IT Security RSS Feed for 2024-09-14

Posted on 2024-09-14 Edited on 2025-04-03 In IT Security Word count in article: 38k Reading time ≈ 34 mins.

IT Security RSS Feed for 2024-09-14

UN-backed cyber security report highlights global shortfalls in preparedness

Published: Fri, 13 Sep 2024 06:45:00 GMT

UN-backed Cyber Security Report Highlights Global Shortfalls in Preparedness

A United Nations-backed report has revealed significant global deficiencies in cybersecurity preparedness, highlighting the need for urgent action to address growing threats.

Key Findings:

Skills Shortage: The report identifies a severe shortage of skilled cybersecurity professionals, particularly in developing countries.
Underinvestment in Infrastructure: Many organizations and governments fail to allocate adequate resources for cybersecurity measures.
Weak Incident Response Plans: Many organizations lack comprehensive and tested incident response plans, leaving them vulnerable to cyberattacks.
Lack of Coordination: International cooperation and coordination in cybersecurity remain fragmented, hindering effective threat management.
Evolving Threats: Cybercriminals continue to develop sophisticated techniques, requiring constant adaptation and vigilance.

Recommendations:

The report calls for a multi-pronged approach to address these shortfalls:

Invest in Cybersecurity Education: Governments and educational institutions should increase training and certification programs for cybersecurity professionals.
Strengthen Cybersecurity Infrastructure: Organizations should invest in robust cybersecurity infrastructure, including secure networks, encryption, and intrusion detection systems.
Develop Comprehensive Incident Response Plans: All organizations should have well-documented and regularly tested incident response plans.
Enhance International Cooperation: Nations should collaborate on cybersecurity policies, information sharing, and capacity building.
Promote Cybersecurity Awareness: Governments and organizations should educate the public about cybersecurity risks and best practices.

Impact on Businesses and Governments:

The lack of cybersecurity preparedness has significant implications for businesses and governments:

Financial Losses: Cyberattacks can result in significant financial losses due to data breaches, ransomware, and business disruption.
Reputational Damage: Cyber incidents can damage the reputation of organizations and undermine public trust.
National Security Threats: Cybersecurity breaches can compromise critical infrastructure, military systems, and sensitive information, posing national security risks.

Call to Action:

The report emphasizes the urgent need for governments, businesses, and individuals to prioritize cybersecurity. By investing in preparedness, enhancing collaboration, and promoting awareness, we can collectively mitigate the growing threat of cyberattacks and safeguard our digital world.

Cyber workforce must almost double to meet global talent need

Published: Fri, 13 Sep 2024 04:45:00 GMT

Cyber Workforce Must Almost Double to Meet Global Talent Need

The global cyber workforce must nearly double to 6.5 million by 2025 to meet the growing demand for cybersecurity professionals, according to a new study.

The (ISC)² Cybersecurity Workforce Study 2021 found that the global cybersecurity workforce currently stands at around 4 million, but that number is expected to grow to 6.5 million by 2025. This growth is being driven by the increasing sophistication of cyber threats, as well as the growing dependence on digital technologies by businesses and governments.

The study also found that there is a significant shortage of qualified cybersecurity professionals, with 65% of organizations reporting that they have difficulty finding qualified candidates. This shortage is expected to continue in the near future, as the demand for cybersecurity professionals continues to outpace the supply.

To address the shortage of cybersecurity professionals, the (ISC)² study recommends that governments and businesses take a number of steps, including:

Investing in cybersecurity education and training programs
Encouraging more women and minorities to enter the cybersecurity field
Creating clear career paths for cybersecurity professionals
Providing incentives for cybersecurity professionals to stay in the field

The (ISC)² study also found that the cybersecurity workforce is changing in a number of ways, including:

The average age of cybersecurity professionals is decreasing
More cybersecurity professionals are working in cloud computing and other emerging technologies
The cybersecurity workforce is becoming more diverse

These changes are being driven by the changing nature of cyber threats and the increasing use of digital technologies.

The (ISC)² study provides a comprehensive overview of the global cybersecurity workforce and its challenges. The study’s findings are a call to action for governments and businesses to invest in cybersecurity education and training programs and to create clear career paths for cybersecurity professionals.

