Tag Archive for: Architecture

NATO: Time to Adopt a Pre-emptive Approach to Cyber Security in New Age Security Architecture


Introduction

Cyber threats are complex and asymmetrical, particularly because cyberspace is “borderless” and exists digitally. NATO ensures its cyber security through collective action among its permanent members who respond based on the depth of the attack or vulnerability. With the new NATO Cyber Security Centre (NCSC), a cyber security command based in Mons, Belgium, NATO reinforces its capabilities in the cyber ecosystem. NATO seeks to secure its infrastructural digital networks through a centralized allied process. The main stated strategic goal of NATO’s cyber security infrastructure is to collectively counter “the full spectrum of cyber threats at all times.” The key pillars of this deterrence and defense posture include safeguarding vital networks, protecting infrastructures, and supporting cyber security missions. To mitigate the asymmetrical threat of cyberattacks, NATO must remain technologically advanced, agile, and interoperable in military operations to enhance its collective cyber resilience. NATO’s current policy simply responds to cyber attacks and minimizes vulnerabilities. NATO should transition towards preventing such attacks at all levels (from fundamental to complex wired infrastructure).

The Evolution of NATO’s Posture

As a security provider in the Euro-Atlantic region, NATO must ensure protection at all levels to prevent harm and damage from cyberattacks. NATO has long considered cyber defense to be a central defense mechanism. The need for a cyber security space feasibility requirement was first noted in the 2002 NATO Summit meeting in Prague, which discussed the necessity of technological agility and planning on electronic warfare and information systems. The Riga Summit in 2006 reiterated this necessity. Despite this recognition, no cyber security apparatus fully evolved, and interconnected cyber defense capacity remained low. Nevertheless, the summits accurately forecasted that future war operations would be far more complicated due to growing cyber security threats. Battles have occurred over an increasing number of dimensions–whether air, land, sea, or digital–particularly as electronic warfare has become a…

Source…

Rust-Based Botnet P2Pinfect Targets MIPS Architecture


The cross-platform botnet known as P2Pinfect has been observed taking a significant leap in sophistication. 

Since its emergence in July 2023, this Rust-based malware has been on the radar for its rapid expansion, according to a new advisory published today by Cado Security.

Initially exploiting Redis for entry into systems, P2Pinfect has now unveiled a new variant specifically crafted for Microprocessor without Interlocked Pipelined Stages (MIPS) architecture, indicating a strategic shift in its targets.

This latest move signifies an alarming escalation in the botnet’s tactics, showcasing a deliberate focus on routers, Internet of Things (IoT) devices and various embedded systems. The utilization of MIPS processors in these devices makes them particularly vulnerable to the P2Pinfect threat.

Read more on this threat: Novel Worm-Like Malware P2Pinfect Targets Redis Deployments

Researchers at Cado Security Labs stumbled upon this MIPS variant while investigating files uploaded via SFTP and SCP to an SSH honeypot. Unlike earlier iterations that primarily leveraged SSH servers for propagation, this variant stands out for attempting brute-force SSH access to embedded devices. 

Additionally, it was discovered that the malware could exploit Redis on MIPS devices using the OpenWRT package named redis-server.

Static analysis of the MIPS variant uncovered a 32-bit ELF binary with stripped debug information, as well as an embedded 64-bit Windows DLL. This DLL functions as a malicious loadable module for Redis, introducing a Virtual Machine evasion function to complicate analysis efforts further.

What also sets this variant apart is its adoption of a new evasion technique called TracerPid, which spawns a child process to detect dynamic analysis tools. Additionally, P2Pinfect seeks to disable Linux core dumps, presumably as an anti-forensic measure to safeguard crucial information from exposure.

According to Cado Security researchers, the evolution in tactics used by P2Pinfect, combined with its expanded target range and advanced evasion techniques, strongly indicates the involvement of a determined and sophisticated threat actor.

Source…

moomoo employs secure, highly-available IT architecture to enable 24/5 trading of selected US stocks and ETFs – Partner Content


Trading in United States equity markets enables Australian investors to diversify their portfolios with investments in some of the world’s largest and most-recognised businesses. To deliver 24-hour trading of selected U.S. stocks and exchange traded funds (ETFs), moomoo has connected its share trading platform to a registered broker-dealer with an alternative trading platform that operates outside regular U.S. trading hours.

The new offering means investors using moomoo can trade a list of 165 US stocks and ETFs during Australian daytime hours, as well as at night. 

“We selected the most-traded stocks and ETFs to ensure sufficient liquidity to enable smooth and efficient trades, especially during off-hours when trading volumes are generally lower,” said moomoo Australia chief market strategist Matt Wilson.

“Australia makes up less than 2% of global equities, so if you don’t invest in other markets, you are missing out on a lot of opportunities,” he added.

moomoo uses its own technology to connect via registered broker-dealer and alternative trading system (ATS) operator Blueocean. ATS is an electronic system for crossing orders in stocks governed by the National Market System, the United States’ securities trading regulation mechanism, and is available to registered broker-dealer subscribers only.  

 With the introduction of 24/5 US trading, moomoo users now have access to trading hours that cover the entire day, from 11am Monday to 11am Saturday (AEST).

Backing new feature with institutional tracking, ratings update and industrial chain tools

By using moomoo to invest in the U.S. market, Australians can access features such as an institutional tracking tool that tracks the quarterly holdings of more than 20,000 institutions. 

“This enables investors to ‘follow the big money’ and get an inside look into the strategies of the world’s top asset management firms,” explained Wilson.  

The moomoo application also includes real-time company ratings updates from 4,000 Wall Street analysts, while an ‘industrial chain’ tool also maps out divisions of labour and value chains in 17 industries so investors can identify key players and…

Source…

Is Endpoint Security taking a backseat in your IT architecture?


By Apu Pavithran, CEO, Hexnode

When Charles Babbage invented the first computer in 1822, little did he know that its capability to store information would unleash a series of cybercrimes. What started as an attack on the French Telegraph system in 1834 later saw its better selves with the advent of the internet in the 1960s. After a series of destructive attacks, the concept of ‘computer security,’ commonly dubbed as ‘cybersecurity,’ was born in the 1970s.

Following the attack on the ARPANET, the Internet’s predecessor that harmed 10% of the connected computers, the Association of Computer Machinery (ACM) inaugurated ‘National Computer Security Day’ in 1988. A decade back, when your business took birth in a garage with you and your partner being the only employees, security never had to be a cause of worry. However, over the years, as your businesses mushroom, your staff base expands, and your workplace landscape turns around, slacking on security might mean putting your business on the line. So, as another November 30th draws close, let’s rewind the clock and evaluate where we stand today in terms of security.

The Exodus towards Computer Security
A great majority of people believe that using a seven-character password to secure your devices is the sum total of cybersecurity. However, the latest conversations around password management and security give an insight into how passwords used in brute force attacks usually include eight or more characters. With the dark web controlling the internet to gain monetary benefits, it is evident that data is not just safe anymore and passwords like “12345”, “qwerty,” and “password” can easily put your business on rough waters. The fact that bidders are willing to pay an average of US $ 3,100 for stolen credentials in the dark web sets off every alarm and drives businesses’ attention to password management systems. Unfortunately, businesses seem to disregard such alarming figures, and many organizations are yet to deploy a mechanism to manage their work passwords.

While these issues can be addressed by subscribing to a password management tool, the concept of passkeys has been slowly sweeping over the password…

Source…