image

HDMI cable as a gateway: AI system enables screen spying

A recently discovered method combines wireless electronic surveillance with artificial intelligence (AI) to spy on computer screens.
Researchers in Uruguay have developed a method that makes it possible to monitor the displays of computer screens using AI systems.
They intercept and decode the electromagnetic radiation emitted by the HDMI cable between the computer and monitor.
According to the researchers, this method could already be used in practice.

Screen monitoring by AI

A team of computer security researchers from the University of the Republic in Montevideo, Uruguay, has shown how screen content can be spied on while the user is entering encrypted messages, bank details or other confidential information.
This is done by intercepting the HDMI cable.
Santiago Fernández Emilio Martínez, Gabriel Varela and Pablo Musé Federico Larroca have published their research results on Cornell Tech’s ArXiv platform.

The study shows that it is possible to train an AI system to interpret minute variations in the electromagnetic radiation of the HDMI signal.
Although HDMI is a wired and digitally encrypted standard, the cables emit sufficient radiation to detect it without direct access.

The attacks can be carried out in various ways, for example by using antennas positioned outside a building to pick up HDMI signals.
Alternatively, a discrete signal capture device could be placed inside the target building.

Test the attack method

To verify the accuracy of the attack, the researchers used text recognition software to analyze the content recovered by the AI system.
The extracted text was then compared with the original screen content.
The tests showed that the AI was able to reconstruct text from a computer screen with an accuracy of 70%.

Although the researchers’ approach is not yet comparable with conventional recording methods, it shows a 60% improvement on previous projects.
The method is sufficient to understand the main content of the displayed text and could even capture passwords and sensitive data.
This is possible completely wirelessly, without physical access to the target computer and even from outside a building.

Historical context and new threats

The concept of using wireless electromagnetic signals for surveillance is not new. According to Der Spiegel, the technique of “compromising radiation”, known as “Tempest”, was previously used to reconstruct data from the radiation of computer monitors.

In the past, computers and monitors were connected via VGA ports with analog signal transmission, which made it easier for hackers to read them. Today, data is transmitted digitally via HDMI cable. Digital transmission includes encryption, which is why HDMI cables were considered secure. However, the researchers’ AI-supported “Deep-TEMPEST” attack method shows that digital transmissions can also be vulnerable.

Possible goals and protective measures

The researchers suspect that these or similar systems are already being used by government and industrial spies. Due to the complexity of the technology and the need to be close to the target system, normal users are unlikely to be affected. However, government agencies and large companies with sensitive data should consider protective measures against electromagnetic surveillance.

Source: www.tarnkappe.info, image created by AI.

19894

Cyber security in June: Fakeupdates tops malware ranking, new threats on the rise

The malware downloader Fakeupdates remains the leading threat in June according to the malware ranking of the cyber security company Check Point. The most frequently exploited vulnerability last month was the “Check Point VPN Information Disclosure”.

According to Check Point, Fakeupdates dominates the company’s malware ranking. In Switzerland, this malware has an impact of 4.03 percent, internationally it is 7.03 percent. In second place comes Androxgh0st, a botnet that steals sensitive data from Windows, Mac and Linux systems. Qbot ranks third in Switzerland. This malware is often spread via spam emails and steals login information and cookies from browsers or monitors banking activities, among other things.

There is also a new entrant in the global malware ranking, Ransomhub, which overtook Lockbit3 in June with 80 new victims. There is also a new Windows backdoor called Badspace, which includes infected WordPress websites and fake browser updates.

The most frequently exploited vulnerability in June was “Check Point VPN Information Disclosure”, according to the cybersecurity company. This vulnerability allows attackers to read out certain information on Internet-connected gateways with activated remote access VPN or mobile access. Worldwide, 51 percent of organizations were affected. This is followed by “Web Servers Malicious URL Directory Traversal” with 49 percent and “HTTP Headers Remote Code Execution” with a global impact of 44 percent.

