With opening remarks by Professor Ciaran Martin CB, Chair of International Cyber Expo’s Advisory Council, the Global Cyber Summit assembles some of the industry’s greatest minds to review ongoing cyber threats, priorities and challenges. Uniquely, the programme this year invites advisors closely associated with Ukrainian government agencies to present their invaluable insight into the reality and impact of Russian cyber-attacks on the country and beyond. 

Special guest speakers include Oksana Kharchenko, a member of YouControl – a Ukrainian team of developers creating services for business analysis – who will delve into the challenges of managing sanctions risk in the current geopolitical setting. Andrew Hural, Director, MDR of UnderDefense – a prominent cyber security company offering pro bono services to Ukrainian government entities – will also reflect on the last 500 days of Russian cyber operations, determining the successes and failures of their espionage. 

Other globally pertinent subject matters will be discussed by world-renowned experts as well. 

Below are a few agenda highlights: 

• Nicola Whiting MBE, co-owner of Titania Group, will reveal why diversity and inclusion efforts might be stalling, and provides a new framework.
• Theresa Deumchen, Tech Policy Associate at Global Counsel, examines the regulatory landscape concerning generative AI.
• Alexsander Gorkowienko, SecurityLabs Senior Managing Consultant at Spirent Communications, will explain how EU security regulations, such as the NIS 2 Directive, might affect businesses across the region.
• Jake Moore, Global Cyber Security Advisor at ESET, sheds light on his attempt to manipulate recruitment staff, land a job inside a company and gain full access to their data. 
• Stewart Bertram, Head of Cyber Threat Intelligence at Elemendar, utilises a mix of case studies and theories to expose the crossover between misinformation and cyber threat operations.
• Rashik Parmar, Group CEO of BCS, The Chartered Institute for IT, and Dr Saritha Arunkumar, IBM Public Cloud Worldwide Technical Leader – Security, sit together on a panel to address the question: What does the rise of AI and quantum computing mean for the future of cyber security?
• Charlotte Hooper, Helpline Manager at The Cyber Helpline highlights the impact of cybercrime on individuals and what can be done to support them.

Attendees of the Global Cyber Summit can also take advantage of scheduled talks at the co-located International Security Expo. In fact, Joel Aleburu at Microsoft will be speaking here about the role of cyber espionage in terrorist activities on the first day of the event; while Joe Wrieden, Intelligence Analyst at Cyjax will assess the key role of Advanced Persistent Threats (APTs) in serious and organised crime on the second day.

“It has been an absolute delight and honour to curate International Cyber Expo’s Global Cyber Summit agenda, once again. We received a substantial influx of speaker submissions, far surpassing that of last year, which only goes to prove the event’s success since its inaugural launch last year,” said Philip Ingram MBE, former senior British Military Intelligence Officer and Content Lead for International Cyber Expo. “We have a phenomenal schedule of speakers, tackling a number of timely topics from AI and quantum computing to the Ukrainian experience amid its Russian invasion. Equally important, and what makes the Summit one-of-a-kind, is the opportunity for audiences to explore the overlapping nature of these issues in the cyber and physical worlds, considering International Security Expo is just down the hall.”

All sessions are CPD Certified. 

While it continues to be refined, you can find the latest Global Cyber Summit programme and details about speakers, here: https://www.internationalcyberexpo.com/international-security-conference 

To register for FREE as a visitor: https://ice-2023.reg.buzz/eskenzi

The post Programme for International Cyber Expo’s Global Cyber Summit 2023 Announced appeared first on IT Security Guru.

What Is Cybersecurity?

Cybersecurity protects computer systems, networks, programmes, and data from unauthorised access, damage, disruption, or theft. It involves implementing various measures and strategies to mitigate risks, defend against cyber threats, and ensure digital assets’ confidentiality, integrity, and availability.

How Important is Cybersecurity?

In an era where digital technologies are deeply intertwined with our personal, professional, and societal activities, the significance of cybersecurity is massive. Consider the vast amount of sensitive information stored in databases, such as financial records, medical data, and personally identifiable information. Cybercriminals seek to exploit vulnerabilities in these systems to gain unauthorised access and exploit or sell this valuable information for personal gain.

