Feb 10 2022

How Does An IPv6 Proxy Work & How Enterprises Can Get Benefit?

Category: Network securityDISC @ 9:12 am
How Does An IPv6 Proxy Work & How Enterprises Can Get Benefit?

Technological advancements have come a long way – from when internet utility was very limited to when internet connection was achieved only through internet protocol (IP) version 4 (IPv4) addresses to this modern age where IPv6 is the next big thing.

IPv6 stands for internet protocol version 6, as you might have figured out by now, and was first introduced in 2012.

It became imperative after developers discovered that IPv4 had a finite number and addresses. It would not take long before we ran out of possible commutations for the fourth IP version.

As such, a new version that would allow humanity to generate an infinite number of IP addresses was born; IPv6. And several technologies have been built and designed in its wake.

IPv6 proxy, for instance, was subsequently developed to make things easy. IPv6 had several benefits, such as routing traffic and packet headers conveniently and attracting many organizations to start hosting their servers on it.

However, traffic and connections coming from the older IPv4 could not reach or interact with these new servers because they operated on different standards.

Therefore, it became necessary to build a tool that could translate all IPv4 traffic to reach IPv6 hosted servers, hence the IPv6 proxy.

What Is A Proxy?

A proxy is a device or computer that can serve as the middleman between different servers or networks.

It can stand anywhere between the user and the internet and transfer data and connections back and forth quickly and securely.

This traffic transfer is often done using its IP and location while concealing the user’s details. This helps to provide necessary security and anonymity for the internet user.

How Do Proxies Work?

Proxies are not the only tools used in re-routing users’ connections, but they are one of the most effective, and this is evident in the way they work:

  • The user sends out a request using a proxy
  • The proxy accepts the incoming traffic and remodels it to ensure lesser errors and better speed
  • Then it masks the user’s IP and transfers the traffic using its IP instead
  • The request reaches the final server, and the results are collected and returned to the user via the proxy network
  • The proxy again accepts this traffic and screens it for possible malware. Once it certifies that it is healthy, it sends it to the user.
  • The user receives the result quickly as a web page.
  • All these happen so quickly and seamlessly that users can’t even tell there have been interceptions at different levels and points.

What Are Proxies Used For?

Proxies are essential for several reasons, and below are some of the most common:

  1. To Boast Internal Security

The internet may be a lovely place for both individuals and brands, but it can also turn sour quickly.

There are cybercriminals monitoring traffic at every turn and waiting for what data to breach.

Proxies are used because they can hide your IP and sensitive data and filter traffic to ensure the user is protected at all times.

  1. To Reduce Server Load

Servers are just like every other type of machine – they can only handle what is within their capacity.

When a server has to deal with too much traffic every day, it doesn’t take long before it crashes.

Proxies are helpful because they are excellent at reducing the workload on servers. For instance, proxies can allocate traffic to the available server to prevent one server from taking too much load.

Proxies can also deploy caching mechanisms where they store results from past queries. This way, they can pull the data from what has been stored instead of disturbing the servers.

  1. To Bypass Restrictions

There are several limitations and restrictions that people face when surfing the internet. Some users can get banned or blocked when they use the same IP to interact with a website or server repeatedly.

Other users can get restricted from using particular services or accessing specific content because of where they live.

Proxies are used to prevent both types of limitations as they can supply users with an extensive collection of IPs to prevent bans and multiple locations from bypassing geo-restrictions.

What Is An IPv6 Proxy?

An IPv6 proxy can be defined as a type of proxy that translates IPv4 traffic into IPv6 traffic. It could be software or hardware that stands between users and the internet and translate this older traffic into the IPv6 version.

The purpose is often to allow traffic from devices using the older IP versions to reach servers hosted on the IP6 standard.

Without this tool, it would be impossible for anyone using the older IP versions to interact with IPv6 standards.

The IPv6 proxy can also perform other essential functions of a regular proxy, including concealing the user’s networks to provide online privacy and filtering traffic to boost online security.

How Do IPv6 Proxies Work?

As the world adopts IPv6 standards and gradually moves towards it, several users, including organizations and service providers still using the IPv4 standard, need a tool to help them translate and forward their traffic.

IPv6 proxies work by intercepting traffic from the older IP standard, translating the address and header, and routing the information before forwarding them to an IPv6 server or target device.

The Main Use Cases of IPv6 Proxies

There are several ways the IPv6 proxy can be used (visit Oxylabs for more info), including the following:

  1. Maximizing Online Security and Privacy

Like all significant proxies, the IPv4 proxies also play a massive role in boosting your security and that of your data. Whatever your online activity, you can hide your identity using these proxies with zero cost to your browsing speed and performance.

  1. Bypassing Censorship and Constraints

If you experience bans, blockings, and restrictions very often online, you may want to consider switching to the IPv6 proxies as they can easily bypass these challenges. You can easily choose a different IP and location to appear like a completely different user.

  1. Web Scraping

IPv4 proxies can also be used with a dedicated scraper to harvest a large amount of data from different sources at once. This capability comes from the fact that an IPv6 proxy can translate and re-route any traffic to help it reach any server. It can also provide you with multiple IP addresses and locations to help you perform these repetitive tasks without using an IP twice. 

IPv6 Essentials: Integrating IPv6 into Your IPv4 Network 

Tags: IPv6 Proxy

Feb 09 2022

Adding Data Privacy to DevSecOps

Category: Information PrivacyDISC @ 1:44 pm
Adding Data Privacy to DevSecOps

Colorado and Virginia passed new data privacy laws in 2021. Connecticut and Oklahoma are among the states that could enact new legislation around data privacy protections in 2022. California, which kicked off the conversation around data privacy at the state level, is updating its laws. Couple that with the EU’s GDPR and other data privacy laws enacted worldwide, and it is clear that data privacy has become incredibly important within cybersecurity. And that includes within the DevSecOps process.

It’s been enough of a challenge to integrate security into the DevOps process at all, even though it is now recognized that adding security early in the SDLC can eliminate issues further along in app development and deployment. But adding data privacy? Is it really necessary? Yes, it is necessary, said Casey Bisson, head of product growth at BluBracket, in email commentary. Applications now include more and more personal data that needs protection, such as apps that rely on medical PII. Those apps must have security and privacy baked into each phase of the SLDC via DevSecOps.