Source: www.swisscybersecurity.net

human-hand-typing-computer-keyboard-night-generated-by-ai

Focus on vulnerabilities: National Council recommends compromise on mandatory reporting

In a recent development, dated September 12, 2023, it is being discussed whether operators of critical facilities should be obliged to report not only cyber attacks but also serious security breaches to the authorities in the future. This issue has led to controversial debates between the legislative bodies. The national legislator has now presented a compromise proposal.

An important decision was made on September 12, 2023. Should operators of critical infrastructures not only have to report cyber attacks in future, but also significant security vulnerabilities in their computer systems? This issue still divides the two chambers of the legislature. The national legislator, who had originally called for the reporting of security vulnerabilities, has now taken a step in the direction of the Federal Council, which had previously voted against this proposal.

According to information from official sources, the larger legislative body has decided to exempt proprietary developments by companies from the reporting obligation. This decision followed a request from the national legislator’s security policy committee. The spokesman for this committee, Gerhard Andrey, justified the request by stating that other operators would not use special in-house developments.

A minority in the chamber, however, argued in favor of following the Federal Council and completely abolishing the obligation to report significant security vulnerabilities in computer systems. The issue will now be referred back to the smaller legislative body.

On June 1, 2023:

Parliament has unanimously endorsed the introduction of a reporting obligation for cyber attacks on important institutions. However, this decision is not yet final, as reported by official sources. The national legislator’s proposal to extend the reporting obligation to significant security vulnerabilities in computer systems was not approved by the Federal Council. This extended proposal was rejected by 31 votes to 13. The smaller legislative chamber followed people like FDP member Hans Wicki, who warned of additional costs for businesses and the registration office. The issue will now be referred back to the national legislator to clarify differences of opinion.

On March 16, 2023:

The national legislator now supports the introduction of a reporting obligation for cyber attacks on important institutions. According to official information, it passed the necessary amendments to the Federal Act on Information Security by 132 votes to 55. As a result, operators of important facilities will in future have to report major cyber attacks to the National Cyber Security Center (NCSC) within 24 hours. If you deliberately fail to do so, you risk a fine.

The national legislator has also proposed extending the reporting obligation to significant security vulnerabilities in computer systems, following a suggestion from its Security Policy Committee. According to the press release, the larger legislative body hopes that this will have a preventive effect. The issue will next go to the Federal Council.

In a statement, a political party in Switzerland criticizes the fact that the NCSC is still intended as a reporting office. This is because the NCSC is being transformed into a federal agency and attached to the Ministry of Defense. It also houses organizations such as the Federal Intelligence Service (FIS) and the army, which the party believes are not acting in the best interests of cyber security. Therefore, the NCSC should no longer be considered trustworthy and an independent reporting office should be created. The party is also calling for the NCSC to be required to inform the public about reported cyber-attacks, rather than just seeing this as a possibility.

On December 2, 2022:

The Federal Council has submitted a proposal to Parliament to amend the Federal Information Security Act. This proposal lays down the legal basis for the obligation of operators of critical facilities to report cyberattacks they have suffered.

The central point of contact for these reports will be the new Federal Office for Cybersecurity.

Original message from May 13, 2022:

The idea of mandatory reporting of cyber attacks on important institutions enjoys strong support in Switzerland. Operators of critical infrastructures could be obliged to report such incidents in future. The proposed legislation, which the Federal Council submitted for consultation in January 2022, has met with broad approval in the business community, research and at cantonal level, according to the National Cybersecurity Center (NCSC).

A total of around 100 comments were received, most of which were in favor of the proposed legislation. A reporting obligation to a central federal office is seen as a useful instrument for strengthening cyber security. It is particularly important to those affected that these notifications can be made without additional bureaucratic effort.

