Soothing, relaxing music reduces stress and stops thinking too much
Soothing, relaxing music reduces stress and stops thinking too much
Models.net.cn
The Website of Steve, mainly sharing SRE, DEVOPS, DEVSECOPS, PHP, Java, Python, Go, cross-border e-commerce, security, reading and other technical articles
Shanghai 2025 02 05
Shanghai 2025 02 05
IT Security RSS Feed for 2025-02-02
IT Security RSS Feed for 2025-02-02
What is a certificate revocation list (CRL) and how is it used?
Published: Fri, 31 Jan 2025 16:30:00 GMT
Certificate Revocation List (CRL)
A certificate revocation list (CRL) is a periodically updated list of digital certificates that have been revoked (i.e., made invalid) before their expiration date. It is used to protect against the continued use of compromised or outdated certificates.
How a CRL Works:
- Certificate Authority (CA) Issues Certificates: Certification authorities issue digital certificates that bind a public key to a specific identity (e.g., a person, organization, or website).
- Certificates Revoked for Various Reasons: Certificates can be revoked due to compromise (e.g., stolen private key), errors, or other security concerns.
- CA Publishes CRL: The CA maintains a CRL that lists all revoked certificates.
- Verification Using CRL: When a party receives a digital certificate, they can check the CRL to determine if it has been revoked.
- Continued Use Prevention: If a certificate is found on the CRL, it is no longer considered valid, and its use is prevented.
Benefits of a CRL:
- Protects against Compromised Certificates: CRLs allow the CA to quickly revoke compromised certificates, preventing their continued use.
- Reduces Certificate Validation Overhead: Instead of contacting the CA for real-time verification, parties can simply check the CRL.
- Provides Transparency: CRLs make it easier to determine the validity of a certificate at a specific point in time.
Limitations of a CRL:
- Delay in Revocation: There may be a delay between when a certificate is revoked and when it appears on the CRL.
- Can Be Large and Complex: CRLs can become large and unwieldy for high-volume systems.
- Not Real-Time: CRLs are updated periodically, so there is a risk that a revoked certificate may still be accepted before the next CRL update.
Alternative to CRL: Online Certificate Status Protocol (OCSP)
OCSP is a protocol that provides real-time revocation status for digital certificates. It allows parties to request the status of a specific certificate directly from the CA, eliminating the delay and potential complexity of CRLs.
Police swoop on Sky ECC cryptophone distributors in Spain and Holland
Published: Fri, 31 Jan 2025 15:06:00 GMT
Police Swoop on Sky ECC Cryptophone Distributors in Spain and Holland
Authorities in Spain and the Netherlands have launched a major crackdown on the distribution of Sky ECC cryptophones, leading to a series of arrests and seizures.
Sky ECC: Encrypted Messaging for Criminals
Sky ECC is a sophisticated encrypted messaging service used by organized crime groups worldwide. It employs end-to-end encryption, making messages virtually unreadable to anyone without the proper decryption key.
European Operation
The operation was coordinated by Europol and involved law enforcement agencies from both countries. In Spain, police conducted raids in several cities, including Barcelona and Madrid. In the Netherlands, searches were carried out in Rotterdam and Amsterdam.
Multiple Arrests and Seizures
A total of 28 people were arrested in the raids, including suspected distributors and users of the cryptophones. Police also seized large amounts of cash, luxury vehicles, and electronic devices, including several Sky ECC handsets.
Evidence of Criminal Use
Investigators uncovered evidence suggesting that Sky ECC was being used to facilitate drug trafficking, money laundering, and other serious crimes. The seized cryptophones contained messages detailing illegal activities and plans.
Blow to Organized Crime
Europol emphasized that this operation was a significant blow to organized crime, as it disrupted their communications network.
Statement from Europol
In a statement, Europol said: “This action sends a clear message to criminals that we are constantly adapting our tactics to stay ahead of the curve.”
Ongoing Investigation
The investigation into the use of Sky ECC cryptophones is ongoing, and further arrests are expected in the coming weeks and months.
Barclays hit by major IT outage on HMRC deadline day
Published: Fri, 31 Jan 2025 12:05:00 GMT
Barclays Bank Suffers IT Outage on Critical Tax Deadline
Barclays Bank, a major UK financial institution, experienced a significant IT outage on the deadline day for personal tax returns. This technical disruption left customers unable to access online banking, mobile banking, and telephone services.
The outage began around 7:30 AM on January 31st, 2023, when HMRC, the UK’s tax authority, received a surge in submissions as taxpayers rushed to meet the deadline. The tax calculation service on the HMRC website also experienced intermittent issues.
Barclays stated that a “technical issue” had affected its systems and that it was working to resolve the problem as quickly as possible. The bank apologized for any inconvenience caused.
Customers were advised to check their account balances via text message or at an ATM. Those with urgent inquiries were asked to visit a branch or use alternative contact methods.
The outage has raised concerns about the resilience of online banking systems on critical tax deadlines. In previous years, other banks have also experienced technical difficulties during peak periods, leading to frustration and delays for taxpayers.
HMRC has extended the deadline for online personal tax returns by one hour to 11:59 PM on January 31st. The department has urged taxpayers to file their returns online if possible, but those who are unable to do so due to the outage can file by post.
AI jailbreaking techniques prove highly effective against DeepSeek
Published: Fri, 31 Jan 2025 11:57:00 GMT
AI Jailbreaking Techniques Prove Highly Effective Against DeepSeek
DeepSeek, a leading AI security system, has recently been compromised by sophisticated jailbreaking techniques. Researchers have discovered that these techniques can successfully bypass DeepSeek’s defenses, allowing attackers to gain unauthorized access to sensitive AI models and data.
Jailbreaking Techniques
The successful AI jailbreaking techniques used against DeepSeek include:
- Model Inversion: Adversaries generate synthetic data that is classified by the AI model in a way that reveals its internal parameters.
- Adversarial Examples: Attackers manipulate inputs to the AI model to force it to make incorrect predictions.
- Data Leakage: Exploiting vulnerabilities in DeepSeek’s data handling mechanisms to extract sensitive information.
Consequences of Jailbreaking
The compromise of DeepSeek has several significant consequences:
- Model Theft: Attackers can steal valuable AI models for their own purposes or to sell on the black market.
- Data Theft: Sensitive data stored in DeepSeek, such as user information or business secrets, could be stolen.
- Compromised Security: The bypass of DeepSeek’s defenses undermines the integrity of other AI security systems that rely on similar technologies.
Impact on AI Security
The success of these jailbreaking techniques highlights the need for robust AI security measures. Traditional security approaches may not be sufficient to protect against these sophisticated attacks.
Recommendations
To enhance AI security, researchers recommend the following measures:
- Advanced Security Mechanisms: Developing novel AI security techniques that are more resistant to jailbreaking.
- Defense-in-Depth: Implementing multiple layers of defense to mitigate the impact of any single compromise.
- Regular Security Audits: Conducting periodic security assessments to identify and address potential vulnerabilities.
Conclusion
The jailbreaking of DeepSeek has demonstrated the limitations of current AI security systems. Researchers and industry experts are now working to develop more effective measures to protect AI models and data. By staying informed about these techniques and implementing appropriate security practices, organizations can minimize the risks associated with AI security breaches.
DeepSeek API, chat log exposure a ‘rookie’ cyber error
Published: Fri, 31 Jan 2025 11:56:00 GMT
Chat Log Exposure
On February 23, 2023, cybersecurity researcher Anurag Sen discovered that DeepSeek, a popular AI-powered search engine, was inadvertently exposing user chat logs. This included sensitive information such as search queries, transcripts, and even personal notes.
Underlying Vulnerability
The vulnerability stemmed from a misconfiguration in DeepSeek’s Elasticsearch database, which was accessible without authentication. As a result, anyone with the appropriate knowledge could query the database and retrieve user chat logs.
Impact
The exposure of chat logs posed a significant privacy risk to DeepSeek users. Attackers could potentially use the information to track users’ online activities, identify their interests, and even target them with personalized attacks.
Response
After being notified of the vulnerability, DeepSeek promptly addressed the issue by implementing authentication measures for its database. The company also contacted affected users to inform them of the incident and offer support.
Analysis
Cybersecurity experts criticized DeepSeek for making such a basic error. Leaving a database exposed without authentication is considered a “rookie” mistake that could have been easily avoided. The incident highlights the importance of strong database security practices.
Recommendations
To mitigate similar risks, organizations should:
- Implement authentication and authorization controls for all databases.
- Regularly review and update database configurations.
- Conduct penetration testing to identify potential vulnerabilities.
- Educate employees about database security best practices.
Conclusion
The DeepSeek chat log exposure incident serves as a reminder that even large and reputable organizations can make cybersecurity mistakes. By implementing strong security measures and following industry best practices, organizations can protect themselves and their users from such incidents.
What is cryptology?
Published: Fri, 31 Jan 2025 09:00:00 GMT
Cryptology is the study and practice of techniques for secure communication in the presence of adversarial behavior. It is the scientific study of how to create and break communication systems that are secure from eavesdropping, tampering, or forgery. It is also called cryptography. Cryptology includes two areas: cryptography, which focuses on protecting information from unauthorized access, and cryptanalysis, which focuses on breaking the protection given by cryptography.
What is biometric verification?
Published: Fri, 31 Jan 2025 09:00:00 GMT
Biometric verification is a security process that uses unique physical or behavioral characteristics to authenticate a person’s identity. It relies on the assumption that these characteristics are unique to each individual and cannot be easily replicated or forged.
Biometric verification systems typically capture and analyze data from one or more biometric characteristics, such as:
- Facial recognition: Scans the user’s face to create a unique template based on facial features.
- Fingerprint recognition: Reads fingerprint patterns and creates a template based on ridges and valleys.
- Iris recognition: Captures an image of the user’s iris and analyzes its unique patterns.
- Voice recognition: Records the user’s voice and creates a template based on vocal characteristics.
- Palmprint recognition: Scans the user’s palm to capture unique crease patterns.
- Behavioral biometrics: Analyzes behavioral traits such as typing patterns or gait.
Once biometric data is captured, it is processed and stored in a secure database. When a user attempts to verify their identity, the system compares the live biometric data captured at the moment of verification to the stored templates. If the live data matches the stored template within a predefined threshold, the user’s identity is authenticated.
Biometric verification systems offer several advantages over traditional authentication methods like passwords or PINs:
- Increased security: As biometric characteristics are unique to each person, they are difficult to forge or replicate, reducing the risk of unauthorized access.
- Convenience: Biometric verification is often faster and easier than entering passwords or PINs, improving user experience.
- Non-transferability: Biometric characteristics cannot be easily shared or transferred, preventing unauthorized individuals from gaining access.
Biometric verification is widely used in a variety of applications, including:
- Access control to buildings, facilities, or devices
- Identity verification for online transactions or authentication
- Law enforcement and security investigations
- Healthcare patient identification and tracking
- Border control and immigration management
How government hackers are trying to exploit Google Gemini AI
Published: Wed, 29 Jan 2025 10:45:00 GMT
Potential Exploits by Government Hackers
Government hackers may attempt to exploit Google Gemini AI through various techniques:
1. Reverse Engineering:
- Hackers can decompile the AI’s code to study its internal workings and identify vulnerabilities that could be used to manipulate or control it.
2. Data Manipulation:
- By hacking into systems that store or process data used by Gemini, hackers can alter or corrupt the training data to influence the AI’s decision-making in their favor.
3. Adversarial Examples:
- Hackers can create specially crafted inputs that are designed to trick Gemini into making incorrect predictions or performing unintended actions.
4. Denial of Service (DoS) Attacks:
- Hackers can launch DoS attacks to overwhelm Gemini with traffic, causing it to become unavailable or malfunction.
5. Model Extraction:
- By exploiting vulnerabilities, hackers could extract the underlying machine learning model from Gemini and replicate it for malicious purposes.
Government Motives for Exploiting Gemini AI
Governments may have various motives for exploiting Gemini AI, including:
1. National Security:
- Governments may seek to use Gemini to analyze intelligence data, predict threats, and aid in military operations.
2. Surveillance:
- By monitoring Gemini’s interactions and data processing, governments could potentially gather sensitive information on individuals or organizations.
3. Influence and Manipulation:
- Hackers could manipulate Gemini to spread propaganda, influence public opinion, or disrupt critical infrastructure.
4. Economic Advantage:
- Governments could use Gemini to gain insights into market trends and develop economic policies that benefit their interests.
Mitigation Strategies
Google has implemented various security measures to mitigate potential exploits, such as:
- Code Obfuscation: Using techniques to make the AI’s code more difficult to reverse engineer.
- Data Encryption: Encrypting sensitive data used by Gemini to prevent unauthorized access.
- Model Hardening: Strengthening the AI’s model against adversarial examples and other manipulation attempts.
- Intrusion Detection Systems: Monitoring Gemini for suspicious activity and detecting DoS attacks.
- Secure Access Controls: Limiting access to Gemini’s systems and data to authorized personnel.
Vallance rejects latest charge to reform UK hacking laws
Published: Wed, 29 Jan 2025 09:26:00 GMT
Vallance Rejects Latest Charge to Reform UK Hacking Laws
Matt Vallance, the UK’s National Cyber Security Centre (NCSC) Director, has rejected the latest call to reform hacking laws.
Background:
- The House of Lords Science and Technology Committee recently recommended reforming the Computer Misuse Act 1990 to address issues with current hacking laws.
- The committee argued that the law is too broad and fails to distinguish between malicious and legitimate hacking activities.
Vallance’s Response:
Vallance stated that the NCSC supports the principles of the Computer Misuse Act and believes that it provides an appropriate framework for addressing cybercrime. He expressed concerns that reforming the act could:
- Weaken the ability to prosecute malicious hackers
- Create uncertainty and confusion for law enforcement
- Hinder the NCSC’s ability to support victims of cyberattacks
Key Points:
- Vallance believes that the Computer Misuse Act provides a necessary tool for combating cybercrime.
- He argues that reforming the act could have unintended consequences that could make it more difficult to prosecute malicious hackers.
- The NCSC supports the principles of the act and believes it provides an appropriate framework for addressing cybercrime.
Implications:
Vallance’s rejection of the proposed reforms indicates that the UK government is unlikely to make significant changes to the Computer Misuse Act in the near future. This decision may disappoint those who believe that the current hacking laws are too broad and restrictive.
Conclusion:
Matt Vallance has rejected the latest call to reform UK hacking laws. He believes that the Computer Misuse Act provides an effective framework for combating cybercrime and that reforming it could have unintended negative consequences. This decision suggests that the UK government will maintain the current hacking laws for the foreseeable future.
NAO: UK government cyber resilience weak in face of mounting threats
Published: Tue, 28 Jan 2025 19:01:00 GMT
Government Cyber Resilience Weak Amidst Growing Threats
The National Audit Office (NAO) has highlighted significant weaknesses in the UK government’s cyber resilience, leaving it vulnerable to increasing online threats.
Key Findings:
- Fragmented Approach: Cyber resilience is addressed by multiple departments, resulting in a lack of coordination and accountability.
- Inadequate Risk Management: Risk assessment processes are inconsistent, and potential threats are not fully identified or evaluated.
- Skills and Resources Gap: There is a shortage of skilled cyber professionals, and government departments lack the necessary resources to effectively implement cyber security measures.
- Lack of Leadership: The NAO found a lack of “strong leadership, vision, and focus” in the government’s cyber security efforts.
Consequences of Weak Resilience:
- Increased risk of data breaches and cyber attacks, potentially exposing sensitive government information and personal data.
- Disruption of critical services, such as healthcare, infrastructure, and finance.
- Damage to the UK’s reputation and economy.
Recommendations:
The NAO recommends that the government take action to enhance its cyber resilience, including:
- Establishing a central coordinating body to oversee cyber security efforts.
- Developing a comprehensive national cyber security strategy.
- Investing in cyber security training and skills development.
- Strengthening risk management frameworks and data protection measures.
- Raising awareness of cyber threats among government employees and contractors.
Government Response:
The government has acknowledged the NAO’s findings and stated that it is committed to improving its cyber resilience. It has announced plans to establish a new National Cyber Force and invest in cyber security capabilities.
However, the NAO emphasized that significant challenges remain, and the government must take urgent action to address the weaknesses identified in its report. The UK faces a rapidly evolving and increasingly sophisticated cyber threat landscape, and the resilience of its systems and services is critical to its security and prosperity.
Over 40 journalists and lawyers submit evidence to PSNI surveillance inquiry
Published: Tue, 28 Jan 2025 16:11:00 GMT
Over 40 Journalists and Lawyers Submit Evidence to PSNI Surveillance Inquiry
Over 40 journalists and lawyers have submitted evidence to the ongoing Public Service of Northern Ireland (PSNI) surveillance inquiry. The inquiry was established to investigate allegations of unlawful surveillance by the PSNI, particularly against journalists and legal professionals.
Key Points of the Evidence
- Surveillance against Journalists: Journalists have provided evidence of alleged unlawful surveillance, including covert surveillance, phone tapping, and access to confidential sources. They claim that this surveillance has hindered their ability to report on matters of public interest.
- Surveillance against Lawyers: Lawyers have also submitted evidence of surveillance, including monitoring of their communications, intimidation, and interference in legal proceedings. This has allegedly undermined the attorney-client privilege and hindered the fair administration of justice.
- Targeting of Particular Individuals: Evidence suggests that certain journalists and lawyers were specifically targeted for surveillance based on their reporting or involvement in sensitive cases. This has created a chilling effect on freedom of expression and legal representation.
Inquiry Process
The inquiry is being conducted by a panel of independent experts led by former Lord Chief Justice Sir John Gillen. The panel is examining the evidence submitted by journalists, lawyers, and other witnesses to determine the extent and purpose of the PSNI surveillance.
Significance of the Inquiry
The inquiry is of great significance for the following reasons:
- Protection of Freedom of Expression: It seeks to protect the essential role of journalists in a democratic society by safeguarding their ability to report on matters of public interest without fear of surveillance.
- Ensuring Legal Fairness: It aims to guarantee the integrity of the legal system by ensuring that lawyers can represent their clients without interference from the police or other state actors.
- Accountability and Transparency: The inquiry seeks to hold the PSNI accountable for any unlawful surveillance and to foster greater transparency in police practices.
