Summary: The imminent threat of quantum computing breaking existing encryption algorithms is a national security challenge that must be addressed. Initiatives to create quantum-secure encryption protocols are underway, including the US National Institute of Standards and Technology's draft standards. Organizations should educate themselves on the guidance provided and establish a quantum readiness project team. They should also build a cryptographic inventory, understand their cryptographic systems, and incorporate cryptographic agility. Organizations should stay updated on quantum computing breakthroughs to prevent being caught off guard.
Hashtags: #QuantumSecureEncryption #DataSecurity #QuantumComputing #EncryptionProtocols #Cybersecurity #NationalSecurity #QuantumThreats
https://www.infosecurity-magazine.com/news-features/pave-quantum-secure-encryption/
Summary:
- The global cyber skills gap has reached a record four million people.
- Despite an increase in cybersecurity professionals, 62% of cybersecurity teams are understaffed.
- Ransomware attacks have increased the demand for skilled cybersecurity professionals.
- Lay-offs, budget cuts, and hiring freezes have impacted cybersecurity teams.
- The cyber skills gap is expected to widen in 2024 due to security cutbacks and economic uncertainty.
- AI may not immediately solve the skills gap as organizations lack expertise in AI.
- Actions are being taken to address the skills gap, such as the National Cyber Workforce and Education Strategy.
- Ongoing education and training, expanding ideas of high-quality candidates, and government-industry collaboration are important strategies to tackle the skills gap in 2024.
Hashtags:
#CyberSkillsGap #CybersecurityWorkforce #RansomwareAttacks #EconomicUncertainty #AIsImpactOnSkillsGap #NationalCyberWorkforce #EducationStrategy #SkillsDevelopment #GovernmentIndustryCollaboration #TacklingSkillsGap
https://www.infosecurity-magazine.com/news-features/cyber-skills-gap-grow-2024/
Ransomware attackers exploit Windows zero-day vulnerabilities to gain elevated privileges. Understanding CLFS (Common Log File System) is crucial to knowing the roots of vulnerability. Exploits leverage the standard BLF layout by avoiding needing a prebuilt file. To avoid these risks, a reasonable file format is necessary. #Ransomware #Windows #ZeroDay #Vulnerabilities #CLFS
https://cybersecuritynews.com/ransomware-attackers-exploit-windows-zero-day/
GitHub sets a mandate for two-factor authentication (2FA) for all users by the end of 2023 to strengthen software supply chain security. The vulnerability of developers' accounts and the potential consequences of compromise pose risks to the entire software ecosystem. The 2FA mandate serves as a robust second line of defense against unauthorized access. GitHub outlines a phased approach for seamless implementation. The platform takes a holistic approach to developer security, exploring novel authentication methods and investing in account security. This initiative sets a precedent for the software industry and encourages collective action. #cybersecurity #github #2FA
Google has stopped collecting location data from Google Maps. The data is now stored locally on user devices, meaning that Google no longer has access to it. This move enhances privacy and prevents law enforcement from requesting the data from Google. #geolocation #Google #privacy
https://www.schneier.com/blog/archives/2023/12/google-stops-collecting-location-data-from-maps.html
#Summary:
1. Hacking into Pets Eating Habits: Security risks in smart pet feeders allow hackers to tamper with feeding schedules and steal sensitive information.
2. BlackCat Gang Taking Incident Reporting Rules Seriously: Attackers post details of their compromise to the SEC's site to pressure victims into paying ransom.
3. Cybercriminals Reluctant to Use ChatGPT: Many cybercriminals are hesitant to use AI-based chatbots due to concerns about scams and societal risks.
4. Google Launches Legal Action Against Scammers: Google files lawsuits against scammers who misled people into downloading malware and abused copyright law.
5. Researchers Find "Silly" Way to Extract ChatGPT Training Data: Researchers discover an attack method that extracts training data from ChatGPT by prompting the model to repeat certain words.
