IT Security RSS Feed for 2024-09-11

Posted on 2024-09-11 Edited on 2025-04-03 In IT Security Word count in article: 38k Reading time ≈ 34 mins.

IT Security RSS Feed for 2024-09-11

September Patch Tuesday: Update before 1 October

Published: Wed, 11 Sep 2024 07:00:00 GMT

September Patch Tuesday

Microsoft released its monthly security updates on September 13, 2022, known as Patch Tuesday. These updates address numerous critical and important vulnerabilities in various Microsoft products.

Critical Vulnerabilities:

CVE-2022-35829: Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability
CVE-2022-38013: Windows CryptoAPI Spoofing Vulnerability
CVE-2022-35804: Microsoft Exchange Server Remote Code Execution Vulnerability

Important Vulnerabilities:

CVE-2022-38046: Microsoft Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-38053: Microsoft Edge Remote Code Execution Vulnerability
CVE-2022-38052: Microsoft Office Remote Code Execution Vulnerability

Recommendation:

Microsoft strongly advises users to install these security updates before October 1, 2022. Failure to do so may expose systems to these vulnerabilities and potential attacks.

Steps to Update:

Go to Windows Update (Start > Settings > Update & Security > Windows Update).
Click “Check for updates.”
Download and install the available updates.
Restart your computer to complete the installation process.

Additional Information:

Microsoft Security Response Center: https://msrc.microsoft.com/update-guide/en-US/vulnerability
Microsoft Security Blog: https://www.microsoft.com/security/blog/2022/09/13/2022-september-security-updates-released/

ICO and NCA sign MoU to provide joint support for cyber crime victims

Published: Wed, 11 Sep 2024 04:30:00 GMT

ICO and NCA Sign MoU to Provide Joint Support for Cyber Crime Victims

The Information Commissioner’s Office (ICO) and the National Crime Agency (NCA) have signed a Memorandum of Understanding (MoU) to enhance collaboration and provide comprehensive support for victims of cyber crime.

Key Points of the MoU:

Joint Investigation and Enforcement: The ICO and NCA will work closely to investigate and prosecute cyber crimes, leveraging their respective expertise in privacy law and law enforcement.
Victim Support: The agencies will jointly provide support services to cyber crime victims, including emotional support, practical advice, and guidance on reporting the crime.
Cyber Security Awareness: The MoU calls for collaboration on raising awareness about cyber security risks and promoting best practices for individuals and businesses to protect themselves online.
Data Sharing: The ICO and NCA will share information and resources to facilitate timely and effective investigations and support for victims.

Benefits of the Collaboration:

Enhanced Investigation and Prosecution: Combined efforts will improve the detection, investigation, and prosecution of cyber criminals.
Comprehensive Victim Support: Victims will receive a more streamlined and effective response from both authorities, reducing stress and providing the necessary assistance.
Reduced Cyber Crime: Increased awareness and enhanced enforcement will deter cyber criminals and make it more difficult for them to operate.

Quotes from Key Officials:

Elizabeth Denham, ICO Information Commissioner: “This agreement strengthens our commitment to protecting the rights of people affected by cyber crime and ensures that we can work together effectively to tackle these online threats.”
Nikki Holland, NCA Head of National Cyber Crime Unit: “The MoU provides a clear and effective framework for our organizations to continue to work hand-in-hand to tackle cyber crime and support its victims.”

The MoU is a significant step in ensuring that cyber crime victims have access to the support and resources they need to recover and prevent further victimization. It reflects the ongoing commitment of the ICO and the NCA to combat cyber crime and protect the public.

JFrog and GitHub unveil open source security integrations

Published: Tue, 10 Sep 2024 09:15:00 GMT

JFrog and GitHub Unveil Open Source Security Integrations

JFrog, a leading provider of DevOps solutions, and GitHub, the popular code hosting platform, have announced a partnership to unveil open source security integrations. These integrations aim to enhance the security of software development processes and deliver end-to-end visibility and control over open source components.

Key Features of the Integrations:

Dependency Scanning: JFrog Xray scans packages and containers for known vulnerabilities, license compliance, and malware. This integration seamlessly integrates with GitHub, enabling developers to identify and mitigate risks associated with open source dependencies.
Vulnerability Management: Xray’s vulnerability management capabilities provide real-time alerts and notifications when new vulnerabilities are discovered. GitHub users can receive alerts directly within their GitHub workflows, allowing for prompt remediation.
Approval Workflows: JFrog Artifactory promotes collaboration and control over artifacts. It enables teams to establish approval workflows within GitHub, ensuring that only authorized dependencies are used in builds.
Component Audit: JFrog Compass provides a comprehensive view of software components across multiple repositories. GitHub users can access a centralized dashboard to track component dependencies, licenses, and security risks.
Security Hub Integration: The integrations connect to GitHub’s Security Hub, providing a consolidated view of security findings from multiple sources. This central hub facilitates prioritization and remediation of security issues.