“There have been far too many examples of leaks of PII within code, for instance, because many companies don’t secure their Git repositories,” said Bisson. “As more sensitive information has made its way into code, it’s natural that hackers will target code. True DevSecOps will bake privacy concerns into every stage and will make these checks automated.”

Data in the Test Process

In DevSecOps, applications are developed often by using test data. “If that data is not properly sanitized, it can be lost,” said John Bambenek, principal threat hunter at Netenrich, in an email interview. “There is also the special case of secrets management and ensuring that development processes properly secure and don’t accidentally disclose those secrets. The speed of development nowadays means that special controls need to be in place to ensure production data isn’t compromised from agile development.” Beyond test data, real consumer data has to be considered. Ultimately, every organization has information they need to protect so it’s important to focus on data privacy early in development so the team working on the platform can build the controls necessary into the platform to support the privacy requirements the data has, explained Shawn Smith, director of infrastructure at nVisium, via email. “The longer you wait to define the data relationships, the harder it is to ensure proper controls are developed to support them.”

Bringing Privacy into DevSecOps

Putting a greater emphasis on privacy within DevSecOps requires two things—data privacy protocols already in place within the organization and a strong commitment to the integration of cybersecurity with data privacy. “An organization needs to start with a strong privacy program and an executive in charge of its implementation,” said Bambenek. “Especially if the data involves private information from consumers, a data protection expect should be embedded in the development process to ensure that data is used safely and that the entire development pipeline is informed with strong privacy principles.” The DevSecOps team and leadership should have a strong understanding of the privacy laws and regulations—both set by overarching government rules and by industry requirements. Knowing the compliance requirements that must be met offers a baseline to measure how data must be handled throughout the entire app development process, Smith pointed out, adding that once you have the base to build upon, the controls and steps to actually achieve the privacy levels you want will fall into place pretty easily. Finally, Bisson advised DevSecOps professionals to shift security left and empower developers to prevent any credentials or PII from being inadvertently accessible through their code before it makes it to the cloud. “DevSecOps teams should scan code both within company repositories and outside in public repos; on GitHub, for instance. It’s so easy to clone code that these details and secrets can easily be leaked,” said Bisson.

Consumers don’t understand how or where in the development process security is added, and it’s not entirely necessary for them to understand how the sausage is made. The most important concern for them is that their sensitive data is protected at all times. For that to happen most efficiently, data privacy has to be an integral part of DevSecOps.

Understanding Privacy and Data Protection: What You Need to Know

#DevSecOps: A leader’s guide to producing secure software without compromising flow, feedback and continuous improvement

Tags: DevSecOps

Feb 09 2022

Master decryption keys for Maze, Egregor, and Sekhmet ransomware leaked online

Category: Information Security,RansomwareDISC @ 10:19 am
Master decryption keys for Maze, Egregor, and Sekhmet ransomware leaked online

The master decryption keys for the Maze, Egregor, and Sekhmet ransomware families were released on the BleepingComputer forums by the alleged malware developer.

The Maze group was considered one of the most prominent ransomware operations since it began operating in May 2019. The gang was the first to introduce a double-extortion model in the cybercrime landscape at the end of 2019. At the end of 2019, the Maze ransomware implemented data harvesting capabilities and started threatening the victims to release the stolen data for all those victims who refuse to pay the ransom.

In November 2020, the Maze ransomware operators announced that they have officially shut down their operations and denied the creation of a cartel.

Maze operation then rebranded in September as Egregor, but on February 2021 several members of the Egregor group were arrested in Ukraine.

The Sekhmet operation was launched in March 2020 and it has some similarities with the above ransomware operations.

While TTP’s of Egregor operators are almost identical to that of ProLock, the analysis of Egregor ransomware sample obtained during an incident response conducted by Group-IB revealed that the executable code of Egregor is very similar to Sekhmet. The two strains share some core features, use similar obfuscation technique. Egregor source code bears similarities with Maze ransomware as well.

Now the decryption keys for these operations have now been leaked in the BleepingComputer forums. The keys were shared by a user named ‘Topleak’ who claims to be the developer for all three operations.

“Hello, It’s developer. It was decided to release keys to the public for Egregor, Maze, Sekhmet ransomware families. also there is a little bit harmless source code of polymorphic x86/x64 modular EPO file infector m0yv detected in the wild as Win64/Expiro virus, but it is not expiro actually, but AV engines detect it like this, so no single thing in common with gazavat.” the user wrote on the forum.

“Each archive with keys have corresponding keys inside the numeric folders which equal to advert id in the config. In the “OLD” folder of maze leak is keys for it’s old version with e-mail based. Consider to make decryptor first for this one, because there were too many regular PC users for this version. Enjoy!”

TopLeak user pointed out that it is a planned leak, and is not linked to recent arrests and takedowns conducted by law enforcement. The alleged ransomware developer added that none of the ransomware gang will ever return in ransomware operation and that the source code of tools ever made is wiped out.

In one of the archives leaked by the user there is the source code for a malware dubbed ‘M0yv’ that was part of the gang’s arsenal.

Maze ransomware leak

Source Bleeping Computer

The popular malware researchers Michael Gillespie and Fabian Wosar confirmed to BleepingComputer that they are decryption keys are legitimate and allow to decrypt files encrypted by the three ransomware families for free.

Emsisoft has released a decryptor a free decryption tool for the Maze, Egregor, and Sekhmet ransomware

Ransomware Protection Playbook

Tags: Master decryption keys

Feb 08 2022

3 key elements of a strong cybersecurity program

Category: cyber security,Information Security,Security programDISC @ 10:04 am
3 key elements of a strong cybersecurity program

The world relies on technology. So, a strong cybersecurity program is more important than ever. The challenge of achieving good cyber hygiene can be especially acute for small- and medium-sized businesses. This is particularly true for those with fully remote or hybrid work environments. Add to the mix limited resources and limited talent focused on cybersecurity, and the challenges can seem overwhelming.

