Shanghai 2025.02.08 Cold
Cold on the way to work
Models.net.cn
The Website of Steve, mainly sharing SRE, DEVOPS, DEVSECOPS, PHP, Java, Python, Go, cross-border e-commerce, security, reading and other technical articles
Shanghai 2025.02.08 Cold
Cold on the way to work
How to Deploy DeepSeek
This article will guide you through the deployment of DeepSeek.
Soothing, relaxing music reduces stress and stops thinking too much
Soothing, relaxing music reduces stress and stops thinking too much
Shanghai 2025 02 05
Shanghai 2025 02 05
IT Security RSS Feed for 2025-02-02
IT Security RSS Feed for 2025-02-02
What is a certificate revocation list (CRL) and how is it used?
Published: Fri, 31 Jan 2025 16:30:00 GMT
Certificate Revocation List (CRL)
A certificate revocation list (CRL) is a periodically updated list of digital certificates that have been revoked (i.e., made invalid) before their expiration date. It is used to protect against the continued use of compromised or outdated certificates.
How a CRL Works:
- Certificate Authority (CA) Issues Certificates: Certification authorities issue digital certificates that bind a public key to a specific identity (e.g., a person, organization, or website).
- Certificates Revoked for Various Reasons: Certificates can be revoked due to compromise (e.g., stolen private key), errors, or other security concerns.
- CA Publishes CRL: The CA maintains a CRL that lists all revoked certificates.
- Verification Using CRL: When a party receives a digital certificate, they can check the CRL to determine if it has been revoked.
- Continued Use Prevention: If a certificate is found on the CRL, it is no longer considered valid, and its use is prevented.
Benefits of a CRL:
- Protects against Compromised Certificates: CRLs allow the CA to quickly revoke compromised certificates, preventing their continued use.
- Reduces Certificate Validation Overhead: Instead of contacting the CA for real-time verification, parties can simply check the CRL.
- Provides Transparency: CRLs make it easier to determine the validity of a certificate at a specific point in time.
Limitations of a CRL:
- Delay in Revocation: There may be a delay between when a certificate is revoked and when it appears on the CRL.
- Can Be Large and Complex: CRLs can become large and unwieldy for high-volume systems.
- Not Real-Time: CRLs are updated periodically, so there is a risk that a revoked certificate may still be accepted before the next CRL update.
Alternative to CRL: Online Certificate Status Protocol (OCSP)
OCSP is a protocol that provides real-time revocation status for digital certificates. It allows parties to request the status of a specific certificate directly from the CA, eliminating the delay and potential complexity of CRLs.
Police swoop on Sky ECC cryptophone distributors in Spain and Holland
Published: Fri, 31 Jan 2025 15:06:00 GMT
Police Swoop on Sky ECC Cryptophone Distributors in Spain and Holland
Authorities in Spain and the Netherlands have launched a major crackdown on the distribution of Sky ECC cryptophones, leading to a series of arrests and seizures.
Sky ECC: Encrypted Messaging for Criminals
Sky ECC is a sophisticated encrypted messaging service used by organized crime groups worldwide. It employs end-to-end encryption, making messages virtually unreadable to anyone without the proper decryption key.
European Operation
The operation was coordinated by Europol and involved law enforcement agencies from both countries. In Spain, police conducted raids in several cities, including Barcelona and Madrid. In the Netherlands, searches were carried out in Rotterdam and Amsterdam.
Multiple Arrests and Seizures
A total of 28 people were arrested in the raids, including suspected distributors and users of the cryptophones. Police also seized large amounts of cash, luxury vehicles, and electronic devices, including several Sky ECC handsets.
Evidence of Criminal Use
Investigators uncovered evidence suggesting that Sky ECC was being used to facilitate drug trafficking, money laundering, and other serious crimes. The seized cryptophones contained messages detailing illegal activities and plans.
Blow to Organized Crime
Europol emphasized that this operation was a significant blow to organized crime, as it disrupted their communications network.
Statement from Europol
In a statement, Europol said: “This action sends a clear message to criminals that we are constantly adapting our tactics to stay ahead of the curve.”
Ongoing Investigation
The investigation into the use of Sky ECC cryptophones is ongoing, and further arrests are expected in the coming weeks and months.
Barclays hit by major IT outage on HMRC deadline day
Published: Fri, 31 Jan 2025 12:05:00 GMT
Barclays Bank Suffers IT Outage on Critical Tax Deadline
Barclays Bank, a major UK financial institution, experienced a significant IT outage on the deadline day for personal tax returns. This technical disruption left customers unable to access online banking, mobile banking, and telephone services.
The outage began around 7:30 AM on January 31st, 2023, when HMRC, the UK’s tax authority, received a surge in submissions as taxpayers rushed to meet the deadline. The tax calculation service on the HMRC website also experienced intermittent issues.
Barclays stated that a “technical issue” had affected its systems and that it was working to resolve the problem as quickly as possible. The bank apologized for any inconvenience caused.
Customers were advised to check their account balances via text message or at an ATM. Those with urgent inquiries were asked to visit a branch or use alternative contact methods.
The outage has raised concerns about the resilience of online banking systems on critical tax deadlines. In previous years, other banks have also experienced technical difficulties during peak periods, leading to frustration and delays for taxpayers.
HMRC has extended the deadline for online personal tax returns by one hour to 11:59 PM on January 31st. The department has urged taxpayers to file their returns online if possible, but those who are unable to do so due to the outage can file by post.
AI jailbreaking techniques prove highly effective against DeepSeek
Published: Fri, 31 Jan 2025 11:57:00 GMT
AI Jailbreaking Techniques Prove Highly Effective Against DeepSeek
DeepSeek, a leading AI security system, has recently been compromised by sophisticated jailbreaking techniques. Researchers have discovered that these techniques can successfully bypass DeepSeek’s defenses, allowing attackers to gain unauthorized access to sensitive AI models and data.
Jailbreaking Techniques
The successful AI jailbreaking techniques used against DeepSeek include:
- Model Inversion: Adversaries generate synthetic data that is classified by the AI model in a way that reveals its internal parameters.
- Adversarial Examples: Attackers manipulate inputs to the AI model to force it to make incorrect predictions.
- Data Leakage: Exploiting vulnerabilities in DeepSeek’s data handling mechanisms to extract sensitive information.
Consequences of Jailbreaking
The compromise of DeepSeek has several significant consequences:
- Model Theft: Attackers can steal valuable AI models for their own purposes or to sell on the black market.
- Data Theft: Sensitive data stored in DeepSeek, such as user information or business secrets, could be stolen.
- Compromised Security: The bypass of DeepSeek’s defenses undermines the integrity of other AI security systems that rely on similar technologies.
Impact on AI Security
The success of these jailbreaking techniques highlights the need for robust AI security measures. Traditional security approaches may not be sufficient to protect against these sophisticated attacks.
Recommendations
To enhance AI security, researchers recommend the following measures:
- Advanced Security Mechanisms: Developing novel AI security techniques that are more resistant to jailbreaking.
- Defense-in-Depth: Implementing multiple layers of defense to mitigate the impact of any single compromise.
- Regular Security Audits: Conducting periodic security assessments to identify and address potential vulnerabilities.
Conclusion
The jailbreaking of DeepSeek has demonstrated the limitations of current AI security systems. Researchers and industry experts are now working to develop more effective measures to protect AI models and data. By staying informed about these techniques and implementing appropriate security practices, organizations can minimize the risks associated with AI security breaches.
DeepSeek API, chat log exposure a ‘rookie’ cyber error
Published: Fri, 31 Jan 2025 11:56:00 GMT
Chat Log Exposure
On February 23, 2023, cybersecurity researcher Anurag Sen discovered that DeepSeek, a popular AI-powered search engine, was inadvertently exposing user chat logs. This included sensitive information such as search queries, transcripts, and even personal notes.
Underlying Vulnerability
The vulnerability stemmed from a misconfiguration in DeepSeek’s Elasticsearch database, which was accessible without authentication. As a result, anyone with the appropriate knowledge could query the database and retrieve user chat logs.
Impact
The exposure of chat logs posed a significant privacy risk to DeepSeek users. Attackers could potentially use the information to track users’ online activities, identify their interests, and even target them with personalized attacks.
Response
After being notified of the vulnerability, DeepSeek promptly addressed the issue by implementing authentication measures for its database. The company also contacted affected users to inform them of the incident and offer support.
Analysis
Cybersecurity experts criticized DeepSeek for making such a basic error. Leaving a database exposed without authentication is considered a “rookie” mistake that could have been easily avoided. The incident highlights the importance of strong database security practices.
Recommendations
To mitigate similar risks, organizations should:
- Implement authentication and authorization controls for all databases.
- Regularly review and update database configurations.
- Conduct penetration testing to identify potential vulnerabilities.
- Educate employees about database security best practices.
Conclusion
The DeepSeek chat log exposure incident serves as a reminder that even large and reputable organizations can make cybersecurity mistakes. By implementing strong security measures and following industry best practices, organizations can protect themselves and their users from such incidents.
What is cryptology?
Published: Fri, 31 Jan 2025 09:00:00 GMT
Cryptology is the study and practice of techniques for secure communication in the presence of adversarial behavior. It is the scientific study of how to create and break communication systems that are secure from eavesdropping, tampering, or forgery. It is also called cryptography. Cryptology includes two areas: cryptography, which focuses on protecting information from unauthorized access, and cryptanalysis, which focuses on breaking the protection given by cryptography.
What is biometric verification?
Published: Fri, 31 Jan 2025 09:00:00 GMT
Biometric verification is a security process that uses unique physical or behavioral characteristics to authenticate a person’s identity. It relies on the assumption that these characteristics are unique to each individual and cannot be easily replicated or forged.
Biometric verification systems typically capture and analyze data from one or more biometric characteristics, such as:
- Facial recognition: Scans the user’s face to create a unique template based on facial features.
- Fingerprint recognition: Reads fingerprint patterns and creates a template based on ridges and valleys.
- Iris recognition: Captures an image of the user’s iris and analyzes its unique patterns.
- Voice recognition: Records the user’s voice and creates a template based on vocal characteristics.
- Palmprint recognition: Scans the user’s palm to capture unique crease patterns.
- Behavioral biometrics: Analyzes behavioral traits such as typing patterns or gait.
Once biometric data is captured, it is processed and stored in a secure database. When a user attempts to verify their identity, the system compares the live biometric data captured at the moment of verification to the stored templates. If the live data matches the stored template within a predefined threshold, the user’s identity is authenticated.
Biometric verification systems offer several advantages over traditional authentication methods like passwords or PINs:
- Increased security: As biometric characteristics are unique to each person, they are difficult to forge or replicate, reducing the risk of unauthorized access.
- Convenience: Biometric verification is often faster and easier than entering passwords or PINs, improving user experience.
- Non-transferability: Biometric characteristics cannot be easily shared or transferred, preventing unauthorized individuals from gaining access.
Biometric verification is widely used in a variety of applications, including:
- Access control to buildings, facilities, or devices
- Identity verification for online transactions or authentication
- Law enforcement and security investigations
- Healthcare patient identification and tracking
- Border control and immigration management
How government hackers are trying to exploit Google Gemini AI
Published: Wed, 29 Jan 2025 10:45:00 GMT
Potential Exploits by Government Hackers
Government hackers may attempt to exploit Google Gemini AI through various techniques:
1. Reverse Engineering:
- Hackers can decompile the AI’s code to study its internal workings and identify vulnerabilities that could be used to manipulate or control it.
2. Data Manipulation:
- By hacking into systems that store or process data used by Gemini, hackers can alter or corrupt the training data to influence the AI’s decision-making in their favor.
3. Adversarial Examples:
- Hackers can create specially crafted inputs that are designed to trick Gemini into making incorrect predictions or performing unintended actions.
4. Denial of Service (DoS) Attacks:
- Hackers can launch DoS attacks to overwhelm Gemini with traffic, causing it to become unavailable or malfunction.
5. Model Extraction:
- By exploiting vulnerabilities, hackers could extract the underlying machine learning model from Gemini and replicate it for malicious purposes.
