines.
Millions of vehicles belonging to 16 different manufacturers had completely exposed API vulnerabilities which could be abused to unlock, start, and track cars while also impacting the privacy of the vehicle owners.
In a detailed report, Curry laid out vulnerabilities found in the automotive APIs powering several automotive giants including the following:
Kia
BMW
Ford
Honda
Acura
Jaguar
Nissan
Porsche
Toyota
Ferrari
Spireon
Reviver
Genesis
Hyundai
Infiniti
SiriusXM
Land Rover
Rolls Royce
Mercedes-Benz
According to researchers, information theft to account takeover, remote code execution (RCE), and even hijacking physical commands such as starting and stopping engines of cars were all real possibilities that hackers could access before the security vulnerabilities were fixed by respective manufacturers following responsible disclosure.
Spireonâs telematics solution faced the most serious of issues which could have been exploited to gain full administrator access to the companyâs platform, enabling a threat actor to issue arbitrary commands to about 15.5 million vehicles as well as update device firmware.
âUsing our access, we could access all user accounts, devices (vehicles), and fleets,â Curry said. âSome of the fleets on the website included ambulances, police cruisers, and large trucks. Using the Spireon access, we could send fully arbitrary commands and update device configurations.â
Another vulnerability reported in the researchersâ findings showed that a poorly configured API endpoint for generating one-time passwords for the web portals of BMW and Rolls Royce could allow attackers to take over the accounts of any employee and contractor, thereby gaining access to sensitive customer and vehicle information.
A poorly implemented SSO functionality in Ferrariâs web applications allowed the researchers to gain unrestricted access to the JavaScript code of several internal applications. The source code contained internal API keys and usage patterns, allowing potential attackers to create and modify usersâ or (worse yet) give themselves superuser permissions. The vulnerabilities effectively allowed attackers to take ownership of Ferrari cars.
A misconfiguration in the Mercedes-Benz single sign-on (SSO) system enabled the researchers to gain access to several internal company assets, including private GitHub repositories and internal communication tools.
Attackers could pose as employees, allowing them to access sensitive information, send commands to customer vehicles, perform RCE attacks, and use social engineering to escalate their privileges across the Mercedes-Benz infrastructure.
âThere were some car companies where youâd own one, then copy the exact same methodology to another car company and get in with the same vulnerability,â Curry wrote in a blog post.
The researchers found that some flaws existed across the platforms of several companies, including tons of exposed actuators (vehicle component control), debug endpoints, and administrative functions for managing vehicles, purchase contracts, and telematic devices.
This only goes to show that as much of a hurry as these car companies were to install these devices, they completely overlooked the task of securing their online ecosystem.Â
According to a post on a well-known hacker forum, Volvo Cars has experienced a new data breach, with stolen information allegedly being made available for sale.
Anis Haboubi, a French cybersecurity expert, was the first to discover that a threat actor was seeking to sell data purportedly taken from Volvo Cars on a well-known hacking site.
On December 31, 2022, a forum member operating online with the moniker IntelBroker reported that VOLVO CARS had been the target of a ransomware attack. He alleges that the Endurance Ransomware gang attacked the company and stole 200GB of private information that is now being sold.
The seller mentioned that he doesnât demand a ransom because he thinks the victim wonât pay it.
âThe company has not been approached with a ransom demand. Based on the information available, the company does not currently see an impact on its business or operationsâ, according to a Volvo representative.
IntelBroker is offering the relevant data for $2500 in Monero, and he shared a number of screenshots as evidence of the hack. He forbids any escrow, which is a highly suspicious situation.
According to reports, the leak included sensitive data like access to several of the companyâs databases, WiFi logins and points, employee listings, software keys, and other private data.
âI am currently selling the following information:
Database access, CICD access, Atlassian access, domain access, WiFi points, and logins, auth bearers, API, PAC security access, employee lists, software licenses, and keys and system files.â reads the announcement on the hacking forum.
âThere is much data on âunresolvedâ reports of exploits. I have taken them all and they will also be included in this sale.â
Itâs notable that the attacker shared screenshots of allegedly stolen data that indicate details about vehicles the company sells to law enforcement agencies, especially in Europe.
Threat actors have set a relatively low price of $2,500 for the dataset, indicating that the data may not be as sensitive as the seller would want.
If genuine, this would be Volvoâs second security compromise in less than 18 months. The company claimed that a âsmall portionâ of its R&D assets had been taken during the breach in late 2021.
Hence, itâs unclear at this moment whether the seller is seeking to sell information from the 2021 data breach or if there has been a new data leak. Some users of the same hacker site said that since last week, the companyâs unsecured Citrix access has been exposed online.
