Subterms
Image: Shutterstock / GaudiLab Google has released Chrome 104 stable with fixes for seven ‘high’ and 15 ‘medium’ severity flaws. Google has released Chrome version 104 for Windows, Mac and Linux, with fixes for 27 security bugs reported by third parties. None of the flaws are listed as being actively exploited, but the release notes for […] More
Singapore has passed amendments to two Bills that will clear the way for a new digital intelligence unit to be established as part of the country’s armed forces. The government has described the move as necessary amidst intensifying “cyber intrusions” that threaten critical systems. First mooted in March, the new digital and intelligence service (DIS) unit would be set up as a fourth service under the Singapore Armed Forces (SAF) and responsible for combating online attacks. The DIS team would work alongside the three other services–Army, Navy, and Air Force–to enable the country’s defence systems to work as a collective group. Expected to be operational by year-end, the new unit would be headed by a chief of digital and intelligence service (CDI), joining the other three service heads. The CDI also would be a member of the Armed Forces Council and hold legal powers, discharging their duties and authority to lead the DIS in times of conflict, said Minister for Defence Ng Eng Hen in parliament. Noting that the “battleground” had extended into the cyber realm, Ng said the DIS needed to be a “fully-fledged military service arm” to safeguard Singapore’s critical infrastructures. “The digital domain–just like air, land, and sea–has become a battle terrain which, if left unguarded, can impact the security and sovereignty of any country,” he said. He added that both state- and non-state actors recognised they could use the digital domain to achieve their objectives, particularly, terrorist cells. “Whether to recruit vulnerable inductees, spread false propaganda, supply funds, procure weapons, sabotage, or bypass state security systems, these areas have become standard fare for terrorist networks,” the defence minister said. As digital threats continued to scale, occurring in the millions each day, they could have real physical impact on countries that were unprepared, he said. Pointing to ransomware attacks that brought down crucial services such as the US Colonial Pipeline, which cut off gas supplies, he noted that cyber intrusions could affect critical systems including water systems, hospitals, air traffic, and financial systems. Ng said attacks that had the most “pernicious” intent and aimed to undermine Singapore’s sovereignty or security had to be differentiated, stressing the need for a dedicated unit to build, train, and maintain “cyber troops” and capabilities to defend the country’s digital borders.”The DIS will ensure Singapore is defended against the full spectrum of threats against potential aggressors,” he said. “The digital environment is more porous than the physical one, but the DIS will be responsible to guard against these aggressors in that domain.”The amendments to the SAF Act passed in parliament this week set the path for the DIS to be formally established, along with changes to other Acts to ensure the new service–and its “soldiers”–would be officially recognised as a part of the military. The Constitution also was amended to grant discretionary power to Singapore’s president in appointing the CDI.RELATED COVERAGE More
Microsoft has launched two security services that aim to boost the intelligence capabilities of an organization’s security operations center (SOC) rather than solely protect devices. Microsoft has launched Defender Threat Intelligence and Defender External Attack Surface Management (EASM) — two new products that merge technology Microsoft gained after acquiring security firm RiskIQ last July for $500 million. There may appear to be some overlap between Microsoft’s existing services like its Azure-powered Sentinel security information and event management (SIEM) service and Microsoft Defender Experts for Hunting, a managed threat hunting service, and its Defender Experts for XDR, a managed extended detection and response (XDR) service. But Microsoft says these RiskIQ-based threat intel service offerings differ in that they provide customers with “direct access to real-time data” from Microsoft’s security signals. Microsoft chief Satya Nadella last week said the firm receives 43 trillion security signals each day. Besides signals, Microsoft says its new threat intel service is based on intel merged between RiskIQ, Microsoft’s nation-state tracking team, Microsoft Threat Intelligence Center (MSTIC, pronounced ‘Mystic’), and the Microsoft 365 Defender security research team.Rob Lefferts, corporate VP of Microsoft Modern Protection and SOC unit tells ZDNet the threat intel service is about “connecting SOCs with Microsoft’s own researchers from MSTIC”.Meanwhile, Microsoft Defender External Attack Surface Management is about “how do we make sure that you get to see the whole world the way that the attacker would,” says Lefferts.”We’re gonna scan the internet and help you understand what do you present out on the public internet and what exposure does that mean for your company.”The attack surface management service could be useful given data that attackers start scanning the internet for exposed vulnerable devices within 15 minutes of a major flaw’s public disclosure and generally continue scanning the internet for older flaws like last year’s nasty Exchange Server flaws, ProxyLogon and ProxyShell. This service discovers a customer’s unknown and unmanaged resources that are visible and accessible from the internet – giving defenders the same view an attacker has when they select a target. Defender EASM helps customers discover unmanaged resources that could be potential