Paul Bergman

Author: Paul Bergman

  • Critical Erlang/OTP SSH Vulnerability: A Wake-Up Call for Overlooked Libraries

    Critical Erlang/OTP SSH Vulnerability: A Wake-Up Call for Overlooked Libraries

    A serious remote code execution (RCE) vulnerability—CVE-2025-32433—has been discovered in the SSH server component of Erlang/OTP, a language and runtime used to build highly scalable and fault-tolerant systems. The flaw allows unauthenticated attackers to execute arbitrary code on vulnerable systems, making it a major concern for organizations that rely on Erlang/OTP directly or through embedded applications.

    Even more troubling, public proof-of-concept exploits are now available, and attackers are expected to act fast before organizations have a chance to apply the patches.

    What Makes This Vulnerability So Dangerous?

    The vulnerability stems from improper handling of SSH protocol messages before authentication. Malformed SSH messages can bypass normal processing rules and trick the server into executing malicious payloads without needing valid credentials. Affected versions include Erlang/OTP releases prior to:

    • 27.3.3
    • 26.2.5.11
    • 25.3.2.20

    This issue was disclosed by researchers from Ruhr University Bochum, and proof-of-concept code has been widely shared online, dramatically lowering the barrier to exploitation.

    Where Is Erlang/OTP Used?

    Erlang/OTP is often quietly embedded in backend systems, meaning many organizations may not even realize they are exposed. It’s widely adopted in telecommunications, messaging platforms, IoT infrastructure, and scalable databases.

    Here are a few examples of popular systems and technologies that use Erlang/OTP:

    • WhatsApp – Core messaging functionality and real-time communication backend
    • RabbitMQ – A widely used message broker for cloud applications
    • CouchDB – A distributed database system for high-availability environments
    • Riak – A NoSQL key-value database designed for massive scalability
    • Ejabberd – An XMPP messaging server used in many chat services
    • Open Telecom Platform (OTP) – Used in several telecom-grade solutions
    • IoT devices – Various smart routers, controllers, and edge computing systems

    Due to its design, Erlang is excellent for systems that demand uptime and concurrency—which means that many systems silently running these services may be vulnerable and mission-critical.

    Why It’s Often Missed in Security Audits

    Because Erlang/OTP is often bundled within larger software stacks, it doesn’t show up as a standalone service during security scans or audits. Admins may be patching operating systems and application layers while missing the vulnerable SSH server quietly running behind the scenes. This hidden exposure makes CVE-2025-32433 especially worrisome.

    The Window for Attack Is Now

    With public exploits circulating and the vulnerability freshly patched, the cybersecurity community is warning that attackers will intensify their scans and exploitation attempts before systems are updated.

    What to Do Now

    To protect your systems:

    • Patch immediately: Update Erlang/OTP to a fixed version: 27.3.3, 26.2.5.11, or 25.3.2.20
    • Audit all assets: Check software dependencies and embedded services for Erlang usage
    • Limit SSH exposure: Temporarily restrict or disable external SSH access to reduce risk
    • Monitor your network: Watch for unusual SSH traffic or unexpected behavior from services using Erlang

    Summary

    CVE-2025-32433 is not just a typical SSH flaw, it’s a reminder that software dependencies matter, especially in complex systems where backend components like Erlang/OTP fly under the radar. This is your opportunity to patch, audit, and reinforce your defenses before attackers exploit this hidden door into your environment.

  • Why HR Service Firms Should Consider Cybersecurity Services as Their Next Revenue Stream

    Why HR Service Firms Should Consider Cybersecurity Services as Their Next Revenue Stream

    Introduction

    In today’s digital-first world, compliance is no longer just about HR manuals and legal frameworks—cybersecurity has become central to every risk management conversation. For a companies in this space, which already offers legal and HR compliance solutions, expanding into cybersecurity services is not just a logical step—it’s a strategic opportunity to deliver greater value and unlock a powerful new revenue stream.

    1. Compliance and Cybersecurity Are Intertwined

    Companies that turn to staffing for HR or legal compliance already trust the brand to help them navigate complex regulations. But today’s regulatory landscape increasingly includes data protection laws, digital risk mandates, and cybersecurity requirements. From GDPR and CCPA to SOC 2 and HIPAA, your clients need help understanding and mitigating risks tied to information security.

    Adding cybersecurity services like: risk assessments, incident response planning, and employee awareness training, allows staffing companies to offer a more complete, integrated compliance solution. It’s not a pivot, it’s an expansion.