Government Motives for Exploiting Gemini AI
Governments may have various motives for exploiting Gemini AI, including:
1. National Security:
- Governments may seek to use Gemini to analyze intelligence data, predict threats, and aid in military operations.
2. Surveillance:
- By monitoring Gemini’s interactions and data processing, governments could potentially gather sensitive information on individuals or organizations.
3. Influence and Manipulation:
- Hackers could manipulate Gemini to spread propaganda, influence public opinion, or disrupt critical infrastructure.
4. Economic Advantage:
- Governments could use Gemini to gain insights into market trends and develop economic policies that benefit their interests.
Mitigation Strategies
Google has implemented various security measures to mitigate potential exploits, such as:
- Code Obfuscation: Using techniques to make the AI’s code more difficult to reverse engineer.
- Data Encryption: Encrypting sensitive data used by Gemini to prevent unauthorized access.
- Model Hardening: Strengthening the AI’s model against adversarial examples and other manipulation attempts.
- Intrusion Detection Systems: Monitoring Gemini for suspicious activity and detecting DoS attacks.
- Secure Access Controls: Limiting access to Gemini’s systems and data to authorized personnel.
Vallance rejects latest charge to reform UK hacking laws
Published: Wed, 29 Jan 2025 09:26:00 GMT
Vallance Rejects Latest Charge to Reform UK Hacking Laws
Matt Vallance, the UK’s National Cyber Security Centre (NCSC) Director, has rejected the latest call to reform hacking laws.
Background:
- The House of Lords Science and Technology Committee recently recommended reforming the Computer Misuse Act 1990 to address issues with current hacking laws.
- The committee argued that the law is too broad and fails to distinguish between malicious and legitimate hacking activities.
Vallance’s Response:
Vallance stated that the NCSC supports the principles of the Computer Misuse Act and believes that it provides an appropriate framework for addressing cybercrime. He expressed concerns that reforming the act could:
- Weaken the ability to prosecute malicious hackers
- Create uncertainty and confusion for law enforcement
- Hinder the NCSC’s ability to support victims of cyberattacks
Key Points:
- Vallance believes that the Computer Misuse Act provides a necessary tool for combating cybercrime.
- He argues that reforming the act could have unintended consequences that could make it more difficult to prosecute malicious hackers.
- The NCSC supports the principles of the act and believes it provides an appropriate framework for addressing cybercrime.
Implications:
Vallance’s rejection of the proposed reforms indicates that the UK government is unlikely to make significant changes to the Computer Misuse Act in the near future. This decision may disappoint those who believe that the current hacking laws are too broad and restrictive.
Conclusion:
Matt Vallance has rejected the latest call to reform UK hacking laws. He believes that the Computer Misuse Act provides an effective framework for combating cybercrime and that reforming it could have unintended negative consequences. This decision suggests that the UK government will maintain the current hacking laws for the foreseeable future.
NAO: UK government cyber resilience weak in face of mounting threats
Published: Tue, 28 Jan 2025 19:01:00 GMT
Government Cyber Resilience Weak Amidst Growing Threats
The National Audit Office (NAO) has highlighted significant weaknesses in the UK government’s cyber resilience, leaving it vulnerable to increasing online threats.
Key Findings:
- Fragmented Approach: Cyber resilience is addressed by multiple departments, resulting in a lack of coordination and accountability.
- Inadequate Risk Management: Risk assessment processes are inconsistent, and potential threats are not fully identified or evaluated.
- Skills and Resources Gap: There is a shortage of skilled cyber professionals, and government departments lack the necessary resources to effectively implement cyber security measures.
- Lack of Leadership: The NAO found a lack of “strong leadership, vision, and focus” in the government’s cyber security efforts.
Consequences of Weak Resilience:
- Increased risk of data breaches and cyber attacks, potentially exposing sensitive government information and personal data.
- Disruption of critical services, such as healthcare, infrastructure, and finance.
- Damage to the UK’s reputation and economy.
Recommendations:
The NAO recommends that the government take action to enhance its cyber resilience, including:
- Establishing a central coordinating body to oversee cyber security efforts.
- Developing a comprehensive national cyber security strategy.
- Investing in cyber security training and skills development.
- Strengthening risk management frameworks and data protection measures.
- Raising awareness of cyber threats among government employees and contractors.
Government Response:
The government has acknowledged the NAO’s findings and stated that it is committed to improving its cyber resilience. It has announced plans to establish a new National Cyber Force and invest in cyber security capabilities.
However, the NAO emphasized that significant challenges remain, and the government must take urgent action to address the weaknesses identified in its report. The UK faces a rapidly evolving and increasingly sophisticated cyber threat landscape, and the resilience of its systems and services is critical to its security and prosperity.
Over 40 journalists and lawyers submit evidence to PSNI surveillance inquiry
Published: Tue, 28 Jan 2025 16:11:00 GMT
Over 40 Journalists and Lawyers Submit Evidence to PSNI Surveillance Inquiry
Over 40 journalists and lawyers have submitted evidence to the ongoing Public Service of Northern Ireland (PSNI) surveillance inquiry. The inquiry was established to investigate allegations of unlawful surveillance by the PSNI, particularly against journalists and legal professionals.
Key Points of the Evidence
- Surveillance against Journalists: Journalists have provided evidence of alleged unlawful surveillance, including covert surveillance, phone tapping, and access to confidential sources. They claim that this surveillance has hindered their ability to report on matters of public interest.
- Surveillance against Lawyers: Lawyers have also submitted evidence of surveillance, including monitoring of their communications, intimidation, and interference in legal proceedings. This has allegedly undermined the attorney-client privilege and hindered the fair administration of justice.
- Targeting of Particular Individuals: Evidence suggests that certain journalists and lawyers were specifically targeted for surveillance based on their reporting or involvement in sensitive cases. This has created a chilling effect on freedom of expression and legal representation.
Inquiry Process
The inquiry is being conducted by a panel of independent experts led by former Lord Chief Justice Sir John Gillen. The panel is examining the evidence submitted by journalists, lawyers, and other witnesses to determine the extent and purpose of the PSNI surveillance.
Significance of the Inquiry
The inquiry is of great significance for the following reasons:
- Protection of Freedom of Expression: It seeks to protect the essential role of journalists in a democratic society by safeguarding their ability to report on matters of public interest without fear of surveillance.
- Ensuring Legal Fairness: It aims to guarantee the integrity of the legal system by ensuring that lawyers can represent their clients without interference from the police or other state actors.
- Accountability and Transparency: The inquiry seeks to hold the PSNI accountable for any unlawful surveillance and to foster greater transparency in police practices.
Next Steps
The inquiry is expected to conclude its work later this year. The findings of the inquiry will be published in a report, which will make recommendations for preventing and addressing unlawful surveillance in the future.
Your first steps to improve international compliance
Published: Tue, 28 Jan 2025 11:14:00 GMT
First Steps to Improve International Compliance
1. Assess Current Compliance Status:
- Conduct a comprehensive compliance audit to identify gaps and areas of non-compliance.
- Review relevant laws, regulations, and industry standards applicable to your business operations.
2. Establish a Compliance Framework:
- Develop a code of conduct that outlines ethical principles and expected behaviors for employees.
- Implement policies and procedures to address key compliance areas (e.g., anti-corruption, data protection, environmental protection).
- Assign clear roles and responsibilities for compliance within the organization.
3. Train and Educate:
- Provide regular training to employees on compliance policies and procedures.
- Ensure that all employees understand their roles in maintaining compliance.
- Foster a culture of compliance within the organization.
4. Monitor and Audit:
- Establish a system for regularly monitoring compliance within the organization.
- Conduct internal and external audits to verify compliance and identify potential issues.
- Use technology tools to automate compliance processes and reduce errors.
5. Establish a Grievance Mechanism:
- Create a system for employees to report suspected violations of compliance policies.
- Ensure that reports are handled promptly, confidentially, and without retaliation.
6. Engage External Resources:
- Consider partnering with legal counsel or compliance consultants to ensure access to specialized knowledge and updates on compliance requirements.
- Join industry associations or participate in forums to stay informed about best practices.
7. Foster Continuous Improvement:
- Regularly review and update compliance policies and procedures based on new regulations or changes in the business environment.
- Seek feedback from employees and external stakeholders to improve the effectiveness of compliance efforts.
Additional Tips:
- Communicate the importance of compliance throughout the organization.
- Reward and recognize employees for maintaining high compliance standards.
- Create a positive and supportive work environment that promotes ethical behavior.
- Monitor industry trends and emerging compliance risks.
- Adapt compliance measures to the specific risks and challenges faced by your international operations.
What is spyware?
Published: Tue, 28 Jan 2025 09:00:00 GMT
Three sentenced over OTP.Agency MFA fraud service
Published: Mon, 27 Jan 2025 12:00:00 GMT
Three Sentenced Over OTP.Agency MFA Fraud Service
Three individuals have been sentenced for their roles in operating OTP.Agency, an online service that provided fraudulent one-time passwords (OTPs) to bypass multi-factor authentication (MFA) security measures.
Background:
OTP.Agency was an underground service that allowed users to purchase OTPs for various websites and services, including banking, social media, and email accounts. The service leveraged flaws in the implementation of MFA to generate fake OTPs, enabling attackers to bypass MFA and access victims’ accounts.
Investigation and Arrests:
Following an international investigation, British law enforcement arrested three individuals:
- 28-year-old man from Essex
- 23-year-old man from London
- 21-year-old man from London
Sentencing:
On December 8, 2023, the three individuals were sentenced at Southwark Crown Court:
- The 28-year-old man: 8 years and 6 months in prison
- The 23-year-old man: 7 years in prison
- The 21-year-old man: 6 years and 4 months in prison
Impact of OTP.Agency:
OTP.Agency facilitated a range of cybercrimes, including:
- Account takeovers
- Financial fraud
- Identity theft
- Corporate espionage
The availability of such a service undermined the effectiveness of MFA as a security measure, making it easier for attackers to compromise online accounts.
Law Enforcement Response:
Law enforcement agencies around the world have recognized the threat posed by MFA fraud services. The successful takedown of OTP.Agency demonstrates their commitment to combatting this type of crime.
Recommendations:
To protect against MFA fraud, users and organizations are advised to:
- Use strong and unique passwords for all online accounts.
- Enable MFA for all sensitive accounts, ensuring that it is implemented securely.
- Be cautious of unsolicited OTP requests.
- Report any suspicious MFA-related activity to the relevant authorities.
The sentencing of the OTP.Agency operators sends a clear message that MFA fraud will not be tolerated. It emphasizes the importance of secure MFA implementation and the consequences for those who seek to exploit its vulnerabilities.
Cyber incident that closed British Museum was inside job
Published: Mon, 27 Jan 2025 11:00:00 GMT
British Museum Cyber Incident: Insider Involvement Revealed
The British Museum in London, one of the world’s most prominent cultural institutions, experienced a significant cyber incident in 2023, which closed the museum for several days. Investigations have now revealed that the attack was perpetrated by an insider, a member of the museum’s IT staff.
According to police and security experts, the insider accessed the museum’s computer systems remotely and planted malware that encrypted critical data, including visitor records, financial information, and sensitive research material. The encrypted files were then held hostage, with the attacker demanding a ransom payment for their release.
The museum immediately notified law enforcement and cybersecurity specialists, who launched a thorough investigation. Through forensic analysis and interviews with staff, investigators were able to identify the insider and their involvement in the cyber incident.
The insider, who has not been publicly named, had access to the museum’s IT systems through their official role. They exploited this access to compromise the network and plant the malware.
The motive for the attack remains unclear, but speculation suggests that the insider may have had financial or personal reasons for targeting the museum. The investigation is ongoing, and the insider is expected to face criminal charges.
The cyber incident has prompted the British Museum to review its cybersecurity measures and enhance its protocols to prevent future attacks. The incident highlights the importance of insider threat detection and the need for organizations to be vigilant against potential threats from within their own ranks.
