Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Risk Management. Show all posts
Technology
Generative AI increased productivity Indian fintech investment online trading personalized strategies portfolio optimization predictive analytics Risk Management Technology

Generative AI Revolutionizing Indian Fintech

 

Over the past decade, the fintech industry in India has seen remarkable growth, becoming a leading force in driving significant changes. This sector has brought about a revolution in financial transactions, investments, and accessibility to products by integrating advanced technologies like artificial intelligence (AI), blockchain, and data analytics.

The swift adoption of these cutting-edge technologies has propelled the industry's growth trajectory, with forecasts suggesting a potential trillion-dollar valuation by 2030. As fintech continues to evolve, it's clear that automation and AI, particularly Generative AI, are reshaping the landscape of online trading and investment, promising heightened productivity and efficiency.

Recent market studies indicate substantial growth potential for Generative AI in India's financial market, particularly in investing and trading segments. By 2032, the market size for Generative AI in investing is expected to reach around INR 9101 Cr, a significant rise from INR 705.6 Cr in 2022. Similarly, the market size for Generative AI in trading is projected to reach about INR 11.76K Cr by 2032, compared to INR 1294.1 Cr in 2022. These projections underscore the transformative impact and growing importance of Generative AI in shaping the future of online trading and investment in India.

Generative AI, a subset of AI, is emerging as a game-changer in online trading by using algorithms to generate data and make predictive forecasts. This technology enables traders to simulate various market conditions, predict outcomes, and develop robust trading strategies. By leveraging historical and synthetic data, Generative AI-powered tools not only analyze past market trends but also generate synthetic data to explore hypothetical scenarios and test strategies in a risk-free environment. Additionally, Generative AI helps identify patterns within large datasets, providing traders with valuable insights for making informed investment decisions in dynamic market environments.

Predictive Analytics and Market Insights

Generative AI algorithms excel in predictive analytics, offering precise forecasts of future market trends by analyzing historical data and identifying patterns. This empowers traders to stay ahead of the curve and make informed decisions in a dynamic market environment. Generative AI plays a crucial role in effective risk management by analyzing various factors to mitigate risks and maximize returns. Through dynamic adjustment of portfolio allocations and hedging strategies, Generative AI ensures traders can navigate volatile market conditions confidently.
 
Generative AI allows customization of trading strategies based on individual preferences and risk tolerance, tailoring investment strategies to specific goals and objectives Generative AI significantly enhances productivity in online trading and investment by swiftly analyzing vast amounts of financial data, automating routine tasks, and continuously refining strategies over time.

Overall, Generative AI represents a paradigm shift in online trading and investment, unlocking unparalleled efficiency and innovation. By harnessing AI-driven algorithms, traders can gain a competitive edge, accelerate development cycles, and achieve their financial goals with confidence in an ever-evolving market landscape.
Read more »
Upgrade CVSS
CVSS 4.0 FIRST New Technology Risk Management Technology Upgrade CVSS

FIRST Launched CVSS 4.0, Revolutionizing Cybersecurity Assessment and Risk Management

In a recent development, the Forum of Incident Response and Security Teams (FIRST) has made headlines by unveiling version 4.0 of the Common Vulnerability Scoring System (CVSS). This latest release, following four years since CVSS v3.1, represents a noteworthy advancement in the standard employed for evaluating the severity of cybersecurity vulnerabilities. 

Before Understanding CVSS 4.0, Let’s Delve Into CVSS 

Before we get into CVSS 4.0, it is crucial to grasp the roots of the Common Vulnerability Scoring System. This framework had its beginnings back in 2005 when the National Infrastructure Advisory Council (NIAC) first introduced it. 

It plays a crucial role by providing essential information about vulnerabilities for security teams. Nowadays, the Forum of Incident Response and Security Teams (FIRST), a non-profit organization with over 500 global member organizations, manages CVSS as an open platform. 

CVSS essentially acts as a tool, offering a standardized way to measure the severity of computer system problems. It takes into account factors like the likelihood of exploitation, potential impact, and complexity. These considerations come together to form a score, aiding organizations in deciding which issues to prioritize and how to address them effectively. 