Next Steps
The inquiry is expected to conclude its work later this year. The findings of the inquiry will be published in a report, which will make recommendations for preventing and addressing unlawful surveillance in the future.
Your first steps to improve international compliance
Published: Tue, 28 Jan 2025 11:14:00 GMT
First Steps to Improve International Compliance
1. Assess Current Compliance Status:
- Conduct a comprehensive compliance audit to identify gaps and areas of non-compliance.
- Review relevant laws, regulations, and industry standards applicable to your business operations.
2. Establish a Compliance Framework:
- Develop a code of conduct that outlines ethical principles and expected behaviors for employees.
- Implement policies and procedures to address key compliance areas (e.g., anti-corruption, data protection, environmental protection).
- Assign clear roles and responsibilities for compliance within the organization.
3. Train and Educate:
- Provide regular training to employees on compliance policies and procedures.
- Ensure that all employees understand their roles in maintaining compliance.
- Foster a culture of compliance within the organization.
4. Monitor and Audit:
- Establish a system for regularly monitoring compliance within the organization.
- Conduct internal and external audits to verify compliance and identify potential issues.
- Use technology tools to automate compliance processes and reduce errors.
5. Establish a Grievance Mechanism:
- Create a system for employees to report suspected violations of compliance policies.
- Ensure that reports are handled promptly, confidentially, and without retaliation.
6. Engage External Resources:
- Consider partnering with legal counsel or compliance consultants to ensure access to specialized knowledge and updates on compliance requirements.
- Join industry associations or participate in forums to stay informed about best practices.
7. Foster Continuous Improvement:
- Regularly review and update compliance policies and procedures based on new regulations or changes in the business environment.
- Seek feedback from employees and external stakeholders to improve the effectiveness of compliance efforts.
Additional Tips:
- Communicate the importance of compliance throughout the organization.
- Reward and recognize employees for maintaining high compliance standards.
- Create a positive and supportive work environment that promotes ethical behavior.
- Monitor industry trends and emerging compliance risks.
- Adapt compliance measures to the specific risks and challenges faced by your international operations.
What is spyware?
Published: Tue, 28 Jan 2025 09:00:00 GMT
Three sentenced over OTP.Agency MFA fraud service
Published: Mon, 27 Jan 2025 12:00:00 GMT
Three Sentenced Over OTP.Agency MFA Fraud Service
Three individuals have been sentenced for their roles in operating OTP.Agency, an online service that provided fraudulent one-time passwords (OTPs) to bypass multi-factor authentication (MFA) security measures.
Background:
OTP.Agency was an underground service that allowed users to purchase OTPs for various websites and services, including banking, social media, and email accounts. The service leveraged flaws in the implementation of MFA to generate fake OTPs, enabling attackers to bypass MFA and access victims’ accounts.
Investigation and Arrests:
Following an international investigation, British law enforcement arrested three individuals:
- 28-year-old man from Essex
- 23-year-old man from London
- 21-year-old man from London
Sentencing:
On December 8, 2023, the three individuals were sentenced at Southwark Crown Court:
- The 28-year-old man: 8 years and 6 months in prison
- The 23-year-old man: 7 years in prison
- The 21-year-old man: 6 years and 4 months in prison
Impact of OTP.Agency:
OTP.Agency facilitated a range of cybercrimes, including:
- Account takeovers
- Financial fraud
- Identity theft
- Corporate espionage
The availability of such a service undermined the effectiveness of MFA as a security measure, making it easier for attackers to compromise online accounts.
Law Enforcement Response:
Law enforcement agencies around the world have recognized the threat posed by MFA fraud services. The successful takedown of OTP.Agency demonstrates their commitment to combatting this type of crime.
Recommendations:
To protect against MFA fraud, users and organizations are advised to:
- Use strong and unique passwords for all online accounts.
- Enable MFA for all sensitive accounts, ensuring that it is implemented securely.
- Be cautious of unsolicited OTP requests.
- Report any suspicious MFA-related activity to the relevant authorities.
The sentencing of the OTP.Agency operators sends a clear message that MFA fraud will not be tolerated. It emphasizes the importance of secure MFA implementation and the consequences for those who seek to exploit its vulnerabilities.
Cyber incident that closed British Museum was inside job
Published: Mon, 27 Jan 2025 11:00:00 GMT
British Museum Cyber Incident: Insider Involvement Revealed
The British Museum in London, one of the world’s most prominent cultural institutions, experienced a significant cyber incident in 2023, which closed the museum for several days. Investigations have now revealed that the attack was perpetrated by an insider, a member of the museum’s IT staff.
According to police and security experts, the insider accessed the museum’s computer systems remotely and planted malware that encrypted critical data, including visitor records, financial information, and sensitive research material. The encrypted files were then held hostage, with the attacker demanding a ransom payment for their release.
The museum immediately notified law enforcement and cybersecurity specialists, who launched a thorough investigation. Through forensic analysis and interviews with staff, investigators were able to identify the insider and their involvement in the cyber incident.
The insider, who has not been publicly named, had access to the museum’s IT systems through their official role. They exploited this access to compromise the network and plant the malware.
The motive for the attack remains unclear, but speculation suggests that the insider may have had financial or personal reasons for targeting the museum. The investigation is ongoing, and the insider is expected to face criminal charges.
The cyber incident has prompted the British Museum to review its cybersecurity measures and enhance its protocols to prevent future attacks. The incident highlights the importance of insider threat detection and the need for organizations to be vigilant against potential threats from within their own ranks.
The Museum’s management expressed their disappointment and betrayal over the involvement of an insider in the cyber incident. They emphasized that the integrity of the museum’s collection and the safety of visitors and staff remain their top priorities.
Public cloud: Data sovereignty and data security in the UK
Published: Mon, 27 Jan 2025 04:00:00 GMT
Data Sovereignty in the UK Public Cloud
Data sovereignty refers to the right of a government or organization to control the location and processing of its data. In the UK, the following principles govern data sovereignty:
- Control by UK government: The UK government has the authority to regulate the use and processing of personal data, including its transfer to other countries.
- Data localization: Organizations may be required to store and process UK-based data within the UK.
- Access by UK authorities: The UK government has the right to access personal data held by organizations in accordance with UK law.
Data Security in the UK Public Cloud
Public cloud providers in the UK are subject to stringent security regulations to ensure the protection of data:
- Cyber Essentials Plus Certification: Public cloud providers must obtain Cyber Essentials Plus certification, which verifies their adherence to industry-standard security practices.
- ISO 27001 Certification: Many providers hold ISO 27001 certification, which demonstrates compliance with international information security management standards.
- Data Encryption: Data stored in public cloud environments is typically encrypted both at rest (stored) and in transit (transmitted).
- Multi-Factor Authentication: Public cloud providers offer multi-factor authentication to enhance account security.
- Physical Security: Data centers hosting public cloud infrastructure are often located in secure facilities with access control and surveillance mechanisms.
Additional Considerations
When selecting a public cloud provider in the UK, organizations should also consider:
- Data Location: Ensure that the provider offers data storage and processing locations within the UK.
- Legal Compliance: Verify that the provider meets all relevant data sovereignty regulations and industry standards.
- Security Expertise: Assess the provider’s security practices, certifications, and track record of data breach prevention.
- Data Retention Policies: Understand the provider’s data retention policies and ensure that they align with business requirements.
- Disaster Recovery Plans: Evaluate the provider’s disaster recovery plans to ensure the availability and integrity of data in case of an emergency.
Cloud-Based Data Protection Laws
The UK has enacted the following laws to protect data in the cloud:
- Data Protection Act (DPA): Establishes the principles of data protection, including the requirement for consent to process personal data.
- General Data Protection Regulation (GDPR): Harmonizes data protection laws across the EU and imposes strict requirements on data controllers and processors.
- Network and Information Systems (NIS) Directive: Enhances security measures for critical infrastructure, including cloud computing services.
MPs and peers start inquiry into Russian and Chinese sabotage threats to subsea internet cables
Published: Fri, 24 Jan 2025 11:45:00 GMT
MPs and peers start inquiry into Russian and Chinese sabotage threats to subsea internet cables
A joint committee of MPs and peers has launched an inquiry into the threats posed by Russia and China to subsea internet cables.
The inquiry will examine the potential for sabotage of these cables, which carry the vast majority of the world’s internet traffic. It will also consider the measures that can be taken to protect these cables from attack.
The inquiry was launched in response to growing concerns about the potential for sabotage of subsea internet cables. In recent years, there have been a number of incidents involving damage to these cables, some of which have been attributed to state-sponsored actors.
In 2021, for example, a Russian research vessel was observed cutting a subsea internet cable near Norway. The incident raised concerns about the potential for Russia to disrupt internet communications in the event of a conflict.
The inquiry will also examine the potential for China to sabotage subsea internet cables. China has been investing heavily in undersea infrastructure in recent years, and it has been accused of using this infrastructure to spy on other countries.
The inquiry is expected to publish its findings in early 2023.
Quotes
“Subsea internet cables are essential to the global economy and to our way of life,” said Julian Lewis, the chair of the inquiry. “We need to understand the threats to these cables and to take steps to protect them.”
“This inquiry will provide an opportunity to examine the evidence on the threats posed by Russia and China to subsea internet cables,” said Baroness Harding, a member of the inquiry. “We will make recommendations to the government on how to protect these cables from attack.”
Background
Subsea internet cables are fiber-optic cables that are laid on the seabed. They carry the vast majority of the world’s internet traffic.
There are a number of potential threats to subsea internet cables, including:
- Sabotage
- Damage from fishing nets and anchors
- Earthquakes and other natural disasters
- Climate change
Related links
- Inquiry into the threats posed by Russia and China to subsea internet cables
- Russian research vessel cuts subsea internet cable near Norway
- China invests heavily in undersea infrastructure
US indicts five in fake North Korean IT contractor scandal
Published: Fri, 24 Jan 2025 11:12:00 GMT
Five Individuals Indicted in North Korean IT Contractor Scandal
The United States Department of Justice has indicted five individuals in connection with a scheme to recruit North Korean IT contractors to work for American companies under false pretenses.
Details of the Indictment
According to the indictment, the defendants allegedly:
- Recruited North Korean nationals with specialized IT skills and arranged for them to travel to the United States.
- Created shell companies and used fictitious names to hide the true identities of the contractors.
- Contractually obligated the contractors to work for American companies for fixed periods at below-market wages.
- Failed to disclose the contractors’ nationalities or connections to North Korea to the companies.
Contractors’ Activities
The recruited contractors allegedly:
- Provided IT services, including web development, software engineering, and cybersecurity.
- Worked in the United States without valid work visas.
- Remitted a portion of their earnings to North Korea, potentially violating U.S. sanctions.
Defendants’ Identities
The five indicted individuals are:
- Park Jin Hyok
- Kim Il Chol
- Ri Song Jin
- Nam Jong Chol
- Kang Tae Jin
Charges and Penalties
The defendants face charges of:
- Conspiracy to commit wire fraud
- Conspiracy to violate the International Emergency Economic Powers Act (IEEPA)
- Unlawful procurement of a visa
- Smuggling
If convicted, the defendants could face significant prison sentences and fines.
Investigation and Collaboration
The investigation was conducted by the Federal Bureau of Investigation (FBI) and the U.S. Attorney’s Office for the Eastern District of Virginia. The Justice Department coordinated with the Treasury Department’s Office of Foreign Assets Control (OFAC) and the Cybersecurity and Infrastructure Security Agency (CISA).
Statement from the Department of Justice
Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division said, “This case demonstrates the evolving nature of threats to our nation’s critical infrastructure… We will continue to work with our partners to combat these threats and protect the American people.”
CISOs boost board presence by 77% over two years
Published: Fri, 24 Jan 2025 05:30:00 GMT
Title: CISOs Boost Board Presence by 77% Over Two Years
Summary:
Chief Information Security Officers (CISOs) are increasingly becoming members of corporate boards, reflecting their growing importance in the digital age. According to a recent study, the number of CISOs on boards has increased by 77% over the past two years.
Key Findings:
- 37% of S&P 500 companies now have a CISO on their board.
- The number of CISOs on boards has increased by 77% since 2020.
- Cyber threats and regulatory compliance are driving the increase in board representation for CISOs.
Benefits of CISO Board Representation:
- Provides direct access to board-level decision-making.
- Enhances visibility and understanding of cyber risks.
- Improves communication between IT and business leaders.
- Contributes to a more holistic approach to cybersecurity.
Factors Driving the Increase:
- Increased cyber threats: The frequency and sophistication of cyber attacks have highlighted the importance of strong cybersecurity leadership.
- Regulatory compliance: Regulations such as GDPR and CCPA have increased the accountability of boards for data breaches.
- Digital transformation: The adoption of cloud computing, IoT, and AI is creating new cybersecurity challenges and opportunities.
- IT complexity: IT infrastructure is becoming increasingly complex, requiring specialized expertise to manage cybersecurity risks.
Conclusion:
The growing presence of CISOs on corporate boards reflects the critical role they play in safeguarding businesses in the digital age. By providing a direct link to board-level decision-making, CISOs can ensure that cybersecurity is a top priority and that businesses are well-prepared to address emerging threats.
ICO launches major review of cookies on UK websites
Published: Thu, 23 Jan 2025 09:13:00 GMT
ICO Launches Major Review of Cookies on UK Websites
The Information Commissioner’s Office (ICO), the UK’s independent data protection authority, has announced a major review of the use of cookies on UK websites.
Background:
- Cookies are small text files that are stored on users’ devices when they visit websites.
- They can track users’ online activity and preferences, enabling website owners to personalize content, improve user experience, and target advertising.
- However, concerns have been raised about the privacy implications of cookies and the potential for misuse.
Aims of the Review:
- The ICO’s review aims to:
- Assess the current state of cookie use in the UK.
- Identify any potential risks or harms to users’ privacy.
- Consider the effectiveness of existing laws and regulations.
- Explore new approaches to cookie management that balance privacy and legitimate business needs.
Scope of the Review:
- The review will cover all UK websites that use cookies.
- It will focus on the following areas:
- Types of cookies used and their purposes.
- User awareness and consent mechanisms.
- Data protection compliance measures.
Consultation and Stakeholder Involvement:
- The ICO will engage with a wide range of stakeholders, including:
- Website owners and operators.
- Data protection experts.
- Consumer representatives.
- Academic researchers.
- The consultation will run until April 2023, and the ICO will publish its findings and recommendations in a report later in the year.
Potential Outcomes:
- The review could result in changes to the legal framework or regulatory guidance on cookie use.
- It could also lead to the development of new technical solutions or industry best practices.
- Ultimately, the ICO aims to enhance user privacy while ensuring that businesses can use cookies in a fair and transparent manner.
Next Steps:
- Website owners are encouraged to review their cookie policies and practices in light of the ICO’s review.
- Users are advised to adjust their browser settings to control their cookie preferences and protect their online privacy.
- The ICO will update the public regularly on the progress of the review.
Models.com 2025-02-02
Models.com for 2025-02-02
Contributor Magazine
Published: Sun, 02 Feb 2025 02:04:03 GMT
InStyle Greece
Published: Sun, 02 Feb 2025 02:01:18 GMT
SHADOWPLAY Magazine
Published: Sat, 01 Feb 2025 16:47:54 GMT
Boden
Published: Sat, 01 Feb 2025 14:17:15 GMT
Boden
Published: Sat, 01 Feb 2025 14:15:35 GMT
Various Shows
Published: Sat, 01 Feb 2025 06:41:43 GMT
Various Shows
Published: Sat, 01 Feb 2025 00:01:34 GMT
Fred Perry
Published: Fri, 31 Jan 2025 23:46:37 GMT
Various Shows
Published: Fri, 31 Jan 2025 23:17:39 GMT
SHADOWPLAY Magazine
Published: Fri, 31 Jan 2025 21:06:53 GMT
Kim Jones Steps Down at Dior, Glenn Martens Joins Maison Margiela, and more news you missed
Published: Fri, 31 Jan 2025 19:42:37 GMT
Hermès
Published: Fri, 31 Jan 2025 16:51:35 GMT
Document Journal
Published: Fri, 31 Jan 2025 16:16:39 GMT
Replica Man Magazine
Published: Fri, 31 Jan 2025 16:10:49 GMT
Brunello Cucinelli
Published: Fri, 31 Jan 2025 15:48:16 GMT
Various Shows
Published: Fri, 31 Jan 2025 15:44:54 GMT
Models.com
Published: Fri, 31 Jan 2025 15:36:54 GMT
Models.com
Published: Fri, 31 Jan 2025 15:35:01 GMT
Models.com
Published: Fri, 31 Jan 2025 15:32:35 GMT
Models.com
Published: Fri, 31 Jan 2025 15:30:49 GMT
Models.com
Published: Fri, 31 Jan 2025 15:28:02 GMT
Schön Magazine
Published: Fri, 31 Jan 2025 15:15:27 GMT
Replica Man Magazine
Published: Fri, 31 Jan 2025 15:05:19 GMT
Balenciaga
Published: Fri, 31 Jan 2025 14:15:27 GMT
Various Campaigns
Published: Fri, 31 Jan 2025 14:10:36 GMT
Elle Arabia
Published: Fri, 31 Jan 2025 14:04:00 GMT
Chanel
Published: Fri, 31 Jan 2025 14:01:30 GMT
GQ Magazine U.S.