Cyberattacks pose a significant threat to national security and critical infrastructure. Attacks on power grids, transportation systems, or communication networks can have devastating consequences, impacting the functioning of entire nations. Protecting these vital systems requires robust cybersecurity measures to ensure their uninterrupted operation and safeguard against potential attacks.

What Are the Key Principles of Cybersecurity?

Several vital aspects come together to make up a solid cybersecurity defence and keep private data safe.

Confidentiality

Confidentiality ensures that sensitive data is accessible only to authorised individuals or systems. Encryption, access controls, and secure communication protocols are employed to protect information from unauthorised disclosure,

Integrity

Integrity guarantees the accuracy and reliability of data throughout its lifecycle. Any unauthorised modifications, tampering, or corruption can be detected and prevented by implementing measures such as data validation, checksums, and digital signatures.

Availability

Availability ensures that information and systems are accessible and usable when needed. To achieve this, redundancy, fault tolerance, and disaster recovery plans are established to minimise downtime and ensure business continuity.

Authentication

Authentication verifies the identity of users, devices, or systems attempting to access resources. Passwords, biometric authentication, two-factor authentication (2FA) and multifactor authentication (MFA) are commonly used to establish trust and prevent unauthorised access.

Authorisation

Authorisation determines the level of access granted to authenticated users or systems. Role-based access control (RBAC), access permissions, and privilege management frameworks are implemented to restrict access based on predefined rules and policies.

Cybersecurity Practices and Technologies

You can employ a wide range of cybersecurity practices and technologies to keep data safe. We’ve outlined some of the best practices and technologies below.

Firewalls

Firewalls act as a barrier between internal and external networks (such as the Internet), filtering incoming and outgoing traffic based on predefined security rules. They help prevent unauthorised access and protect against various network-based attacks.

Intrusion Detection and Prevention Systems (IDPS)

IDPS monitor network traffic and systems for signs of malicious activities or unauthorised access attempts. They can identify and respond to potential threats in real time, providing an additional layer of defence against cyberattacks.

Antivirus and Anti-Malware Software

Antivirus and antimalware software scan files, programs, and systems to detect and eliminate malicious software, such as viruses, worms, Trojans, and spyware. Regular updates and scans are crucial to staying protected against the latest threats.

Data Encryption

Data encryption converts information into an unreadable format called ciphertext to protect its confidentiality. Encryption algorithms, such as Advanced Encryption Standard (AES) or RSA, ensure that even if data is intercepted, it remains unreadable without the corresponding decryption keys.

Regular Updates and Patching

Cybercriminals often exploit software vulnerabilities to gain unauthorised access. Regular updates and patching of operating systems, applications, and firmware help address known vulnerabilities and strengthen system security.

The post What Does Cybersecurity Really Mean? appeared first on IT Security Guru.

In a combination of roundtable discussions, fireside chats and presentations, sessions will explore a variety of themes; from cyber warfare, ransomware, and the legal landscape as it relates to data privacy, to building diversity into one’s business culture, and the questions raised by emerging technologies like the metaverse, blockchain and quantum computing.   

Having introduced the summit, Professor Ciaran Martin CB will hand over to an exciting mix of globally-recognised experts, exploring the state of cybersecurity from an unconventional approach; this will be continued on the second day. 

On Day 1, Professor Ciaran Martin CB will be accompanied on stage by: 

• Dr. Victoria Baines, British Computer Society Fellow and former Trust and Safety Manager for Facebook EMEA, will speak about online trust and safety in the age of surveillance as well as touch upon the politics of security, more generally.
• Charlie Morrison, Head of the Cyber Griffin team – a programme which makes up one arm of the City of London Police’s Cyber Crime Unit – will delve into the current intelligence and trends observed within the nation’s centre of business, otherwise known as the ‘Square Mile’. 
• Christine Bejerasco, Chief Technology Officer at With Secure and a globally sought-after keynote speaker, will explore the agility of threat actors and the width of the attack surface before diving into an outcome-based approach to cybersecurity. 
• Lisa Forte’s Respect in Security Team will be taking to the stage for a panel discussion with TEDx speaker, Marilise de Villiers, Founder & CEO – ROAR, amongst others, and will be exploring how far the industry has come in embracing diversity, but within the context of the Respect in Security campaign. Jitender Arora, CISO at Deloitte, will be joining in the conversation. 

