z_edian - Network

On March 26, I will speak with @thegrugq about all-things-cyber-military-Europe.Come join...

On March 26, I will speak with @thegrugq about all-things-cyber-military-Europe.

Come join us!

https://www.interface-eu.org/events/the-future-of-european-cyber-defense

#cybersecurity #EuropeanUnion #Ukraine #russian #cyberwarfare

Im Podcast "Cybersecurity ist Chefsache" habe ich mit Nico über Aktive Cyberabwehr in Deutschland gesprochen.Hier geht es zum...

Im Podcast "Cybersecurity ist Chefsache" habe ich mit Nico über Aktive Cyberabwehr in Deutschland gesprochen.

Hier geht es zum Podcast: https://www.youtube.com/watch?v=g6SP9uClPII

Some people call it "large-scale compromise of telcommunication infrastructure", I would rather see it as "externally-forced...

Some people call it "large-scale compromise of telcommunication infrastructure", I would rather see it as "externally-forced upgrade of legacy IT-infrastructure".

"Warner said that replacing aging and vulnerable networking equipment could cost the telecom companies tens of billions, while evicting the Chinese from every nook and cranny inside the nation's sprawling phone system could take "50,000 people and a complete shutdown of the network for 12 hours."

https://news.risky.biz/why-america-needs-its-own-salt-typhoon/

One person's backdoor is another person's fucked up update mechanism connecting to a random university's server in #China Oh...

One person's backdoor is another person's fucked up update mechanism connecting to a random university's server in #China

Oh #cybersecurity, you never seize to amaze me.

# # #
"Although the full update process is VERY dangerous and risky, to us it does not appear to have malicious intent behind it, especially when considering the manual boldly refers to this IP address, and white-label vendors ask users to configure their internal CMS with this IP address."

However, as the IP address specified in the manual is a public address in China, it could lead to inadvertent data leaks and takeover risks if an NFS server is running. Currently, no NFS server is configured at this IP address.
# # #

https://www.bleepingcomputer.com/news/security/backdoor-found-in-two-healthcare-patient-monitors-linked-to-ip-in-china/

On January 15, I returned to the place, where my career started almost to the day 15 years ago: the Konrad-Adenauer-Stiftung...

On January 15, I returned to the place, where my career started almost to the day 15 years ago: the Konrad-Adenauer-Stiftung Philippines.

While 15 years ago, I was taken in as intern, this year I was honored to be the German counterpart on a panel about the potential of German-Philippine Defense Cooperation in the cyber domain. An idea that was discussed between Germany and the Philippines in 2024 with a defense agreement to be signed soon.

I explored that potential together with Dr. Francis Rico C. Domingo
Associate Professor at the Department of Political
Science, University of the Philippines Diliman and Director Christine June P. Cariño from the Office for Cyber and Information System Management, Department of National Defense.

My key points were:
1. Germany and the Philippines can explore a joint talent pipeline due to the German and EU need for an increasing IT security worforce as well as the Philippines' hacker talent and experience on Oversea Filipino Worker (OFW) policy.
2. If the Philippines identifies architectural and policy requirements, Germany could share best practices and failures in its vast experience of shaping a cybersecurity architecture and policy ecosystem.
3. Germany and the Philippines could work towards intelligence exchange with a special focus on a shared adversary: Chinese threat actors and cyber campaigns.

As this is an issue close to my hear, I really hope that there will be a fruitful, effective and operational cooperation between our two countries in the future.

Maraming Salamat.

Update about offensive Chinese cyber activities.1. US sanctions Chinese actors over cybersecurity incidents"A Chinese hacker indicted...

Update about offensive Chinese cyber activities.

1. US sanctions Chinese actors over cybersecurity incidents
"A Chinese hacker indicted [...] and the PRC-based cybersecurity company [Sichuan Silence] he worked for are both sanctioned by the US government for compromising “tens of thousands of firewalls”

Link: https://cybernews.com/security/doj-indicts-ofac-sanctions-chinese-hacker-exploits-sophos-firewalls-/

2. Deep Dive: Sichuan Silence Information Technology
"Overall, from what we have discovered, the operations of Sichuan Silence are similar to those of i-SOON and other similar Chinese hacker-for-hire companies."