#Hashtags:
#PetCybersecurity #BlackCatGang #ChatGPT #GoogleLegalAction #TrainingDataExtraction
https://www.infosecurity-magazine.com/news-features/5-wackiest-cybersecurity-stories/
1. Identity and Access Threats Will Drive Demand for Robust MFA
2. Elevated Focus on OT Security Amid Critical Infrastructure Targeting
3. Accelerated Law Enforcement Collaboration, but Challenges Endure
4. AI to Have Limited Transformative Impact on Cyber Defenses
5. Deepfakes and Misinformation Will Be More Pressing AI-Related Threats
6. Cyber and AI Regulations Set to Reshape the Global Security Landscape
7. Increased Pressure on CISOs
8. Quantum Readiness Shouldn’t Be a Priority for 2024
9. Insurance Firms Will Set a Bar of Minimum Cyber Requirements
10. Innovative Hiring Strategies Well be Needed to Close the Skills Gap
https://www.infosecurity-magazine.com/news-features/top-ten-cybersecurity-predictions/
1. The cybersecurity market is projected to grow globally from $153.6bn in 2022 to $424.9bn by 2030, but it has been affected by budget cuts and layoffs.
2. Mergers and acquisitions (M&A) in the cybersecurity industry have been limited due to risk aversion and concerns around value.
3. The industry is ripe for consolidation and international expansion to meet market demands.
4. Top M&A deals in 2023 include Cisco's acquisition of Splunk, Thales' acquisition of Imperva, Thoma Bravo's acquisition of ForgeRock, Proofpoint's acquisition of Tessian, and CrowdStrike's acquisition of Bionic.
5. The cybersecurity industry is saturated, and M&A activity is necessary for market consolidation.
#Cybersecurity #MergersAndAcquisitions #MarketConsolidation #InternationalExpansion
https://www.infosecurity-magazine.com/news-features/cybersecurity-mergers-acquisitions/
The rise of DDoS attacks in Q3 2023 has seen a staggering 67% surge compared to the previous quarter, posing significant threats to various industries. Over 41% of websites have shown signs of DDoS attacks, with India being a major source followed by the United States, Germany, the UK, and Singapore. These attacks can cause lasting damage to businesses, including downtime, loss of trust, damage to reputation, and increased cybersecurity costs. Notable DDoS attacks in 2023 include Microsoft, Anonymous Sudan, and OpenAI. To prevent DDoS attacks, it is recommended to enroll in a behavioral-based DDoS mitigation service, implement always-on DDoS protection, minimize attack surface exposure, deploy anycast DNS, and regularly update and patch systems. #DDoS #Cybersecurity #Threats #AttackOrigins #Top10Countries #Microsoft #AnonymousSudan #OpenAI
Summary: The cryptocurrency industry is experiencing a rise in sophisticated phishing attacks using crypto drainers. These attacks target various blockchain networks and use phishing scams to trick victims into giving away their wallet information. The attackers create fake campaigns and websites, asking users to connect their wallets and interact with a malicious smart contract. The stolen cryptocurrency is then transferred and obfuscated to hide the attacker's traces. Users are advised to be skeptical of airdrop claims, verify smart contracts, and employ hardware wallets for enhanced security.
Hashtags: #cybersecurity #cybersecuritynews #malware
https://cybersecuritynews.com/crypto-drainers-phishing-attacks/
Chrome's new safety check feature alerts users of hacked passwords, improving browser performance and security. The feature can be accessed through the three-dot menu in Chrome and allows users to revoke permissions and optimize memory usage. Tab groups can also be saved and accessed on different devices. #Chrome #PasswordSafety #BrowserSecurity #TabGroups
https://cybersecuritynews.com/chrome-new-safety-check-feature/
Top 10 cybersecurity stories of 2023: ChatGPT creates polymorphic malware, stealthy npm malware exposes developer data, NIST expands cybersecurity framework, Citrix endpoints compromised with webshells, cyber skills gap reaches 4 million, Northern Ireland police officers vulnerable after data leak, consumers concerned about AI's impact on data privacy, global cyber-attacks rise by 7%, ransomware attack wipes out Sri Lankan government data, data leak hits thousands of NHS workers. #Cybersecurity #Malware #NIST #Citrix #CyberSkillsGap #DataLeak #AI #CyberAttacks #Ransomware #NHS
https://www.infosecurity-magazine.com/blogs/most-read-cybersecurity-stories/
Ransomware groups saw a surge in victims in November, reaching a record-high number. The increase is attributed to LockBit's activity and the CitrixBleed vulnerability. Predictions for December suggest a decrease in victims, but the return of QakBot could impact this. #Ransomware #LockBit #CitrixBleed #QakBot
https://www.infosecurity-magazine.com/news/ransomware-victims-record-november/
Cyber Security News offers 100+ advanced cybersecurity courses online with a lifetime membership. The courses cover various areas of cybersecurity and are handled by highly skilled instructors. A Diamond Membership with lifetime access is available, and there is a $100 discount for Christmas. Tips for making the most out of the membership include assessing your current skill level, setting clear goals, creating a learning plan, starting with fundamentals, exploring different domains, and engaging with the community. The Diamond Membership offers enhanced career opportunities, helps you stay ahead of evolving threats, increases earning potential, provides greater job security, and allows for skill diversification. The membership includes access to courses in penetration testing, vulnerability assessment, ethical hacking, malware analysis, and more. The hashtags for this text are #CyberSecurityCourses, #LifetimeAccess, #EthicalHackersAcademy, #ChristmasGift, #CareerOpportunities, #StayAhead, #EarningPotential, #JobSecurity, #SkillDiversification.