On Day 2, some highlights include:

• Titled ‘How to Steal a Vaccine’, Rob Shapland, ethical hacker and head of Cyber Innovation at Falanx Cyber, demonstrates how cybercriminals design, plan and maximise the success of their attacks in an effort to steal Covid vaccines.
• Like all government agencies and in particular, with the National Cyber Security Centre being part of Government Communications HQ (GCHQ), anonymity is part of the game. However, the NCSC has confirmed a senior director to give real insights as to how they are keeping industry and the public safe from growing cyber threats and will be answering questions as to how to best use their services.

• With the Summit’s international focus, Scott Wilcox, CEO of Sicuro will be giving insights from a Dubai and Middle East perspective where he is based, examining why security departments are unprepared for persistent threats and more. What will be clear are the similarities that transcend international borders.

“We are honoured to welcome a myriad of esteemed industry experts to speak at this year’s Global Cyber Summit; all of whom share in our mission to empower the community with knowledge and drive collaboration to tackle our ever-growing list of challenges,” said Philip Ingram MBE, former senior British Military Intelligence Officer and Content Lead for the International Cyber Expo. “The last thing we want to do is sit an audience in front of another sales pitch, so we have made a point not to accept paid speaking opportunities. We are committed to producing a show that brings value to our attendees, and I believe we will have accomplished that, thanks to our guest speakers.” 

All sessions will be ranked according to technicality, allowing attendees – be they non-technical or highly-technical – to find discussions best suited to them.  

For the full Global Cyber Summit programme, visit: https://www.internationalcyberexpo.com/global-cyber-summit  

 To register for FREE as a visitor: https://ice-2022.reg.buzz/e1

The post Industry All-Stars Take Stage at International Cyber Expo’s Global Cyber Summit appeared first on IT Security Guru.

On April 21, the post was updated to include the URLs of two more compromised government departments – the Ministry of Labour and Social Security and the Fund for Social Development and Family Allowances – shortly followed by an invite to Costa Rican hackers to monetize the growing tranche of published data. A freshly inaugurated government led by Rodrigo Chaves has not obliged Conti, instead declaring a State of Emergency in response to the attacks, which the president has compared to terrorism.

But now it’s more bad news for Costa Rica as previous ransomware demands made on the country bringing it to a state of emergency have been raised to $20m, with threat actors threatening to overthrow President Chaves’ government. The Conti ransomware gang has also urged Costa Rican residents to “go to your government and organize rallies so that they would pay us as soon as possible. If your current government cannot stabilize the situation? Maybe its [sic] worth changing it?”

This is something Searchlight Security analysts have recently explored in an in-depth blog on the situation looking at who the threat actor UNC1756 is. Louise Ferrett, a threat analyst with Searchlight Security also said:

“Threat actor UNC1756’s claims that it has insiders in the Costa Rican government should be treated with some scepticism. Dark web records reveal a user by this moniker has only been active on a popular cybercrime forum since March 2022 – around a month before the attacks on Costa Rica started. So, while it’s possible UNC1756 could have bribed or socially engineered insiders within the country’s government, it seems unlikely they would have amassed so much influence so quickly. Even considering the longevity and previous successes of Conti as a whole, it is a known tactic for ransomware gangs to make exaggerated and outlandish threats in order to instil a sense of urgency in the victim and obtain a ransom payment. Costa Rica’s government should continue with its recovery plan as laid out by experts, while remaining vigilant for any evidence of malicious insiders.”

The post Who is UNC1756 – the hacker threatening Costa Rica? appeared first on IT Security Guru.

Perlroth begins her talk by painting a picture of today’s sombre reality, highlighting the threat of Russian cyberattacks on our critical infrastructure and the latest discovery of Pipedream – the seventh known malware developed to disrupt industrial control systems.

When she first joined NYT in 2010, Perlroth was hired to be a cybersecurity business journalist, covering the latest mergers and acquisitions within the industry. Little did she know that the world would face the monumental Stuxnet worm attack that same year. In an attempt to curb World War III and halt the Iranian nuclear programme, Stuxnet showed just what code was capable of. It was a watershed moment for offensive cybersecurity by nation-states.