Link: https://nattothoughts.substack.com/p/sichuan-silence-information-technology

3. NSA's take on Volt Typhoon
"He said China is “very focused on building a whole suite of capabilities to deter and defeat the United States, and so Volt Typhoon, these operations that target infrastructure, there really is no kind of reasonable explanation besides pre-positioning. […] It’s really part of a broader military strategy.”"

Link: https://breakingdefense.com/2024/08/nsas-china-specialist-us-at-a-loss-to-deter-alleged-chinese-hackers/

4. NCSC's take on China as cyber threat actor
"“China continues to be a highly sophisticated and capable threat actor, targeting a wide range of sectors and institutions across the globe, including in the UK.”

Link: https://ctoatncsc.substack.com/p/cto-at-ncsc-summary-week-ending-december-74a

5. Deep Dive: Mei Danowski and Eugenio Benincasa on China’s Cyber-Range Exercises
"When looking at the Chinese ecosystem, they empasize a lot attack-defense and practical skills unlike us in Europe or the US."

Link: https://cybersecurityadvisors.network/2024/12/06/new-podcast-chinas-cyber-range-exercises/

#PRC #China #cybersecurity #cyber

Aus der Tagesspiegel Background Cybersecurity-Reihe "Cybersicherheit -Forschung & Behörden: Was 2024 wichtig war – und wir uns...

Aus der Tagesspiegel Background Cybersecurity-Reihe "Cybersicherheit -
Forschung & Behörden: Was 2024 wichtig war – und wir uns für 2025 vornehmen sollten".

Link (Paywall): https://background.tagesspiegel.de/it-und-cybersicherheit/briefing/forschung-behoerden-was-2024-wichtig-war-und-wir-uns-fuer-2025-vornehmen-sollten

[Chinese] APTs Behaving Badly"We'd describe 'acceptable behaviour' as being targeted at national security rather than...

[Chinese] APTs Behaving Badly

"We'd describe 'acceptable behaviour' as being targeted at national security rather than economic interests, carrying out proportionate operations and avoiding unnecessary harm to third parties. Many cyber actors, including the US and allies, generally adhere to these behaviours, but others, including Chinese actors, do not." 

[...]

"Mass deployment of malware is unacceptable because it causes unnecessary collateral damage — not the done thing for a responsible state program. To make matters worse, once Sophos had cottoned on to the intrusions, Guan and his colleagues allegedly altered their malware to make it more damaging, in a kind of scorched earth policy. If victims attempted to remove the malware, it would deploy encryption from the Ragnarok ransomware variant. We have no idea why attackers would do this or what benefit they would get from torching their victims’ infrastructure.."

Via @tomatospy - https://news.risky.biz/fcc-to-demand-telcos-improve-security/

#cybersecurity #china #apt #malware

Ein paar kurze Punkte zur neuen Formulierungshilfe zum NIS-2-Umsetzungs- und Cybersicherheitsstärkungsgesetzes (NIS2UmsuCG)[1] basierend...

Ein paar kurze Punkte zur neuen Formulierungshilfe zum NIS-2-Umsetzungs- und Cybersicherheitsstärkungsgesetzes (NIS2UmsuCG)[1] basierend auf meiner schriftlichen Stellungnahme für die Sachverständigenanhörung im Innenausschuss[2].

Die Umsetzung der Vorschläge aus der Formulierungshilfe würde zu einer deutlichen Nachbesserung des NIS2UmsuCG führen. Gerade bei zentralen Kritikpunkten, wie der Unabhängigkeit des BSI und der Ausgestaltung der CISO Bund Rolle (auch wenn Letzteres wohl nicht verfassungskonform wäre..?).

