Samsung denies] Samsung to develop Galaxy processors with custom CPU cores

andreasc
-
0
Samsung denies] Samsung to develop Galaxy processors with custom CPU cores
[ad_1]

UPDATE (from Samsung): Samsung reached out to clarify things regarding custom CPU cores. The company said that “a recent media report that Samsung has established an internal team dedicated to CPU core development is not true”. The company added that it already has “multiple internal teams responsible for CPU development and optimization”, and it has been that way for a long time. Samsung also added that it is “constantly recruiting global talents from relevant fields”.

ORIGINAL ARTICLE (edited version): Samsung‘s custom processors for Galaxy devices may feature custom CPU cores. The company has reportedly reinforced its internal teams dedicated to the in-house development and optimization of smartphone processors. It has hired a senior developer from AMD to lead the efforts, the Korean media reports. The first Samsung chipset with custom CPU cores may arrive in 2027.

Samsung is developing specialized processors for Galaxy devices

Samsung’s latest Galaxy S23 series flagships are special in many ways, with the chipset being one of those. The phones use an overclocked version of Qualcomm’s Snapdragon 8 Gen 2 globally. The company ditched its in-house Exynos processors this year due to poor performance. Its mobile division is now developing specialized processors for Galaxy devices. The firm no longer has any faith in its semiconductor division to provide it with ideal chipsets.

Early reports suggest that the first Samsung smartphone powered by its custom chipset, which may be called the Galaxy Chip, will arrive in 2025. The idea is to optimize the chipset for its devices from the development stage. This will allow for deeper hardware-software integration, something that Apple’s iPhones greatly benefit from. Designing custom CPU cores may further allow Samsung to achieve the optimization level it desires.

According to the Korean publication Pulse News, Samsung’s first custom chipset with custom CPU cores may ship out in 2027. That means the initial solutions in 2025 and 2026 will use stock CPUs from ARM. “Samsung Electronics will be able to boost the completion level of its Galaxy Chip if it successfully develops a CPU core,” an unnamed industry official told the publication. “It will be able to load its own CPU in 2027 if development is carried out as planned.”

Samsung to develop custom CPU cores again

This isn’t the first time Samsung is developing custom CPU cores. The company’s Exynos processors featured custom Mongoose CPU cores between 2016 and 2020. But those chipsets consistently underperformed against competing solutions from Qualcomm that used stock ARM cores.

Samsung eventually decided to go the Qualcomm way a few years back. Its recent flagship Exynos processors use stock ARM solutions, though to not much avail.

There have been reports of the company switching back to custom solutions some time ago, but it hasn’t materialized yet. Meanwhile, Samsung stopped using Exynos processors in its flagship devices this year. It is now developing specialized chipsets for Galaxy smartphones.

Turns out those specialized processors will feature custom CPU cores too. If not from the beginning, surely a few years later. Qualcomm is also working on custom CPU solutions called Oryon. Time will tell which chip biggie comes out on top.


[ad_2]
Source link

Spotify challenged Apple’s AppStore terms in front of EU officials

andreasc
-
0
Spotify challenged Apple’s AppStore terms in front of EU officials
[ad_1]
The Apple tax? Sucks. The Apple gatekeeping model that cleverly convinces users that Apple is the go-to solution? Also sucks. That’s a really quick and rephrased TL;DR of Spotify’s requests during a stakeholders workshop organized by the European Union (EU).

But let’s pause for a moment and elaborate on why those two are bad. From a developer’s point of view, losing 30% of profit to Apple just for having your service available on their AppStore leads to artificially inflated prices, while forbidding communication between end-users and app developers distances the product from the target audience.

But like all solid arguments in life, this too is a coin. And on the other hand, Apple’s continuous stance has a good reason behind its unyielding nature: privacy and security. If the floodgates become opened, we can’t possibly trust every developer out there to not try and take advantage of the situation to extort users through data theft. And that’s just one item on Apple’s list of concerns.
 
