ROI

Open Security News week 14-2023

Cyber security is not a solved problem. As technology continues to advance, so do the methods and techniques used by cyber criminals to breach security systems and steal sensitive information. I love new technology and love solving new cyber challenges that come with new technology. So I asked GPT-4 what kind of security challenges we need to manage in the near future. I was surprised by the accuracy of the answer:

GPT-4 could be used to generate highly convincing phishing emails, fake news articles, deepfake videos which could be used to deceive individuals and organizations into divulging sensitive information or taking harmful actions. This could result in data breaches, financial losses, or reputational damage. Most cybersecurity issues with GPT-4 are not yet known.”

So think if a good cyber awareness course is on your agenda for this year. GPT-4 generated hacks and content will harm you sooner or later. Be prepared!

1 The Threat on Your Desk

USB Attacks: I love USB-C, but the threads are real. A nice article that dives a bit deeper and makes you very aware of the evil things possible when using an USB-C connector.

(Link)

2 Kali Purple

A new initiative from the people behind Kali: Kali Purple! Making defensive security accessible to everyone. No expensive licenses required, no need for commercial grade infrastructure, no writing code or compiling from source to make it all work… As security architect I love the archimate view to show the Kali Purple architecture created!

(Link)

3 BlackLotus UEFI bootkit: Myth confirmed

Create article that explains in detail with nice visuals how these bootkits work. The first in-the-wild UEFI bootkit bypassing UEFI Secure Boot on fully updated UEFI systems is now a reality. Many critical vulnerabilities affecting security of UEFI systems have been discovered in the last few years. Due to the complexity of the whole UEFI ecosystem and related supply-chain problems, many of these vulnerabilities have left many systems vulnerable even a long time after the vulnerabilities have been fixed.

(Link)

4 The EU’s new Cyber Resilience Act is about to tell us how to code

Great write-up of this EU proposal by Bert Hubert. The EU’s new Cyber Resilience Act is admirable in its goal. And the EU is not alone in thinking something needs to be done about the dreadful state of security online – the Biden administration has just released its National Cybersecurity Strategy that has similar aims.
(Link)

5 Microsoft Security Copilot: Empowering defenders at the speed of AI

Security Copilot — end-to-end defense at machine speed and scale Microsoft Security Copilot is the first security product to enable defenders to move at the speed and scale of AI. Security Copilot combines this advanced large language model (LLM) with a security-specific model from Microsoft.
(Link)

6 TikTok: Is this a national security scare or is something else going on?

Is the app a Trojan horse in the sense that Beijing could lean on its developers to make the feed-sorting algorithms unduly influence citizens around the world? So just like Facebook (Meta), Google and all Microsoft products.

(Link)

7 Software Security Field Guide for the Bewildered

If you are no security expert but need to deal with one: Then this is your guide! I loved reading this guide. It presents a great mirror for all cyber experts! This guide is full of security principles like “IT security is an art, not a science”.

(Link)

8 The Hitchhiker’s Guide to Facebook Web Tracking with Invisible Pixels s

Facebook (FB) recently introduced a new tagging mechanism that attaches a one-time tag as a URL parameter on outgoing links to other websites. FB could, under some conditions, match their anonymously collected past web browsing activity to their newly created FB profile, from as far back as 2015 and continue tracking their activity in the future.

(arXiv Link)

Our partners:

nocomplexity

The Open Security newsletter is an overview of cyber security news with a core focus on openness. Pointing out what went wrong after a cyber security breach is easy. Designing good and simple measurements is hard. So join the open Security Reference Architecture collaboration project to create better solutions together. Or become a partner to support this project. Use our RSS or ATOM feed to follow Open Security News.