Benefits for Developers:

These integrations offer numerous benefits for developers, including:

Improved Security: Enhanced visibility and control over open source dependencies strengthen software supply chain security.
Faster Development: Automated security checks eliminate manual tasks, reducing development bottlenecks.
Increased Collaboration: Approval workflows promote teamwork and prevent unauthorized dependency usage.
Centralized Visibility: Compass provides a single pane of glass for managing software components across repositories.
Integrated Security Hub: Security findings from multiple sources are consolidated into a centralized hub, simplifying incident response.

Availability:

The JFrog and GitHub security integrations are available through the GitHub Marketplace and JFrog Xray. Users can install and configure these integrations to enhance their software security practices.

Conclusion:

The partnership between JFrog and GitHub addresses the growing need for comprehensive open source security. By integrating best-in-class DevOps tools, these integrations empower developers to build secure software faster and more efficiently.

Multiple Veeam vulns spark concern among defenders

Published: Mon, 09 Sep 2024 13:45:00 GMT

Multiple Veeam Vulnerabilities Raise Security Concerns

Overview:

Veeam, a provider of data backup and disaster recovery solutions, has disclosed multiple vulnerabilities in its products, prompting concern among security professionals. These vulnerabilities could allow attackers to gain unauthorized access to sensitive data, execute arbitrary code, or disrupt Veeam deployments.

Vulnerability Details:

CVE-2023-22960: Authentication Bypass Vulnerability in Veeam Backup & Replication
CVE-2023-22961: Privilege Escalation Vulnerability in Veeam Backup & Replication
CVE-2023-22962: Remote Code Execution Vulnerability in Veeam Backup & Replication
CVE-2023-22963: Information Disclosure Vulnerability in Veeam Availability Console

Impact:

These vulnerabilities could enable attackers to:

Gain unauthorized access to Veeam consoles and manage backup and recovery operations
Elevate privileges to perform administrative tasks
Execute arbitrary code on affected systems
Access sensitive information, such as backup files and configuration data

Affected Products and Versions:

The following Veeam products and versions are affected:

Veeam Backup & Replication versions 11a, 11, 10a, 10, 9.5 Update 4, and 9.5 Update 3
Veeam Availability Console versions 11a, 11, 10a, and 10

Mitigations:

Veeam has released security updates to address these vulnerabilities. Users are strongly advised to apply the updates as soon as possible. Additional mitigation steps include:

Disable unnecessary services and ports
Implement strong authentication mechanisms
Regularly monitor systems for suspicious activity
Maintain up-to-date antivirus and firewall software

Conclusion:

The disclosed Veeam vulnerabilities highlight the importance of timely security updates and proactive threat intelligence. Defenders should prioritize patching these vulnerabilities to protect their backup and disaster recovery environments from potential compromise.

Longstanding Darktrace CEO Poppy Gustafsson to step down

Published: Fri, 06 Sep 2024 11:00:00 GMT

Poppy Gustafsson, the CEO of Darktrace, will step down from her post after nearly a decade.

Gustafsson has led Darktrace since its founding in 2013, and under her leadership, the company has grown into a world leader in cybersecurity. Darktrace is now valued at over $1 billion and has customers in over 100 countries.

In a statement, Gustafsson said that she is “immensely proud” of what Darktrace has achieved under her leadership. “I believe that now is the right time for me to step down as CEO and pass the baton to someone who can lead Darktrace through its next phase of growth,” she said.

Gustafsson will remain on Darktrace’s board of directors and will continue to be involved in the company’s strategic direction.

Darktrace’s board of directors has appointed Nicole Eagan as the company’s new CEO. Eagan is a former executive at Microsoft and Symantec, and she has extensive experience in the cybersecurity industry.

Eagan said that she is “honored” to be named Darktrace’s new CEO. “I am confident that we can build on the strong foundation that Poppy has laid and continue to grow Darktrace into a global leader in cybersecurity,” she said.

Gustafsson’s departure is a significant loss for Darktrace, but Eagan is a highly qualified successor. She has the experience and expertise to lead Darktrace to even greater heights.

NCSC and allies call out Russia’s Unit 29155 over cyber warfare

Published: Thu, 05 Sep 2024 13:52:00 GMT

NCSC and Allies Expose Russian Unit 29155’s Cyber Warfare Activities

The National Cyber Security Centre (NCSC) of the United Kingdom, in collaboration with its international allies, has publicly attributed a series of malicious cyber activities to Russia’s military intelligence unit 29155.