Now that we’ve gotten that out of the way, let’s look at the official way that Spotify’s request was phrased:
  • Allow an alternative option for in-app purchases on iOS
  • Allow developers/companies to have direct communication with consumers

And this is the part where we ask you to stop us if you haven’t heard the above requests before. Apple and their AppStore are under tons of pressure right now, on a global level. Requests just like these are flying left and right, and the overall vibe of the situation is that the bubble will burst eventually.

As an additional bit of context, all of this is regarding the EU’s Digital Marketing Act (DMA) — the very same document that made us excited to see an iPhone with a USB-C charging port. The event at which Spotify expressed its concerns was related to overall app store — as in, not only on iOS — concerns, but the music streaming service’s Gene Burrus, Director of Global Competition Policy, didn’t miss the opportunity to take a direct approach.

While the Cupertino Company acknowledged that it understands its obligations towards the DMA act, it did not move an inch regarding AppStore regulations and terms. Other companies refuted the statement by expressing their beliefs that Apple does not have exclusivity over the concept of “security”, which basically means they called them out.

While this workshop was never conducted with the idea of reaching a definitive resolution, the fact of the matter is that both sides are holding ground firmly. As the DMA act’s implementation moves further along the pipeline, only time will tell what compromises will the two factions make in order to comply with the act, and each other.

[ad_2]
Source link

 Windows Event logs Analysis & Monitoring Guide

andreasc
-
0
 Windows Event logs Analysis & Monitoring Guide
[ad_1]
Windows Event logs

Cyber Security operations center is protecting organizations and the sensitive business data of customers. It ensures active monitoring of valuable assets of the business with visibility, alerting and investigating threats, and a holistic approach to managing risk.

Analytics service can be an in-house or managed security service. Collecting event logs and analyzing logs with real-world attacks is the heart of the security operation center.

Events – The security operations center

Events are generated by systems that are error codes, devices generate events with success or failure to their normal function. so event logging plays an important role to detect threats. In the organization, there are multiple numbers and flavors of  Windows, Linux, firewalls, IDS, IPS, Proxy, Netflow, ODBC, AWS, Vmware, etc.

These devices usually track attackers’ footprints as logs and forward them to SIEM tools for analysis. In this article, will see how events are pushed to the log collector. To know more about windows events or event ids refer Here.

EHA

Log Collector

It’s a centralized server to receive logs from any device. Here I have deployed Snare Agent on Windows 10 machine. So we will collect windows event logs and Detect attacks on windows 10 machines attacks using Snare Agent.

The snare is SIEM(SECURITY INCIDENT AND EVENT MANAGEMENT) Solution for log collector and event analyzer in various operating systems Windows, Linux, OSX Apple, and supports database agent MSSQL events generated by Microsoft SQL Server. It supports both Enterprise and Opensource Agents.

Snare Installation

  • For Demo purposes, I have been using no credentials but it is always recommended to use strong passwords to protect logs without a leak.

Snare Web interface:-

  • By default, snare will run at Port 6161.
  • A random port can also be chosen with TCP or UDP or TLS/SSL Protocols.
  • Snare will ask for credentials to log in. Here I have given no authentication.
  • The below figure shows the snare agent install success and provides additional details on screen.

Network & File Destination Configuration

  • Our windows 10 is started sending event logs to the Snare console.
  • Snare console is running at localhost and collecting logs from a windows machine.

NOTE: Logs can be sent to a centralized server, then the centralized server push logs to SIEM (To reduce the load in SIEM this method is used), send snare logs directly to SIEM (If your SIEM is capable of good storage for a long and short-term log retention this method can be deployed), It recommended to configure your SIEM with port details of snare and test connection should be the successor to collect logs.

  • So you can change network destination IP to SIEM IP or LOG COLLECTOR IP.
  • Above figure shows destination is configured with localhost to collect and store event logs in various format SNARE, SYSLOG, CEF (Common Event Format) or LEEF (Log Event Extended Format)
  • By default, it will be collecting logs and saving file with snare format & logs are forwarded to SIEM.