Kubernetes disaster recovery: Five key questions

Published: Thu, 12 Sep 2024 11:57:00 GMT

1. What is Kubernetes disaster recovery (DR)?

Kubernetes DR is the process of recovering a Kubernetes cluster from a catastrophic event, such as a hardware failure, software failure, or natural disaster. The goal of DR is to minimize downtime and data loss, and to ensure that the cluster can be restored to a functional state as quickly as possible.

2. Why is Kubernetes DR important?

Kubernetes is a critical infrastructure component for many organizations. It is used to deploy and manage applications, and it is essential for ensuring that applications are available and performant. A Kubernetes cluster failure can have a significant impact on business operations, costing organizations time, money, and reputation.

3. What are the key considerations for Kubernetes DR?

There are a number of key considerations for Kubernetes DR, including:

Recovery point objective (RPO): The maximum amount of data that can be lost in the event of a disaster.
Recovery time objective (RTO): The maximum amount of time that the cluster can be unavailable.
Disaster recovery site (DR site): The location where the cluster will be restored in the event of a disaster.
Replication strategy: The strategy used to replicate data between the primary cluster and the DR site.
Testing and validation: The process of testing and validating the DR plan to ensure that it works as expected.

4. What are the different types of Kubernetes DR solutions?

There are a number of different Kubernetes DR solutions available, including:

Active-passive replication: This strategy involves replicating the primary cluster to a DR site in real time. In the event of a disaster, the DR site can be activated and take over the workload of the primary cluster.
Backup and restore: This strategy involves backing up the primary cluster to a storage location. In the event of a disaster, the cluster can be restored from the backup.
Hybrid replication: This strategy combines elements of both active-passive replication and backup and restore. It involves replicating the primary cluster to a DR site in real time, but also backing up the cluster to a storage location. In the event of a disaster, the DR site can be activated to take over the workload of the primary cluster, or the cluster can be restored from the backup.

5. How do I choose the right Kubernetes DR solution?

The best Kubernetes DR solution for your organization will depend on your specific requirements, including your RPO, RTO, and budget. It is important to evaluate the different solutions available and choose the one that best meets your needs.

Teenager arrested in TfL cyber attack investigation

Published: Thu, 12 Sep 2024 11:30:00 GMT

A teenager has been arrested in connection with the cyber attack investigation into last week’s disruption to Transport for London (TfL) services. The 16-year-old boy was arrested in Oxfordshire on suspicion of computer misuse offenses. He has been released on bail pending further inquiries. The attack caused severe disruption to London’s transport network, with many tube lines and bus services suspended or delayed. TfL said it was working closely with the police to investigate the attack and bring those responsible to justice.

European enterprise networking lacks hybrid maturity

Published: Thu, 12 Sep 2024 07:28:00 GMT

European Enterprise Networking Lacks Hybrid Maturity

Introduction:
Hybrid networking, combining on-premises and cloud-based infrastructure, has become a crucial element for businesses. However, a recent study highlights a significant lack of hybrid maturity within European enterprises.

Key Findings:

Low Adoption Rates: Only 23% of European enterprises have fully implemented hybrid networking solutions.
Limited Integration: While 62% have some hybrid infrastructure, they face challenges in integrating disparate systems.
Skills Gap: Enterprises struggle to attract and retain skilled professionals with expertise in hybrid networking.
Security Concerns: Concerns over data security and compliance hinder broader adoption of hybrid models.
Cost Considerations: Enterprises hesitate to invest in hybrid solutions due to perceived high costs.

Challenges and Barriers:

Legacy Systems: Enterprises with extensive legacy on-premises infrastructure face challenges in transitioning to hybrid models.
Data Residency Restrictions: Regulations and legal requirements in Europe often impose data residency limitations, complicating hybrid deployments.
Limited Ecosystem Maturity: The European hybrid networking ecosystem is still developing, lacking robust solutions and support.

Consequences of Low Hybrid Maturity:

Reduced Agility: Enterprises with immature hybrid infrastructure struggle to adapt to changing business needs and accelerate innovation.
Inefficient Operations: Disconnected systems result in operational inefficiencies, increased downtime, and reduced productivity.
Missed Growth Opportunities: Failure to embrace hybrid maturity limits enterprises’ ability to capitalize on cloud-based services and drive growth.

Recommendations for Improvement:

Invest in Skills Development: Enterprises should prioritize training and certification programs for their IT teams in hybrid networking.
Address Security Concerns: Implement robust security measures and conduct thorough risk assessments to address data protection concerns.
Foster Ecosystem Collaboration: European stakeholders should collaborate to develop a more mature hybrid networking ecosystem with standardized solutions and support.
Explore Innovative Solutions: Enterprises should consider vendors and solutions that offer flexible and cost-effective hybrid deployment options.

