CyberSecure Specialist

12 Dec

A Note on progress…NIST’s Digital Identity Guidelines.

Insights

In August 2023 the Digital Identity Guidelines team hosted a two-day workshop to provide a public update on the status of revision 4. As part of that session, we committed to providing further information on the status of each volume going forward. In fulfillment of this commitment, we wanted to offer a quick update on where we stand. Our goal remains to have the next version of each volume out by the Spring of 2024.…

Read More
12 Dec

CISA Releases SCuBA Google Workspace Secure Configuration Baselines for Public Comment

Attacks, Insights, Malware

Today, CISA released the draft Secure Cloud Business Applications (SCuBA) Google Workspace (GWS) Secure Configuration Baselines and the associated assessment tool ScubaGoggles for public comment. The draft baselines offer minimum viable security configurations for nine GWS services: Groups for Business, Google Calendar, Google Common Controls, Google Classroom, Google Meet, Gmail, Google Chat, Google Drive and Docs, and Google Sites. The ScubaGoggles tool assesses GWS tenants’ compliance against the baselines.    Federal agencies and other organizations are invited…

Read More
10 Dec

Black Hat Europe 2023: The past could return to haunt you

Information

Critical Infrastructure Legacy protocols in the healthcare industry present dangers that can make hospitals extremely vulnerable to cyberattacks. Tony Anscombe 08 Dec 2023  •  , 3 min. read The healthcare industry will, I am sure, remain a significant target for cybercriminals due to the huge potential it provides them to monetize their efforts through ransomware demands or by abusing the exfiltrated data of patients. Operational disruption and sensitive data, such as medical records, combined with…

Read More
10 Dec

Surge in deceptive loan apps – Week in security with Tony Anscombe

Information

Video ESET Research reveals details about a growth in the number of deceptive loan apps on Android, their origins and modus operandi 08 Dec 2023 This week, ESET researchers have taken a look at a steep increase in deceptive loan apps for Android. According to ESET Research, there has been a large growth of these apps across unofficial third-party app stores, Google Play, and websites since the beginning of 2023. These apps request various sensitive…

Read More
08 Dec

Atlassian Releases Security Advisories for Multiple Products

Attacks, Insights, Malware

Atlassian has released security updates to address vulnerabilities affecting multiple Atlassian products. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply the necessary updates or mitigations. CVE-2023-22522 – RCE Vulnerability In Confluence Data Center and Confluence Server CVE-2023-22524 – RCE Vulnerability in Atlassian Companion App for MacOS CVE-2023-22523 – RCE Vulnerability in Assets Discovery CVE-2022-1471 –…

Read More
08 Dec

To tap or not to tap: Are NFC payments safer?

Information

Magnetic stripe cards were all the rage 20 or so years ago, but their security was fragile, and the requirement for signatures often added to the hassle of transactions – not to mention, they lacked data encryption, making them vulnerable to skimming and cloning by criminals.  Chip-based cards emerged as a successor, offering enhanced security through data encryption. These cards required insertion into payment terminals (POS) and authentication with a PIN, marking a shift toward…

Read More
07 Dec

The UK-US Blog Series on Privacy-Preserving Federated Learning: Introduction

Insights

This post is the first in a series on privacy-preserving federated learning.The series is a collaboration between CDEI and NIST. Advances in machine learning and AI, fueled by large-scale data availability and high-performance computing, have had a significant impact across the world in the past two decades. Machine learning techniques shape what information we see online, influence critical business decisions, and aid scientific discovery, which is driving advances in healthcare, climate modelling, and more. Training…

Read More
07 Dec

CISA and International Partners Release Advisory on Russia-based Threat Actor Group, Star Blizzard

Attacks, Insights, Malware

Today, the Cybersecurity and Infrastructure Security Agency (CISA)—in coordination with the United Kingdom’s National Cyber Security Centre (UK-NCSC), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NCSC-NZ), and the U.S. National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Cyber Command Cyber National Mission Force (CNMF)—released a joint Cybersecurity Advisory (CSA) Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns.…

Read More
07 Dec

Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths

Information

Since the beginning of 2023, ESET researchers have observed an alarming growth of deceptive Android loan apps, which present themselves as legitimate personal loan services, promising quick and easy access to funds. Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all while collecting their victims’ personal and financial information to blackmail them, and in the end gain their funds. ESET products…

Read More
07 Dec

Navigating privacy: Should we put the brakes on car tracking?

Information

Tracking has recently become a big bogeyman. The sheer amount of data that an app or an operating system (OS) can use to identify you and collect your data is enormous, depending on the method of tracking it uses. While it’s clear why manufacturers and sellers desire more data – to tailor their products, enhance efficiency, appeal to consumers, boost sales, and fuel innovation – this often incurs a hidden cost – our privacy. Some…

Read More