    2. A Natural Extension of the Talent Placement Model

    Expertise in workforce solutions could also be enhanced by cybersecurity services in two key ways:

    • Security staffing: Help clients identify, vet, and place cybersecurity professionals—roles that are notoriously hard to fill.
    • Security onboarding and offboarding protocols: Many breaches occur due to poor user lifecycle management. By offering cybersecurity consulting tied to employee access and data policies, you provide more value around the employment lifecycle.

    3. Clients Are Already Looking for These Services

    According to Deloitte, more than 70% of mid-size companies now seek outsourced support for cybersecurity. Your clients are likely evaluating vendors for penetration testing, policy development, and even virtual CISO services. Why not position yourself as a trusted partner already within their ecosystem?

    With the right hires or strategic partnerships, you could offer packages tailored to client size and risk profile, including:

    • Cyber risk assessments
    • Vendor risk management
    • Policy and compliance alignment (e.g., SOC 2 readiness, HIPAA risk analysis, CMMC, NIST alignment)
    • Security awareness training programs
    • Cloud and endpoint security consulting

    4. High-Margin, Recurring Revenue Model

    Cybersecurity services naturally lend themselves to monthly retainers, annual reviews, or project-based consulting—making them ideal for building predictable, scalable revenue. Margins in cybersecurity services are often higher than traditional staffing or compliance offerings, especially when automation and standardization are in place.

    5. It Future-Proofs Your Brand

    By embracing cybersecurity, staffing firms strengthen market position as a modern, full-spectrum compliance partner. This kind of forward-thinking service offering not only retains current clients but also attracts new ones—particularly in sectors like healthcare, finance, and SaaS, where cybersecurity isn’t optional.

    In Summary

    Cybersecurity isn’t just an IT issue, it’s a business imperative. Stepping into cybersecurity services complements your existing offerings, reinforces your position as a trusted compliance partner, and unlocks long-term growth. As digital risks continue to rise, your clients will be looking for support. With the right expertise and a commitment to strategic service expansion, staffing firms could be exactly who they turn to next.

  • Urgent Evolutions in Responding to Fast Flux

    Urgent Evolutions in Responding to Fast Flux

    Fast Flux is a sneaky technique that cybercriminals use to hide malicious websites and make them harder to shut down. It works by constantly changing the IP addresses connected to a single domain name; sometimes every few minutes. This trick helps attackers keep their phishing sites, malware downloads, or command centers online even if defenders try to block them. Think of it like a digital shell game, where the target keeps moving to avoid being caught.

    In the ever-evolving landscape of cybersecurity threats, “fast flux” has emerged as a sophisticated technique employed by malicious actors to obfuscate their operations and evade detection. Recognized as a significant national security concern, fast flux poses challenges for organizations aiming to protect their digital infrastructure.​Palo Alto Networks+4CISA+4fieldeffect.com+4

    What is Fast Flux

    Fast flux is a domain-based technique characterized by the rapid and frequent changing of DNS records, such as IP addresses, associated with a single domain. This method enables cybercriminals to hide the actual location of their malicious servers, making it difficult for defenders to track and block their activities. By leveraging a network of compromised hosts, attackers can create a resilient and highly available command and control (C2) infrastructure.​Palo Alto Networks+4CISA+4fieldeffect.com+4fieldeffect.com+1CISA+1

    There are two primary variants of fast flux:

    • Single Flux: In this approach, a single domain name is linked to numerous IP addresses that are frequently rotated in DNS responses. This ensures that if one IP address is blocked or taken down, the domain remains accessible through other IP addresses.​
    • Double Flux: This more advanced technique involves not only the rapid changing of IP addresses but also frequent changes to the DNS name servers responsible for resolving the domain. This adds an additional layer of redundancy and anonymity for malicious domains.​

    These techniques are often facilitated by botnets—networks of compromised devices—that act as proxies or relay points, further complicating efforts to identify and mitigate malicious traffic.​CISA

    The Threat Landscape

    Fast flux is utilized by a range of malicious actors, including cybercriminals and nation-state adversaries, to support various nefarious activities:​CISA

    • Phishing Campaigns: Fast flux networks can host phishing websites that are difficult to take down due to their constantly changing IP addresses.​Palo Alto Networks+3Unit 42+3fieldeffect.com+3
    • Malware Distribution: By rotating the hosting infrastructure, attackers can distribute malware while evading detection and takedown efforts.​Unit 42
    • Botnet Operations: Fast flux techniques enhance the resilience of botnets by making their command and control servers harder to locate and disrupt.​Unit 42+1fieldeffect.com+1
    • Hosting Illicit Content: Cybercriminal forums and marketplaces may use fast flux to maintain high availability and resist law enforcement actions.​CISA

