SiliconANGLE: Beware of insecure networked printers

Despite promises of a paperless office that have origins in the 1970s, the printer is still very much a security problem in the modern office.

And even if Microsoft Corp. will succeed in its efforts to eradicate the universe of third-party printer drivers from its various Windows products, the printer will still be the bane of security professionals for years to come. The problem is that the attack surface for printer-related activities is a rich one, with numerous soft targets.

Taking care of insecure printers isn’t easy, here is a trip down memory lane for my latest post for SiliconANGLE.

SiliconANGLE: It’s the end of the line for the outdated TLS

An aging core internet protocol is finally getting the ax by Microsoft Corp.

But it wasn’t just last month’s announcement that the software vendor was ending support for versions 1.0 and 1.1 of Transport Layer Security, or TLS, but that it was actually dropping the support from the impending release of the latest beta version of Windows 11. This means it is time to locate and update your aging TLS 1.0 and 1.1 systems, Windows 11 will disable by default in its next preview release.

You can read my story in SiliconANGLE here

SiliconANGLE: Software supply chain attacks are multiplying, but so are strategies to avoid them

By now most information technology managers are painfully aware of the consequences of software supply chain attacks. Thanks to exploits affecting the supply chains of SolarWinds,  Log4Shell and 3CX, the power and widespread damage inflicted by these attacks on thousands of businesses are certainly well-known. In addition to new software startups to try to help stop these attacks, there is also a new NIST draft strategy doc on how to cope with software supply chain exploits.

You can read my post for SiliconANGLE here.

 

SiliconANGLE: Well-known security consultant ‘Mudge’ is once again on the move

The former hacker known as Mudge is once again on the move. Mudge, the alias for Peiter Zatko (pictured, center), was the former head of security back when X Corp. was known as Twitter. He is now a consultant for the U.S. Cybersecurity and Infrastructure Security Agency, the Washington Post reported yesterday. My story for SiliconANGLE here.

SiliconANGLE: The summer of adversarial chatbots

This has been the summer of adversarial chatbots.

Researchers from SlashNext Inc. and Netenrich discovered two such efforts, named WormGPT and FraudGPT. These cyberattack weapons are certainly just the beginning in a long line of products that will be developed for nefarious purposes such as creating very targeted phishing emails and new hacking tools. This summer demonstrated that generative artificial intelligence is quickly moving into both offensive and defensive positions, with many security providers calling out how they are using AI methods to augment their defensive tools. The AI security arms race has begun.

You can read my post in SiliconANGLE here.

SiliconANGLE: How Kremlin-backed social media campaigns continue to spread disinformation

new report sponsored by the European Commission has found that social media has played a key role in the spread of Russian-backed disinformation campaigns since their war with Ukraine began.

“Over the course of 2022, the audience and reach of Kremlin-aligned social media accounts increased substantially all over Europe,” the researchers stated in the report, “Digital Services Act: Application of the Risk Management Framework to Russian disinformation campaigns.”

Here you can see various recruitment lures to join Russia’s cyber army who call themselves “Cyber Front Z” and are looking for help on Telegram to post content across networks, up- and down-vote posts, and hound opponents with derogatory comments. The photo shown in the screenshot above is one such target, a pro-Ukraine politician.

The work was done by the nonprofit group Reset and published last week. The group examined these campaigns across 10 languages and over a year. It can serve as useful guidance for U.S. regulators and for how businesses should moderate their own social media content. You can read my analysis for SiliconANGLE here.

SiliconANGLE: News of the week

SIliconANGLE: Meta’s Facebook finally supports end-to-end message encryption

The importance of end-to-end encryption of digital messages is getting new attention with the announcement that Meta Platforms Inc.’s Facebook will partly add the feature to its Messenger product now, and eventually for all use cases such as group chats by year-end.

It’s an important step, since E2EE, as it’s known for short, is a critical method of providing secure communication that keeps outside parties from accessing data while it’s transferred between systems or devices. But the announcement isn’t the whole story, either, because Facebook is playing catch-up with many of its competitors, such as Signal and Telegram, which have offered E2EE messaging products for years now.

You can read my analysis for SiliconANGLE here.

SiliconANGLE: How the new breed of business VPNs will keep them relevant in security

Since virtual private networks were invented nearly 30 years ago as a way to extend a corporate network across the work, they’ve gone through a complete role reversal, even as they’ve continued to evolve to help protect business users’ data and communications. Today’s VPN is now the linchpin for a series of edge business security technologies, taking center stage thanks to a few trends: the popularity of hybrid working conditions brought on by the COVID pandemic, the movement to the cloud away from on-premises servers, and the acceptance of software-as-a-service tools that made it easier to deploy and manage these clouds.

You can read my analysis for SiliconANGLE here.

SiliconANGLE news of the week

 News items that I wrote this week include:

  1. Google adds new security features to its Workspace. The features cover aspects of implementing zero-trust security, data loss prevention or DLP, and data privacy controls. Many involve a series of automated improvements that will continuously monitor data placed in Google Drive, using its AI engine.

2. Proton adds new business-oriented VPN packaging to its services. The features build upon existing adware blockers, a smart protocol called Stealth that automatically chooses the best-performing connection, and support for both WireGuard and OpenVPN protocols.

3. Malvertising trends: The malware exploits known as malware-infected ads, or malvertising, have been around for decades, but new reports point to a steady rise in lethality. The technique continues to be profitable, because the malware ads are masquerading as normal ads in the ad networks and using the network as a distribution and funds collection system.: