Note to Friends. On the case.
Cross Hairs: The Rhysida .onion site and their 72 targets are in focus. CHACHA20 progression.
IR35 Skims and Scams to the loss for HMRC and/or the Client/Consultant
Authorities know about all these...and done nothing!
1. Unexplained and accrued fees charged directly to the consultant
2. Pocketing holiday pay set aside and belonging to the consultant
3. Paying falsified mileage claims (thus avoiding NI)
4. Inappropriately offering Gross Payment Model
5. Incoherent payslip accounting, no explanation/breakdown offered
6. Inappropriate Charging of Apprenticeship Levy
7. Formation of Mini Cartels between umbrella businesses.
8. Improper charging of employer’s NI on pensions
9. Claiming the employment allowance
10. Consultants forced/unwittingly opting out of AgCond. regulations
11. “Gap pay” charges
12. Employers NI allowance scam (involving mini umbrella companies)
International Summit on AI
The BBC are reporting the materail underpinning the international Summit on Artificial Intelligence.
A perfect venue for such a gathering....the only real abuse of AI to date is the misinformation that arises from the actions of the insidious.
Nobody there will have even considered the impact of RADAR attacks on their AI systems, let alone how to counter them. (Clue: it's impossible to counter them without the training data being properly structured/controlled.)
(A new contribution in the essay series from CDD's consultants.)
Artificial Intelligence. Complete Tosh! (2 pages)
Does artificial intelligence(AI) even exist and therefore does it necessitate regulation? If it doesn't, what is it that does actually need proper controls in order to protect what might be serious adverse impact on human society from the actions of the insidious.
Free Cyber Security Assessment
Free to SMEs - Contact us to receive a free, confidential Cyber Security Essentials Assessment and Report of your business...absolutely no obligation.
Latest List of Known Exploited Vulnerabilities Across All Products & Manufacturers
(Sept.23 - MSExcel format)
Really important! Known vulnerabilities that are also known to have been exploited by attackers.
Vital intelligence material for assessment of corporate threat landscape, necessary detection techniques, technical remediation and cyber risk reduction.
CDD - Comments on the NATS shutdown - Interim Incident Report
CDD would comment that it is staggering the a saftey critical element of the UK critical national infrastructure (having such immediate adverse and direct financial and operational impact) could calmly shut itself down and take it's toys away becasue of a bit of illogical data! See here
CDD - Cyber Attack on Norwegian Government Installations
CDD is monitoring cyber attacks against the Norwegian critical infrastructure (alleged to follow Russian tactics and strategy of 2020). This is a volatile situation involving complex vectors and co-ordinated combinations of vulnerabilities that were thought to be remedied.
CDD - Clarification over CLOP capabilities
CDD recognises that there is some confusion over CLOP capabilities and IOC. Therefore please see (curtesy of Mitre's data): - This is extremely professional, modular combinatorial malware....
Command and Scripting Interpreter:
Windows Command Shell
Data Encrypted for Impact
De-obfuscate/Decode Files or Information
File and Directory Discovery
Disable or Modify Tools
Inhibit System Recovery
Modify Registry Native API
Network Share Discovery
Obfuscated Files or Information:
Security Software Discovery
Subvert Trust Controls:
System Binary Proxy Execution:
System Location Discovery:
System Language Discovery
Time Based Evasion
CDD is launching a new Massively Parallel Processing Engine
CDD has been engineering a new Deep Neural Network processing environment for data enrichment and machine learining purposes. This system is approaching readiness and will be in a position of process 45000 independent processes sumultaneously using 3.2GHz cores and served by a 40GB dedicated DevOps N/W. This represents a breakthrough in massively parallel processing available to ordinary private users wishing to exploit AI/ML and DNN technology on a budget and without the security risks associated with cloud deployment of high technologies and sensitive or high governance data.
MOVEit Cyber Attack
A range of adverse security impacting vulnerabilities are currently being investigated. Patching is available and alternative mitigations being engineered for those already targeted by the ClOp group.
Further updates being prepared for correspondents on these issues. Please call 07917 663374
The Russian group responsible for ClOp (A.K.A. TA505, FIN11, etc...) deploy a complex and evolving malware capability with the following sample of combinatorial capabilities:
1. Use of cmd.exe to facilitate command execution on the target system(s)
2. Detection Avoidance Techniques by:
Applied quiesence (to evade sandbox analytics)
3. Enumeration of all processes and N/W shares on target machines
4. Quiesence/Termination of processes and services for backup and related security operations
5. << Redacted >>
6. Deletion of shadow volumes (i.e. vssadmin Delete Shadows /all /quiet)
7. Deploys bcdedit to disable recovery options
8. Keyboard language checks (for Cyrillic alphabet) via: (thus avoiding Russian endpoints)
9. Deploys msiexec.exe to disable/uninstall or otherwise impair the function of security tools on the system and searches for processes with IDS, Anti-virus and Anti-malware products
10. Incorporation of built-in API functions:
11. Capability to modifications Windows registry data
12. Deployed crypto ranging from basic recurrent XOR operations to decrypt strings, but currently uses AES, RSA, and RC4. (Helpfully adding ".clop" extension to encrypted files!)
[ Contact: Norrentz ]
Current AI Concerns
All the current shrill and ill-informed discussion about AI is completely swept aside by a single consideration. Has any computer, anywhere, ever decided to do something, purely based upon its own volition? I am not aware of any, and therfore all planetary species can rest assured that there is no real danger arising from a device equipped with an off-switch! Computers are not intelligent and merely provide the opportunity to augment human cognition that appears to emulate intelligence and only then, to the uninitiated. The clever trick is to recognise when this is taking place.
US have disrupted the most advanced Russian espionage malware.
Dangerous malware, known as Snake, was initially designed decades ago and used in a number of campaigns including Uroboros, Venomous Bear, Waterbug and Turla. It is used by threat actors (in Center 16 of the FSB) to steal sensitive documents from well protected devices in some 50 countries. FBI's 'Perseus' capability issued commands to disrupt Snake's critical operational components.
HM Government issues UK quantum strategy...not before time!
Russian 'spy ships' threaten to sabotage UK energy supply
What is new? However, the recent cyber hostile activity from patriotic yourng russians (as reported in the Telegraph) and the physical breacehs of cybersecurity around Orkney are troublesome events. Indeed, the deployment and use of sea plough technology to sever communications cables needs to attract the attention of military decision makers. The Telegraph have missed a few matters in their own reporting. [Link]
All rights reserved. CyberDefenceDynamics
We need your consent to load the translations
We use a third-party service to translate the website content that may collect data about your activity. Please review the details and accept the service to view the translations.