Computer Safety & News

In a new annual report, cryptocurrency fraud increased from $3.1 billion in 2021 to $3.8 billion in 2022

Hackers Prove the Easiest Way to Make a Crypto Fortune Is by Stealing It | PCMag

A new report reveals that hackers targeting cryptocurrency last year managed to steal a record $3.8 billion in digital coins, with North Korea being the biggest benefactor.  As the South China Morning Post reports, a new report from blockchain analysis company Chainalysis Inc. reveals that 2022 was a record year for cryptocurrency theft. In 2021, $3.3 billion in crypto was stolen, but that increased to $3.8 billion last year.  The majority of that ($3.1 billion) was taken by finding vulnerabilities in bridge services (used to connect different blockchains) that form part of the decentralized finance (DeFi) infrastructure cryptocurrency relies upon.  It seems North Korea has a particular expertise in this sector, with hacking groups linked to the country’s government accounting for $1.7 billion of the total. For context, North Korea’s gross domestic product hovers around the $29 billion mark.

The Joint Cyber Defense Collaborative (JCDC) shares its 2023 plans to help better protect our USA GOVT agencies from cybersecurity risks

JCDC Announces 2023 Planning Agenda | CISA

2023 JCDC Planning Agenda | CISA

Charged with staying ahead of and confronting cyber risk and cyber threats to the nation’s critical infrastructure, CISA brought together experts across government and the private sector to develop a collaborative cyber planning agenda. No single entity has the complete knowledge, capabilities, and legal authorities to defend the entire digital ecosystem against advanced persistent threat (APT) actors. By combining the capabilities of key industry partners with the unique insights of government agencies, JCDC can create common, shoulder-to-shoulder approaches to confront malicious actors and significant cyber risks.

1. Systemic risk: Malicious actors know how to work smarter, not harder, by targeting single points of failure in critical infrastructure. Targeting of software, hardware, and services that are widely used across sectors or compromises of lifeline functions like electrical and water that underpin virtually every organization could result in cascading impacts and severe impacts to our national critical functions.
2. Collective cyber response: As a nation, we must anticipate that malicious cyber actors will at times circumvent our combined defenses. At the same time, the American people rightly expect the U.S. government to plan for a coordinated public-private response to minimize impacts and quickly recover.
3. High-risk communities: Malicious cyber actors do not only target critical infrastructure or businesses; to the contrary, we know that adversaries—seeking to undermine American values and interests—routinely target high-risk communities, such as civil society organizations that support journalists and cybersecurity researchers.

CISA shares an important security advisory for ISC’s Berkeley Internet Name Domain (BIND) 9. 

ISC Releases Security Advisories for Multiple Versions of BIND 9 | CISA

The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system failures.  CISA encourages users and administrators to review the following ISC  advisories CVE-2022-3094, CVE-2022-3488, CVE-2022-3736, and CVE-2022-3924 and apply the necessary mitigations.

A new redesigned version of File Explorer is being developed for future implementation in Windows 11

Exclusive: This is Microsoft’s new modern File Explorer overhaul for Windows 11 | Windows Central

https://www.windowscentral.com/software-apps/windows-11/microsoft-is-working-on-a-major-design-update-for-windows-11s-file-explorer-app

As was revealed a handful of weeks ago, Microsoft is currently working on a significant update to File Explorer on Windows 11 that will update several core areas of the app with modern designs and new features that will better integrate the experience with OneDrive and Microsoft 365.  The updated app will feature a redesigned header with a modern file directory box, a modern search box, and a new “home” button. The existing header buttons, such as “new,” “copy,” and “paste,” will be moved into the file/folder view just below the header.  The home page itself is being updated with more integration with Microsoft 365. Along the top will be a feed of “recommended” files, which will be presented with larger thumbnails that will make it easier to see what files are being suggested to you.

Microsoft has created Project Phoenix to explore future innovations for Edge Browser for WIN11

Microsoft’s Project ‘Phoenix’ Aims to Reimagine the Edge Browser | PCMag

Microsoft Edge ‘Phoenix’ is an internal reimagining of the Edge web browser with a new UI and more features | Windows Central

Windows users are stuck with the Edge browser installed on their PC, but that browser could soon have a different look and be more deeply integrated with the operating system.  As Windows Central reports, an internal project codenamed “Phoenix” is being run by the Microsoft User Research team as an attempt to reimagine the web browser for Windows 11. It started last summer and is tweaking both the user interface and features integrated into Edge. Feedback is then gathered internally at Microsoft, which guides the direction development takes.

