Windows 11 24H2, also known as the Windows 11 2024 Update, is a significant update to the Windows 11 operating system, released on October 1, 2024. Here is the abstract of the key security enhancement coming from this major update.

1. Sudo for Windows:

• This feature allows users to execute commands with elevated privileges from a standard user account in the Terminal. It mimics the functionality of the sudo command in Unix-based systems, enhancing security by reducing the need for users to log in as administrators. This minimizes the risk of accidental or malicious changes to the system.

2. Voice Clarity:

• Utilizing artificial intelligence, Voice Clarity improves the quality of audio during video calls by filtering out background noise. This ensures that communication is clear and secure, which is particularly important for remote work and virtual meetings where sensitive information might be discussed.

3. Wi-Fi 7 Support:

• Windows 11 24H2 includes support for the upcoming Wi-Fi 7 standard, which offers higher speeds, lower latency, and improved security features. This prepares the system for future hardware and network advancements, ensuring better protection against wireless threats and enhancing overall network security.

4. Energy Saver Mode:

• While primarily designed to reduce power consumption, Energy Saver Mode also limits background activities. By reducing the number of active processes, this mode decreases the attack surface for potential threats, contributing to a more secure operating environment.

5. New Platform Code in Rust:

• Some core components of the Windows platform kernel have been rewritten in the Rust programming language. Rust is known for its memory safety features, which help prevent common vulnerabilities such as buffer overflows and memory leaks. This change enhances the stability and security of the operating system by reducing the likelihood of memory-related bugs.

6. Copilot Changes:

• The Copilot feature has been updated to be more user-friendly and integrated. The Copilot icon is now a regular app taskbar icon, and the window can be resized and overlapped with other app windows, allowing for better multitasking. However, Copilot no longer has PC control capabilities, focusing instead on providing assistance within user applications. This change helps prevent unauthorized system changes and enhances security.

7. Copilot+ PC Exclusives:

• Advanced features such as Live Captions, Cocreator image generation, and Click to Do are now exclusive to Copilot+ PCs. These PCs are equipped to handle AI functions locally, reducing reliance on cloud-based processing. This local processing enhances security by keeping sensitive data on the device rather than transmitting it over the internet

  Please feel free to contact us for more information.

Srity issued an updated presentation on the NIS 2 Directive, covering several key aspects of the updated cybersecurity legislation in the EU. Here is a summary of the main points:

The NIS 2 Directive builds on the original 2016 NIS Directive, aiming to enhance cybersecurity across the EU by broadening its scope to include more industries and introducing stricter requirements. The main objectives include improving Member States’ preparedness, fostering cooperation among Member States, and promoting a culture of security across vital sectors such as energy, transport, healthcare, and digital infrastructure.

The timeline for the NIS 2 Directive includes its publication in 2022, with a deadline for transposition into national law by October 2024. In Belgium, the process involves several steps, including the setup of a working group, draft law adoption, and parliamentary review, with final adoption expected by October 2024.

Entities affected by NIS 2 are categorized based on their activity and size. Essentials and Important entities must implement various cybersecurity measures, such as risk analysis, incident handling, business continuity, supply chain security, and the use of multi-factor authentication.

Reporting obligations under Article 23 require entities to notify their CSIRT or competent authority of significant incidents without undue delay. The reporting timeline includes an early warning within 24 hours, an incident notification within 72 hours, and a final report within one month.

Authorities will conduct controls on entities, with essential entities subject to both ex-ante and ex-post supervision, while important entities face ex-post supervision only. Potential fines for non-compliance can reach up to EUR 10 million or 2% of total worldwide annual turnover for essential entities, and EUR 7 million or 1.4% for important entities.

The next steps for interested customers include taking a NIS2 assessment, confirming if they are in scope of NIS 2, informing senior management of regulatory requirements, and ensuring compliance with Articles 21 and 23 through specific control assessments and incident management processes.

Please feel free to contact us to receive the presentation and for further NIS 2 explanations tailored to your needs.

It is clear for a few years now that IOT devices in our different industry has become a primary target for cyber criminals that want to penetrate or disrupt orperations. The below report by forescout dig out on the main threat and challenges of this neglected aspect of security in a smart way. Analysing the problem in different industry verticals and pointing out again and again three main point of attention:

1. Know what you have

2. Upgrade your devices

3. Patching Patching and Patching.

These basic security hygiene principles makes total senses in the world of IOT as customers and IOT vendors races to come-up with strategies matching the onces of major software vendors.

https://www.forescout.com/the-enterprise-of-things-security-report-state-of-iot-security/

The European Agency for Cyber Security pulbilsh a yearly European centered threat landscape report. An interesting read to get a picture of the actual cyber menace for European Companies.

https://www.enisa.europa.eu/publications/enisa-threat-landscape-2021