Considering this, we’ve simplified things down to three key elements of a strong cybersecurity program. You need to know how to assess, remediate, and implement security best practices at scale. In more detail, this means:

  • Assessing your organization’s current cybersecurity program and its prioritization
  • Remediating endpoints at scale, bringing them into compliance with security best practices
  • Implementing cybersecurity policies and monitoring them to stay in compliance

1. Assess your organization’s current cybersecurity program

Taking the first step toward better cyber hygiene means understanding where your organization stands today. Conduct an honest assessment of your strengths and weaknesses in order to prioritize where to focus your efforts for your cybersecurity program. The challenge here is finding the right bar to measure yourself against. There are several frameworks that will do the job. Thus, it can be daunting to figure out which one is the right fit, especially if this is the first time you’re doing an assessment. Starting with the CIS Controls and CIS Benchmarks can help take the guesswork out of your assessment and provide peace of mind that you’re covering all of your bases.

Here’s what makes these two sets of best practices especially useful:

  • They tell you the “what” and the “how”: Many frameworks tell you what you should do, but not how to do it. CIS best practices give you both.
  • They are comprehensive and consensus-based: CIS best practices are developed in collaboration with a global community of cybersecurity experts. They’re also data-driven as explained in the CIS Community Defense Model.
  • They are mapped to other industry regulatory frameworks: CIS best practices have been mapped or referenced by several other industry regulatory requirements, including: NIST, FINRA, PCI DSS, FedRAMP, DISA STIGs, and many others. This means you can get the proverbial “two birds with one stone” by assessing against CIS best practices.

The CIS Controls are a prioritized and prescriptive set of safeguards that mitigate the most common cyber-attacks against systems and networks. The CIS Benchmarks are more than 100 configuration guidelines across 25+ vendor product families to safeguard systems against today’s evolving cyber threats. Both are available as free PDF downloads to help you get started.

2. Remediate endpoints at scale with CIS Build Kits

One of the challenges in applying any best practice framework is dedicating the time and resources to do the work. Luckily, CIS offers tools and resources to help automate and track the assessment process. The CIS Controls Self Assessment Tool (CIS CSAT) helps organizations assess the implementation of the CIS Controls. Additionally, the CIS Configuration Assessment Tool (CIS-CAT Pro Assessor) scans target systems for conformance to the CIS Benchmarks. CIS-CAT Pro Assessor allows you to move more quickly toward analyzing results and setting a strategy to remediate your gaps.

CIS resources and tools are designed to help you move toward compliance with best practices by remediating the gaps. Once you understand where your gaps are and how to fix them, you can use CIS Build Kits to achieve compliance at scale. CIS Build Kits are automated, efficient, repeatable, and scalable resources for rapid implementation of CIS Benchmark recommendations. You can apply them via the group policy management console in Windows, or through a shell script in Linux (Unix,*nix) environments.

Interested in trying out a Build Kit? CIS offers sample Build Kits that contain a subset of the recommendations within the CIS Benchmark. They provide you a snapshot of what to expect with the full CIS Build Kit.

3. Implement cybersecurity policies and monitor for compliance

Lastly, creating strong policies and monitoring conformance helps ensure that an organization is working toward a more robust cybersecurity program. Regularly monitoring conformance over time is critical. It helps you avoid configuration drift, and helps identify any new issues quickly. CIS tools can help monitor conformance and identify gaps.

CIS-CAT Pro Dashboard provides an easy-to-use graphical user interface for viewing CIS Benchmark conformance assessment results over time. Similarly, CIS CSAT Pro enables an organization to monitor implementation of the CIS Controls over time.

A strong cybersecurity program with CIS SecureSuite Membership

Any organization can start improving its cyber hygiene by downloading CIS’s free best practices, like the PDF versions of the CIS Benchmarks. But it’s important to know that you don’t have to go it alone. A cost-effective CIS SecureSuite Membership can be both a solution to your immediate security needs, as well as a long-term resource to help optimize your organization’s cybersecurity program.

You’ll get access to:

  • CIS-CAT Pro Assessor and Dashboard
  • CIS CSAT Pro
  • CIS Build Kits
  • CIS Benchmarks in various formats (Microsoft Word, Microsoft Excel, XCCDF, OVAL, XML) and more

Get the most out of CIS best practices for your cybersecurity program by signing up for a cost-effective CIS SecureSuite Membership.

Learn more about CIS SecureSuite

Building an Effective Cybersecurity Program

Information Security Governance: Framework and Toolset for CISOs and Decision Makers

Tags: strong cybersecurity program

Feb 07 2022

Critical Infrastructure Attacks Spur Cybersecurity Investment

Category: cyber security,Cyber Strategy,OT/ICS,Selling cyber securityDISC @ 12:40 pm
Critical Infrastructure Attacks Spur Cybersecurity Investment

The attacks on critical industrial systems such as Colonial Pipeline last year pushed industrial cybersecurity to center stage. And with the threat of war between Russia and Ukraine, experts warned nations that a global flare-up of cybersecurity attacks on critical infrastructure could be looming. In late January, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) put critical infrastructure organizations on notice: Take “urgent, near-term steps” to mitigate the risk of digital attacks. The alert cited tension in eastern Europe as the catalyst for possible attacks against U.S. digital assets.

Critical Infrastructure Under Attack

Unfortunately, critical systems have long been under significant attack. In fact, an overwhelming 80% of critical infrastructure organizations experienced ransomware attacks last year, according to a survey released today by PollFish on behalf of cyber-physical systems security provider Claroty. The survey, completed in September 2021, gathered responses from full-time information technology and operational technology (OT) security professionals in the United States (500 professionals), Europe (300) and Asia-Pacific (300). The industries surveyed include IT hardware, oil and gas (including pipelines), consumer products, electric energy, pharmaceutical/life sciences/medical devices, transportation, agriculture/food and beverage, heavy industry, water and waste and automotive.

Globally, 80% of respondents reported experiencing an attack and 47% of respondents said the attack impacted their operational technology and industrial control systems environment. A full 90% of respondents that reported their attacks to authorities or shareholders said the impact of those attacks was substantial in 49% of cases.

Attacking Digital Transformation

Cybersecurity Investments

Effectiveness of National Cyber Policy to Strengthen the Security and Resilience of Critical Infrastructure Against Cyber Attacks

Tags: Critical Infrastructure Attacks

Feb 07 2022

Hackers breached a server of National Games of China days before the event

Category: Security BreachDISC @ 10:25 am
Hackers breached a server of National Games of China days before the event

Researchers at cybersecurity firm Avast discovered that a Chinese-language-speaking threat actor has compromised systems at National Games of China in 2021. The event took place on September 15, 2021 in Shaanxi (China), it is a national version of the Olympics with only local athletes.

