Author: esimantiras

What is a cyber attack?

Posted on by esimantiras

What is a cyber attack?

source: businessleader.co.uk  |  Image: Pixabay.com

In this guest article, written exclusively as part of Business Leader’s Cyber Security Month, Bleddyn-Aled Wyke, Cyber Operations Executive at PureCyber, outlines what is a cyber attack.

A cyber-attack can take many forms, though one common thread throughout these is the threat actor. Whether the attack is untargeted, such as a phishing campaign against thousands of users hoping a careless one takes the bait, or more targeted, such as a Denial of Service (DoS) style attack against a company site denying normal users access to its services, there is a human presence behind this somewhere who has pushed the marble.

The National Cyber Security Centre (NCSC) presents a four-stage model mapping out the typical steps and processes carried out by threat actors in the process of an attack: Survey, Delivery, Breach, and Affect.

Firstly, the threat actor would look to survey an organisation’s infrastructure, in a bid to obtain as much information as possible. This could be through more technical means, scanning target networks to gain information about IT systems in place, or more physical methods such as social engineering to gain more private information such as internal processes or procedures.

With the knowledge gained here, the threat actor would look to move onto the delivery stage of the attack, where they attempt to put themselves into a position on a network where they can exploit a vulnerability they believe to exist within a target. An example of this would be gaining the format of a company’s e-mail address (e.g. first initial surname@target.com) and using this to send phishing e-mails containing a malicious file or link to employees, using this to either spread malware or steal credentials. It only takes one user to follow through with the file or link to compromise an organisation’s system.

Upon successful delivery of an exploit, the attacker would attempt to further breach the system. Whether this is via stolen credentials allowing them to achieve access to sensitive user or company information, or via the implementation of malware letting them take control of computers or networks, the attacker can either go straight for their target or can look to gain a more established presence.

They can move to have more of an effect, using their established control to gain access to more privileged systems, allowing them to gain more sensitive information, make changes to their benefit, or disrupt businesses. From here the threat actor will look to either leave, attempting to remove any indications of their presence, or set up a more persistent style threat, leaving a back door for them to come and go as they please.

 

Actively Exploited Microsoft Office Security Flaw Has No Patch But Here’s A Workaround

Posted on by esimantiras

Actively Exploited Microsoft Office Security Flaw Has No Patch But Here’s A Workaround

source: hothardware.com  |  image: microsoft.com

 

Malware and virus threats are practically commonplace, even a daily occurrence for some users these days. Unfortunately for many users in the Microsoft ecosystem, leveraging popular Office applications is a common security attack vector for many of the ne’er-do-wells of the Internet.

In that regard, Microsoft‘s Security Response Center has issued guidance to help add preventative layers to a newly discovered critical vulnerability or error (CVE). Specifically labeled CVE-2022-30190 by Microsoft, the vulnerability does not use the previous vulnerable attack vector of macros. In fact, macros as an attack vector for malware has been mostly patched out in many recent versions of Office applications anyway.
Continue reading “Actively Exploited Microsoft Office Security Flaw Has No Patch But Here’s A Workaround”

Security News This Week: The NSA Swears It Has ‘No Backdoors’ in Next-Gen Encryption

Posted on by esimantiras

Security News This Week: The NSA Swears It Has ‘No Backdoors’ in Next-Gen Encryption

source: wired.com  |  image: nsa.gov

 

 

The US is readying new encryption standards that will be so ironclad that even the nation’s top code-cracking agency says it won’t be able to bypass them.

The National Security Agency has been involved in parts of the process but insists it has no way of bypassing the new standards. 

“There are no backdoors,” said Rob Joyce, the NSA’s director of cybersecurity at the National Security Agency, in an interview. A backdoor enables someone to exploit a deliberate, hidden flaw to break encryption. An encryption algorithm developed by the NSA was dropped as a federal standard in 2014 amid concerns that it contained a backdoor.

The new standards are intended to withstand quantum computing, a developing technology that is expected to be able to solve math problems that today’s computers can’t. But it’s also one that the White House fears could allow the encrypted data that girds the U.S. economy – and national security secrets – to be hacked. 

Continue reading “Security News This Week: The NSA Swears It Has ‘No Backdoors’ in Next-Gen Encryption”

Don’t accidentally hire a North Korean hacker, FBI warns

Posted on by esimantiras

Don’t accidentally hire a North Korean hacker, FBI warns

source: theguardian.com  |  image: pexels.com

Employing remote IT workers who are secretly working for Kim Jong-un’s regime poses risks and may breach sanctions, say US agencies

 

US officials have warned businesses against inadvertently hiring IT staff from North Korea, saying that rogue freelancers were taking advantage of remote work opportunities to hide their true identities and earn money for Pyongyang.

An advisory issued by the state and treasury departments and the FBI said the effort was intended to circumvent US and UN sanctions, and bring in money for North Korea’s nuclear weapons and ballistic missile programs. The officials said companies who hired and paid such workers may be exposing themselves to legal consequences for sanctions violations.

Continue reading “Don’t accidentally hire a North Korean hacker, FBI warns”

Scientists create graphyne, the next generation wonder material

Posted on by esimantiras

Scientists create graphyne, the next generation wonder material

source: indianexpress.com  |  image: pexels.com

This research fills a long-standing gap in carbon material science and opens up brand new possibilities for electronics, optics and semiconductor research.

 

For over a decade, scientists have been trying to synthesise a new form of carbon called graphyne with next to no success. But researchers from the University of Colorado Boulder have finally succeeded in creating the elusive allotrope of carbon. This research fills a long-standing gap in carbon material science and opens up brand new possibilities for electronics, optics and semiconductor research.