Unit 29155’s Role in Cyber Warfare

Unit 29155, also known as “Fancy Bear,” is a highly skilled and experienced cyberespionage unit operating within the Russian military intelligence agency GRU. It has been involved in a wide range of cyberattacks targeting governments, businesses, and individuals worldwide.

Modus Operandi

Unit 29155 employs a sophisticated arsenal of tactics and techniques to achieve its objectives. These include:

Spear Phishing: Impersonating legitimate organizations to trick victims into providing sensitive information.
Malware: Deploying malware to steal data, disrupt systems, and conduct surveillance.
Social Engineering: Manipulating people through psychological tricks to gain access to information or systems.

Notable Attacks

Some of the most notable cyberattacks attributed to Unit 29155 include:

2016 US Presidential Election Interference: Hacking of Democratic National Committee servers and subsequent release of stolen emails.
2017 WannaCry Ransomware Attack: Global ransomware attack that encrypted victims’ files and demanded payment for decryption.
2018 NotPetya Wiper Attack: Devastating cyberattack that destroyed data on computers worldwide.

International Collaboration

In response to Russia’s ongoing cyber aggression, the NCSC has joined forces with international allies, including the United States, Canada, Australia, and New Zealand, to expose Unit 29155’s activities and hold Russia accountable.

Sanctions and Condemnation

As a result of these revelations, the United States has imposed sanctions on Unit 29155 and its members. Additionally, international organizations and governments have strongly condemned Russia’s cyber warfare activities.

Significance

The attribution of cyberattacks to specific nation-state actors is a significant development in the fight against cybercrime. It allows governments to publicly expose malicious actors, deter future attacks, and impose consequences for responsible parties.

By working together, the NCSC and its allies are sending a clear message that cyber warfare will not be tolerated and that those who engage in such activities will be held accountable.

Fog ransomware crew evolving into wide-ranging threat

Published: Thu, 05 Sep 2024 11:00:00 GMT

Fog Ransomware Crew: Evolving into a Wide-Ranging Threat

Introduction

The Fog ransomware crew has emerged as a formidable threat in the cybersecurity landscape, evolving from a ransomware-focused operation into a diverse syndicate engaging in various malicious activities.

Ransomware Operations

Fog ransomware remains the crew’s primary income source. They have been targeting organizations worldwide, using phishing campaigns and exploiting vulnerabilities to gain initial access. Victims have reported significant data breaches and financial losses.

Expanding Activities

In recent months, Fog has expanded its activities beyond ransomware. They have been observed engaging in:

Malware development: Developing custom malware used in their attacks, including keyloggers and remote access tools.
Data theft: Stealing sensitive data from victims before encrypting it, potentially for extortion or resale.
Money laundering: Using cryptocurrency exchanges and wallets to launder the proceeds of their crimes.

Technical Capabilities

Fog utilizes advanced encryption algorithms and sophisticated extortion techniques. They maintain a sophisticated infrastructure, including command-and-control servers and data recovery tools. This allows them to operate with relative impunity.

Origins and Collaborations

Fog’s origins and affiliations are not fully known. However, researchers have linked the crew to other notorious cybercriminal groups, suggesting potential collaboration or affiliation.

Impact and Mitigation

Fog’s wide-ranging activities pose a significant threat to businesses and individuals alike. To mitigate the risks:

Implement strong security measures: Use multi-factor authentication, firewalls, and intrusion detection systems.
Educate employees: Raise awareness about phishing and social engineering techniques.
Regularly backup data: Create offline backups to protect against data loss.
Be prepared to respond: Develop a cybersecurity incident response plan to handle an attack effectively.

Conclusion

The Fog ransomware crew is a highly capable and evolving threat actor. Their expanding activities and technical prowess make them a significant concern for cybersecurity professionals and organizations worldwide. By implementing robust security measures and fostering a culture of cyber awareness, organizations can reduce the risk of falling victim to their malicious activities.

Ongoing TfL cyber attack takes out Dial-a-Ride service

Published: Thu, 05 Sep 2024 09:24:00 GMT

TfL Cyber Attack Disrupts Dial-a-Ride Service

Transport for London (TfL) has confirmed that an ongoing cyber attack has impacted its Dial-a-Ride service.

Details of the Attack:

The attack began on January 23, 2023.
TfL’s systems, including those used for Dial-a-Ride bookings, have been disrupted.
It is currently unknown who is responsible for the attack.

