Security News

A communiqué issued at the conclusion of the NATO summit has called for China to observe the laws of cyberspace, and set out new standards by which members of the alliance will consider cyberattacks. The document treats both Russia and China as threats.

A critical vulnerability discovered in a firewall appliance made by Germany-based cybersecurity company Genua could be useful to threat actors once they've gained access to an organization's network, according to Austrian cybersecurity consultancy SEC Consult. Genua Genugate is a firewall designed for protecting internal networks against external threats, segmenting internal networks, and protecting machine-to-machine communications.

The international information security community is filled with smart people who are not in a military structure, many of whom would be excited to pose as independent actors in any upcoming wargames. Including them would increase the reality of the game and the skills of the soldiers building and training on these networks.

NATO said Saturday it was checking its computer systems after a massive cyberattack on US government agencies and others that Washington blamed on Moscow. "At this time, no evidence of compromise has been found on any NATO networks. Our experts continue to assess the situation, with a view to identifying and mitigating any potential risks to our networks," a NATO official told AFP. Microsoft said Thursday its anti-virus software detected intrusions in dozens of networked systems, most of them in the United States, via software supplied by US tech company SolarWinds.

NATO needs a new strategic concept adjusted to the global rise of new technologies, terrorism and China to replace a plan developed a decade ago, the head of the alliance said on Wednesday. Stoltenberg urged the Western defensive alliance of 30 states to "Develop common principles and standards for new technologies" to meet security challenges related to "Disruptive technologies" using big data and cyber telecommunications.

While some security researchers see Zebrocy as a separate adversary, others have shown connections between various threat actors operating out of Russia, including a link between GreyEnergy and Zebrocy attacks. Lures employed in these attacks had a NATO-related theme, a recurring motif in APT28 campaigns - the adversary used a similar theme in attacks in 2017.

The influence campaign does not merely spread false news content on social media platforms such as Twitter and Facebook, as other disinformation campaigns have done. "We have dubbed this campaign 'Ghostwriter,' based on its use of inauthentic personas posing as locals, journalists, and analysts within the target countries to post articles and op-eds referencing the fabrications as source material to a core set of third-party websites that publish user-generated content," according to FireEye researchers in a Thursday analysis.

The North Atlantic Treaty Organization this week publicly condemned the malicious cyber-activities directed against COVID-19 responders. Now, a month later, the North Atlantic Council issued a public statement condemning the "Destabilizing and malicious cyber activities" targeting entities critical to the response against the COVID-19 pandemic, such as healthcare services, hospitals and research institutes.

This indicates that, after a detailed validation process, the Kingston IronKey D300, IronKey D300S and IronKey D300SM have been listed in the NATO Information Assurance Product Catalogue for security products that meet NATO's nations, civil and military bodies' operational requirements. The IronKey D300 series is now included on this list, which means it is qualified as an encrypted Flash drive that meets the data protection levels established by NATO to protect information against loss or cyber-attacks.

Western military alliance NATO could have reacted with force to the 2017 WannaCry ransomware outbreak that locked up half of Britain's NHS, Germany's top cybergeneral has said. During a panel discussion about military computer security, Major General Juergen Setzer, the Bundeswehr's chief information security officer, admitted that NATO's secretary-general had floated the idea of a military response to the software nasty.