Security - TPD's Blog

BlackByte Ransomware breaks US Critical Infrastructure Security

In the previous three months, the BlackByte ransomware group has infiltrated the networks of at least three firms in the US critical infrastructure sectors, according to the FBI. This was revealed in a joint cybersecurity advisory issued by TLP: WHITE and the US Secret Service on Friday.

According to the federal law enforcement agency, BlackByte ransomware had infected multiple the US and foreign businesses as of November 2021, including entities in at least three critical infrastructure sectors in the US, including government facilities, financial institutions, and food and agriculture. BlackByte is a ransomware-as-a-service (RaaS) group that encrypts files on infected Windows host systems, including physical and virtual servers.

Security Scanning during software development

The number of applications scanned has also increased considerably, with developers currently testing more than 17 new applications per quarter, more than quadruple the amount scanned a decade before. The study, which looked at almost half a million apps, uncovered fresh information from a diverse range of major and mid-sized businesses, commercial software providers, and open-source organizations.

The world is more connected than ever, according to research, with 4.66 billion active internet users worldwide. According to Chris Wysopal, who is the CTO of Veracode, scanning software as a pre-production stage in the final phase of the software development lifecycle is no longer sufficient. Scanning using a variety of testing tools must happen continually as a completely integrated part of the process, much as software is now distributed regularly.

Use of multiple scan types fix defects faster

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a regulatory framework that establishes standards for the acquisition and processing of personal data among European Union citizens (EU). The General Data Protection Regulation (GDPR) is the world’s most stringent privacy and security law. Despite the fact that it was designed and passed by the European Union (EU), it imposes duties on organizations anywhere that target or collect data about EU citizens.

The GDPR major principles:

Certified Information Systems Auditor (CISA)

This certification is issued by ISACA to people in charge of ensuring an organization’s IT and business systems are monitored, managed, and protected. It is presented after the completion of a comprehensive testing and application process. It is designed for IT auditors, audit managers, consultants, and security professionals.

The primary duties of a CISA include:

Basics on Blockchain Technology

Blockchain is a digitally distributed, decentralized, public ledger that exists across a network. Virtually anything of value can be tracked and traded on a blockchain network, decreasing risk and cutting costs for all involved. In a narrow sense, we can deal with blockchain as a never-ending or ever-growing digital list of data records. It is a secured technology or a mode of transmission that is used by various groups as it serves a very complex algorithm that is almost impossible or immensely difficult to crack or hack.

Cyber Warfare: Potential Role of Developing Countries

In 2013 more than dozens of government websites are hacked by hackers’ communities. As per information, most of the hackings are done from Saudi Arabian territory. A number of these hackings included displaying messages regarding scolding Nepal and Nepalese people on the victim websites. The aim of those hackings and the locations from where these hackings are being done are officially unknown yet.

DDoS Detection and Mitigation Techniques

Learning automata-based
Honeypots-based DDoS
Risk transfer mechanism-based
Blockchain-based DDoS defense
Software-defined networking-based
An IoT middleware-based
Machine learning (ML) detection