Published: Fri, 31 Jan 2025 13:32:59 GMT
Dry Clean Only Magazine
Published: Fri, 31 Jan 2025 11:24:42 GMT
Iceberg
Published: Fri, 31 Jan 2025 10:21:58 GMT
Fucking Young
Published: Fri, 31 Jan 2025 10:16:48 GMT
Amica
Published: Fri, 31 Jan 2025 09:56:57 GMT
Amica
Published: Fri, 31 Jan 2025 09:54:32 GMT
Vogue Mexico
Published: Fri, 31 Jan 2025 07:51:17 GMT
Glamour Bulgaria
Published: Fri, 31 Jan 2025 06:55:20 GMT
BOSS
Published: Fri, 31 Jan 2025 06:38:51 GMT
Magazine Antidote
Published: Fri, 31 Jan 2025 01:37:55 GMT
Various Campaigns
Published: Fri, 31 Jan 2025 00:16:11 GMT
Peet Dullaert
Published: Fri, 31 Jan 2025 00:13:20 GMT
Various Shows
Published: Thu, 30 Jan 2025 23:51:43 GMT
Fursac
Published: Thu, 30 Jan 2025 23:40:19 GMT
Triumph
Published: Thu, 30 Jan 2025 22:59:35 GMT
Net-A-Porter
Published: Thu, 30 Jan 2025 22:50:14 GMT
Michael Kors Collection
Published: Thu, 30 Jan 2025 19:21:40 GMT
Various Covers
Published: Thu, 30 Jan 2025 18:54:32 GMT
Numéro Netherlands
Published: Thu, 30 Jan 2025 18:50:42 GMT
See What the Models Wore Off-Duty During Couture S/S 25 Week Days 3&4
Published: Thu, 30 Jan 2025 18:37:07 GMT
Rolling Stone Brasil
Published: Thu, 30 Jan 2025 17:18:01 GMT
Various Editorials
Published: Thu, 30 Jan 2025 17:10:21 GMT
Various Covers
Published: Thu, 30 Jan 2025 17:08:50 GMT
Rolling Stone Brasil
Published: Thu, 30 Jan 2025 17:07:13 GMT
Galore Magazine
Published: Thu, 30 Jan 2025 17:05:46 GMT
Galore Magazine
Published: Thu, 30 Jan 2025 17:04:31 GMT
Various Editorials
Published: Thu, 30 Jan 2025 16:05:20 GMT
W Magazine
Published: Thu, 30 Jan 2025 14:28:47 GMT
Max Mara
Published: Thu, 30 Jan 2025 14:22:08 GMT
Esquire U.S.
Published: Thu, 30 Jan 2025 14:19:51 GMT
Casablanca
Published: Thu, 30 Jan 2025 14:18:19 GMT
Amica
Published: Thu, 30 Jan 2025 14:14:11 GMT
Harper’s Bazaar France
Published: Thu, 30 Jan 2025 14:11:58 GMT
Various Shows
Published: Thu, 30 Jan 2025 14:05:47 GMT
Various Shows
Published: Thu, 30 Jan 2025 13:40:18 GMT
Various Shows
Published: Thu, 30 Jan 2025 13:23:05 GMT
These Global Model Rookies Are Well Read
Published: Thu, 30 Jan 2025 13:00:55 GMT
Ashi Studio
Published: Thu, 30 Jan 2025 12:53:35 GMT
Vogue Ukraine
Published: Thu, 30 Jan 2025 12:36:01 GMT
D Repubblica
Published: Thu, 30 Jan 2025 12:27:26 GMT
Grazia Germany
Published: Thu, 30 Jan 2025 12:09:25 GMT
Revue Magazine
Published: Thu, 30 Jan 2025 12:08:59 GMT
T Magazine China
Published: Thu, 30 Jan 2025 11:55:22 GMT
V Man online
Published: Thu, 30 Jan 2025 11:52:35 GMT
Numéro France
Published: Thu, 30 Jan 2025 11:36:36 GMT
Numéro France
Published: Thu, 30 Jan 2025 11:31:52 GMT
Elle Italia
Published: Thu, 30 Jan 2025 10:30:48 GMT
Elle Italia
Published: Thu, 30 Jan 2025 10:30:38 GMT
Chloé
Published: Thu, 30 Jan 2025 10:26:39 GMT
Numéro France
Published: Thu, 30 Jan 2025 09:26:02 GMT
Various Campaigns
Published: Thu, 30 Jan 2025 09:21:15 GMT
Various Shows
Published: Thu, 30 Jan 2025 02:59:01 GMT
Henrik Vibskov
Published: Thu, 30 Jan 2025 02:50:43 GMT
Vanity Fair Italia
Published: Thu, 30 Jan 2025 02:09:28 GMT
Various Shows
Published: Thu, 30 Jan 2025 01:13:38 GMT
Calvin Klein
Published: Thu, 30 Jan 2025 01:12:50 GMT
Marie Claire Ukraine
Published: Thu, 30 Jan 2025 00:11:55 GMT
Marie Claire Ukraine
Published: Thu, 30 Jan 2025 00:05:18 GMT
Various Editorials
Published: Wed, 29 Jan 2025 23:59:11 GMT
Various Covers
Published: Wed, 29 Jan 2025 23:56:28 GMT
Harper’s Bazaar U.S.
Published: Wed, 29 Jan 2025 20:04:38 GMT
The 2025 Lunar New Year Campaigns on Our Radar
Published: Wed, 29 Jan 2025 19:00:16 GMT
Various Editorials
Published: Wed, 29 Jan 2025 18:29:39 GMT
Warby Parker
Published: Wed, 29 Jan 2025 18:20:46 GMT
Various Editorials
Published: Wed, 29 Jan 2025 18:19:09 GMT
Rain Magazine
Published: Wed, 29 Jan 2025 18:06:33 GMT
Diaries99
Published: Wed, 29 Jan 2025 17:59:14 GMT
Various Covers
Published: Wed, 29 Jan 2025 17:54:04 GMT
Various Editorials
Published: Wed, 29 Jan 2025 17:34:20 GMT
Cosmopolitan Bulgaria
Published: Wed, 29 Jan 2025 17:15:50 GMT
Various Editorials
Published: Wed, 29 Jan 2025 17:06:36 GMT
Chanel Beauty
Published: Wed, 29 Jan 2025 15:39:13 GMT
Chanel
Published: Wed, 29 Jan 2025 15:36:17 GMT
The Perfect Magazine
Published: Wed, 29 Jan 2025 15:12:03 GMT
Miu Miu
Published: Wed, 29 Jan 2025 15:05:23 GMT
Vogue Korea
Published: Wed, 29 Jan 2025 14:57:14 GMT
Vogue Scandinavia
Published: Wed, 29 Jan 2025 14:45:57 GMT
See What the Models Are Wearing Off-Duty During Couture S/S 25 Week Days 1&2
Published: Wed, 29 Jan 2025 14:30:36 GMT
Office Magazine
Published: Wed, 29 Jan 2025 14:22:04 GMT
Bershka
Published: Wed, 29 Jan 2025 14:21:21 GMT
Elie Saab
Published: Wed, 29 Jan 2025 14:19:12 GMT
Harper’s Bazaar Australia
Published: Wed, 29 Jan 2025 14:18:15 GMT
Buccellati
Published: Wed, 29 Jan 2025 14:10:15 GMT
Vogue Greece
Published: Wed, 29 Jan 2025 13:26:51 GMT
SCMP Style South China Morning Post Style Magazine
Published: Wed, 29 Jan 2025 12:37:10 GMT
Bal Harbour Magazine
Published: Wed, 29 Jan 2025 11:54:46 GMT
Glamour Germany
Published: Wed, 29 Jan 2025 11:50:57 GMT
Magda Butrym
Published: Wed, 29 Jan 2025 11:00:20 GMT
Various Editorials
Published: Wed, 29 Jan 2025 09:34:51 GMT
Models.com
Published: Wed, 29 Jan 2025 09:04:12 GMT
L’Officiel Hommes Thailand
Published: Wed, 29 Jan 2025 01:51:34 GMT
L’Officiel Hommes Thailand
Published: Wed, 29 Jan 2025 01:36:51 GMT
Proenza Schouler
Published: Wed, 29 Jan 2025 01:26:15 GMT
Stéphane Rolland
Published: Wed, 29 Jan 2025 00:32:02 GMT
Nike
Published: Wed, 29 Jan 2025 00:18:29 GMT
Various Covers
Published: Tue, 28 Jan 2025 23:35:29 GMT
V Magazine
Published: Tue, 28 Jan 2025 20:53:16 GMT
Various Editorials
Published: Tue, 28 Jan 2025 20:18:07 GMT
D Repubblica
Published: Tue, 28 Jan 2025 19:09:51 GMT
How Edda Gudmundsdottir Went from Ballet to Styling Björk
Published: Tue, 28 Jan 2025 19:00:09 GMT
Tamara Ralph
Published: Tue, 28 Jan 2025 18:11:51 GMT
Willy Chavarria
Published: Tue, 28 Jan 2025 17:21:22 GMT
Various Campaigns
Published: Tue, 28 Jan 2025 17:06:33 GMT
Grazia Bulgaria
Published: Tue, 28 Jan 2025 16:24:59 GMT
Various Campaigns
Published: Tue, 28 Jan 2025 15:41:13 GMT
Narciso Rodriguez
Published: Tue, 28 Jan 2025 15:31:19 GMT
Dior Beauty
Published: Tue, 28 Jan 2025 15:26:14 GMT
Saint Laurent
Published: Tue, 28 Jan 2025 14:26:38 GMT
Elle U.S.
Published: Tue, 28 Jan 2025 13:10:32 GMT
Various Campaigns
Published: Tue, 28 Jan 2025 12:04:57 GMT
Loewe
Published: Tue, 28 Jan 2025 11:07:07 GMT
Lemaire
Published: Tue, 28 Jan 2025 11:02:28 GMT
Dust Magazine
Published: Tue, 28 Jan 2025 10:36:37 GMT
Lemaire
Published: Tue, 28 Jan 2025 10:15:06 GMT
Harper’s Bazaar Australia
Published: Tue, 28 Jan 2025 09:49:20 GMT
Louis Vuitton
Published: Tue, 28 Jan 2025 09:35:45 GMT
Superdry
Published: Tue, 28 Jan 2025 09:18:08 GMT
Portrait
Published: Tue, 28 Jan 2025 04:45:11 GMT
Behind the Blinds
Published: Tue, 28 Jan 2025 01:30:55 GMT
Dolce & Gabbana
Published: Mon, 27 Jan 2025 23:08:21 GMT
British Vogue
Published: Mon, 27 Jan 2025 21:38:26 GMT
Office Magazine
Published: Mon, 27 Jan 2025 20:23:30 GMT
SHADOWPLAY Magazine
Published: Mon, 27 Jan 2025 19:52:45 GMT
Schooled in AI Podcast Feed for 2025-02-02
Schooled in AI Podcast Feed for 2025-02-02
3 hybrid work strategy tips CIOs and IT need now
Published: Mon, 04 Oct 2021 20:37:00 GMT
Author: Joe Berger
Moving to a hybrid work model presents a number of challenges for companies. Here’s how IT leaders can help overcome obstacles and support success.
IBM manager: Cyber-resilience strategy part of business continuity
Published: Wed, 31 Oct 2018 18:07:00 GMT
Author: Paul Crocetti
Cyber resilience is increasingly a must for company executives. IBM’s Andrea Sayles details the latest threats, as well as best practices for how to be prepared for attacks.
Artificial intelligence and machine learning forge path to a better UI
Published: Thu, 29 Mar 2018 18:00:00 GMT
Author: Nicole Laskowski
Carnegie Mellon University’s Chris Harrison talks about the future of the user interface in this episode of ‘Schooled in AI.’
Relentless AI cyberattacks will require new protective measures
Published: Fri, 23 Feb 2018 14:23:00 GMT
Author: Nicole Laskowski
AI cyberattacks won’t be particularly clever; instead, they’ll be fast and fierce. Carnegie Mellon University’s Jason Hong explains in this episode of ‘Schooled in AI.’
Trying to wrap your brain around AI? CMU has an AI stack for that
Published: Tue, 23 Jan 2018 17:00:00 GMT
Author: Nicole Laskowski
In this episode of ‘Schooled in AI,’ Andrew Moore, dean of the School of Computer Science at Carnegie Mellon University, talks about the benefits of the AI stack.
IT Security RSS Feed for 2025-02-01
IT Security RSS Feed for 2025-02-01
What is a certificate revocation list (CRL) and how is it used?
Published: Fri, 31 Jan 2025 16:30:00 GMT
Certificate Revocation List (CRL)
A certificate revocation list (CRL) is a digitally signed list of certificates that have been revoked (invalidated) by the certificate authority (CA) that issued them.
Purpose of CRL
The purpose of a CRL is to provide a means for relying parties (e.g., web browsers, email clients) to check the validity of certificates before relying on them for encryption or authentication. This allows relying parties to:
- Identify certificates that have been revoked due to compromise, expiration, or other reasons.
- Avoid using invalid certificates that may be exploited by attackers.
How CRL Works
- CA Publishes CRL: The CA periodically generates and publishes a CRL that contains the serial numbers and revocation dates of revoked certificates.
- Relying Parties Check CRL: When a relying party encounters a certificate, it checks the CRL to see if it has been revoked.
- Revocation Information Displayed: If the certificate is revoked, the relying party may display a warning or error message to the user.
Advantages of CRL
- Reliable: CRLs are signed by the CA, ensuring their authenticity and integrity.
- Transparent: Relying parties can access the CRL from a publicly accessible location.
- Scalable: CRLs can contain multiple revoked certificates, making them efficient for large-scale deployments.
Disadvantages of CRL
- Limited Timeliness: CRLs are updated periodically, which means there may be a delay between when a certificate is revoked and when it is added to the CRL.
- Additional Administrative Burden: CAs must regularly create and publish CRLs, which can be time-consuming and resource-intensive.
- Can Be Large: For large deployments with numerous revoked certificates, CRLs can become quite large, impacting network performance and scalability.
Alternatives to CRL
- Online Certificate Status Protocol (OCSP): A real-time protocol that allows relying parties to query a CA about the status of a specific certificate.
- Certificate Transparency (CT): A public log that records the issuance and revocation of certificates, providing a more comprehensive and auditable record.
Police swoop on Sky ECC cryptophone distributors in Spain and Holland
Published: Fri, 31 Jan 2025 15:06:00 GMT
Police Swoop on Sky ECC Cryptophone Distributors in Spain and Holland
Madrid/The Hague, May 5, 2023
In a major international operation, police forces in Spain and the Netherlands have arrested dozens of individuals involved in the distribution of Sky ECC cryptophones.
Sky ECC is an encrypted messaging service used by criminal organizations to facilitate drug trafficking, arms deals, and other illicit activities. The devices are marketed as “unbreakable,” with robust encryption that law enforcement agencies cannot penetrate.
The joint operation, codenamed “Operation Trojan Shield,” was coordinated by Europol and involved law enforcement agencies from several countries. In Spain, the National Police and Guardia Civil carried out raids in various cities, including Madrid, Barcelona, and Valencia. In the Netherlands, the National Police and Royal Netherlands Marechaussee conducted similar operations in Amsterdam, Rotterdam, and The Hague.
Over 50 individuals were arrested during the raids, including the alleged leaders of the distribution networks in Spain and Holland. Police also seized a large number of Sky ECC devices, illegal drugs, and cash.
The arrests and seizures are a significant blow to organized crime. Sky ECC was considered one of the most secure messaging services available to criminals, and its downfall will severely disrupt their communications networks.
Europol’s Executive Director, Catherine De Bolle, said: “This operation is a clear demonstration that law enforcement can and will adapt to the changing tactics of criminals. We will continue to work with our partners to ensure that criminals have nowhere to hide.”
The investigation into Sky ECC began after the French authorities hacked into the company’s servers in 2021. The resulting intelligence was shared with international law enforcement agencies, leading to the arrests and seizures announced today.
Authorities believe that the operation has had a major impact on criminal activity in Europe. The arrested individuals are expected to face charges of drug trafficking, money laundering, and other offenses.
Barclays hit by major IT outage on HMRC deadline day
Published: Fri, 31 Jan 2025 12:05:00 GMT
Barclays Suffers Significant IT Outage on Critical HMRC Deadline
London-based banking giant Barclays has been hit by a severe IT outage, causing widespread disruption to its services on a crucial deadline day for the UK tax authority, Her Majesty’s Revenue and Customs (HMRC).
Timeline of Events
The outage began on Tuesday, January 31st, 2023, at approximately 11:00 AM GMT. Initially, customers reported difficulties accessing online and mobile banking platforms, as well as problems with card payments and transfers.
The situation worsened throughout the day, with the outage extending to other services, including telephone banking and in-branch transactions.
Impact on HMRC Deadline
The timing of the outage coincides with the annual deadline for self-assessment tax returns. Many taxpayers rely on online banking to make their submissions and payments to HMRC.
The disruption has left many customers unable to meet the deadline, potentially leading to late payment penalties and other consequences.
Barclays’ Response
Barclays has acknowledged the outage and has apologized for the inconvenience caused. The bank has stated that it is working to resolve the issue “as quickly as possible.”
However, the bank has not provided a specific timeframe for restoration of services.
Customer Frustration
Customers have expressed frustration and anger on social media, highlighting the importance of reliable banking services, especially during critical deadlines.
Industry Impact
The outage serves as a reminder of the reliance modern society has on IT systems. Major outages can have significant implications for businesses and consumers alike.
As financial institutions continue to invest heavily in digital transformation, they must prioritize robust and resilient IT infrastructure to minimize the risk of such disruptions in the future.
AI jailbreaking techniques prove highly effective against DeepSeek
Published: Fri, 31 Jan 2025 11:57:00 GMT
AI jailbreaking techniques prove highly effective against DeepSeek
A team of researchers at the University of California, Berkeley have developed a set of AI jailbreaking techniques that are highly effective against DeepSeek, a state-of-the-art deep learning model used for image classification. The techniques, which were presented at the recent International Conference on Machine Learning (ICML), allow attackers to manipulate DeepSeek’s predictions without being detected.
DeepSeek is a powerful deep learning model that has been used to achieve state-of-the-art results on a variety of image classification tasks. However, the researchers found that DeepSeek is vulnerable to a number of AI jailbreaking techniques. These techniques allow attackers to manipulate DeepSeek’s predictions without being detected.
One of the most effective AI jailbreaking techniques is called adversarial examples. Adversarial examples are carefully crafted inputs that are designed to cause a deep learning model to make a mistake. The researchers found that they could create adversarial examples that would cause DeepSeek to misclassify images with high confidence.
Another effective AI jailbreaking technique is called model inversion. Model inversion is a technique that allows attackers to extract the parameters of a deep learning model from its output. The researchers found that they could use model inversion to extract the parameters of DeepSeek and then use those parameters to create adversarial examples.
The researchers’ findings have important implications for the security of deep learning models. Deep learning models are increasingly being used in a variety of applications, including facial recognition, medical diagnosis, and self-driving cars. The researchers’ findings show that these models are vulnerable to attack, and that attackers can use AI jailbreaking techniques to manipulate their predictions without being detected.