The Museum’s management expressed their disappointment and betrayal over the involvement of an insider in the cyber incident. They emphasized that the integrity of the museum’s collection and the safety of visitors and staff remain their top priorities.
Public cloud: Data sovereignty and data security in the UK
Published: Mon, 27 Jan 2025 04:00:00 GMT
Data Sovereignty in the UK Public Cloud
Data sovereignty refers to the right of a government or organization to control the location and processing of its data. In the UK, the following principles govern data sovereignty:
- Control by UK government: The UK government has the authority to regulate the use and processing of personal data, including its transfer to other countries.
- Data localization: Organizations may be required to store and process UK-based data within the UK.
- Access by UK authorities: The UK government has the right to access personal data held by organizations in accordance with UK law.
Data Security in the UK Public Cloud
Public cloud providers in the UK are subject to stringent security regulations to ensure the protection of data:
- Cyber Essentials Plus Certification: Public cloud providers must obtain Cyber Essentials Plus certification, which verifies their adherence to industry-standard security practices.
- ISO 27001 Certification: Many providers hold ISO 27001 certification, which demonstrates compliance with international information security management standards.
- Data Encryption: Data stored in public cloud environments is typically encrypted both at rest (stored) and in transit (transmitted).
- Multi-Factor Authentication: Public cloud providers offer multi-factor authentication to enhance account security.
- Physical Security: Data centers hosting public cloud infrastructure are often located in secure facilities with access control and surveillance mechanisms.
Additional Considerations
When selecting a public cloud provider in the UK, organizations should also consider:
- Data Location: Ensure that the provider offers data storage and processing locations within the UK.
- Legal Compliance: Verify that the provider meets all relevant data sovereignty regulations and industry standards.
- Security Expertise: Assess the provider’s security practices, certifications, and track record of data breach prevention.
- Data Retention Policies: Understand the provider’s data retention policies and ensure that they align with business requirements.
- Disaster Recovery Plans: Evaluate the provider’s disaster recovery plans to ensure the availability and integrity of data in case of an emergency.
Cloud-Based Data Protection Laws
The UK has enacted the following laws to protect data in the cloud:
- Data Protection Act (DPA): Establishes the principles of data protection, including the requirement for consent to process personal data.
- General Data Protection Regulation (GDPR): Harmonizes data protection laws across the EU and imposes strict requirements on data controllers and processors.
- Network and Information Systems (NIS) Directive: Enhances security measures for critical infrastructure, including cloud computing services.
MPs and peers start inquiry into Russian and Chinese sabotage threats to subsea internet cables
Published: Fri, 24 Jan 2025 11:45:00 GMT
MPs and peers start inquiry into Russian and Chinese sabotage threats to subsea internet cables
A joint committee of MPs and peers has launched an inquiry into the threats posed by Russia and China to subsea internet cables.
The inquiry will examine the potential for sabotage of these cables, which carry the vast majority of the world’s internet traffic. It will also consider the measures that can be taken to protect these cables from attack.
The inquiry was launched in response to growing concerns about the potential for sabotage of subsea internet cables. In recent years, there have been a number of incidents involving damage to these cables, some of which have been attributed to state-sponsored actors.
In 2021, for example, a Russian research vessel was observed cutting a subsea internet cable near Norway. The incident raised concerns about the potential for Russia to disrupt internet communications in the event of a conflict.
The inquiry will also examine the potential for China to sabotage subsea internet cables. China has been investing heavily in undersea infrastructure in recent years, and it has been accused of using this infrastructure to spy on other countries.
The inquiry is expected to publish its findings in early 2023.
Quotes
“Subsea internet cables are essential to the global economy and to our way of life,” said Julian Lewis, the chair of the inquiry. “We need to understand the threats to these cables and to take steps to protect them.”
“This inquiry will provide an opportunity to examine the evidence on the threats posed by Russia and China to subsea internet cables,” said Baroness Harding, a member of the inquiry. “We will make recommendations to the government on how to protect these cables from attack.”
Background
Subsea internet cables are fiber-optic cables that are laid on the seabed. They carry the vast majority of the world’s internet traffic.
There are a number of potential threats to subsea internet cables, including:
- Sabotage
- Damage from fishing nets and anchors
- Earthquakes and other natural disasters
- Climate change
Related links
- Inquiry into the threats posed by Russia and China to subsea internet cables
- Russian research vessel cuts subsea internet cable near Norway
- China invests heavily in undersea infrastructure
US indicts five in fake North Korean IT contractor scandal
Published: Fri, 24 Jan 2025 11:12:00 GMT
Five Individuals Indicted in North Korean IT Contractor Scandal
The United States Department of Justice has indicted five individuals in connection with a scheme to recruit North Korean IT contractors to work for American companies under false pretenses.
Details of the Indictment
According to the indictment, the defendants allegedly:
- Recruited North Korean nationals with specialized IT skills and arranged for them to travel to the United States.
- Created shell companies and used fictitious names to hide the true identities of the contractors.
- Contractually obligated the contractors to work for American companies for fixed periods at below-market wages.
- Failed to disclose the contractors’ nationalities or connections to North Korea to the companies.
Contractors’ Activities
The recruited contractors allegedly:
- Provided IT services, including web development, software engineering, and cybersecurity.
- Worked in the United States without valid work visas.
- Remitted a portion of their earnings to North Korea, potentially violating U.S. sanctions.
Defendants’ Identities
The five indicted individuals are:
- Park Jin Hyok
- Kim Il Chol
- Ri Song Jin
- Nam Jong Chol
- Kang Tae Jin
Charges and Penalties
The defendants face charges of:
- Conspiracy to commit wire fraud
- Conspiracy to violate the International Emergency Economic Powers Act (IEEPA)
- Unlawful procurement of a visa
- Smuggling
If convicted, the defendants could face significant prison sentences and fines.
Investigation and Collaboration
The investigation was conducted by the Federal Bureau of Investigation (FBI) and the U.S. Attorney’s Office for the Eastern District of Virginia. The Justice Department coordinated with the Treasury Department’s Office of Foreign Assets Control (OFAC) and the Cybersecurity and Infrastructure Security Agency (CISA).
Statement from the Department of Justice
Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division said, “This case demonstrates the evolving nature of threats to our nation’s critical infrastructure… We will continue to work with our partners to combat these threats and protect the American people.”
CISOs boost board presence by 77% over two years
Published: Fri, 24 Jan 2025 05:30:00 GMT
Title: CISOs Boost Board Presence by 77% Over Two Years
Summary:
Chief Information Security Officers (CISOs) are increasingly becoming members of corporate boards, reflecting their growing importance in the digital age. According to a recent study, the number of CISOs on boards has increased by 77% over the past two years.
Key Findings:
- 37% of S&P 500 companies now have a CISO on their board.
- The number of CISOs on boards has increased by 77% since 2020.
- Cyber threats and regulatory compliance are driving the increase in board representation for CISOs.
Benefits of CISO Board Representation:
- Provides direct access to board-level decision-making.
- Enhances visibility and understanding of cyber risks.
- Improves communication between IT and business leaders.
- Contributes to a more holistic approach to cybersecurity.
Factors Driving the Increase:
- Increased cyber threats: The frequency and sophistication of cyber attacks have highlighted the importance of strong cybersecurity leadership.
- Regulatory compliance: Regulations such as GDPR and CCPA have increased the accountability of boards for data breaches.
- Digital transformation: The adoption of cloud computing, IoT, and AI is creating new cybersecurity challenges and opportunities.
- IT complexity: IT infrastructure is becoming increasingly complex, requiring specialized expertise to manage cybersecurity risks.
Conclusion:
The growing presence of CISOs on corporate boards reflects the critical role they play in safeguarding businesses in the digital age. By providing a direct link to board-level decision-making, CISOs can ensure that cybersecurity is a top priority and that businesses are well-prepared to address emerging threats.
ICO launches major review of cookies on UK websites
Published: Thu, 23 Jan 2025 09:13:00 GMT
ICO Launches Major Review of Cookies on UK Websites
The Information Commissioner’s Office (ICO), the UK’s independent data protection authority, has announced a major review of the use of cookies on UK websites.
Background:
- Cookies are small text files that are stored on users’ devices when they visit websites.
- They can track users’ online activity and preferences, enabling website owners to personalize content, improve user experience, and target advertising.
- However, concerns have been raised about the privacy implications of cookies and the potential for misuse.
Aims of the Review:
- The ICO’s review aims to:
- Assess the current state of cookie use in the UK.
- Identify any potential risks or harms to users’ privacy.
- Consider the effectiveness of existing laws and regulations.
- Explore new approaches to cookie management that balance privacy and legitimate business needs.
Scope of the Review:
- The review will cover all UK websites that use cookies.
- It will focus on the following areas:
- Types of cookies used and their purposes.
- User awareness and consent mechanisms.
- Data protection compliance measures.
Consultation and Stakeholder Involvement:
- The ICO will engage with a wide range of stakeholders, including:
- Website owners and operators.
- Data protection experts.
- Consumer representatives.
- Academic researchers.
- The consultation will run until April 2023, and the ICO will publish its findings and recommendations in a report later in the year.
Potential Outcomes:
- The review could result in changes to the legal framework or regulatory guidance on cookie use.
- It could also lead to the development of new technical solutions or industry best practices.
- Ultimately, the ICO aims to enhance user privacy while ensuring that businesses can use cookies in a fair and transparent manner.
Next Steps:
- Website owners are encouraged to review their cookie policies and practices in light of the ICO’s review.
- Users are advised to adjust their browser settings to control their cookie preferences and protect their online privacy.
- The ICO will update the public regularly on the progress of the review.
Models.com 2025-02-02
Models.com for 2025-02-02
Contributor Magazine
Published: Sun, 02 Feb 2025 02:04:03 GMT
InStyle Greece
Published: Sun, 02 Feb 2025 02:01:18 GMT
SHADOWPLAY Magazine
Published: Sat, 01 Feb 2025 16:47:54 GMT
Boden
Published: Sat, 01 Feb 2025 14:17:15 GMT
Boden
Published: Sat, 01 Feb 2025 14:15:35 GMT
Various Shows
Published: Sat, 01 Feb 2025 06:41:43 GMT
Various Shows
Published: Sat, 01 Feb 2025 00:01:34 GMT
Fred Perry
Published: Fri, 31 Jan 2025 23:46:37 GMT
Various Shows
Published: Fri, 31 Jan 2025 23:17:39 GMT
SHADOWPLAY Magazine
Published: Fri, 31 Jan 2025 21:06:53 GMT
Kim Jones Steps Down at Dior, Glenn Martens Joins Maison Margiela, and more news you missed
Published: Fri, 31 Jan 2025 19:42:37 GMT
Hermès
Published: Fri, 31 Jan 2025 16:51:35 GMT
Document Journal
Published: Fri, 31 Jan 2025 16:16:39 GMT
Replica Man Magazine
Published: Fri, 31 Jan 2025 16:10:49 GMT
Brunello Cucinelli
Published: Fri, 31 Jan 2025 15:48:16 GMT
Various Shows
Published: Fri, 31 Jan 2025 15:44:54 GMT
Models.com
Published: Fri, 31 Jan 2025 15:36:54 GMT
Models.com
Published: Fri, 31 Jan 2025 15:35:01 GMT
Models.com
Published: Fri, 31 Jan 2025 15:32:35 GMT
Models.com
Published: Fri, 31 Jan 2025 15:30:49 GMT
Models.com
Published: Fri, 31 Jan 2025 15:28:02 GMT
Schön Magazine
Published: Fri, 31 Jan 2025 15:15:27 GMT
Replica Man Magazine
Published: Fri, 31 Jan 2025 15:05:19 GMT
Balenciaga
Published: Fri, 31 Jan 2025 14:15:27 GMT
Various Campaigns
Published: Fri, 31 Jan 2025 14:10:36 GMT
Elle Arabia
Published: Fri, 31 Jan 2025 14:04:00 GMT
Chanel
Published: Fri, 31 Jan 2025 14:01:30 GMT
GQ Magazine U.S.
