Rather than reaching out when they have a poor experience or responding to a survey, customers are saying nothing and going elsewhere.

Update Google Chrome now as two new vulnerabilities confirmed.Getty ImagesTheres a danger that with so many security alerts hitting the headlines, warning apathy can kick in. Yet that would be a mistake, a big one. Whether its dealing with the fallout of a billion stolen passwords, hidden malware threats for Gmail and Outlook users or attacks against PayPal accounts, you need to take them all seriously. Which is why you really shouldnt ignore this latest security alert for billions of Google Chrome web browser users across all platforms except iOSheres what you need to know and do.Google Chrome Browser Security AlertIts only been a week since the last security update warning for Chrome browser users dropped, and now we are back in the same place again. Google has confirmed that two high-severity security vulnerabilities impacting all users of the application across the Android, Linux, macOS and Windows operating systems have been discovered by external security researchers. As such, Google has taken action to start updating all applications to take Chrome to versions 132.0.6834.110/111 for Windows and Mac, 132.0.6834.110 for Linux, and 132.0.6834.122 for Android. These updates will, Google said, roll out over the coming days/weeks. I wouldnt recommend you wait that long, however, given the nature of the vulnerabilities in question.The vulnerabilities are:CVE-2025-0611 which is a heap-based overflow vulnerability that takes the form of an object corruption in the V8 Javascript rendering engine of Chrome. The vulnerability earned a researcher known only as 303f06e3, who disclosed it to Google, a $11,000 bounty.MORE FOR YOUCVE-2025-0612 which earned Alan Goodman a bounty of $8,000, is an out of bounds memory access vulnerability in the same V8 engine.The latter, SecurityVulnerability.io experts said, can be potentially exploited by attackers through a specially crafted HTML page, leading to heap corruption. Such vulnerabilities may allow remote attackers to execute arbitrary code, posing significant security risks to users who visit malicious or compromised web pages, while the first is so serious that it is crucial for users to update their browsers to maintain security and prevent exploitation.Act NowUpdate Your Google Chrome Browser Immediately To Stay SecureAlthough, as already mentioned, the security updates for Google Chrome will start rolling out soon, its not soon enough for me and shouldnt be for you, either, given the severity of the vulnerabilities concerned. I would, therefore, recommend you kickstart that update process right now. Heres what you need to do:Go to the Help|About option in your Google Chrome menu and this will automatically start a check for any updates as well as initiate the download process. However, the most critical part of that process comes after the download and thats the update activation. To ensure this you must restart your browser, save any tabs you have open, and do that to be protected. The following screenshots show how to update your Google Chrome browser and activate the new security fixes.Start the download process.Google/Davey WinderHit the relaunch button.Google/Davey WinderYour Chrome browser is now secureGoogle/Davey Winder

A hot potato: Meta has responded to complaints from Facebook, Instagram, and Threads users who say they suddenly found themselves following Donald Trump, Vice President JD Vance, and First Lady Melania Trump without their knowledge. There are also reports of Democratic content being hidden. Some have pointed to Meta and CEO Mark Zuckerberg's recent shifting political stance as the cause, but the company claims otherwise. Meta's communication director, Andy Stone, responded to the reports on Threads and X. He wrote that people were not made to automatically follow any of the official accounts for the President, Vice President or First Lady.Stone went on to say that the accounts are managed by the White House, so the content on the pages changes with a new administration but the followers remain unchanged. The same procedure was carried out during the last presidential transition.However, there are plenty of replies that cast doubt on Stone's explanation. Many people say they never followed Biden, Trump, or any political accounts, yet they are suddenly following the POTUS, VPOTUS, and FLOTUS accounts.There are also complaints that those who suddenly found they are following Trump cannot unfollow him. Stone said that it may take some time for follow and unfollow requests to go through as the White House accounts change hands. // Related StoriesIt's been noted that when a candidate leaves office, Meta creates archived POTUS accounts that followers are automatically signed up to. Some claim that as this happened, they automatically started following Trump, Vance and Melania Trump accounts.Something else that has led to people accusing Meta of political bias is happening on Instagram. Users say that when doing hashtag searches for #Democrat or #Democrats, they are seeing messages that state, "We've hidden these results," and "Results for the term you searched for may contain sensitive content." Meta said the issue is caused by a technical problem affecting multiple hashtags, including some related to the Republican Party.Seperate reports that people are seeing more political content in their feeds are a result of the changes that Zuckerberg announced at the start of January. The CEO also suspended the fact-checking program and reduced the amount of censorship on Meta's platforms. He later appeared on the Joe Rogan podcast, where he said that companies need more "masculine energy." It led to a lawyer dropping Meta as a client in a copyright case due to Zuckerberg's "toxic masculinity and neo-Nazi madness."