Security researchers released their car hacking research discussing vulnerabilities affecting millions of vehicles, and lots of different car companies such as Kia, Toyota, BMW, Rolls Royce, Ferrari, Ford, and many more. If an attacker were able to find vulnerabilities in the API endpoints that vehicle telematics systems used, they could honk the horn, flash the lights, remotely track, lock/unlock, and start/stop vehicles, completely remotely. Their goal was to find vulnerabilities affecting the automotive industry. This write-up details their work exploring the security of telematic systems, automotive APIs, and the infrastructure that supports them. Details: https://samcurry.net/web-hackers-vs-the-auto-industry/
Microsoft revised the severity rate for the CVE-2022-37958 flaw which was addressed with Patch Tuesday security updates for September 2022.
Microsoft revised the severity rate for the CVE-2022-37958 vulnerability, the IT giant now rated it as âcriticalâ because it discovered that threat actors can exploit the bug to achieve remote code execution.
The CVE-2022-37958 was originally classified as an information disclosure vulnerability that impacts the SPNEGO Extended Negotiation (NEGOEX) security mechanism.
The SPNEGO Extended Negotiation Security Mechanism (NEGOEX) extends Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) described in [RFC4178].
The SPNEGO Extended Negotiation (NEGOEX) Security Mechanism allows a client and server to negotiate the choice of security mechanism to use.
The issue was initially rated as high severity because the successful exploitation of this issue required an attacker to prepare the target environment to improve exploit reliability.
IBM Security X-Force researcher Valentina Palmiotti demonstrated that this vulnerability is a pre-authentication remote code execution issue that impacts a wide range of protocols. It has the potential to be wormable and can be exploited to achieve remote code execution.
âThe vulnerability could allow attackers to remotely execute arbitrary code by accessing the NEGOEX protocol via any Windows application protocol that authenticates, such as Server Message Block (SMB) or Remote Desktop Protocol (RDP), by default.â reads the post published by IBM. âThis list of affected protocols is not complete and may exist wherever SPNEGO is in use, including in Simple Message Transport Protocol (SMTP) and Hyper Text Transfer Protocol (HTTP) when SPNEGO authentication negotiation is enabled, such as for use with Kerberos or Net-NTLM authentication.â
Demonstrating CVE-2022-37958 RCE Vuln. Reachable via any Windows application protocol that authenticates. Yes, that means RDP, SMB and many more. Please patch this one, it's serious! https://t.co/ikOrTvQIJspic.twitter.com/bOTmL5Fh2H
Unlike the CVE-2017-0144 flaw triggered by the EternalBlue exploit, which only affected the SMB protocol, the CVE-2022-37958 flaw could potentially affect a wider range of Windows systems due to a larger attack surface of services exposed to the public internet (HTTP, RDP, SMB) or on internal networks. The expert pointed out that this flaw can be exploited without user interaction or authentication.
IBM announced it will release full technical details in Q2 2023 to give time organizations to apply the security updates.
The number of internet-facing cameras in the world is growing exponentially. Some of the most popular brands donât enforce a strong password policy, meaning anyone can peer into their ownersâ lives.
When you spy on your neighborhood or your cafe customers, do you wonder if someone is watching Big Brother â you, in this case?
Businesses and homeowners increasingly rely on internet protocol (IP) cameras for surveillance. All too often, this gives them a false sense of security: when in fact, threat actors can not only access and watch your camera feed but exploit the unsecured device to hack into your network.
New research by Cybernews shows an exponential rise in the uptake of internet-facing cameras. After looking at 28 of the most popular manufacturers, our research team found 3.5 million IP cameras exposed to the internet, signifying an eightfold increase since April 2021.
While the default security settings have improved over the review period, some popular brands either offer default passwords or no authentication, meaning anyone can spy on the spies.
What is more, the overwhelming majority of internet-facing cameras are manufactured by Chinese companies. And while cosmetic security measures are in place, security leaders have long warned that technologies produced by Chinese companies can be exploited by Chinaâs government.
Surge in internet-facing cameras
When we last did similar research, we discovered over 400,000 internet-facing cameras online. This time, the Cybernews research team found 3.5 million internet-facing cameras.
Since this is a convenient and cheap tool to surveil anything from a parking lot, a warehouse, your doorstep, or even monitor your childâs sleep using a baby camera, itâs not surprising to see a surge in IP camera usage.
While not surprising, the trend is worrying since internet-connected devices might be vulnerable to attacks â threat actors can gain access to the cameraâs live feed, collect sensitive data, and launch further attacks on the network.
It is worrying that all analyzed brands have at least some models that allow users to keep default passwords or have no authentication setup whatsoever.