Access Configuration

  • Web server port, authentication for console access, and Web server Protocol can be easily defined according to your environment.
  • The above figure shows a configuration with Web server port 6161, Snare agent port 6262, and HTTP as web server protocol for demo purposes, It is recommended to install a certificate for secure connection to forward logs.

Objective Configuration

  • The objective includes events with different categories which can be windows Log on/Log off, access to file or directory, security policy change, system restart, and shutdown.
  • Modify or delete specific events to assign a priority(Critical, High, Low & Information)

Audit Service Statistics

  • Audit Service ensures snare is connected and sends logs to SIEM.
  • It shows daily average bytes of events transmitted to SIEM.
  • In case of network failures, Soc Administrator can check the status of the service.

Security Certification – The security operations center

  • To make connection encrypted and generate a self-signed certificate to WEB-UI, snare agent, and network destination certificate validation to establish a secure way of forwarding logs to SIEM.
Security operations center

Restart-Service

  • If SIEM is not collecting Event logs from the Snare agent for a while, then it’s time to troubleshoot and retrieve logs from the snare server.
  • The above figure shows Snare services are restarted successfully.

Events – The security operations center

  • Windows 10 is forwarding event logs to your deployed SIEM or events can be viewed in the snare console.
  • Every time you cannot open and lookup for intrusions to your environment with snare, for this reason, we are forwarding logs to SIEM for Intelligence to detect attacks.
  • SIEM will be Intelligent to trap attackers by building an effective correlation rule.
  • Above pictures with Event Ids 4625 which is failed password attempt to Windows 10 machine followed by Successful 4689 Event.
  • List of Windows Event Ids Here

NOTE: Above figures shows failed attempts followed by a successful login.

Correlation rule & Incidents

  • It’s an engine designed to write a defensive rule to detect offensive guys, Each rule will be a unique incident.
  • Example: Assume that you’re writing a rule for a brute-force attempt, Brute-force attempts will have continuous threads with a different passphrase to the server.
  • As per NOTE: failed attempts followed by a successful login.

Correlation Rule : failed password attempts + Followed by successful Login = Brute-force (Incident)

Now your customer environment is ready for Known use case(Brute-force detected), you can also build or write your own use case and deploy in your SIEM to detect sophisticated cyber-attacks !!!

Also, we recommend you take one of the leading online courses for SOC Analysts – Cyber Attack Intrusion Training | From Scratch to enhance your skills to become a SOC analyst.


[ad_2]
Source link

9 cybersecurity tips to keep you safe when travelling

andreasc
-
0
9 cybersecurity tips to keep you safe when travelling
[ad_1]

Here are some cybersecurity tips to keep you safe while you travel.

The best way to keep your devices safe when you’re travelling is to be unplugged. If you don’t need it, don’t take it with you. But since that is not always an option, here are some tips to keep you safe while you travel.

1. Backup before you go

The consequences of losing your device or having it stolen are worse when you are outside of your own environment. So make sure that you have recent backups of your important data, and don’t keep the backups on the devices you are taking.

2. Turn on Find My device

Both Android and iOS offer options to track your device. So turn this on before you go, and if you lose your device you can remotely wipe it, or even leave a message on the screen for whoever finds it.

3. Consider your connections

The router that handles the Wi-Fi in your home keeps the individual devices shielded from a lot of undesirable traffic. But when you’re out and about, a mobile firewall can manage the flow of traffic in and out of your device.

Disable the auto-connect options shortly before you leave and have your devices forget the network SSIDs in their lists. Threat actors can abuse these features for machine-in-the-middle attacks. Also disable the Bluetooth on your devices whenever you’re not using it.

4. Protect your devices

Use a fully updated anti-malware solution for all your devices. Most anti-malware solutions will update automatically, but it’s worth double checking their settings to check that’s being done.