The researchers have documented their process in a study titled, “Synthesis of γ-graphyne using dynamic covalent chemistry,” published in Nature Synthesis. The creation of different carbon allotropes (forms) has long interested scientists because of the element’s versatility and usefulness in various industries.

Carbon allotropes can be constructed in different ways depending on how hybrids of carbons and their corresponding bonds are utilised. The most well known such allotropes include graphite used in pencil and diamonds. They are created out of ‘sp2’ carbon and ‘sp3’ carbon respectively.

Scientists have used traditional methods to create various such allotropes over the years, including fullerene and graphene. Researchers working on these materials were awarded the Nobel Prize in Chemistry in 1996 and 2010 respectively.

But unfortunately, these methods do not allow for different types of carbon to be synthesised together in any kind of large capacity and this is required for creating graphyne. Due to this obstacle, graphyne remained a theoretical material speculated to have unique electrical, mechanical and optical properties.

Continue reading “Scientists create graphyne, the next generation wonder material”

CISA issues rare emergency directive as ‘critical’ cyber vulnerabilities emerge

Posted on by esimantiras

CISA issues rare emergency directive as ‘critical’ cyber vulnerabilities emerge

source: federalnewsnetwork.com  |  image: pexels.com

Agencies have until Monday to mitigate vulnerabilities in five products from VMware that permit attackers to have deep access without the need to authenticate.

The Cybersecurity and Infrastructure Security Agency issued a new emergency directive today saying the vulnerabilities in VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager put federal networks and systems at immediate risk.

“These vulnerabilities pose an unacceptable risk to federal network security,” said CISA Director Jen Easterly in a release. “CISA has issued this Emergency Directive to ensure that federal civilian agencies take urgent action to protect their networks. We also strongly urge every organization — large and small — to follow the federal government’s lead and take similar steps to safeguard their networks.”

Continue reading “CISA issues rare emergency directive as ‘critical’ cyber vulnerabilities emerge”

Cyber security: Global food supply chain at risk from malicious hackers

Posted on by esimantiras

Cyber security: Global food supply chain at risk from malicious hackers

source: bbc.com  |  image: pexels.com

Modern “smart” farm machinery is vulnerable to malicious hackers, leaving global supply chains exposed to risk, experts are warning.

It is feared hackers could exploit flaws in agricultural hardware used to plant and harvest crops.

Agricultural manufacturing giant John Deere says it is now working to fix any weak spots in its software.

A recent University of Cambridge report said automatic crop sprayers, drones and robotic harvesters could be hacked.

The UK government and the FBI have warned that the threat of cyber-attacks is growing.

John Deere said protecting customers, their machines and their data was a “top priority”.

Smart technology is increasingly being used to make farms more efficient and productive – for example, until now the labour-intensive harvesting of delicate food crops such as asparagus has been beyond the reach of machines.

Continue reading “Cyber security: Global food supply chain at risk from malicious hackers”

Self-driving cars could be potential crime witnesses

Posted on by esimantiras

Self-driving cars could be potential crime witnesses

source: axios.com, contributed by FAN Bill Amshey  |  image:  pixabay.com

 

The police in San Francisco see camera-laden autonomous vehicles as potential witnesses in their criminal investigations, setting off alarm bells for privacy advocates, VICE reports.

Why it matters: As Axios has reported, self-driving cars capture and store huge databases of images so that they can train their algorithms and become better drivers. What that means is that bystanders are often captured in the footage, raising privacy concerns.

Continue reading “Self-driving cars could be potential crime witnesses”

A designer and a NASA Scientist Fight a $244 Billion Problem

Posted on by esimantiras

A designer and a NASA scientist team up to fight a $244 billion problem that’s hiding in plain sight

source: fastcompany.com  |  image: pixabay.com

 

The debut project from Brooklyn-based Betterlab takes aim at a condition that affects a third of people worldwide.

 

earsightedness doesn’t sound that scary, but more and more people around the world are suffering from its clinical name: myopia. Because of myopia, China can’t find enough pilots, while the world is losing $244 billion in productivity a year, and that’s just the beginning: By 2050, more than half the world’s population is projected to have myopia—and as many as 10% of that group will go blind from the condition.

The problem was once primarily genetic, but new cases are increasingly attributed to kids getting too much screen time and too little sunlight for the eyes to develop properly. And while research has found that preventing myopia isn’t much more complicated than spending enough time outside, a new pair of glasses developed by designer Todd Bracher and a former NASA scientist aims to fix myopia without forcing anyone to change their behavior, take drugs, or wear special prismatic lenses. They were a finalist in our recent World Changing Ideas awards.

Continue reading “A designer and a NASA Scientist Fight a $244 Billion Problem”

FBI, CISA, and NSA warn of hackers increasingly targeting MSPs

Posted on by esimantiras

FBI, CISA, and NSA warn of hackers

increasingly targeting MSPs

source: bleepingcomputer.com, contributed by FAN Steve Page  |  image:  pixabay.com

 

Members of the Five Eyes (FVEY) intelligence alliance today warned managed service providers (MSPs) and their customers that they’re increasingly targeted by supply chain attacks.

Multiple cybersecurity and law enforcement agencies from FVEY countries (NCSC-UK, ACSC, CCCS, NCSC-NZ, CISA, NSA, and the FBI) shared guidance for MSPs to secure networks and sensitive data against these rising cyber threats.

“The UK, Australian, Canadian, New Zealand, and U.S. cybersecurity authorities expect malicious cyber actors—including state-sponsored advanced persistent threat (APT) groups—to step up their targeting of MSPs in their efforts to exploit provider-customer network trust relationships,” the joint advisory reads.

Continue reading “FBI, CISA, and NSA warn of hackers increasingly targeting MSPs”