    The use of fast flux complicates traditional defense mechanisms, such as IP-based blocking, due to the rapid turnover of IP addresses and the distributed nature of the infrastructure.​CISA

    Detection and Mitigation Strategies

    To effectively combat fast flux, organizations should adopt a multi-layered approach that combines DNS analysis, network monitoring, and threat intelligence:

    1. DNS and IP Blocking: Implement mechanisms to block access to domains identified as using fast flux, utilizing non-routable DNS responses or firewall rules.​CISA
    2. Sinkholing: Redirect traffic from malicious domains to controlled servers to capture and analyze the traffic, aiding in the identification of compromised hosts.​CISA
    3. Reputational Filtering: Block traffic to and from domains or IP addresses with poor reputations, especially those associated with fast flux activities.​U.S. Department of Defense+1CISA+1
    4. Enhanced Monitoring and Logging: Increase logging and monitoring of DNS traffic and network communications to identify new or ongoing fast flux activities. Implement automated alerting mechanisms to respond swiftly to detected patterns.​CISA+1U.S. Department of Defense+1U.S. Department of Defense+1CISA+1
    5. Collaborative Defense and Information Sharing: Share detected fast flux indicators with trusted partners and threat intelligence communities to enhance collective defense efforts.​CISA+1U.S. Department of Defense+1
    6. Phishing Awareness and Training: Educate employees to recognize and appropriately respond to phishing attempts, particularly those facilitated by fast flux networks.​U.S. Department of Defense

    It’s important to note that some legitimate services, such as content delivery networks (CDNs), may exhibit behaviors similar to fast flux. Therefore, defenders should make reasonable efforts, such as allowlisting expected CDN services, to avoid blocking legitimate content.​CISA

    Conclusion

    Fast flux represents a persistent and evolving threat to network security, leveraging rapidly changing infrastructure to conceal malicious activities. By implementing robust detection and mitigation strategies, organizations can significantly reduce their risk of compromise. Engaging with cybersecurity service providers and participating in information-sharing initiatives are critical steps in strengthening defenses against fast flux-enabled threats.​CISA+2U.S. Department of Defense+2CISA+2

    For more detailed guidance and technical information, refer to the joint advisory by CISA and international partners: Fast Flux: A National Security Threat.

  • Beware of Tax-Themed Scams: Protect Yourself This Tax Season

    Beware of Tax-Themed Scams: Protect Yourself This Tax Season

    Tax season is upon us, and while many are busy, cybercriminals are equally active, crafting deceptive schemes to exploit unsuspecting taxpayers. Two prevalent methods they employ are phishing and smishing attacks, designed to steal personal and financial information. Understanding these threats and the tactics used can help you stay vigilant and safeguard your sensitive data.

    Understanding Phishing and Smishing

    • Phishing involves cybercriminals sending fraudulent emails that appear to come from legitimate organizations, such as the IRS or tax preparation services. These emails often contain links to fake websites or attachments laden with malware, aiming to trick recipients into revealing confidential information like Social Security numbers or bank account details.
    • Smishing is similar but utilizes text messages (SMS) instead of emails. Scammers send messages that may prompt you to click on malicious links or call a fraudulent phone number, leading to potential identity theft or financial loss.

    How Cybercriminals Use File Hosting and Link Shortening Services

    To make their deceptive messages more convincing and evade detection, scammers often employ file hosting and link shortening tools:

    • File Hosting Services: Attackers may upload malicious documents or forms to reputable file-sharing platforms. They then include links to these files in their phishing emails or smishing texts. Since the links point to well-known services, recipients might be less suspicious and more likely to click.
    • Link Shortening Tools: By shortening URLs, scammers can disguise the true destination of a link. A shortened link can obscure a malicious website’s address, making it challenging for recipients to identify fraudulent links at a glance.

    For instance, a phishing email might claim to be from the IRS, alerting you to an issue with your tax return and urging you to review a document via a shortened link. Clicking on this link could lead to a counterfeit IRS website designed to harvest your login credentials or install malware on your device.

    The IRS doesn’t initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. This includes requests for PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts.

    Recent Trends and Warnings

    The IRS has reported a significant increase in texting scams, warning taxpayers to remain vigilant. In 2022, thousands of fraudulent domains tied to smishing scams were identified, with messages often luring victims with fake COVID relief or tax credits.

    Similarly, Microsoft has observed phishing campaigns using tax-related themes to steal credentials and deploy malware. These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments, abusing legitimate services like file-hosting platforms to avoid detection.