Criticism of CVSS 3.0 which led to CVSS 4.0 

In the realm of cybersecurity assessments, Version 3.0 of the Common Vulnerability Scoring System (CVSS) and the CVSS standard overall have been widely regarded for their effectiveness in gauging the "impact" of vulnerabilities. 

However, a notable shortcoming has been identified in their ability to accurately score the "exploitability" of a vulnerability. Exploitability, encompassing the likelihood of a vulnerability being exploited, takes into account various factors such as user interactions, the proficiency and capabilities of potential threat actors, and the configuration of the system in question. 

Following this, FIRST has come up with CVSS v4.0 to make things simpler and better. This new version is a big change, making scoring easier, more flexible, and accurate. The idea is to fix the problems with the old version, showing risks more realistically. This will help organizations decide which problems to fix first and use their resources better to fix them. 

 CVSS 4.0 - What's New? 

 1. Attack Vector: 

• Considers how close an attacker needs to be to exploit a vulnerability. 
• Determines if the attack can happen over the internet, in the same network, or requires physical access. • Network-based vulnerabilities are seen as more severe. 

 2. Attack Complexity: 

• Describes the conditions beyond the attacker's control needed to exploit a vulnerability. 
• Addresses factors that enhance security or complicate exploit development. 
• Considers whether specific information about the target is necessary for exploitation. 

3. Privileges Required: 

• Outlines the level of access rights an attacker needs before exploiting a vulnerability. 
• Does not focus on how the attacker gains these permissions. 
• Considers the extent of permissions needed for a successful exploit. 

4. User Interaction: 

• Gauges if successful exploitation requires human interaction. 
• Examples include phishing emails needing user clicks or network-based exploits without user involvement. 
• Directly impacts the CVSS score, with non-user interactive vulnerabilities generally considered more severe. 

5. Scope

• Captures if a vulnerability in one component affects resources beyond its security scope. 
• Removed as a base metric in CVSS version 4.0. 

6. Impact Metrics (Confidentiality, Integrity, Availability): 

• Measures consequences if a vulnerability is exploited successfully. 
• Introduced new "Subsequent System" impact metrics to capture effects on systems beyond the vulnerable one. 

7. Exploit Code Maturity: 

• Evaluates the probability of an attacker utilizing the vulnerability. 
• Considers existing exploit strategies, accessibility of exploit code, and real-time exploitation reports. 
• Categories include "Attacked," "PoC" (Proof-of-Concept), and "Unreported." 

Additionally, the optional Supplemental Metrics in CVSS 4.0 provide essential insights beyond standard vulnerability assessment. Safety evaluates human safety risks, Automatable gauges exploit automation potential, Recovery assesses system resilience, Value Density explores resource control, Vulnerability Response Effort aids in response planning, and Provider Urgency standardizes severity assessments from suppliers. Together, these metrics enhance the depth and context of vulnerability analysis for more informed decision-making.
Read more »
virtual CISO
Compliance Cyber Risk Cyber Security Cybersafety outsourced security Risk Management strategic planning Technology virtual CISO

Embracing the Virtual: The Rise and Role of vCISOs in Modern Businesses

 

In recent years, the task of safeguarding businesses against cyber threats and ensuring compliance with security standards has become increasingly challenging. Unlike larger corporations that typically employ Chief Information Security Officers (CISOs) for handling such issues, smaller businesses often lack this dedicated role due to either a perceived lack of necessity or budget constraints.

The growing difficulty in justifying the absence of a CISO has led many businesses without one to adopt a virtual CISO (vCISO) model. Also known as fractional CISO or CISO-as-a-service, a vCISO is typically an outsourced security expert working part-time to assist businesses in securing their infrastructure, data, personnel, and customers. Depending on the company's requirements, vCISOs can operate on-site or remotely, providing both short-term and long-term solutions.

Various factors contribute to the increasing adoption of vCISOs. It may be prompted by internal crises such as the unexpected resignation of a CISO, the need to comply with new regulations, or adherence to cybersecurity frameworks like NIST's Cybersecurity Framework 2.0 expected in 2024. Additionally, board members accustomed to CISO briefings may request the engagement of a vCISO.

