1. NIST is taking a long time to finalize post-quantum-computing cryptography standards.
2. There has been a significant increase in quantum technology and understanding since 2016.
3. Only four algorithms have been finalized so far, but more candidates are under consideration.
4. Developing quantum-resistant algorithms is important, but it takes time.
5. It usually takes several years for vendors to develop and validate products based on new standards.
6. Cryptography combines mathematics and complexity, and post-quantum algorithms are more complicated and less understood.
7. More cryptanalytic results and algorithm vulnerabilities are expected.
8. Cryptographic agility is important to easily swap in new algorithms when required.
9. Expect that any new standard from NIST will eventually become vulnerable to advances in mathematics.
10. Hashtags: #postquantum #cryptography #standards #quantumtechnology #cryptographyagility
https://www.schneier.com/blog/archives/2023/08/you-cant-rush-post-quantum-computing-standards.html
White House holds summit on ransomware crisis in public schools. Data breaches have affected over 1.2 million students in 2020 alone. Limited federal funds hinder cybersecurity efforts in schools. Measures announced include increased training and grants from technology providers. $200 million proposed to strengthen cyber defense in schools. School districts lack full-time cybersecurity staff and spend little on cybersecurity defense. Ransomware attacks expose private records and cause trauma for staff, students, and parents.
Summary:
Adobe has released a patch to fix 30 vulnerabilities in Acrobat and Reader software. The vulnerabilities could lead to arbitrary code execution, memory leaks, security feature bypass, and denial-of-service attacks. The bugs are described as memory safety issues and no known exploits are currently in the wild. In addition, Adobe also issued an urgent update for security vulnerabilities in Adobe Commerce and Magento Open Source.
Hashtags:
#PatchTuesday #Adobe #Acrobat #Reader #Vulnerabilities
https://www.securityweek.com/patch-tuesday-adobe-patches-30-acrobat-reader-vulns/
Microsoft has released patches for exploited Office zero-day vulnerabilities. #PatchTuesday #Microsoft #SecurityWeek #Cybersecurity #OfficeZeroDay
Russian spies and cybercriminals were abusing a Windows Search security feature bypass vulnerability. #RussianSpies #Cybercriminals #WindowsSearch #Vulnerability
The patches and mitigations are aimed at stopping the attack chain used by skilled attackers. #AttackChain #SkilledAttackers #SecurityUpdates
The Patch Tuesday includes fixes for 75 security defects in the Microsoft Windows ecosystem. #PatchTuesday #Microsoft #SecurityDefects
Adobe also released patches for vulnerabilities in Acrobat and Reader software. #Adobe #Acrobat #Reader #SecurityUpdates
https://www.securityweek.com/patch-tuesday-microsoft-finally-patches-exploited-office-zero-days/
#Summary:
- An unidentified threat actor from Vietnam has been engaging in a ransomware campaign using a variant of the Yashma ransomware.
- The attackers retrieve ransom notes from their GitHub repository instead of embedding them in the malware binary, evading traditional endpoint security measures.
- The threat actor appears to target English-speaking countries, Bulgaria, China, and Vietnam.
- There are clues suggesting a Vietnamese origin for the attacker.
- The ransomware variant employed is a customized version of Yashma, with anti-recovery capabilities.
- The attackers demand ransom payments in Bitcoin and double the ransomware price if the victim fails to pay within three days.
- Indicators of Compromise (IoC) can be found on Cisco Talos' GitHub repository.
#Hashtags:
#Ransomware #Vietnam #Yashma #ThreatActor #Bitcoin
https://www.infosecurity-magazine.com/news/vietnamese-ransomware-mimics/
Summary:
- Sophos X-Ops has discovered a connection between multiple ransomware attacks, referred to as a "threat activity cluster."
- These clusters provide insights into potential future actions and help identify the attackers responsible for the attacks.
- The threat activity cluster focuses on intricate details and indicates a highly sophisticated playbook guiding the attackers' actions.
- The research suggests that the ransomware group Royal may be collaborating with affiliates Hive and Black Basta, challenging previous assumptions.
- The report reveals granular similarities in attack behaviors and highlights the close alignment between these groups.
Hashtags:
#BHUSA #Ransomware #ThreatActivityCluster #SophosInvestigation #Cybersecurity #AttackBehaviors #Collaboration #Royal #Hive #BlackBasta
https://www.infosecurity-magazine.com/news/ransomware-connections-sophos/
Morgan & Morgan sues Tampa General Hospital over data breach. 1.2 million patients' data was stolen. Hospital failed to secure data and delayed notifying victims. Lawsuit seeks damages and accountability. Hashtags: #DataBreach #TampaGeneralHospital #Lawsuit
https://www.infosecurity-magazine.com/news/tampa-general-sued/
A complete guide for building a modern CSOC and IRT, focusing on governance, roles and responsibilities, and accountability. #CSOC #IRT #cybersecurity
LinkedIn's Ethical Hackers Academy posted an infographic comparing the legacy SOC and the modern SOC, highlighting the need for context and discussion.
The director of Cyber Security Operations at IAI aimed to involve the SOC in investigations and proposed creating a separate IR team within the Cyber Directorate.
A modern CSOC or IRT is essential for real-time monitoring, detection, response, and mitigation of security incidents and threats.
The existing SOC lacked defined procedures and processes, leading to the need for a rebuild.
The top-level directive defined the roles, authorities, and responsibilities of the CSOC and IRT, emphasizing the need for proactive, threat-driven cyber resilience.
The CSOC/IRT core subdomains include automation and integration, training and doctrine, supervision and process improvement.
A battle rhythm was implemented to synchronize daily operations and create a structure for day-to-day and shift-to-shift operations.