Cutting corners: Apple Intelligence is now an "opt-out" feature across the entire Apple ecosystem, despite still being marketed as a beta product. Most users aren't keen to have incomplete features forced upon them, but shoving AI down everybody's throat is a popular trend among corporations dabbling in the technology. After much anticipation, Apple introduced its generative AI suite last October with the release of iOS 18.1, iPadOS 18.1, and macOS Sequoia 15.1. Initially, "Apple Intelligence" features were disabled by default users had to manually enable them through system settings. But now Cupertino has decided to reverse course likely due to slow adoption forcing users to "enjoy" generative AI features on mobile devices and Macs, whether they want them or not.Apple Intelligence has become an opt-out feature with the release of iOS 18.3, iPadOS 18.3, and macOS Sequoia 15.3. According to the company, these GenAI features will be automatically enabled after installing the updates and during the device setup process.Users can still disable it through the Apple Intelligence & Siri Settings panel. However, proper hardware support is required, so the generative AI tools will only work on iPhone 15 Pro series, iPhone 16 series, and iPhone 16 Pro series. Similarly, iPad and Mac devices with M1 or newer Arm processors will have the features enabled by default after updating their operating systems.Apple's willingness to push beta and somewhat unreliable software features onto users is not unprecedented. The company took a similar approach with Siri in 2011. When users reported issues with the digital assistant, Apple brushed them off as "side effects" of the software's beta phase. Siri was finally rolled out as a full feature in 2013, shedding its "beta" label and becoming a standard part of iOS.Apple Intelligence appears to be following a similar path, as users are discovering some troublesome side effects with this brand-new technology. For example, the AI summaries feature has been generating fake headlines, prompting reporters to urge Apple to address the issue. As a stopgap measure, the latest OS updates will temporarily disable notifications for the entire "news and entertainment" app category until the problem is resolved. // Related StoriesIn today's rapidly evolving Wild West GenAI world, Apple seems to be mimicking its competitors by prioritizing corporate goals over user preference. Microsoft and Google have already made similar moves, enabling AI features by default on their platforms so users can experience the "wonders" of generative AI even if they have no need for it.

The swipes and taps we use to control our smartphones may reveal interesting information about how we make decisions, according to research from a team at the University of Albertas Actions in Complex Environments Laboratory. In the future, the movements could be tracked to inform doctors about injury recovery, help recruiters make decisions on who to hire, or even how apps are laid out.The paper states, As decisions require actions to have an effect on the world, measures derived from movements such as using a mouse to control a cursor on a screen provide powerful and dynamic indices of decision-making. It goes on to say that touchscreens provide more informative results for understanding indecision compared to computers.Recommended VideosWe can actually understand a lot of whats going on inside someones head by carefully measuring whats going on outside their head, Craig Chapman, an associate professor who worked on the research, told Phys.org. Participants used an Android smartphone or Android tablet and completed timed trials which involved making decisions and tapping and swiping to complete tasks centered around what the research calls reach-decisions, where a choice of options were presented in different areas of the screen.Samsung Galaxy Tab S9 Ultra Joe Maring / Digital TrendsWe think touch devices are perhaps even better for revealing movement signatures of decision-making because you have to move and interact in a more realistic way, Chapman said. The research notes, high difficulty decisions displayed greater reaction times, movement times and trajectory curvature compared to low difficulty decisions.Please enable Javascript to view this contentChapman believes the research could become transformative when used to assess certain individuals in specific circumstances. For example, clinicians and trainers could use movement data to track recovery and rehabilitation, and also understand where people would benefit from further training or assistance. Another instance mentioned was during hiring assessments, where understanding how someone deals with indecision and choice may affect whether theyre more suitable for a job than another candidate.In the researchs conclusion, it also talks about how the data could optimize the collection of decision information, as there are certain combinations that are, most sensitive for a particular task. App developers, for example, may be able to use it to better understand where to put buttons related to purchases or other crucial call to action interfaces, in order to possibly minimize indecision, and maximize return.The universitys complete research paper can be found here, where it goes into detail about how it differs from previous research that only took computer-and-mouse movements into account.Editors Recommendations

The countrys Competition and Markets Authority is investigating mobile ecosystems controlled by Apple and Alphabets Google to work out if they need to obey a strict new law governing digital competition.

