Accelerate to Cloud

Ali vse poti vodijo v RIM? Ne, temveč v Operativni center kibernetske varnosti!

Attacks on Blockchain in the Last Year

Over the past year, there have been a large number of attacks on crypto exchanges and various blockchain solutions, and the target was very often cross-chain bridges. Blockchain is more secure than other protocols/systems/applications, but… What happens when it is not implemented well, when there are vulnerabilities and when endpoints are not sufficiently secure as the technology itself? During the presentation, we will go through the various attack techniques that have most affected the blockchain network and see which protection measures are desirable to apply.

Cloud Forensics investigations in Azure

When a security incident is detected on the Azure cloud platform, forensic investigators must examine the log data collected from various sources. If a virtual machine is found to be affected, it is important to take a snapshot of the OS disk of the VM for further investigation. This session discusses the forensic acquisition methodology of an Azure VM and discusses an assumed DFIR scenario to divide the whole process into multiple steps using different forensic tools.

How my system got pwned: Lessons learned from CVE-2022-41352

In this, hopefully eye-opening lecture, we'll dive into how my system was compromised by exploiting CVE-2022-41352, a critical RCE that took me by surprise. I'll share my experience and how I learned
the hard way that "The cobbler's shoes are always the worst".
This incident reinforced the importance of taking layered security approach seriously and understanding that security is responsibility of the owner, even when using cloud services. Join me for an insightful
discussion on how to avoid making the same mistakes I did and keep your systems safe(r).

Insight into the ransomware incidents of 2022

Analysis on the ransomware incidents in Hungary of the past year, highlighting the different attack techniques. Presenting statistics and mitigation strategies of the sectors.

Kje je meja med kibernetsko varnostjo in odpornostjo?

Zagotavljanje kibernetske varnosti v poslovnih okoljih je vedno bolj prepleteno z varnostjo in odpornostjo vseh organizacij v dobavni verigi. Medtem ko za kibernetsko varnost poskrbimo z močnimi gesli, utrjevanjem nastavitev na varnostnih napravah in spremljanjem površine napada dobaviteljev, dejansko raven odpornosti preverimo s testiranjem omrežja na kibernetski napad. Pomen takšnega spremljanja kibernetske varnosti je opredeljen tudi v najnovejših regulativah na tem področju, kar nakazuje na kritičnost zagotavljanja kibernetske varnosti ne le v lokalnih okvirih, temveč globalno.

Microsoft 365: Attack simulation training

Modern Cyberwarfare - From watering hole to supply chain attacks

Presentation describes some of the most complex techniques used by threat actors to compromise even the most secured networks, as seen in the SolarWinds hack.

Naslavljanje tveganj z rešitvami ArcSight

V predstavitvi bomo predstavili različna orodja iz družine Arcsight, ki nam lahko olajšajo življenje pri načrtovanju zaznave incidentov ter njihove odprave. Dotaknili se bomo pregleda znanih groženj, ki je na voljo vsem uporabnikom, ter rabi orodij, ki pomagajo oz. omogočajo hiter odziv na morebitne incidente ter njihovo omilitev.

Pogled v drobovje kibernetskega napada

Nekaj let nazaj je bilo iluzorno pričakovati, da bodo kibernetski kriminalci ponujali programsko opremo in izsiljevalske viruse, kot storitev in platformo. Danes smo priča čedalje bolj organiziranemu kibernetskemu kriminalu, ki se lahko za rast in razvoj zahvali uspešnim in odmevnim kibernetskim napadom z velikimi zaslužki. Kibernetski kriminalci se prilagajajo. Da bi se dovolj hitro in dovolj dobro lahko prilagajali tudi mi, moramo zelo dobro poznati anatomijo kibernetskega napada.

Post-quantum digital signature scheme using Verkle construction

In October 2019, Google made a controversial claim of achieving quantum supremacy. However, considering the race among tech giants to develop the first quantum computers, and their progress in doing so, the world may be on the cusp of a new era.
Google's current chip design could increase memory capacity from 100 to 1000 qubits, while IBM aims to build a quantum processor with over 1,000 qubits and between 10 to 50 logical qubits by the end of 2023.
In 2021, Chinese scientists announced the development of a new quantum computer that surpasses its predecessors in strength. As a result, they have taken the lead in the quantum computing race. The scientists claim that their 66-qubit quantum CPU, called "Zuchongzhi 2," completed the same task as Google's computer one million times faster. This CPU was created by a team of researchers from the Chinese Academy of Sciences Center for Excellence in Quantum Information and Quantum Physics, in collaboration with the Shanghai Institute of Technical Physics and the Shanghai Institute of Microsystem and Information Technology.
Quantum computers have the potential to break the cryptographic codes currently used to secure communications and financial transactions. Therefore, quantum-resistant cryptography should be adopted as the current digital signature systems are vulnerable to attacks from quantum computers. The security of current digital signature systems relies on the difficulty of calculating discrete logarithms and factoring large numbers. Although some cryptosystems, such as RSA with four thousand-bit keys, are resistant to attacks from classical computers, they are ineffective against attacks from quantum computers.
At INFOSEK 2023 Maksim Iavich will offer the model of the new post-quantum digital signature scheme using the novel technology - Verkle tree. The offered signature is much more efficient than the existing hash based digital signatures.