The “HIVE” is a major Ransomware malware attack recently shut-down by the FBI

FBI Secretly Infiltrated Hive Ransomware Group’s Network for 7 Months | PCMag

The FBI secretly infiltrated the infamous Hive ransomware group over seven months to stymie its attempts to extract funds from hundreds of victims.   The Justice Department made the announcement(Opens in a new window) after the FBI joined with European law enforcement to shut down the ransomware gang’s servers. This included replacing Hive’s site on the dark web last night with a banner that says the destination has been seized.

“Since infiltrating Hive’s network in July 2022, the FBI has provided over 300 decryption keys to Hive victims who were under attack. In addition, the FBI distributed over 1,000 additional decryption keys to previous Hive victims,” the Justice Department said. The resulting decryption keys likely deprived the Hive gang of $130 million in ransomware payments.

The shift of 40 hours in the local office to work-from-home presents new challenges for virtual teams & this excellent article by HBR provides excellent detailed best practices.

https://hbr.org/2021/08/5-practices-to-make-your-hybrid-workplace-inclusive

As pandemic restrictions ease, it’s clear that one big change to the way we work is here to stay: hybrid working. However, these environments run the risk of creating new inequities and exacerbating those that already exist. For employers to ensure fairness, maximize performance, and maintain cultural cohesion in hybrid work arrangements, they need to consider these five practical dimensions of inclusion when designing hybrid policies and navigating new ways of working.

1. Recruitment and Remote Onboarding
2. Working Together
3. Resolving Conflict
4. Team Cohesion
5. Promotions
6. Productivity

The Harvard Business Review is an excellent resource for management & leadership best practices & other topics

Don’t Underestimate the Value of Employee Tenure (hbr.org)

While tenure and age are correlated — we age as we accumulate experience — it is possible to separate the effects of tenure (firm-specific) from age (general) human capital. Our analyses did exactly that and showed that, after statistically accounting for the correlation between age and tenure, age has no statistically significant effect on performance, but tenure does. The positive effects of tenure vary in size from organization to organization, with the implication that well-managed tenure can return greater-than-average value to the employer.  There are three important consequences of these findings for employers.

1. One is that there is no place for ageism at work — Prejudices that devalue older workers and antagonisms that can isolate or drive them out are bad for business.
2. Another implication is that “retirement age” workers to stay in the organization can be good for the business. These practices extend the opportunity for older workers to contribute as SMEs
3. The third implication is businesses with employees who build tenure — are competitively advantaged relative to organizations that opt for alternatives such as contract, gig, and platform workers. These organizations miss out on the business value that tenure and longevity with an employer bring.

With numerous recent Tech layoffs, the FTC warns of an increase in JOB recruitment based SCAMs

Looking for a job? Scammers might be looking for you | Consumer Advice (ftc.gov)

Recent layoffs in industries like the tech sector have scammers fine-tuning their approaches to take advantage. They may advertise jobs online, sometimes setting up fake websites, or look for targets on social media — all to try to steal your money and personal information.

Scammers may go to great lengths to get what they want. Some may conduct fake online job interviews and set up phony onboarding portals where they ask you for Social Security numbers and bank account information to (supposedly) deposit paychecks. Other scammers may ask you to send money for (supposed) equipment needed for remote work — with the promise to reimburse you with your first paycheck. But these are scams. Whether you’re looking for your first job or seeking a new gig, here’s some advice to help you avoid job scams:

1. Verify job openings before you apply.
2. Watch for telltale signs of a possible scam.
3. Don’t pay for the promise of a job.

The Zero Day Initiative (ZDI) was created to encourage the reporting of 0-day vulnerabilities privately & 2022 was another record year.  ZDI presents a recap of key vulnerabilities discovered during 2022

Zero Day Initiative — Looking Back at the Bugs of 2022

It’s always great to see the huge number of amazing bugs submitted by independent researchers around the globe, but some really stood out. We’re super thankful for our global community of independent researchers, and we congratulate the 23 researchers to achieve reward levels in 2022. We had five people reach Platinum status, five reach Gold, seven Silver, and six Bronze. The work and submissions from our community of independent researchers are key to our success, and we thank all of them for their continued trust in our program. Of course, there are some particular bugs I wanted to specifically call out.