Source: www.swisscybersecurity.net

Switzerland flag with statue of lady justice, constitution and judge hammer on black drapery. Concept of judgement and punishment

The new Swiss Data Protection Act comes into force

On August 31, 2022, the Swiss government decided that the complete revision of the Data Protection Act, including the new Data Protection Ordinance and the Ordinance on Data Protection Certifications (VDSZ), will finally come into force on September 1, 2023. All business enterprises must implement the updated provisions by this date. This legislation will enable the Federal Data Protection and Information Commissioner (FDPIC) to monitor compliance with data protection guidelines more effectively, whereby violations can be countered with investigations, measures and, if necessary, fines. In addition, data subjects have legal means at their disposal to enforce their rights.

Together with the determination of the entry into force of the revised Data Protection Act, the government published the official text of the Data Protection Ordinance (new abbreviation: DPO). Until now, only a preliminary draft was available, which met with some fierce resistance during the consultation phase. However, the result shows that the concerns have been taken into account in Parliament and a balance is emerging towards more practical and business-friendly requirements. In addition, many provisions have been formulated more precisely.

In the revised draft of the General Data Protection Regulation (GDPR), certain key changes have been made that could potentially have a direct impact on businesses and various organizations, whether public or non-profit. These changes are summarized as follows:

Information obligations: The requirements for information obligations have been significantly relaxed, particularly with regard to the way in which data protection declarations and data protection notices must be formulated. Specifically, some complex duties have been removed:

  • The processor’s obligation to provide information, which is difficult to understand, has been removed.
  • Private data controllers no longer have to inform recipients of personal data about certain aspects such as “accuracy” or “reliability”; this responsibility has been transferred to the federal authorities (see Art. 29 GDPR).
  • Information based on European data protection directives, such as that relating to the correction or deletion of personal data, is no longer required.

Processing regulations: The previous requirement to maintain processing regulations for private companies has been modified, but not completely abolished:

  • It only applies to specific cases such as the automated processing of sensitive personal data on a large scale or with a high risk profile (in accordance with Art. 5 GDPR).

These changes reflect a tendency to remove some of the more complex and potentially impractical requirements of the previous draft in order to make the process clearer and more manageable for all parties involved.

In addition to the revisions already mentioned, there are other modifications of essential relevance that require meticulous analysis and implementation. This includes the redesign of the sanction mechanisms, the rationalization of data security requirements and the specified obligations for international data transfers. As a company with in-depth expertise in this field, we are ideally placed to guide our clients through these complex innovations. We offer individualized consultation, assistance with adherence to new guidelines and pragmatic solutions to ensure that your company or institution not only complies with the newly developed data protection requirements, but also uses them to your advantage. Our expert specialists are available to support you in transforming the data protection landscape so you can operate with unwavering confidence and integrity.

In view of the increased sanctions (fines of up to CHF 250,000), it will be crucial to have a precise overview of all data flows to third parties (especially in an international context) in order to be able to take the necessary measures (e.g. conclusion of relevant agreements, risk assessments). The right to information will probably retain its importance, and of course the overarching issue of data and IT security remains highly relevant.

Source: FDPIC

desktop-computer-with-antimalware-protects-itself-from-cybercrime

Apple’s fight against cybercrime in the App Store

Last year, Apple removed around 1.7 million questionable and harmful apps from its App Store. The company was also able to prevent fraudulent transactions with a total value of more than 2 billion US dollars.

Apple has published a report on its prevention measures against cybercrime. According to the Californian company’s statement, the App Store team was able to avert transactions with a total value of over 2 billion US dollars in 2022 that were classified as potentially fraudulent and stopped almost 1.7 million app registrations.

As part of its ongoing commitment to combat fraudulent activity, the company also deleted 428,000 developer accounts due to suspected fraudulent activity, deactivated 282 million customer accounts deemed to be fraudulent and suspended 105,000 newly created developer accounts due to possible fraudulent activity.

Special challenges in data protection

Of the almost 1.7 million app applications rejected by Apple, 400,000 involved privacy violations. This includes, in particular, apps that attempt to collect users’ personal data without their knowledge or consent.