    Protecting Yourself from Tax Scams

    To reduce the risk of falling victim to these scams, the best advice is to simply think before you act. If you are tempted to act, consider the following precautions:

    1. Be Skeptical of Unsolicited Communications: The IRS typically initiates contact through regular mail. Be cautious of unexpected emails or text messages claiming to be from the IRS or other tax-related entities.
    2. Verify Links Before Clicking: Hover over links to preview the URL before clicking. Be especially wary of shortened URLs or links directing to file-sharing services, as they may conceal malicious destinations.
    3. Avoid Sharing Personal Information: Never provide sensitive information like Social Security numbers or bank details in response to unsolicited messages. Legitimate organizations will not request such information through email or text.
    4. Use Strong, Unique Passwords: Ensure your online accounts have robust passwords. Consider using a password manager to generate and store complex passwords securely.
    5. Enable Multi-Factor Authentication (MFA): MFA adds an extra layer of security by requiring additional verification beyond just a password. This can significantly reduce the risk of unauthorized account access.
    6. Keep Software Updated: Regularly update your devices and applications to patch security vulnerabilities that scammers might exploit.
    7. Report Suspicious Activity: If you receive a suspicious email or text claiming to be from the IRS, report it to phishing@irs.gov. This helps authorities track and combat emerging scams.

    Conclusion

    As tax season progresses, staying informed about the tactics used by cybercriminals is crucial. By understanding how phishing and smishing scams operate, particularly their use of file hosting and link shortening tools to obscure malicious intentions, you can take proactive steps to protect your personal and financial information. Remain vigilant, verify communications, and prioritize your cybersecurity to navigate this tax season safely.

  • AI Cybersecurity Playbook: Enhancing Collaborative Defense

    AI Cybersecurity Playbook: Enhancing Collaborative Defense

    The AI Cybersecurity Collaboration Playbook, developed by the Cybersecurity and Infrastructure Security Agency (CISA), serves as a crucial guide to improving collaboration and enhancing the cybersecurity resilience of AI systems and technologies. With AI playing an increasingly integral role in various sectors, the potential for cyber threats targeting AI systems also escalates. In response, CISA has developed this playbook to strengthen partnerships between federal, state, and local government agencies, the private sector, academia, and international entities. The playbook provides a detailed framework for how stakeholders can work together to manage AI cybersecurity risks and bolster collective defense.

    Objectives and Focus Areas

    The playbook’s central goal is to foster a collaborative approach to AI cybersecurity. As AI technologies become more embedded in critical infrastructure and everyday business processes, their vulnerabilities need to be addressed through cooperative efforts. The playbook underscores the importance of sharing information about AI-related threats, incidents, and vulnerabilities. This exchange of data allows for timely identification of emerging threats, better coordination in response efforts, and more informed decision-making when it comes to AI system security.

    One of the key principles outlined in the playbook is the necessity of voluntary, yet structured, information sharing. The playbook recommends that stakeholders share information regarding AI-related cybersecurity incidents, as well as the vulnerabilities that these incidents expose. This is important because AI systems often involve complex architectures and interdependencies, making them susceptible to novel and hard-to-detect cyberattacks. The playbook facilitates stakeholders’ efforts to share this information securely and responsibly, with an emphasis on protecting sensitive data and ensuring compliance with privacy laws.

    Collaborative Defense

    The AI Cybersecurity Collaboration Playbook also provides practical guidelines on how different parties can contribute to collective defense strategies. CISA encourages stakeholders to work together through the Joint Cyber Defense Collaborative (JCDC) to tackle AI-specific challenges. This collaboration involves government agencies, the private sector, and critical infrastructure providers working in concert to detect, respond to, and mitigate cyber threats that target AI systems.

    To maximize the effectiveness of collaboration, the playbook highlights the importance of proactive threat detection. By sharing threat intelligence and insights across sectors, stakeholders can identify vulnerabilities and attack patterns early on, reducing the potential damage that can be caused by these threats. Additionally, the playbook stresses the importance of coordinated response efforts. The JCDC serves as a central mechanism for organizing these efforts, ensuring that response activities are not duplicated and that resources are optimized for maximum impact.

    Recognizing the sensitivities around sharing cybersecurity data, the playbook addresses legal protections for shared information. It emphasizes the role of the Cybersecurity Information Sharing Act of 2015 (CISA) in creating a framework for secure information exchange. The playbook assures stakeholders that sharing information about cybersecurity threats is protected from liability, as long as it follows the guidelines set forth in the CISA law. This is crucial because many organizations are hesitant to share data due to concerns about privacy, legal consequences, and competitive disadvantage. By clarifying the protections available under CISA, the playbook aims to reduce these barriers to information sharing.