5. Patch and update

Your security software is not the only thing that should be kept up-to-date. Check if there are updates for your operating system (Windows, Android, iOS, or whatever you’re using), banking apps, and anything else which is privacy sensitive and you use on a daily basis. Updating them while you are travelling can be slow and tedious.

6. Use a password manager

Don’t forget to take your password manager and your 2FA device with you. Nothing can kill the buzz like having to go through umpteen “I forgot my password” routines. Talking of passwords, it goes without saying that all your devices should be protected with a PIN or password.

7. Careful what you post on social media

We know it’s hard, but usually it’s better to wait till you get back home before you show the world how beautiful the scenery was at your travel destination. Don’t announce your absence from home or burglars might get drawn to your home. Speaking of which, a little automation of the lighting can make it seem as if there is someone home watching the place.

8. Public Wi-Fi and computers

Simple. Don’t use them if you can avoid them. And if you have to, be thoughtful of the fact that they are indeed, public. Avoid sites where you need to login, sites with sensitive info (banking, healthcare, etc.), and especially stay away from making purchases over an unsecured connection. Use a VPN with strong encryption. After using a public computer, delete your cookies and maybe your browser history as well.

Don’t let all this ruin the fun

While most of the things mentioned above are precautions we (should) take every day, they are not the first ones that come to mind when you are planning that awesome trip you have worked for all year. But as always, it’s better to be safe than sorry. Safe travels!

Have a burning question or want to learn more about our cyberprotection? Get a free business trial below.

GET STARTED


[ad_2]
Source link

New MacBook Air Models Could Ship with M3 Chips

andreasc
-
0
New MacBook Air Models Could Ship with M3 Chips
[ad_1]

M2 MacBook Air

A recent report suggests that Apple is working on a new-generation 13- and 15-inch MacBook Air that could be powered by the M3 chip.  

Rumors of a forthcoming next-generation MacBook Air have become common online, which is unsurprising. The prospect of a 13-inch and larger 15-inch MacBook Air intrigues Tech reviewers and Mac enthusiasts. 

On Sunday, Bloomberg’s Mark Gurman reported that the laptops could hit the market between late spring and summer. Gurman’s account also suggests that at least the 13-inch version of the MacBook Air could feature an M3 chip. 

Well, a new independent source has confirmed the claim. 

According to 9to5Mac’s sources, Apple is already working on a new 13 and 15-inch MacBook Air — codenamed J513 and J515, respectively — with an M3 chip. Furthermore, the chip could have an entry-level 8-core CPU like the M1 and M2 chip. 

So when should we expect the new laptops?

When to Expect the New MacBook Air with M3 Chips

The release date for the 13- and 15-inch MacBook Air is currently unclear. 

In a previous report, analyst Ming-Chi Kuo reported that Apple could release a 15-inch MacBook Air with an M2 and M2 Pro chip in early April. On the other hand, Gurman’s report from Sunday said to expect the laptop sometime between May and June — maybe at WWDC. 

That seems more likely, considering Apple announced the M2 chip at the 2022 WWDC alongside a new MacBook Air. 

Finally, the 9to5Mac report also claims that Apple is working to refresh the 13-inch MacBook Pro with the M3 chip — the same as the forthcoming MacBook Air. Again, Apple announced the current 13-inch MacBook Pro refresh with the new M2 chip at the 2022 WWDC. 

The WWDC could feature three laptop announcements with an M3 chip — a 13-inch MacBook Pro refresh, 13-inch MacBook Air, and 15-inch MacBook Air. 


[ad_2]
Source link

Samsung pushes another update to the Galaxy Buds 2

andreasc
-
0
Samsung pushes another update to the Galaxy Buds 2
[ad_1]

Samsung‘s Galaxy Buds 2 TWS earbuds are receiving a new software update. It’s a relatively small update and comes just about a month after the last release. The buds seem to be getting some bug fixes and stability improvements. There may not be any new features in tow here, though.