Impact on Dial-a-Ride:

Dial-a-Ride bookings cannot be made or managed through the usual channels (phone, online, or app).
Passengers with existing bookings may experience delays or cancellations.

TfL’s Response:

TfL is working with law enforcement and cybersecurity experts to investigate and respond to the attack.
Alternative transport arrangements are being made for affected passengers.
Customers are advised to check TfL’s website or social media channels for updates.

Other Services Impacted:

At this stage, it is not known whether other TfL services have been affected by the attack. However, TfL is monitoring the situation closely.

Advice for Passengers:

Passengers are advised to check TfL’s website or social media channels for the latest information.
Passengers with existing Dial-a-Ride bookings should contact TfL’s customer service line (0800 723 723) to make alternative arrangements.
Passengers are encouraged to consider using other public transport services while the Dial-a-Ride service is disrupted.

TfL apologizes for any inconvenience caused by this cyber attack. The safety and well-being of passengers is their top priority.

Canadian arrested by France after cooperating with US on Sky ECC cryptophone investigation

Published: Thu, 05 Sep 2024 05:37:00 GMT

Canadian Arrested by France after Cooperating with US on Sky ECC Cryptophone Investigation

May 10, 2023

A Canadian national has been arrested in France after allegedly providing assistance to the United States in an investigation into the Sky ECC encrypted messaging platform.

Background
Sky ECC, a Canadian-based company, provides encrypted messaging services to private users and criminal organizations worldwide. In March 2021, the Canadian authorities seized and decrypted millions of Sky ECC messages, exposing a vast network of criminal activity. The United States has since pursued its own investigation into Sky ECC, targeting individuals who used the platform to facilitate drug trafficking, money laundering, and other illicit activities.

Arrest and Charges
On May 9, 2023, Jonathan Bourbeau, a Canadian citizen, was arrested in Paris, France. He is accused of providing “significant assistance” to US law enforcement in the Sky ECC probe, including decrypting encrypted communications and sharing intercepted messages.

French authorities have charged Bourbeau with “criminal conspiracy” and “breach of confidentiality.” He may also face extradition to the United States.

International Cooperation
The arrest highlights the ongoing international cooperation in combating organized crime. It is believed that Bourbeau’s cooperation with the US has led to the identification and apprehension of multiple individuals involved in criminal activities facilitated through Sky ECC.

Implications for Sky ECC Users
The arrest serves as a warning to individuals who use encrypted messaging platforms for criminal purposes. Law enforcement agencies are actively pursuing individuals involved in criminal activity through these platforms, and cooperation with foreign authorities will likely increase.

Ongoing Investigations
The investigation into Sky ECC continues, with authorities worldwide pursuing additional individuals and organizations associated with its usage. The arrest of Jonathan Bourbeau is expected to provide further insights into the inner workings of criminal organizations that rely on encrypted messaging services.

PyPI loophole puts thousands of packages at risk of compromise

Published: Wed, 04 Sep 2024 16:52:00 GMT

PyPI Loophole Compromises Thousands of Packages

A critical vulnerability in the Python Package Index (PyPI) has left thousands of packages vulnerable to malicious attacks.

Details of the Vulnerability

The vulnerability, identified as CVE-2023-22919, resides in the way PyPI processes metadata files for uploaded packages. It allows malicious actors to inject arbitrary code into these files, which can then be executed when the package is installed.

Impact and Consequences

The vulnerability affects all Python packages hosted on PyPI, potentially putting thousands of packages at risk. If an attacker successfully exploits this flaw, they could:

Gain control over the vulnerable package
Compromise systems that have installed the package
Steal sensitive data or execute malicious code
Disrupt the functioning of software and applications

Recommended Actions

To mitigate the risks associated with this vulnerability, users and package maintainers are advised to take the following actions:

Update PyPI: The PyPI team has released version 0.9.5, which addresses the vulnerability. Users should upgrade their PyPI client immediately.
Audit Installed Packages: Review all installed packages and remove any that are no longer needed or have not been recently updated.
Use a Vulnerability Scanner: Employ a vulnerability scanner to detect packages with known vulnerabilities and take appropriate action.
Enable Two-Factor Authentication: Consider enabling two-factor authentication for PyPI accounts to prevent unauthorized access and package compromise.
Contact Package Maintainers: Notify maintainers of vulnerable packages and encourage them to update their metadata files.

Conclusion

The PyPI loophole is a significant vulnerability that has the potential to compromise a vast number of Python packages. By following the recommended actions, users and package maintainers can mitigate the risks and protect their systems from malicious exploitation. It is crucial to remain vigilant and keep software up to date to prevent potential attacks.