Furthermore, 153,000 were rejected because they deceived users and were replicas of apps that had already been submitted. Around 29,000 applications were refused inclusion in the App Store because they used undocumented or hidden functions.

“In several cases last year, the App Review team discovered apps that were equipped with malicious code and could steal users’ login data from third-party services. In other cases, the App Review team uncovered several apps that posed as harmless financial management platforms but were able to transform themselves into another app,” Apple reports. Around 24,000 such deceptive apps were blocked.

Apple added that the App Store’s ‘App Review’ team reviews an average of more than 100,000 app submissions each week, of which around 90 percent are reviewed within 24 hours.

Suspicious payments and manipulated ratings

By stopping fraudulent transactions totaling 2.09 billion dollars last year, Apple says it was able to prevent around 714,000 fraudulent accounts from making further transactions.

The company also blocked around 3.9 million stolen credit cards that were used for fraudulent purchases in the App Store. “Apple takes credit card fraud very seriously and remains committed to protecting the App Store and its users from such charges,” the company said.

Most recently, Apple removed more than 147 million fraudulent reviews from the App Store in 2022 after the company reviewed more than 1 billion reviews to identify fraudulent reviews.

According to Apple, the App Store has an average of over 650 million users worldwide every week and offers a global app distribution platform for more than 36 million registered developers.

Source: https://www.swisscybersecurity.net

medium-shot-man-holding-device

Cyber agents of the Swiss intelligence service are deployed to social media

Virtual agents will soon be part of the Federal Intelligence Service’s arsenal. Equipped with fake identities, they are tasked with collecting data from social networks.

The Federal Intelligence Service (FIS) is strengthening its presence in the digital world. The authority plans to integrate virtual agents into its team by the end of the year. The news service confirmed this to “SRF”.

“In view of the need to strengthen our own capabilities and not be exclusively dependent on the services of our partners, the FIS is currently launching a project to implement virtual agents,” according to the official statement from the intelligence service. In the past, results have already been achieved through the use of virtual agents from foreign partner services.

The virtual agents, equipped with cover identities, are sent out on social networks to collect information for the Swiss intelligence service. The exact number of these cyber agents that the FIS wants to hire and their specific skills were not disclosed to the SRF. According to the FIS, no change in the law is necessary to enable the use of virtual agents.

Prisca Fischer, the head of the independent supervisory authority for intelligence activities, says she wants to closely monitor the project and plan an investigation when the virtual agents are introduced towards the end of the year.

Source: https://www.swisscybersecurity.net

European Union security. Silhouette of hand holding a padlock over national flag

EU plans cross-border SOCs

The EU is investing more in cyber resilience. With the new “solidarity law”, the Commission plans Union-wide security centers and emergency mechanisms.

The EU Commission has adopted a proposal for a cybersolidarity law. The goal is to strengthen the EU’s cybersecurity capabilities and improve the preparedness of critical facilities, according to a statement.
The budget for the measures to be implemented under the new law amounts to 1.1 billion euros. Around two thirds are to be funded by the EU through the Digital Europe program.
As the name suggests, the law aims to strengthen solidarity between countries. Among other things, it provides for the promotion of mutual administrative assistance, so that member states could assist each other in the event of an incident.
In addition, a European cyber protection shield is planned: The Commission wants to establish a Europe-wide infrastructure consisting of several Security Operations Centers (SOCs). These are designed to detect and warn of cross-border cyber threats and incidents.
The SOCs could be operational as early as early 2024, the EU Commission writes. For the launch, it has selected 3 consortia that already bring together public bodies from 17 Member States and Iceland. This initiative was announced in late 2022 as part of the European Cybersecurity Strategy by the Commission in collaboration with the European Cybersecurity Competence Centre (ECCC).
The ECCC will now work with the selected centers to organize the procurement of tools and infrastructure to further build and expand cyber attack detection capabilities.