Russell Eubanks, a vCISO and faculty member at IANS Research, emphasizes the importance of flexibility in vCISO engagements, tailoring the delivery model to match the specific needs of a company, whether for a few days or 40 hours a week.

The vCISO model is not limited to smaller businesses; it also finds applicability in industries such as software-as-a-service (SaaS), manufacturing, industrial, and healthcare. However, opinions differ regarding its suitability in the heavily regulated financial sector, where some argue in favor of full-time CISOs.

Key responsibilities of vCISOs include governance, risk, and compliance (GRC), strategic planning, and enhancing security maturity. These experts possess a comprehensive understanding of cyber risk, technology, and business operations, enabling them to orchestrate effective security strategies.

Experienced vCISOs often play advisory roles, assisting CEOs, CFOs, CIOs, CTOs, and CISOs in understanding priorities, assessing technology configurations, and addressing potential cybersecurity vulnerabilities. Some vCISOs even assist in defining the CISO role within a company, preparing the groundwork for a permanent CISO to take over.

When seeking a vCISO, companies have various options, including industry experts, large consulting firms, boutique firms specializing in vCISO services, and managed services providers. The critical factor in selecting a vCISO is ensuring that the candidate has prior experience as a CISO, preferably within the same industry as the hiring company.

The process of finding the right vCISO involves understanding the company's needs, defining the scope and outcome expectations clearly, and vetting candidates based on their industry familiarity and experience. While compatibility with the company's size and vertical is essential, the right vCISO can outweigh some of these considerations. Rushing the selection process is discouraged, with experts emphasizing the importance of taking the time to find the right fit to avoid potential mismatches.
Read more »
Third-Party Vendor
Cyber Security DORA Risk Management Security Guidelines Third-Party Vendor

Here's Why Businesses are Not Ready for DORA Compliance

 

The tension is palpable in the impending Digital Operational Resilience Act (DORA). An important new chapter in cybersecurity is being ushered in by this EU legislation. It will require financial institutions and specific third-party ICT vendors to have robust safety measures. 

The three main objectives of DORA are to strengthen the resilience of critical IT infrastructure, combat the scale and speed of cyberattacks, and provide a cohesive regulatory framework. ICT risk management, incident reporting, digital operational resilience testing, third-party risk management, and information and intelligence sharing are the five main pillars of DORA that will influence how financial services organisations handle ICT and cyber risks. Financial institutions and third-party vendors who operate in the European Union will be required to comply.

However, many organisations—as well as their security teams—will have difficulties in preparing and adhering to regulations. A penalty of up to 10 million euros, or 5% of annual turnover, will be imposed for noncompliance with these regulations. It is imperative that businesses take action today, whether it is by hiring security professionals to detect, monitor, and address risks; testing incident response strategies to satisfy reporting requirements; or obtaining insight into the ecosystems of their third and fourth parties. 

DORA is a cross-functional strategy involving collaboration from more than simply IT, even if it won't completely take effect until January 17, 2025. The CISO's teams—legal, compliance, risk management, and others—must work together to achieve their objective. Fast and effective DORA compliance is ensured by this partnership. Organisations need to get ready for the DORA journey over the course of the next 16 months. Existing procedures and policies need to be improved. And that objective is very clear: to increase cyber resilience and streamline cybersecurity. The following actions would be advantageous for security practitioners to take in light of this. 

Steps to take 

As part of their overall risk management strategy, organisations must establish and implement a comprehensive ICT risk management framework. Having a platform in place to assist with the development, implementation, and monitoring of this framework will meet regulatory requirements, whereas cybersecurity ratings will give a quantifiable, data-driven assessment of your organisation's cybersecurity posture. 

DORA requires financial institutions to timely report ICT-related issues to authorities. The number of users affected, the amount of data lost, the geographical distribution, the economic impact, and other factors should be disclosed. This plan should also include a clear description of how personnel will respond in the event of a cyberattack, as well as how operations would be restored in the event of a breach. 