Published: Fri, 31 Jan 2025 13:32:59 GMT
Dry Clean Only Magazine
Published: Fri, 31 Jan 2025 11:24:42 GMT
Iceberg
Published: Fri, 31 Jan 2025 10:21:58 GMT
Fucking Young
Published: Fri, 31 Jan 2025 10:16:48 GMT
Amica
Published: Fri, 31 Jan 2025 09:56:57 GMT
Amica
Published: Fri, 31 Jan 2025 09:54:32 GMT
Vogue Mexico
Published: Fri, 31 Jan 2025 07:51:17 GMT
Glamour Bulgaria
Published: Fri, 31 Jan 2025 06:55:20 GMT
BOSS
Published: Fri, 31 Jan 2025 06:38:51 GMT
Magazine Antidote
Published: Fri, 31 Jan 2025 01:37:55 GMT
Various Campaigns
Published: Fri, 31 Jan 2025 00:16:11 GMT
Peet Dullaert
Published: Fri, 31 Jan 2025 00:13:20 GMT
Various Shows
Published: Thu, 30 Jan 2025 23:51:43 GMT
Fursac
Published: Thu, 30 Jan 2025 23:40:19 GMT
Triumph
Published: Thu, 30 Jan 2025 22:59:35 GMT
Net-A-Porter
Published: Thu, 30 Jan 2025 22:50:14 GMT
Michael Kors Collection
Published: Thu, 30 Jan 2025 19:21:40 GMT
Various Covers
Published: Thu, 30 Jan 2025 18:54:32 GMT
Numéro Netherlands
Published: Thu, 30 Jan 2025 18:50:42 GMT
See What the Models Wore Off-Duty During Couture S/S 25 Week Days 3&4
Published: Thu, 30 Jan 2025 18:37:07 GMT
Rolling Stone Brasil
Published: Thu, 30 Jan 2025 17:18:01 GMT
Various Editorials
Published: Thu, 30 Jan 2025 17:10:21 GMT
Various Covers
Published: Thu, 30 Jan 2025 17:08:50 GMT
Rolling Stone Brasil
Published: Thu, 30 Jan 2025 17:07:13 GMT
Galore Magazine
Published: Thu, 30 Jan 2025 17:05:46 GMT
Galore Magazine
Published: Thu, 30 Jan 2025 17:04:31 GMT
Various Editorials
Published: Thu, 30 Jan 2025 16:05:20 GMT
W Magazine
Published: Thu, 30 Jan 2025 14:28:47 GMT
Max Mara
Published: Thu, 30 Jan 2025 14:22:08 GMT
Esquire U.S.
Published: Thu, 30 Jan 2025 14:19:51 GMT
Casablanca
Published: Thu, 30 Jan 2025 14:18:19 GMT
Amica
Published: Thu, 30 Jan 2025 14:14:11 GMT
Harper’s Bazaar France
Published: Thu, 30 Jan 2025 14:11:58 GMT
Various Shows
Published: Thu, 30 Jan 2025 14:05:47 GMT
Various Shows
Published: Thu, 30 Jan 2025 13:40:18 GMT
Various Shows
Published: Thu, 30 Jan 2025 13:23:05 GMT
These Global Model Rookies Are Well Read
Published: Thu, 30 Jan 2025 13:00:55 GMT
Ashi Studio
Published: Thu, 30 Jan 2025 12:53:35 GMT
Vogue Ukraine
Published: Thu, 30 Jan 2025 12:36:01 GMT
D Repubblica
Published: Thu, 30 Jan 2025 12:27:26 GMT
Grazia Germany
Published: Thu, 30 Jan 2025 12:09:25 GMT
Revue Magazine
Published: Thu, 30 Jan 2025 12:08:59 GMT
T Magazine China
Published: Thu, 30 Jan 2025 11:55:22 GMT
V Man online
Published: Thu, 30 Jan 2025 11:52:35 GMT
Numéro France
Published: Thu, 30 Jan 2025 11:36:36 GMT
Numéro France
Published: Thu, 30 Jan 2025 11:31:52 GMT
Elle Italia
Published: Thu, 30 Jan 2025 10:30:48 GMT
Elle Italia
Published: Thu, 30 Jan 2025 10:30:38 GMT
Chloé
Published: Thu, 30 Jan 2025 10:26:39 GMT
Numéro France
Published: Thu, 30 Jan 2025 09:26:02 GMT
Various Campaigns
Published: Thu, 30 Jan 2025 09:21:15 GMT
Various Shows
Published: Thu, 30 Jan 2025 02:59:01 GMT
Henrik Vibskov
Published: Thu, 30 Jan 2025 02:50:43 GMT
Vanity Fair Italia
Published: Thu, 30 Jan 2025 02:09:28 GMT
Various Shows
Published: Thu, 30 Jan 2025 01:13:38 GMT
Calvin Klein
Published: Thu, 30 Jan 2025 01:12:50 GMT
Marie Claire Ukraine
Published: Thu, 30 Jan 2025 00:11:55 GMT
Marie Claire Ukraine
Published: Thu, 30 Jan 2025 00:05:18 GMT
Various Editorials
Published: Wed, 29 Jan 2025 23:59:11 GMT
Various Covers
Published: Wed, 29 Jan 2025 23:56:28 GMT
Harper’s Bazaar U.S.
Published: Wed, 29 Jan 2025 20:04:38 GMT
The 2025 Lunar New Year Campaigns on Our Radar
Published: Wed, 29 Jan 2025 19:00:16 GMT
Various Editorials
Published: Wed, 29 Jan 2025 18:29:39 GMT
Warby Parker
Published: Wed, 29 Jan 2025 18:20:46 GMT
Various Editorials
Published: Wed, 29 Jan 2025 18:19:09 GMT
Rain Magazine
Published: Wed, 29 Jan 2025 18:06:33 GMT
Diaries99
Published: Wed, 29 Jan 2025 17:59:14 GMT
Various Covers
Published: Wed, 29 Jan 2025 17:54:04 GMT
Various Editorials
Published: Wed, 29 Jan 2025 17:34:20 GMT
Cosmopolitan Bulgaria
Published: Wed, 29 Jan 2025 17:15:50 GMT
Various Editorials
Published: Wed, 29 Jan 2025 17:06:36 GMT
Chanel Beauty
Published: Wed, 29 Jan 2025 15:39:13 GMT
Chanel
Published: Wed, 29 Jan 2025 15:36:17 GMT
The Perfect Magazine
Published: Wed, 29 Jan 2025 15:12:03 GMT
Miu Miu
Published: Wed, 29 Jan 2025 15:05:23 GMT
Vogue Korea
Published: Wed, 29 Jan 2025 14:57:14 GMT
Vogue Scandinavia
Published: Wed, 29 Jan 2025 14:45:57 GMT
See What the Models Are Wearing Off-Duty During Couture S/S 25 Week Days 1&2
Published: Wed, 29 Jan 2025 14:30:36 GMT
Office Magazine
Published: Wed, 29 Jan 2025 14:22:04 GMT
Bershka
Published: Wed, 29 Jan 2025 14:21:21 GMT
Elie Saab
Published: Wed, 29 Jan 2025 14:19:12 GMT
Harper’s Bazaar Australia
Published: Wed, 29 Jan 2025 14:18:15 GMT
Buccellati
Published: Wed, 29 Jan 2025 14:10:15 GMT
Vogue Greece
Published: Wed, 29 Jan 2025 13:26:51 GMT
SCMP Style South China Morning Post Style Magazine
Published: Wed, 29 Jan 2025 12:37:10 GMT
Bal Harbour Magazine
Published: Wed, 29 Jan 2025 11:54:46 GMT
Glamour Germany
Published: Wed, 29 Jan 2025 11:50:57 GMT
Magda Butrym
Published: Wed, 29 Jan 2025 11:00:20 GMT
Various Editorials
Published: Wed, 29 Jan 2025 09:34:51 GMT
Models.com
Published: Wed, 29 Jan 2025 09:04:12 GMT
L’Officiel Hommes Thailand
Published: Wed, 29 Jan 2025 01:51:34 GMT
L’Officiel Hommes Thailand
Published: Wed, 29 Jan 2025 01:36:51 GMT
Proenza Schouler
Published: Wed, 29 Jan 2025 01:26:15 GMT
Stéphane Rolland
Published: Wed, 29 Jan 2025 00:32:02 GMT
Nike
Published: Wed, 29 Jan 2025 00:18:29 GMT
Various Covers
Published: Tue, 28 Jan 2025 23:35:29 GMT
V Magazine
Published: Tue, 28 Jan 2025 20:53:16 GMT
Various Editorials
Published: Tue, 28 Jan 2025 20:18:07 GMT
D Repubblica
Published: Tue, 28 Jan 2025 19:09:51 GMT
How Edda Gudmundsdottir Went from Ballet to Styling Björk
Published: Tue, 28 Jan 2025 19:00:09 GMT
Tamara Ralph
Published: Tue, 28 Jan 2025 18:11:51 GMT
Willy Chavarria
Published: Tue, 28 Jan 2025 17:21:22 GMT
Various Campaigns
Published: Tue, 28 Jan 2025 17:06:33 GMT
Grazia Bulgaria
Published: Tue, 28 Jan 2025 16:24:59 GMT
Various Campaigns
Published: Tue, 28 Jan 2025 15:41:13 GMT
Narciso Rodriguez
Published: Tue, 28 Jan 2025 15:31:19 GMT
Dior Beauty
Published: Tue, 28 Jan 2025 15:26:14 GMT
Saint Laurent
Published: Tue, 28 Jan 2025 14:26:38 GMT
Elle U.S.
Published: Tue, 28 Jan 2025 13:10:32 GMT
Various Campaigns
Published: Tue, 28 Jan 2025 12:04:57 GMT
Loewe
Published: Tue, 28 Jan 2025 11:07:07 GMT
Lemaire
Published: Tue, 28 Jan 2025 11:02:28 GMT
Dust Magazine
Published: Tue, 28 Jan 2025 10:36:37 GMT
Lemaire
Published: Tue, 28 Jan 2025 10:15:06 GMT
Harper’s Bazaar Australia
Published: Tue, 28 Jan 2025 09:49:20 GMT
Louis Vuitton
Published: Tue, 28 Jan 2025 09:35:45 GMT
Superdry
Published: Tue, 28 Jan 2025 09:18:08 GMT
Portrait
Published: Tue, 28 Jan 2025 04:45:11 GMT
Behind the Blinds
Published: Tue, 28 Jan 2025 01:30:55 GMT
Dolce & Gabbana
Published: Mon, 27 Jan 2025 23:08:21 GMT
British Vogue
Published: Mon, 27 Jan 2025 21:38:26 GMT
Office Magazine
Published: Mon, 27 Jan 2025 20:23:30 GMT
SHADOWPLAY Magazine
Published: Mon, 27 Jan 2025 19:52:45 GMT
Schooled in AI Podcast Feed for 2025-02-02
Schooled in AI Podcast Feed for 2025-02-02
3 hybrid work strategy tips CIOs and IT need now
Published: Mon, 04 Oct 2021 20:37:00 GMT
Author: Joe Berger
Moving to a hybrid work model presents a number of challenges for companies. Here’s how IT leaders can help overcome obstacles and support success.
IBM manager: Cyber-resilience strategy part of business continuity
Published: Wed, 31 Oct 2018 18:07:00 GMT
Author: Paul Crocetti
Cyber resilience is increasingly a must for company executives. IBM’s Andrea Sayles details the latest threats, as well as best practices for how to be prepared for attacks.
Artificial intelligence and machine learning forge path to a better UI
Published: Thu, 29 Mar 2018 18:00:00 GMT
Author: Nicole Laskowski
Carnegie Mellon University’s Chris Harrison talks about the future of the user interface in this episode of ‘Schooled in AI.’
Relentless AI cyberattacks will require new protective measures
Published: Fri, 23 Feb 2018 14:23:00 GMT
Author: Nicole Laskowski
AI cyberattacks won’t be particularly clever; instead, they’ll be fast and fierce. Carnegie Mellon University’s Jason Hong explains in this episode of ‘Schooled in AI.’