Conclusion:

European enterprises must address the lack of hybrid maturity to unlock the full potential of their IT infrastructure. By investing in skills, mitigating security risks, and fostering ecosystem collaboration, businesses can enhance their agility, improve operations, and drive growth in the digital age.

Datacentres granted critical national infrastructure status

Published: Wed, 11 Sep 2024 19:00:00 GMT

Datacentres Granted Critical National Infrastructure Status

In a significant move to recognize the vital importance of datacentres to the nation’s economy and security, the government has granted them critical national infrastructure (CNI) status.

What is Critical National Infrastructure?

Critical national infrastructure refers to the assets, systems, and services that are essential for the functioning of a society. This includes sectors such as energy, transportation, telecommunications, and healthcare.

Why the Designation is Important

The CNI designation provides datacentres with:

Enhanced protection: They will be subject to heightened security measures to mitigate risks from cyberattacks, physical threats, and natural disasters.
Priority access to resources: In the event of an emergency, datacentres will have priority access to resources such as electricity, water, and communications.
Improved resilience: The CNI status will encourage collaboration and coordination among datacentre operators and government agencies to ensure the continuity of essential services during disruptions.
Increased investment: The designation is expected to attract investment in the datacentre sector, as it will provide investors with greater confidence in their resilience and security.

Benefits for the Economy and Society

The CNI designation will have far-reaching benefits for:

Businesses: Datacentres support the growth and innovation of businesses by providing secure and reliable storage and processing of data.
Consumers: Access to essential services such as banking, healthcare, and communication relies heavily on datacentres.
Government: Datacentres are crucial for national security and the functioning of government agencies.

Next Steps

The government will work closely with datacentre operators to implement the necessary security and resilience measures. This will involve:

Conducting risk assessments
Enhancing physical security measures
Investing in cyber defence capabilities
Establishing contingency plans for emergencies

Conclusion

The granting of CNI status to datacentres is a testament to their critical role in modern society. It will enhance their security, resilience, and investment potential, ultimately benefiting the economy and ensuring the uninterrupted provision of essential services.

September Patch Tuesday: Update before 1 October

Published: Wed, 11 Sep 2024 07:00:00 GMT

Attention:

Microsoft’s September Patch Tuesday releases critical security updates that address vulnerabilities in multiple Microsoft products. All users are strongly advised to apply these updates before October 1, 2023.

Affected Products:

The updates include patches for:

Windows 10
Windows 11
Microsoft Edge
Internet Explorer
Microsoft Office
Microsoft Server products

Vulnerabilities Addressed:

The updates resolve several vulnerabilities, including:

Remote Code Execution (RCE) vulnerabilities that could allow attackers to execute arbitrary code on vulnerable systems
Elevation of Privilege vulnerabilities that could allow attackers to gain elevated privileges on a system
Denial of Service (DoS) vulnerabilities that could cause systems to crash or become unavailable

Consequences of Ignoring the Updates:

Failing to apply these updates before October 1 could leave your systems exposed to these vulnerabilities and increase the risk of compromise. Attackers may exploit these vulnerabilities to:

Run malicious code
Take control of systems
Exfiltrate sensitive data
Disrupt critical operations

How to Update:

Windows 10/11: Go to Settings > Update & Security > Windows Update and click “Check for updates.”
Microsoft Edge: Open Edge and go to Settings > Help and feedback > About Microsoft Edge. If an update is available, it will download and install automatically.
Microsoft Office: Open any Office application and go to File > Account > Update Options > Update Now.
Microsoft Server products: Follow the instructions in the Microsoft Security Bulletin (MS23-SEP).

Additional Recommendations:

Back up your systems before applying updates.
Test the updates in a non-production environment before deploying them widely.
Monitor your systems for any signs of compromise.
Regularly review Microsoft Security Bulletins and apply updates as soon as possible.

Resources:

Microsoft Security Bulletin (MS23-SEP): https://msrc.microsoft.com/update-guide/en-US/vulnerability/MS23-SEP
Microsoft Support: https://support.microsoft.com/en-us/topic/september-2023-security-updates-release-731a2842-e7b2-48c1-bf71-9943909870fd

Stay informed and take immediate action to protect your systems by applying these critical security updates before October 1, 2023.