Continuous monitoring of your cybersecurity posture will keep your organisation informed of any dangers, allowing it to resolve any concerns that occur as soon as possible. This includes regularly monitoring and reviewing your third-party vendors' security posture to discover any changes or vulnerabilities that may affect your organisation's overall risk profile.

DORA will require that third-party risk be managed as an integral component of total ICT risk in order to ensure that providers will support your company in the case of a cybersecurity incident and comply with stricter security standards. As a result, organisations must periodically review and manage these partnerships in order to gain rapid visibility and keep an eye on red flags and essential supply chain providers.
Read more »
Zero Trust Security
Compliance Cybersecurity Network Security Risk Management Zero Trust Security

Unlocking the Power of Zero Trust Security: 5 Reasons to Adopt the Framework

Zero Trust Security

As cyber threats continue to evolve, traditional security models are becoming less effective in protecting against them. That’s why many organizations are turning to a zero-trust security model to secure their networks, data, and applications. '

Zero trust is a security framework that assumes that all users, devices, and applications are untrusted until proven otherwise. In other words, zero trust requires authentication and authorization for every access request, even those originating from inside the network. 

Here are five reasons why you should consider adopting a zero-trust security model.

1. Improved Security

The primary benefit of a zero-trust security model is improved security. By assuming that everything is untrusted, zero trust forces every access request to be authenticated and authorized. This means that even if an attacker gains access to your network or device, they won’t be able to access sensitive data or applications without the proper credentials. Zero trust makes detecting and responding to security threats easier since every access request is logged and monitored.

2. Better Visibility

Zero trust provides better visibility into network activity. By requiring authentication and authorization for every access request, zero trust allows you to see who is accessing what, when, and from where. This visibility is critical for detecting and responding to security threats. It also helps with compliance since you can easily see who has access to sensitive data and applications.

3. Simplified Compliance

Speaking of compliance, zero trust can simplify compliance efforts. Many regulatory frameworks, such as the GDPR and CCPA, require organizations to protect sensitive data and limit access to it. Zero trust provides a framework for doing this. 
By requiring authentication and authorization for every access request, zero trust ensures that only authorized users can access sensitive data and applications. This can help you meet regulatory requirements and avoid fines for non-compliance.

4. Flexibility

Zero trust is a flexible security model that can be implemented in a variety of environments. It works equally well for on-premises networks, cloud environments, and hybrid environments. This makes it a good choice for organizations that are migrating to the cloud or using multiple environments. 
Zero trust can also be implemented incrementally, allowing you to gradually transition to the new security model without disrupting your existing systems.

5. Reduced Risk

Finally, zero trust can reduce the risk of security breaches and data loss. By requiring authentication and authorization for every access request, zero trust makes it harder for attackers to gain access to sensitive data and applications. 
It also makes it easier to detect and respond to security threats before they become major breaches. This can reduce the risk of financial loss, reputational damage, and legal liability.
Read more »
Supply Chain Attack
Cyber Security NIST Private Sectors Risk Management Supply Chain Attack

NIST Seeking Feedback for a New Cybersecurity Framework and Supply Chain Guidance

 

Addressing the SolarWinds disaster and other major third-party assaults targeting vital infrastructure, the National Institute of Standards and Technology is due to publish advice for securing organizations against supply chain breaches. [Special Publication 800-161] is the most important cybersecurity supply chain risk management guidance.' Angela Smith of the National Institute of Standards and Technology (NIST) stated. 

Angela Smith of the NIST talked at an Atlantic Council session on Tuesday about initiatives to protect information and communications technology supply chains. The first big revised version will be released by the end of next week, so stay tuned if you haven't already reviewed some of the public drafts. 

The NIST upgrade comes as the Biden administration tries to use the government's procurement power to prod contractors such as IT management firm SolarWinds and other software vendors to improve the security of their environments. 

Vendors of the underlying information and communications technology are pitching in and the Cybersecurity and Infrastructure Security Agency consider expanding private-sector partnerships and taking a more comprehensive approach to tackling dangers to critical infrastructure. 