The attackers breached a web server on September 3rd and deployed multiple reverse web shells to establish a permanent foothold in the target network.

Experts noticed that the threat actors started a reconnaissance phase in August, they have done some tests to determine which type of file was possible to upload to the server. In order to perform the tests, attackers seem to have exploited a vulnerability in the webserver.

The attackers tried submitting files with different file-types and also file extensions, such as a legitimate image with different file extensions: ico, lua, js, luac, txt, html and rar.

“After gaining knowledge on blocked and allowed file types, they tried to submit executable code. Of course, they started submitting PoCs instead of directly executing a webshell because submitting PoCs is more stealthy and also allows one to gain knowledge on what the malicious code is allowed to do.” reported Avast. “For instance, one of the files uploaded was this Lua script camouflaged as an image (20210903-160250-168571-ab1c20.jpg)”

The attackers reconfigured the web server by uploading a configuration file, camouflaged as a PNG file, that allowed the execution of lua scripts. Experts found evidence that the server was configured to execute new threads in a thread pool which didn’t work for Rebeyond Behinder webshell. Then, as a final payload, the attackers uploaded and ran an entire Tomcat server properly configured and weaponized with Rebeyond Behinder.

After gaining access to the server, the attackers tried to perform lateral movements by brute-forcing services and using exploits in an automated way. Attackers were able to upload some tools (dnscrypt-proxyfscanmssql-command-toolbehinder) to the server and execute a network scanner (fscan) and a custom one-click exploitation framework written in Go and distributed as a single binary.

“The procedure followed by the attackers hacking the 14th National Games of China is not new at all. They gained access to the system by exploiting a vulnerability in the web server. This shows the need for updating software, configuring it properly and also being aware of possible new vulnerabilities in applications by using vulnerability scanners.” concludes the report. “The most fundamental security countermeasure for defenders consists in keeping the infrastructure up-to-date in terms of patching. Especially for the Internet facing infrastructure.”

Avast reported that the security breach appears to have been resolved before the beginning of the games, however, the experts were not able to determine the type of information exfiltrated by the threat actor.

Penetration Testing – Post Exploitation

Tags: Big Breaches, Hackers breached, National Games of China, Pen testing

Feb 04 2022

Microsoft blocked tens of billions of brute-force and phishing attacks in 2021

Category: PhishingDISC @ 12:31 pm
Microsoft blocked tens of billions of brute-force and phishing attacks in 2021

Office 365 and Azure Active Directory (Azure AD) customers were the targets of billions of brute-force and phishing attacks last year.

Microsoft revealed that Office 365 and Azure Active Directory (Azure AD) customers were the targets of billions of phishing emails and brute force attacks last year.

The IT giant added has blocked more than 25.6 billion Azure AD brute force authentication attacks and detected 35.7 billion phishing emails with Microsoft Defender for Office 365 in 2021.

Enabling multi-factor authentication (MFA) and passwordless authentication would allow customers to protect their accounts from brute force attacks. However, only 22 percent of customers using Microsoft Azure Active Directory (Azure AD), Microsoft’s Cloud Identity Solution, have implemented a strong identity authentication protection as of December 2021. 

“MFA and passwordless solutions can go a long way in preventing a variety of threats and we’re committed to educating customers on solutions such as these to better protect themselves. From January 2021 through December 2021, we’ve blocked more than 25.6 billion Azure AD brute force authentication attacks and intercepted 35.7 billion phishing emails with Microsoft Defender for Office 365.” states Microsoft.

Microsoft added that its Defender for Endpoint blocked more than 9.6 billion malware threats
targeting enterprise and consumer customer devices, between January and December 2021.

Microsoft pointed out that online threats are increasing in volume, velocity, and level of sophistication. The company introduced Cyber Signals, a cyber threat intelligence brief informed by the latest Microsoft threat data and research.

Cyber Signals provide trend analysis and practical guidance to strengthen the defense of its customers. 

“With Cyber Signals, we’ll share trends, tactics, and strategies threat actors use to gain access to the hardware and software that houses one’s most sensitive data. We will also help inform the world on how, collectively, we can protect our most precious digital resources and our digital lives so we can build a safer world together.” concludes Microsoft.

Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails 

IBM Cybersecurity Fundamentals Professional Certificate

Tags: brute-force, phishing attacks

Feb 04 2022

What Is Information Risk Management? Definition & Explanation

Category: Information Security,Security Risk AssessmentDISC @ 12:54 am

Information risk management is the process of identifying the ways an organisation can be affected by a disruptive incident and how it can limit the damage.

It encompasses any scenario in which the confidentiality, integrity and availability of data is compromised.

As such, it’s not just cyber attacks that you should be worried about. Information risk management also includes threats within your organisation – such as negligent or malicious employees – as well as residual risks.

For example, the framework can help you address misconfigured databases, software vulnerabilities and poor security practices at third parties.

In this blog, we take a closer look at the way information risk management works and how organisations can use its guidance to bolster their security defences.

Why is information risk management important?

In the face of ever-growing cyber threats, it can be difficult for an organisation to protect its information assets.

Last year, the World Economic Forum listed cyber crime alongside COVID-19, climate change and the debt crisis as the biggest threats facing society in the next decade. It’s clear, then, that organisations need a plan for identifying and addressing security risks.

With an information risk management system, organisations gain a better understanding of where their information assets are, how to protect them and how to respond when a breach occurs.

One way it does this is by forcing organisations to not only identify but also assess their risks. This ensures that organisations prioritise scenarios that are most likely to occur or that will cause the most damage, enabling them to make informed decisions in line with their security budget.

How risk management works

To understand how risk management programmes work, we need to take a closer look at what ‘risk’ actually is.

In an information security context, risk can be defined as the combination of a vulnerability and a threat.

As we’ve previous discussed, a vulnerability is a known flaw that can be exploited to compromise sensitive information.

These are often related to software flaws and the ways that criminal hackers can exploit them to perform tasks that they weren’t intended for.

They can also include physical vulnerabilities, such as inherent human weaknesses, such as our susceptibility to phishing scams or the likelihood that we’ll misplace a sensitive file.

This is different from a threat, which is defined as the actions that result in information being compromised.