    Resilience Through AI Security

    AI systems are increasingly critical to the functioning of modern society, from healthcare and transportation to financial services and energy. However, as these systems grow more complex, their resilience to cyber threats becomes more challenging to maintain. The playbook outlines how AI stakeholders can better prepare for the unique cybersecurity risks that AI systems face. It highlights the need for continuous monitoring of AI systems and the potential vulnerabilities that may emerge over time. This ongoing vigilance is key to building resilient AI technologies that can withstand cyberattacks and recover from disruptions.

    The playbook also emphasizes that AI cybersecurity is a shared responsibility. While government entities and cybersecurity organizations play a critical role in shaping policy and setting standards, private companies that develop and deploy AI technologies are on the front lines of defense. Therefore, all stakeholders must take ownership of their cybersecurity responsibilities and work together to create secure, trustworthy AI systems. By sharing expertise, pooling resources, and learning from each other’s experiences, stakeholders can improve the security posture of AI systems on a national and international scale.

    Conclusion

    The AI Cybersecurity Collaboration Playbook is an essential resource for strengthening the cybersecurity of AI technologies. It offers a comprehensive approach to tackling the growing challenges associated with AI cybersecurity by promoting collaboration, improving information sharing, and ensuring legal protections for stakeholders. As AI continues to play a pivotal role in society, the need for secure AI systems is more critical than ever. By following the strategies outlined in the playbook, stakeholders can contribute to a more secure, resilient AI ecosystem that is better equipped to handle the evolving cybersecurity landscape.

    For further details, you can access the full document here: AI Cybersecurity Collaboration Playbook and explore more about CISA’s work at CISA.

  • The Need for Grassroots Support for Nonprofits in Light of the US Government Freeze on Grant Funding

    The Need for Grassroots Support for Nonprofits in Light of the US Government Freeze on Grant Funding

    Nonprofits have long been a vital part of the American social fabric, supporting a wide range of causes from education and healthcare to social justice and environmental sustainability. However, in recent times, these organizations have faced a particularly challenging hurdle: a freeze on US government grant funding. This freeze has left many nonprofits scrambling to maintain their operations, programs, and the crucial services they provide to underserved communities.

    As the government holds back on disbursements, nonprofits must look to alternative sources of support—chief among them being grassroots fundraising and community engagement.

    The Impact of the Government Funding Freeze

    The freeze on government grant funding has had a ripple effect across the nonprofit sector. Many organizations, particularly smaller ones, depend on government grants to fund their programs and operational costs. When that funding source is removed or delayed, it often forces nonprofits to make difficult decisions, such as scaling back their services or reducing staff. In some cases, it may even lead to the shuttering of entire programs that communities rely on.

    This freeze has affected not only local organizations but national ones as well, with some advocacy groups and service providers finding it more difficult to maintain their work. While government grants were never a guaranteed source of funding, they provided a level of stability that allowed nonprofits to plan long-term initiatives, and now that is in jeopardy.

    Grassroots Support: A Lifeline for Nonprofits

    In the face of such uncertainty, nonprofits must turn to their communities for support. Grassroots efforts, which rely on the contributions and involvement of individuals and local businesses, are crucial during times like these. Unlike government grants or corporate donations, grassroots support comes from the people who directly benefit from the services a nonprofit provides.

    Grassroots support takes many forms: direct donations, fundraising events, volunteer hours, in-kind contributions, and public awareness campaigns. While these forms of support may seem small in comparison to large government grants or corporate sponsorships, they are incredibly powerful when aggregated. Here are some reasons why grassroots support is more critical than ever:

    1. Community Investment

    Grassroots donors are more likely to have a personal connection to the cause they’re supporting. Whether it’s a local education program, a neighborhood food bank, or a healthcare initiative, community members understand firsthand the importance of these services. As a result, they are often more invested in the long-term success of nonprofits, viewing their donations and time as an investment in their own community.

    2. Diversified Funding

    Relying solely on government funding or corporate donations is risky for any nonprofit. Government funding can be inconsistent, and corporate donations often come with strings attached. By building a strong base of grassroots supporters, nonprofits can create a more diversified funding model. This reduces the risk of being entirely dependent on any one source of funding and ensures financial stability through a wider range of revenue streams.

    3. Increased Awareness and Advocacy

    Grassroots support often goes hand-in-hand with grassroots advocacy. When individuals are engaged in giving, they become passionate advocates for the cause. This advocacy can take many forms, from spreading the word on social media to organizing local events that raise awareness of important issues. A strong grassroots base not only provides financial support but helps amplify the nonprofit’s message and mission.