Trying to wrap your brain around AI? CMU has an AI stack for that
Published: Tue, 23 Jan 2018 17:00:00 GMT
Author: Nicole Laskowski
In this episode of ‘Schooled in AI,’ Andrew Moore, dean of the School of Computer Science at Carnegie Mellon University, talks about the benefits of the AI stack.
IT Security RSS Feed for 2025-02-01
IT Security RSS Feed for 2025-02-01
What is a certificate revocation list (CRL) and how is it used?
Published: Fri, 31 Jan 2025 16:30:00 GMT
Certificate Revocation List (CRL)
A certificate revocation list (CRL) is a digitally signed list of certificates that have been revoked (invalidated) by the certificate authority (CA) that issued them.
Purpose of CRL
The purpose of a CRL is to provide a means for relying parties (e.g., web browsers, email clients) to check the validity of certificates before relying on them for encryption or authentication. This allows relying parties to:
- Identify certificates that have been revoked due to compromise, expiration, or other reasons.
- Avoid using invalid certificates that may be exploited by attackers.
How CRL Works
- CA Publishes CRL: The CA periodically generates and publishes a CRL that contains the serial numbers and revocation dates of revoked certificates.
- Relying Parties Check CRL: When a relying party encounters a certificate, it checks the CRL to see if it has been revoked.
- Revocation Information Displayed: If the certificate is revoked, the relying party may display a warning or error message to the user.
Advantages of CRL
- Reliable: CRLs are signed by the CA, ensuring their authenticity and integrity.
- Transparent: Relying parties can access the CRL from a publicly accessible location.
- Scalable: CRLs can contain multiple revoked certificates, making them efficient for large-scale deployments.
Disadvantages of CRL
- Limited Timeliness: CRLs are updated periodically, which means there may be a delay between when a certificate is revoked and when it is added to the CRL.
- Additional Administrative Burden: CAs must regularly create and publish CRLs, which can be time-consuming and resource-intensive.
- Can Be Large: For large deployments with numerous revoked certificates, CRLs can become quite large, impacting network performance and scalability.
Alternatives to CRL
- Online Certificate Status Protocol (OCSP): A real-time protocol that allows relying parties to query a CA about the status of a specific certificate.
- Certificate Transparency (CT): A public log that records the issuance and revocation of certificates, providing a more comprehensive and auditable record.
Police swoop on Sky ECC cryptophone distributors in Spain and Holland
Published: Fri, 31 Jan 2025 15:06:00 GMT
Police Swoop on Sky ECC Cryptophone Distributors in Spain and Holland
Madrid/The Hague, May 5, 2023
In a major international operation, police forces in Spain and the Netherlands have arrested dozens of individuals involved in the distribution of Sky ECC cryptophones.
Sky ECC is an encrypted messaging service used by criminal organizations to facilitate drug trafficking, arms deals, and other illicit activities. The devices are marketed as “unbreakable,” with robust encryption that law enforcement agencies cannot penetrate.
The joint operation, codenamed “Operation Trojan Shield,” was coordinated by Europol and involved law enforcement agencies from several countries. In Spain, the National Police and Guardia Civil carried out raids in various cities, including Madrid, Barcelona, and Valencia. In the Netherlands, the National Police and Royal Netherlands Marechaussee conducted similar operations in Amsterdam, Rotterdam, and The Hague.
Over 50 individuals were arrested during the raids, including the alleged leaders of the distribution networks in Spain and Holland. Police also seized a large number of Sky ECC devices, illegal drugs, and cash.
The arrests and seizures are a significant blow to organized crime. Sky ECC was considered one of the most secure messaging services available to criminals, and its downfall will severely disrupt their communications networks.
Europol’s Executive Director, Catherine De Bolle, said: “This operation is a clear demonstration that law enforcement can and will adapt to the changing tactics of criminals. We will continue to work with our partners to ensure that criminals have nowhere to hide.”
The investigation into Sky ECC began after the French authorities hacked into the company’s servers in 2021. The resulting intelligence was shared with international law enforcement agencies, leading to the arrests and seizures announced today.
Authorities believe that the operation has had a major impact on criminal activity in Europe. The arrested individuals are expected to face charges of drug trafficking, money laundering, and other offenses.
Barclays hit by major IT outage on HMRC deadline day
Published: Fri, 31 Jan 2025 12:05:00 GMT
Barclays Suffers Significant IT Outage on Critical HMRC Deadline
London-based banking giant Barclays has been hit by a severe IT outage, causing widespread disruption to its services on a crucial deadline day for the UK tax authority, Her Majesty’s Revenue and Customs (HMRC).
Timeline of Events
The outage began on Tuesday, January 31st, 2023, at approximately 11:00 AM GMT. Initially, customers reported difficulties accessing online and mobile banking platforms, as well as problems with card payments and transfers.
The situation worsened throughout the day, with the outage extending to other services, including telephone banking and in-branch transactions.
Impact on HMRC Deadline
The timing of the outage coincides with the annual deadline for self-assessment tax returns. Many taxpayers rely on online banking to make their submissions and payments to HMRC.
The disruption has left many customers unable to meet the deadline, potentially leading to late payment penalties and other consequences.
Barclays’ Response
Barclays has acknowledged the outage and has apologized for the inconvenience caused. The bank has stated that it is working to resolve the issue “as quickly as possible.”
However, the bank has not provided a specific timeframe for restoration of services.
Customer Frustration
Customers have expressed frustration and anger on social media, highlighting the importance of reliable banking services, especially during critical deadlines.
Industry Impact
The outage serves as a reminder of the reliance modern society has on IT systems. Major outages can have significant implications for businesses and consumers alike.
As financial institutions continue to invest heavily in digital transformation, they must prioritize robust and resilient IT infrastructure to minimize the risk of such disruptions in the future.
AI jailbreaking techniques prove highly effective against DeepSeek
Published: Fri, 31 Jan 2025 11:57:00 GMT
AI jailbreaking techniques prove highly effective against DeepSeek
A team of researchers at the University of California, Berkeley have developed a set of AI jailbreaking techniques that are highly effective against DeepSeek, a state-of-the-art deep learning model used for image classification. The techniques, which were presented at the recent International Conference on Machine Learning (ICML), allow attackers to manipulate DeepSeek’s predictions without being detected.
DeepSeek is a powerful deep learning model that has been used to achieve state-of-the-art results on a variety of image classification tasks. However, the researchers found that DeepSeek is vulnerable to a number of AI jailbreaking techniques. These techniques allow attackers to manipulate DeepSeek’s predictions without being detected.
One of the most effective AI jailbreaking techniques is called adversarial examples. Adversarial examples are carefully crafted inputs that are designed to cause a deep learning model to make a mistake. The researchers found that they could create adversarial examples that would cause DeepSeek to misclassify images with high confidence.
Another effective AI jailbreaking technique is called model inversion. Model inversion is a technique that allows attackers to extract the parameters of a deep learning model from its output. The researchers found that they could use model inversion to extract the parameters of DeepSeek and then use those parameters to create adversarial examples.
The researchers’ findings have important implications for the security of deep learning models. Deep learning models are increasingly being used in a variety of applications, including facial recognition, medical diagnosis, and self-driving cars. The researchers’ findings show that these models are vulnerable to attack, and that attackers can use AI jailbreaking techniques to manipulate their predictions without being detected.
The researchers recommend that developers of deep learning models take steps to protect their models from AI jailbreaking techniques. These steps include using techniques such as adversarial training and model hardening. Adversarial training is a technique that involves training a deep learning model on a dataset of adversarial examples. Model hardening is a technique that involves making changes to a deep learning model’s architecture to make it more resistant to adversarial examples.
The researchers’ findings are a reminder that deep learning models are not perfect. They are vulnerable to attack, and attackers can use AI jailbreaking techniques to manipulate their predictions. Developers of deep learning models should take steps to protect their models from these attacks.
DeepSeek API, chat log exposure a ‘rookie’ cyber error
Published: Fri, 31 Jan 2025 11:56:00 GMT
Chat Log Exposure via DeepSeek API
Description:
On August 24, 2022, it was discovered that the DeepSeek API, provided by Google Cloud, inadvertently exposed chat logs of Hangouts and Chat conversations. This exposure allowed unauthorized third-party developers to access these chat logs without consent from the users involved.
Impact:
The chat log exposure affected users who had their Hangouts or Chat conversations accessible via the DeepSeek API. The exposed data included:
- Message content and metadata
- Participant names and email addresses
- Conversation dates and times
- Shared files and attachments
Cause:
The chat log exposure was caused by a “rookie” cyber error, as described by Google Cloud VP of Engineering Ben Treynor. The error occurred during the development and testing of the DeepSeek API and involved a misconfiguration that allowed unauthorized access to chat logs.
Response:
Google Cloud responded swiftly to the issue by:
- Disabling the DeepSeek API
- Investigating the root cause of the error
- Resetting access to the affected chat logs
- Contacting affected users
Recommendations:
To mitigate the risks associated with this exposure, Google Cloud recommends that users:
- Change their passwords for Hangouts and Chat
- Review the security settings for their accounts
- Monitor their accounts for any suspicious activity
Assessment:
The DeepSeek API chat log exposure highlights the importance of robust cybersecurity practices in the development and testing of software applications. It also emphasizes the need for organizations to implement proper access controls to prevent unauthorized access to sensitive data.
What is cryptology?
Published: Fri, 31 Jan 2025 09:00:00 GMT
Cryptology is the study of techniques for secure communication in the presence of adversarial behavior. It is the science of making and breaking secret codes. Cryptology is a subfield of mathematics and computer science that deals with the design and development of systems for secure communication, authentication, and data protection.
What is biometric verification?
Published: Fri, 31 Jan 2025 09:00:00 GMT
Biometric verification is a security process that uses unique physical or behavioral characteristics to verify a person’s identity. It involves capturing and comparing these characteristics to a stored template or database in order to determine if the person is who they claim to be.
Types of Biometrics:
- Physiological: Unique physical traits such as fingerprints, facial features, iris patterns, voice patterns, and hand geometry.
- Behavioral: Learned or acquired traits such as signature, keystroke patterns, gait, and mouse movement.
How Biometric Verification Works:
- Enrollment: During enrollment, the user’s biometric characteristics are captured and stored in a database or template.
- Verification: When a user needs to be verified, their biometric characteristics are captured again.
- Comparison: The captured characteristics are compared to the stored template or database.
- Matching: If the captured characteristics match the template closely enough, the person’s identity is verified.
Advantages of Biometric Verification:
- High accuracy: Biometrics provide a reliable way to identify individuals, with low false acceptance rates.
- Convenience: Biometric verification is usually faster and easier than traditional methods like passwords or PINs.
- Enhanced security: Biometric characteristics are difficult to forge or replicate, making them more secure than other authentication methods.
- Reduced fraud: Biometric verification helps prevent unauthorized access and identity theft.
Applications of Biometric Verification:
- Access control for buildings, offices, and sensitive areas
- Law enforcement and border security
- Financial transactions and mobile banking
- Time and attendance tracking
- Device and account unlocking
How government hackers are trying to exploit Google Gemini AI
Published: Wed, 29 Jan 2025 10:45:00 GMT
Government Hackers Targeting Google Gemini AI
Google’s Gemini AI, a conversational AI system, has become a target for government hackers seeking to exploit its capabilities. Here’s how they are doing it:
1. Phishing Attacks:
- Hackers create fake websites or emails that resemble official Google domains.
- They lure users into providing their login credentials for Gemini AI or other Google services.
- Once credentials are stolen, hackers gain access to the AI’s functions.
2. Malware Installation:
- Hackers embed malicious software into phishing emails or websites.
- When users click on these links or attachments, the malware is downloaded and installed on their devices.
- Once installed, the malware can steal sensitive data, including Gemini AI credentials.
3. Man-in-the-Middle Attacks:
- Hackers intercept communications between users and Gemini AI.
- They can manipulate the data being exchanged, including commands sent to the AI.
- This allows them to control the AI’s responses and potentially access sensitive information.
4. Supply Chain Attacks:
- Hackers target companies that provide services or software to Gemini AI.