So, to use the examples above, threats include a criminal hacker exploiting a software flaw or duping an employee with a bogus email.

When a threat meets a vulnerability, you get a risk. In the case of the criminal hacker phishing an employee, the risk is that the attacker will gain access to the employee’s work account and steal sensitive information. This can result in financial losses, loss of privacy, reputational damage and regulatory action.

A risk management system helps organisations identify the ways in which vulnerabilities, threats and risks intertwine. More importantly, it gives organisations the ability to determine which risks must be prioritised and identify which controls are best equipped to mitigate the risk.

Start protecting your business

At the heart of risk management is the risk assessment. This is the process where threats and vulnerabilities are identified. Organisations can use the result of the assessment to plan their next moves.

This process can be labour-intensive, but you can simplify the task with our risk assessment tool vsRisk.

With vsRisk, you’ll receive simple tools that are specifically designed to tackle each part of the risk assessment.

This software package is:

  • Easy to use. The process is as simple as selecting some options and clicking a few buttons.
  • Able to generate audit reports. Documents such as the Statement of Applicability and risk treatment plan can be exported, edited and shared across the business and with auditors.
  • Geared for repeatability. The assessment process is delivered consistently year after year (or whenever circumstances change).
  • Streamlined and accurate. Drastically reduces the chance of human error.

Risk Management Training

Tags: information risk management, Risk Assessment, Risk management, risk management training

Feb 03 2022

Fake Cash Scams Thrive on Facebook and Insta—FTC

Category: Cyber crime,Cyber sanctions,CybercrimeDISC @ 10:01 am
Fake Cash Scams Thrive on Facebook and Insta—FTC

Cryptocurrency scammers love social media—especially Meta’s platforms. The Federal Trade Commission says hundreds of millions of dollars were scammed from U.S. consumers in 2021 (and that’s just the scams the FTC knows about).

And the problem’s growing incredibly fast—with no hint of a fix in sight. Meta claims to be “tackling” it, but we’ve probably all experienced scam reports to Facebook and Instagram being ignored or closed with no action. But why expect anything different? Meta makes money from all the scam ads and “engagement.”

Of course, some say all cryptocurrencies, NFTs and DeFi are scams. In today’s SB Blogwatch, we couldn’t possibly comment.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Nothingverse.

Imaginary Money Enriches Zuckerberg

What’s the craic? Sarah Perez reports—“US consumers lost $770 million in social media scams in 2021, up 18x from 2017”:

“A large majority 
 involve cryptocurrency”
A growing number of U.S. consumers are getting scammed on social media. 
 That number has also increased 18 times 
 the FTC said, as new types of scams involving cryptocurrency and online shopping became more popular. This has also led to many younger consumers getting scammed.


Facebook and Instagram were where most of these social media scams took place. 
 More than half (54%) of the investment scams in 2021 began with social media platforms, where scammers would promote bogus investment opportunities or connect with people directly to encourage them to invest. 
 A large majority of the investment scams now involve cryptocurrency.

Why does it matter? Sara Fischer and Margaret Harding McGill tells us—“Crypto leads to massive surge in online scams”:

“Bogus investment sites”
Cryptocurrency is an easy target because while it’s surging in popularity, there’s still a lot of confusion about how it works. 
 One type of crypto scam reported to the agency involves someone bragging about their own success to drive people to bogus investment sites.


“We put significant resources towards tackling this kind of fraud and abuse,” said a spokesperson for 
 Meta. “We also go beyond suspending and deleting accounts, Pages, and ads. We take legal action against those responsible when we can and always encourage people to report this behavior when they see it.”

Horse’s mouth? Here’s the FTC’s Emma Fletcher—“Social media a gold mine for scammers”:

“Urgent need for money”
Social media is also increasingly where scammers go to con us. More than one in four people who reported losing money to fraud in 2021 said it started on social media with an ad, a post, or a message.


For scammers, there’s a lot to like about social media. It’s a low-cost way to reach billions of people. [It] is a tool for scammers in investment scams, particularly those involving bogus cryptocurrency investments — an area that has seen a massive surge. 
 People send money, often cryptocurrency, on promises of huge returns, but end up empty handed.


If you get a message from a friend about an opportunity or an urgent need for money, call them. Their account may have been hacked – especially if they ask you to pay by cryptocurrency, gift card, or wire transfer. 
 To learn more about how to spot, avoid, and report scams—and how to recover money if you’ve paid a scammer—visit ftc.gov/scams.

Who would fall for such scams? King_TJ hates to admit it:

“Facebook is complicit”
Hate to admit it, but I fell for one of these scams on Facebook myself. It was probably about a year ago. I ran across a “seller” in one of the ads that scrolled by on my feed. 
 There were plenty of comments posted ranging from other people interested in one, to claims they got one and liked it.


After a little while 
 the tracking info showed the package as delivered, but I never received anything at all. 
 When I started digging around more on Facebook after that, I realized the scammers 
 were actually running dozens of ads for various products, giving out web URLs that were almost identical except with one letter changed in their name. Reported the original ad 
 to Facebook, but 
 got no response.


That’s when it struck me that Facebook is complicit in all of this, in the sense they make a lot of ad revenue off of these scams. 
 It’s more profitable for them to turn a blind eye and simply take one down when a user complains about it specifically.

Facebook is complicit? Carrie Goldberg—@cagoldberglaw—puts it more bluntly:

Platforms love scams because user engagement is so high from all the accounts they create, posts, and messaging; not to mention the panicked use by victims.

Scam Me If You Can: Simple Strategies to Outsmart Today’s Rip-off Artists

Tags: Fake Cash Scams

Feb 03 2022

Oil terminals in Europe’s biggest ports hit by a cyberattack

Category: Cyber AttackDISC @ 9:41 am
Oil terminals in Europe’s biggest ports hit by a cyberattack

Some of the major oil terminals in Western Europe’s biggest ports have been targeted with a cyberattack.

Threat actors have hit multiple oil facilities in Belgium’s ports, including Antwerp, which is the second biggest port in Europe after Rotterdam.

Among the impacted port infrastructure, there is the Amsterdam-Rotterdam-Antwerp oil trading hub, along with the SEA-Tank Terminal in Antwerp.