    4. Sustainability and Long-Term Growth

    Grassroots funding isn’t just about short-term survival—it’s also about sustainable growth. When a nonprofit cultivates relationships with individuals and businesses within the community, it builds a network of ongoing supporters who are likely to remain engaged for years to come. Unlike large corporate donations that may fluctuate year-to-year, grassroots supporters tend to have a longer commitment, providing stability in both the financial and social capital sense.

    Ways to Cultivate Grassroots Support

    In order to tap into the power of grassroots support, nonprofits need to focus on fostering meaningful relationships with their communities. Here are some ways to build a strong base of grassroots support:

    1. Engage with Your Community: It’s crucial for nonprofits to stay connected with the people they serve. Hosting community events, town halls, or open forums can give individuals a voice and allow them to connect personally with the cause. This builds trust and encourages people to give back in whatever way they can.
    2. Leverage Social Media: Social media has proven to be a powerful tool for grassroots fundraising. From crowdfunding campaigns to awareness drives, nonprofits can use platforms like Facebook, Instagram, and Twitter to rally support, share success stories, and reach a wider audience.
    3. Offer Opportunities for Volunteering: Many people feel more comfortable contributing their time rather than money. Volunteering not only helps nonprofits meet their operational needs, but it also fosters deeper relationships within the community. Volunteers who believe in the cause are likely to become repeat contributors, both in terms of time and financial donations.
    4. Develop Targeted Fundraising Campaigns: Create fundraising campaigns that directly address community needs. Whether it’s an annual event, a campaign for a specific program, or a cause-specific initiative, targeted campaigns are more likely to resonate with supporters who feel personally connected to the outcome.
    5. Celebrate Donors and Volunteers: People who contribute their time or money want to feel valued. Recognizing their contributions publicly, whether through thank-you notes, social media shout-outs, or donor appreciation events, can go a long way in maintaining long-term support.

    In Summary

    The freeze on government funding for nonprofits presents a serious challenge, but it also highlights the importance of grassroots support. By turning to local communities for financial contributions, volunteer support, and advocacy, nonprofits can build stronger, more sustainable operations. Grassroots support isn’t just about keeping organizations afloat in tough times—it’s about creating a foundation of trust, connection, and shared responsibility that can help nonprofits thrive in any environment. As we navigate this uncertain funding landscape, it’s clear that the power of community will always remain one of the most reliable resources for any nonprofit.

  • Outsourcing IT? Key Risks for US Businesses

    Outsourcing IT? Key Risks for US Businesses

    The FBI has issued an urgent public service announcement regarding North Korean IT workers targeting U.S.-based businesses in a growing wave of data extortion. These workers have leveraged illicit access to company networks to steal proprietary and sensitive data, often holding it hostage to demand ransom payments. This has included the exfiltration of critical company code and the release of this stolen data, putting businesses at risk of significant financial and reputational damage.

    The Problem: Data Extortion and Theft

    North Korean IT workers are infiltrating corporate networks, typically through job applications, posing as legitimate remote workers. Once inside, they exfiltrate sensitive data—sometimes even copying entire repositories of proprietary code—and demand ransoms for its return. This extortion has been coupled with activities like launching cybercriminal operations or generating revenue for the regime. The threat is particularly pronounced for businesses in the software development and technology sectors, where stolen intellectual property can have a long-lasting impact.

    Risk Points and Red Flags

    Several potential risk areas have been identified, including:

    1. Remote Hiring Practices: North Korean IT workers often use fake identities, relying on AI-generated resumes, face-swapping technology, and reused communication details, such as phone numbers or email addresses, to gain employment remotely.
    2. Data Exfiltration: Once infiltrating a network, the stolen data is often transferred via cloud services, shared drives, or private repositories, making detection challenging.
    3. Unusual Network Activity: Frequent login attempts from diverse locations, especially across countries, and abnormal use of remote desktop applications, may indicate unauthorized access.

    Recommendations to Protect Your Business

    To mitigate these risks, the FBI provides several actionable recommendations:

    1. Enhance Data Monitoring:
      • Enforce the Principle of Least Privilege on your networks, limiting access for users and restricting installation of unauthorized software.
      • Closely monitor network traffic for abnormal activities such as remote connections or prohibited protocols.
      • Watch for unusual browser sessions or file transfers to cloud accounts and shared drives.
    2. Strengthen Remote Hiring and Onboarding:
      • Implement thorough identity verification for remote applicants, including cross-checking resumes and communication accounts.
      • Educate HR and development teams on potential red flags, such as unusual educational backgrounds and inconsistencies in applicants’ documentation.
      • Consider in-person interviews or “soft” interview questions to probe for authenticity.
    3. Incident Response:
      • If you suspect a North Korean IT worker may have infiltrated your network, report the incident immediately to the FBI’s Internet Crime Complaint Center (IC3).
      • Use intrusion detection systems to track and analyze suspicious activity related to a potential breach.