Documented procedures and directives create governance, set expectations, define accountability, and provide an anchor for lessons learned and continuous improvement.
Implementation and enforcement of the documentation are crucial for success. The methodology is addressed in the next chapter. #cybersecurity #CSOC #IRT
Hackers are using Cloudflare Tunnels to gain stealthy access. They exploit the tunnels for stealthy HTTPS connections, bypassing firewalls, and maintaining long-term persistence. Cloudflare Tunnels allow outbound connections via HTTPS to Edge Servers, with access to services like SSH, RDP, and SMB. Attackers can control functionality activation and deactivation and evade detection by using QUIC connections on port 7844. Steps for exploiting Cloudflare Tunnels include creating a token on the victim's machine, accessing the executable, and establishing a client connection. Organizations should monitor unauthorized tunnel use and restrict services to chosen data centers. #cybersecurity #cybersecuritynews
https://cybersecuritynews.com/hackers-abuse-cloudflare-tunnels/
CISA Announces Cyber Security Strategy Plan for 2024-2026. The plan focuses on collaboration, innovation, and accountability. CISA aims to strengthen cybersecurity and infrastructure protection against hackers. The plan includes goals to address immediate threats, harden security, and drive security in products. The objective is to create a collaborative defense model that distributes risk and ensures security and resilience. The plan aims to safeguard cyberspace for all Americans and optimize cyber defense operations. #Cybersecurity #CISA #SecurityStrategy
https://cybersecuritynews.com/cisa-cyber-security-strategy-plan/
Yeah and people complain that crypo mining is wasting of IT reources
Two-thirds of UK websites vulnerable to bad bots. Majority of UK websites unable to block simple bot attacks, exposing businesses to fraud and account compromise. Only 8% of websites successfully blocked all bot requests. E-commerce and classified ads sectors performed the worst, while gambling sites were best defended. Malicious bots make up around 30% of internet traffic and cost organizations billions of dollars annually. UK firms must take action to protect against this growing threat.
#UKwebsites #badbots #fraud #accountcompromise #cybersecurity
https://www.infosecurity-magazine.com/news/twothirds-uk-sites-vulnerable-bad/
North Korean hackers have compromised a Russian missile maker's IT network. Leaked emails helped researchers identify the cyber-espionage campaign. The attackers deployed a Windows backdoor called "OpenCarrot." The backdoor enables full compromise of infected machines and network-wide compromise. North Korea's cyber-espionage activities are believed to support its nuclear and missile program. #NorthKorea #cyberespionage #OpenCarrot #RussianMissileMaker
https://www.infosecurity-magazine.com/news/north-korean-hackers-russian/
A Security Operations Center (SOC) is a central unit within an organization responsible for managing and monitoring cybersecurity operations. It combines security alerts with network logs to anticipate, analyze, and respond to security incidents. The SOC consists of roles such as SOC Manager, Security Analyst, Incident Responder, Threat Hunter, Vulnerability Analyst, Forensic Analyst, and Compliance Analyst. Key components of a SOC include people, processes, technology, data, and facilities. The SOC performs functions such as monitoring, incident detection and analysis, incident response, threat hunting, vulnerability management, security information and event management (SIEM), threat intelligence, reporting and communication. Having a SOC provides improved security posture, reduced risk, faster incident response, better visibility, compliance, cost savings, and proactive threat hunting. Challenges in establishing and maintaining a SOC include resource limitations, alert fatigue, security threat complexity, system integration, training, and compliance. Despite the challenges, a well-established and effectively managed SOC can help an organization maintain a strong security posture and protect itself from security risks.
#securityoperationscenter #SOC #cybersecurity #cyberthreats #incidentresponse #threatintelligence #vulnerabilitymanagement #compliance #riskmanagement
https://cybersecuritynews.com/what-is-a-security-operations-center/
Acoustic attack records laptop keystrokes with nearby phone. Hashtags: #AcousticAttack #DataSecurity #CyberSecurity #KeystrokeRecording.
https://cybersecuritynews.com/acoustic-attack-records-laptop/
Microsoft's signing key was stolen by Chinese hackers who used forged authentication tokens to access user email using a stolen Microsoft Azure consumer signing key. The incident highlights negligent security practices and vulnerabilities in key validity checks. Furthermore, the key was stored in software instead of the system's Hardware Security Module (HSM), indicating a serious breach of security practice. The attack may be connected to the SolarWinds breach, and the long-term consequences of such attacks are being underestimated. Source code theft from infrastructure providers is becoming a preferred method for sophisticated threat actors. #authentication #backdoors #China #cybersecurity #hacking #keys #Microsoft
https://www.schneier.com/blog/archives/2023/08/microsoft-signing-key-stolen-by-chinese.html
Summary: A new vulnerability has been discovered in PaperCut MF/NG print management software, allowing for unauthenticated remote code execution. The flaw can be exploited to read or write arbitrary files. PaperCut has released a patch for the vulnerability.
Hashtags: #PaperCut #vulnerability #remoteCodeExecution
Note: The text provided includes a lot of irrelevant information and repetition. I have extracted the relevant information for the summary and hashtags.
https://www.securityweek.com/new-papercut-vulnerability-allows-remote-code-execution/
North Korean hackers target Russian missile developer. Cybersecurity firm discovers evidence of North Korean threat actors targeting Russian missile maker NPO Mashinostroyeniya. Leaked emails were intercepted, and data was stolen. The attack was linked to two North Korean hacker groups, ScarCruft and Lazarus. The breach likely began in late 2021 and was discovered in May 2022 #NorthKorea #Russia #CyberSecurity #Hacking
https://www.securityweek.com/north-korean-hackers-targeted-russian-missile-developer/