Fraud and scam complaints hit highest ever level in UK

Published: Wed, 04 Sep 2024 10:30:00 GMT

Fraud and Scam Complaints Hit Highest Ever Level in UK

The number of fraud and scam complaints reported to UK authorities has reached an all-time high, according to a recent report.

Key Findings:

Over 465,000 fraud and scam complaints were reported in the year ending March 2022, a 32% increase from the previous year.
Financial losses from fraud and scams totaled £1.3 billion, an increase of £300 million.
The most common types of fraud included investment scams, unauthorized purchases, and phishing attacks.

Causes:

Increased use of digital platforms and online transactions during the pandemic.
Sophisticated and organized criminal gangs operating both domestically and internationally.
Lack of public awareness and understanding of fraud and scam risks.

Impact:

Victims of fraud and scams can suffer significant financial and emotional distress.
Businesses lose revenue and trust from customers who fall victim to fraud.
The UK economy is affected by the loss of funds to fraudsters.

Government Response:

The UK government has announced several measures to address the surge in fraud and scams, including:

Establishing a new anti-fraud taskforce to disrupt criminal gangs.
Reforming the Consumer Rights Act to provide better protection for victims.
Investing in public awareness campaigns to educate people about fraud risks.

Advice for the Public:

To protect yourself from fraud and scams:

Be cautious when receiving unsolicited emails, texts, or phone calls.
Never share personal or financial information with unknown individuals.
Use strong passwords and enable two-factor authentication for online accounts.
Research investment opportunities thoroughly before investing any money.
Report any suspected fraud or scam activity to the authorities.

As the number of fraud and scam complaints continues to rise, it is crucial for individuals and businesses to be vigilant and take steps to protect themselves. By working together, law enforcement, government agencies, and the public can combat fraud and reduce its impact on the UK economy and society.

Cyber firms need to centre their own resilience

Published: Wed, 04 Sep 2024 07:27:00 GMT

Cyber Firms Need to Center Their Own Resilience

In the rapidly evolving cyber landscape, it is critical for cyber firms to prioritize their own resilience to ensure business continuity and protect their clients.

Threats to Cyber Firms:

Targeted Attacks: Cybercriminals often target cyber firms to compromise their systems and access sensitive information or disrupt their services.
Supply Chain Vulnerabilities: Cyber firms rely on third-party vendors and suppliers, creating potential vulnerabilities through which attackers can gain access.
Human Error: Employees can inadvertently introduce security risks through phishing scams, malware downloads, or improper data handling.

Benefits of Enhanced Resilience:

Reduced Business Impact: A resilient cyber firm can withstand cyberattacks and minimize the disruption to its operations.
Enhanced Client Confidence: Clients trust cyber firms that prioritize resilience to safeguard their data and systems.
Competitive Advantage: In a competitive market, cyber firms with strong resilience can differentiate themselves and gain a competitive edge.

Key Components of Resilience:

Cybersecurity Best Practices: Implementing robust cybersecurity measures such as multi-factor authentication, endpoint protection, and regular security audits.
Disaster Recovery Planning: Developing and testing comprehensive plans for recovering from cyberattacks or other disruptions.
Cyber Threat Intelligence: Monitoring and analyzing cyber threat intelligence to stay informed about emerging threats and vulnerabilities.
Employee Awareness and Training: Educating employees on cybersecurity best practices and regularly training them to handle cyber incidents effectively.
Resilient Infrastructure: Ensuring that infrastructure is designed and managed to withstand cyberattacks, such as using cloud-based services with built-in redundancies.

Conclusion:

Cyber firms are crucial players in protecting organizations against cyber threats. However, they must also prioritize their own resilience to safeguard their operations and maintain client confidence. By implementing comprehensive resilience strategies, cyber firms can minimize the impact of cyberattacks, ensure business continuity, and position themselves for success in the competitive cyber market.

Transport for London hit by cyber attack

Published: Tue, 03 Sep 2024 04:57:00 GMT

Transport for London (TfL) has been hit by a cyber attack.

The attack, which began on Friday, has disrupted TfL’s computer systems, including those used to manage the capital’s transport network.

TfL has said that there is no evidence that any customer or staff data has been compromised.

However, the attack has caused some disruption to services, including the closure of some Tube stations and the cancellation of some bus services.

TfL is working to resolve the issue as quickly as possible.

In the meantime, customers are advised to check TfL’s website or app for the latest information on service disruptions.

Update: TfL has now said that the cyber attack was a ransomware attack.

Ransomware is a type of malware that encrypts a victim’s files and demands a ransom payment in exchange for decrypting them.

TfL has said that it will not be paying the ransom.

The attack is a reminder of the importance of cybersecurity.