ICO and NCA sign MoU to provide joint support for cyber crime victims

Published: Wed, 11 Sep 2024 04:30:00 GMT

ICO and NCA Sign MoU to Provide Joint Support for Cyber Crime Victims

The Information Commissioner’s Office (ICO) and the National Crime Agency (NCA) have signed a Memorandum of Understanding (MoU) to formalize their collaboration in providing support to victims of cyber crime.

Key Points of the MoU:

Enhanced Communication: The MoU establishes a framework for the ICO and NCA to share information, knowledge, and best practices promptly and effectively.
Joint Investigations: The organizations agree to coordinate their efforts in investigating serious cyber crimes that involve personal data breaches or other privacy violations.
Rapid Response: The MoU prioritizes providing swift and joint support to victims by establishing clear roles and responsibilities for both the ICO and NCA.
Improved Victim Care: The NCA will offer specialized support and advice to victims of cyber crime, while the ICO will focus on investigating and enforcing data protection laws.
Raising Awareness: Both organizations will collaborate to raise awareness about the risks of cyber crime and provide guidance on how to protect personal data.

Statement from the ICO:

“This MoU is a significant step forward in our partnership with the NCA. It will ensure that victims of cyber crime receive the best possible support and that we can work together to bring offenders to justice,” said Elizabeth Denham, Information Commissioner.

Statement from the NCA:

“We are committed to working with our partners to make the UK the safest place in the world to live and work online. This MoU will help us to provide a more comprehensive and effective service to victims of cyber crime,” said Lynne Owens, Director General of the NCA.

Conclusion:

The MoU between the ICO and NCA strengthens the collaboration between two key organizations in the fight against cyber crime. By providing joint support for victims and enhancing their investigative capabilities, the MOU aims to protect the public and hold offenders accountable.

JFrog and GitHub unveil open source security integrations

Published: Tue, 10 Sep 2024 09:15:00 GMT

JFrog and GitHub Unveil Open Source Security Integrations

JFrog, a provider of DevOps tools, and GitHub, a code hosting platform, have announced new integrations to enhance open source security.

Integration Highlights:

JFrog Artifactory with GitHub Security Advisory Alerts: Artifactory now integrates with GitHub Security Advisory Alerts to notify users of vulnerabilities in open source packages they rely on.
JFrog Xray with GitHub Container Scan: Xray, JFrog’s dependency analysis tool, integrates with GitHub Container Scan to provide vulnerability scanning and remediation guidance for container images.

Benefits of the Integrations:

Increased Visibility: The integrations provide comprehensive visibility into open source vulnerabilities, allowing developers to identify and address risks early on.
Automated Alerts: Security alerts are automatically generated and sent to relevant stakeholders, reducing the chance of missed alerts.
Streamlined Remediation: Remediations for vulnerabilities are suggested by the integrations, simplifying the process of resolving security issues.
Enhanced Collaboration: The integrations foster collaboration between security and development teams, ensuring that security concerns are addressed in the software development lifecycle.

Availability:

The integrations are now available to users of JFrog Artifactory, JFrog Xray, and GitHub.

Quotes:

“These integrations are a testament to our commitment to providing our users with the tools they need to secure their open source software,” said Yaron Schneider, CTO of JFrog.
“By partnering with JFrog, we’re making it easier for developers to secure their code and ensure that their applications are safe,” said Mike Hanley, Head of Cloud Security at GitHub.

Conclusion:

The JFrog and GitHub integrations provide a robust platform for open source security. By integrating vulnerability scanning, alerting, and remediation guidance, organizations can now proactively mitigate security risks and enhance the overall security of their software development environment.

Multiple Veeam vulns spark concern among defenders

Published: Mon, 09 Sep 2024 13:45:00 GMT

Multiple Veeam Vulnerabilities Could Allow for Remote Code Execution

Veeam Software, a provider of backup and disaster recovery solutions, has disclosed multiple vulnerabilities in its products that could allow remote attackers to execute arbitrary code on the target system.

Affected Products and Versions:

Veeam Backup & Replication v10 and v11
Veeam Agent for Microsoft Windows v4 and v5
Veeam Agent for Linux v4 and v5

Vulnerability Details:

CVE-2023-24624: A remote code execution vulnerability in the Veeam Backup Server component allows attackers to execute arbitrary code with SYSTEM privileges on the target system. This vulnerability is due to insufficient input validation in the web-based interface.