https://cybersecuritynews.com/best-cyber-security-courses-online/
Summary:
Security Service Edge (SSE) is a cloud-based security framework that combines network security and wide-area networking capabilities in a single service. It provides secure and direct access to cloud services, bypassing the public internet. SSE plays a crucial role in enhancing direct cloud access and is expected to become a standard component of hybrid work security strategies.
Hashtags:
#SSE #securityserviceedge #cloudsecurity #hybridworksecurity
https://cybersecuritynews.com/wht-is-security-service-edge-sse/
Summary: Iranian hackers known as Peach Sandstorm have developed a new backdoor called FalseFont, which allows them to hack Windows operating systems. The group, linked to APT33, Elfin, and Refined Kitten, targets sectors such as defense, government, and healthcare. FalseFont was detected in November 2023 and provides remote access, file launching, and data transmission capabilities. Microsoft Threat Intelligence is actively investigating Peach Sandstorm's activities and has provided mitigations for organizations. #IranianHackers #FalseFont #WindowsHack
Hashtags: #IranianHackers #FalseFont #WindowsHack
https://cybersecuritynews.com/iranian-hackers-developed-a-new-backdoor-to-hack-windows/
Summary: Ben Rothke named "A Hacker's Mind" as the best information security book of 2023.
Hashtags: #AHackersMind #InformationSecurity #BestBook
https://www.schneier.com/blog/archives/2023/12/ben-rothkes-review-of-a-hackers-mind.html
Malicious GPT can phish and exfiltrate credentials to external servers. Hashtags: #Malware #Phishing #Exfiltration #Credentials #Cybersecurity #DataProtection
Vulnerable chatbots allow attackers to steal sensitive information. Hashtags: #Chatbots #Vulnerabilities #DataBreaches #Cybersecurity
OpenAI takes action to mitigate the attack method, but it's not completely prevented. Hashtags: #OpenAI #Mitigation #Cybersecurity
Custom GPTs can trick users into giving away email addresses and passwords. Hashtags: #CustomGPTs #DataSecurity #UserPrivacy
Publication of malicious GPTs on official stores may be possible. Hashtags: #GPTStore #MaliciousGPTs #DataSecurity
AI-powered attacks become more common, requiring better security approaches. Hashtags: #AIattacks #Cybersecurity #AIrisks
Crypto drainer malware steals $59m via Google and X ads. Lures victims to phishing pages through targeted ads. MS Drainer behind attacks. Ads use redirect deception and bypass ad audits. 10,000 phishing sites using drainers observed. 60% of phishing ads on X lead to malware. MS Drainer has stolen from 63,210 victims. Malware sold on dark web forum. Ad industry urged to enhance verification processes. #CryptoDrainer #MalwareAttacks #PhishingAds #GoogleAds #XAds
https://www.infosecurity-magazine.com/news/crypto-drainer-steals-59m-google-x/
Hackers are using malicious JavaScript samples to steal sensitive data. Researchers have found that these malware scripts employ sophisticated techniques, such as obfuscation and selective payload detonation, to evade security tools. The stolen data is exfiltrated through phishing pages, skimming sites, and abusing legitimate APIs. The malware authors employ tactics like dynamic HTML generation, image-based exfiltration, and keyword triggers to hide their activities. Unit 42 researchers have developed advanced analysis techniques to track information flows within JavaScript code. Website owners are advised to keep software updated and monitor exfiltration endpoints, while users should be cautious with online forms and links and invest in security software. #cybersecurity #cybersecuritynews #vulnerability
https://cybersecuritynews.com/hackers-using-malicious-javascript/