The software company has less spending power than other megacap techs, but partnerships and its data-center design give it flexibility.

POWER FAILURE Researchers say new attack could take down the European power grid Power grid in Central Europe uses unencrypted radio signals to add and shed loads. Dan Goodin Jan 23, 2025 7:00 am | 1 Credit: Aurich Lawson | Getty Images Credit: Aurich Lawson | Getty Images Story textSizeSmallStandardLargeWidth *StandardWideLinksStandardOrange* Subscribers only Learn moreLate last month, researchers revealed a finding thats likely to shock some people and confirm the low expectations of others: Renewable energy facilities throughout Central Europe use unencrypted radio signals to receive commands to feed or ditch power into or from the grid that serves some 450 million people throughout the continent.Fabian Brunlein and Luca Melette stumbled on their discovery largely by accident while working on what they thought would be a much different sort of hacking project. After observing a radio receiver on the streetlight poles throughout Berlin, they got to wondering: Would it be possible for someone with a central transmitter to control them en masse, and if so, could they create a city-wide light installation along the lines of Project Blinkenlights? Images showing Project Blinkenlights throughout the years. Credit: Positive Security The first Project Blinkenlights iteration occurred in 2001 in Berlin, when the lights inside a large building were synchronized to turn on and off to give the appearance of a giant, low-resolution monochrome computer screen.The researchers, who presented their work last month at the 38th Chaos Communication Congress in Hamburg, Germany, wondered if they could control streetlights in Berlin to create a city-wide version, though they acknowledged it would likely be viewable only from high altitudes. They didn't know then, but their project was about to undergo a major transformation.After an extensive and painstaking reverse-engineering process that took about a year, Brunlein and Melette learned that they could indeed control the streetlights simply by replaying legitimate messages they observed being sent over the air previously. They then learned something more surprisingthe very same system for controlling Berlins lights was used throughout Central Europe to control other regional infrastructure, including switches that regulate the amount of power renewable electric generation facilities feed into the grid.Collectively, the facilities could generate as much as 40 gigawatts in Germany alone, the researchers estimate. In addition, they estimate that in Germany, 20 GW of loads such as heat pumps and wall boxes are controlled via those receivers. That adds up to 60 GW that might be controllable through Radio Ripple Control.The fact that the same receivers that are installed in street lamps are also used for smaller solar power plants did not surprise us too much, Brunlein wrote in an interview. When we understood just how much power is being controlled via this system, and it also being installed in the largest renewable power plants in Germany, that was more of a shock to us.When Brunlein and Melette realized how much power was controlled, they wondered how much damage might result from rogue messages sent simultaneously to multiple power facilities in strategically designed sequences and times of day. By their calculation, an optimally crafted series of messages sent under certain conditions would be enough to bring down the entire European grid. A grid security expert we contacted for this story doubts this assessment. More on this later.The continent-wide control system, formally known as Radio Ripple Control (Funkrundsteuerung in German), is derived from the older protocol Rundsteuertechnik, or Ripple Control. Implemented in the early 1900s, Ripple Control was made up of a series of decentralized tone (ripple) injectors at voltage conversion sites known as medium voltage transformers.Based on the messages in each telegram, the receivers would then send commands to connected devices that instructed them to perform a specific action. As radio technology became more prevalent, the cost of sending telegrams over the wire, compared with sending them over the air, grew large enough to prompt the creation of Radio Ripple Control, which is now used primarily today.Radio Ripple Control uses a frequency-modulation scheme known as frequency-shift keying to send telegrams. The earliest modems used the same scheme, which relies on electromagnetic waves to represent digital information over an analog channel. More specifically, frequency-shift keying encodes information by periodically shifting the frequency of a carrier between several discrete frequencies.The company that oversees this service is Munich-based EFR. Today, it operates three high-power, low-frequency transmitting stations, two in Germany and one in Hungary. A slide from the researchers' presentation showing a map with transmitter locations and bullet points. Credit: Brunlein and Melette Anyone can listen to these signals using a software-defined radio tuned to the frequency corresponding to an antenna within range. A Netherlands-based SDR that can be accessed here will receive the signal from the transmitter located in Burg, Germany, when the SDR is set to a frequency of 140 KHz and the modulation to LSB. The radio will sound a tone that is interrupted roughly every 10 seconds with encoded information.The Radio Ripple Control in use today sends signals not just for managing streetlights and grid allocations throughout Central Europe. It also controls various other functions, including those for delivering weather forecasts, synchronizing times, and controlling electricity pricing tariffs. Roughly 300 customers, most of them electric companies, use Radio Ripple Control for grid allocations from small- and medium-sized renewable facilities.These customersknown as EVUs, short for Energieversorgungsunternehmen (power supply company)use either a Web or VPN desktop app to send one of the three transmitters instructions to either feed power into or ditch power from the grid. The transmitter, in turn, sends the instructions as a telegram to a radio receiver located at the power facility the EVU wants to control. When grid supply exceeds the amount of power needed at a given moment, the telegram instructs the facility to withhold electricity from the grid. When supply runs low, the telegram will instruct the facility to feed in energy.These signals aren't encrypted to provide either privacy or authorization. That means anyone can listen in, record them, and play them back over the same frequencies. People can go much further, as Brunlein and Melette did, by learning to speak the same arcane language that Radio Ripple Control does.Among the first steps in the research duo's reverse engineering process was purchasing nine receiversknown as FREs in Radio Ripple Control parlancefrom different manufacturers of the devices. The researchers then implemented an emulator of the real transmitter. To do that, they used an ESP microcontroller outfitted with a waveform generator and, for an antenna, a coil from a wireless phone charger. They used capacitors to tune their emulator to the correct frequencies. With that, the researchers could now send and receive telegrams in their lab. Credit: Positive Security Brunlein and Melette eventually discovered that the message bits sent to the FREs are encoded using two protocols, one known as Versacom and the other Semagyr. The bits are then modulated through frequency-shifting keying to produce the radio signal containing the telegrams.The Versacom and Semagyr protocols are partially documented in standards set by the Germany Institute for Standardization.The researchers wrote:We collected messages that are sent by the original transmitters and tried to correlate it to what we read in the standards. Some information, however, is not described in the standard (e.g., EVU addresses and addressing usage). We could fill those blanks through PDFs we found online as well as from the actual data we recorded.To understand Semgyr, we also used some hardware reverse engineering (identifying chips, tracing PCB lines, etc.) and found one of the software solutions that technicians use to parameterize the receivers during installation, which also had some advanced functionality to read its memory and decode raw Telegram bytes to commands.The reverse engineering gave the researchers near-perfect fluency in speaking and understanding the Versacom and Semagyr languages. They put their fluency to use by using them to send telegrams that could indeed turn on and off simulated streetlights in their labs.More impressive still, they could use the language to send telegrams to FREs that control real electric systems in their lab, the same types that are connected to the real Radio Ripple Control system. The video below shows the researchers stopping a real 40 kWp photovoltaic system from feeding energy into the grid.Download video Photovoltaic system disconnect. For ease, they used a Flipper Zero device they had configured to send the proper telegram to the photovoltaic system. They did this after discovering that the Flipper Zero's RFID reading mode could be used to send signals modulated with frequency-shift keying to receivers within a one-meter distance. Credit: Positive Security With confidence that an attacker could send unauthorized Radio Ripple Control telegrams that instructed real electrical systems connected to the grid, the researchers got to wondering: What's the maximum amount of damage a malicious actormost likely one working for a nation-statecould inflict?The researchers surveyed the grid to measure the capacity of power that small- and medium-sized renewable facilities could feed into the grid. They arrived at the estimate of 40 GW. Combined with the 20 GW of load they theoretically can add, that amounted to an unbalanced capacity of 60 GW, enough to power roughly all of Germany. They posited that a sudden change that