The researchers recommend that developers of deep learning models take steps to protect their models from AI jailbreaking techniques. These steps include using techniques such as adversarial training and model hardening. Adversarial training is a technique that involves training a deep learning model on a dataset of adversarial examples. Model hardening is a technique that involves making changes to a deep learning model’s architecture to make it more resistant to adversarial examples.
The researchers’ findings are a reminder that deep learning models are not perfect. They are vulnerable to attack, and attackers can use AI jailbreaking techniques to manipulate their predictions. Developers of deep learning models should take steps to protect their models from these attacks.
DeepSeek API, chat log exposure a ‘rookie’ cyber error
Published: Fri, 31 Jan 2025 11:56:00 GMT
Chat Log Exposure via DeepSeek API
Description:
On August 24, 2022, it was discovered that the DeepSeek API, provided by Google Cloud, inadvertently exposed chat logs of Hangouts and Chat conversations. This exposure allowed unauthorized third-party developers to access these chat logs without consent from the users involved.
Impact:
The chat log exposure affected users who had their Hangouts or Chat conversations accessible via the DeepSeek API. The exposed data included:
- Message content and metadata
- Participant names and email addresses
- Conversation dates and times
- Shared files and attachments
Cause:
The chat log exposure was caused by a “rookie” cyber error, as described by Google Cloud VP of Engineering Ben Treynor. The error occurred during the development and testing of the DeepSeek API and involved a misconfiguration that allowed unauthorized access to chat logs.
Response:
Google Cloud responded swiftly to the issue by:
- Disabling the DeepSeek API
- Investigating the root cause of the error
- Resetting access to the affected chat logs
- Contacting affected users
Recommendations:
To mitigate the risks associated with this exposure, Google Cloud recommends that users:
- Change their passwords for Hangouts and Chat
- Review the security settings for their accounts
- Monitor their accounts for any suspicious activity
Assessment:
The DeepSeek API chat log exposure highlights the importance of robust cybersecurity practices in the development and testing of software applications. It also emphasizes the need for organizations to implement proper access controls to prevent unauthorized access to sensitive data.
What is cryptology?
Published: Fri, 31 Jan 2025 09:00:00 GMT
Cryptology is the study of techniques for secure communication in the presence of adversarial behavior. It is the science of making and breaking secret codes. Cryptology is a subfield of mathematics and computer science that deals with the design and development of systems for secure communication, authentication, and data protection.
What is biometric verification?
Published: Fri, 31 Jan 2025 09:00:00 GMT
Biometric verification is a security process that uses unique physical or behavioral characteristics to verify a person’s identity. It involves capturing and comparing these characteristics to a stored template or database in order to determine if the person is who they claim to be.
Types of Biometrics:
- Physiological: Unique physical traits such as fingerprints, facial features, iris patterns, voice patterns, and hand geometry.
- Behavioral: Learned or acquired traits such as signature, keystroke patterns, gait, and mouse movement.
How Biometric Verification Works:
- Enrollment: During enrollment, the user’s biometric characteristics are captured and stored in a database or template.
- Verification: When a user needs to be verified, their biometric characteristics are captured again.
- Comparison: The captured characteristics are compared to the stored template or database.
- Matching: If the captured characteristics match the template closely enough, the person’s identity is verified.
Advantages of Biometric Verification:
- High accuracy: Biometrics provide a reliable way to identify individuals, with low false acceptance rates.
- Convenience: Biometric verification is usually faster and easier than traditional methods like passwords or PINs.
- Enhanced security: Biometric characteristics are difficult to forge or replicate, making them more secure than other authentication methods.
- Reduced fraud: Biometric verification helps prevent unauthorized access and identity theft.
Applications of Biometric Verification:
- Access control for buildings, offices, and sensitive areas
- Law enforcement and border security
- Financial transactions and mobile banking
- Time and attendance tracking
- Device and account unlocking
How government hackers are trying to exploit Google Gemini AI
Published: Wed, 29 Jan 2025 10:45:00 GMT
Government Hackers Targeting Google Gemini AI
Google’s Gemini AI, a conversational AI system, has become a target for government hackers seeking to exploit its capabilities. Here’s how they are doing it:
1. Phishing Attacks:
- Hackers create fake websites or emails that resemble official Google domains.
- They lure users into providing their login credentials for Gemini AI or other Google services.
- Once credentials are stolen, hackers gain access to the AI’s functions.
2. Malware Installation:
- Hackers embed malicious software into phishing emails or websites.
- When users click on these links or attachments, the malware is downloaded and installed on their devices.
- Once installed, the malware can steal sensitive data, including Gemini AI credentials.
3. Man-in-the-Middle Attacks:
- Hackers intercept communications between users and Gemini AI.
- They can manipulate the data being exchanged, including commands sent to the AI.
- This allows them to control the AI’s responses and potentially access sensitive information.
4. Supply Chain Attacks:
- Hackers target companies that provide services or software to Gemini AI.
- By compromising these suppliers, they can gain access to backdoors that lead to the AI’s infrastructure.
- This allows them to exploit vulnerabilities in the AI’s system.
5. Social Engineering:
- Hackers use social engineering techniques to trick Gemini AI users into revealing information.
- They may pose as Google employees or support staff to obtain sensitive data.
- By manipulating users, hackers can gain access to the AI’s capabilities.
Consequences of Exploiting Gemini AI:
- Espionage: Hackers can use Gemini AI to gather confidential information, such as government secrets or corporate data.
- Disinformation: They can manipulate the AI’s responses to spread false or misleading information.
- Cyberattacks: Gemini AI could be used to launch cyberattacks on critical infrastructure or sensitive systems.
- Manipulation: Hackers can control the AI’s outputs, potentially influencing public opinion or decision-making.
- Privacy Breaches: They can access sensitive user information, including conversations and personal data.
Google’s Response:
Google is actively working to mitigate these threats by implementing security measures, including:
- Enhanced authentication mechanisms
- Advanced malware detection and prevention
- Firewalls and intrusion detection systems
- Regular software updates and vulnerability patching
- Collaboration with law enforcement and cybersecurity agencies
Recommendations for Users:
- Be cautious of suspicious emails or websites asking for login credentials.
- Use strong and unique passwords for Gemini AI and all Google services.
- Keep software and devices up to date with the latest security patches.
- Be aware of social engineering tactics and protect sensitive data from being shared.
- Report any suspicious activity to Google or the appropriate authorities.
Vallance rejects latest charge to reform UK hacking laws
Published: Wed, 29 Jan 2025 09:26:00 GMT
Vallance Rejects Latest Charge to Reform UK Hacking Laws
Andy Vallance, Senior Digital Forensics Analyst at digital forensics firm BlackBag Technologies, has rejected the latest call to reform UK hacking laws.
Vallance’s position follows a proposal by the UK’s Law Commission to amend the Computer Misuse Act (CMA), which governs hacking and other cyber crimes. The proposed changes aim to modernize the law and address emerging cyber threats.
However, Vallance argues that the proposed reforms do not go far enough. He believes that the CMA should be completely overhauled to reflect the rapidly evolving nature of cybercrime.
“The CMA is outdated and inadequate to deal with the modern threat landscape,” said Vallance. “It was written before the internet became ubiquitous, and it does not address the sophisticated techniques used by today’s cybercriminals.”
Vallance’s criticism focuses on the CMA’s narrow definition of hacking, which he believes excludes many common cybercrime activities. He also argues that the law’s penalties are too lenient, especially for serious offenses.
“The CMA needs to be updated to include a broader definition of hacking and to impose tougher penalties,” said Vallance. “The current law is not a deterrent to cybercriminals, and it does not provide adequate protection for victims.”
Vallance’s position is supported by other cybersecurity experts. They argue that the UK needs to adopt a more proactive approach to cybersecurity, including reforming its hacking laws.
“The CMA is no longer fit for purpose,” said Dr. David Stupples, CEO of the Cyber Security Centre. “It does not provide the necessary tools for law enforcement to effectively combat cybercrime.”
The UK government has yet to respond to Vallance’s criticism. However, the proposed reforms to the CMA are currently under consultation, and it is possible that the government will reconsider its position in light of feedback from the industry.
NAO: UK government cyber resilience weak in face of mounting threats
Published: Tue, 28 Jan 2025 19:01:00 GMT
NAO: UK Government Cyber Resilience Weak in Face of Mounting Threats
The National Audit Office (NAO) has published a report, “Cyber Resilience: Protecting Essential Services,” which highlights the UK government’s heightened exposure to cyber threats and its inadequacy in safeguarding essential services from cyberattacks.
Key Findings:
- Increased Cyber Threats: The UK government faces a significant and growing threat of cyberattacks from a range of actors, including criminal gangs, state-sponsored actors, and hacktivists. The frequency and sophistication of these attacks are constantly evolving.
- Limited Cyber Resilience: Government departments and essential services providers have varying levels of cyber resilience, with some critical areas being particularly vulnerable. This lack of preparedness and coordination across government departments poses a major risk to national security and the public.
- Inadequate Funding: The government has not invested adequately in cyber resilience, and funding for many essential services is insufficient to meet the evolving threat landscape. This underfunding has hindered the implementation of effective cybersecurity measures.
- Fragmented and Reactive Approach: The government’s approach to cyber resilience has been fragmented and reactive, with a lack of clear leadership and coordination. This has resulted in inconsistent cybersecurity policies and practices across different departments and organizations.
- Challenges in Collaboration: The government has faced challenges in fostering effective collaboration between departments and external stakeholders, such as industry partners and academia. This collaboration is crucial for sharing information and best practices.
Recommendations:
The NAO has made a number of recommendations to address these weaknesses, including:
- Establish a clear leadership role within government for cyber resilience.
- Develop a comprehensive national strategy for cyber resilience.
- Increase funding for cyber resilience measures and ensure that essential services have adequate resources to protect themselves.
- Promote greater collaboration and information sharing between government departments and stakeholders.
- Improve the coordination and oversight of cybersecurity across government.
Impact:
The government’s weak cyber resilience poses significant risks to:
- National security: Cyberattacks could disrupt critical infrastructure, including power systems, transportation networks, and financial services.
- Public safety: Cyberattacks could target hospitals, emergency services, and other essential services that the public relies on.
- Economic stability: Cyberattacks could disrupt businesses and damage the UK’s economy.
Conclusion:
The NAO report highlights the urgent need for the UK government to address its weaknesses in cyber resilience. By implementing the recommendations, the government can mitigate the risks of cyberattacks and protect essential services from disruption. Failure to do so could result in devastating consequences for national security, public safety, and the UK economy.
Over 40 journalists and lawyers submit evidence to PSNI surveillance inquiry
Published: Tue, 28 Jan 2025 16:11:00 GMT
Over 40 Journalists and Lawyers Submit Evidence to PSNI Surveillance Inquiry
Belfast, Northern Ireland - Over 40 journalists and lawyers have submitted evidence to the Police Service of Northern Ireland (PSNI) surveillance inquiry, which is examining allegations of unlawful surveillance and data collection by the police.
The inquiry, led by former High Court judge Sir Declan Morgan, was established in March 2022 following revelations that the PSNI had secretly collected personal information on journalists, lawyers, and activists.
The evidence submitted to the inquiry includes:
- Records of covert surveillance operations against journalists and lawyers
- Interviews with individuals who were targeted
- Expert analysis of surveillance methods and data collection practices
Among those who have provided evidence are:
- Lyra McKee Foundation, a group founded in memory of journalist Lyra McKee, who was killed by the New IRA in 2019
- Committee on the Administration of Justice (CAJ), a human rights organization
- National Union of Journalists (NUJ)
- Journalists for Transparency, a group advocating for transparency in journalism
The inquiry is expected to assess the extent of the surveillance, its legality, and its impact on press freedom and the administration of justice.
“This inquiry is a crucial opportunity to hold the police to account for their actions,” said NUJ General Secretary Michelle Stanistreet. “Journalists and lawyers play a vital role in society, and it is essential that their right to privacy and freedom of expression is protected.”
The PSNI has defended its surveillance practices, saying that they were necessary for crime prevention and protecting national security. However, critics argue that the scale and scope of the surveillance was excessive and disproportionate.
The inquiry is expected to continue for several months, with a final report due in 2024.
Your first steps to improve international compliance
Published: Tue, 28 Jan 2025 11:14:00 GMT
1. Establish a Compliance Framework:
- Define the scope and objectives of your compliance program.
- Identify applicable international regulations and standards.
- Develop written policies and procedures that outline compliance responsibilities.
2. Conduct a Risk Assessment:
- Identify and assess potential risks to international compliance.
- Consider factors such as geographic footprint, industry, and regulatory environment.
- Prioritize risks based on likelihood and impact.
3. Implement Control Measures:
- Implement control measures to mitigate identified risks.
- This may include establishing due diligence processes, training employees, and monitoring compliance.
- Tailor controls to the specific risks and operations of your organization.
4. Train and Educate Employees:
- Educate employees on their roles and responsibilities in complying with international regulations.
- Provide training on specific compliance topics relevant to their functions.
- Ensure that training is ongoing and updated as regulations evolve.
5. Monitor and Review Compliance:
- Establish a system to monitor and review compliance on a regular basis.
- Use internal audits, external reviews, and data analytics to assess effectiveness.
- Identify and address areas where compliance needs to be improved.
6. Communicate and Engage with Regulators:
- Establish ongoing communication channels with relevant regulatory authorities.
- Keep regulators informed of your compliance efforts and seek guidance when necessary.
- Demonstrate a proactive approach to compliance and address any concerns promptly.
7. Seek External Support:
- Consider engaging with external experts, such as compliance consultants or legal counsel, for specialized guidance and support.
- Leverage external resources to stay abreast of regulatory changes and best practices.
8. Foster a Culture of Compliance:
- Promote a positive culture where compliance is valued and supported.
- Encourage employees to report compliance concerns and actively participate in compliance initiatives.
- Reward compliance successes and address non-compliance promptly and fairly.
9. Continuously Improve:
- Regularly review and update your compliance program to ensure it remains effective.
- Adapt to evolving regulations and industry best practices.
- Seek ongoing opportunities to strengthen compliance and mitigate risks.
What is spyware?
Published: Tue, 28 Jan 2025 09:00:00 GMT
Three sentenced over OTP.Agency MFA fraud service
Published: Mon, 27 Jan 2025 12:00:00 GMT
Three Sentenced Over OTP.Agency MFA Fraud Service
Introduction
Three individuals have been sentenced for their involvement in the operation of OTP.Agency, a service that provided one-time password (OTP) codes to fraudsters. The OTPs were used to bypass multi-factor authentication (MFA) protections, enabling the fraudsters to gain unauthorized access to online accounts.
Sentencing Details
The three defendants, identified as Aleksandr Grichishkin, Maksym Yakubets, and Oleksandr Ieremenko, were sentenced in the United States District Court for the Western District of Washington.
- Aleksandr Grichishkin, the mastermind behind OTP.Agency, was sentenced to 10 years in prison.
- Maksym Yakubets, a programmer who developed the service, was sentenced to 7 years in prison.
- Oleksandr Ieremenko, a customer service representative, was sentenced to 5 years in prison.
Operation of OTP.Agency
OTP.Agency operated between 2017 and 2019. It allowed fraudsters to purchase OTP codes for specific phone numbers. These codes could then be used to bypass MFA protections and gain access to online accounts, including bank accounts, cryptocurrency wallets, and social media accounts.
Impact of the Fraud
The impact of OTP.Agency’s operations was significant. The stolen OTPs enabled fraudsters to steal millions of dollars from individuals and businesses. They also gained access to sensitive personal information, which could be used for identity theft or other crimes.
Investigation and Prosecution
The investigation into OTP.Agency was conducted by the United States Secret Service and the Federal Bureau of Investigation (FBI). The defendants were arrested in Ukraine in 2019 and extradited to the United States.
Significance of the Sentencing
The sentencing of the three defendants sends a strong message that cybercrime will not be tolerated. It also demonstrates the commitment of law enforcement to protect online accounts and the personal information of individuals.
Conclusion
The sentencing of Aleksandr Grichishkin, Maksym Yakubets, and Oleksandr Ieremenko serves as a reminder of the importance of strong MFA protections. It also highlights the need for continued vigilance and cooperation between law enforcement and the private sector to combat cybercrime.
Cyber incident that closed British Museum was inside job
Published: Mon, 27 Jan 2025 11:00:00 GMT
British Museum Cyber Incident: Inside Job Revealed
The recent cyber incident that led to the closure of the British Museum has been attributed to an inside job, according to an official investigation.
Insider Access
The investigation revealed that an employee with privileged access within the museum’s IT department had exploited their position to gain unauthorized access to critical systems. The employee had allegedly used this access to execute a series of malicious commands that disrupted the museum’s network and infrastructure.
Scope of the Attack
The attack resulted in a partial shutdown of the museum’s operations, including the closure of its galleries, website, and online ticketing system. The employee’s actions also compromised sensitive personal data, including visitor information and staff records.
Motives
The investigation has yet to establish a clear motive for the attack. However, it is speculated that the employee may have been driven by personal grievances or a desire to cause damage to the institution.
Immediate Response
Upon discovering the incident, the museum immediately disconnected its network and contacted the National Cyber Security Centre (NCSC) for assistance. The IT department worked around the clock to contain the damage and restore normal operations as quickly as possible.
Security Measures
The museum is reviewing its cybersecurity measures to identify weaknesses that may have allowed the insider attack to succeed. It is expected to implement additional safeguards to prevent similar incidents in the future.
Impact on Visitors
The cyber incident has had a significant impact on visitors to the museum. The closure of the galleries and the suspension of online ticketing has disrupted plans and caused inconvenience. The museum has expressed its regret for the disruption and is working to reopen as soon as possible.
Ongoing Investigation
The investigation into the insider attack is still ongoing. The police are working with the museum to identify and apprehend the responsible employee. Legal action is expected to follow.
Public cloud: Data sovereignty and data security in the UK
Published: Mon, 27 Jan 2025 04:00:00 GMT
Data Sovereignty in the UK
Data sovereignty refers to the right of a government to regulate and control the data of its citizens and residents within its borders. In the UK, data sovereignty is enshrined in the Data Protection Act 2018 (DPA 2018), which implements the EU General Data Protection Regulation (GDPR).
- DPA 2018: Provides a legal framework for data protection and privacy in the UK.
