Security Leftovers

posted by Roy Schestowitz on Aug 28, 2022,
updated Aug 28, 2022

• New 'Agenda' Ransomware Customized for Each Victim

  Written in the Golang (Go) cross-platform programming language, the threat has the ability to reboot systems in safe mode and to stop server-specific processes and services.

  Agenda targets Windows-based systems and has been used in attacks against healthcare and education organizations in Indonesia, Saudi Arabia, South Africa, and Thailand.

• 5G Networks Are Worryingly Hackable [Ed: There are much worse things about 5G and Microsoft is not a security expert, it is a cult that actively undermines security]

  At a hacker conference held in the Netherlands last month, Karsten Nohl, founder of Berlin-based Security Research Labs, outlined how his team had breached live 5G networks in a series of “red teaming” exercises—where hackers are hired by a company to test their defenses. In most cases they were able to take control of the network, he says, potentially allowing them to steal customer data or disrupt operations.

• Researcher Hacks Starlink Terminal to Warn SpaceX of Dangerous Flaws

  SpaceX has launched a total of 3,009 satellites to low Earth orbit, building out a megaconstellation designed to beam down connectivity to even the most distant parts of the world. Starlink customers get a 19-inch wide Dishy McFlatface (a clever name bestowed upon the company’s satellite dish) to install on their homes, or even carry with them on the road.

• Technical Perspective: The Effectiveness of Security Measures

  In the late 1990s, we came to the realization that users were central to computer and information security. Ross Anderson famously argued that "the threat model was completely wrong" when referring to our historical focus on securing technical components while ignoring possible human mistakes. A large and growing body of research has subsequently attempted to study how people face computer security challenges. Studies in the adjacent field of information privacy revealed that user behavior is complex. People may profess caring about their privacy, but frequently end up making decisions that prove costly, for example, due to limited information or to behavioral biases that lead them to miscalculate long-term risks.

• Raising the Ramparts [Ed: CISA puff piece at ACM]

  That growth is no surprise, with commonplace nation-state attacks on critical infrastructure and government data assets. The U.S. federal government and its agencies, with the aid of the Cybersecurity & Infrastructure Security Agency (CISA), are ramping up cyber defenses to combat disabling ransomware and complex attacks. They are using approved security products that the government and the military vet specifically for these purposes.

  However, government organizations are not the only ones in jeopardy.

• Next generation key to combat cyber threat [Ed: Corporate puff piece (AAP) disguised as "journalism" about security. A lot of 'journalism' is nowadays PR simply because it is the only business model they've found. But when readers find out they flee, so this business model too is doomed to fail.]

  Global software company Elastic, which serves half the Fortune 500, says Andy Penn’s call for greater government investment in education is the bottom line for strengthening Australia’s cyber protections.