added or ditched that amount of electricity from the grid all at once could create enough instability to take it down entirely.In a published summary of last month's presentation, the researchers explained their thinking behind the estimate:To understand, we need to look at the grid frequency. Its 50 hertz, and it should always stay there.If it reaches 50.2 hertz or more, interventions are triggered to reduce the supply. For example, using the technology were discussing today to turn off solar parks.If the frequency drops below 49.8 hertz, other interventions occur, such as activating energy reserves or disconnecting industries that have contractually agreed to this happening. Also, the first hardware fails as it happened at Vienna airport.If the frequency reaches 49 Hz or less, automated stepwise load shedding begins, up to 50% at 48.5 Hz. That might sound a bit technical and sober, but what it means for the European grid is over 200 million people without power.At 47.5 Hz, power plants disconnect from the grid to protect themselves from damage. At that point, the grid needs to be rebuilt from scratch.In theory, with a fully loaded grid at 300 GW, creating a 1 Hz change to reach this private load-shedding threshold requires an imbalance of 18 GW. However, such a large imbalancethough not even that massive compared to the 60 GW estimatehas never been seen.In practice, one of the most recent incidents was in 2021, when approximately 3 GW of power were unexpectedly lost in Poland, causing the grid frequency to drop by 0.16 hertz. What this demonstrates is that the grid hasnt yet faced such a significant imbalance.But if we start talking about imbalances of 18 GW, or 60 GW, or even more when considering other countries, theres an additional issue besides the theoretical effect on grid frequency. That issue is power transfer.If a significant amount of power is missing in one region, it must be transferred there over power lines that could become overloaded. These lines might then shut off to prevent damage, which could overload other lines, causing them to shut off too.Such a domino effector cascadehappened in 2006, when a power line was shut off to accommodate a cruise ship transport. The planning wasnt thorough, and a cascade of failures followed. So, the theoretical limits of the grid dont fully capture the potential for much larger disruptions.Taking all of that into account, its clear there is enough power under radio control to cause serious trouble. Diagram showing strategies for creating a network of renewable energy sources. Credit: Positive Security There are enough obstacles to make triggering such a catastrophic disruption challenging at best (Brunlein's and Melette's assessment) or doubtful to unlikely (the assessment of an outside grid expert). The researchers noted three key requirements for such an attack.First, the attack must control a sufficient number of gigawatts (by the researchers' calculations (no one really knows how many). Second, it must overpower the legitimate signals sent by the three EFR transmitting facilities. And third, it must occur at an optimal time. Diagram illustrating conditions required to create serious instability in the grid. Credit: Positive Security The easiest way to trigger such a catastrophic disruption would be to take over the three EFR transmitters. One possible way for such a compromise is to hack into EFR's network remotely by, for instance, targeting vulnerabilities in the apps the EVUs use. Another is through a physical intrusion of each facility simultaneously. The researchers said that based on their observations, the transmitting facilities aren't particularly well-fortified against physical intrusions. Credit: Positive Security In either scenario, the threat actor would then use the hijacked EFR transmitters to send malicious telegrams to carefully selected power generators.Another attack avenue would be to create rogue transmitters that would broadcast malicious telegrams. To override the legitimate telegrams sent by the EFR transmitters, rogue transmitters would have to be present in carefully selected locations so they could (1) reach the correct FREs and (2) overpower the legitimate signals.The researchers estimated the required effort by calculating and simulating transmitters with 10 kW of power and antennas approximately 500 meters long. To meet those requirements, they proposed building an amplifier powered by portable battery systems. An antenna 500 meters high could be erected in several scenarios. Credit: Positive Security The most plausible scenario for such a transmitter is tethering a strong wire from a kite or weather balloon. Radio amateurs have been using such techniques for years to build antennas as high as 1 kilometer, so the researchers built a kite version prototype. To comply with local laws, they limited the height of their kite to 100 m line length and radiated less than 1 watt of power on the 2.2 km amateur radio band.Download video Kite antenna field test. The attack and the research behind it