At the time, Russia was considered to have the most sophisticated cyber capabilities but such prowess was generally engaged in cybercrime as opposed to nation-state activity. China did not necessarily pose an immediate threat either, as they were primarily focused on stealing IP. Then there were some like Iran that did hold a grudge towards countries like the United States but did not have the cyber skills. In a very short span of time, that landscape shifted markedly and countries around the world began to heavily invest in their cyber arsenal. Russia’s aims quickly changed, and the world underestimated how fast Iran would catch up skills-wise. In fact, nothing demonstrated this better than the Shamoon virus they unleashed in 2012, which wiped data from tens of thousands of computers owned by Saudi Aramco.

It wasn’t until three years later though – when the New York Times itself fell victim to Chinese hackers seeking to uncover the publication’s confidential sources – that Perlroth, personally, experienced a wake-up call. As Perlroth waited for a cavalry that would never appear and a conviction that would never come, it dawned on the journalist that the organisation itself had to learn to fend for itself. She quickly realised that cyber warfare is not a military exercise, but a societal and organisational problem. Therefore, it is critical that greater awareness is raised among the public about the threats that exist. Equally important, the language we use to communicate this should be ‘dumbed down’, with all jargon removed.

It is often easy for individuals and organisations to think: what would any nation-state want with me? Particularly, when the business does not operate directly within critical national infrastructure. Yet, Nicole has seen first-hand how a mom-and-pop welding shop out in the country had put Fortune 500 companies at risk. She reiterated that, while the affiliations may not be apparent, critical national infrastructure is an ecosystem and most attacks are enabled by the weakest link. With that said, building a strong cybersecurity culture is incredibly important.

The post KB4-Con: This is How Nicole Perlroth Tells Us the World Ends appeared first on IT Security Guru.

Armis, the unified asset visibility and security platform, disclosed five critical vulnerabilities, known as TLStorm 2.0, in the implementation of TLS communications in multiple models of network switches. The vulnerabilities stem from a similar design flaw identified in the TLStorm vulnerabilities (discovered earlier this year by Armis), expanding the reach of TLStorm to millions of additional enterprise-grade network infrastructure devices.

In March 2022, Armis first disclosed TLStorm—three critical vulnerabilities in APC Smart-UPS devices. The vulnerabilities allow an attacker to gain control of Smart-UPS devices from the internet with no user interaction, resulting in the UPS overloading and eventually destroying itself in a cloud of smoke. The root cause for these vulnerabilities was a misuse of NanoSSL, a popular TLS library by Mocana. Using the Armis knowledgebase—a database of more than two billion assets—researchers identified dozens of devices using the Mocana NanoSSL library. The findings include not only the APC Smart-UPS devices but also two popular network switch vendors that are affected by a similar implementation flaw of the library. While UPS devices and network switches differ in function and levels of trust within the network, the underlying TLS implementation issues allow for what the company calls “devastating consequences.”

The new TLStorm 2.0 research exposes vulnerabilities that could allow an attacker to take full control over network switches used in airports, hospitals, hotels, and other organisations worldwide. The affected vendors are Aruba (acquired by HPE) and Avaya Networking (acquired by ExtremeNetworks). We have found that both vendors have switches vulnerable to remote code execution (RCE) vulnerabilities that can be exploited over the network, leading to:

• Breaking of network segmentation, allowing lateral movement to additional devices by changing the behaviour of the switch
• Data exfiltration of corporate network traffic or sensitive information from the internal network to the Internet
• Captive portal escape

Armis says that these research findings are significant as they highlight that the network infrastructure itself is at risk and exploitable by attackers, meaning that network segmentation alone is no longer sufficient as a security measure. 

Barak Hadad, Head of Research at Armis said: “The TLStorm set of vulnerabilities are a prime example of threats to assets that were previously not visible to most security solutions, showing that network segmentation is no longer a sufficient mitigation and proactive network monitoring is essential. Armis researchers will continue to explore assets across all environments to make sure our knowledgebase of more than two billion assets is sharing the latest threat mitigations to all of our partners and customers.”

Captive Portals 

A captive portal is the web page displayed to newly-connected users of a Wi-Fi or wired network before they are granted broader access to network resources. Captive portals are commonly used to present a login page that may require authentication, payment, or other valid credentials that both the host and user agree upon. Captive portals provide access to a broad range of mobile and pedestrian broadband services, including cable and commercially provided Wi-Fi and home hotspots, and enterprise or residential wired networks, such as apartment complexes, hotel rooms, and business centers.