“A spokesperson for prosecutors in the northern Belgian city confirmed on Thursday they had begun an investigation earlier this week, but declined to give further details.” reported Reuters agency. “Belgian business daily De Tijd reported that terminal operator Sea-Tank had been hit by a cyber attack last Friday. The company declined to comment.

The AFP agency reported that the attackers have disrupted the unloading of barges in the affected European ports.

“There was a cyber attack at various terminals, quite some terminals are disrupted,” said Jelle Vreeman, senior broker at Riverlake in Rotterdam. “Their software is being hijacked and they can’t process barges. Basically, the operational system is down.”

The attacks were also confirmed by Europol, which is supporting the authorities in Germany, where other ports were hit by the threat actors.

“At this stage the investigation is ongoing and in a sensitive stage,” Europol spokeswoman Claire Georges said.

This week, two oil supply companies in Germany were hit by cyber-attacks that caused severe problems to petrol distribution.

The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics

Tags: cyber attacks, Oil terminals, The Hacker and the State

Feb 02 2022

General Access Control Guidance for Cloud Systems

Category: Access Control,Cloud computingDISC @ 11:42 pm

General-Access-Control-Guidance-for-cloud-system-1Download

Access Control Management in Cloud Environments

Tags: Access Control Management in Cloud Environments, NIST Special Publication 800-210

Feb 02 2022

Image OSINT Tutorial – Exif, Metadata, Reverse Image & Geolocation

Category: OSINT,Security ToolsDISC @ 10:49 pm
Image OSINT Tutorial – Exif, Metadata, Reverse Image & Geolocation

The internet is making the world a much smaller place over the period, allowing millions of users throughout the globe to interact and share digital information, ushering the rest of the world into the ‘digital world.’

Open-source intelligence (OSINT) in the digital world describes all the public data you can access and view.

Images are also incredibly helpful in an OSINT investigation since they can reveal what a target seems like, where the target has been, or any devices that were used.

Researchers can utilize pics to create the intelligence image, discover equipment used to capture photographs, determine where and when photos were taken, and determine if a social media profile relates to a target utilizing search engines and free resources.

This article is a list of tools and tips. It will show you how to look for, obtain, extract, and analyze digital photos.

Table of Contents

Practical Threat Intelligence and Data-Driven Threat Hunting: A hands-on guide to threat hunting with the ATT&CK™ Framework and open source tools

Tags: Open-source intelligence, OSINT

Feb 02 2022

10 Steps to Cyber Security

Category: Cyber resilience,cyber securityDISC @ 4:34 pm

10-Steps-to-Cyber-Security-2-1Download

8 Steps to Better Security: A Simple Cyber Resilience Guide for Business

Harden your business against internal and external cybersecurity threats with a single accessible resource. 

In 8 Steps to Better Security: A Simple Cyber Resilience Guide for Business, cybersecurity researcher and writer Kim Crawley delivers a grounded and practical roadmap to cyber resilience in any organization. Offering you the lessons she learned while working for major tech companies like Sophos, AT&T, BlackBerry Cylance, Tripwire, and Venafi, Crawley condenses the essence of business cybersecurity into eight steps.  

Tags: Cyber Resilience, Steps to Cyber Security

Feb 02 2022

Massive social engineering waves have impacted banks in several countries

Category: social engineeringDISC @ 9:39 am
Massive social engineering waves have impacted banks in several countries

A massive social engineering campaign targeting banks has been delivered in the last two years in several countries.

A massive social engineering campaign has been delivered in the last two years in several countries, including Portugal, Spain, Brazil, Mexico, Chile, the UK, and France. According to Segurança Informática publication, the malicious waves have impacted banking organizations with the goal of stealing the users’ secrets, accessing the home banking portals, and also controlling all the operations on the fly via Command and Control (C2) servers geolocated in Brazil.

In short, criminal groups are targeting victims’ from different countries to collect their homebanking secrets and payment cards. The campaigns are carried out by using social engineering schemas, namely smishing, and spear-phishing through fake emails.

Criminals obtain lists of valid and tested phone numbers and emails from other malicious groups, and the process is performed on underground forums, Telegram channels or Discord chats.

social engineering

The spear-phishing campaigns try to lure victims with fake emails that impersonate the banking institutions. The emails are extremely similar to the originals, exception their content, mainly related to debts or lack of payments.

According to the analysis, the malicious campaign consists of a redirector system, capable of performing an initial screening to verify that the users’ requests are valid and expected. The system is equipped with a blacklisting mechanism and a logging feature that notifies criminals of new infections.

When the victim matches all the rules, several pathways are possible, with different landing-pages. Some of them only collect raw data, including the homebanking credentials, SMS tokens and bank codes. On the other hand, a well-structured C2 server can be used to orchestrate all the processes in real-time, simulating a flow extremely similar to the legitimate service.

As phishing and malware campaigns make headlines every day, monitoring these types of behaviors and IoCs is crucial to fighting this emerging segment, which  has grown in both volume and sophistication.

Additional details about the investigation can be found here:

Social Engineering: The Science of Human Hacking

Tags: social engineering, Social Engineering: The Science of Human Hacking

Feb 01 2022

Cybersecurity staff turnover and burnout: How worried should organizations be?

Category: Information SecurityDISC @ 10:13 am
Cybersecurity staff turnover and burnout: How worried should organizations be?

The heightened risk of cyberattacks on businesses is being compounded by significant recruitment and retention issues within cybersecurity teams, making businesses more vulnerable to potential attacks, according to a research from ThreatConnect.

cybersecurity teams retention issues

With the number of data breaches in 2021 soaring past that of 2020, there is added pressure on cybersecurity teams to keep businesses secure. The research has found a concerning level of staff turnover, skills shortages, burnout, and low staff morale, pointing towards depleted reserves trying to manage the growing risk.

Cybersecurity teams recruitment and retention issues

  • Senior decision-makers across the US report an average security staff turnover rate of 20%.
  • 64% of senior decision-makers have seen a rise in turnover over the past year.
  • 43% of US respondents attribute a lack of skills as the biggest barrier for recruitment.
  • 1 in 5 US respondents are considering quitting their jobs in the next six months.
  • 57% of US respondents have experienced an increase in stress over the past six months.

The COVID-19 pandemic has created what many are calling the Great Resignation, which has affected all industries for the past two years. Employees, specifically those in the security industry, are now being expected to do more with less.