The reign of a Chinese brand
Most of the public-facing cameras we discovered are manufactured by the Chinese company Hikvision: the Cybernews research team found over 3.37 million of its cameras worldwide.
According to our researchers, they have the necessary security practice in place as they force users to create their unique passwords during an initial setup process. Nevertheless, the global popularity of Hikvision cameras has raised some eyebrows and, as is typical with China-manufactured technology, it and other companies are facing a backlash from Western governments.
Recently, the UK parliament instructed government agencies to cease the deployment of Chinese equipment, including surveillance cameras, on to sensitive sites, saying the technology is produced by companies subject to the National Intelligence Law of the Peopleâs Republic of China.
Hikvisionâs website advertised optional demographic profiling facial analysis algorithms, including gender, race, ethnicity, and age. Following an investigation by the Guardian, the ad was removed.
In November, the US Federal Communications Commission banned authorizations for Chinese telecommunications and video surveillance equipment, saying that Huawei, ZTE, Hytera, Hikvision, and Dahua are âdeemed to pose a threat to national security.â
Most insecure brands
Most analyzed brands (96.44% of the discovered cameras) force users to set passwords or generate unique default passwords on the newest models and firmware versions. While this is a good trend, it doesnât mean that all the cameras are safe since the lionâs share of these cameras is probably comprised of older models or those operating with outdated firmware using default or weak passwords.
Anyhow, this is a fundamental shift in the trend since last year, when we found that only 5.25% of analyzed cameras asked users to set their passwords.
As of today, 3.56% (127,000) of all analyzed cameras recommend changing the default password but do not enforce it. Sometimes, they donât even mention it in the initial setup process, with the recommendation being on a blog post instead.
Even more concerning is that over 21,000 cameras did not have any authentication setup, allowing anyone to access them, leaving owners at risk of cyberattack.
According to the research, most public-facing cameras that might be using default credentials are operational in the United States, where we identified over 458,000 such devices.
Germany, which took second place in our research last year, covering over 50,000 cameras, didnât even make it into the top 10 countries this time.
The second most affected country is Vietnam, with nearly 365,000 cameras, followed by the UK (nearly 250,000).
Visual here: Top 10 Countries with the most internet-connected cameras that could be using default credentials:
If you want to know how to secure your IP camera give a look at the original post published on CyberNews:
The majority of major automobile manufacturers have addressed vulnerability issues that would have given hackers access to their vehicles to perform the following activities remotely:-
Lock the car
Unlock the car
Start the engine
Press the horn
Flas the headlights
Open the trunk of certain cars made after 2012
Locate the car
Flaw in SiriusXM
SiriusXM, one of the most widely used connected vehicle platforms available on the market, has a critical bug in its platform that affects all major vehicle brands.
There is a particular interest among security researchers in the area of connected cars, like Yuga Labsâ Sam Curry. In fact, heâs the one who was responsible for discovering a security hole in the connected cars of major car manufacturers during his routine research.
More car hacking!
Earlier this year, we were able to remotely unlock, start, locate, flash, and honk any remotely connected Honda, Nissan, Infiniti, and Acura vehicles, completely unauthorized, knowing only the VIN number of the car.
There are a number of car manufacturers who use Sirius XM telematics and infotainment systems as a part of their vehicle technology.
Affected Car Brands
Here below we have mentioned the brandsâ names that are affected due to this critical bug in SiriusXM:-
Acura
BMW
Honda
Hyundai
Infiniti
Jaguar
Land Rover
Lexus
Nissan
Subaru
Toyota
Vulnerability Analysis
During the process of analyzing the data, it was found that there is a domain (http://telematics(.)net) that is used during the vehicle enrollment process for the remote management of Sirius XM.
The flaw is associated with the enrollment process for SiriusXMâs remote management functionality which results in the vehicle being tampered with.
There is not yet any technical information available about the findings of the researchers at the present time, since they havenât shared anything in detail.
Upon further analysis of the domain, it becomes apparent that the Nissan Car Connected App is one of the most plentiful and frequently referenced apps in this domain.
In order for the data exchanged through the telematics platform to be authorized, the vehicle identification number (VIN) only needs to be used. The VIN of the vehicle can therefore be used to carry out a variety of commands by anyone who knows the number.
The next step would be to log in to the application later on, and then the experts examined the HTTPS traffic that came from a Nissan car owner.
Since exploiting this involved many steps, we took all of the requests necessary to exploit this and put it into a python script which only needed the victim's email address. After inputting this, you could then execute all commands on the vehicle and takeover the actual account. pic.twitter.com/Bz5G5ZvHro
Researchers discovered one HTTP request during the scan in which they conducted a deep analysis.
