CyberSecurity Updates

08 Dec

To tap or not to tap: Are NFC payments safer?

Information

Magnetic stripe cards were all the rage 20 or so years ago, but their security was fragile, and the requirement for signatures often added to the hassle of transactions – not to mention, they lacked data encryption, making them vulnerable to skimming and cloning by criminals.  Chip-based cards emerged as a successor, offering enhanced security through data encryption. These cards required insertion into payment terminals (POS) and authentication with a PIN, marking a shift toward…

Read More
07 Dec

The UK-US Blog Series on Privacy-Preserving Federated Learning: Introduction

Insights

This post is the first in a series on privacy-preserving federated learning.The series is a collaboration between CDEI and NIST. Advances in machine learning and AI, fueled by large-scale data availability and high-performance computing, have had a significant impact across the world in the past two decades. Machine learning techniques shape what information we see online, influence critical business decisions, and aid scientific discovery, which is driving advances in healthcare, climate modelling, and more. Training…

Read More
07 Dec

CISA and International Partners Release Advisory on Russia-based Threat Actor Group, Star Blizzard

Attacks, Insights, Malware

Today, the Cybersecurity and Infrastructure Security Agency (CISA)—in coordination with the United Kingdom’s National Cyber Security Centre (UK-NCSC), Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NCSC-NZ), and the U.S. National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Cyber Command Cyber National Mission Force (CNMF)—released a joint Cybersecurity Advisory (CSA) Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns.…

Read More
07 Dec

Beware of predatory fin(tech): Loan sharks use Android apps to reach new depths

Information

Since the beginning of 2023, ESET researchers have observed an alarming growth of deceptive Android loan apps, which present themselves as legitimate personal loan services, promising quick and easy access to funds. Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all while collecting their victims’ personal and financial information to blackmail them, and in the end gain their funds. ESET products…

Read More
07 Dec

Navigating privacy: Should we put the brakes on car tracking?

Information

Tracking has recently become a big bogeyman. The sheer amount of data that an app or an operating system (OS) can use to identify you and collect your data is enormous, depending on the method of tracking it uses. While it’s clear why manufacturers and sellers desire more data – to tailor their products, enhance efficiency, appeal to consumers, boost sales, and fuel innovation – this often incurs a hidden cost – our privacy. Some…

Read More
06 Dec

ICANN Launches Service to Help With WHOIS Lookups

Information, Insights

More than five years after domain name registrars started redacting personal data from all public domain registration records, the non-profit organization overseeing the domain industry has introduced a centralized online service designed to make it easier for researchers, law enforcement and others to request the information directly from registrars. In May 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) — the nonprofit entity that manages the global domain name system — instructed all…

Read More
06 Dec

CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps

Attacks, Insights, Malware

Today, as part of the Secure by Design campaign, CISA published The Case for Memory Safe Roadmaps: Why Both C-Suite Executives and Technical Experts Need to Take Memory Safe Coding Seriously in collaboration with the following partners: United States National Security Agency United States Federal Bureau of Investigation Australian Signals Directorate’s Australian Cyber Security Centre Canadian Centre for Cyber Security United Kingdom National Cyber Security Centre New Zealand National Cyber Security Centre Computer Emergency Response…

Read More
05 Dec

CISA Releases Advisory on Threat Actors Exploiting CVE-2023-26360 Vulnerability in Adobe ColdFusion

Attacks, Insights, Malware

Today, CISA released a Cybersecurity Advisory (CSA), Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers, to disseminate known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs). The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in arbitrary code execution. CISA encourages network defenders and critical infrastructure organizations to review the CSA to improve their cybersecurity posture and protect against…

Read More
04 Dec

NCCoE 5G Cybersecurity: Connecting the Dots Between IT and Teleco Cybersecurity Capabilities in 5G Systems

Insights

5G will eventually impact every single industry—from healthcare to financial to even agriculture and transportation…and its impact is only increasing over time. Despite its benefits, it comes with privacy and security risks. An increasing number of interconnected devices increases the attack surface. In addition, there are also increased supply chain vulnerabilities and network visibility issues (companies may have issues identifying attacks since there may be a lot of new web traffic from mobile devices and/or…

Read More
02 Dec

Teaching appropriate use of AI tech – Week in security with Tony Anscombe

Information

Video Several cases of children creating indecent images of other children using AI software add to the worries about harmful uses of AI technology 01 Dec 2023 It has been reported recently that children are using artificial intelligence (AI) image generators to create indecent images of other children. The reports came amid a few publicized cases where several young people faced severe emotional distress and trauma as a result of fabricated imagery depicting them, further…

Read More