Cybercrime has increased significantly over the past year, making digital protection for businesses both more important and more difficult to achieve. Companies cannot afford to lose any security team members with cybercrime increasing so rapidly.

“In today’s digital ecosystem it is crucial that security employees receive adequate training, support, and resources needed to work efficiently in their jobs,” said Adam Vincent, CEO of ThreatConnect. “As employee turnover increases in this sector, it creates a vicious cycle that impacts a company’s performance and ability to mitigate cyber risks.”

“This makes it even more difficult for security teams to fulfill the company’s needs. Organizations must look at these numbers and recognize that there is more that can be done to protect their employees and in turn, the welfare of their company.”

Cybersecurity Career Master Plan

Breaking Out of Burnout

Tags: Breaking Out of Burnout, Cybersecurity Career, Cybersecurity jobs, Cybersecurity staff

Feb 01 2022

CISA adds 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog

Category: Security vulnerabilitiesDISC @ 9:57 am
CISA adds 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog

The US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to the Known Exploited Vulnerabilities Catalog.

The ‘Known Exploited Vulnerabilities Catalog‘ is a list of known vulnerabilities that threat actors have abused in attacks and that are required to be addressed by Federal Civilian Executive Branch (FCEB) agencies.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the Known Exploited Vulnerabilities Catalog and address the vulnerabilities in their infrastructure.

Below is the list of the new entries in the catalog:

CVE IDDescriptionPatch Deadline
CVE-2022-22587Apple IOMobileFrameBuffer Memory Corruption Vulnerability2/11/2022
CVE-2021-20038SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability2/11/2022
CVE-2014-7169GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability7/28/2022
CVE-2014-6271GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability7/28/2022
CVE-2020-0787Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability7/28/2022
CVE-2014-1776Microsoft Internet Explorer Use-After-Free Vulnerability7/28/2022
CVE-2020-5722Grandstream Networks UCM6200 Series SQL Injection Vulnerability7/28/2022
CVE-2017-5689Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability7/28/2022

“CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below.” reads the announcement published by CISA. “These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.”

With the addition of these eight vulnerabilities, the number of flaws in the CISA’s Known Exploited Vulnerabilities Catalog reached 351.

Among the recent entries, there is the CVE-2022-22587 memory corruption issue that resides in the IOMobileFrameBuffer and affects iOS, iPadOS, and macOS Monterey. The exploitation of this flaw leads to arbitrary code execution with kernel privileges on compromised devices.

A few days ago, Apple has released security updates to address a couple of zero-day vulnerabilities, one of them being actively exploited in the wild by threat actors to compromise iPhone and Mac devices.

CISA is ordering federal agencies to address the CVE-2022-22587 flaw by February 11, 2022, along with the CVE-2021-20038vulnerability in SonicWall SMA 100 Appliances.

The vulnerability is an unauthenticated stack-based buffer overflow that was reported by Jacob Baines, lead security researcher at Rapid7. The 

CVE-2021-20038
 vulnerability impacts SMA 100 series appliances (including SMA 200, 210, 400, 410, and 500v) even when the web application firewall (WAF) is enabled.

A remote attacker can exploit the vulnerability to execute arbitrary code as the ‘nobody’ user in compromised SonicWall appliances.

CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY: Actions Needed to Ensure Organizational Changes Result in More Effective Cybersecurity for Our Nation.

CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY: Actions Needed to Ensure Organizational Changes Result in More Effective Cybersecurity for Our Nation by [United States Government Accountability Office]

Tags: CISA, Exploited Vulnerabilities

Jan 31 2022

Expert earned $100,500 bounty to hack Apple MacBook webcam and microphone

Category: Bug BountyDISC @ 10:26 am
Expert earned $100,500 bounty to hack Apple MacBook webcam and microphone

Apple last year addressed multiple macOS vulnerabilities discovered by the security researcher Ryan Pickren in the Safari browser that could allow threat actors to access users’ online accounts, microphone, and webcam.

Pickren received a total of $100,500 payouts for these issues as part of Apple’s bug bounty program.

The security researcher chained the vulnerabilities in iCloud Sharing and Safari 15 to gain unauthorized camera access. An attacker can trick victims into clicking “open” on a popup from my website in order to hijack multimedia permissions and gain full access to every website ever visited by the victim.

The expert pointed out that an attacker could exploit this attack chain to turn the user’s camera, and also to hack their iCloud, PayPal, Facebook, Gmail, and other accounts.

“My hack successfully gained unauthorized camera access by exploiting a series of issues with iCloud Sharing and Safari 15. While this bug does require the victim to click “open” on a popup from my website, it results in more than just multimedia permission hijacking. This time, the bug gives the attacker full access to every website ever visited by the victim. That means in addition to turning on your camera, my bug can also hack your iCloud, PayPal, Facebook, Gmail, etc. accounts too.” reads the post published by the expert. “This research resulted in 4 0day bugs (

CVE-2021-30861
, 
CVE-2021-30975
, and two without CVEs), 2 of which were used in the camera hack. I reported this chain to Apple and was awarded $100,500 as a bounty.”

The bugs reside in the iCloud file-sharing mechanism named ShareBear. The iCloud Sharing Application ShareBear prompts users only upon attempting to open a shared document for the first time. Successive actions will no more display the prompt again once the users have accepted to open the file. Pickren successfully exploited this behavior by altering the file’s content and file extension after user agree to open it.

The CVE-2021-30861 is a logic issue in WebKit that could allow a malicious application to bypass Gatekeeper checks. The flaw was reported by Wojciech ReguƂa (@_r3ggi) and Ryan Pickren (ryanpickren.com). The second bug, tracked as CVE-2021-30975, resides in the Script Editor and could allow a malicious OSAX scripting addition to bypass Gatekeeper checks and circumvent sandbox restrictions.

“Once the user clicks Open, the file is downloaded onto the victim’s machine at the location /Users/<user>/Library/Mobile Documents/com~apple~CloudDocs then automatically opened via Launch Services. Then the user will never see this prompt again. From that point forward, ShareBear (and thus any website in Safari) will have the ability to automatically launch this file.” continues the post.”The truly problematic part of this agreement is that the file can be changed by anybody with write access to it. For example, the owner of the file could change the entire byte content and file extension after you agree to open it. ShareBear will then download and update the file on the victim’s machine without any user interaction or notification.”