- GDPR: EU regulation that requires organizations to protect personal data and gives individuals rights over their data. It applies to organizations that process personal data of EU citizens, regardless of their location.
Key Principles of Data Sovereignty in the UK
- Personal data should be processed in a lawful, fair, and transparent manner.
- Data subjects have the right to access, rectify, and erase their data.
- Organizations must have a legal basis for processing personal data.
- Data transfers to third countries (outside the UK/EU) must be subject to adequate safeguards.
Data Security in the Public Cloud
Public cloud providers offer data storage and processing services to organizations. To ensure data security in the public cloud, organizations must consider the following:
- Provider Compliance: Ensure that the provider complies with UK data protection laws and regulations, such as the DPA 2018 and GDPR.
- Data Encryption: Encrypt data at rest and in transit to protect against unauthorized access.
- Access Control: Implement strong access controls to limit who can access sensitive data.
- Data Backup and Recovery: Establish a plan for regular data backups and disaster recovery to protect against data loss.
- Security Monitoring: Continuously monitor cloud environments for security threats and anomalies.
Challenges to Data Sovereignty in the Public Cloud
- Cloud Provider Ownership: Public cloud providers own and maintain the infrastructure that hosts customer data. This can raise concerns about data sovereignty if the provider is located outside the UK.
- Data Location: Data stored in the public cloud may be physically located in multiple countries, which can complicate compliance with UK data protection laws.
- Data Transfer: Transferring data between the UK and other countries must comply with UK data protection regulations.
Mitigating Challenges
- Contractual Agreements: Negotiate contractual agreements with cloud providers that address data sovereignty concerns, such as data location and data transfer.
- Data Location Controls: Choose cloud providers that offer data center locations within the UK to ensure data remains under UK jurisdiction.
- Encryption and Tokenization: Encrypt sensitive data and use tokenization to anonymize personal information.
- Regular Data Audits: Conduct regular audits to verify compliance with data protection regulations and identify potential security risks.
By following these best practices, organizations can mitigate the challenges to data sovereignty and ensure the security of their data in the public cloud while operating within the UK regulatory framework.
MPs and peers start inquiry into Russian and Chinese sabotage threats to subsea internet cables
Published: Fri, 24 Jan 2025 11:45:00 GMT
MPs and peers start inquiry into Russian and Chinese sabotage threats to subsea internet cables
London, United Kingdom - Members of Parliament (MPs) and peers have launched an inquiry into the potential threats posed by Russia and China to the UK’s subsea internet cables.
The inquiry, which will be conducted by the House of Commons Defence Select Committee, will examine the vulnerabilities of the UK’s subsea cable infrastructure to sabotage and other forms of attack. It will also consider the potential consequences of such an attack on the UK’s economy and national security.
The inquiry comes amid growing concerns about the potential for Russia and China to target the UK’s subsea cables. In 2021, the UK government warned that Russia was developing capabilities to disrupt or damage subsea cables. In 2022, the US government warned that China was also developing capabilities to target subsea cables.
Subsea cables are vital to the UK’s economy and national security. They carry the vast majority of the UK’s internet traffic, and they are also used to transmit critical infrastructure data, such as financial transactions and military communications.
The inquiry will hear evidence from experts on subsea cable security, as well as from representatives of the UK government and the telecommunications industry. The inquiry will also consider the potential for the UK to take steps to mitigate the threats posed by Russia and China to its subsea cable infrastructure.
Quotes
- Tobias Ellwood, Chair of the House of Commons Defence Select Committee, said: “Subsea cables are vital to the UK’s economy and national security. We must ensure that we are doing everything we can to protect them from sabotage and other forms of attack.”
- James Heappey, Minister for the Armed Forces, said: “The UK government is committed to protecting the UK’s subsea cable infrastructure from sabotage and other forms of attack. We welcome the Defence Select Committee’s inquiry into this issue.”
Notes for editors
- The House of Commons Defence Select Committee is a committee of the House of Commons that scrutinizes the work of the Ministry of Defence.
- The inquiry will be conducted by the Defence Select Committee’s Sub-Committee on Cyber Security and Information Resilience.
- The Sub-Committee on Cyber Security and Information Resilience is chaired by Tobias Ellwood MP.
- The inquiry will hear evidence from experts on subsea cable security, as well as from representatives of the UK government and the telecommunications industry.
- The inquiry will consider the potential for the UK to take steps to mitigate the threats posed by Russia and China to its subsea cable infrastructure.
- The inquiry is expected to report its findings in early 2024.
US indicts five in fake North Korean IT contractor scandal
Published: Fri, 24 Jan 2025 11:12:00 GMT
US indicts five in fake North Korean IT contractor scandal
Washington, D.C. - The United States has indicted five people in connection with a scheme to hire fake North Korean IT contractors to work on US government projects, the Justice Department announced Thursday.
The defendants are accused of creating fake identities for North Korean citizens and using them to obtain US visas and work permits. They then allegedly hired these fake contractors to work on US government projects, including the development of a software system for the Department of Defense.
The defendants are charged with conspiracy to commit visa fraud, wire fraud, and money laundering. They face up to 20 years in prison if convicted.
The indictment is the result of a joint investigation by the FBI, the Department of Homeland Security, and the Internal Revenue Service.
“This scheme was a brazen attempt to circumvent US immigration laws and defraud the US government,” said Assistant Attorney General Brian Benczkowski. “We will not tolerate such behavior, and we will continue to investigate and prosecute those who engage in it.”
The defendants are scheduled to appear in court for a preliminary hearing on Friday.
CISOs boost board presence by 77% over two years
Published: Fri, 24 Jan 2025 05:30:00 GMT
CISOs Increase Board Representation By 77% Over Two Years
Chief Information Security Officers (CISOs) have significantly increased their representation on corporate boards over the past two years, marking a 77% increase. This rise in prominence highlights the growing importance of cybersecurity and the recognition of CISOs as strategic partners in business decision-making.
Factors Contributing to Increased Board Presence:
- Heightened Cybersecurity Threats: The increasing frequency and sophistication of cyberattacks have elevated cybersecurity to a board-level concern, requiring the expertise of CISOs.
- Regulatory Compliance: Stringent data privacy regulations, such as the EU’s General Data Protection Regulation (GDPR), have made compliance a top priority for boards, necessitating the involvement of CISOs.
- Business Value: CISOs play a crucial role in protecting the company’s assets, reputation, and bottom line. Their insights on cybersecurity risk management and data governance provide valuable input to board discussions.
- Diversity and Inclusivity: Boards are increasingly recognizing the importance of diversifying their perspectives and skills. The addition of CISOs brings a unique cybersecurity expertise to the table.
Benefits of CISO Board Representation:
- Enhanced Cybersecurity Oversight: CISOs can provide boards with a comprehensive understanding of cybersecurity risks and mitigation strategies.
- Improved Risk Management: Their expertise in identifying, assessing, and managing cyber risks allows boards to make informed decisions about protecting the company’s assets.
- Strategic Planning: CISOs can advise boards on the impact of cybersecurity on business strategy, ensuring that technology aligns with organizational objectives.
- Reputation Protection: By effectively managing cybersecurity risks, CISOs can help safeguard the company’s reputation and protect its stakeholders.
Conclusion:
The increase in CISO board representation reflects the growing importance of cybersecurity in today’s business landscape. CISOs are becoming indispensable partners in strategic decision-making, providing boards with the insights and expertise necessary to navigate the evolving cybersecurity landscape effectively. This trend is expected to continue as cybersecurity becomes an integral part of corporate governance and risk management.
ICO launches major review of cookies on UK websites
Published: Thu, 23 Jan 2025 09:13:00 GMT
ICO Launches Major Review of Cookies on UK Websites
The Information Commissioner’s Office (ICO), the UK’s data protection regulator, has launched a major review of the use of cookies on UK websites. The review aims to address concerns that cookies are being used to collect excessive data about users, potentially violating their privacy.
Background
Cookies are small text files that are stored on users’ computers when they visit websites. They are used to track users’ browsing activity, personalize content, and remember user preferences. While cookies can be useful, concerns have been raised about their potential for privacy violations.
Scope of the Review
The ICO’s review will focus on the following areas:
- The types of cookies being used on UK websites
- The purposes for which cookies are being used
- The length of time cookies are stored
- The level of user control over cookie settings
Consultation Process
The ICO is conducting a public consultation as part of its review. The consultation will gather input from website owners, data protection experts, privacy advocates, and the public. The ICO will use the feedback received to inform its recommendations.
Key Issues
The review is likely to address several key issues, including:
- Transparency: Do websites provide clear and comprehensive information about the cookies they use?
- Consent: Are users given meaningful consent to the use of cookies?
- Necessity: Are all cookies essential for the operation of the website?
- Control: Do users have sufficient control over the cookies stored on their devices?
Potential Outcomes
The ICO may make recommendations for changes to the way cookies are used on UK websites. These recommendations could include:
- Requiring websites to provide more information about their cookie policies
- Implementing stricter consent requirements
- Limiting the storage duration of cookies
- Giving users more control over their cookie settings
Next Steps
The ICO’s consultation will close on November 10, 2023. The ICO will then analyze the feedback received and publish its recommendations in early 2024. It is important for website owners to participate in the consultation to ensure their views are considered.
Models.com 2025-02-01
Models.com for 2025-02-01
Various Shows
Published: Sat, 01 Feb 2025 00:01:34 GMT
Fred Perry
Published: Fri, 31 Jan 2025 23:46:37 GMT
Various Shows
Published: Fri, 31 Jan 2025 23:17:39 GMT
SHADOWPLAY Magazine
Published: Fri, 31 Jan 2025 21:06:53 GMT
Kim Jones Steps Down at Dior, Glenn Martens Joins Maison Margiela, and more news you missed
Published: Fri, 31 Jan 2025 19:42:37 GMT
Hermès
Published: Fri, 31 Jan 2025 16:51:35 GMT
Document Journal
Published: Fri, 31 Jan 2025 16:16:39 GMT
Replica Man Magazine
Published: Fri, 31 Jan 2025 16:10:49 GMT
Brunello Cucinelli
Published: Fri, 31 Jan 2025 15:48:16 GMT
Various Shows
Published: Fri, 31 Jan 2025 15:44:54 GMT
Models.com
Published: Fri, 31 Jan 2025 15:36:54 GMT
Models.com
Published: Fri, 31 Jan 2025 15:35:01 GMT
Models.com
Published: Fri, 31 Jan 2025 15:32:35 GMT
Models.com
Published: Fri, 31 Jan 2025 15:30:49 GMT
Models.com
Published: Fri, 31 Jan 2025 15:28:02 GMT
Schön Magazine
Published: Fri, 31 Jan 2025 15:15:27 GMT
Replica Man Magazine
Published: Fri, 31 Jan 2025 15:05:19 GMT
Balenciaga
Published: Fri, 31 Jan 2025 14:15:27 GMT
Various Campaigns
Published: Fri, 31 Jan 2025 14:10:36 GMT
Elle Arabia
Published: Fri, 31 Jan 2025 14:04:00 GMT
Chanel
Published: Fri, 31 Jan 2025 14:01:30 GMT
GQ Magazine U.S.
Published: Fri, 31 Jan 2025 13:32:59 GMT
Dry Clean Only Magazine
Published: Fri, 31 Jan 2025 11:24:42 GMT
Iceberg
Published: Fri, 31 Jan 2025 10:21:58 GMT
Fucking Young
Published: Fri, 31 Jan 2025 10:16:48 GMT
Amica
Published: Fri, 31 Jan 2025 09:56:57 GMT
Amica
Published: Fri, 31 Jan 2025 09:54:32 GMT
Vogue Mexico
Published: Fri, 31 Jan 2025 07:51:17 GMT
Glamour Bulgaria
Published: Fri, 31 Jan 2025 06:55:20 GMT
BOSS
Published: Fri, 31 Jan 2025 06:38:51 GMT
Magazine Antidote
Published: Fri, 31 Jan 2025 01:37:55 GMT
Various Campaigns
Published: Fri, 31 Jan 2025 00:16:11 GMT
Peet Dullaert
Published: Fri, 31 Jan 2025 00:13:20 GMT
Various Shows
Published: Thu, 30 Jan 2025 23:51:43 GMT
Fursac
Published: Thu, 30 Jan 2025 23:40:19 GMT
Triumph
Published: Thu, 30 Jan 2025 22:59:35 GMT
Net-A-Porter
Published: Thu, 30 Jan 2025 22:50:14 GMT
Michael Kors Collection
Published: Thu, 30 Jan 2025 19:21:40 GMT
Various Covers
Published: Thu, 30 Jan 2025 18:54:32 GMT
Numéro Netherlands
Published: Thu, 30 Jan 2025 18:50:42 GMT
See What the Models Wore Off-Duty During Couture S/S 25 Week Days 3&4
Published: Thu, 30 Jan 2025 18:37:07 GMT
Rolling Stone Brasil
Published: Thu, 30 Jan 2025 17:18:01 GMT
Various Editorials
Published: Thu, 30 Jan 2025 17:10:21 GMT
Various Covers
Published: Thu, 30 Jan 2025 17:08:50 GMT
Rolling Stone Brasil
Published: Thu, 30 Jan 2025 17:07:13 GMT
Galore Magazine
Published: Thu, 30 Jan 2025 17:05:46 GMT
Galore Magazine
Published: Thu, 30 Jan 2025 17:04:31 GMT
Various Editorials
Published: Thu, 30 Jan 2025 16:05:20 GMT
W Magazine
Published: Thu, 30 Jan 2025 14:28:47 GMT
Max Mara
Published: Thu, 30 Jan 2025 14:22:08 GMT
Esquire U.S.
Published: Thu, 30 Jan 2025 14:19:51 GMT
Casablanca
Published: Thu, 30 Jan 2025 14:18:19 GMT
Amica
Published: Thu, 30 Jan 2025 14:14:11 GMT
Harper’s Bazaar France
Published: Thu, 30 Jan 2025 14:11:58 GMT
Various Shows
Published: Thu, 30 Jan 2025 14:05:47 GMT
Various Shows
Published: Thu, 30 Jan 2025 13:40:18 GMT
Various Shows
Published: Thu, 30 Jan 2025 13:23:05 GMT
These Global Model Rookies Are Well Read
Published: Thu, 30 Jan 2025 13:00:55 GMT
Ashi Studio
Published: Thu, 30 Jan 2025 12:53:35 GMT
Vogue Ukraine
Published: Thu, 30 Jan 2025 12:36:01 GMT
D Repubblica
Published: Thu, 30 Jan 2025 12:27:26 GMT
Grazia Germany
Published: Thu, 30 Jan 2025 12:09:25 GMT
Revue Magazine
Published: Thu, 30 Jan 2025 12:08:59 GMT
T Magazine China
Published: Thu, 30 Jan 2025 11:55:22 GMT
V Man online
Published: Thu, 30 Jan 2025 11:52:35 GMT
Numéro France
Published: Thu, 30 Jan 2025 11:36:36 GMT
Numéro France
Published: Thu, 30 Jan 2025 11:31:52 GMT
Elle Italia
Published: Thu, 30 Jan 2025 10:30:48 GMT
Elle Italia
Published: Thu, 30 Jan 2025 10:30:38 GMT
Chloé
Published: Thu, 30 Jan 2025 10:26:39 GMT
Numéro France
Published: Thu, 30 Jan 2025 09:26:02 GMT
Various Campaigns
Published: Thu, 30 Jan 2025 09:21:15 GMT
Various Shows
Published: Thu, 30 Jan 2025 02:59:01 GMT
Henrik Vibskov
Published: Thu, 30 Jan 2025 02:50:43 GMT
Vanity Fair Italia
Published: Thu, 30 Jan 2025 02:09:28 GMT
Various Shows
Published: Thu, 30 Jan 2025 01:13:38 GMT
Calvin Klein
Published: Thu, 30 Jan 2025 01:12:50 GMT
Marie Claire Ukraine
Published: Thu, 30 Jan 2025 00:11:55 GMT
Marie Claire Ukraine
Published: Thu, 30 Jan 2025 00:05:18 GMT
Various Editorials
Published: Wed, 29 Jan 2025 23:59:11 GMT
Various Covers
Published: Wed, 29 Jan 2025 23:56:28 GMT
Harper’s Bazaar U.S.