    In Summary

    North Korean IT workers have evolved their tactics, increasingly targeting U.S. businesses for data theft and extortion. By strengthening hiring practices, enhancing network security, and monitoring for suspicious activity, companies can better safeguard against these sophisticated cybercriminals. Early detection and swift action are key to minimizing the impact of such attacks.

  • U.S. Cyber Trust Mark: A Crucial Step in Securing IoT Devices for Home and Business

    In an era where connected devices are part of our everyday lives, from smart thermostats to security cameras, ensuring their cybersecurity is essential to protecting sensitive information. The U.S. Cyber Trust Mark, a new initiative announced by the White House, is a significant step forward in safeguarding the Internet of Things (IoT) devices on both home and corporate networks. However, it’s important to clarify that this program is about awareness, not a whitelisting system.

    What is the U.S. Cyber Trust Mark?

    The U.S. Cyber Trust Mark is a cybersecurity label aimed at informing consumers about the security features of connected products like baby monitors, smart appliances, and security systems. Administered by the Federal Communications Commission (FCC), this program provides an easy-to-spot label to help consumers assess whether the devices they purchase meet critical cybersecurity standards.

    While this is a voluntary program, it sets a benchmark for manufacturers to adhere to established cybersecurity criteria, such as those from the National Institute of Standards and Technology (NIST). By submitting their products for compliance testing, companies can earn the Cyber Trust Mark, which signals to consumers that the device has passed a rigorous security evaluation.

    UL LLC (UL Solutions),a global leader in applied safety science, has been selected to serve as the Lead Administrator and a Cybersecurity Label Administrator (CLA) of the FCC’s voluntary cybersecurity labeling program for wireless consumer Internet of Things (IoT) products. UL has been very involved in electronics manufacturing for many year. It seems few devices sold in the US don’t have a UL mark on them.

    Why This Isn’t a Whitelisting Program

    The U.S. Cyber Trust Mark should not be confused with a “whitelisting” program. Whitelisting typically refers to a security measure that allows only pre-approved software or devices to operate within a network, blocking everything else by default. This is a proactive security tactic used by network administrators to control access to systems and data. This is not that. Additionally, this mark does NOT insure the device is “safe”. The only way to insure there is no cyber threat is to not power it on in the first place. Also, this doesn’t mean anything without a mark is necessarily “unsafe”.

    On the other hand, the Cyber Trust Mark is an awareness initiative. It helps consumers make informed decisions about the products they buy by giving them an easily recognizable symbol that indicates the device meets certain cybersecurity standards. It does not mean the device will be exempt from future vulnerabilities or threats—it simply provides an assurance that it meets current standards.

    A Step Toward Securing IoT Devices

    In a world where IoT devices are becoming ubiquitous in homes and workplaces, the Cyber Trust Mark is a vital tool in the battle against cyber threats. By providing clear, accessible information about a device’s security, the mark helps consumers and businesses alike make smarter decisions when it comes to safeguarding their networks.

    This initiative encourages manufacturers to prioritize cybersecurity in the development of their products, much like the EnergyStar label incentivizes energy efficiency. As more manufacturers participate and earn the mark, we can expect to see a greater focus on building secure devices that are less vulnerable to cyberattacks.

    What does this mean?

    The U.S. Cyber Trust Mark represents a significant move forward in creating safer environments for both consumers and businesses when it comes to using IoT devices. By focusing on education and informed decision-making rather than outright blocking devices, this initiative supports the creation of a more secure, cyber-resilient future.

  • Navigating New HIPAA Regulations in Healthcare Cybersecurity

    Navigating New HIPAA Regulations in Healthcare Cybersecurity

    The landscape of healthcare cybersecurity is undergoing a seismic shift with the introduction of updated HIPAA regulations. Having spent nearly 15 years in the cybersecurity field and navigating the intricacies of HIPAA compliance firsthand, I see these changes as both necessary and challenging for organizations of all sizes.