Potovanje se nadaljuje. Vidnost na robu omrežja.

Lani smo začeli s spremembo paradigme in s stikali ArubaOS-CX 10000 preselili funkcijo požarnega zidu v samo infrastrukturo omrežja. Zdaj nadaljujemo potovanje. Stikalom na robu omrežja smo dodali možnost pregleda prometa vse do aplikacijskega nivoja (layer 7).

Premik k proaktivni varnosti v IT in OT okolju

Vam upravljanje varnostnih tveganj v IT in OT okolju, kljub velikim investicijam v kibernetsko varnost, še vedno predstavlja »črno luknjo«?
V pogovoru z Andrejem Vnukom, vodilnim inženirjem iz Smart Coma, boste izvedeli, kako lahko ukrepate in s proaktivnim pristopom povečate kibernetsko odpornost na napredne varnostne grožnje.

Russian Hacktism Unmasked

Before the war in Ukraine if a large group of hackers would attack US financial systems, military suppliers, airports, or healthcare providers, this type of an event would be basis for a serious conflict and sanctions. Yet, over the past year these events became normal with little coverage and advice from law enforcement to brace for impact. We will examine who is behind the Russian Hacktivist collective and how it functions. Its targets and goals. Its weaknesses and strong points.

Security strategy development

• What should be the initial strategy ideas?
• What should be the expected output?
• Major focuses
• What? Why? How?
• How to define requirements?
• Action plans / projects

Skrivnosti tantre v poslu

Standard ISO/IEC 27001:2022 – njegov pomen in novosti

• Kaj v osnovi standard/certifikat organizaciji daje?
• Ključne spremembe v primerjavi s prejšnjim standardom?
• Kako poteka prehod na certificiranje po novi izdaji standarda?
• Kaj pri nas dobijo v obliki znanj in veščin?

Threat modeling

"Threat modeling" označuje niz metod za obravnavanje in zmanjševanje groženj in ranljivosti programske opreme ali sistema. S pomočjo threat modelinga lahko identificiramo grožnje že zgodaj v življenjskem ciklu razvoja programske opreme (SDLC), preden se napiše kakršnakoli koda. Ta dejavnost bistveno zmanjša tveganja in predvsem stroške za odpravljanje groženj v kasnejših fazah razvoja programske opreme.

TIBER-EU, the shift is here

The shift is here. As the time for testing in cyber security is not frozen, we need to be knowledgeable for what’s next generation penetration testing services. In that context we welcome TIBER-EU (European framework for threat intelligence-based ethical red-teaming) as the first EU-wide guide on how authorities, entities and threat intelligence and red-team providers should work together to test and improve the cyber resilience of entities by carrying out a controlled cyberattack. We did some study and find a way for implementing this framework by identifying its pros and cons. Join us for fast shift track to get into new era of testing in cyber security.

Trendi na trgu kibernetskih varnostnih rešitev

Why EDR is not the ultimate cure for cyber security

In today's world and with the shortage of cyber security professionals, organizations are looking for the ultimate solution to defend against the threat actor. One of these frequently selected solutions is an EDR. It certainly has a significant impact on endpoint security, but it does not solve enterprise network security on a holistic level. In this talk, Jan will present the ways in which adversaries are evading various EDRs and thus still causing harm.

Zavarovanje kibernetske zaščite

Kibernetsko tveganje predstavlja vse večjo skrb za institucije, gospodarske družbe, posameznike in finančne trge. Vedno večje število kibernetskih incidentov, nadaljnja digitalna preobrazba in nove regulativne pobude v EU povečujejo tveganja za vsako podjetje, še posebej priljubljene tarče so mala in srednja podjetja, ki kibernetski varnosti običajno namenjajo manj sredstev. Z uvedbo uredbe GDPR (General Data Protection Regulation) in novega Zakona o varstvu osebnih podatkov (ZVOP – 2) te nevarnosti zaradi finančnih kazni in vseh finančnih posledic kibernetskega incidenta lahko predstavljajo visoke dodatne nepredvidene stroške podjetja.
Z varnostnimi ukrepi sicer lahko zmanjšamo verjetnost kibernetskega napada, nikakor pa ga ne moremo preprečiti. Zavarovalnica Triglav zato zlasti malim in srednjim podjetjem, ki so v večini primerov tarča kibernetskih napadov, nudi zavarovanje kibernetske zaščite. Zavarovanje poleg asistenčne pomoči krije odziv na incident, stroške ponovne vzpostavitve sistema, odgovornost za kršitev zaupnosti in zasebnosti ter odgovornost za omrežno varnost. Dodatno je možno dogovoriti še kritje za obratovalni zastoj, kibernetsko izsiljevanje in kibernetski kriminal.