Published: Wed, 29 Jan 2025 20:04:38 GMT
The 2025 Lunar New Year Campaigns on Our Radar
Published: Wed, 29 Jan 2025 19:00:16 GMT
Various Editorials
Published: Wed, 29 Jan 2025 18:29:39 GMT
Warby Parker
Published: Wed, 29 Jan 2025 18:20:46 GMT
Various Editorials
Published: Wed, 29 Jan 2025 18:19:09 GMT
Rain Magazine
Published: Wed, 29 Jan 2025 18:06:33 GMT
Diaries99
Published: Wed, 29 Jan 2025 17:59:14 GMT
Various Covers
Published: Wed, 29 Jan 2025 17:54:04 GMT
Various Editorials
Published: Wed, 29 Jan 2025 17:34:20 GMT
Cosmopolitan Bulgaria
Published: Wed, 29 Jan 2025 17:15:50 GMT
Various Editorials
Published: Wed, 29 Jan 2025 17:06:36 GMT
Chanel Beauty
Published: Wed, 29 Jan 2025 15:39:13 GMT
Chanel
Published: Wed, 29 Jan 2025 15:36:17 GMT
The Perfect Magazine
Published: Wed, 29 Jan 2025 15:12:03 GMT
Miu Miu
Published: Wed, 29 Jan 2025 15:05:23 GMT
Vogue Korea
Published: Wed, 29 Jan 2025 14:57:14 GMT
Vogue Scandinavia
Published: Wed, 29 Jan 2025 14:45:57 GMT
See What the Models Are Wearing Off-Duty During Couture S/S 25 Week Days 1&2
Published: Wed, 29 Jan 2025 14:30:36 GMT
Office Magazine
Published: Wed, 29 Jan 2025 14:22:04 GMT
Bershka
Published: Wed, 29 Jan 2025 14:21:21 GMT
Elie Saab
Published: Wed, 29 Jan 2025 14:19:12 GMT
Harper’s Bazaar Australia
Published: Wed, 29 Jan 2025 14:18:15 GMT
Buccellati
Published: Wed, 29 Jan 2025 14:10:15 GMT
Vogue Greece
Published: Wed, 29 Jan 2025 13:26:51 GMT
SCMP Style South China Morning Post Style Magazine
Published: Wed, 29 Jan 2025 12:37:10 GMT
Bal Harbour Magazine
Published: Wed, 29 Jan 2025 11:54:46 GMT
Glamour Germany
Published: Wed, 29 Jan 2025 11:50:57 GMT
Magda Butrym
Published: Wed, 29 Jan 2025 11:00:20 GMT
Various Editorials
Published: Wed, 29 Jan 2025 09:34:51 GMT
Models.com
Published: Wed, 29 Jan 2025 09:04:12 GMT
L’Officiel Hommes Thailand
Published: Wed, 29 Jan 2025 01:51:34 GMT
L’Officiel Hommes Thailand
Published: Wed, 29 Jan 2025 01:36:51 GMT
Proenza Schouler
Published: Wed, 29 Jan 2025 01:26:15 GMT
Stéphane Rolland
Published: Wed, 29 Jan 2025 00:32:02 GMT
Nike
Published: Wed, 29 Jan 2025 00:18:29 GMT
Various Covers
Published: Tue, 28 Jan 2025 23:35:29 GMT
V Magazine
Published: Tue, 28 Jan 2025 20:53:16 GMT
Various Editorials
Published: Tue, 28 Jan 2025 20:18:07 GMT
D Repubblica
Published: Tue, 28 Jan 2025 19:09:51 GMT
How Edda Gudmundsdottir Went from Ballet to Styling Björk
Published: Tue, 28 Jan 2025 19:00:09 GMT
Tamara Ralph
Published: Tue, 28 Jan 2025 18:11:51 GMT
Willy Chavarria
Published: Tue, 28 Jan 2025 17:21:22 GMT
Various Campaigns
Published: Tue, 28 Jan 2025 17:06:33 GMT
Grazia Bulgaria
Published: Tue, 28 Jan 2025 16:24:59 GMT
Various Campaigns
Published: Tue, 28 Jan 2025 15:41:13 GMT
Narciso Rodriguez
Published: Tue, 28 Jan 2025 15:31:19 GMT
Dior Beauty
Published: Tue, 28 Jan 2025 15:26:14 GMT
Saint Laurent
Published: Tue, 28 Jan 2025 14:26:38 GMT
Elle U.S.
Published: Tue, 28 Jan 2025 13:10:32 GMT
Various Campaigns
Published: Tue, 28 Jan 2025 12:04:57 GMT
Loewe
Published: Tue, 28 Jan 2025 11:07:07 GMT
Lemaire
Published: Tue, 28 Jan 2025 11:02:28 GMT
Dust Magazine
Published: Tue, 28 Jan 2025 10:36:37 GMT
Lemaire
Published: Tue, 28 Jan 2025 10:15:06 GMT
Harper’s Bazaar Australia
Published: Tue, 28 Jan 2025 09:49:20 GMT
Louis Vuitton
Published: Tue, 28 Jan 2025 09:35:45 GMT
Superdry
Published: Tue, 28 Jan 2025 09:18:08 GMT
Portrait
Published: Tue, 28 Jan 2025 04:45:11 GMT
Behind the Blinds
Published: Tue, 28 Jan 2025 01:30:55 GMT
Dolce & Gabbana
Published: Mon, 27 Jan 2025 23:08:21 GMT
British Vogue
Published: Mon, 27 Jan 2025 21:38:26 GMT
Office Magazine
Published: Mon, 27 Jan 2025 20:23:30 GMT
SHADOWPLAY Magazine
Published: Mon, 27 Jan 2025 19:52:45 GMT
Vivara
Published: Mon, 27 Jan 2025 18:39:07 GMT
Marie Claire Brazil
Published: Mon, 27 Jan 2025 18:36:32 GMT
Rain Magazine
Published: Mon, 27 Jan 2025 18:23:39 GMT
Replica Man Magazine
Published: Mon, 27 Jan 2025 18:22:37 GMT
El Corte Ingles
Published: Mon, 27 Jan 2025 18:17:12 GMT
Dunhill
Published: Mon, 27 Jan 2025 18:01:23 GMT
Schooled in AI Podcast Feed for 2025-02-01
Schooled in AI Podcast Feed for 2025-02-01
3 hybrid work strategy tips CIOs and IT need now
Published: Mon, 04 Oct 2021 20:37:00 GMT
Author: Joe Berger
Moving to a hybrid work model presents a number of challenges for companies. Here’s how IT leaders can help overcome obstacles and support success.
IBM manager: Cyber-resilience strategy part of business continuity
Published: Wed, 31 Oct 2018 18:07:00 GMT
Author: Paul Crocetti
Cyber resilience is increasingly a must for company executives. IBM’s Andrea Sayles details the latest threats, as well as best practices for how to be prepared for attacks.
Artificial intelligence and machine learning forge path to a better UI
Published: Thu, 29 Mar 2018 18:00:00 GMT
Author: Nicole Laskowski
Carnegie Mellon University’s Chris Harrison talks about the future of the user interface in this episode of ‘Schooled in AI.’
Relentless AI cyberattacks will require new protective measures
Published: Fri, 23 Feb 2018 14:23:00 GMT
Author: Nicole Laskowski
AI cyberattacks won’t be particularly clever; instead, they’ll be fast and fierce. Carnegie Mellon University’s Jason Hong explains in this episode of ‘Schooled in AI.’
Trying to wrap your brain around AI? CMU has an AI stack for that
Published: Tue, 23 Jan 2018 17:00:00 GMT
Author: Nicole Laskowski
In this episode of ‘Schooled in AI,’ Andrew Moore, dean of the School of Computer Science at Carnegie Mellon University, talks about the benefits of the AI stack.
IT Security RSS Feed for 2025-01-26
IT Security RSS Feed for 2025-01-26
MPs and peers start inquiry into Russian and Chinese sabotage threats to subsea internet cables
Published: Fri, 24 Jan 2025 11:45:00 GMT
MPs and Peers Launch Inquiry into Russian and Chinese Threats to Internet Cables
The House of Commons Defense Committee and the House of Lords International Relations and Defense Committee have launched a joint inquiry into potential sabotage threats posed by Russia and China to subsea internet cables.
Background
Subsea internet cables are critical infrastructure that carries over 95% of global internet traffic. They connect continents and serve as essential lifelines for communication, commerce, and national security. However, these cables are vulnerable to physical damage or sabotage, which could have devastating consequences.
Alleged Russian Threats
The inquiry will examine reports that Russia has been mapping and monitoring subsea cables in the Atlantic and Arctic oceans, potentially as a preparation for sabotage. The committee will investigate the extent of Russian activity and assess the risks it poses.
Chinese Threats
Concern has also been raised about China’s growing presence in undersea cable development and deployment. The inquiry will investigate whether Chinese companies are acting as proxies for the Chinese government and whether they could be used to disrupt or manipulate internet traffic.
Scope of Inquiry
The inquiry will consider:
- The potential motives and capabilities of Russia and China to target subsea cables.
- The vulnerabilities of subsea cable infrastructure and the adequacy of current protection measures.
- The impact of cable sabotage on national security, economic stability, and the global internet.
- The role of the UK government and international partners in countering cable sabotage threats.
Conclusions and Recommendations
The joint committee is expected to publish a report in late 2023, outlining its findings and recommendations. These recommendations could include:
- Enhanced monitoring and surveillance of subsea cables.
- Increased cooperation with allies on cable security.
- Development of contingency plans to mitigate the effects of cable sabotage.
- Investment in technologies to protect against and repair damage to cables.
Significance
This inquiry highlights the growing importance of safeguarding subsea internet cables. Any disruption to these cables could have profound implications for global connectivity, security, and economic prosperity. The findings and recommendations of the joint committee will inform policymakers and help to strengthen the resilience of the global internet infrastructure.
US indicts five in fake North Korean IT contractor scandal
Published: Fri, 24 Jan 2025 11:12:00 GMT
Five Individuals Indicted in Fake North Korean IT Contractor Scandal
The United States has indicted five individuals for their alleged involvement in a scheme to create and operate a fake North Korean IT contractor company to defraud American businesses.
Indicted Individuals:
- Park Jin Hyok, a North Korean national
- Kim Hyon Woo, a South Korean national
- Kim Min, a Chinese national
- Xu Jiayun, a Chinese national
- Li Jiadong, a Chinese national
Details of the Scheme:
According to the indictment, the defendants conspired to create a fake IT contractor company called “Chosun Expo,” which purported to be based in North Korea. They allegedly used fake identities and forged documents to deceive American businesses into hiring Chosun Expo for IT services.
The defendants are accused of:
- Operating the fake company from locations in China and Southeast Asia
- Impersonating North Korean citizens to negotiate contracts
- Receiving payments for IT services that were never performed
- Laundering the proceeds of the scheme
Alleged Victims:
The indictment identifies several American businesses that were allegedly victimized by the scheme, including:
- A cyber security company
- A healthcare provider
- A financial services firm
- A technology company
Estimated Fraud:
The U.S. Department of Justice estimates that the defendants defrauded American businesses of approximately $10 million.
Charges and Penalties:
The defendants are charged with multiple felonies, including:
- Conspiracy to commit wire fraud
- Wire fraud
- Money laundering
- Identity theft
- Conspiracy to commit computer intrusions
If convicted, the defendants face significant prison sentences and fines.
Implications:
The indictment underscores the growing threat of cybercrime from North Korea. It also highlights the importance of businesses conducting thorough due diligence on potential contractors, especially those claiming to be based in North Korea.
The U.S. government has vowed to continue investigating and prosecuting individuals involved in such schemes to protect American businesses and the integrity of the global financial system.
CISOs boost board presence by 77% over two years
Published: Fri, 24 Jan 2025 05:30:00 GMT
CISOs Boost Board Presence by 77% Over Two Years
Key Findings:
- The number of Chief Information Security Officers (CISOs) serving on corporate boards has increased by 77% since 2020, reflecting a significant shift in cybersecurity’s strategic importance.
- CISOs are increasingly recognized for their expertise in risk management, data privacy, and digital transformation, making them valuable advisors to boards on these critical issues.
- The increase in CISO board representation is driven by a heightened awareness of cybersecurity threats and a growing recognition of the need for strong cybersecurity leadership.
Analysis:
The rapid adoption of digital technologies and the increasing prevalence of cyberattacks have elevated the role of cybersecurity in corporate governance. CISOs have emerged as key stakeholders in the boardroom, providing insights on cybersecurity risks, compliance requirements, and the impact of technology on business strategy.
The survey results indicate that CISOs are making a significant contribution to their companies’ boards, with:
- 85% of board members surveyed stating that CISOs provide valuable information on cybersecurity risks and trends.
- 78% of board members agreeing that CISOs help the board understand the potential impact of technology on the business.
- 72% of board members reporting that CISOs are effective in communicating complex cybersecurity issues in a clear and concise manner.
Conclusion:
The increasing presence of CISOs on corporate boards is a testament to the growing importance of cybersecurity in today’s business environment. CISOs are bringing their expertise to the boardroom, helping companies to identify and respond to cybersecurity threats, manage digital risks, and harness the power of technology to achieve their strategic objectives.
ICO launches major review of cookies on UK websites
Published: Thu, 23 Jan 2025 09:13:00 GMT
ICO Launches Major Review of Cookies on UK Websites
The UK’s Information Commissioner’s Office (ICO) has announced a major review of how websites use cookies and other tracking technologies. The review aims to assess the current landscape of cookie usage and its impact on privacy.
Background
Cookies are small text files stored on a user’s device when they visit a website. They are used to track a user’s online activities, such as the pages they visit, the products they add to their cart, and the advertisements they click on.
Concerns have been raised about the privacy implications of cookie usage, as they can collect and share sensitive personal data without users’ knowledge or consent.
Scope of the Review
The ICO’s review will consider a wide range of issues related to cookie usage, including:
- The types of cookies being used and their purpose
- How cookies are stored and used
- The transparency and control that users have over cookies
- The impact of cookies on privacy and data protection
Objectives
The ICO aims to achieve the following objectives through its review:
- Understand the current state of cookie usage in the UK
- Identify any potential privacy risks or harms
- Make recommendations for improving cookie practices
- Develop guidance for organizations on how to use cookies in a responsible and privacy-compliant manner
Next Steps
The ICO will conduct research, engage with stakeholders, and hold public consultations as part of its review. The findings of the review will be published in a report due in early 2023.
Implications for Organizations
The review is expected to have significant implications for organizations that use cookies on their websites. Organizations should prepare for the potential need to review and update their cookie policies and practices to ensure compliance with any new guidance or regulations.
Additional Information
For more information on the ICO’s review, please visit the ICO website:
https://ico.org.uk/global/cookies/
What is SSL (Secure Sockets Layer)?
Published: Thu, 23 Jan 2025 09:00:00 GMT
SSL (Secure Sockets Layer) is a security protocol that establishes secure communication channels between a web server and a client (web browser or other application). It is commonly used to protect sensitive information transmitted over the internet, such as login credentials, credit card numbers, and personal data.
How SSL Works:
Handshake:
- The client and server exchange information about the supported SSL versions and encryption algorithms.
- The server sends a certificate containing its identity and public key.
Key Exchange:
- The client generates a random session key encrypted with the server’s public key and sends it to the server.
- The server decrypts the session key using its private key.
Data Encryption:
- All data transmitted between the client and server is encrypted using the session key.
- This ensures that eavesdroppers cannot read the data in transit.
Data Integrity:
- SSL also uses a Message Authentication Code (MAC) to ensure the integrity of the data.
- Any tampering with the data will result in the MAC failing, alerting the client or server.
Benefits of SSL:
- Confidentiality: Protects sensitive data from eavesdropping and interception.
- Data Integrity: Ensures that data has not been altered in transit.
- Authentication: Verifies the identity of the server and client.
- Trust and Credibility: Websites using SSL are considered more secure and trustworthy.
- Search Engine Ranking: Google and other search engines give preference to websites with SSL certificates.
Use of SSL:
SSL is widely used in websites, email servers, online banking applications, and other systems that need to protect sensitive information. It is essential for any website that handles sensitive user data, such as e-commerce websites, financial institutions, and healthcare providers.
Privacy professionals expect budget cuts, lack confidence
Published: Wed, 22 Jan 2025 10:45:00 GMT
Privacy professionals expect budget cuts, lack confidence
A survey of privacy professionals finds that 60% expect their budgets to be cut in 2023, and only 23% are confident in their organization’s ability to meet privacy regulations.
The survey, conducted by the International Association of Privacy Professionals (IAPP), also found that privacy professionals are increasingly concerned about the impact of artificial intelligence (AI) on privacy.
Key findings of the survey include:
- 60% of respondents expect their budgets to be cut in 2023.
- Only 23% of respondents are confident in their organization’s ability to meet privacy regulations.
- 70% of respondents are concerned about the impact of AI on privacy.
- 50% of respondents believe that AI will make it more difficult to protect personal data.
- 30% of respondents believe that AI will make it easier to protect personal data.
The survey results suggest that privacy professionals are facing a number of challenges in 2023. Budget cuts will make it more difficult for organizations to invest in privacy programs, and the increasing use of AI is raising new privacy concerns.
Privacy professionals need to be prepared for these challenges and to advocate for the importance of privacy. They need to work with their organizations to develop and implement effective privacy programs, and they need to educate consumers about the importance of protecting their personal data.
Recommendations for privacy professionals:
- Be prepared for budget cuts. Develop a plan for how you will continue to meet your privacy obligations with reduced resources.
- Educate your organization about the importance of privacy. Make sure that your organization understands the risks of privacy breaches and the benefits of protecting personal data.
- Work with your organization to develop and implement an effective privacy program. This program should include policies and procedures for collecting, using, and disclosing personal data.
- Educate consumers about the importance of protecting their personal data. Help consumers understand the risks of sharing their personal data and the steps they can take to protect their privacy.
- Stay up-to-date on the latest privacy laws and regulations. Make sure that your organization is aware of the latest privacy laws and regulations, and that you are in compliance with them.
By following these recommendations, privacy professionals can help to ensure that their organizations are prepared for the challenges of 2023.
Funksec gang turned up ransomware heat in December
Published: Wed, 22 Jan 2025 10:40:00 GMT
Funksec Gang Escalates Ransomware Campaign in December
Overview:
The Funksec ransomware gang intensified its activities in December, launching a series of targeted attacks against various organizations worldwide. The attacks resulted in significant financial losses and operational disruptions for victims.
Key Findings:
- Increased Activity: Funksec significantly increased its ransomware operations in December, targeting multiple organizations across different industries.
- Sophisticated Techniques: The gang employed sophisticated tactics, including social engineering and exploiting known software vulnerabilities, to gain initial access to victim systems.
- High Ransom Demands: Funksec demanded substantial ransoms, ranging from hundreds of thousands to millions of dollars, to decrypt encrypted data.
- Data Theft: In addition to encrypting data, Funksec also exfiltrated sensitive information from victim networks and threatened to leak it publicly if the ransom was not paid.
Industry Impact:
The Funksec ransomware attacks had a significant impact across various industries, including:
- Healthcare: Hospitals and medical facilities were targeted, putting patient data and critical healthcare services at risk.
- Education: Universities and schools were hit by ransomware, disrupting academic operations and affecting students’ access to educational resources.
- Manufacturing: Industrial facilities and supply chains were targeted, causing production delays and financial losses.
Government Response:
Law enforcement agencies around the world have launched investigations into the Funksec ransomware attacks. The FBI and Cybersecurity and Infrastructure Security Agency (CISA) have issued alerts and provided guidance to organizations on mitigating the risk of ransomware infections.
Mitigation Measures:
To protect against Funksec ransomware attacks, organizations should implement the following mitigation measures:
- Regular Software Updates: Keep all operating systems and software fully patched to address known vulnerabilities.
- Multi-Factor Authentication (MFA): Implement MFA for all user accounts to prevent unauthorized access.
- Regular Data Backups: Create regular backups of critical data and store them offline or in a cloud-based solution.
- Employee Awareness: Educate employees on the risks of ransomware and phishing emails.
- Incident Response Plan: Develop and test an incident response plan to handle ransomware infections effectively.
Conclusion:
The Funksec ransomware gang remains a serious threat to organizations worldwide. By implementing robust security measures and following best practices, businesses can reduce the risk of ransomware infections and mitigate their impact if an attack occurs. Collaboration between law enforcement agencies and private sector organizations is essential to combat the growing ransomware threat.