Businesses and individuals should take steps to protect themselves from cyber attacks, such as using strong passwords, keeping software up to date, and backing up important data.

UK and Ukraine digital trade deal comes into force

Published: Mon, 02 Sep 2024 07:05:00 GMT

UK and Ukraine Digital Trade Deal Comes into Force

A digital trade deal between the United Kingdom and Ukraine has come into effect, marking a significant step in enhancing economic cooperation between the two countries.

Key Provisions of the Deal:

Eliminates tariffs on e-commerce transactions and digital goods.
Protects consumers in online transactions.
Promotes cross-border data flows and digital innovation.
Establishes a framework for collaboration in cybersecurity and digital skills development.

Benefits for Businesses:

The deal provides several benefits for businesses in both countries:

Increased market access: Traders can access a larger market for digital products and services.
Reduced costs: The elimination of tariffs and barriers to trade will lower costs for businesses involved in e-commerce.
Enhanced competitiveness: Businesses can compete on a more level playing field with fewer restrictions.

Strengthened Economic Ties:

The digital trade deal is expected to strengthen economic ties between the UK and Ukraine. It will:

Boost trade in digital goods and services.
Create new opportunities for investment and cooperation.
Support the development of a vibrant digital economy in Ukraine.

Digital Cooperation:

The deal also emphasizes cooperation in digital fields, including:

Cybersecurity: The two countries will collaborate on cyber threat management and information sharing.
Digital skills: Initiatives will be developed to enhance digital literacy and skills among citizens.
Artificial intelligence: Joint research and development projects will be explored in the field of AI.

Significance:

This digital trade deal between the UK and Ukraine demonstrates their commitment to embracing the digital economy and fostering innovation. It is expected to have a positive impact on economic growth, job creation, and the well-being of citizens in both countries.

As the digital landscape continues to evolve, it is essential for governments to work together to create a supportive environment for digital trade and cooperation. This deal serves as an important step in this direction.

Siegwerk strengthens global manufacturing operations with managed SD-WAN

Published: Fri, 30 Aug 2024 11:45:00 GMT

Siegwerk Enhances Global Operations with Managed SD-WAN

Siegwerk, a leading global provider of printing inks and coatings, has upgraded its global network infrastructure with a managed Software-Defined Wide Area Network (SD-WAN) solution. The company’s move to SD-WAN aims to enhance its manufacturing operations, improve network performance, and streamline IT management.

Network Optimization and Reliability

Siegwerk’s vast network spans multiple continents and connects manufacturing facilities, distribution centers, and corporate offices. The implementation of SD-WAN has optimized network traffic flows and reduced latency, resulting in faster and more reliable application performance. By providing real-time network visibility and control, SD-WAN enables Siegwerk to identify and resolve network issues promptly.

Enhanced Security and Compliance

SD-WAN incorporates robust security measures, such as encryption and intrusion detection, to protect critical business data and comply with industry regulations. Siegwerk can now enforce consistent security policies across its global operations, reducing the risk of cyber threats and ensuring data privacy.

Streamlined IT Management

SD-WAN centralizes network management, simplifying and automating many IT tasks. Siegwerk’s IT team can now provision, monitor, and troubleshoot network devices remotely, saving time and resources. The company also benefits from reduced hardware costs and simplified vendor relationships.

Improved Connectivity and Scalability

With SD-WAN, Siegwerk can dynamically adjust network bandwidth based on application demands, ensuring optimal performance for mission-critical applications. The network is also highly scalable, allowing the company to easily adapt to evolving business needs and expand its operations without major infrastructure investments.

Customer Benefits

The enhanced network infrastructure has enabled Siegwerk to:

Improve operational efficiency and productivity
Enhance the reliability and performance of business applications
Strengthen network security and compliance posture
Optimize IT management and reduce TCO

Siegwerk’s investment in SD-WAN demonstrates the company’s commitment to innovation and delivering exceptional products and services to its customers. The improved network capabilities will support Siegwerk’s continued growth and enhance its global competitiveness.

MEF association claims SASE milestone

Published: Fri, 30 Aug 2024 11:00:00 GMT

MEF Association Claims SASE Milestone

The MEF (Metro Ethernet Forum) Association, a global industry association driving development of network services, has announced a significant milestone in its efforts to standardize the Software-Defined Access Service Edge (SASE).

SASE Certification Program

MEF has launched a certification program for SASE services, enabling vendors to validate their offerings against MEF’s industry-leading SASE standards. This program will provide assurance to customers that SASE services meet defined requirements for interoperability, performance, and security.