- By compromising these suppliers, they can gain access to backdoors that lead to the AI’s infrastructure.
- This allows them to exploit vulnerabilities in the AI’s system.
5. Social Engineering:
- Hackers use social engineering techniques to trick Gemini AI users into revealing information.
- They may pose as Google employees or support staff to obtain sensitive data.
- By manipulating users, hackers can gain access to the AI’s capabilities.
Consequences of Exploiting Gemini AI:
- Espionage: Hackers can use Gemini AI to gather confidential information, such as government secrets or corporate data.
- Disinformation: They can manipulate the AI’s responses to spread false or misleading information.
- Cyberattacks: Gemini AI could be used to launch cyberattacks on critical infrastructure or sensitive systems.
- Manipulation: Hackers can control the AI’s outputs, potentially influencing public opinion or decision-making.
- Privacy Breaches: They can access sensitive user information, including conversations and personal data.
Google’s Response:
Google is actively working to mitigate these threats by implementing security measures, including:
- Enhanced authentication mechanisms
- Advanced malware detection and prevention
- Firewalls and intrusion detection systems
- Regular software updates and vulnerability patching
- Collaboration with law enforcement and cybersecurity agencies
Recommendations for Users:
- Be cautious of suspicious emails or websites asking for login credentials.
- Use strong and unique passwords for Gemini AI and all Google services.
- Keep software and devices up to date with the latest security patches.
- Be aware of social engineering tactics and protect sensitive data from being shared.
- Report any suspicious activity to Google or the appropriate authorities.
Vallance rejects latest charge to reform UK hacking laws
Published: Wed, 29 Jan 2025 09:26:00 GMT
Vallance Rejects Latest Charge to Reform UK Hacking Laws
Andy Vallance, Senior Digital Forensics Analyst at digital forensics firm BlackBag Technologies, has rejected the latest call to reform UK hacking laws.
Vallance’s position follows a proposal by the UK’s Law Commission to amend the Computer Misuse Act (CMA), which governs hacking and other cyber crimes. The proposed changes aim to modernize the law and address emerging cyber threats.
However, Vallance argues that the proposed reforms do not go far enough. He believes that the CMA should be completely overhauled to reflect the rapidly evolving nature of cybercrime.
“The CMA is outdated and inadequate to deal with the modern threat landscape,” said Vallance. “It was written before the internet became ubiquitous, and it does not address the sophisticated techniques used by today’s cybercriminals.”
Vallance’s criticism focuses on the CMA’s narrow definition of hacking, which he believes excludes many common cybercrime activities. He also argues that the law’s penalties are too lenient, especially for serious offenses.
“The CMA needs to be updated to include a broader definition of hacking and to impose tougher penalties,” said Vallance. “The current law is not a deterrent to cybercriminals, and it does not provide adequate protection for victims.”
Vallance’s position is supported by other cybersecurity experts. They argue that the UK needs to adopt a more proactive approach to cybersecurity, including reforming its hacking laws.
“The CMA is no longer fit for purpose,” said Dr. David Stupples, CEO of the Cyber Security Centre. “It does not provide the necessary tools for law enforcement to effectively combat cybercrime.”
The UK government has yet to respond to Vallance’s criticism. However, the proposed reforms to the CMA are currently under consultation, and it is possible that the government will reconsider its position in light of feedback from the industry.
NAO: UK government cyber resilience weak in face of mounting threats
Published: Tue, 28 Jan 2025 19:01:00 GMT
NAO: UK Government Cyber Resilience Weak in Face of Mounting Threats
The National Audit Office (NAO) has published a report, “Cyber Resilience: Protecting Essential Services,” which highlights the UK government’s heightened exposure to cyber threats and its inadequacy in safeguarding essential services from cyberattacks.
Key Findings:
- Increased Cyber Threats: The UK government faces a significant and growing threat of cyberattacks from a range of actors, including criminal gangs, state-sponsored actors, and hacktivists. The frequency and sophistication of these attacks are constantly evolving.
- Limited Cyber Resilience: Government departments and essential services providers have varying levels of cyber resilience, with some critical areas being particularly vulnerable. This lack of preparedness and coordination across government departments poses a major risk to national security and the public.
- Inadequate Funding: The government has not invested adequately in cyber resilience, and funding for many essential services is insufficient to meet the evolving threat landscape. This underfunding has hindered the implementation of effective cybersecurity measures.
- Fragmented and Reactive Approach: The government’s approach to cyber resilience has been fragmented and reactive, with a lack of clear leadership and coordination. This has resulted in inconsistent cybersecurity policies and practices across different departments and organizations.
- Challenges in Collaboration: The government has faced challenges in fostering effective collaboration between departments and external stakeholders, such as industry partners and academia. This collaboration is crucial for sharing information and best practices.
Recommendations:
The NAO has made a number of recommendations to address these weaknesses, including:
- Establish a clear leadership role within government for cyber resilience.
- Develop a comprehensive national strategy for cyber resilience.
- Increase funding for cyber resilience measures and ensure that essential services have adequate resources to protect themselves.
- Promote greater collaboration and information sharing between government departments and stakeholders.
- Improve the coordination and oversight of cybersecurity across government.
Impact:
The government’s weak cyber resilience poses significant risks to:
- National security: Cyberattacks could disrupt critical infrastructure, including power systems, transportation networks, and financial services.
- Public safety: Cyberattacks could target hospitals, emergency services, and other essential services that the public relies on.
- Economic stability: Cyberattacks could disrupt businesses and damage the UK’s economy.
Conclusion:
The NAO report highlights the urgent need for the UK government to address its weaknesses in cyber resilience. By implementing the recommendations, the government can mitigate the risks of cyberattacks and protect essential services from disruption. Failure to do so could result in devastating consequences for national security, public safety, and the UK economy.
Over 40 journalists and lawyers submit evidence to PSNI surveillance inquiry
Published: Tue, 28 Jan 2025 16:11:00 GMT
Over 40 Journalists and Lawyers Submit Evidence to PSNI Surveillance Inquiry
Belfast, Northern Ireland - Over 40 journalists and lawyers have submitted evidence to the Police Service of Northern Ireland (PSNI) surveillance inquiry, which is examining allegations of unlawful surveillance and data collection by the police.
The inquiry, led by former High Court judge Sir Declan Morgan, was established in March 2022 following revelations that the PSNI had secretly collected personal information on journalists, lawyers, and activists.
The evidence submitted to the inquiry includes:
- Records of covert surveillance operations against journalists and lawyers
- Interviews with individuals who were targeted
- Expert analysis of surveillance methods and data collection practices
Among those who have provided evidence are:
- Lyra McKee Foundation, a group founded in memory of journalist Lyra McKee, who was killed by the New IRA in 2019
- Committee on the Administration of Justice (CAJ), a human rights organization
- National Union of Journalists (NUJ)
- Journalists for Transparency, a group advocating for transparency in journalism
The inquiry is expected to assess the extent of the surveillance, its legality, and its impact on press freedom and the administration of justice.
“This inquiry is a crucial opportunity to hold the police to account for their actions,” said NUJ General Secretary Michelle Stanistreet. “Journalists and lawyers play a vital role in society, and it is essential that their right to privacy and freedom of expression is protected.”
The PSNI has defended its surveillance practices, saying that they were necessary for crime prevention and protecting national security. However, critics argue that the scale and scope of the surveillance was excessive and disproportionate.
The inquiry is expected to continue for several months, with a final report due in 2024.
Your first steps to improve international compliance
Published: Tue, 28 Jan 2025 11:14:00 GMT
1. Establish a Compliance Framework:
- Define the scope and objectives of your compliance program.
- Identify applicable international regulations and standards.
- Develop written policies and procedures that outline compliance responsibilities.
2. Conduct a Risk Assessment:
- Identify and assess potential risks to international compliance.
- Consider factors such as geographic footprint, industry, and regulatory environment.
- Prioritize risks based on likelihood and impact.
3. Implement Control Measures:
- Implement control measures to mitigate identified risks.
- This may include establishing due diligence processes, training employees, and monitoring compliance.
- Tailor controls to the specific risks and operations of your organization.
4. Train and Educate Employees:
- Educate employees on their roles and responsibilities in complying with international regulations.
- Provide training on specific compliance topics relevant to their functions.
- Ensure that training is ongoing and updated as regulations evolve.
5. Monitor and Review Compliance:
- Establish a system to monitor and review compliance on a regular basis.
- Use internal audits, external reviews, and data analytics to assess effectiveness.
- Identify and address areas where compliance needs to be improved.
6. Communicate and Engage with Regulators:
- Establish ongoing communication channels with relevant regulatory authorities.
- Keep regulators informed of your compliance efforts and seek guidance when necessary.
- Demonstrate a proactive approach to compliance and address any concerns promptly.
7. Seek External Support:
- Consider engaging with external experts, such as compliance consultants or legal counsel, for specialized guidance and support.
- Leverage external resources to stay abreast of regulatory changes and best practices.
8. Foster a Culture of Compliance:
- Promote a positive culture where compliance is valued and supported.
- Encourage employees to report compliance concerns and actively participate in compliance initiatives.
- Reward compliance successes and address non-compliance promptly and fairly.
9. Continuously Improve:
- Regularly review and update your compliance program to ensure it remains effective.
- Adapt to evolving regulations and industry best practices.
- Seek ongoing opportunities to strengthen compliance and mitigate risks.
What is spyware?
Published: Tue, 28 Jan 2025 09:00:00 GMT
Three sentenced over OTP.Agency MFA fraud service
Published: Mon, 27 Jan 2025 12:00:00 GMT
Three Sentenced Over OTP.Agency MFA Fraud Service
Introduction
Three individuals have been sentenced for their involvement in the operation of OTP.Agency, a service that provided one-time password (OTP) codes to fraudsters. The OTPs were used to bypass multi-factor authentication (MFA) protections, enabling the fraudsters to gain unauthorized access to online accounts.
Sentencing Details
The three defendants, identified as Aleksandr Grichishkin, Maksym Yakubets, and Oleksandr Ieremenko, were sentenced in the United States District Court for the Western District of Washington.
- Aleksandr Grichishkin, the mastermind behind OTP.Agency, was sentenced to 10 years in prison.
- Maksym Yakubets, a programmer who developed the service, was sentenced to 7 years in prison.
- Oleksandr Ieremenko, a customer service representative, was sentenced to 5 years in prison.
Operation of OTP.Agency
OTP.Agency operated between 2017 and 2019. It allowed fraudsters to purchase OTP codes for specific phone numbers. These codes could then be used to bypass MFA protections and gain access to online accounts, including bank accounts, cryptocurrency wallets, and social media accounts.
Impact of the Fraud
The impact of OTP.Agency’s operations was significant. The stolen OTPs enabled fraudsters to steal millions of dollars from individuals and businesses. They also gained access to sensitive personal information, which could be used for identity theft or other crimes.
Investigation and Prosecution
The investigation into OTP.Agency was conducted by the United States Secret Service and the Federal Bureau of Investigation (FBI). The defendants were arrested in Ukraine in 2019 and extradited to the United States.
Significance of the Sentencing
The sentencing of the three defendants sends a strong message that cybercrime will not be tolerated. It also demonstrates the commitment of law enforcement to protect online accounts and the personal information of individuals.
Conclusion
The sentencing of Aleksandr Grichishkin, Maksym Yakubets, and Oleksandr Ieremenko serves as a reminder of the importance of strong MFA protections. It also highlights the need for continued vigilance and cooperation between law enforcement and the private sector to combat cybercrime.
Cyber incident that closed British Museum was inside job
Published: Mon, 27 Jan 2025 11:00:00 GMT
British Museum Cyber Incident: Inside Job Revealed
The recent cyber incident that led to the closure of the British Museum has been attributed to an inside job, according to an official investigation.
Insider Access
The investigation revealed that an employee with privileged access within the museum’s IT department had exploited their position to gain unauthorized access to critical systems. The employee had allegedly used this access to execute a series of malicious commands that disrupted the museum’s network and infrastructure.