A bug bounty hunting journey

Tags: A bug bounty hunting journey, MacBook

Jan 29 2022

The Battle for the World’s Most Powerful Cyberweapon

Category: Cyberweapon,SpywareDISC @ 11:49 am

A Times investigation reveals how Israel reaped diplomatic gains around the world from NSO’s Pegasus spyware — a tool America itself purchased but is now trying to ban.

In June 2019, three Israeli computer engineers arrived at a New Jersey building used by the F.B.I. They unpacked dozens of computer servers, arranging them on tall racks in an isolated room. As they set up the equipment, the engineers made a series of calls to their bosses in Herzliya, a Tel Aviv suburb, at the headquarters for NSO Group, the world’s most notorious maker of spyware. Then, with their equipment in place, they began testing.

The F.B.I. had bought a version of Pegasus, NSO’s premier spying tool. For nearly a decade, the Israeli firm had been selling its surveillance software on a subscription basis to law-enforcement and intelligence agencies around the world, promising that it could do what no one else — not a private company, not even a state intelligence service — could do: consistently and reliably crack the encrypted communications of any iPhone or Android smartphone.

Since NSO had introduced Pegasus to the global market in 2011, it had helped Mexican authorities capture Joaquín Guzmán Loera, the drug lord known as El Chapo. European investigators have quietly used Pegasus to thwart terrorist plots, fight organized crime and, in one case, take down a global child-abuse ring, identifying dozens of suspects in more than 40 countries. In a broader sense, NSO’s products seemed to solve one of the biggest problems facing law-enforcement and intelligence agencies in the 21st century: that criminals and terrorists had better technology for encrypting their communications than investigators had to decrypt them. The criminal world had gone dark even as it was increasingly going global.

But by the time the company’s engineers walked through the door of the New Jersey facility in 2019, the many abuses of Pegasus had also been well documented. Mexico deployed the software not just against gangsters but also against journalists and political dissidents. The United Arab Emirates used the software to hack the phone of a civil rights activist whom the government threw in jail. Saudi Arabia used it against women’s rights activists and, according to a lawsuit filed by a Saudi dissident, to spy on communications with Jamal Khashoggi, a columnist for The Washington Post, whom Saudi operatives killed and dismembered in Istanbul in 2018.

The Battle for the World’s Most Powerful Cyberweapon

The World’s Most Terrifying Spyware

Pegasus Spyware – ‘A Privacy Killer’

Finland says it found NSO’s Pegasus spyware on diplomats’ phones

Tags: cyberweapons, diplomats’ phones, Finland, NSO, NSO Group, Pegasus spyware, Pegasus Spyware - 'A Privacy Killer'

Jan 28 2022

Deadbolt ransomware hits more than 3,600 QNAP NAS devices

Category: Information Security,RansomwareDISC @ 3:41 pm
Deadbolt ransomware hits more than 3,600 QNAP NAS devices

More than 3,600 network-attached storage (NAS) devices from Taiwanese company QNAP have been infected and had their data encrypted by a new strain of ransomware named Deadbolt.

Devices attacked by the Deadbolt gang are easy to recognize because the login screen is typically replaced with a ransom note, and local files are encrypted and renamed with a .deadbolt extension.

The threat actor behind the attacks is extorting not only the owners of the NAS devices but also the QNAP company itself.

According to a copy of the ransom note, device owners are told to pay 0.03 Bitcoin ($1,100) to receive a decryption key to unlock their files, while in an second note, the hackers demand 5 Bitcoin ($1.86 million) from QNAP to reveal details about the supposed zero-day vulnerability they have been using to attack its users, and another 50 Bitcoin ($18.6 million) to release a master decryption key that unlock all of the victims’ files.

For its part, QNAP was quick to formally acknowledge the attacks in a blog post on Wednesday, hours after hundreds of users started flocking to its support forum to report finding their files encrypted.

In the first days following the attack, the company has been telling users to disconnect devices from the internet and, if not possible, at least disable features such as port forwarding and UPnP on their routers, to prevent attackers from connecting to the NAS systems.

https://

therecord.media
/deadbolt-ransomware-hits-more-than-3600-qnap-nas-devices/

Ransomware Protection Playbook

Tags: Deadbolt ransomware, QNAP NAS, Ransomware Protection Playbook

Jan 28 2022

Finnish diplomats’ devices infected with Pegasus spyware

Category: Cyber Spy,SpywareDISC @ 10:25 am
Finnish diplomats’ devices infected with Pegasus spyware

Finland Ministry for Foreign Affairs revealed that devices of Finnish diplomats have been infected with NSO Group’s Pegasus spyware.

Finland’s Ministry for Foreign Affairs revealed that the devices of some Finnish diplomats have been compromised with the infamous NSO Group’s Pegasus spyware.

The diplomats were targeted with the popular surveillance software as part of a cyber-espionage campaign.

“Finnish diplomats have been targets of cyber espionage by means of the Pegasus spyware, developed by NSO Group Technologies, which has received wide publicity. The highly sophisticated malware has infected users’ Apple or Android telephones without their noticing and without any action from the user’s part. Through the spyware, the perpetrators may have been able to harvest data from the device and exploit its features.” reads a statement published by the Ministry.

According to the statement, threat actors have stolen data from the infected devices belonging to employees working in Finnish missions abroad. The attacks were spotted following an investigation that started in the autumn of 2021, anyway, according to the government experts the campaign is no longer active.

The announcement pointed out that the data transmitted or stored on diplomats’ devices are either public or classified at the lowest level of classified information (level 4).

Finland’s Ministry for Foreign Affairs warns that even if the information is not directly classified, the information itself and its source may be subject to diplomatic confidentiality.

“The Ministry for Foreign Affairs is continually monitoring events and activities in its operating environment and assessing related risks. The Ministry for Foreign Affairs monitors its services and strives to prevent harmful activities.  The preparation of and decisions on foreign and security policy, in particular, are matters that attract much interest, which may also manifest itself as unlawful intelligence.” concludes the Ministry. “The Ministry responds to the risk by various means, but complete protection against unlawful intelligence is impossible.”

In December, Apple warned that the mobile devices of at least nine US Department of State employees were compromised with NSO Group ‘s Pegasus spyware.

Tags: Finnish diplomats, Pegasus spyware

« Previous PageNext Page »