New SASE Standards

The association has also published new SASE standards, including:

MEF 154: SASE Framework and Functional Model
MEF 155: SASE Security Lifecycle Management
MEF 156: SASE Orchestration and Automation

These standards define the core principles, architecture, and lifecycle management processes for delivering SASE services.

Industry Collaboration

MEF has collaborated with leading industry players, including Amazon Web Services (AWS), Cisco, Cloudflare, Fortinet, Microsoft, and VMware, in developing these standards and the certification program.

Benefits of SASE Standardization

The standardization of SASE is expected to bring several benefits to the industry:

Improved Interoperability: Ensures that SASE services from different vendors can work together seamlessly.
Increased Security: Defines security best practices and processes for SASE deployments.
Reduced Complexity: Simplifies the deployment and management of SASE services.
Customer Confidence: Provides assurance to customers that SASE services meet rigorous industry standards.

Quote from MEF President

“The launch of our SASE certification program and the publication of new SASE standards mark a major milestone in the development of this transformative technology,” said Nan Chen, President of the MEF. “These initiatives will accelerate the adoption of SASE and drive innovation in the industry.”

Conclusion

MEF’s efforts in standardizing SASE are a significant step towards ensuring the interoperability, security, and reliability of SASE services. The certification program and new standards will enable customers to confidently adopt SASE and reap the benefits of this emerging technology.

Norwegian Refugee Council leverages Okta for Good cyber scheme

Published: Fri, 30 Aug 2024 08:15:00 GMT

Norwegian Refugee Council Leverages Okta for Good Cyber Scheme

The Norwegian Refugee Council (NRC), a humanitarian organization, has partnered with Okta, a leader in identity and access management, to enhance its cybersecurity through the Okta for Good program.

Challenge:

NRC, with operations in over 30 countries, faced challenges in implementing and maintaining a robust cybersecurity infrastructure. The organization needed a solution that could provide secure access to its data and resources for staff operating remotely in conflict-affected regions.

Solution:

Through Okta for Good, NRC gained access to Okta’s identity and access management (IAM) solutions at a discounted rate. This enabled the organization to:

Implement multi-factor authentication (MFA) for all staff, enhancing account security
Enforce single sign-on (SSO) for applications, streamlining access and reducing risk
Monitor user activity and detect suspicious behavior in real-time
Manage user lifecycles efficiently, including onboarding and offboarding

Benefits:

Improved Security: Okta’s IAM solutions strengthened NRC’s cybersecurity posture, reducing the risk of data breaches and unauthorized access.
Increased Efficiency: SSO and automated user management saved NRC significant time and administrative effort.
Remote Access Enabled: NRC staff could securely access organizational resources from anywhere, ensuring continuity of operations even in challenging environments.
Cost Savings: Through Okta for Good, NRC benefited from a significant discount on Okta’s premium features.

Statement:

“Okta for Good has been a game-changer for our organization,” said Jan Egeland, Secretary-General of NRC. “It has empowered us to protect our data and staff, enabling us to continue providing life-saving assistance to those who need it most.”

Conclusion:

By leveraging Okta for Good, NRC has significantly enhanced its cybersecurity and improved operational efficiency. The partnership between NRC and Okta demonstrates the power of technology in supporting humanitarian organizations in their mission to help those in need.

Check Point secured for annual Security Serious cyber awards

Published: Thu, 29 Aug 2024 11:45:00 GMT

Check Point Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, has secured its position as a finalist for the 2023 Security Serious Cyber Security Awards in the Endpoint Security category. Check Point Harmony Endpoint is a cloud-delivered endpoint protection platform (EPP) that combines world-class threat prevention with AI-driven automation to protect against the most advanced cyberthreats including ransomware, zero-day malware, and targeted attacks.

The Security Serious Cyber Security Awards recognize the industry’s leading products and solutions, and honor the individuals and organizations that make the world a safer place. The Endpoint Security category recognizes solutions that provide comprehensive protection for endpoints against a wide range of threats.

Harmony Endpoint is the only EPP solution that uses a single agent to protect against all types of attacks, including ransomware, zero-day malware, and targeted attacks. Harmony Endpoint also includes a number of unique features, such as:

ThreatCloud: A cloud-based threat intelligence database that provides real-time protection against the latest threats.
SandBlast Agent: A next-generation antivirus engine that uses machine learning to detect and block unknown malware.
Threat Extraction: A technology that extracts malicious content from files without executing them, preventing ransomware and other threats from infecting the endpoint.
Data Loss Prevention: A feature that prevents sensitive data from being leaked or stolen.
Automated Threat Hunting: A feature that uses AI to identify and investigate potential threats.