Future guidelines on trying to manage cybersecurity risks that emerge through the supply chain, according to Smith, would focus more on actions for providers along the chain to address, in addition to the upcoming change. The current literature on the subject has been centered on the organizations' responsibilities for integrating supply-chain aspects into existing surroundings. 

The previous draft version, R2, which was released in October 2021, had a new appendix, Appendix F, which gave implementation assistance for Executive Order 14028 to government agencies. Following NIST's February 4, 2022, Secure Software Development Framework (SSDF) Recommendations, the SP 800-161 release scheduled for next week is likely to deliver more EO 14028 guidance.

The CSF was last updated by NIST in 2018. "There is no single reason causing this transition, This is a scheduled upgrade to keep the CSF current and consistent with other regularly used tools," said Kevin Stine, Chief Cybersecurity Advisor at the NIST. NIST is seeking public input on three primary topics to help guide the revision: revisions to the CSF itself, relationships and alignment between the CSF and other resources, and approaches to improve supply chain cybersecurity. President Barack Obama directed NIST to develop the CSF and directed federal agencies to use it, as well as advising the private sector to do so.

NIST should give a definition for an agency to "use" the framework, and agencies should furnish NIST with cybersecurity risk documents developed and used to comply with this requirement. For enterprises that are utilizing or considering adopting the NIST Cybersecurity Framework, seeing how it is used by US government entities would be extremely beneficial.
Read more »
Risk Management
API Cyber Security Email services End To End Encryption Risk Management

Kiteworks Leased Email Encryption Totemo

 

Kiteworks, the leading email encryption gateway supplier, regulates and secures vital digital content traveling within and out of global corporations, and used by hundreds of the largest multinational organizations in the German, Austrian, and Swiss markets. Kiteworks enables businesses to effectively manage risk and assure compliance with all the sensitive content sent, shared, received, and saved. 

This is accomplished using the Kiteworks platform, which unifies, tracks, controls, and secures all sensitive digital content communications sent through the platform via email, file share, managed file transfer, web forms, and application programming interfaces (APIs).

The totemo purchase expands the Kiteworks platform's email functionality beyond user or plug-in activation within the platform to the native mail client, offering automatic coverage of any sensitive digital content sent and received via email. 

Email content metadata on individuals, apps, devices, networks, protocols, and files will be centrally digested and normalized as totemo's technology will be integrated into the Kiteworks platform in the coming months. To limit the danger of private information being exposed and to meet regulatory compliance requirements, companies can establish centralized and comprehensive tracking and controls. 

Businesses that use this integrated intelligence will strengthen and expand the total cyber-defense strategy, extending privacy protection and compliance beyond the data center, cloud, and wide-area network (WAN) perimeters to third-party sensitive content communications. 

"Acquisition of totemo automates and extends the platform's email encryption with S/MIME, OpenPGP, and TLS protocols," explains Jonathan Yaron, Chairman and Chief Executive Officer of Kiteworks. The acquisition will have a major impact on the governance, compliance, and security industries. Customers may manage and regulate critical information that is distributed both internally and internationally using a mix of technologies from two industry leaders in content communications. 

Kiteworks' ability to allow customers to manage risk and meet regulatory requirements throughout their sensitive content communications infrastructure is strengthened by the synergy between the two businesses' product offerings.

Enterprise-ready, end-to-end encryption and automatic conversion across a wide range of encryption protocols are added to the Kiteworks platform by totemo. No other provider can match this set of skills, much alone the associated business benefits like compliance, risk mitigation, and operational efficiency. 

The conclusion is that businesses must do more to safeguard their sensitive data. CIOs, CISOs, and risk and compliance managers are under increasing pressure to secure sensitive data and demonstrate regulatory compliance while reducing friction in employees' day-to-day procedures. It must safeguard content when it is at rest, in transit, and in use. 

