WyzGuys Tech Talk

A quick Saturday digest of cybersecurity news articles from other sources.

Hacking police radios: 30-year-old crypto flaws in the spotlight

“Three may keep a secret, if two of them are dead.”

If you’d been quietly chasing down cryptographic bugs in a proprietary police radio system since 2021, but you’d had to wait until the second half of 2023 to go public with your research, how would you deal with the reveal?

You’d probably do what researchers at boutique Dutch cybersecurity consultancy Midnight Blue did: line up a world tour of conference appearances in the US, Germany and Denmark (Black Hat, Usenix, DEF CON, CCC and ISC), and turn your findings into a BWAIN.

The word BWAIN, if you haven’t seen it before, is our very own jocular acronym that’s short for Bug With An Impressive Name, typically with its own logo, PR-friendly website and custom domain name.  More…

IBM Report: Average Cost of a Data Breach Rises to $4.45 Million

IBM Security also provided tips for how to prevent and mitigate data breaches.

Data breach costs rose to $4.45 million per incident in 2023, up 2.3% from $4.35 million in 2022. Overall, the average cost has increased 15.3% from the $3.86 million average in 2020.

In addition, one in three companies discovered a data breach themselves, as opposed to 67% of breaches reported by a third party or by the attackers.

Last year, IBM saw detection and escalation costs increase, indicating that it was taking longer to investigate breaches. On average, it took 277 days for organizations to detect a breach and return to normal service. This trend has continued in 2023, with the costs of detection and evaluation rising 9.7% to $1.58 million. Lost business cost dropped the most, by 8.5% to $1.30 million.

Cost was calculated using four areas of financial impact:

• Detection and escalation.
• Notification.
• Post-breach response.
• Lost business.

In the U.S., the average cost of a data breach was $9.48 million, which was the highest globally. The U.K. saw a 16.6% drop in cost from $5.05 million to $4.21 million.  more…

Europol’s IOCTA 2023 Report Reveals Cybercriminals are Increasingly Interdependent

The Europol report also reported on cybercriminals’ use of cryptocurrencies and how their techniques are more sophisticated. However, there was good cybersecurity news, too.

Europol, the European Union’s agency for law enforcement cooperation, released its yearly Internet Organised Crime Threat Assessment report, which provides key findings and emerging cybersecurity threats that impact governments, businesses and individuals in Europe; however, these threats can affect people worldwide. The main themes of the report are cybercriminals are increasingly codependent, the fundamentals of cybercrime, technically speaking, remain the same and there is a constant use of cryptocurrencies and an increased use of mixers.  More..

Zenbleed: How the quest for CPU performance could put your passwords at risk

Famous Google bug-hunter Tavis Ormandy has just reported a new bug of this sort that he’s dubbed Zenbleed, because the bug applies to AMD’s latest Zen 2 range of high-performance processors.

Unfortunately, you can exploit the bug from almost any process or thread on a computer and pseudo-randomly bleed out data from almost anywhere in memory.

“You need to turn on a special setting to stop the code you wrote to stop the code you wrote to improve performance from reducing performance from reducing security.” More…

Top Paying IT Certifications

Here’s a list from Global Knowledge.