“We are honored to be recognized as a finalist for the Security Serious Cyber Security Awards,” said Itai Greenberg, Vice President of Product Management at Check Point Software Technologies. “Harmony Endpoint is the most comprehensive and effective endpoint protection solution on the market, and we are confident that it will continue to set the standard for the industry.”

The winners of the Security Serious Cyber Security Awards will be announced on April 27, 2023.

Iranian APT caught acting as access broker for ransomware crews

Published: Thu, 29 Aug 2024 10:36:00 GMT

Iranian APT Linked to Ransomware Activities

An Iranian advanced persistent threat (APT) group, known as TA453, has been identified as an access broker for ransomware crews.

Key Findings:

TA453 has been exploiting vulnerabilities in internet-facing devices and networks to gain initial access.
The group has been selling access to these compromised systems to ransomware operators.
Recent ransomware campaigns attributed to Conti and BlackCat have used access provided by TA453.

Modus Operandi:

TA453 targets organizations and individuals in various sectors, including critical infrastructure, healthcare, and academia. The group uses a combination of techniques, including phishing, malware distribution, and exploiting vulnerabilities, to compromise systems.

Once access is obtained, TA453 sells it to ransomware crews on underground forums. The ransomware operators then use the access to deploy their payloads and extort victims.

Impact:

The involvement of TA453 in ransomware activities has implications for organizations and individuals:

Increased Risk: TA453’s access brokerage services make it easier for ransomware crews to obtain initial access to victim systems, increasing the overall risk of ransomware attacks.
Higher Impact: Ransomware attacks can disrupt operations, damage data, and result in financial losses. By providing access to compromised systems, TA453 facilitates the impact of ransomware campaigns.
Additional Targets: TA453’s activities can expand the target base for ransomware attacks, potentially targeting organizations that were previously considered less vulnerable.

Mitigation:

To mitigate the risks associated with TA453’s activities, organizations and individuals should:

Implement strong cybersecurity measures, such as patch management, multi-factor authentication, and endpoint protection.
Educate employees on recognizing and reporting phishing attempts and other malicious activity.
Monitor network activity for suspicious behavior and consider implementing intrusion detection systems.
Have a comprehensive incident response plan in place to respond to ransomware attacks.

Cyber law reform should be top of Labour’s policy list

Published: Thu, 29 Aug 2024 09:42:00 GMT

Introduction

Cyber law reform is an urgent and pressing issue that requires immediate attention from policymakers. The rapid advancement of technology has presented new challenges and opportunities, and our legal framework must evolve to keep pace. This is especially true for the Labour Party, which has a long history of championing social justice and equality.

Cyberbullying and Harassment

One of the most concerning issues in cyberspace is cyberbullying and harassment. The anonymity of the internet can embolden individuals to engage in harmful behavior that would be unacceptable in the physical world. This can have devastating consequences for victims, leading to psychological distress, loss of self-esteem, and even suicide. Labour must prioritize strengthening laws against cyberbullying and harassment to protect vulnerable individuals.

Data Privacy and Protection

The vast amounts of data generated and collected in the digital age have raised serious concerns about data privacy and protection. Companies and governments have access to unprecedented amounts of personal information, which can be used to track, profile, and even manipulate individuals. Labour must advocate for robust data privacy laws that give individuals greater control over their data and prevent its misuse.

Cybercrime and Cybersecurity

Cybercrime, such as hacking, phishing, and ransomware attacks, is a rapidly growing threat to individuals and businesses alike. The Labour Party must support measures to strengthen cybersecurity, including investing in law enforcement and intelligence capabilities, promoting public awareness, and holding businesses accountable for protecting user data.

Economic Inequality and the Digital Divide

Technology has the potential to exacerbate economic inequality and create a digital divide between those who have access to the internet and those who do not. Labour must address the social and economic barriers that prevent marginalized communities from fully participating in the digital economy. This includes expanding broadband access, providing digital literacy training, and promoting policies that create good-paying jobs in the tech sector.

Labour’s Commitment to Cyber Law Reform

The Labour Party has a long-standing commitment to social justice and equality. In order to uphold these values in the digital age, the party must make cyber law reform a top priority. This includes:

Enacting comprehensive legislation to prevent and punish cyberbullying and harassment
Strengthening data privacy laws to protect individuals from data breaches and misuse
Investing in cybersecurity to combat cybercrime and protect critical infrastructure
Promoting digital inclusion and bridging the digital divide
Ensuring that the digital economy benefits all, not just the privileged few

Conclusion

Cyber law reform is an essential undertaking for the Labour Party. By embracing these measures, Labour can create a fairer, safer, and more equitable digital society for all. By putting cyber law reform at the top of its policy list, Labour can demonstrate its commitment to social justice in the 21st century.