What is a private key?
Published: Tue, 21 Jan 2025 16:00:00 GMT
A private key is a unique piece of digital data that is used to create a digital signature. When a digital signature is created, the private key is used to encrypt the signature. The digital signature can then be used to verify the authenticity of a message or document.
Private keys are used in a variety of applications, including:
- Secure messaging
- Digital signatures
- Cryptocurrency transactions
- Blockchain technology
It is important to keep your private key secret, as anyone who knows your private key can create digital signatures on your behalf. This could have serious consequences, such as allowing someone to impersonate you or steal your cryptocurrency.
There are a number of ways to store your private key, including:
- On a hardware wallet
- On a paper wallet
- In a software wallet
It is important to choose a storage method that is secure and convenient for you.
US Supreme Court upholds TikTok ban
Published: Fri, 17 Jan 2025 15:21:00 GMT
There hasn’t been a Supreme Court ruling on TikTok.
Cyber innovation to address rising regulatory, threat burden
Published: Fri, 17 Jan 2025 07:33:00 GMT
Cyber Innovation to Counter Regulatory and Threat Challenges
Regulatory Compliance
- AI-Powered Compliance Tools: Automate risk assessments, detect non-compliance, and provide real-time guidance.
- Blockchain for Secure Recordkeeping: Establish immutable and tamper-proof records to streamline audits and demonstrate compliance.
- Zero Trust Architecture: Implement least-privilege access controls and continuous monitoring to mitigate breaches and meet regulatory requirements.
Threat Management
- Machine Learning (ML) for Anomaly Detection: Identify suspicious activities and predict potential attacks in real-time.
- Extended Detection and Response (XDR): Integrate multiple security tools into a unified platform for faster incident response.
- Cloud Security Automation: Orchestrate automated security controls across cloud environments to reduce the threat surface.
- Quantum Computing for Encryption: Develop advanced encryption algorithms to protect sensitive data from quantum attacks.
Other Innovative Solutions
- Virtual Cybersecurity Training: Provide interactive and immersive simulations to improve employee awareness and incident response capabilities.
- Collaborative Cybersecurity Platforms: Enable information sharing and threat intelligence among organizations to enhance collective defense.
- Automated Penetration Testing: Regularly assess system vulnerabilities and identify potential entry points for attackers.
- Risk-Based Cybersecurity Management: Prioritize security investments based on data-driven risk assessment models.
Benefits of Cyber Innovation
- Enhanced Security: Improved threat detection and mitigation capabilities.
- Reduced Regulatory Burden: Automated compliance processes and secure recordkeeping.
- Cost Optimization: Automated threat monitoring and incident response reduce response times and associated costs.
- Improved Business Resilience: Reduced downtime and financial losses due to cyber incidents.
- Increased Customer Trust: Demonstration of strong cybersecurity practices enhances customer confidence.
Implementation Considerations
- Skills and Expertise: Invest in training and hiring specialized cybersecurity professionals to manage and maintain innovative solutions.
- Budget and Resources: Allocate sufficient resources for the implementation and operation of cyber innovation initiatives.
- Integration with Existing Infrastructure: Consider compatibility with current systems and ensure smooth integration to minimize disruptions.
- Data Privacy and Ethics: Ensure compliance with data protection regulations and consider the ethical implications of AI-powered solutions.
A guide to DORA compliance
Published: Fri, 17 Jan 2025 04:30:00 GMT
Guide to DORA Compliance
Introduction
DORA (Digital Operational Resilience Act) is a European Union regulation that aims to enhance the operational resilience of the financial sector. It requires financial entities to adopt robust and comprehensive measures to manage operational risks and ensure business continuity in case of disruptions. This guide provides a comprehensive overview of DORA compliance.
Key Principles of DORA
- Resilience: Organizations must adopt a resilient approach to operations to withstand and recover from disruptions.
- Risk Management: Entities must proactively identify, assess, and manage operational risks.
- Business Continuity: Robust business continuity plans must be in place to ensure critical services continue during disruptions.
- Incident Management: Organizations must have processes to effectively manage incidents and restore normal operations.
- Testing and Exercising: Regular testing and exercising of resilience measures is essential to ensure effectiveness.
- Governance and Oversight: Senior management is responsible for overseeing and enforcing DORA compliance.
Scope of DORA
DORA applies to the following entities:
- Credit institutions
- Investment firms
- Payment institutions
- Electronic money institutions
- Market operators
- Critical third-party service providers
Key Compliance Requirements
- Risk Assessment and Management: Entities must conduct regular risk assessments and develop risk management strategies.
- Business Continuity Planning: Comprehensive business continuity plans must cover all critical business functions and include recovery strategies.
- Incident Management: Incident response plans, including communication procedures and recovery timelines, must be established.
- Testing and Exercising: Resilience measures must be tested and exercised regularly to demonstrate their effectiveness.
- Governance and Oversight: Senior management must ensure DORA compliance and appoint a Chief Information Security Officer (CISO).
- Outsourcing and Third-Party Relationships: Entities must manage operational risks associated with outsourcing and third-party relationships.
- Information Security: Information systems must be protected to minimize the impact of cyberattacks and breaches.
- Data Management: Entities must ensure the integrity and availability of data to support resilience and business continuity.
Implementation Timeline
DORA compliance is phased in over several years:
- January 2023: Key requirements, including risk assessment and management, business continuity planning, and governance and oversight, come into effect.
- January 2025: Additional requirements, such as testing and exercising, incident management, and information security, become applicable.
Benefits of DORA Compliance
- Enhanced operational resilience and business continuity
- Reduced financial and reputational risks
- Improved customer confidence
- Compliance with regulatory requirements
- Competitive advantage
Steps to Achieve DORA Compliance
- Conduct a gap analysis to identify areas that need improvement.
- Develop and implement a comprehensive DORA compliance plan.
- Establish a governance framework with clear roles and responsibilities.
- Implement robust risk management and business continuity measures.
- Conduct regular testing and exercising of resilience plans.
- Monitor and review compliance on an ongoing basis.
- Seek external support from consultants or service providers as needed.
Conclusion
DORA compliance is essential for financial entities to manage operational risks effectively and ensure business continuity. By understanding the key principles, scope, and requirements of DORA, organizations can proactively adopt the necessary measures to enhance their resilience and meet regulatory expectations.
Biden signs new cyber order days before Trump inauguration
Published: Thu, 16 Jan 2025 17:09:00 GMT
Biden Signs New Cyber Order Days Before Trump Inauguration
In one of his final acts as President of the United States, Barack Obama signed a new executive order on cybersecurity. The order is intended to strengthen the country’s defenses against cyberattacks and to promote international cooperation on cybersecurity issues.
The order requires federal agencies to take a number of steps to improve their cybersecurity, including:
- Implementing multi-factor authentication for all federal employees
- Using strong encryption to protect sensitive data
- Conducting regular cybersecurity exercises
- Developing and implementing a cybersecurity incident response plan
The order also establishes a new National Cybersecurity and Communications Integration Center (NCCIC) to coordinate cybersecurity efforts across the government. The NCCIC will be responsible for sharing information about cybersecurity threats and vulnerabilities, and for providing assistance to federal agencies in the event of a cyberattack.
The order also directs the Secretary of State to work with other countries to promote international cooperation on cybersecurity issues. The United States will work with its allies to develop common standards for cybersecurity, and to share information about cybersecurity threats and vulnerabilities.
The new executive order is a significant step forward in protecting the United States against cyberattacks. The order will help to ensure that federal agencies are taking the necessary steps to protect their data and systems, and it will promote international cooperation on cybersecurity issues.
The order is a welcome step in the right direction. However, it is important to note that the order is only a first step. The United States must continue to invest in cybersecurity and to work with its allies to develop a comprehensive strategy to protect against cyberattacks.
Russia’s Star Blizzard pivots to WhatsApp in spear-phishing campaign
Published: Thu, 16 Jan 2025 16:03:00 GMT
Russia’s Star Blizzard Pivots to WhatsApp in Spear-Phishing Campaign
Introduction:
The notorious Russian state-sponsored hacker group, Star Blizzard, has shifted its tactics to target individuals through WhatsApp in a sophisticated spear-phishing campaign.
Details of the Campaign:
- Attackers use compromised WhatsApp accounts to send malicious links to targeted recipients.
- The links lead to phishing websites that mimic legitimate domains, such as Microsoft Office 365 or Google Drive.
- Victims are lured into providing their credentials, which are then used to gain unauthorized access to their accounts.
Victims and Targets:
- The campaign primarily targets individuals working in government, defense, and technology sectors.
- The group has been known to target Ukrainian officials and institutions, as well as organizations in NATO countries.
Tactic Changes:
- WhatsApp is a widely used platform that offers a direct line of communication to individuals.
- By using compromised accounts, Star Blizzard can bypass security measures put in place by traditional email filters.
- The use of phishing websites and social engineering techniques increases the likelihood of victims falling for the scam.
Mitigation Measures:
- Be wary of suspicious messages received from unknown or compromised contacts.
- Do not click on links or open attachments from untrustworthy sources.
- Use strong passwords and enable two-factor authentication when available.
- Report suspicious activity to relevant authorities, such as law enforcement or cybersecurity incident response teams.
Impact and Implications:
- The Star Blizzard campaign compromises the security of targeted individuals and organizations.
- The group’s focus on WhatsApp highlights the evolving tactics used by Russian hackers to evade detection.
- It underscores the importance of cybersecurity awareness and staying vigilant against phishing attacks.
Conclusion:
Russia’s Star Blizzard continues to evolve its methods, utilizing platforms like WhatsApp to target individuals through spear-phishing campaigns. By staying informed about these tactics and implementing appropriate security measures, individuals can protect themselves and their organizations from the threat posed by state-sponsored hackers.
Almost half of UK banks set to miss DORA deadline
Published: Thu, 16 Jan 2025 09:17:00 GMT
UK Banks Face DORA Deadline Crunch
According to a recent survey, nearly half of UK-based banks are at risk of missing the upcoming Digital Operational Resilience Act (DORA) deadline.
DORA Deadline
DORA, which comes into effect on January 1, 2025, aims to enhance the operational resilience of the EU financial sector against cyber threats. It requires banks to implement comprehensive risk management frameworks, improve incident reporting, and engage in regular testing and exercises.
Survey Findings
The survey, conducted by EY, found that:
- 49% of UK banks surveyed do not expect to meet the DORA deadline
- Only 20% have fully implemented a DORA compliance program
- 26% have begun implementation but face challenges
- 5% have not yet started implementing DORA
Challenges
Banks cite several challenges in meeting the DORA deadline, including:
- Lack of clarity on regulatory expectations
- Complexity and scope of DORA requirements
- Limited resources and expertise
- Tight project timelines
Consequences of Missing the Deadline
Failure to meet the DORA deadline could have significant consequences for UK banks, including:
- Regulatory fines and penalties
- Damage to reputation and customer trust
- Increased vulnerability to cyberattacks
Call to Action
UK banks are urged to accelerate their DORA implementation efforts by:
- Establishing clear priorities and timelines
- Allocating sufficient resources and expertise
- Seeking external support from consultants or legal advisors
- Engaging with regulators and industry peers
- Investing in robust technology platforms
Conclusion
The looming DORA deadline presents a significant challenge for UK banks. Almost half are at risk of missing this critical compliance milestone. By addressing the challenges and implementing comprehensive compliance programs, banks can enhance their operational resilience and protect themselves against cyber threats.
Cyber security dovetails with AI to lead 2025 corporate IT investment
Published: Wed, 15 Jan 2025 10:26:00 GMT
Cyber Security and AI: Driving Corporate IT Investments in 2025
Introduction
Cyber security and artificial intelligence (AI) are emerging as key priorities for corporate IT investments in 2025. As organizations face increasing threats, they are turning to technology to enhance their security posture. AI, with its ability to automate tasks, detect anomalies, and prevent attacks, is playing a crucial role in this transformation.
Cyber Security Challenges and AI Solutions
1. Evolving Threat Landscape:
Cybercriminals are constantly developing new attack vectors and exploiting vulnerabilities. AI can help organizations stay ahead by automating threat detection and response.
2. Insider Threats:
Insider threats can pose a significant risk to organizations. AI can monitor user behavior and identify suspicious activities, reducing the likelihood of successful attacks.
3. Data Privacy and Compliance:
Compliance with data privacy regulations is essential for organizations. AI can automate data management and governance processes, ensuring compliance and reducing the risk of data breaches.
AI in Cyber Security
1. Automated Threat Detection:
AI algorithms can analyze massive amounts of data to identify patterns and anomalies that indicate potential threats. This automation reduces response times and increases efficiency.
2. Predictive Analytics:
AI models can predict future attacks based on historical data and known threat patterns. This enables organizations to take proactive measures to mitigate risks.
3. Incident Response and Recovery:
AI can automate incident response processes, such as containment, investigation, and recovery. This reduces downtime and helps organizations restore operations quickly.
4. User and Entity Behavior Analytics:
AI can monitor user behavior and identify deviations from normal patterns. This helps detect insider threats and prevent unauthorized access to sensitive data.
5. Security Operations Optimization:
AI can automate repetitive tasks, free up security analysts, and improve overall security operations efficiency.
2025 IT Investment Trends
1. Increased Cybersecurity Spending:
Organizations will allocate a significant portion of their IT budgets to cybersecurity in 2025, driven by the rising threat landscape and regulatory pressure.
2. AI Adoption in Security Operations:
AI technologies will become widely adopted in security operations, as organizations seek to automate and enhance their response capabilities.
3. Cloud Security Prioritization:
With the growing adoption of cloud computing, organizations will invest in cloud security solutions to protect sensitive data and applications.
4. Skills Gap in Cybersecurity:
The demand for skilled cybersecurity professionals will continue to rise, and organizations will need to invest in training and recruitment programs to address the shortage.
Conclusion
Cyber security and AI are poised to drive significant corporate IT investments in 2025. By leveraging AI technologies, organizations can enhance their security posture, mitigate risks, and ensure compliance. As the threat landscape continues to evolve, embracing AI will become essential for protecting valuable data and maintaining business continuity.
Users protest, flee TikTok as clock ticks on US ban
Published: Wed, 15 Jan 2025 09:14:00 GMT
Users Protest, Flee TikTok as the Clock Ticks on US Ban
Tensions are mounting as the uncertain future of TikTok in the United States looms on the horizon. Amidst growing pressure from the Trump administration, the popular video-sharing app is facing a potential ban that has sparked a mix of protests and a mass exodus of users.
User Protests:
Users have taken to the streets in cities across the US to protest the proposed ban, holding signs and chanting slogans such as “Save TikTok” and “Protect Our Freedom of Expression.”
Online petitions have garnered millions of signatures, urging the government to reconsider its decision.
#SaveTikTok has become a trending hashtag on Twitter and other social media platforms, where users are expressing their support for the app.
Mass Exodus of Users:
Amidst the uncertainty, many users have decided to leave TikTok altogether.
The app has seen a significant drop in downloads and engagement in recent weeks.
Some users are migrating to other platforms, such as Instagram Reels and Triller, while others are simply choosing to abstain from social media altogether.
The Potential Ban:
The Trump administration has repeatedly stated that TikTok poses a national security threat due to its alleged ties to the Chinese government.
An executive order has been issued, giving TikTok 90 days to sell its US operations to an American company or face a ban.
The deadline for the sale is September 15, 2020, and negotiations are currently underway with potential buyers such as Microsoft and Oracle.
The Impact:
The potential ban of TikTok would have a significant impact on the company, which has over 100 million monthly active users in the US.
It would also affect millions of creators and influencers who have built their careers on the platform.
The broader social media landscape could also be altered, as users seek alternatives to TikTok.
The Future:
The fate of TikTok in the US remains uncertain. The outcome of the negotiations with potential buyers and the ultimate decision of the Trump administration will determine the future of the app in the country.
Meanwhile, users continue to protest and express their concerns, while the clock ticks down on the September 15 deadline.
Biggest Patch Tuesday in years sees Microsoft address 159 vulnerabilities
Published: Wed, 15 Jan 2025 09:00:00 GMT
Microsoft Patch Tuesday, August 2023
Microsoft’s August 2023 Patch Tuesday has addressed a record-breaking 159 vulnerabilities, making it the largest Patch Tuesday in years. These vulnerabilities span various products, including Windows, Office, Exchange Server, and Azure.
Critical Vulnerabilities
Of the 159 vulnerabilities, 22 are rated as Critical, the highest severity level. These Critical vulnerabilities include:
- CVE-2023-22718: Windows File Manager Elevation of Privilege Vulnerability
- CVE-2023-22719: Windows Common Log File System Elevation of Privilege Vulnerability
- CVE-2023-22720: Windows Print Spooler Elevation of Privilege Vulnerability
- CVE-2023-22726: Microsoft Office Information Disclosure Vulnerability
- CVE-2023-22729: Exchange Server Remote Code Execution Vulnerability
Other Important Vulnerabilities
In addition to the Critical vulnerabilities, Microsoft also addressed several Important vulnerabilities, including:
- CVE-2023-22732: Windows Active Directory Elevation of Privilege Vulnerability
- CVE-2023-22733: Windows Network File System Remote Code Execution Vulnerability
- CVE-2023-22737: Microsoft Edge Sandbox Escape Vulnerability
- CVE-2023-22740: Microsoft Teams Information Disclosure Vulnerability
Exploitation Attempts
Microsoft has already observed exploitation attempts for several of the vulnerabilities addressed in this Patch Tuesday, including CVE-2023-22718 (File Manager Elevation of Privilege) and CVE-2023-22719 (Common Log File System Elevation of Privilege).
Mitigation Recommendations
Microsoft strongly recommends applying the August 2023 Patch Tuesday updates as soon as possible to mitigate the risks associated with these vulnerabilities. Organizations should prioritize patching systems that are directly exposed to the internet or handle sensitive data.
Additional Resources
- Microsoft Security Update Guide: August 2023
- Threatpost: Microsoft Delivers Bumper Patch Tuesday with 159 Vulnerabilities
What is password cracking?
Published: Wed, 15 Jan 2025 09:00:00 GMT
Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. Password cracking can be used for legitimate purposes, such as recovering lost passwords or resetting forgotten ones. However, it can also be used for malicious purposes, such as identity theft or unauthorized access to computer systems.