The latest update for the Galaxy Buds 2 comes with the firmware build number R177XXUOAWB1 (via SamMobile). The OTA package weighs just about 3MB. A small OTA download size hints at a minor update and the official changelog confirms that. Samsung says the earbuds are getting stability and reliability improvements and nothing else. The company may be pushing some system optimizations to ensure more stable connectivity and user experience.

This software release for the Galaxy Buds 2 started rolling out a few days ago and is already available pretty widely. If you’re using the 2021 TWS pair from Samsung, you should be able to download the update via the Galaxy Wearable app on your connected smartphone, which must have an active internet connection. The app usually notifies you about new updates, but you can also manually check for them.

To manually update your Galaxy Buds, tap on the left hamburger menu on the Galaxy Wearable app’s home screen and select your earbuds. Now tap on Earbud Settings, go to the Earbuds software update menu, and tap on Download and install. Your phone will now start searching for available updates. If it finds any, you’ll be prompted to download it. If you don’t see any updates, wait a few days and check again.

Previous Galaxy Buds 2 update improved wireless charging

As said earlier, this is the second update for the Galaxy Buds 2 over the past month. While the latest release may not contain any user-facing changes, last month’s update brought charging stability improvements. It doesn’t notably change anything but the company likely pushed some internal improvements to the earbuds. For your reference, that update arrived with the firmware version R177XXU0AWA3.

Launched alongside the Galaxy Z Fold 3 and Galaxy Z Flip 3 foldables in August 2021, the Galaxy Buds 2 has yet to get a successor. Samsung followed the pair with the Galaxy Buds 2 Pro in August last year alongside its fourth-gen foldables. The Galaxy Z Fold 5 and Galaxy Z Flip 5 may now arrive with a new pair of TWS earbuds later this year. There haven’t been any rumors yet, but there’s still plenty of time for those.


[ad_2]
Source link

A quick look at eSIMs – the next big thing in mobile telecoms

andreasc
-
0
A quick look at eSIMs – the next big thing in mobile telecoms
[ad_1]

Snap inspection. Do you know where your SIM extraction tool is right now?

We didn’t think so.

While pretty much every aspect of smartphones has become slicker and more user-friendly over the years, the process of changing a SIM card has only got trickier. In fact, you can’t even do it without using a tiny tool that you’ve almost certainly lost.

Fortunately, change is just around the corner. The humble SIM card is on the brink of being replaced by the eSIM. Here’s why that’s the best news you’ll read today.

An eSIM – which stands for Electronic Subscriber Identity Module – is a programmable alternative to a standard SIM. That means it lets you make changes through software rather than hardware.

Buying a new plan or making changes to your existing plan is as simple as going online and scanning a QR code.

Adding eSIM iPhone image 83948348934

Besides never having to fish out your SIM extraction tool again, the major advantage of an eSIM is that it lets you enjoy global data roaming. Once you’re set up, you can go anywhere you like without having to contact your operator or pore through T&Cs.

But the benefits don’t stop there. An eSIM is also infinitely more secure than a traditional SIM, which is surprisingly vulnerable to simjacking, SIM cloning, SIM swaps, and other nefarious acts of cyber assault.

That’s because eSIMs won’t let you use them without entering an activation code. Your personal details are locked down tight unless you give explicit permission for them to be shared.

At this point, you’re probably wondering how to get your hands on this miracle technology. It’s surprisingly easy, with a huge number of telcos already in the space and countless more set to join them over the coming months and years.

You can take your pick from no-frills offerings like Flexiroam, which offers little in the way of customer support but a huge amount of value, or comprehensive and well-supported options like Airalo, which charges a bit more for a slicker customer experience.

Or you could go for a fantastic all-rounder like Nomad, which offers fantastic value and superb performance.

One day, you might even be able to pick up an eSIM contract with Starlink, the sci-fi satellite network that beams information around the world using space lasers.