Using the TLStorm 2.0 vulnerabilities, an attacker can abuse the captive portal and gain remote code execution over the switch with no need for authentication. Once the attacker has control over the switch, they can disable the captive portal altogether and move laterally to the corporate network. 

Vulnerability Details and Affected Devices

Aruba

• CVE-2022-23677 (9.0 CVSS score) – NanoSSL misuse on multiple interfaces (RCE)
  • The NanoSSL library mentioned above is used throughout the firmware of Aruba switches for multiple purposes. The two main use cases for which the TLS connection made using the NanoSSL library is not secure and can lead to RCE:
    • Captive portal – A user of the captive portal can take control of the switch prior to authentication.
    • RADIUS authentication client – A vulnerability in the RADIUS connection handling could allow an attacker that is able to intercept the RADIUS connection via a man in the middle attack to gain RCE over the switch with no user interaction.
• CVE-2022-23676 (9.1 CVSS score) – RADIUS client memory corruption vulnerabilities
  • RADIUS is an authentication, authorisation, accounting (AAA) client/server protocol that allows central authentication for users who attempt to access a network service. The RADIUS server responds to access requests from network services that act as clients. The RADIUS server checks the information in the access request and responds with authorization of the access attempt, a rejection, or a challenge for more information. 
  • There are two memory corruption vulnerabilities in the RADIUS client implementation of the switch;  they lead to heap overflows of attacker-controlled data. This can allow a malicious RADIUS server, or an attacker with access to the RADIUS shared secret, to remotely execute code on the switch.

Aruba devices affected by TLStorm 2.0:

• Aruba 5400R Series
• Aruba 3810 Series
• Aruba 2920 Series
• Aruba 2930F Series
• Aruba 2930M Series
• Aruba 2530 Series
• Aruba 2540 Series

Avaya management interface pre-auth vulnerabilities

The attack surface for all three vulnerabilities of the Avaya switches is the web management portal and none of the vulnerabilities require any type of authentication, making it a zero-click vulnerability group.

• CVE-2022-29860 (CVSS 9.8) – TLS reassembly heap overflow

• This is a similar vulnerability to CVE-2022-22805 that Armis found in APC Smart-UPS devices. The process handling POST requests on the webserver does not properly validate the NanoSSL return values, resulting in a heap overflow that can lead to remote code execution.

• CVE-2022-29861 (CVSS 9.8) – HTTP header parsing stack overflow

• An improper boundary check in the handling of multipart form data combined with a string that is not null-terminated leads to attacker-controlled stack overflow that may lead to RCE.

• HTTP POST request handling heap overflow

• A vulnerability in the handling of HTTP POST requests due to missing error checks of the Mocana NanoSSL library leads to a heap overflow of attacker-controlled length, which may lead to RCE. This vulnerability has no CVE because it was found in a discontinued product line of Avaya meaning no patch will be issued to fix this vulnerability, though Armis data shows these devices can still be found in the wild.

Avaya devices affected by TLStorm 2.0:

• ERS3500 Series
• ERS3600 Series 
• ERS4900 Series
• ERS5900 Series

Updates and Mitigations

Aruba and Avaya collaborated with Armis on this matter, and customers were notified and issued patches to address most of the vulnerabilities. To the best of our knowledge, there is no indication the TLStorm 2.0 vulnerabilities have been exploited.

Organisations deploying impacted Aruba devices should patch impacted devices immediately with patches in the Aruba Support Portal here. 

Organisations deploying impacted Avaya devices should check security advisories immediately in the Avaya Support Portal here. 

Armis customers can immediately identify devices that are vulnerable in their environments and begin remediation. To speak with an Armis expert and experience our award-winning unified asset visibility and security platform, click here. 

Armis experts will discuss the TLStorm research during Black Hat Asia 2022 (May 10-13, 2022) – Like Lightning From the Cloud: Finding RCEs in an Embedded TLS Library and Toasting a Popular Cloud-connected UPS 

The post TLStorm 2.0 – Airports, hospitals, hotels and enterprises at risk to new vulnerabilities appeared first on IT Security Guru.