Bei den Themen Schwachstellenmanagement und Ausnahmen von IT-Sicherheitsanforderungen für Einrichtungen der (Bundes-)Verwaltung würde sich auch eine Nachbesserung ergeben – jedoch mit Einschränkungen. Beim Schwachstellenmanagement beziehen sich die Änderungen ausschließlich auf das BSI und nicht auf den Umgang mit Schwachstellen der anderen Sicherheitsbehörden (vgl. [2] u. a. Unterkapitel 2.2, sowie Einzelkritik zu §3 Abs. 1 (18) und §14) . Bei den IT-Sicherheitsanforderungen für die Einrichtungen der Verwaltung gäbe es noch immer weitgehende Ausnahmen für AA und BMVg, sowie für die Einrichtungen der Länder (vgl. [2] u. a. Unterkapitel 2.1, sowie Einzelkritik §3 Abs. 1 (17), §3 Abs. 1 (20), §6 Abs. 6, §29 Abs. 2).

Andere Kritikpunkte aus meiner Stellungnahme wurden nicht umgesetzt, darunter fallen:
1. zu breite Definitionen und die sich daraus ergebenden Probleme (vgl. [2] u. a. Einzelkritik §2 1 und 36)
2. zu eingeschränkter Empfängerkreis von Informationen und Instrumenten zur Steigerung der IT-Sicherheit (vgl. [2] u. a. Einzelkritik §3 Abs. 1 (17) und (20) und §19)
3. die mangelnde Effektivität der Schulungen mangels Erfolgsnachweis (vgl. [2] Einzelkritik §38 Abs. 3 und §43 Abs. 2) und des Freiwilligen IT-Sicherheitskennzeichens (vgl. [2] Einzelkritik §55).

[1] https://ag.kritis.info/2024/12/10/referentenentwurf-des-bmi-nis-2-umsetzungs-und-cybersicherheitsstaerkungsgesetz-nis2umsucg/
[2] https://www.bundestag.de/resource/blob/1027230/e40a5f0149a51f17cefc52cf68e57158/20-4-523-E.pdf

Hot off the virtual press: our new publication, 'Vulnerability Disclosure: Guiding Governments from Norm to Action', is now...

Hot off the virtual press: our new publication, 'Vulnerability Disclosure: Guiding Governments from Norm to Action', is now available!

Check it out here: https://www.interface-eu.org/publications/vulnerability-disclosure

#vulnerability #cybersecurity #government

TEASER: Policy paper coming very soon!

TEASER: Policy paper coming very soon!

Chinese threat actors often exploit 0-days"Between 2023 and 2024, more than 35 advisories issued by our World Watch Cyber Threat...

Chinese threat actors often exploit 0-days

"Between 2023 and 2024, more than 35 advisories issued by our World Watch Cyber Threat Intelligence concerned zero-day vulnerabilities exploited by Chinese threat actors. These account for 41% of all advisories with a high or very high threat level, representing a substantial portion of the critical threats potentially facing our customers."

Link: https://research.cert.orangecyberdefense.com/hidden-network/map.html

#China #PRC #Cybersecurity #APT #Vulnerabilities #0Day

A Panda in your Telco Networks"Liminal Panda, an advanced persistent threat (APT) hyper-focused on gathering intelligence from...

A Panda in your Telco Networks

"Liminal Panda, an advanced persistent threat (APT) hyper-focused on gathering intelligence from telecommunications networks."

Link: https://www.darkreading.com/threat-intelligence/china-liminal-panda-telcos-phone-data

#China #APT #Cybersecurity

Chinese Threat Actors meets Bureaucracy"Nowadays, the MSS is the big kahuna and, since 2021, has been linked to the majority of cyber...

Chinese Threat Actors meets Bureaucracy

"Nowadays, the MSS is the big kahuna and, since 2021, has been linked to the majority of cyber operations attributed to the PRC."

"PLA has been retasked to directly support military operations."

Link: https://news.risky.biz/the-plas-cyber-operations-go-dark/

#Cybersecurity #China #APT

Liebe Community, ein persönliches Update: Ab dem 05.11.2024 werde ich voraussichtlich für fünf Monate in Teilzeit beim Bundesamt für...

Liebe Community,

ein persönliches Update: Ab dem 05.11.2024 werde ich voraussichtlich für fünf Monate in Teilzeit beim Bundesamt für Sicherheit in der Informationstechnik hospitieren. Dort werde ich Teil der „Abteilung T“ sein – eine Art Strategieeinheit, die sich vor allem mit neuen Herausforderungen und Entwicklungen in der IT-Sicherheit beschäftigt.