It also needs to safeguard content during file transfers and file sharing, within APIs, and on web forms, in addition to email. Totemo's email encryption gateway technology will be integrated into the Kiteworks platform, resulting in the most comprehensive private content communications governance, compliance, and risk protection available in the market.
Read more »
User Security
Data Data Breach Data hack Data Leak Data Leakage Information Leak Information Security Privacy Risk Management User Data User Privacy User Security

City of Grass Valley, California, Suffers Data Breach

 

After discovering about the breach, Grass Valley stated that they took quick steps to safeguard their networks, alerted law enforcement, and launched an investigation with the help of a cybersecurity firm.

The information of employees, citizens, and others was duplicated and transmitted to another network, according to more details about a significant data breach at the City of Grass Valley, California. The city council previously admitted that "unauthorised access" to its networks occurred between April 13 and July 1, 2021, according to a statement. 

The scope of the attack has now been determined, with the malicious actor transferring files outside of the city's network, including the financial and personal information of "individuals associated with Grass Valley," according to the investigation. The following information was accessed: 
  • Grass Valley employees, former employees, spouses, dependents, and individual vendors, name and one or more of the following: Social Security number, driver’s license number, and limited medical or health insurance information. 
  • Individual vendors that were employed by the city, name, and Social Security number. 
  • Individuals whose information may have been provided to the Grass Valley Police Department, name and one or more of the following: Social Security number, driver’s license number, financial account information, payment card information, limited medical or health insurance information, passport number, and username and password credentials to an online account.
  • Individuals whose data was provided to the Grass Valley Community Development Department in loan application documents, name and one or more of the following: Social Security number, driver’s license number, financial account numbers, and payment card numbers. 
Grass Valley stated it started contacting those affected on January 7 and has notified the appropriate authorities, including law enforcement. For everyone affected by the hack, the city is also providing free credit monitoring services. 

It noted, “Grass Valley sincerely regrets that this incident occurred and apologizes for any inconvenience or concern. To help prevent something like this from happening again, Grass Valley continues to review its systems and is taking steps to enhance existing security protocols.”
Read more »
Supply Chain
Cyber Security Cyber Security awareness Cybersecurity Risk Management risk mitigation Supply Chain

How To Assess Supply Chain Security For Your Business

No matter which sector your business works in, you have to depend on third parties that provide goods and services to support your business. It doesn't matter if you're a small business or a large organization operating in the manufacturing and supply chain, these third parties are important for your daily work. 

At some point, suppliers interact on-site or digitally with your business, and this makes them a threat factor. Businesses deal with these risk vectors by denying access to these supplies have, for instance, restricting access in a few areas, or using IT and network resources. 

HelpNet Security says "by formalizing supplier assurance processes and using technology to facilitate their execution across all domains, companies can have confidence in the strength of the supply chain, mitigate cyber risks." 

Generally, IT departments keep an eye on official suppliers that your business use for various areas like cloud assistance, it still remains a business challenge to track cyber security challenges from suppliers throughout your company's supply chain. 

To reduce cybersecurity risks, your business should make sure the supplier you work with can be trusted on protecting the security of data, and services that they are given. In today's date, cyberattacks have become sophisticated, they don't attack the primary target but compromise the weakest link in the supply chain. 

How to identify risks? 
 
Most businesses use a manual approach for assessing their supplies, this includes spreadsheets, Word, or PDF questionnaires via email. However, it is a time-consuming process and cybersecurity risk in itself. Manually processing will make it a challenge for your business to have a clear overview of cybersecurity risks in the supply chain. 

If the data isn't collected on a daily basis, suppliers not able to fill these requirements may go undetected. Even worse, the risks across the supply chain may leave your organization vulnerable to serious cybersecurity implications. If it happens, you're already too late. 

A better approach for risk assessment 

If the data isn't collected on a daily basis, suppliers not able to fill these requirements may go undetected. Even worse, the risks across the supply chain may leave your organization vulnerable to serious cybersecurity implications. 

If it happens, you're already too late."A good framework for supplier assurance requires procurement teams, IT teams, and other departments to work together to ensure they understand each other’s domains, objectives, and responsibilities in terms of cybersecurity and regulatory compliance," reports Helpnet Security. 

Read more »
Vulnerabilities and Exploits
elFinder File Manager Open Source Software Risk Management Security Patch Vulnerabilities and Exploits

Vulnerabilities Detected in Open Source elFinder File Manager

 

In elFinder, an open-source web file organizer, security researchers from SonarSource identified five flaws that form a severe vulnerability chain.