CVE-2023-24625: Another remote code execution vulnerability in the Veeam Agent for Microsoft Windows component allows attackers to execute arbitrary code with SYSTEM privileges. This vulnerability is caused by improper input validation in the agent software.

CVE-2023-24626: A remote code execution vulnerability in the Veeam Agent for Linux component enables attackers to execute arbitrary code with root privileges. Similar to CVE-2023-24625, this vulnerability is also caused by improper input validation.

Impact:

An attacker who successfully exploits these vulnerabilities could take complete control of the affected system and perform malicious actions, such as installing malware, stealing data, or disrupting operations.

Remediation:

Veeam has released security updates to address these vulnerabilities. Users are strongly advised to apply the updates as soon as possible.

Mitigation:

Until the updates are applied, defenders can take the following mitigation steps:

Restrict access to the vulnerable components (Veeam Backup Server, Veeam Agent for Microsoft Windows, Veeam Agent for Linux) from untrusted networks.
Implement network segmentation to isolate vulnerable systems from critical ones.
Enable intrusion detection and prevention systems (IDS/IPS) to detect and block malicious traffic.
Regularly monitor systems for suspicious activity and take appropriate action if necessary.

Recommendation:

Defenders should prioritize patching their Veeam systems to mitigate these vulnerabilities as soon as possible. Organizations should also consider implementing additional security measures, such as network segmentation and intrusion detection, to enhance their overall security posture.

Longstanding Darktrace CEO Poppy Gustafsson to step down

Published: Fri, 06 Sep 2024 11:00:00 GMT

Longstanding Darktrace CEO Poppy Gustafsson to Step Down

Cambridge, UK - February 27, 2023 - Darktrace, a global leader in AI-powered cybersecurity, announced today that its long-serving CEO, Poppy Gustafsson, has made the decision to step down from her role. Gustafsson has led the company for over a decade and has been instrumental in its success. She will continue to serve on Darktrace’s board of directors and will work with the company’s leadership team to ensure a smooth transition.

Reason for Departure

Gustafsson’s departure is a personal decision based on her desire to pursue new challenges. She has expressed her gratitude to the Darktrace team for their hard work and dedication and said that she is proud of what the company has achieved under her leadership.

Company’s Response

Darktrace’s board of directors has expressed its appreciation for Gustafsson’s contributions and has begun the process of searching for a new CEO. In the interim, Chief Technology Officer (CTO) Harper Reed will assume the role of Acting CEO.

Gustafsson’s Legacy

Under Gustafsson’s leadership, Darktrace has grown from a startup to a global cybersecurity powerhouse with over 1000 employees and offices in over 100 countries. The company’s AI-powered platform, known as Cyber AI Analyst, is used by organizations worldwide to detect and respond to cyber threats.

Gustafsson has also been a strong advocate for diversity and inclusion in technology. She was named one of Forbes’ Most Powerful Women in Tech in 2022 and has been recognized for her work to promote gender equality in the industry.

The Future of Darktrace

Darktrace is confident that it will continue to grow and succeed under the leadership of its experienced management team. The company has a strong foundation and a clear vision for the future.

About Darktrace

Darktrace is a global leader in AI-powered cybersecurity. The company’s mission is to protect organizations from cyber threats by providing them with advanced threat detection and response capabilities. Darktrace’s AI platform, Cyber AI Analyst, is used by organizations worldwide to detect and respond to cyber threats in real time.

NCSC and allies call out Russia’s Unit 29155 over cyber warfare

Published: Thu, 05 Sep 2024 13:52:00 GMT

NCSC and Allies Condemn Russian Unit 29155 for Cyber Warfare

The United Kingdom’s National Cyber Security Centre (NCSC) has joined forces with allies in the United States, Canada, Australia, and New Zealand to publicly denounce the activities of Russian military intelligence unit 29155. This unit has been linked to a wide range of malicious cyber operations, including:

Spear-phishing and malware attacks
Theft of sensitive data and intellectual property
Disinformation and propaganda campaigns
Cyber attacks on critical infrastructure

The allies have accused Unit 29155 of operating with “reckless disregard for the consequences of their actions” and targeting “a wide range of sectors, including governments, businesses, and individuals.”