entry points for an attacker. Across MSTIC and Microsoft 365 Defender Research, Microsoft is tracking 250 different actors and ransomware families. “We’re providing intelligence across all of them and bringing that into your security team — not just to learn the latest news… but also to explore it, so if I see an indicator, I might explore where that might live on the network and connect that to what I’m seeing in my company. It’s like a workbench for analysts inside a company,” says Lefferts. Microsoft’s security business is growing at a rapid clip. It was worth $10 billion a year in 2021, and as of April had grown to become a $15 billion a year business. At its Q4 FY 2022 earnings update, Nadella said Microsoft’s “security revenue increased 40 percent” and that its security business now spans 50 categories, well beyond its Defender antivirus for Windows PCs.Other recent acquisitions include IoT security firms CyberX and ReFirm Labs to boost its cybersecurity offerings. Microsoft rebranded its Defender lineup in 2020 to bring Microsoft Threat Protection, Defender ATP, Azure Security Center, and others brought under the Microsoft Defender monicker. Microsoft Defender would become its XDR product, while Azure Sentinel became its SIEM line.Lefferts says the two new Defender-branded services are standalone products. “This is different to protecting endpoint. It’s about improving your security team, giving them new views and perspectives. If you think about a game of chess, if you turn it around and look at it from your opponent’s point of view, this is a tool that is designed to help analysts do that by giving them that different perspective,” he says. More
Image: Getty The level of reported ransomware incidents doesn’t paint an accurate picture of what’s really going on, as many victims remain unwilling to talk about what happened, the European Union’s cybersecurity agency has warned. Following an analysis of 623 ransomware incidents between May 2021 and June 2022, the ENISA threat landscape report for ransomware […] More
Image: Getty Images/iStockphoto Seventeen malicious apps designed to infect Google Android users with banking malware have been removed from the Play Store. The malware campaign has been detailed by cybersecurity researchers at Trend Micro who’ve dubbed it DawDropper and say it delivers four types of banking trojan – TeaBot, Octo, Hydra and Ermac – in […] More
Getty Samsung has created a new mode for Galaxy smartphones that should prevent phone repair technicians from accessing customers’ private data during repairs. Samsung announced the new Repair Mode on its Korean press release page, which was spotted by SamMobile. This is a potentially very useful privacy feature for those times when customers […] More
Jaco Beukman, Getty Images/iStockphoto Are you suffering from slow internet speeds at home? After 2020, many of us found ourselves spending a substantial amount of time at home. Especially when multiple people are in the same property, the fight for capacity can lead to a host of connectivity issues. Connectivity drops, bottlenecks, lagged content streaming […] More
So voice control is a huge deal in home automation. You want to feel like a high baller when you walk in and have a robot assistant waiting on you 24/7, right? Well, 2022 isn’t there yet so the current smart assistants on the market are the next best thing. Having tried Google, Alexa, and Siri, I can tell you that for voice control fans, the right voice assistant can make or break your smart home. Personally, I find Alexa to be the most accurate in her responses and understanding my commands, Google is probably middle of the road, and Siri still plays Sweet Caroline when I ask her to turn on the downstairs lights.Now, Alexa isn’t perfect, we know that. But she is a favorite for smart homes and going the Amazon Alexa route ensures vast compatibility, as it’s the most popular voice assistant out there.Setting up the Amazon Alexa app is pretty easy, the platform is built around Alexa, and you can easily add devices and customize your home. And with Amazon’s Frustration-Free Setup, setting up new devices will become even easier with fewer steps. I do wish that some things like routines and your devices were more easily accessible on the Alexa App. Though they are both available on the app’s home, I find myself getting distracted by all of Alexa’s suggestions. And, to be honest, the app just isn’t the easiest to navigate in the beginning. You get used to it, however, and learn to easily make your way around it, but it shouldn’t have to take as long as it does to reach that point.Connectivity and automationsAlexa is available on multiple Amazon devices, like the Echo speakers and Fire TV devices. It works through Wifi, Bluetooth, Zigbee (on Echo 4th Gen, Echo Show except 1st Gen, and Echo Studio) and, more recently, Matter.The Alexa app has some pretty good automation power. Amazon is set on making America’s voice assistant out of Alexa, so they’ve put quite a lot of effort in making sure she helps optimize productivity, routines, shopping, your access to information and current events, and how you cook and enjoy your music. An Echo device, either a speaker or display, will give you access to thousands of skills and dozens of available routines to make the most of all your smart devices. You can set your Echo to detect a barking dog and have Alexa either play soothing music or let you drop in to soothe them. Alexa can even turn off a light when it hears snoring in the room, how creepy is that? Cool, I meant cool.There are countless ways to take advantage of Alexa’s automation power and, with popularity still pretty high, more are turning up every day. Pros:Alexa is responsive and smarter than othersEverything works with AlexaCons:App isn’t as user-friendly More