[ad_2]
Source link

WhatsApp users can now reject Terms of Service, but that may come at the cost of app functions

andreasc
-
0
WhatsApp users can now reject Terms of Service, but that may come at the cost of app functions
[ad_1]
So, let’s rewind a bit to 2021. Some of you might recall that there was a mass abandonment of WhatsApp, which led to an increase in popularity of other apps like Telegram or Signal. But do you remember why that happened?

Well, WhatsApp rolled out a controversial update to their policy statement, which was a tad unclear and could be understood as “Hey, we’re going to be sending your info to Facebook from here on out, hope that’s fine”. Well, users didn’t take kindly to that. So much so that the European Union (EU) had to budge in and demand that WhatsApp improve the way it is explaining changes such as these so that the “terms” part can become more clear.

It took years — until yesterday in fact — for this to be settled and with this confirmation by the official blog of the EU, WhatsApp has completely agreed to all requirements. But does this mean that it is party time and that all Terms of Service (ToS) from Meta are gone forever, at least in the EU?

Of course not.

So, here is what WhatsApp will change from the point of view of the EU:

  • It is to provide clarity to future changes to contracts with users and more specifically, how that alters their rights
  • Furthermore, the developers of WhatsApp are to allow users to reject ToS alterations just as easily as users can accept it
  • Lastly, WhatsApp users are to be enabled to dismiss ToS update notifications so that they can postpone reading them in detail; In addition, no recurring notifications are to follow

That doesn’t sound that bad! So where is the catch? Well, last time that users were allowed to skip or deny ToS updates, WhatsApp informed them that certain features and functions would be disabled until further notice. While the company is yet to respond if this instance is different in any way, we don’t see how that may be the case, as the documents in question may contain entirely new segments related to newly introduced features. As such, if users don’t accept them, they won’t be able to legally function.

When the outcry of 2021 happened, WhatsApp was quick to respond that no data would be shared with Meta or Facebook. The company was quick to point out that conversations are encrypted either way, so it couldn’t possibly do that even if it wanted to. However, the damage had already been done, and hence now WhatsApp are heavily marketing their service through emphasis on security and encryption.

In review, this event is a bit of an oddball. Until we receive more information from WhatsApp on what the plan to implement these new rules is, we reserve further judgment. But if you are in a country that is part of the EU, you should definitely follow this story further. Naturally, we’ll make sure to let you know when we hear something.

[ad_2]
Source link

Top members of DoppelPaymer Ransomware gang arrested

andreasc
-
0
Top members of DoppelPaymer Ransomware gang arrested
[ad_1]

The DoppelPaymer ransomware gang was involved in targeted ransomware attacks against Visser Precision, the custom part supplier for high-profile firms in the automotive and aeronautics sectors.

In a joint operation launched by the Ukrainian National Police and the German Regional Police, with support from the FBI, the Dutch Police, and Europol’s Joint Cybercrime Action Taskforce (J-CAT), core members of the DopplePaymer ransomware gang were arrested.

The arrests took place on February 28th, 2023. Europol deployed three experts to Germany for cross-checking operational information against the agency’s databases and conducting crypto tracing and extended investigations operational and forensic analysis.

During the operation, a German citizen’s house was raided and extensive searching was carried out in the Ukrainian cities of Kyiv and Kharkiv. During the investigation, a Ukrainian national was also interrogated on suspicion of holding a crucial position in the ransomware group.

The forensic analysis of the confiscated equipment is currently underway. Europol formed a Virtual Command Post for connecting investigators and experts from the USA, Germany, the Netherlands, and Europol in real-time.

Top members of DoppelPaymer Ransomware gang arrested
Authorities analyzing the seized equipment (Image: Europol)

DoppelPaymer Ransomware Targeted High-Profile Firms

As reported by Hackread.com, the DoppelPaymer ransomware gang is involved in targeted, large-scale attacks against many prominent firms. Visser Precision, a part supplier for Boeing, SpaceX, Lockheed Martin, and Tesla, is among the targets of the notorious ransomware DoppelPaymer.