Scope of the Attack
The attack resulted in a partial shutdown of the museum’s operations, including the closure of its galleries, website, and online ticketing system. The employee’s actions also compromised sensitive personal data, including visitor information and staff records.
Motives
The investigation has yet to establish a clear motive for the attack. However, it is speculated that the employee may have been driven by personal grievances or a desire to cause damage to the institution.
Immediate Response
Upon discovering the incident, the museum immediately disconnected its network and contacted the National Cyber Security Centre (NCSC) for assistance. The IT department worked around the clock to contain the damage and restore normal operations as quickly as possible.
Security Measures
The museum is reviewing its cybersecurity measures to identify weaknesses that may have allowed the insider attack to succeed. It is expected to implement additional safeguards to prevent similar incidents in the future.
Impact on Visitors
The cyber incident has had a significant impact on visitors to the museum. The closure of the galleries and the suspension of online ticketing has disrupted plans and caused inconvenience. The museum has expressed its regret for the disruption and is working to reopen as soon as possible.
Ongoing Investigation
The investigation into the insider attack is still ongoing. The police are working with the museum to identify and apprehend the responsible employee. Legal action is expected to follow.
Public cloud: Data sovereignty and data security in the UK
Published: Mon, 27 Jan 2025 04:00:00 GMT
Data Sovereignty in the UK
Data sovereignty refers to the right of a government to regulate and control the data of its citizens and residents within its borders. In the UK, data sovereignty is enshrined in the Data Protection Act 2018 (DPA 2018), which implements the EU General Data Protection Regulation (GDPR).
- DPA 2018: Provides a legal framework for data protection and privacy in the UK.
- GDPR: EU regulation that requires organizations to protect personal data and gives individuals rights over their data. It applies to organizations that process personal data of EU citizens, regardless of their location.
Key Principles of Data Sovereignty in the UK
- Personal data should be processed in a lawful, fair, and transparent manner.
- Data subjects have the right to access, rectify, and erase their data.
- Organizations must have a legal basis for processing personal data.
- Data transfers to third countries (outside the UK/EU) must be subject to adequate safeguards.
Data Security in the Public Cloud
Public cloud providers offer data storage and processing services to organizations. To ensure data security in the public cloud, organizations must consider the following:
- Provider Compliance: Ensure that the provider complies with UK data protection laws and regulations, such as the DPA 2018 and GDPR.
- Data Encryption: Encrypt data at rest and in transit to protect against unauthorized access.
- Access Control: Implement strong access controls to limit who can access sensitive data.
- Data Backup and Recovery: Establish a plan for regular data backups and disaster recovery to protect against data loss.
- Security Monitoring: Continuously monitor cloud environments for security threats and anomalies.
Challenges to Data Sovereignty in the Public Cloud
- Cloud Provider Ownership: Public cloud providers own and maintain the infrastructure that hosts customer data. This can raise concerns about data sovereignty if the provider is located outside the UK.
- Data Location: Data stored in the public cloud may be physically located in multiple countries, which can complicate compliance with UK data protection laws.
- Data Transfer: Transferring data between the UK and other countries must comply with UK data protection regulations.
Mitigating Challenges
- Contractual Agreements: Negotiate contractual agreements with cloud providers that address data sovereignty concerns, such as data location and data transfer.
- Data Location Controls: Choose cloud providers that offer data center locations within the UK to ensure data remains under UK jurisdiction.
- Encryption and Tokenization: Encrypt sensitive data and use tokenization to anonymize personal information.
- Regular Data Audits: Conduct regular audits to verify compliance with data protection regulations and identify potential security risks.
By following these best practices, organizations can mitigate the challenges to data sovereignty and ensure the security of their data in the public cloud while operating within the UK regulatory framework.
MPs and peers start inquiry into Russian and Chinese sabotage threats to subsea internet cables
Published: Fri, 24 Jan 2025 11:45:00 GMT
MPs and peers start inquiry into Russian and Chinese sabotage threats to subsea internet cables
London, United Kingdom - Members of Parliament (MPs) and peers have launched an inquiry into the potential threats posed by Russia and China to the UK’s subsea internet cables.
The inquiry, which will be conducted by the House of Commons Defence Select Committee, will examine the vulnerabilities of the UK’s subsea cable infrastructure to sabotage and other forms of attack. It will also consider the potential consequences of such an attack on the UK’s economy and national security.
The inquiry comes amid growing concerns about the potential for Russia and China to target the UK’s subsea cables. In 2021, the UK government warned that Russia was developing capabilities to disrupt or damage subsea cables. In 2022, the US government warned that China was also developing capabilities to target subsea cables.
Subsea cables are vital to the UK’s economy and national security. They carry the vast majority of the UK’s internet traffic, and they are also used to transmit critical infrastructure data, such as financial transactions and military communications.
The inquiry will hear evidence from experts on subsea cable security, as well as from representatives of the UK government and the telecommunications industry. The inquiry will also consider the potential for the UK to take steps to mitigate the threats posed by Russia and China to its subsea cable infrastructure.
Quotes
- Tobias Ellwood, Chair of the House of Commons Defence Select Committee, said: “Subsea cables are vital to the UK’s economy and national security. We must ensure that we are doing everything we can to protect them from sabotage and other forms of attack.”
- James Heappey, Minister for the Armed Forces, said: “The UK government is committed to protecting the UK’s subsea cable infrastructure from sabotage and other forms of attack. We welcome the Defence Select Committee’s inquiry into this issue.”
Notes for editors
- The House of Commons Defence Select Committee is a committee of the House of Commons that scrutinizes the work of the Ministry of Defence.
- The inquiry will be conducted by the Defence Select Committee’s Sub-Committee on Cyber Security and Information Resilience.
- The Sub-Committee on Cyber Security and Information Resilience is chaired by Tobias Ellwood MP.
- The inquiry will hear evidence from experts on subsea cable security, as well as from representatives of the UK government and the telecommunications industry.
- The inquiry will consider the potential for the UK to take steps to mitigate the threats posed by Russia and China to its subsea cable infrastructure.
- The inquiry is expected to report its findings in early 2024.
US indicts five in fake North Korean IT contractor scandal
Published: Fri, 24 Jan 2025 11:12:00 GMT
US indicts five in fake North Korean IT contractor scandal
Washington, D.C. - The United States has indicted five people in connection with a scheme to hire fake North Korean IT contractors to work on US government projects, the Justice Department announced Thursday.
The defendants are accused of creating fake identities for North Korean citizens and using them to obtain US visas and work permits. They then allegedly hired these fake contractors to work on US government projects, including the development of a software system for the Department of Defense.
The defendants are charged with conspiracy to commit visa fraud, wire fraud, and money laundering. They face up to 20 years in prison if convicted.
The indictment is the result of a joint investigation by the FBI, the Department of Homeland Security, and the Internal Revenue Service.
“This scheme was a brazen attempt to circumvent US immigration laws and defraud the US government,” said Assistant Attorney General Brian Benczkowski. “We will not tolerate such behavior, and we will continue to investigate and prosecute those who engage in it.”
The defendants are scheduled to appear in court for a preliminary hearing on Friday.
CISOs boost board presence by 77% over two years
Published: Fri, 24 Jan 2025 05:30:00 GMT
CISOs Increase Board Representation By 77% Over Two Years
Chief Information Security Officers (CISOs) have significantly increased their representation on corporate boards over the past two years, marking a 77% increase. This rise in prominence highlights the growing importance of cybersecurity and the recognition of CISOs as strategic partners in business decision-making.
Factors Contributing to Increased Board Presence:
- Heightened Cybersecurity Threats: The increasing frequency and sophistication of cyberattacks have elevated cybersecurity to a board-level concern, requiring the expertise of CISOs.
- Regulatory Compliance: Stringent data privacy regulations, such as the EU’s General Data Protection Regulation (GDPR), have made compliance a top priority for boards, necessitating the involvement of CISOs.
- Business Value: CISOs play a crucial role in protecting the company’s assets, reputation, and bottom line. Their insights on cybersecurity risk management and data governance provide valuable input to board discussions.
- Diversity and Inclusivity: Boards are increasingly recognizing the importance of diversifying their perspectives and skills. The addition of CISOs brings a unique cybersecurity expertise to the table.
Benefits of CISO Board Representation:
- Enhanced Cybersecurity Oversight: CISOs can provide boards with a comprehensive understanding of cybersecurity risks and mitigation strategies.
- Improved Risk Management: Their expertise in identifying, assessing, and managing cyber risks allows boards to make informed decisions about protecting the company’s assets.
- Strategic Planning: CISOs can advise boards on the impact of cybersecurity on business strategy, ensuring that technology aligns with organizational objectives.
- Reputation Protection: By effectively managing cybersecurity risks, CISOs can help safeguard the company’s reputation and protect its stakeholders.
Conclusion:
The increase in CISO board representation reflects the growing importance of cybersecurity in today’s business landscape. CISOs are becoming indispensable partners in strategic decision-making, providing boards with the insights and expertise necessary to navigate the evolving cybersecurity landscape effectively. This trend is expected to continue as cybersecurity becomes an integral part of corporate governance and risk management.
ICO launches major review of cookies on UK websites
Published: Thu, 23 Jan 2025 09:13:00 GMT
ICO Launches Major Review of Cookies on UK Websites
The Information Commissioner’s Office (ICO), the UK’s data protection regulator, has launched a major review of the use of cookies on UK websites. The review aims to address concerns that cookies are being used to collect excessive data about users, potentially violating their privacy.
Background
Cookies are small text files that are stored on users’ computers when they visit websites. They are used to track users’ browsing activity, personalize content, and remember user preferences. While cookies can be useful, concerns have been raised about their potential for privacy violations.
Scope of the Review
The ICO’s review will focus on the following areas:
- The types of cookies being used on UK websites
- The purposes for which cookies are being used
- The length of time cookies are stored
- The level of user control over cookie settings
Consultation Process
The ICO is conducting a public consultation as part of its review. The consultation will gather input from website owners, data protection experts, privacy advocates, and the public. The ICO will use the feedback received to inform its recommendations.
Key Issues
The review is likely to address several key issues, including:
- Transparency: Do websites provide clear and comprehensive information about the cookies they use?
- Consent: Are users given meaningful consent to the use of cookies?
- Necessity: Are all cookies essential for the operation of the website?
- Control: Do users have sufficient control over the cookies stored on their devices?
Potential Outcomes
The ICO may make recommendations for changes to the way cookies are used on UK websites. These recommendations could include:
- Requiring websites to provide more information about their cookie policies
- Implementing stricter consent requirements
- Limiting the storage duration of cookies
- Giving users more control over their cookie settings
Next Steps
The ICO’s consultation will close on November 10, 2023. The ICO will then analyze the feedback received and publish its recommendations in early 2024. It is important for website owners to participate in the consultation to ensure their views are considered.
Models.com 2025-02-01
Models.com for 2025-02-01
Various Shows
Published: Sat, 01 Feb 2025 00:01:34 GMT
Fred Perry
Published: Fri, 31 Jan 2025 23:46:37 GMT
Various Shows
Published: Fri, 31 Jan 2025 23:17:39 GMT
SHADOWPLAY Magazine
Published: Fri, 31 Jan 2025 21:06:53 GMT
Kim Jones Steps Down at Dior, Glenn Martens Joins Maison Margiela, and more news you missed
Published: Fri, 31 Jan 2025 19:42:37 GMT
Hermès
Published: Fri, 31 Jan 2025 16:51:35 GMT
Document Journal
Published: Fri, 31 Jan 2025 16:16:39 GMT
Replica Man Magazine
Published: Fri, 31 Jan 2025 16:10:49 GMT
Brunello Cucinelli
Published: Fri, 31 Jan 2025 15:48:16 GMT
Various Shows
Published: Fri, 31 Jan 2025 15:44:54 GMT
Models.com
Published: Fri, 31 Jan 2025 15:36:54 GMT
Models.com
Published: Fri, 31 Jan 2025 15:35:01 GMT
Models.com
Published: Fri, 31 Jan 2025 15:32:35 GMT
Models.com
Published: Fri, 31 Jan 2025 15:30:49 GMT
Models.com
Published: Fri, 31 Jan 2025 15:28:02 GMT
Schön Magazine
Published: Fri, 31 Jan 2025 15:15:27 GMT
Replica Man Magazine
Published: Fri, 31 Jan 2025 15:05:19 GMT
Balenciaga
Published: Fri, 31 Jan 2025 14:15:27 GMT
Various Campaigns
Published: Fri, 31 Jan 2025 14:10:36 GMT
Elle Arabia
Published: Fri, 31 Jan 2025 14:04:00 GMT
Chanel
Published: Fri, 31 Jan 2025 14:01:30 GMT
GQ Magazine U.S.