The elFinder file manager is often used in content management systems and frameworks like WordPress plugins and Symfony bundles to make it easier to manage both local and remote files. It's written in JavaScript with the use of jQuery UI. 

The five flaws, termed CVE-2021-32682 as a group, have a CVSS score of 9.8, which means they're highly dangerous. The vulnerability chain impacts elFinder version 2.1.58. 

According to the researchers, exploiting the vulnerabilities may allow an intruder to run arbitrary code and instructions on the server hosting the elFinder PHP connector. The vulnerabilities have been patched in elFinder version 2.1.59. The five weaknesses in the chain are classified by researchers as "innocuous bugs" that may be combined to acquire arbitrary code execution. 

The researchers noted, "We discovered multiple new code vulnerabilities in elFinder and demonstrate how they could be exploited to gain control of the underlying server and its data." 

Update to the latest version:

According to Thomas Chauchefoin, the security researcher at SonarSource, all users should immediately upgrade elFinder to the latest upgrade. 

"There is no doubt these vulnerabilities will also be exploited in the wild because exploits targeting old versions have been publicly released and the connectors filenames are part of compilations of paths to look for when trying to compromise websites." 

While the researchers did not announce any publicly available exploits, they claim that exploiting these issues can allow an attacker to run arbitrary PHP code on the server where elFinder is installed, eventually leading to its takeover. Attackers could then delete or remove any files they want, upload PHP files, and so on. 

"All these bug classes are very common in software that exposes filesystems to users and are likely to impact a broad range of products, not only elFinder," Chauchefoin added.
Read more »
Risk Management
ATM Hacking Cyber Crime Raspberry Pi Risk Management

How Cybercriminals are Hacking ATM Machines? Here's a Quick Look

 

Security researchers have published a report on the modus operandi of the cybercriminals who are using malware, a key from eBay, and a Raspberry Pi to hack ATMs. Here’s how they’re doing it. 

The Modus Operandi

Cybercriminals exploit the vulnerabilities in the operating system of the computers responsible for running the ATMs. Unfortunately, the operating system inside the computers isn’t as secured as the enclosure the computer sits in. Windows 7 is the most common operating system; however, Windows XP is also widely used. These are outdated operating systems that should have made to retire a long time ago. 

Threat actors purchase malware packages from the dark web to exploit the vulnerabilities in these operating systems and to interact with the ATM software. Some of the malware packs contain compromised proprietary software belonging to ATM manufacturers.

Before hacking the ATM, cybercriminals mark the ATMs in a city, and the ones with the high use are targeted. Attacks are typically planned for days such as Black Friday or Valentine’s Day when ATMs are loaded with up to 20 percent more money than usual. ATMs are also loaded with extra money in the weeks leading up to Christmas because many people receive their yearly or Christmas bonus in their pay.

Choice of ATM Brands and Malware Installation 

The popular names in ATM manufacturing are Diebold Nixdorf, Wincor Nixdorf, NCR, Triton, and Hitachi-Omron. Cybercriminals are very specific in their targets because the knowledge of ATM hardware helps threat actors to buy the appropriate malware and the appropriate key to open the ATM enclosure.

The USB ports on ATMs are restricted and will only accept a connection from a keyboard or a mouse. This is to allow servicemen to perform maintenance on the units. You would have loaded the malware onto your Raspberry Pi, and obtained a battery so that it can run as a portable unit. The malware is written in a way that convinces the ATM that the Raspberry Pi is a keyboard. Stored commands tumble out of the Raspberry Pi into the ATM, and the ATM dutifully follows them. 

Another way is to insert a USB memory stick into the ATM and reboot it off an operating system in the memory stick. When the ATM has booted, threat actors can install the malware directly into the ATM’s currently dormant operating system. When they reboot the ATM using its regular operating system they can control the malware by inserting a specially created card, or via a secret key combination on the ATM’s keypad.
Read more »
Subscribe to: Posts (Atom)