On-call service for emergencies and analysis of attacks

Further, the Solidarity Act provides for a contingency mechanism to improve response capacity in the event of incidents in the EU. This will include supporting tests that identify potential vulnerabilities in critical facilities. Further, an EU cybersecurity reserve is envisaged, consisting of emergency services. This would involve contracting trusted providers who could then intervene quickly and provide support in the event of serious incidents.
The regulation also seeks to establish a review mechanism. Serious cybersecurity incidents will be evaluated in the future. In this way, it should be possible to learn from experience and, if necessary, make a recommendation.

Central training and further education offer

An EU cybersecurity skills academy is also intended to bundle private and public initiatives. In this way, the Commission aims to bundle security on the one hand, but also to counteract the shortage of specialists in the IT security sector on the other.
Initially, an online presence is planned where interested parties will be able to find training offers, courses and certifications from all over the EU in a single place. In the future, the academy will evolve into a shared space for higher education institutions, training providers and the industry to help them coordinate educational programs and funding opportunities.

Source: https:%C2%

IoT_Security

NCSC provides security tips for the IoT

Computers and smartphones that are connected to the Internet must be protected accordingly – most people know that by now. However, not all users are aware that smart TVs, webcams, printers and other IoT devices can also pose a security risk, according to the National Cyber Security Center (NCSC). The center therefore provides a range of measures to protect smart devices smartly as well.

Passwords

After purchase, most IoT devices are protected with a default password. The NCSC recommends that you set your own password immediately when you first start up – the more complex, the better. What makes a password not only strong, but also secure, you can read here. If possible, users should also secure their smart devices with two-factor authentication.

Security updates

IoT device manufacturers provide security updates when they become aware of a vulnerability. Of course, these updates are useless if owners of Smart Fridge and co. do not install them. As a result, the NCSC advises, “Make sure IoT devices are up to date and always apply updates promptly.”

Internet access

There are many cyber crooks and threat actors on the Internet. Therefore, IoT users should ensure that their devices are not accessible via the Internet unless their use requires it. If, on the other hand, access is required, it is imperative that other security measures be taken, such as using a VPN connection for Internet access with the device, according to NCSC. Another method, he said, is to use an IP address filter or geo-IP filter to restrict access from the Internet.

But who would hack my refrigerator?

With the right tools, it is possible for any person to track smart devices over the Internet without much expertise or effort. The Shodan program, for example, makes it possible to find devices and systems connected to the Internet, which is why it is also considered a “search engine for IoT,” as the NCSC explains. Shodan scans IP addresses connected to the Internet for open ports and analyzes the results. These are entered into a database, which the user can search for specific keywords and filter according to criteria, according to the statement. The database can be searched for terms such as “webcam or smart TV”. Shodan presents the results along with additional information such as IP addresses and ports. That makes it even more important to adequately secure all devices, according to NCSC.

Source: https://www.swisscybersecurity.net/cybersecurity/2023-04-21/beruechtigte-hackergruppe-lockbit-tueftelt-an-ransomware-fuer-den-mac

IMG_0159-980x654

Notorious hacker group Lockbit tinkers with ransomware for the Mac

Cybersecurity experts have discovered a ransomware that attacks Macs. The hacker group Lockbit is said to be behind the malware. However, users of Apple computers need not worry – for now.

The hacker group Lockbit is apparently working on a ransomware for Macs. This was reported by “The Register” with reference to several cybersecurity experts. According to the report, the malware is supposed to run specifically on Apple computers with the Silicon processors that Apple develops itself. The malware is said to have first appeared in November 2022. Moreover, this is said to be the first time that a known hacker group has released a malware targeting Macs.

However, according to Patrick Wardle from Infosec, the currently circulating version contains an invalid certificate. Even then, if it were downloaded to a Mac computer, it could not be run just like that. “So Mac users have nothing to fear for now,” Wardle judges; and The Register rightly calls it a half-finished piece of malware.

Source: https://www.swisscybersecurity.net/cybersecurity/2023-04-21/beruechtigte-hackergruppe-lockbit-tueftelt-an-ransomware-fuer-den-mac