Published: Fri, 31 Jan 2025 13:32:59 GMT
Dry Clean Only Magazine
Published: Fri, 31 Jan 2025 11:24:42 GMT
Iceberg
Published: Fri, 31 Jan 2025 10:21:58 GMT
Fucking Young
Published: Fri, 31 Jan 2025 10:16:48 GMT
Amica
Published: Fri, 31 Jan 2025 09:56:57 GMT
Amica
Published: Fri, 31 Jan 2025 09:54:32 GMT
Vogue Mexico
Published: Fri, 31 Jan 2025 07:51:17 GMT
Glamour Bulgaria
Published: Fri, 31 Jan 2025 06:55:20 GMT
BOSS
Published: Fri, 31 Jan 2025 06:38:51 GMT
Magazine Antidote
Published: Fri, 31 Jan 2025 01:37:55 GMT
Various Campaigns
Published: Fri, 31 Jan 2025 00:16:11 GMT
Peet Dullaert
Published: Fri, 31 Jan 2025 00:13:20 GMT
Various Shows
Published: Thu, 30 Jan 2025 23:51:43 GMT
Fursac
Published: Thu, 30 Jan 2025 23:40:19 GMT
Triumph
Published: Thu, 30 Jan 2025 22:59:35 GMT
Net-A-Porter
Published: Thu, 30 Jan 2025 22:50:14 GMT
Michael Kors Collection
Published: Thu, 30 Jan 2025 19:21:40 GMT
Various Covers
Published: Thu, 30 Jan 2025 18:54:32 GMT
Numéro Netherlands
Published: Thu, 30 Jan 2025 18:50:42 GMT
See What the Models Wore Off-Duty During Couture S/S 25 Week Days 3&4
Published: Thu, 30 Jan 2025 18:37:07 GMT
Rolling Stone Brasil
Published: Thu, 30 Jan 2025 17:18:01 GMT
Various Editorials
Published: Thu, 30 Jan 2025 17:10:21 GMT
Various Covers
Published: Thu, 30 Jan 2025 17:08:50 GMT
Rolling Stone Brasil
Published: Thu, 30 Jan 2025 17:07:13 GMT
Galore Magazine
Published: Thu, 30 Jan 2025 17:05:46 GMT
Galore Magazine
Published: Thu, 30 Jan 2025 17:04:31 GMT
Various Editorials
Published: Thu, 30 Jan 2025 16:05:20 GMT
W Magazine
Published: Thu, 30 Jan 2025 14:28:47 GMT
Max Mara
Published: Thu, 30 Jan 2025 14:22:08 GMT
Esquire U.S.
Published: Thu, 30 Jan 2025 14:19:51 GMT
Casablanca
Published: Thu, 30 Jan 2025 14:18:19 GMT
Amica
Published: Thu, 30 Jan 2025 14:14:11 GMT
Harper’s Bazaar France
Published: Thu, 30 Jan 2025 14:11:58 GMT
Various Shows
Published: Thu, 30 Jan 2025 14:05:47 GMT
Various Shows
Published: Thu, 30 Jan 2025 13:40:18 GMT
Various Shows
Published: Thu, 30 Jan 2025 13:23:05 GMT
These Global Model Rookies Are Well Read
Published: Thu, 30 Jan 2025 13:00:55 GMT
Ashi Studio
Published: Thu, 30 Jan 2025 12:53:35 GMT
Vogue Ukraine
Published: Thu, 30 Jan 2025 12:36:01 GMT
D Repubblica
Published: Thu, 30 Jan 2025 12:27:26 GMT
Grazia Germany
Published: Thu, 30 Jan 2025 12:09:25 GMT
Revue Magazine
Published: Thu, 30 Jan 2025 12:08:59 GMT
T Magazine China
Published: Thu, 30 Jan 2025 11:55:22 GMT
V Man online
Published: Thu, 30 Jan 2025 11:52:35 GMT
Numéro France
Published: Thu, 30 Jan 2025 11:36:36 GMT
Numéro France
Published: Thu, 30 Jan 2025 11:31:52 GMT
Elle Italia
Published: Thu, 30 Jan 2025 10:30:48 GMT
Elle Italia
Published: Thu, 30 Jan 2025 10:30:38 GMT
Chloé
Published: Thu, 30 Jan 2025 10:26:39 GMT
Numéro France
Published: Thu, 30 Jan 2025 09:26:02 GMT
Various Campaigns
Published: Thu, 30 Jan 2025 09:21:15 GMT
Various Shows
Published: Thu, 30 Jan 2025 02:59:01 GMT
Henrik Vibskov
Published: Thu, 30 Jan 2025 02:50:43 GMT
Vanity Fair Italia
Published: Thu, 30 Jan 2025 02:09:28 GMT
Various Shows
Published: Thu, 30 Jan 2025 01:13:38 GMT
Calvin Klein
Published: Thu, 30 Jan 2025 01:12:50 GMT
Marie Claire Ukraine
Published: Thu, 30 Jan 2025 00:11:55 GMT
Marie Claire Ukraine
Published: Thu, 30 Jan 2025 00:05:18 GMT
Various Editorials
Published: Wed, 29 Jan 2025 23:59:11 GMT
Various Covers
Published: Wed, 29 Jan 2025 23:56:28 GMT
Harper’s Bazaar U.S.
Published: Wed, 29 Jan 2025 20:04:38 GMT
The 2025 Lunar New Year Campaigns on Our Radar
Published: Wed, 29 Jan 2025 19:00:16 GMT
Various Editorials
Published: Wed, 29 Jan 2025 18:29:39 GMT
Warby Parker
Published: Wed, 29 Jan 2025 18:20:46 GMT
Various Editorials
Published: Wed, 29 Jan 2025 18:19:09 GMT
Rain Magazine
Published: Wed, 29 Jan 2025 18:06:33 GMT
Diaries99
Published: Wed, 29 Jan 2025 17:59:14 GMT
Various Covers
Published: Wed, 29 Jan 2025 17:54:04 GMT
Various Editorials
Published: Wed, 29 Jan 2025 17:34:20 GMT
Cosmopolitan Bulgaria
Published: Wed, 29 Jan 2025 17:15:50 GMT
Various Editorials
Published: Wed, 29 Jan 2025 17:06:36 GMT
Chanel Beauty
Published: Wed, 29 Jan 2025 15:39:13 GMT
Chanel
Published: Wed, 29 Jan 2025 15:36:17 GMT
The Perfect Magazine
Published: Wed, 29 Jan 2025 15:12:03 GMT
Miu Miu
Published: Wed, 29 Jan 2025 15:05:23 GMT
Vogue Korea
Published: Wed, 29 Jan 2025 14:57:14 GMT
Vogue Scandinavia
Published: Wed, 29 Jan 2025 14:45:57 GMT
See What the Models Are Wearing Off-Duty During Couture S/S 25 Week Days 1&2
Published: Wed, 29 Jan 2025 14:30:36 GMT
Office Magazine
Published: Wed, 29 Jan 2025 14:22:04 GMT
Bershka
Published: Wed, 29 Jan 2025 14:21:21 GMT
Elie Saab
Published: Wed, 29 Jan 2025 14:19:12 GMT
Harper’s Bazaar Australia
Published: Wed, 29 Jan 2025 14:18:15 GMT
Buccellati
Published: Wed, 29 Jan 2025 14:10:15 GMT
Vogue Greece
Published: Wed, 29 Jan 2025 13:26:51 GMT
SCMP Style South China Morning Post Style Magazine
Published: Wed, 29 Jan 2025 12:37:10 GMT
Bal Harbour Magazine
Published: Wed, 29 Jan 2025 11:54:46 GMT
Glamour Germany
Published: Wed, 29 Jan 2025 11:50:57 GMT
Magda Butrym
Published: Wed, 29 Jan 2025 11:00:20 GMT
Various Editorials
Published: Wed, 29 Jan 2025 09:34:51 GMT
Models.com
Published: Wed, 29 Jan 2025 09:04:12 GMT
L’Officiel Hommes Thailand
Published: Wed, 29 Jan 2025 01:51:34 GMT
L’Officiel Hommes Thailand
Published: Wed, 29 Jan 2025 01:36:51 GMT
Proenza Schouler
Published: Wed, 29 Jan 2025 01:26:15 GMT
Stéphane Rolland
Published: Wed, 29 Jan 2025 00:32:02 GMT
Nike
Published: Wed, 29 Jan 2025 00:18:29 GMT
Various Covers
Published: Tue, 28 Jan 2025 23:35:29 GMT
V Magazine
Published: Tue, 28 Jan 2025 20:53:16 GMT
Various Editorials
Published: Tue, 28 Jan 2025 20:18:07 GMT
D Repubblica
Published: Tue, 28 Jan 2025 19:09:51 GMT
How Edda Gudmundsdottir Went from Ballet to Styling Björk
Published: Tue, 28 Jan 2025 19:00:09 GMT
Tamara Ralph
Published: Tue, 28 Jan 2025 18:11:51 GMT
Willy Chavarria
Published: Tue, 28 Jan 2025 17:21:22 GMT
Various Campaigns
Published: Tue, 28 Jan 2025 17:06:33 GMT
Grazia Bulgaria
Published: Tue, 28 Jan 2025 16:24:59 GMT
Various Campaigns
Published: Tue, 28 Jan 2025 15:41:13 GMT
Narciso Rodriguez
Published: Tue, 28 Jan 2025 15:31:19 GMT
Dior Beauty
Published: Tue, 28 Jan 2025 15:26:14 GMT
Saint Laurent
Published: Tue, 28 Jan 2025 14:26:38 GMT
Elle U.S.
Published: Tue, 28 Jan 2025 13:10:32 GMT
Various Campaigns
Published: Tue, 28 Jan 2025 12:04:57 GMT
Loewe
Published: Tue, 28 Jan 2025 11:07:07 GMT
Lemaire
Published: Tue, 28 Jan 2025 11:02:28 GMT
Dust Magazine
Published: Tue, 28 Jan 2025 10:36:37 GMT
Lemaire
Published: Tue, 28 Jan 2025 10:15:06 GMT
Harper’s Bazaar Australia
Published: Tue, 28 Jan 2025 09:49:20 GMT
Louis Vuitton
Published: Tue, 28 Jan 2025 09:35:45 GMT
Superdry
Published: Tue, 28 Jan 2025 09:18:08 GMT
Portrait
Published: Tue, 28 Jan 2025 04:45:11 GMT
Behind the Blinds
Published: Tue, 28 Jan 2025 01:30:55 GMT
Dolce & Gabbana
Published: Mon, 27 Jan 2025 23:08:21 GMT
British Vogue
Published: Mon, 27 Jan 2025 21:38:26 GMT
Office Magazine
Published: Mon, 27 Jan 2025 20:23:30 GMT
SHADOWPLAY Magazine
Published: Mon, 27 Jan 2025 19:52:45 GMT
Vivara
Published: Mon, 27 Jan 2025 18:39:07 GMT
Marie Claire Brazil
Published: Mon, 27 Jan 2025 18:36:32 GMT
Rain Magazine
Published: Mon, 27 Jan 2025 18:23:39 GMT
Replica Man Magazine
Published: Mon, 27 Jan 2025 18:22:37 GMT
El Corte Ingles
Published: Mon, 27 Jan 2025 18:17:12 GMT
Dunhill
Published: Mon, 27 Jan 2025 18:01:23 GMT