are elegant, but the grid security experts I talked to said they're doubtful it's possible to carry it out in the real world the way it's envisioned. And even if it is, they question whether the 60 GW estimate is accurate. Albert Moser, a RWTH Aachen professor with expertise in power grids, said both assumptions are very possibly not true."A sudden deficit of 60 GW will definitely lead to a brownout because 60 GW is far more than [the] reserves available," he wrote in an email. "A sudden deficit of 60 GW could even lead to a blackout due to the very steep fall of frequency that likely cannot be handled fast enough by underfrequency relays (load shedding)."He said he's unable to confirm that 60 GW of generation/load is controlled by radio signals. He was also unable to confirm that security measures for Radio Ripple Control are insufficient.Jan Hoff, a grid security expert with experience securing the European grid against malicious hacks, said he doubted that much electricity could be dropped quickly enough to cause even a brownout. He likened the grid to the roly-poly toys from the 1970s, which were built to be knocked around but not fall over. "That's a very good analogy for a grid," he said.Attacks like the ones Russian state-backed hackers used to cause blackouts in Ukraine in 2015 and again in 2016 attacked substations, the distributed facilities where many power wires come together and things turn on and off.He elaborated:Here, we're talking the potential to impact participants on the grid and not necessarily those interconnects. So we just have control over individual feed-in points, which just from the timing you have to get right with the amount of production you have in the grid and the amount of current load you need for the grid to be destabilized by simultaneously ending control messages to every single station. That's where I do understand [the researchers'] train of thought, and that's why it's still concerning. but it would be something different if those messages would be affecting substations directly.The immediate effect would be for the grid operators to see anomalies feed in and would see this equilibrium of load and generation shift in a way that they weren't anticipating. Then they would take their measures accordingly. So it would result in additional grid control actions. And those grid control actions are normal.They are a day-to-day thing.The ability of the described attack to take down the Central European grid is very much contested. There's less debate that it's time to retire Radio Ripple Control and replace it with something that's harder to tamper with.One possible replacement would be iMSys, short for Intelligentes Messsystem. It currently uses LTE, the same wireless transmission standard that carries traffic over 4G mobile networks. LTE uses encryption to provide confidentiality and antispoofing protection. Short for Long Term Evolution, LTE isn't impervious to hacks (see here, here, and here). However, it contains a robust security architecture that would add a significant layer of protection that is not possible with Radio Ripple Control.iMSys is currently used mostly for smart meters. Regulators are considering plans to run iMSys on a completely independent 450 MHz LTE infrastructure that's reserved exclusively for critical infrastructure. The researchers say that, unfortunately, the roadmap for rolling out this plan is slow and doesn't adequately prioritize securing the most vulnerable parts of the grid. Credit: Positive Security Further underscoring the lack of urgency in moving away from Radio Ripple Control, the researchers said, the city of Hamburg recently updated its infrastructure to adopt the standard.Neither EFR nor Germany's Federal Office for Information Security responded to requests for comment.Ultimately, the debate over the ability of malicious hackers to trigger a continent-wide blackout is moot and a distraction from the issue that really matters. The use of unencrypted radio signals that anyone can send to control power sent from generating facilities to the grid is never a sound practice and greatly violates a defense-in-depth approach to securing critical infrastructure.Dan GoodinSenior Security EditorDan GoodinSenior Security Editor Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Dan is based in San Francisco. Follow him at here on Mastodon and here on Bluesky. Contact him on Signal at DanArs.82. 1 Comments

