Kirsty Paine

📑 New blog on my Medium site; how to better manage DFIR artefact knowledge.

2

Your Responsible Disclosure is a Nightmare: A Security Researcher shares feedback on how frustrating it can be to report in-vehicle vulnerabilities to car manufacturers. Laughing through tears. 📪 👨‍🔧 🚘 Security researcher Thomas Sermpinis at Defcon 32 (2024) shared two vulnerabilities he discovered in Nissan. But the most important aspect, IMO, was his journey of reporting these vulnerabilities: from receiving no response to being accused of sharing them with hostile nations. Please share this presentation with the person responsible for your company's Vulnerability Disclosure Program. I am sure we can do better. More details: Presentation [PDF, very big!]: https://lnkd.in/d6PWfin4 X Thread unrolled: https://lnkd.in/d3gTWYjJ CVE-2024-6347: https://lnkd.in/d-9E7NHK CVE-2024-6348: https://lnkd.in/da3RfAb7 #automotive #cyber #security #cybersecurity #carhacking #defcon #vulnerability #disclosure #risk #bugbounty #cve #safety #research #technology

149

7 Kommentare

While AI enhances cybersecurity defenses, it also introduces new vulnerabilities and attack vectors, emphasizing the need for comprehensive risk management and resilience strategies. Find out more about this and other cyber threats in the latest edition of Munich Re’s Asia Pacific Cyber Threat Landscape at https://lnkd.in/eafiNWEZ

24

2 Kommentare

The human factor in an crisis 👇 I'm still reflecting on yesterday's Swiss Cyber Circle - Community. Some good Thursday food for thought 🧠 🍕 : 👉 Models and AI are superior in "normal state" - predictable situations 👉 Experienced humans are superior in "crisis state" - unpredictable situations. Intuition actually beats rules. 👉 Simple rules help unexperienced humans in unpredictable situations 👉 Don't over-complicate playbooks, simplicity is key 👉 CISOs are obviously considered important in a crisis (strong signals). If you are not considered important outside the crisis, then something is wrong! 👉 Being considered valuable requires connection to relevant stakeholders. Connection requires trust, safety and respect. Great event, I'm still reflecting. Stefan von Rohr Milena Thalmann 🚴🏽‍♂️Peter Kosel #agileciso #informationsecurity #cybersecurity

31

5 Kommentare

The final tranche of Regulatory Technical Standards have been published today for the Digital Operational Resilience Act (DORA). Covering: 1. RTS and ITS on the content, format, templates and timelines for reporting major ICT-related incidents and significant cyber threats;  2. RTS on the harmonization of conditions enabling the conduct of the oversight activities; 3. RTS specifying the criteria for determining the composition of the joint examination team (JET); and 4. RTS on threat-led penetration testing (TLPT). Navigating the compliance landscape can be challenging, but Nemesis makes it easier. Our breach and attack simulation software allows your organization to simulate real-world scenarios to ensure compliance with ICT risk management policies and security posture, such as those required by NIS2 and DORA (Article 25).   You can automate those simulations with our user-friendly scheduler, validate controls, and safeguard critical infrastructure. By creating executive-quality reports, Nemesis provides clear insights and actionable data for decision-makers. This means less time navigating complex spreadsheets and more time focusing on strategic initiatives.  Elevate your compliance efforts today and ensure your organization is prepared for any scenario. Contact me for a chat and a demo! #DORA #BAS #Cybersecurity #Compliance Persistent Security Industries

9

I am excited to announce a strategic partnership with #KnowBe4, who are a #Forrester Wave leader for Security Awareness & Training Solutions. 🎉 91% of all cyber attacks start with Business Email Compromise (BEC), and your users are both the first - and last - line of defence. 🛡️ With that in mind, watch this space for some exciting product announcements that will help proactively secure your users! 🚀 #cyberawareness #phishing #cybersecurity

7

𝐇𝐨𝐰 𝐏𝐫𝐞𝐩𝐚𝐫𝐞𝐝 𝐈𝐬 𝐘𝐨𝐮𝐫 𝐓𝐞𝐚𝐦 𝐅𝐨𝐫 𝐀 𝐂𝐲𝐛𝐞𝐫 𝐂𝐫𝐢𝐬𝐢𝐬? Have you considered running cyber crisis simulation exercises to test your team’s readiness? Simulating a cyber crisis can reveal your team’s strengths and weaknesses, ensuring they are better prepared for real cyber incidents. Advantages of Crisis Simulation Exercises: 🔶Identifies Gaps  🔶Builds Confidence 🔶Real-World Practice  🔶Tests Response Plans  🔶Improves Communication 𝐀𝐫𝐞 𝐘𝐨𝐮 𝐑𝐞𝐚𝐝𝐲 𝐓𝐨 𝐒𝐢𝐦𝐮𝐥𝐚𝐭𝐞 𝐀 𝐂𝐲𝐛𝐞𝐫 𝐂𝐫𝐢𝐬𝐢𝐬? Let's connect and discuss how crisis simulations can enhance your team’s preparedness. Reach out to plan for your first cyber crisis exercise. 👥Like, Comment, and Share if you believe in proactive preparation! #CyberSecurity #WorkforceTraining #SecurityAwareness #ProactivePreparation

8

Lead the charge against cyber threats with insights from Proofpoint’s 2024 State of the Phish Report. Unearth critical trends in phishing across Europe, including the UK, Germany, and France. Empower your defence strategies with our findings. #CyberSecurity #StateOfThePhish #PhishingTrends

