Cybersecurity Starts in the Boardroom
I have reported on other air gap exploits by Mordechai Guri, from Ben-Gurion University in Israel – here are two more ways that the secure air gapped system can be exploited: GAIROSCOPE: Injecting Data from Air-Gapped Computers to Nearby Gyroscopes (arxiv.org) ETHERLED: Sending Covert Morse Signals from Air-Gapped Devices via …
Continue reading “Air gapping – not as secure as you think – enter Gairoscope and EtherLED”
Here is a great weekend read, which I found very interesting: It is an excellent article by Morgan Meaker at Wired UK, examining the apparent plague of spyware, being discovered on the smartphones of activists, journalists and politicians, across Europe Spyware Scandals Are Ripping Through Europe | WIRED UK All …
“Spyware is huge threat to global human rights and democracy, expert warnsCybersecurity expert Ron Deibert to testify to Canadian MPs about troubling spread of invasive surveillance tools” Leyland Cecco – The Guardian Spyware is huge threat to global human rights and democracy, expert warns | Canada | The Guardian
…unless you are a company promising only to sell the spyware to approved governments and law enforcement. Australian spyware developer charged after 14,500 sales • The Register
For when you have time, here are two articles from Microsoft looking at cyberweapons: Continuing the fight against private sector cyberweapons – Microsoft On the Issues Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits – Microsoft Security Blog The view from the US Government Pegasus spyware: Just ‘tip of …
This attack was highly targeted, using spyware from an Israeli cyber weapons company Candiru. To get the spyware onto the target machines the threat actors exploited, what was then, a zero-day vulnerability in Google Chrome. Zero-day used to infect Chrome users could pose threat to Edge and Safari users, too …
Continue reading “Zero-day targeted attack against journalists using Google Chrome”
An air-gapped system is designed to be very secure. It is not connected to any other system, network or internet – literally a physical gap between it and the rest of the IT world. If it is not connected, then threat actors cannot connect to it. Mordechai Guri, from Ben-Gurion …