Warum mache ich das? In vielen Berufen gibt es ein großes Weiterbildungsangebot. In der kleinen Berufswelt der Think Tanks organisieren wir Fortbildungen häufig selbst. Das kann bedeuten, von Zeit zu Zeit auch auf Behörden- oder Regierungsseite zu arbeiten. Ich freue mich sehr auf die kommenden Monate und die vielen neuen (und alten) Gesichter!

Während meiner Hospitanz beim BSI werde ich weiterhin mit reduzierter Stundenzahl meine Arbeit bei interface fortführen und für Euch ansprechbar bleiben.

Rückfragen gerne hier oder über die bekannten Kanäle: https://www.interface-eu.org/persons/dr-sven-herpig

Beste Grüße,
Sven

P.S.: Alle während dieser Zeit getätigten Aussagen beziehen sich, sofern nicht explizit andersweitig gekennzeichnet, auf meine Arbeit bei interface.

"Cyber Deception" according to the UK NCSC:"During discussions, it became clear that ‘deception’ has connotations which...

"Cyber Deception" according to the UK NCSC:

"During discussions, it became clear that ‘deception’ has connotations which can be uncomfortable for some. It is important to acknowledge this, and although there are wider definitions of cyber deception in military and other contexts, they differ to the technology we are referring to here. So for our policy, legal and executive colleagues, when we use these terms in a cyber security context, we mean:

Tripwires: components and systems designed to detect a threat actor, by interacting with them to disclose their unauthorised presence in an environment which include honeytokens.

Honeypots: components and systems designed to allow a threat actor to interact with them, allowing observation of their techniques, tactics and procedures, as well as the capability and infrastructure they use – with the aim of collecting cyber threat intelligence.

Breadcrumbs: digital artefacts distributed in a system that entice a threat actor to interact with a tripwire and/or honeypot.

It's also worth noting that we are aware of wider thinking and approaches designed to produce synthetic behaviours and content, with the aim of degrading an adversary’s efficacy objective, through effects and other means. But this is not our focus, as these approaches and intents are out of scope for our cyber security use cases."

https://www.ncsc.gov.uk/blog-post/building-a-nation-scale-evidence-base-for-cyber-deception

There is no Pakistan-linked threat actor (APT) that leveraged a 0-day vulnerability.Prove me wrong.

There is no Pakistan-linked threat actor (APT) that leveraged a 0-day vulnerability.

Prove me wrong.

US Military: Using remote access devices in special operations training[1].Also US Military: Hahaha private STINKY-satellite-WLAN on Combat...

US Military: Using remote access devices in special operations training[1].

Also US Military: Hahaha private STINKY-satellite-WLAN on Combat Ship in West Pacific goes vroooom[2]

1: https://www.army.mil/article/279281/green_berets_use_disruptive_cyber_technology_during_swift_response_2024

2: https://arstechnica.com/security/2024/09/sailors-hid-an-unauthorized-starlink-on-the-deck-of-a-us-warship-and-lied-about-it/

#TGIF

Notification of Concerns Identified in the Federal Bureau of Investigation’s Inventory Management and Disposition Procedures of Electronic...

Notification of Concerns Identified in the Federal Bureau of Investigation’s Inventory Management and Disposition Procedures of Electronic Storage Media

tl;dr: OIG finds FBI is not handling their digital security well enough.

https://oig.justice.gov/sites/default/files/reports/24-093.pdf

Ab sofort gibt es die deutsche Cybersicherheitsarchitektur als eigene Microsite, u. a. mit durchsuchbarer Datenbank!Abrufbar hier:...

Ab sofort gibt es die deutsche Cybersicherheitsarchitektur als eigene Microsite, u. a. mit durchsuchbarer Datenbank!

Abrufbar hier: https://www.cybersicherheitsarchitektur.de/

Mehr Infos via LinkedIn-Post: https://www.linkedin.com/posts/dr-sven-herpig-88b253209_von-bindf%C3%A4den-an-der-wand-zur-durchsuchbaren-activity-7234823865279909890-Ub2V