Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

Hacking police radios: 30-year-old crypto flaws in the spotlight

“Three may keep a secret, if two of them are dead.”

If you’d been quietly chasing down cryptographic bugs in a proprietary police radio system since 2021, but you’d had to wait until the second half of 2023 to go public with your research, how would you deal with the reveal?

You’d probably do what researchers at boutique Dutch cybersecurity consultancy Midnight Blue did: line up a world tour of conference appearances in the US, Germany and Denmark (Black Hat, Usenix, DEF CON, CCC and ISC), and turn your findings into a BWAIN.

The word BWAIN, if you haven’t seen it before, is our very own jocular acronym that’s short for Bug With An Impressive Name, typically with its own logo, PR-friendly website and custom domain name.  More…

IBM Report: Average Cost of a Data Breach Rises to $4.45 Million

IBM Security also provided tips for how to prevent and mitigate data breaches.

Data breach costs rose to $4.45 million per incident in 2023, up 2.3% from $4.35 million in 2022. Overall, the average cost has increased 15.3% from the $3.86 million average in 2020.

In addition, one in three companies discovered a data breach themselves, as opposed to 67% of breaches reported by a third party or by the attackers.

Last year, IBM saw detection and escalation costs increase, indicating that it was taking longer to investigate breaches. On average, it took 277 days for organizations to detect a breach and return to normal service. This trend has continued in 2023, with the costs of detection and evaluation rising 9.7% to $1.58 million. Lost business cost dropped the most, by 8.5% to $1.30 million.

Cost was calculated using four areas of financial impact:

  • Detection and escalation.
  • Notification.
  • Post-breach response.
  • Lost business.

In the U.S., the average cost of a data breach was $9.48 million, which was the highest globally. The U.K. saw a 16.6% drop in cost from $5.05 million to $4.21 million.  more…

Europol’s IOCTA 2023 Report Reveals Cybercriminals are Increasingly Interdependent

The Europol report also reported on cybercriminals’ use of cryptocurrencies and how their techniques are more sophisticated. However, there was good cybersecurity news, too.

Europol, the European Union’s agency for law enforcement cooperation, released its yearly Internet Organised Crime Threat Assessment report, which provides key findings and emerging cybersecurity threats that impact governments, businesses and individuals in Europe; however, these threats can affect people worldwide. The main themes of the report are cybercriminals are increasingly codependent, the fundamentals of cybercrime, technically speaking, remain the same and there is a constant use of cryptocurrencies and an increased use of mixers.  More..

Zenbleed: How the quest for CPU performance could put your passwords at risk

Famous Google bug-hunter Tavis Ormandy has just reported a new bug of this sort that he’s dubbed Zenbleed, because the bug applies to AMD’s latest Zen 2 range of high-performance processors.

Unfortunately, you can exploit the bug from almost any process or thread on a computer and pseudo-randomly bleed out data from almost anywhere in memory.

“You need to turn on a special setting to stop the code you wrote to stop the code you wrote to improve performance from reducing performance from reducing security.” More…

Top Paying IT Certifications

Here’s a list from Global Knowledge.



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.