As cybersecurity spending grows, so has cybercrime. According to the latest data from the FBI's Internet Crime Complaint Center (IC3), in 2023, a record-breaking 880,418 complaints were filed by the American public, highlighting a significant rise in cybercrime reports compared to previous years.Cyber criminals are refining and scaling their attack methods using artificial intelligence and other tools, so companies must incorporate proactive methods powered by AI, in addition to defensive methods that minimize risks and maximize security.Red teams are an integral part of a proactive security approach that companies can leverage to enhance defenses against adversaries. They play a critical role in determining a companys readiness to prevent cyberattacks by measuring the current security of the target from the threat actors perspective and then recommending improvements designed to prevent harm.While blue teams tend to focus on strengthening defense strategies and responding to incidents, red teams look to identify weaknesses and act in the same manner as an adversary would. By studying the tactics of real-world threat actors and implementing exercises that mimic their attacks, red teams can offer recommendations to help prepare for and disrupt potential threats.Related:Since its inception, the Adobe security red teams value has been felt across the company. By performing active testing using customized toolkits, they can effectively evaluate our preparedness to defend against real-world adversaries and scenarios.Here are the top five strategies I recommend to others looking to implement an effective red team:1. Imitate real-world adversaries: Red teams should be familiar with adversaries and their actions to better understand motivations and possible future scenarios. A global knowledge base like MITRE ATT&CK tracks tactics and techniques based on real-world occurrences and allows companies to gather cataloged and recorded threat intelligence. Reviewing reports from the Cyber Security Review Board can yield ideas on security approaches that are known to be ineffective.2. Replicate hypothetical attack scenarios: Another important capability of red teaming is anticipating and getting ahead of malicious attempts. Simulating techniques by cyber criminals enables red teams to explore theoretical paths that could lead to services or data being compromised.During a simulation, the red team explores hypothetical attacks, such as escalating privileges and moving laterally between systems, which could ultimately cause harm to an organization if the right defenses arent in place. These simulations provide an in-depth understanding while analyzing a myriad of possible attack vectors. After the exercise, the red team should share findings with key stakeholders to enhance controls based on their expertise.Related:3. Develop a customized toolkit: A customized toolkit can help red teams more efficiently perform exercises similar to advanced attackers. These tools may include:Custom exploits that allow the red team to manipulate systems and gain initial access for further attacks. This doesnt necessarily mean identifying completely new vulnerabilities, you can leverage code that an adversary would write to tailor an exploit attempt to be most effective in your environment.Software to effectively communicate with compromised machines (often referred to as Command and Control or C2 for short).Post-exploitation modules that target a companys services and execute them after a system is compromised.Developing these capabilities over time allows teams to stay up to date with the rapidly growing complexity of cyber-attack methods. However, the cost of developing a custom toolkit can be high, so dont let it stop you from using whatever is available from the wider security community for your team to be effective.Related:4. Enhance operations with the help of AI: Because bad actors are using AI, companies benefit from using AI in their own efforts to stay ahead of threats. Red teams can leverage AI tools to better understand the actions of real-world threats. For example, AI can be used to scale the effort of testing defenses, helping red teams get better at discovering and subsequently defending against potential threats. It can save the team time on learning new coding languages and developing tools, since it can help a red teamer to better understand a piece of code more quickly.5. Collaborate with blue teams: Probably the most crucial piece of effective red teaming is the collaboration with blue teams to enhance detection and response capabilities. This allows blue teams to test whether their assumptions of the environment theyre trying to protect hold true. Purple team exercises are joint engagements between red and blue teams. The red team simulates attack actions for the blue team, which then verifies that it detected the attempt, and if not, would have had sufficient logs to detect the actions. The collaboration helps both teams develop more effective threat detection methods.When a company uses red teams to better understand and anticipate adversarial scenarios, they can be more focused and make security investments where they make the most impact. Red teaming is a helpful element of a comprehensive cybersecurity strategy. It should always be integrated with robust technical controls, and a culture that prioritizes security and threat awareness to defend against cyber threats effectively.

In a letter sent today, the acting DHS secretary terminated membership to all advisory boards, including the Cyber Safety Review Board (CSRB) tasked with investigating state-sponsored cyber threats against the US.