The hackers targeted the Colorado-based precision parts manufacturer and leaked some of their data on a website. They also asked for a ransom and have been threatening to leak sensitive data of Visser Precision’s clients.

The leaked data includes non-disclosure agreements the manufacturer of the US-based parts signed with SpaceX and Tesla. This criminal cybersecurity incident was confirmed by Visser. The company stated that the incident allowed unauthorized access by attackers who encrypted and stole sensitive data. Visser launched an investigation to detect security loopholes that had caused the hack.

It is worth noting that Visser’s business operations were not impacted and are functioning normally. The company did not disclose how the attackers managed to invade its computer networks.

The attackers behind this ransomware reportedly targeted 37 firms in Germany, and their US victims had paid 40 million between May 2019 and March 2021.

About DoppelPaymer Malware

CrowdStrike, a cybersecurity firm, reported that this file-encrypting malware first surfaced in April 2019. Its code is quite similar to BitPaymer ransomware, which is linked to a Russian cybercrime group called Indrik Spider aka Evil Corp.

It was formed in 2014 by the defunct GameOver Zeus criminal gang’s affiliates. The malware tactics are similar to a Windows-based banking malware, Dridex, equipped with a botnet and info-stealing capabilities.

“However, there are a number of differences between DoppelPaymer and BitPaymer, which may signify that one or more members of Indrik Spider have split from the group and forked the source code of both Dridex and BitPaymer to start their own Big Game Hunting ransomware operation,” CrowdStrike report read.

The attacks were enabled by Emotet malware, whereas DoppelPaymer was distributed via different channels, such as spam or phishing campaigns, in which the attached documents (VBScript or JavaScript) contained the malware.

In response to the news, Mark Lamb, CEO of HighGround.io, told Hackread.com, “This is another impactful collaboration from law enforcement, tackling a major ransomware gang not long in the wake of the takedown of the Hive ransomware gang.”

“DoppelPaymer has been causing havoc and costing organisations millions for over three years, and it relied on two of the world’s most notorious malware variants – Emotet and Dridex – to initially target businesses before executing the ransomware,” Mark added.

Mark warned that “with DoppelPaymer being a ransomware-as-a-service operation, it is likely there will be many more perpetrators behind the threat that will need to be caught before we can say goodbye to the ransomware for good.”

Mark also hopes that “the seized infrastructure should provide significantly more intelligence to law enforcement and it’s likely others behind the threat will face the heavy hand of the law very soon.”

  1. Cl0p ransomware gang members arrested
  2. Egregor ransomware gang members arrested in Ukraine
  3. Ransomware gang with $42m laundering caught by Ukraine
  4. Cardiologist developed Jigsaw v.2 and Thanos Ransomware
  5. Husband and wife ransomware operators arrested in Ukraine

[ad_2]
Source link

What you need to know

andreasc
-
0
What you need to know
[ad_1]

The US Government has been working on the National Cybersecurity Strategy Document 2023 for some time now, and it’s finally been released.

The US Government has been working on the National Cybersecurity Strategy Document 2023 for some time now, and it’s finally been released. The strategy document, which replaces the last such piece of work from 2018, attempts to indicate the general direction of the US approach to cybercrime and security for the next few years.

While you don’t necessarily need to take immediate action on the points raised, there’s a lot of talk about liability for poor security practices for larger organisations, better ratings for IoT devices, and a greatly improved hiring strategy for unfilled security vacancies. If these are areas of concern for you, we highlight the important parts below.

