Cyber Bites

President Joe Biden signed a national security memorandum (NSM) on Thursday calling for government agencies to implement measures to mitigate risks posed by guantum computers to US national cyber security. The NSM highlights the dangers of cryptanalytically relevant quantum computers (CRQC), including their potential ability to brake public-key cryptography. Immediate risks include: Endangering civilian and military communications. Undermining supervisory and control systems for critical infrastructure. Defeating security protocols for the vast majority of Internet-based financial transactions....

NATO's Cooperative Cyber Defence Centre of Excellence (CCDCOE) has admitted South Korea, the first Asian country to join. The country's National Intelligence Service (NIS) made the announcement today, noting that it will represent South Korea in the centre's training and research activities. “We plan to strengthen our cyber response capabilities to a world-class level by increasing the number of our staff sent to the centre and expanding the scope of joint training,” the NIS said, as...

The Open Web Application Security Project (OWASP) has patched a vulnerability in its Enterprise Security API (ESAPI) that, if neglected, could have been abused to run path traversal attacks. The flaw, which had a security severity rating of 7.5 out of 10 and involved the ESAPI validator interface, can be resolved by applying the patched 2.3.0.0 release. Yaniv Balmas, VP of Research at Salt Security, notes that while the vulnerability is a relatively moderate one...

New research from the email security firm Inky has revealed that more than 1000 emails were sent from NHS inboxes over a six month period. The firm has claimed that the campaign, beginning October 2021, escalated "dramatically" in March of this year. After the findings were reported to the NHS on April 13, Inky reported that the volume of attacks fell significantly to just a "few". “The majority were fake new document notifications with malicious links...

The National Cyber Security Centre (NCSC), working alongside the Institute of Engineering and Technology (IET) and the UK's Centre for the Protection of National Infrastructure (CPNI), has developed new document providing best practices for those involved in the design, management, operation and security of building-related systems. The Code of Practice: Cyber Security in the Built Environment focuses on the security principles stakeholders should apply to a range of technologies in the built environment. “A building being...

The Securities and Exchange Commission (SEC) has made serious improvements to its in-house cryptocurrency and cybersecurity skills. The move comes as an attempt to improve investor confidence and enhance the transparency of listed companies. 20 additional positions have been added to the regulator's newly renamed Crypto Assets and Cyber Unit. Previously known as the Cyber Unit, the function sits in the Division of Enforcement, growing to 50 dedicated positions. While the SEC touted the previous...

Researchers at Sentinel Labs have identified a new cluster of malicious cyber activity tracked as Moshen drago, with its efforts aimed at telecommunication service providers in Central Asia. The new threat group does have overlaps with "RedFoxtrot" and "Nomad Panda," notably including the use of ShadowPad and PlugX malware variants, their activities' differentiate enough to follow the seperately. A new report from Sentinel Labs claims that Moshen Dragon is a skilled hacking group, able to...

Spyware has been found on the mobile phones of Pedro Sánchez, prime minister of Spain, and Margarita Robles, the country's minister of defence. The Spanish government revealed in a press conference given Monday morning that the phones had been infected withy Pegasus spyware, extracting data from both devices. Félix Bolaños, the minister for the presidency, said that the PM's phone was targeted in May and June 2021, while Robles's was illegally monitored in June 2021....

Europol has warned of a projected rise in the use of deepfake technology by organised crime organisations. Deepfakes involve the use of artificial intelligence to create realistic audio and audio-visual content “that convincingly shows people saying or doing things they never did, or create personas that never existed in the first place.” Facing Reality? Law enforcement and the challenge of deepfakes is the first published analysis of the Europol Innovation Lab's Observatory function, warning that...

Market analysts at GlobalData have predicted that global cybersecurity spending is set to increase by 58%, reaching $198bn by 2025. GlobalData claims that an increasingly tense geopolitical landscape and the COVID-19 pandemic has placed the advantage squarely in the hands of threat actors. Spending will be primarily directed towards software, followed by services and hardware. “The past few years have shown that no one, not even specialist cybersecurity providers themselves, is safe from attack. Cyber-attacks are...