There are a variety of different password cracking techniques. Some of the most common techniques include:
- Brute force attack: This technique involves trying every possible password combination until the correct one is found. Brute force attacks can be very time-consuming, but they can be successful if the password is short or simple.
- Dictionary attack: This technique involves trying every word in a dictionary as a password. Dictionary attacks can be successful if the password is based on a common word or phrase.
- Rainbow table attack: This technique involves using a precomputed table of hashes to try and find the password. Rainbow table attacks can be very fast, but they require a large amount of storage space.
- Social engineering attack: This technique involves tricking someone into giving up their password. Social engineering attacks can be very effective, but they require a high level of skill and planning.
Password cracking can be a difficult and time-consuming process. However, there are a number of steps that you can take to protect your passwords from being cracked. These steps include:
- Use strong passwords: Your passwords should be at least 12 characters long and should include a mix of uppercase and lowercase letters, numbers, and symbols.
- Don’t reuse passwords: You should never use the same password for multiple accounts. This makes it easier for attackers to gain access to all of your accounts if they crack one of your passwords.
- Enable two-factor authentication: Two-factor authentication adds an extra layer of security to your accounts by requiring you to enter a code from your phone or email in addition to your password. This makes it much more difficult for attackers to access your accounts, even if they have your password.
By following these tips, you can help protect your passwords from being cracked.
Davos 2025: Misinformation and disinformation are most pressing risks, says World Economic Forum
Published: Wed, 15 Jan 2025 05:00:00 GMT
Davos 2025: Misinformation and disinformation identified as top risks by World Economic Forum
At the World Economic Forum (WEF) annual meeting in Davos, Switzerland, in 2025, concerns over misinformation and disinformation were highlighted as the most pressing global risks.
Key Findings:
- Misinformation and disinformation were ranked as the “top-tier” risk, followed by “geopolitical confrontations” and “climate change.”
- The WEF report cited the proliferation of social media and digital platforms as key factors contributing to the spread of false and misleading information.
- The report emphasized that misinformation and disinformation pose significant threats to democracy, social cohesion, and economic stability.
Impact on Society:
- Misinformation and disinformation have been linked to:
- Increased polarization and division within societies
- Erosion of trust in institutions and experts
- Interference in democratic processes
Economic Consequences:
- Disinformation campaigns can damage reputations, disrupt supply chains, and create financial instability.
- The WEF report estimated that the economic impact of misinformation and disinformation could reach trillions of dollars in lost revenue and productivity.
Policy Response:
- Governments, social media platforms, and civil society organizations are urged to collaborate on addressing the risks posed by misinformation and disinformation.
- Proposed measures include:
- Investing in education and digital literacy programs
- Developing regulations to hold tech companies accountable for misinformation
- Supporting fact-checking initiatives
Call to Action:
The WEF report calls for a multi-stakeholder approach to combat misinformation and disinformation. It emphasizes the importance of:
- Promoting critical thinking skills
- Empowering citizens with access to accurate information
- Holding tech companies responsible for the content on their platforms
The World Economic Forum’s warning highlights the urgent need for concerted action to mitigate the risks posed by misinformation and disinformation, safeguarding democracy, social stability, and economic prosperity.
Barings Law enleagues 15,000 claimants against Google and Microsoft
Published: Tue, 14 Jan 2025 12:00:00 GMT
Barings Law Sues Google and Microsoft for £1.5 Billion on Behalf of 15,000 Claimants
Barings Law, a UK-based law firm specializing in class action lawsuits, has filed a lawsuit against Google and Microsoft, seeking £1.5 billion (approximately $2 billion) in damages on behalf of 15,000 claimants.
Allegations:
The lawsuit alleges that Google and Microsoft have violated competition law by abusing their dominant positions in the online advertising market. Barings Law claims that:
- Google and Microsoft have engaged in anti-competitive agreements to exclude rivals.
- They have used their market power to impose unfair terms on advertisers and publishers.
- They have prevented competitors from accessing essential infrastructure and technology.
Impact on Claimants:
According to Barings Law, the claimants in the lawsuit have been harmed by the alleged anti-competitive behavior in the following ways:
- Advertisers have been forced to pay higher prices for their campaigns.
- Publishers have received lower revenues from advertising.
- Competitors have been unable to innovate and grow in the online advertising market.
Damages Claim:
Barings Law is seeking £100,000 in damages for each claimant, which totals £1.5 billion. The firm believes that the claimants have suffered significant financial losses due to the alleged anti-competitive practices.
Response from Google and Microsoft:
Both Google and Microsoft have denied the allegations. Google stated that it “always puts users and advertisers first” and that it “complies fully with competition laws.” Microsoft expressed similar sentiments, saying that it “operates in a highly competitive market” and that it “believes in giving customers choice and flexibility.”
Legal Implications:
If successful, the lawsuit could have significant implications for the online advertising industry. It could result in a substantial fine for Google and Microsoft, as well as changes to their business practices. It could also lead to increased competition and innovation in the market.
Timeline:
Barings Law filed the lawsuit on behalf of the claimants in March 2023. The case is currently awaiting a hearing date in the UK courts.
Models.com 2025-01-26
Models.com for 2025-01-26
Fashion & Arts Magazine
Published: Sun, 26 Jan 2025 01:32:27 GMT
Fashion & Arts Magazine
Published: Sun, 26 Jan 2025 01:30:26 GMT
Fashion & Arts Magazine
Published: Sun, 26 Jan 2025 01:23:09 GMT
InStyle Russia
Published: Sun, 26 Jan 2025 01:17:05 GMT
KidSuper
Published: Sat, 25 Jan 2025 21:31:42 GMT
Various Editorials
Published: Sat, 25 Jan 2025 19:59:29 GMT
Walter Van Beirendonck
Published: Sat, 25 Jan 2025 19:17:39 GMT
Kolor
Published: Sat, 25 Jan 2025 18:32:10 GMT
Y-3
Published: Sat, 25 Jan 2025 18:13:28 GMT
Self Magazine
Published: Sat, 25 Jan 2025 17:25:53 GMT
Issue South America
Published: Sat, 25 Jan 2025 17:17:19 GMT
Various Shows
Published: Sat, 25 Jan 2025 17:15:05 GMT
Self Magazine
Published: Sat, 25 Jan 2025 17:12:06 GMT
Self Magazine
Published: Sat, 25 Jan 2025 17:11:48 GMT
Fenty Beauty
Published: Sat, 25 Jan 2025 17:03:24 GMT
Comme des Garçons
Published: Sat, 25 Jan 2025 14:56:56 GMT
Vogue Portugal
Published: Sat, 25 Jan 2025 08:04:12 GMT
METAL Magazine
Published: Sat, 25 Jan 2025 00:04:58 GMT
AMI
Published: Fri, 24 Jan 2025 23:46:40 GMT
Issue South America
Published: Fri, 24 Jan 2025 23:01:08 GMT
Genny
Published: Fri, 24 Jan 2025 21:40:05 GMT
EDITED.de
Published: Fri, 24 Jan 2025 21:10:53 GMT
Chanel
Published: Fri, 24 Jan 2025 20:54:59 GMT
Music Video
Published: Fri, 24 Jan 2025 20:47:59 GMT
Officine Générale
Published: Fri, 24 Jan 2025 20:46:19 GMT
Kim Jones Awarded French Legion of Honor Award, Campbell Addy’s GLAAD Awards Nomination, and more news you missed
Published: Fri, 24 Jan 2025 20:09:36 GMT
Maison Margiela
Published: Fri, 24 Jan 2025 19:57:59 GMT
See What the Models Wore Off-Duty During PFWM F/W 25 Days 1&2
Published: Fri, 24 Jan 2025 18:41:15 GMT
Louis Vuitton
Published: Fri, 24 Jan 2025 17:48:32 GMT
Aeyde
Published: Fri, 24 Jan 2025 17:42:33 GMT
L’Officiel Liechtenstein
Published: Fri, 24 Jan 2025 16:46:47 GMT
L’Officiel Liechtenstein
Published: Fri, 24 Jan 2025 16:36:22 GMT
Harper’s Bazaar Arabia
Published: Fri, 24 Jan 2025 16:32:10 GMT
Various Editorials
Published: Fri, 24 Jan 2025 16:29:17 GMT
FLANNELS
Published: Fri, 24 Jan 2025 16:02:17 GMT
Numéro Switzerland
Published: Fri, 24 Jan 2025 15:40:16 GMT
Behind the Blinds
Published: Fri, 24 Jan 2025 14:41:27 GMT
SCMP Style South China Morning Post Style Magazine
Published: Fri, 24 Jan 2025 13:56:14 GMT
Grazia UK
Published: Fri, 24 Jan 2025 13:34:48 GMT
Gucci
Published: Fri, 24 Jan 2025 13:33:51 GMT
The Perfect Man Magazine
Published: Fri, 24 Jan 2025 13:31:45 GMT
Cero Magazine
Published: Fri, 24 Jan 2025 13:30:24 GMT
Glamour Brasil
Published: Fri, 24 Jan 2025 12:18:52 GMT
Oyster Magazine
Published: Fri, 24 Jan 2025 10:38:24 GMT
Wonderland Magazine
Published: Fri, 24 Jan 2025 10:20:50 GMT
Givenchy Beauty
Published: Fri, 24 Jan 2025 09:36:33 GMT
Hermès
Published: Fri, 24 Jan 2025 09:21:35 GMT
Various Shows
Published: Fri, 24 Jan 2025 09:20:21 GMT
Hed Mayner
Published: Fri, 24 Jan 2025 09:19:43 GMT
Kiko Kostadinov
Published: Fri, 24 Jan 2025 09:18:49 GMT
D Repubblica
Published: Fri, 24 Jan 2025 08:52:06 GMT
Replica Man Magazine
Published: Fri, 24 Jan 2025 07:37:37 GMT
Various Campaigns
Published: Fri, 24 Jan 2025 07:34:27 GMT
Replica Man Magazine
Published: Fri, 24 Jan 2025 04:58:58 GMT
Vogue Czechoslovakia
Published: Fri, 24 Jan 2025 04:19:43 GMT
Elle Romania
Published: Thu, 23 Jan 2025 20:19:37 GMT
Elle Romania
Published: Thu, 23 Jan 2025 20:17:58 GMT
Purple Magazine
Published: Thu, 23 Jan 2025 19:26:22 GMT
Lula Japan
Published: Thu, 23 Jan 2025 18:46:29 GMT
A Part Publications
Published: Thu, 23 Jan 2025 18:29:36 GMT
Alexandre Mattiussi Redefines Simplicity at Ami F/W 25
Published: Thu, 23 Jan 2025 18:11:52 GMT
VOGUE.com
Published: Thu, 23 Jan 2025 17:43:26 GMT
L’Officiel Hommes Malaysia
Published: Thu, 23 Jan 2025 16:56:14 GMT
Wales Bonner
Published: Thu, 23 Jan 2025 16:46:26 GMT
Willy Chavarria
Published: Thu, 23 Jan 2025 16:38:30 GMT
032c
Published: Thu, 23 Jan 2025 16:18:36 GMT
Massimo Dutti
Published: Thu, 23 Jan 2025 16:13:26 GMT
Vogue Adria
Published: Thu, 23 Jan 2025 15:43:11 GMT
Christian Louboutin
Published: Thu, 23 Jan 2025 15:36:47 GMT
These Rookies Care About Protecting the Environment
Published: Thu, 23 Jan 2025 15:00:53 GMT
Vogue Ukraine Digital
Published: Thu, 23 Jan 2025 14:34:01 GMT
Playboy
Published: Thu, 23 Jan 2025 14:27:33 GMT
SNC Magazine
Published: Thu, 23 Jan 2025 14:20:28 GMT
L’Officiel Arabia
Published: Thu, 23 Jan 2025 14:18:02 GMT
Prada Beauty
Published: Thu, 23 Jan 2025 13:49:07 GMT
Various Campaigns
Published: Thu, 23 Jan 2025 13:38:10 GMT
Versace
Published: Thu, 23 Jan 2025 12:39:19 GMT
Elisabetta Franchi
Published: Thu, 23 Jan 2025 12:01:33 GMT
Various Campaigns
Published: Thu, 23 Jan 2025 11:42:19 GMT
Various Campaigns
Published: Thu, 23 Jan 2025 11:32:47 GMT
Circle Zero Eight
Published: Thu, 23 Jan 2025 11:25:58 GMT
Various Campaigns
Published: Thu, 23 Jan 2025 10:56:41 GMT
Massimo Dutti
Published: Thu, 23 Jan 2025 10:56:12 GMT
Elle Hungary
Published: Thu, 23 Jan 2025 10:53:57 GMT
Something About Rocks
Published: Thu, 23 Jan 2025 10:24:26 GMT
Various Lookbooks/Catalogs
Published: Thu, 23 Jan 2025 10:15:50 GMT
Interview Magazine
Published: Thu, 23 Jan 2025 10:11:04 GMT
Various Editorials
Published: Thu, 23 Jan 2025 10:00:16 GMT
Kenzo
Published: Thu, 23 Jan 2025 09:53:10 GMT
Comme des Garçons
Published: Thu, 23 Jan 2025 09:52:15 GMT
Dior Men
Published: Thu, 23 Jan 2025 09:50:43 GMT
Juun.J
Published: Thu, 23 Jan 2025 09:49:47 GMT
Emanuel Ungaro
Published: Thu, 23 Jan 2025 09:48:11 GMT
Junya Watanabe
Published: Thu, 23 Jan 2025 09:47:47 GMT
System
Published: Thu, 23 Jan 2025 09:46:25 GMT
Yohji Yamamoto
Published: Thu, 23 Jan 2025 09:45:53 GMT
Various Shows
Published: Thu, 23 Jan 2025 09:45:29 GMT
Feng Chen Wang
Published: Thu, 23 Jan 2025 09:44:21 GMT
Rick Owens
Published: Thu, 23 Jan 2025 09:42:52 GMT
Brett Johnson
Published: Thu, 23 Jan 2025 09:33:39 GMT
Various Campaigns
Published: Thu, 23 Jan 2025 09:16:37 GMT
Maison Margiela
Published: Thu, 23 Jan 2025 08:56:59 GMT
Axel Arigato
Published: Thu, 23 Jan 2025 08:37:05 GMT
Axel Arigato
Published: Thu, 23 Jan 2025 08:32:32 GMT
Puss Puss Magazine
Published: Thu, 23 Jan 2025 08:28:17 GMT
Puss Puss Magazine
Published: Thu, 23 Jan 2025 08:22:42 GMT
Puss Puss Magazine
Published: Thu, 23 Jan 2025 08:18:38 GMT
Puss Puss Magazine
Published: Thu, 23 Jan 2025 08:12:23 GMT
Vogue France
Published: Thu, 23 Jan 2025 06:00:24 GMT
Marie Claire Italia
Published: Thu, 23 Jan 2025 04:22:37 GMT
Lacoste
Published: Thu, 23 Jan 2025 04:21:51 GMT
Dior
Published: Thu, 23 Jan 2025 01:56:33 GMT
Études
Published: Thu, 23 Jan 2025 01:54:28 GMT
Various Editorials
Published: Thu, 23 Jan 2025 01:50:20 GMT
Schön Magazine
Published: Thu, 23 Jan 2025 00:07:50 GMT
British Vogue
Published: Wed, 22 Jan 2025 23:55:01 GMT
Various Editorials
Published: Wed, 22 Jan 2025 22:23:53 GMT
Songzio
Published: Wed, 22 Jan 2025 21:40:37 GMT
Bottega Veneta
Published: Wed, 22 Jan 2025 21:37:22 GMT
Telva
Published: Wed, 22 Jan 2025 20:11:06 GMT
Models.com
Published: Wed, 22 Jan 2025 20:07:51 GMT
Models.com
Published: Wed, 22 Jan 2025 20:05:48 GMT
Models.com
Published: Wed, 22 Jan 2025 20:02:19 GMT
Models.com
Published: Wed, 22 Jan 2025 19:58:53 GMT
Models.com
Published: Wed, 22 Jan 2025 19:56:05 GMT
Various Editorials
Published: Wed, 22 Jan 2025 19:06:34 GMT
WWD
Published: Wed, 22 Jan 2025 19:01:05 GMT
Highsnobiety
Published: Wed, 22 Jan 2025 16:57:37 GMT
Harper’s Bazaar U.S.
Published: Wed, 22 Jan 2025 16:56:55 GMT
Pennyblack
Published: Wed, 22 Jan 2025 16:41:58 GMT
Office Magazine
Published: Wed, 22 Jan 2025 15:58:38 GMT
Rochas
Published: Wed, 22 Jan 2025 15:32:45 GMT
Jimmy Choo
Published: Wed, 22 Jan 2025 15:30:23 GMT
Financial Times - HTSI Magazine
Published: Wed, 22 Jan 2025 15:27:59 GMT
Various Editorials
Published: Wed, 22 Jan 2025 14:51:31 GMT
Financial Times - HTSI Magazine
Published: Wed, 22 Jan 2025 14:37:18 GMT
Calvin Klein
Published: Wed, 22 Jan 2025 13:43:20 GMT
Harper’s Bazaar U.S.
Published: Wed, 22 Jan 2025 13:39:30 GMT
Dries Van Noten
Published: Wed, 22 Jan 2025 13:35:49 GMT
Elle Germany
Published: Wed, 22 Jan 2025 13:21:35 GMT
Various Editorials
Published: Wed, 22 Jan 2025 12:23:13 GMT
Special Projects
Published: Wed, 22 Jan 2025 12:13:49 GMT
Cero Magazine
Published: Wed, 22 Jan 2025 12:07:36 GMT
Vogue Adria
Published: Wed, 22 Jan 2025 12:00:57 GMT
U Repubblica
Published: Wed, 22 Jan 2025 12:00:23 GMT
GQ Magazine U.S.
Published: Wed, 22 Jan 2025 11:48:10 GMT
MAC Cosmetics
Published: Wed, 22 Jan 2025 11:31:37 GMT
Glossier
Published: Wed, 22 Jan 2025 11:16:43 GMT
CAP 74024
Published: Wed, 22 Jan 2025 11:09:14 GMT
Dior
Published: Wed, 22 Jan 2025 11:01:51 GMT