 As per the WSJ, the five primary areas for action are:

  • Defending critical infrastructure
  • Disruption and dismantling of criminal gangs
  • Shape market forces
  • Investing in a resilient future
  • Forge international partnerships

One large part of this new strategy is that organisations potentially most well equipped to fend off attacks must step up and do more:

The most capable and best positioned actors in cyberspace must be better stewards of the digital ecosystem…we must ask more [across both the public and private sectors] of the most capable and best positioned actors to make our digital ecosystem more secure and resilient. In a free and interconnected society, protecting data and ensuring the reliability of critical systems must be the responsibility of the owners and operators of the systems that hold our data and make our society function, as well as of the technology providers that build and service these systems.

With this in mind, then, let’s highlight some of the standouts from relevant sections.

Defending critical infrastructure

Expanding the use of minimum cybersecurity requirements in critical sectors

If you work in a critical sector of industry, you can expect to see new requirements heading your way in the near future. “Existing authorities” will set new requirements for cybersecurity, and where gaps exist in statutory authorities to create minimum standards, the Administration will work with congress to close them. Regulations will be performance based and make use of existing security frameworks—no reinventing the wheel here. A focus on driving better practices in the cloud industry is also evident.

Update Federal response plans

You can expect better processes should you need to contact Federal authorities after a cyber incident, with the aim of creating a “unified, coordinated, whole of government response” with organisations able to quickly and easily find out who to contact, and when. The National Cyber Incident Response Plan (NCIRP) will be updated through this work, and the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) will require specific entities in critical infrastructure sectors to report incidents to CISA “within hours”.

Disruption of criminal gangs

Engaging the private sector in disruption activities

The Government wants to combine the “unique insights and capabilities” of the private sector with the ability to take decisive action by Federal agencies. There’s a strong desire here to have private sector partners organise through non-profit organisations serving as hubs for operational collaboration with the Federal government.

Virtual collaboration platforms will be used for these activities and information sharing processes, with the Government looking after the necessary security requirements and records management activities. In other words: if your organisation casts a wide security net, gathers data on attempted attacks, blocks and catches interesting files, wards off ransomware, and spots dubious network traffic, then there’s something approaching an Avengers initiative waiting in the wings.

Shape market forces

Promoting privacy and the security of personal data

Making large organisations accountable for failing to be responsible stewards of data is a key thread running throughout the strategy document. This is because the costs are often passed on to everyday people, with the biggest impact being felt on vulnerable populations.

Internet of Things devices can expect to fall under “IoT security labelling programs”, which will allow consumers to compare security protections offered by devices. The idea here is to create a market incentive for better security across the IoT space, but this is reliant upon people understanding that these labels exist, and what they mean in practice.

Shifting liability for software products and services to promote secure development practices

If you know someone who works for an organisation playing fast and loose with data, security practices, and compliance, they should be warned: there’s a liability storm coming. The Administration is going to be working with Congress and the private sector to develop legislation establishing liability for software products and services, along with a “safe harbour” for those securely developing and maintaining products and services.

Investing in a resilient future

Develop a national strategy to strengthen our cyber workforce

The hundreds of thousands of vacancies in cybersecurity positions nationwide are a sore point for this Administration. If you’re short on security workers yourself, then the proposed development of a National Cyber Workforce and Education Strategy may be what you’ve been looking for. Critical infrastructure is once again a key talking point, and it aims to improve hiring among underrepresented groups of candidates. This plan aims to make use of several already existing schemes, and also take inspiration from successful hiring practices in other nations.

What’s the response so far?

There is some criticism for the plans, mainly on the basis that plans come and go but rarely manage to keep pace with the actual speed of changing technological threats. As Bloomberg Law points out, the plan itself has no regulatory teeth and it’s now mainly up to various agencies to take the ball and run with it in terms of making new changes.

New strategies for tackling cybercrime and protecting critical infrastructure are always welcome, but it remains to be seen how much practical impact the Biden Administration’s 2023 National Cybersecurity Strategy will have over the next few years.

Have a burning question or want to learn more about our cyberprotection? Get a free business trial below.

GET STARTED


[ad_2]
Source link
1...1,3841,3851,386...1,452Page 1,385 of 1,452