It is possible to obtain a bearer token return and a â200 OKâ response by passing a VPN prefixed ID through as a customerID in the following way:-
Using the Authorization bearer in an HTTP request, researchers attempted to obtain information about the user profile of the victim and, as a result, they successfully retrieved the following information:-
Name
Phone number
Address
Car details
In addition to this, the API calls used by SiriusXM for its telematics services worked even if the user did not have an active subscription with SiriusXM.
As long as the developers or owners are not involved in the process of securing a vulnerable app, it is impossible to guarantee the security of that app. This is why they should be the only ones who can issue security updates and patches.
Recommendations
Here below we have mentioned the recommendations made by the security analysts:-
Ensure that you do not share the VIN number of your car with unreliable third parties.
In order to protect your vehicle from thieves, it is imperative to use unique passwords for each app connected to the vehicle.
Keep your passwords up-to-date by changing them on a regular basis.
Keeping your system up-to-date should be a priority for users.
The online world has never been risk-free and in 2022 the risks posed by cybercriminals are a threat to all internet users. As scams and phishing methods become more complex there is a greater need for the individual to adopt a range of best practices to protect their personal information.
Cybercriminals can target both individuals and businesses using a wide range of methods: malware can be activated by clicking on malicious links; personal details can be harvested simply by visiting unsecure sites.
Whether you like to surf the internet for fun and recreation, use it as a platform for online trading, or buy a range of products and services, staying safe online should always be a priority. It is a sobering fact that thousands of pieces of malware are created every day.
Stay safer online by following these three top tips.
Be vigilant when trading
Millions of people around the world now regularly trade online and increasingly that trade is in cryptocurrencies such as Bitcoin. With a wide range of cryptocurrencies now available, it is more important than ever to check that the site you trade on is secure.
As a rule, you should only trade on sites that feature the padlock icon in their web address, such as can be seen at OKX. This padlock icon proves that the site is secure and uses SSL encryption to ensure that any financial or personal information is transmitted safely.
It is also good practice to look at reviews from trading platforms. Customer experiences of using these sites can be a valuable source of information on the security of a platform. When trading online or undertaking any type of internet purchasing activity, it is also important to remember not to use unsecured networks.
Surfing in coffee shops and shopping malls can be an attractive proposition but should be avoided whenever any transactions are taking place; otherwise, a cybercriminal could easily pose as a contact from a website you have visited â leaving you open to phishing attacks in the future.
Use strong passwords
Whilst most people realize the value of having strong passwords across all the sites they use, it is still surprising how many people do not adhere to this best practice. Many consumers use the same passwords across numerous platforms and sites or use exceptionally weak passwords that can be cracked with a minimum amount of effort.
Today, search engines can suggest strong passwords and store them securely. This method can make consumers safer online whilst also freeing the need to memorize complex passwords. Put simply, if you use weak or repetitive passwords across sites, you are making it easy for a cybercriminal to harvest your personal details or hack your accounts.
Stay up to date
Another common practice that tends to be overlooked by millions of web visitors is to keep applications and devices up to date with the latest firmware. It is vitally important to check for system and firmware updates on a regular basis. Whilst many updates offer stability improvements or bug fixes, they often contain the latest security updates that keep devices and applications more secure.
Running software or operating systems that do not have the latest patches leaves them far more vulnerable to attack, so make a point of checking for updates across your devices on a regular basis to ensure that you benefit from the latest security features.
In summary, follow the above advice to avoid falling victim to one (or more) of the 300,000 pieces of malware that are created every day.
As we continue to rely on technology more and more, we should also be increasingly thinking about protection. According to Cyber Security Hub, two-thirds of companies are spending more on cybersecurity in 2022 than last year â a pattern that should only continue.
On the heels of National Cybersecurity Awareness Month, it is the perfect time for business leaders and organizations to consider the cybersecurity safeguards they use to protect sensitive information. Cybersecurity can be a complex task for many organizations. Businesses, educational institutions and government entities often struggle to navigate the available options. Aside from IT professionals, finding the right solution requiressubject matter experts, a group of leaders who represent different lines of business, C-suite representatives and a thorough risk assessment to determine where to strike a balance between security and productivity.
Security is a constant discipline of due care and due diligence over time. It requires a mindset shift for employees and extends far beyond computers. Printers, scanners, fax machines, document management systems and other hardware and software solutions must contain the latest security features as well. While updating these devices may not be top of mind, neglecting them can pose a serious threat to your organization if compromised.
If you are just getting started, or need a refresher on cybersecurity, here are some of the first steps you should take:
