A ban on weapons of mass destruction in orbit has stood since 1967. Russia apparently has other ideas.

Russia vetoed a United Nations Security Council resolution Wednesday that would have reaffirmed a nearly 50-year-old ban on placing weapons of mass destruction into orbit, two months after reports Russia has plans to do just that.

Russia's vote against the resolution was no surprise. As one of the five permanent members of the Security Council, Russia has veto power over any resolution that comes before the body. China abstained from the vote, and 13 other members of the Security Council voted in favor of the resolution.

If it passed, the resolution would have affirmed a binding obligation in Article IV of the 1967 Outer Space Treaty, which says nations are "not to place in orbit around the Earth any objects carrying nuclear weapons or any other kinds of weapons of mass destruction."

**Going Nuclear**

Russia is one of 115 parties to the Outer Space Treaty. The Security Council vote Wednesday follows reports in February that Russia is developing a nuclear anti-satellite weapon.

"The United States assesses that Russia is developing a new satellite carrying a nuclear device," said Jake Sullivan, President Biden's national security advisor. "We have heard President Putin say publicly that Russia has no intention of deploying nuclear weapons in space. If that were the case, Russia would not have vetoed this resolution."

The United States and Japan proposed the joint resolution, which also called on nations not to develop nuclear weapons or any other weapons of mass destruction designed to be placed into orbit around the Earth. In a statement, US and Japanese diplomats highlighted the danger of a nuclear detonation in space. Such an event would have "grave implications for sustainable development, and other aspects of international peace and security," US officials said in a press release.

With its abstention from the vote, "China has shown that it would rather defend Russia as its junior partner, than safeguard the global nonproliferation regime," said Linda Thomas-Greenfield, the US ambassador to the UN.

US government officials have not offered details about the exact nature of the anti-satellite weapon they say Russia is developing. A nuclear explosion in orbit would destroy numerous satellites—from many countries—and endanger astronauts. Space debris created from a nuclear detonation could clutter orbital traffic lanes needed for future spacecraft.

The Soviet Union launched more than 30 military satellites powered by nuclear reactors. Russia's military space program languished in the first couple of decades after the fall of the Soviet Union, and US intelligence officials say it still lags behind the capabilities possessed by the US Space Force and the Chinese military.

Russia's military funding has largely gone toward the war in Ukraine for the last two years, but Putin and other top Russian officials have raised threats of nuclear force and attacks on space assets against adversaries. Russia's military launched a cyberattack against a commercial satellite communications network when it invaded Ukraine in 2022.

Russia has long had an appetite for anti-satellite (ASAT) weapons. The Soviet Union experimented with "co-orbital" ASATs in the 1960s and 1970s. When deployed, these co-orbital ASATs would have attacked enemy satellites by approaching them and detonating explosives or using a grappling arm to move the target out of orbit.

In 1987, the Soviet Union launched an experimental weapons platform into orbit to test laser technologies that could be used against enemy satellites. Russia shot down one of its own satellites in 2021 in a widely condemned "direct ascent" ASAT test. This Russian direct ascent ASAT test followed demonstrations of similar capability by China, the United States, and India. Russia's military has also demonstrated satellites over the last decade that could grapple onto an adversary's spacecraft in orbit, or fire a projectile to take out an enemy satellite.

These ASAT capabilities could destroy or disable one enemy satellite at a time. The US Space Force is getting around this threat by launching large constellations of small satellites to augment the military's much larger legacy communications, surveillance, and missile warning spacecraft. A nuclear ASAT weapon could threaten an entire constellation or render some of space inaccessible due to space debris.

Russia's ambassador to the UN, Vasily Nebenzya, called this week's UN resolution "an unscrupulous play of the United States" and a "cynical forgery and deception." Russia and China proposed an amendment to the resolution that would have banned all weapons in space. This amendment got the support of about half of the Security Council but did not pass.

Outside the 15-member Security Council, the original resolution proposed by the United States and Japan won the support of more than 60 nations as co-sponsors.

"Regrettably, one permanent member decided to silence the critical message we wanted to send to the present and future people of the world: Outer space must remain a domain of peace, free of weapons of mass destruction, including nuclear weapons," said Kazuyuki Yamazaki, Japan's ambassador to the UN.

_This story originally appeared on_ _Ars Technica._

Russia Vetoed a UN Resolution to Ban Space Nukes

By Waqas
The Department of Homeland Security (DHS) has formed an AI Safety Board to ensure secure AI use in critical infrastructure.
This is a post from HackRead.com Read the original post: DHS Establishes AI Safety Board with Tech Titans and Experts

The board also includes OpenAI CEO Sam Altman and Alphabet CEO Sundar Pichai. Some experts argue that this presents a conflict of interest, given that both companies are deeply engaged in developing proprietary AI models.

The Department of Homeland Security (DHS) announced the formation of the Artificial Intelligence Safety and Security Board (the Board) on Friday, April 26th, 2024. This move comes amidst growing concerns about security vulnerabilities and the potential risks of artificial intelligence (AI) systems, particularly within the nation’s critical infrastructure sectors.

The Board will serve in an advisory capacity, providing recommendations to the Secretary of Homeland Security, critical infrastructure stakeholders, and the public on the responsible development and deployment of AI technologies.

Its focus, according to the Department of Homeland Security today announcement, will be on ensuring these technologies are implemented securely and effectively within sectors like energy, transportation, finance, and communication networks.

This initiative aligns with President Biden’s Executive Order on AI and Advanced Computing, signed in October 2023. The order called for a national strategy to promote responsible AI development and mitigate potential risks, including those related to security and safety in critical infrastructure.

The Board will bring together prominent industry experts from AI hardware and software companies, leading research labs, critical infrastructure entities, and the U.S. government,” the DHS stated in a press release.

The Board’s membership reportedly includes tech leaders like OpenAI CEO Sam Altman and Alphabet CEO Sundar Pichai, alongside experts in AI, civil rights, and representatives from critical infrastructure companies

This announcement follows the release of DHS’s first “Artificial Intelligence Roadmap” in March 2024. The roadmap outlines the department’s plans to leverage AI responsibly for homeland security missions while safeguarding individual privacy, civil rights, and liberties. It also emphasizes national leadership in AI through collaborative partnerships.

“The establishment of the Artificial Intelligence Safety and Security Board by the DHS is a good step towards making sure the development and deployment of AI technology in critical infrastructure is done safely and securely,” stated Joseph Thacker, principal AI engineer and security researcher at AppOmni, a SaaS security pioneer.

“By bringing together a wide array of experts, the board will provide valuable insights and recommendations which will hopefully mitigate the risks associated with AI while still reaping the benefits,” he added.

However, Joseph argued the conflict of interest factor, citing board members who are among the founders and top bosses of companies heavily involved in developing AI source models.

“One major concern I have is that there is a large conflict of interest by bringing in the companies that are developing the closed source AI models. They are incentivized to recommend against open source models for “safety reasons” when it would massively help their business models and positively affect their bottom line.”

Nevertheless, the Board’s formation is a significant step towards ensuring the safe and secure integration of AI within the nation’s critical infrastructure. Its recommendations will be crucial for developing best practices and mitigating potential risks associated with AI deployment in these sensitive sectors.

1.  White House Strategy: Software Firms Liable for Breaches
2.  AI Generated Fake Obituary Websites Target Grieving Users
3.  US-Led 40 Countries Alliance to Combat Ransomware Threat
4.  Poisoned Data, Malicious Manipulation: NIST Reveals AI Flaws
5.  Dark Web Pedophiles Using Open-Source AI to Generate CSAM

DHS Establishes AI Safety Board with Tech Titans and Experts

PRESS RELEASE

London, UK. 24th April 2024: Performanta, the multinational cybersecurity firm specialising in helping companies move beyond security to achieve cyber safety, has uncovered a trend in how developing countries are being targeted by nation state actors.

The firm’s analysis explored the origins and characteristics of Medusa, a ransomware-as-a-service targeting organisations globally. The patterns suggest that developing countries are hit first with a trend that shows a rising impact on developed countries. It implies that ransomware activities are not entirely random and a strategy is in place to focus on organisations within developing countries as their initial targets.

Guy Golan, CEO and Executive Chairman of Performanta, states: “Our analysis suggests that BRICS nations, and particularly the African continent, have become a testing ground for nation-state attacks. In order to achieve a more cyber safe environment for all organisations globally, we need to increase awareness of this growing issue. It is only through understanding the trends and patterns of geopolitical cyber warfare that will enable us to bring clarity to the global threat landscape.”

Performanta’s research has delved into precisely how attackers are using Africa, and the extent to which the region is under major threat.

In South Africa, a 10-year review of the cyber threat landscape found that the most prevalent perpetrators of attackers were trained hackers, and the top three most likely targeted industries on the continent are finance, manufacturing and energy. This poses a serious problem, with the average successful nation-state-backed cyber attack costing an average of $1.6 million per incident.

Performanta’s report also reveals a large increase in financial/banking trojans with a 59% increase in Kenya and a 32% increase in Nigeria across a single quarter.

Golan continues: “Attackers likely perceive attacking Africa to have fewer risks to themselves than directly attacking the West, and as a bridge to the Western world, it’s likely that methods are tried and tested in Africa first, before being deployed across developed countries later. As an emerging economy, Africa may have become an entry point for attackers aiming to access and disrupt Western assets indirectly. No matter the reasoning, the West and Africa must implement long-term collaborative efforts to build a strong defence against this threat.”

With a strong foothold in both South Africa and the UK, Performanta is uniquely positioned to bridge the gap between nations to form a cyber safe defence against nation-state enemies.

For more information or to read Performanta’s full report, download here.

About Performanta

Performanta is a multinational company that specialises in cyber safety. Founded in 2010, we have grown to over 180 security professionals. We provide risk and resilience consulting, managed detection and response, and continuous threat exposure management services, with a human touch. Our focus extends beyond your security controls, to your wellbeing. We work tirelessly with clients to manage the cyber security risks.

Performanta is a leading Microsoft Solutions Partner. We have been nominated by Microsoft to join its Intelligent Security Association (MISA), a worldwide group comprising 300 of its most proficient partners.

 Performanta is approved to design, develop and operate security solutions for on-premises and cloud service users. We specialise in Managed Extended Detection & Response (MXDR), Identity and Access Management, and Threat Protection.

We work with enterprises across many industry sectors, that require a cyber safety service. Operating from the UK, South Africa, North America and continental Europe, our teams deliver global services with a local feel.

New Research Suggests Africa Is Being Used As a 'Testing Ground' for Nation State Cyber Warfare

The volume of malicious cyber activity against the Philippines quadrupled in the first quarter of 2024 compared to the same period in 2023.

Source: robertharding via Alamy Stock Photo

A recent massive spike in cyber misinformation and hacking campaigns against the Philippines coincides with rising tensions between the country and its superpower neighbor China.

The cyberattacks consist of a combination of hack and leak (55%), distributed denial-of-service (10%), and misinformation and influence campaigns (35%), according to researchers at Resecurity who have been following the campaigns. The main targets are government (80%) and educational institutions (20%) in the Philippines, and these attacks — on police agencies, government ministries, and universities — and associated data leaks are sowing discontent in the country, according to the researchers.

This represents a four-fold (325%) increase in what the researchers identify as malicious cyber-espionage activity targeting the Philippines in the first quarter of 2024 compared to the same period last year. "The goal of this activity is to discredit the government and create chaos via cyberspace, as the Philippine population also relies on digital media channels and is active on social media networks," says Shawn Loveland, COO of Resecurity.

Resecurity has worked with authorities in the Philippines to trace back the source of attacks to online infrastructures in China and Vietnam. These "false flag" and "other territories" could be allies of China in such campaigns or provide them infrastructure for it, according to Resecurity.

**Fake News**

The goal of the cyberattacks correlates with disinformation campaigns spinning Chinese narratives on topics such as regional disputes about territories in the South China Sea.

In a blog post this month, Resecurity detailed the myriad of different groups associated with this collective activity. In one notable attack, a threat actor going by the alias "KryptonZambie" claimed to have obtained from unnamed sources over 152 gigabytes of stolen data containing Philippine citizen identity cards. Resecurity investigated this claim, which related to a post on Breach Forums, a Dark Web site, but found it unsubstantiated. The threat actor did not respond to any messages Resecurity investigators sent to a Telegram account used to publicize the supposed breach.

Other elements of the campaign involved posting an "audio deepfake" of Philippine President Ferdinand Marcos Jr. supposedly ordering military action against China. No such directive exists, according to authorities in the Philippines.

It’s not all fakery, however. Several of the groups covered by Resecurity's report — including  Philippines Exodus Security and DeathNote Hackers — ran attacks that led to a confirmed data breach.

**Not Real Hacktivists**

While some of this activity might resemble that of hactivists, Resecurity believes nation state-backed hackers from China or possibly North Korea (another regional adversary to the Philippines) are really to blame.

Resecurity has reported over 12 government organizations in the Philippines being targeted in the same timeframe — hallmarks of a well-organised co-ordinated attack by nation-state actors rather than independent hacktivists.

"Leveraging hacktivist-related monikers allows threat actors to avoid attribution while creating the perception of homegrown social conflict online," according to Resecurity.

Last year a Chinese state-linked advanced persistent threat (APT) group known as Mustang Panda hacked a Philippine government target via a simple side-loading technique. "This group has a strong focus on Philippines and \[is\] still active," according to Resecurity. Hacks by the group on Philippine government entities have been actively promoted via social media.

In April 2023, more than 800 gigabytes of both applicant and employee records from multiple state agencies — including the Philippine National Police (PNP), National Bureau of Investigation (NBI), Bureau of Internal Revenue (BIR), and Special Action Force (SAF) — were compromised.

This was followed in September by a breach and ransomware attack on the Philippine Health Insurance Corporation (PhilHealth) that led to the exposure of hospital bills, internal memos, and identification documents. There remains an ongoing investigation into the full extent of the leak, according to cyber threat detection firm Gatewatcher.

**Why Spy?**

China (and to a lesser extent North Korea) is the prime suspect in much of this malfeasance, according to both Resecurity and other threat intel experts.

"China is a far more complex and nuanced territory than generally portrayed. Its internal pressures are likely to lead to increased cyber-espionage activity, rather than slowing it down,"  says Ian Thornton-Trump, CISO at threat intel firm Cyjax.

"The PRC's approach to cyberspace has always been to use it to advance its business interests, extracting technologies from Western companies and creating a protected domestic market for these industries, giving them an advantage in the global market," Thornton-Trump notes.

Relations between China and the Philippines have deteriorated over recent months. Beijing condemned Filipino President Ferdinand Marcos Jr.'s congratulations to Taiwanese President-elect Lai following the latter's recent election. China regards Taiwan as a renegade province.

The Philippines has recently reaffirmed its strong alliance with the United States, announcing plans for "more robust" military activities with the US and its allies, much to the chagrin of China. In addition, the Philippines and China are in dispute over territorial claims involving islands and waters in the South China Sea.

**Incident Response**

The US, Japan, and the Philippines recently entered a cyber threat-sharing arrangement in the wake of rising attacks by China, North Korea, and Russia, a development likely to help the Philippines stay on top of the growing tide of cyberthreats.

Understanding the pattern of upsurge in malign cyber activity is the first step towards combatting it, experts say. "\[With\] a better understanding of the country's internal forces, and how these relate to its cyber strategy, we can plan better defenses against PRC cyber espionage," Cyjax's Thornton-Trump says.

Resecurity offered recommendations to safeguard both the populace and Philippine business from cyberattacks:

*   Accelerate digital identity protection of Philippine citizens — as hack and leak activity is putting their personal data at risk of being exposed.
    
*   Tighten Web application security by implementing WAFs (web application firewalls) and ongoing vulnerability assessment and pen-testing automation procedures to detect and contain vulnerabilities before bad actors exploit them.
    
*   Create fact-checking services online to combat disinformation and influence campaigns. Citizens should be offered a process for reporting suspicious online activity.
    

**About the Author(s)**

John Leyden is an experienced cybersecurity writer, having previously written for the Register and Daily Swig.

Image source: Dorota Szymczyk via Alamy Stock Photo

Philippines Pummeled by Assortment of Cyberattacks &amp; Misinformation Tied to China

The business intelligence servers contain vulnerabilities that Qlik patched last year, but which Cactus actors have been exploiting since November. Swathes of organizations have not yet been patched.

Source: S. Bonaime via Shutterstock

Nearly five months after security researchers warned of the Cactus ransomware group leveraging a set of three vulnerabilities in Qlik Sense data analytics and business intelligence (BI) platform, many organizations remain dangerously vulnerable to the threat.

Qlik disclosed the vulnerabilities in August and September. The company's August disclosure involved two bugs in multiple versions of Qlik Sense Enterprise for Windows tracked as CVE-2023-41266 and CVE-2023-41265. The vulnerabilities, when chained, give a remote, unauthenticated attacker a way to execute arbitrary code on affected systems. In September, Qlik disclosed CVE-2023-48365, which turned out to be a bypass of Qlik's fix for the previous two flaws from August.

Gartner has ranked Qlik as one of the top data visualization and BI vendors in the market.

**Continued Exploitation of Qlik Security Bugs**

Two months later, Arctic Wolf reported observing operators of Cactus ransomware exploiting the three vulnerabilities to gain an initial foothold in target environments. At the time, the security vendor said it was responding to multiple instances of customers encountering attacks via the Qlik Sense vulnerabilities and warned of the Cactus group campaign as being rapidly developing.

Even so, many organization appear not to have received the memo. A scan by researchers at Fox-IT on April 17 uncovered a total of 5,205 Internet-accessible Qlik Sense servers, of which 3,143 servers were still vulnerable to Cactus group's exploits. Of that number, 396 servers appeared to be located in the US. Other countries with a relatively high number of vulnerable Qlik Sense servers include Italy with 280, Brazil with 244 and Netherlands and Germany with 241 and 175 respectively.

Fox-IT is among a group of security organizations in the Netherlands — including the Dutch Institute for Vulnerability Disclosure (DIVD) — working collaboratively under the aegis of an effort called Project Melissa, to disrupt Cactus group operations.

Upon discovering the vulnerable servers, Fox-IT relayed its fingerprints and scan data to DIVD, which then began contacting administrators of the vulnerable Qlik Sense servers about their organization's exposure to potential Cactus ransomware attacks. In some instances, DIVD sent the notifications out directly to potential victims while in others the organization attempted to relay the information to them via their respective country computer emergency response teams.

**Security Orgs Are Notifying Potential Cactus Ransomware Victims**

The ShadowServer Foundation is also reaching out to at-risk organizations. In a critical alert this week, the nonprofit threat intelligence service described the situation as one where a failure to remediate could leave organizations at a very high likelihood of compromise.

"If you receive an alert from us on a vulnerable instance detected in your network or constituency, please also assume compromise of your instance and possibly your network," ShadowServer said. "Compromised instances are determined remotely by checking for the presence of files with .ttf or .woff file extension."

Fox-IT said it had identified at least 122 Qlik Sense instances as likely compromised via the three vulnerabilities. Forty-nine of them were in the US; 13 in Spain; 11 in Italy; and the rest scattered across 17 other countries. "When the indicator of compromise artefact is present on a remote Qlik Sense server, it can imply various scenarios," Fox-IT said. It could for instance, suggest that the attackers executed code remotely on the server, or it could simply be an artifact from a previous security incident.

"It's crucial to understand that 'already compromised' can mean that either the ransomware has been deployed and the initial access artifacts left behind were not removed, or the system remains compromised and is potentially poised for a future ransomware attack," Fox-IT said.

**About the Author(s)**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Thousands of Qlik Sense Servers Open to Cactus Ransomware

The semiconductor manufacturing giant's security team describes how hardware hackathons, such as Hack@DAC, have helped chip security by finding and sharing hardware vulnerabilities.

Source: kawin ounprasertsuk via Alamy Stock Photo

Ever since the first Hack@DAC hacking competition in 2017, thousands of security engineers have helped discover hardware-based vulnerabilities, develop mitigation methods, and perform root cause analysis of issues found.

Intel initially decided to organize the competition, which draws security professionals from academia and industry partners around the world, to raise awareness about hardware-based vulnerabilities and to promote the need for more detection tools, says Arun Kanuparthi, a principal engineer and offensive security researcher at Intel. Another goal behind Hack@DAC, capture-the-flag competitions, and other hackathonsis to draw the attention of chip designers, to motivate them to design silicon more securely, he says.

"There is very little awareness of hardware security weaknesses in general," says Kanuparthi, who spoke about lessons Intel learned from years running Hack@DAC at the recent Black Hat Asia conference in Singapore. "And we thought, really, how can we get this awareness amongst the security research community?"

"If you look at software, there are lots of tools for security, with software or firmware, but when you look at hardware, there are really only a handful of EDA or electronic design automation tools," Kanuparthi says.

These kinds of events are effective for bringing people together to find vulnerabilities and share their knowledge. CTFs are established methods for teaching and learning new skills and best practices. Intel also believes it is important to give students "an experience of what it feels like to be a security researcher at a design company," says Kanuparthi.

Intel is now accepting entries for the 2024 Hack@DAC, which will take place in June in San Francisco.

**Tackling Hard Problems**

When Intel first organized Hack@DAC, there was no standard design or open-source platform for discovering or sharing information on hardware vulnerabilities, says Hareesh Khattri, a principal engineer for offensive security research at Intel. That has changed with Intel’s collaboration with Texas A&M University and Technical University of Darmstadt in Germany. The professors and students took open-source projects and inserted existing hardware vulnerabilities to create a common framework for detecting them and new ones.

"And now a lot of hardware security research papers have also started citing this work," Khattri says.

In 2020, Intel joined other semiconductor manufacturers in aligning with MITRE’s Common Weakness Enumeration (CWE) team, which lists and classifies potential vulnerabilities in software, hardware and firmware to bring more focus to hardware.  It was an attempt to address a gap, since MITRE only maintained software weakness types, and CWE fell short of addressing root cause analyses of hardware vulnerabilities, Kanuparthi recalls.

"If a hardware issue was identified, \[the CWE\] would be tagged with some generic catch-all kind of \[alert that said\] there’s a problem or the system does not work as expected," Kanuparthi says. "But now there is a design view for hardware which you can root cause that this is specifically the problem. And that has largely been the output of some of the work that we have been doing that led to hack attack and the creation of the hybrid CWE."

As semiconductor manufacturers accelerate their focus on adding designs that can support new AI capabilities, security researchers are looking to identify weaknesses even closer to hardware design, Khattri adds. That has accelerated interest in new efforts like the Google-contributed OpenTitan Project, an open-source reference design and integration guidelines for securing root of trust RoT chips.

The efforts behind Hack@DAC and Intel’s work with MITRE on CWE have led to improved tooling, Khattri says. For example, hardware vulnerability assessment tool provider Cycuity (which uses OpenTitan as a benchmark for how its tool measures CWEs) claims its Radix can now identify 80% of known hardware weaknesses in the CWE database.

"We’ve seen a lot of progression in this space compared to when we started it," Khattri says. "Now, a lot of security research communities’ focus has gone towards trying to identify weaknesses that are closer to the hardware design."

**About the Author(s)**

Jeffrey Schwartz is a journalist who has covered information security and all forms of business and enterprise IT, including client computing, data center and cloud infrastructure, and application development for more than 30 years. Jeff is a regular contributor to Channel Futures. Previously, he was editor-in-chief of Redmond magazine and contributed to its sister titles Redmond Channel Partner, Application Development Trends, and Virtualization Review. Earlier, he held editorial roles with CommunicationsWeek, InternetWeek, and VARBusiness. Jeff is based in the New York City suburb of Long Island.

Intel Harnesses Hackathons to Tackle Hardware Vulnerabilities

By Waqas
In 2024, integrated residential security solutions are vital for comprehensive protection against evolving threats, safeguarding homes and families with advanced technology and seamless connectivity.
This is a post from HackRead.com Read the original post: Integrated Residential Security Solutions to Employ in 2024

As we progress through 2024, home security is rapidly advancing, with a notable shift towards integrated residential security solutions. These systems are the cornerstone of keeping your living space safe, using cutting-edge Internet of Things (IoT) technologies to provide comprehensive protection. 

Your home can now be outfitted with a suite of smart security devices, ranging from intelligent alarms to automated surveillance cameras, all working in unison to offer round-the-clock monitoring and real-time alerts.

With the increase in smart home devices, your home’s network faces many cyber threats. Robust firewalls, encrypted Wi-Fi systems, and consistent software updates are essential to safeguard your domain from potential digital breaches. 

Image: Hackread.com

Embracing these sophisticated security systems empowers you to create a safer and smarter home environment. Whether through enhanced connectivity that allows for seamless control over your security devices or via improved sensors that detect the slightest anomalies, your home security is now more reliable and intuitive. 

****Evolving Technologies in Home Security****

You’ll find now more than ever that your home’s defense is revolutionized by smart technologies that adapt and learn. These innovations are not only enhancing security but also ensuring seamless compatibility with your digital lifestyle.

****Artificial Intelligence and Machine Learning****

To keep your home safe, Artificial Intelligence and machine learning are no longer just buzzwords—they are crucial components that drive modern security systems. 

Large-scale AI models in residential security mean your system can now accurately detect potential threats by distinguishing between normal and suspicious behaviors. This intelligence layer allows for proactive measures, significantly minimizing false alarms that were once a common nuisance.

****IoT and Smart Device Integration****

The intersection of IoT and home security forms a network of smart devices working in concert to safeguard your premises. 

Your security setup extends beyond traditional alarms, incorporating smart locks, cameras, and lighting to create a responsive environment. Integration with IoT devices ensures your home responds intuitively to various scenarios, such as adjusting lights and lock settings as you arrive or depart.

****Cloud and Edge Computing****

Your security system’s efficiency and scalability are vastly improved thanks to cloud computing, which provides reliable data storage and remote access to your system. Meanwhile, edge computing takes processing closer to the data source—your home’s security devices. 

This means faster responses to security triggers and less reliance on bandwidth, as data can be processed locally. The harmonious combination of cloud and edge computing improves reliability and streamlines the management of your home security infrastructure.

****Enhanced Surveillance and Monitoring Solutions****

State-of-the-art surveillance technology is key to ensuring the safety of residential spaces. These systems leverage advanced sensors and artificial intelligence to provide real-time alerts and high-quality video imaging, transforming traditional security measures.

****Advanced Camera Technologies****

Modern security cameras come equipped with intelligent noise reduction and superior imaging capabilities. 

This ensures you receive clear videos, reducing false alarms due to poor image quality. Enhanced low-light performance is now a standard feature, providing better surveillance, even in dim conditions.

****AI-Driven Surveillance****

Surveillance systems have grown smarter, incorporating AI technology to analyze video feeds in real time. This means your cameras can distinguish between routine movements and potential security threats, allowing for accurate alarms and alerts. 

AI-driven multi-family residential security camera solutions can aid in recognizing suspicious activities quickly, bolstering the security of private residences.

****Real-Time Monitoring and Alerts****

Your security solution can offer real-time monitoring, with the ability to automatically notify you or dispatch personnel when an incident occurs. 

Cameras and remote monitoring services provide constant vigilance for your property. Should an incident occur, you will be immediately informed with a detailed alert, enabling swift response and ensuring your peace of mind.

****Security Systems Implementation****

When choosing the optimal security system for your home, it’s essential to understand the installation process, recognize the significance of digital identity and authentication, and ensure the solution is tailored to meet your specific needs.

****Professional vs. DIY Installation****

The decision between professional installation and DIY solutions depends largely on your comfort level with technology and specific security needs. 

With professional installation, you’re guaranteed expert setup and continued professional monitoring. 

On the other hand, DIY installation provides a more hands-on approach and may be cost-effective if you have technical proficiency.

****Digital Identity and Authentication****

Incorporating digital identity and authentication into your residential security system adds a robust layer of protection. Reflecting on FTX’s downfall, it’s evident how vital stringent security measures are in any technology-dependent system, preventing unauthorized access and ensuring the integrity of sensitive information. 

Such systems usually involve biometric scanners or advanced code encryption, providing a more personalized and secure method for access control.

****Customization for Specific Needs****

Your home’s security system should be as unique as your household’s. Customization can range from selecting cameras with advanced motion detection to installing smart locks that integrate with your entire home automation system. Identify your specific needs to determine the features that will best secure your residence.

****Innovative Access Control Systems****

Innovative access control systems have evolved to offer not only enhanced security but also user convenience and system efficiency. 

From unlocking doors with a simple facial scan to managing access rights via sophisticated digital models, these systems are transforming residential security.

****Biometric and Facial Recognition****

Biometric security systems utilize your unique physical characteristics to ensure that only authorized individuals can access your home. 

Facial recognition technology, an integral part of this security approach, provides a touchless, fast, and secure method to manage entry. The security industry has embraced this technology for its ability to combine convenience with robust security.

****Smart Lock Technologies****

Smart locks represent a revolutionary step in home security, offering you the ability to control and monitor your door locks remotely. 

Characterized by home Wi-Fi connectivity or Bluetooth, these locks can integrate with your smart home systems, allowing real-time alerts and remote access management. They contribute significantly to your security and sustainability by reducing the need for physical keys and waste.

****Digital Twin Access Management****

The application of digital twin technology in access control refers to a virtual representation of your physical security system. You can visualize and manage the flow of people within your home in a secure digital environment. 

By layering this technology onto access point systems (APS), you gain a comprehensive view that enhances financial security and physical safety. Digital twins in security may also integrate with blockchain technology, offering a decentralized approach that can bolster security protocols.

****Conclusion****

With enhanced connectivity and smarter algorithms, your home security system in 2024 integrates flawlessly across devices. Your standard video systems are upgraded to advanced sensors and high-definition video capabilities, providing you with crisp imagery and precise detection of events.

Cybersecurity is no longer an afterthought in your connected home. Employing strong firewalls, encrypted Wi-Fi systems, and consistent software updates will help safeguard your digital assets on top of the physical ones. Moreover, cloud technology brings a new layer of convenience and efficiency. Your security feeds, storage, and real-time alerts are accessible anytime, anywhere, providing a seamless user experience.

By incorporating these integrated security solutions, your home remains a sanctuary, fortified against potential threats and giving you the peace of mind you deserve.

1.  The Pros and Cons of Smart Homes
2.  NDR in the Modern Cybersecurity Landscape
3.  Top 3 Cybersecurity Tools to Protect Business Data
4.  Cybersecurity for Startups: Best Tips and Strategies
5.  IT and Cybersecurity Jobs in the Age of Emerging AI Tech

Integrated Residential Security Solutions to Employ in 2024

Eight out of nine apps that people use to input Chinese characters into mobile devices have weakness that allow a passive eavesdropper to collect keystroke data.

Source: badboydt7 via Shutterstock

Nearly all keyboard apps that allow users to enter Chinese characters into their Android, iOS, or other mobile devices are vulnerable to attacks that allow an adversary to capture the entirety of their keystrokes.

This includes data such as login credentials, financial information, and messages that would otherwise be end-to-end encrypted, a new study by Toronto University's Citizen Lab has uncovered.

**Ubiquitous Problem**

For the study, researchers at the lab considered cloud-based Pinyin apps (which render Chinese characters into words spelled with roman letters) from nine vendors selling to users in China: Baidu, Samsung, Huawei, Tencent, Xiaomi, Vivo, OPPO, iFlytek, and Honor. Their investigation showed all but the app from Huawei to be transmitting keystroke data to the cloud in a manner that enabled a passive eavesdropper to read the contents in clear text and with little difficulty. Citizen Lab researchers, who have earned a reputation over the years for exposing multiple cyber espionage, surveillance, and other threats targeted at mobile users and civil society, said each of them contain at least one exploitable vulnerability in how they handle transmissions of user keystrokes to the cloud.

The scope of vulnerabilities should not be underestimated, Citizen Lab researchers Jeffrey Knockel, Mona Wang and Zoe Reichert wrote in a report summarizing their findings this week: The researchers from Citizen Lab found that 76% of keyboard app users in mainland China, in fact, use a Pinyin keyboard to input Chinese characters.

"All of the vulnerabilities that we covered in this report can be exploited entirely passively without sending any additional network traffic," the researchers said. And to boot, the vulnerabilities were easy to discover and do not require any technological sophistication to exploit, they noted.  "As such, we might wonder, are these vulnerabilities actively under mass exploitation?"

Each of the vulnerable Pinyin keyboard apps that Citizen Lab examined had both a local, on-device component and a cloud-based prediction service for handling long strings of syllables and particularly complex characters. Of the nine apps they looked at, three were from mobile software developers — Tencent, Baidu, and iFlytek. The remaining five were apps that Samsung, Xiaomi, OPPO, Vivo, and Honor — all mobile device manufacturers — had either developed on their own or had integrated into their devices from a third-party developer.

**Exploitable via Active & Passive Methods**

Methods of exploitation differ for each app. Tencent's QQ Pinyin app for Android and Windows for instance had a vulnerability that allowed the researchers to create a working exploit for decrypting keystrokes via active eavesdropping methods. Baidu's IME for Windows contained a similar vulnerability, for which Citizen Lab created a working exploit for decrypting keystroke data via both active and passive eavesdropping methods.

The researchers found other encrypted related privacy and security weaknesses in the Baidu's iOS and Android versions but did not develop exploits for them. iFlytek's app for Android had a vulnerability that allowed a passive eavesdropper to recover in plaintext keyboard transmissions because of insufficient mobile encryption.

On the hardware vendor side, Samsung's homegrown keyboard app offered no encryption at all and instead sent keystroke transmissions in the clear. Samsung also offers users the option of either using Tencent's Sogou app or an app from Baidu on their devices. Of the two apps, Citizen Lab identified Baidu's keyboard app as being vulnerable to attack.

The researchers were unable to identify any issue with Vivo's internally developed Pinyin keyboard app but had a working exploit for a vulnerability they discovered in a Tencent app that is also available on Vivo's devices.

The third-party Pinyin apps (from Baidu, Tencent, and iFlytek) that are available with devices from the other mobile device makers all had exploitable vulnerabilities as well.

These are not uncommon issues, it turns out. Last year, Citizen Labs had conducted a separate investigation in Tencent's Sogou — used by some 450 million people in China — and found vulnerabilities that exposed keystrokes to eavesdropping attacks.

"Combining the vulnerabilities discovered in this and our previous report analyzing Sogou's keyboard apps, we estimate that up to one billion users are affected by these vulnerabilities," Citizen Lab said.

The vulnerabilities could enable mass surveillance of Chinese mobile device users — including by signals intelligence services belonging to the so-called Five Eyes nations — US, UK, Canada, Australia, and New Zealand — Citizen Lab said; the vulnerabilities in the keyboard apps that Citizen Lab discovered in its new research are very similar to vulnerabilities in the China-developed UC browser that intelligence agencies from these countries exploited for surveillance purposes, the report noted.

**About the Author(s)**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Chinese Keyboard Apps Open 1B People to Eavesdropping

Recent trends in breaches and attack methods offer a valuable road map to cybersecurity professionals tasked with detecting and preventing the next big thing.

Source: YAY Media AS via Alamy Stock Photo

Cybersecurity is constantly evolving and, as such, requires regular vigilance.

Microsoft analyzes more than 78 trillion security signals every day to better understand the latest attack vectors and techniques. Since last year, we noticed a shift in how threat actors are scaling and leveraging nation-state support. It's clear that organizations continue to experience more attacks than ever before, and attack chains are growing more complex. Dwell times have shortened and tactics, techniques, and procedures (TTPs) have evolved to become nimbler and more evasive in nature. 

Informed by these insights, here are five attack trends end-user organizations should be monitoring regularly.

**Achieving Stealth By Avoiding Custom Tools and Malware**

Some threat actor groups are prioritizing stealth by leveraging tools and processes that already exist on their victims' devices. This allows adversaries to slip under the radar and go undetected by obscuring their actions alongside other threat actors that are using similar methods to launch attacks. 

An example of this trend can be seen with Volt Typhoon, a Chinese state-sponsored actor that made headlines for targeting US critical infrastructure with living-off-the-land techniques.

**Combining Cyber and Influence Operations for Greater Impact**

Nation-state actors have also created a new category of tactics that combines cyber operations and influence operations (IO) methods. Known as "cyber-enabled influence operations," this hybrid combines cyber methods — such as data theft, defacement, distributed denial-of-service, and ransomware — with influence methods — like data leaks, sockpuppets, victim impersonation, misleading social media posts, and malicious SMS/email communication — to boost, exaggerate, or compensate for shortcomings in adversaries' network access or cyberattack capabilities. 

For example, Microsoft has observed multiple Iranian actors attempting to use bulk SMS messaging to enhance the amplification and psychological effects of their cyber-influence operations. We're also seeing more cyber-enabled influence operations attempt to impersonate purported victim organizations or leading figures in those organizations to add credibility to the effects of the cyberattack or compromise.

**Creating Covert Networks By Targeting SOHO Network Edge Devices**

Particularly relevant for distributed or remote employees is the rising abuse of small-office/home-office (SOHO) network edge devices. More and more, we're seeing threat actors use target SOHO devices — such as the router in a local coffee shop — to assemble covert networks. Some adversaries will even use programs to locate vulnerable endpoints around the world and identify jumping-off points for their next attack. This technique complicates attribution, making attacks appear from virtually anywhere.

**Rapidly Adopting Publicly Disclosed POCs for Initial Access and Persistence **

Microsoft has increasingly observed certain nation-state subgroups adopting publicly disclosed proof-of-concept (POC) code shortly after it is released to exploit vulnerabilities in Internet-facing applications.

This trend can be seen in threat groups like Mint Sandstorm, an Iranian nation-state actor that rapidly weaponized N-day vulnerabilities in common enterprise applications and conducted highly targeted phishing campaigns to quickly and successfully access environments of interest.

**Prioritizing Specialization Within the Ransomware Economy**

We've been observing a continued move toward ransomware specialization. Rather than carry out an end-to-end ransomware operation, threat actors are choosing to focus on a small range of capabilities and services. 

This specialization has a splintering effect, spreading components of a ransomware attack across multiple providers in a complex underground economy. No longer can companies think of ransomware attacks as just coming from an individual threat actor or group. Instead, they may be combating the entire ransomware-as-a-service economy. In response, Microsoft Threat Intelligence now tracks ransomware providers individually, noting which groups traffic in initial access and which offer other services.

As cyber defenders look for more effective ways to harden their security posture, it's important to reference and learn from significant trends and breaches in years past. By analyzing these incidents and understanding different adversaries' motives and favored TTPs, we can better prevent similar breaches from happening in the future.

— Read more Partner Perspectives from Microsoft Security

**About the Author(s)**

Microsoft

Protect it all with Microsoft Security.

Microsoft offers simplified, comprehensive protection and expertise that eliminates security gaps so you can innovate and grow in a changing world. Our integrated security, compliance, and identity solutions work across platforms and cloud environments, providing protection without compromising productivity.

We help customers simplify the complex by prioritizing risks with unified management tools and strategic guidance created to maximize the human expertise inside your company. Our unparalleled AI is informed by trillions of signals so you can detect threats quickly, respond effectively, and fortify your security posture to stay ahead of ever-evolving threats.

5 Attack Trends Organizations of All Sizes Should Be Monitoring

Hackers can influence voters with media and breach campaigns, or try tampering with votes. Or they can combine these tactics to even greater effect.

Source: Lennart Worthmann via Alamy Stock Photo

If history has anything to tell us, the most significant cyber threat to this year's elections won't be a leak, a distributed denial-of-service (DDoS) attack, or a fake news video. Instead, it will be some combination of these or more.

In cyberspace's salad days, hackers caused all kinds of fuss using simple, direct methods: hiding viruses in advertisements, hacking websites with easily guessed passwords, and so on. While that still happens, attackers often have to get more creative by chaining multiple tactics together in order to achieve their goals, thanks to greater cybersecurity awareness and protections.

So too with elections. In 2006, aides to Joe Lieberman's presidential campaign had to resort to their personal emails when a DoS attack froze their IT systems. A decade later, famously, came the Podesta email leak. Now, according to Mandiant, part of Google Cloud, the most potent threats to the democratic process are chained attacks.

"In the most significant cyber incidents targeting elections that Mandiant has tracked, threat actors have deliberately layered multiple tactics in hybrid operations in such a way that the effect of each component magnifies the others," the firm wrote in a new report.

**Combination Election Attacks**

One case study Mandiant pointed to occurred in 2014 when Ukraine's presidential elections were interrupted by a Russian cyber onslaught, following the ouster of its pro-Russian president Viktor Yanukovich, and Russia's invasion of Crimea.

A week before election day, Russian actors hiding behind the hacktivist moniker "Cyber Berkut" struck websites relating to NATO and Ukrainian media outlets with DDoS attacks. That set the stage for when, with four days to go, the same fake hacktivist group broke into the country's central election computers and deleted files and rendered the vote tallying system inoperable.

A day later, they added to the chaos by breaking more election infrastructure, then leaking the emails and documents stored there to the wider Internet. Lastly, just 40 minutes before election results were to be broadcast to the public, the country's Central Election Commission reportedly removed some kind of virus that was designed to present fake results in favor of the far-right, ultra-nationalist candidate.

This extreme brand of combination cyber warfare might have only happened in a country experiencing such upheaval, but other chained cyberattacks have struck more-stable democracies since.

In 2020, two 20-something Iranian nationals carried out a campaign against multiple US states' voting-related websites. They managed to obtain confidential voter information from at least one of them, which they used to send intimidating and misleading emails, including by spreading a video with disinformation about election infrastructure vulnerabilities. They also breached one media company, which, as the Department of Justice noted, could have provided them another channel through which to disseminate their false claims.

"Leaks are particularly powerful. Potentially more powerful when boosted through the compromise of legitimate media," says John Hultquist, chief analyst with Mandiant Intelligence at Google Cloud.

The breach/fake news ploy is a potent concoction. "These disinformation efforts are often orchestrated by state-backed entities from nations such as China, Russia, and Iran," warns Madison Horn, herself a 2024 candidate running for a congressional seat in Oklahoma's 5th district. "Their impact is undeniable, as seen in instances like Russia’s involvement in the 2016 US election and China’s ongoing global influence operations, which starkly demonstrate their capacity to sway public opinion and disrupt electoral integrity."

**The Threat From Cybercrime**

It's not only state-sponsored actors that pose a threat to the democratic process, Mandiant noted. Insiders, hacktivists, and cybercriminals all muddy the waters in their own ways.

In most cases, "The avenues for these campaigns are popular social media platforms — X, Telegram, Facebook — and YouTube, making the digital battlefield as accessible as it is dangerous," Horn warns.

From January 2023 to March 2024, the cybersecurity firm BrandShield tracked suspicious new social media accounts and web domains relating to Joe Biden's and Donald Trump's presidential campaigns. It found hundreds of imposter accounts across social media sites, as well as 2,335 suspect websites claiming some sort of affiliation with the president and 9,639 for the former president (helped by a 197% boost following his arrest in August).

Fake Trump site. Source: BrandShield

Fake sites and accounts are useful for spreading scams or malware and for stealing funds that voters intended to go to candidates, or they can be used in concert with other tactics to achieve greater ends.

"They can be used to get people's information, and maybe try to influence their views by distributing fake news," says BrandShield CEO Yoav Keren, formerly an adviser in the Israeli Knesset. "I would even think that they can use these platforms to interact with real people from the campaigns, to infiltrate their systems. These impersonations can be used in a lot of different ways."

"I don't want to give too many good ideas to the bad guys," he says, "but they usually come up with them before I do."

**About the Author(s)**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Tag

#intel