    Addressing a Critical Gap

    Under the old HIPAA rules, organizations had the latitude to determine which compliance measures were “appropriate” for them. While this flexibility was initially intended to accommodate diverse operational needs, it also created loopholes. Many organizations sidestepped critical security measures that were deemed inconvenient or costly, leaving sensitive patient data vulnerable to breaches. The new regulations close this loophole, mandating a uniform standard of compliance that eliminates subjective interpretation.

    This change is long overdue. Cybersecurity threats in healthcare have evolved dramatically, with ransomware attacks and data breaches becoming alarmingly common. By enforcing stricter and more consistent requirements, the new rules aim to protect patient data more effectively and bolster public trust in the healthcare system.

    The Cost of Compliance

    However, these changes come with a price tag. Implementing comprehensive cybersecurity measures will undoubtedly raise operational costs, especially for smaller organizations that have historically neglected their security infrastructure. For some small practices, these costs may be overwhelming, potentially leading to difficult decisions, such as retiring early or merging with larger entities.

    This scenario is particularly unfortunate given the essential role that independent healthcare providers play in many communities. It’s critical for industry leaders and policymakers to find ways to support these smaller entities, whether through financial incentives, subsidies, or access to affordable cybersecurity solutions.

    A Shift Toward Virtual and SaaS Solutions

    One notable impact of the new regulations will be the acceleration of a trend already underway: the adoption of virtual and Software-as-a-Service (SaaS) solutions. These technologies enable organizations to distribute costs more effectively, as they often operate on subscription models that include regular updates and built-in compliance features. By leveraging cloud-based solutions, healthcare providers can achieve robust cybersecurity without bearing the full burden of maintaining and upgrading on-premises systems.

    For savvy health organizations, this shift presents an opportunity to enhance efficiency and scalability while staying ahead of the compliance curve. It is essential to carefully vet these solutions. This ensures they meet the new HIPAA standards and the needs of the organization.

    Moving Forward

    The updated HIPAA rules signal a much-needed evolution for healthcare cybersecurity, one that prioritizes resiliency, patient data protection, and organizational accountability. While the transition will be challenging—particularly for small providers—it also paves the way for a more secure and resilient healthcare system.

    As an industry, we must approach these changes collaboratively. The road ahead may be difficult, but it’s a necessary step to safeguard the future of healthcare in an increasingly digital world.

  • Disinformation Unchecked: How Musk and the New Administration Are Already Shaping the Narrative

    Disinformation Unchecked: How Musk and the New Administration Are Already Shaping the Narrative

    The recent closure of the State Department’s Global Engagement Center (GEC) raises significant concerns about the future of U.S. efforts to combat foreign disinformation. Established in 2016, the GEC was pivotal in identifying and countering propaganda from adversarial nations like Russia and China. Its dissolution, following Congress’s decision to cut funding in the National Defense Authorization Act, leaves a critical gap in the nation’s defense against malign information campaigns.

    Critics argue that this move aligns with the incoming administration’s broader agenda to reshape the narrative landscape. Elon Musk, a prominent adviser to President-elect Donald Trump, has previously labeled the GEC as “the worst offender in U.S. government censorship [and] media manipulation. Musk’s influence, coupled with the administration’s intent to reduce government spending, suggests a deliberate shift away from institutional checks on disinformation.

    This development is particularly troubling given the escalating disinformation efforts by foreign actors. In 2024 alone, countries like Russia and China have intensified propaganda campaigns targeting democratic processes in nations such as Taiwan, Moldova, and Georgia. The absence of a dedicated U.S. entity to counter these threats not only undermines global democratic resilience but also signals a potential acquiescence to foreign influence operations.

    Moreover, the closure of the GEC may embolden domestic actors seeking to control narratives without accountability. The intertwining of political interests with media platforms, exemplified by Musk’s dual roles as a tech mogul and government adviser, raises ethical questions about the impartiality of information dissemination. Without transparent mechanisms to counter disinformation, the public remains vulnerable to manipulated narratives that serve specific agendas.

    The termination of the Global Engagement Center represents a significant step back in the fight against disinformation and leaves those in control of media even more powerful. It reflects an unsettling convergence of political and corporate interests aiming to control narratives, potentially at the expense of truth and democratic integrity. As foreign disinformation campaigns continue unabated, the need for robust countermeasures has never been more critical.

    The GEC had ambitious plans to develop advanced technological tools, including:

    • Photoshopped image detection systems
    • Meme detection models
    • AI-generated content detection tools

    Mark Montgomery, a supporter of the center, expressed frustration with the decision, highlighting the ongoing threat of information operations by countries like Russia, China, and Iran.

    Read more here: State Department’s disinformation office to close after funding nixed in NDAA | CyberScoop