4

I’m so excited to be available to small and medium businesses looking to implement #privacybydesign and #securitybydesign as one of many SMEs who can be leveraged through Zatik Security's fractional security model. But #SMBs won’t be able to shift the insecure tech landscape *all* of us are operating in on their own. As this year’s #DBIR (available at verizon.com/dbir) stated in its introduction of the #supplychain #interconnection metric on page 13, “calculated a supply chain interconnection influence in 15% of the breaches [they] saw... [representing a] 68% year-over-year growth.” Then on page 14, just as Cybersecurity and Infrastructure Security Agency, 👑 Kymberlee Price, Joshua Corman, and countless others, including myself, have said: “As much as we can argue that the software developers are also victims when vulnerabilities are disclosed in their software and sure, they are), the incentives might not be aligned properly for those developers to handle this seemingly interminable task [of remediating every vulnerability]. These quality control failures can disproportionately affect the customers who use this software... This metric ultimately represents a failure of community resilience and a recognition of how organizations depend on each other.” The writers go on to say, “We recommend that organizations start looking at ways of making better choices so as not to reward the weakest links in the chain... we believe the only way through is to find ways to hold repeat offenders accountable and reward resilient software and services with our business.” The fact of the matter is, the only organizations capable of doing this across the supply chain are the Big Players (with BIG contracts) in highly regulated industries—especially Finance and TeleCom—who can *both*  1) hire the talent required to really dig in to the evidence of their vendors’ security posture, and   2) then throw the weight of those BIG contracts around to incentivize substantive improvement. Demand to see vulnerability scans. Demand to see FULL #pentest and #BCDR results, not whatever watered down summary they’re going to offer you. You’re the only ones who can. I sat on one side of that table (I wrote those summaries), and I’d *love* to sit on the other. If your company is serious about #supplychainsecurity, #securesoftwaredevelopment, and exceeding the minimum that is “compliant,” let’s talk. I believe in building better I know how to architect, implement, and communicate systems deserving of trust (and how to evaluate and determine systems undeserving of trust). The only way we can turn the tables on bad actors is together, by shifting all three points of the Technology Ecosystem Triangle—Supply, Demand, and Regulation/Oversight-- together. So in the wise words of Bender, let's gooo alreaddayyyy. 😎

18

A good article explaining the differences between Business Continuity and Operational Resilience (OpRes) BC feeds into OpRes, and is the foundation on which it is built. https://lnkd.in/esfyAjzH

24

3 Kommentare

TPM sniffing is back, baby! At the recent Swiss Cyber Storm conference, researchers from Switzerland spoke about how to escalate privileges by sniffing the TPM when BitLocker PIN is enabled. The research team aimed to understand how Microsoft's BitLocker encryption works when protected by both TPM and an additional factor (PIN). Prior research on TPM sniffing attacks was expanded upon. These attacks take advantage of vulnerabilities in the connections between discrete TPMs and motherboards. Some of the key findings: - The process for retrieving the Volume Master Key (VMK) with a PIN is different from the transparent mode. - The TPM returns an encrypted intermediate key when provided with the correct PIN. - The PIN is used in a key stretching process to derive a key for decrypting the intermediate key. - The intermediate key is then used to decrypt the VMK stored in the BitLocker header. As a proof-of-concept, the researchers were able to extract BitLocker header cryptographic data. After that, the tool decrypts the intermediate key using the user-provided PIN and the sniffed TPM data. Decrypting the VMK is the last step, and it requires the intermediate key. However, even with a PIN, you still might be vulnerable to social engineering or insider threats. Some of the mitigation strategies include enabling cover detection in UEFI, using firmware TPMs, and implementing detection rules for suspicious activities. https://lnkd.in/gcnXsVRB

38

1 Kommentar

Advanced OSINT training to go way beyond theory, focussing on the practical application of new skills and knowledge to find your way in the global open source information landscape to produce actionable results. https://lnkd.in/eiczW2P9 #OSINT #OSINTtraining

1

🇬🇧 Building Cyber Pathways ~ A UK Perspective with Juliette Wilcox CMG Dive into the latest 'Future Secured' episode featuring Juliette Wilcox CMG, UK's Cybersecurity Ambassador for Defence and Security Exports. 🔐 Strategic Insights ~ Discover how the UK is fostering a diverse cyber security workforce. 🌐 International Cooperation ~ Learn about the pivotal role of alliances like AUKUS. 💡 Clustering Expertise ~ The importance of regional partnerships among academia, industry and government. 🚀 Startups & Investment ~ Explore the opportunities and challenges for cyber security startups. 📈 Economic Impact ~ Investing in cyber security as a foundation for future growth. Watch Episode 7️⃣ now 🔗 https://lnkd.in/g7qg5kcZ #CyberSecurity #Innovation #FutureSecured #TechPodcast #CyberSecurityStrategies #AUKUS #CyberSecurityInvestment #CyberSecurityWorkforce

6

Some amazing discussions, panels, informal chats and relationship building networking at the Bled Strategic Forum this year: 1. Technology (Ransomware and crypto currencies) Gwen Clavon 2. NATO and global complexities - Dr Vlasta Zekulic 3. Slovenian Cybersecurity Leadership (very impressed by leadership of Agency for Informational Security)- Uroš Svete 4. Slovenian Foreign Ministry - big thanks to Jakob Štunf - for great strategic vision and enabling us to see the achievements accomplished in region. Looking forward to #BSF2025

42