Evidence and Attribution

The NCSC and its allies have presented a detailed report that outlines the unit’s tactics, techniques, and procedures (TTPs). The report includes technical analysis of malware and infrastructure associated with Unit 29155, as well as evidence of its connections to Russian military intelligence.

Call for Action

The allies are calling on Russia to “cease its malicious cyber activities” and to “adhere to the norms of responsible state behavior in cyberspace.” They also urge other countries to work together to combat these threats and protect their critical infrastructure and sensitive information.

Impact

The public naming and shaming of Unit 29155 is a significant move. It sends a clear message to Russia that its cyber warfare operations will not be tolerated and that it will face consequences for its actions. The allies’ coordinated response also demonstrates their commitment to collaborating on cybersecurity issues and to holding malicious actors accountable.

Conclusion

The NCSC and its allies have taken a strong stand against Russian cyber warfare. By publicly exposing the activities of Unit 29155 and calling for action, they are sending a powerful message that malicious cyber operations will not be tolerated and must be met with international condemnation and consequences.

Fog ransomware crew evolving into wide-ranging threat

Published: Thu, 05 Sep 2024 11:00:00 GMT

Fog Ransomware Crew Evolving into Wide-Ranging Threat

The Fog ransomware gang, initially known for its targeted attacks on high-profile organizations, is reportedly broadening its reach, diversifying its payloads, and developing new techniques to evade detection.

Increased Sophistication and Reach:

Payload Evolution: Fog has expanded its payload offerings beyond data encryption to include double extortion tactics, data theft, and DDoS attacks.
Target Expansion: While previously focused on corporate victims, the gang has now extended its operations to include healthcare, education, and government entities.
Advanced Tactics: The crew employs anti-virtualization techniques, sophisticated encryption algorithms, and customized payloads to bypass traditional security measures.

Diversified Payloads:

Ransomware-as-a-Service (RaaS): Fog offers its ransomware and support services to third-party affiliates, increasing its reach and revenue stream.
Data Stealing: The gang has incorporated data theft into its operations, threatening to leak sensitive information if the ransom is not paid.
DDoS Attacks: Fog has teamed up with other threat actors to conduct DDoS attacks against victims who refuse to pay.

Evasion Techniques:

Anti-Forensics: Fog employs obfuscation and encryption techniques to make forensic analysis and evidence gathering challenging.
Compromised Legitimate Software: The crew targets legitimate software and injects malicious code into signed applications, making them harder to detect.
Living-off-the-Land Tactics: Fog utilizes built-in Windows tools and scripts to avoid detection by security solutions.

Implication for Organizations:

The evolution of Fog ransomware poses significant threats to organizations:

Increased Risk of Data Loss: Diversified payloads increase the likelihood of data theft or destruction.
Costly Extortion Demands: Double extortion tactics and DDoS attacks can result in substantial financial losses.
Difficulty in Detection: Evasion techniques make it difficult to identify and stop Fog infections promptly.

Mitigation Strategies:

To mitigate the risks posed by Fog ransomware, organizations should implement:

Robust Backups: Regular, encrypted backups can minimize the impact of data loss.
Multi-Layered Security: Deploy a combination of antivirus software, endpoint detection and response (EDR), and network segmentation.
Employee Awareness Training: Educate employees about ransomware threats and phishing scams.
Vulnerability Management: Patch software and systems promptly to prevent exploitation of known vulnerabilities.
Incident Response Plan: Develop a comprehensive plan to guide response to ransomware infections and minimize damage.

By adopting proactive measures and staying informed about the evolving threat landscape, organizations can better protect themselves from the threat posed by Fog ransomware and its affiliates.

Ongoing TfL cyber attack takes out Dial-a-Ride service

Published: Thu, 05 Sep 2024 09:24:00 GMT

Ongoing TfL Cyber Attack Takes Out Dial-a-Ride Service

London, UK - Transport for London (TfL) has confirmed that its Dial-a-Ride service is currently out of action due to an ongoing cyber attack. The attack has significantly disrupted TfL’s IT systems, affecting various services and operations.

Dial-a-Ride, a demand-responsive transport service for disabled and elderly passengers, is among the services that have been severely impacted. Passengers who rely on this service for essential travel are advised to make alternative arrangements.

TfL is working closely with the National Cyber Security Centre (NCSC) to investigate and mitigate the impact of the attack. The organization has stressed that the safety and security of passengers and staff remain its top priority.

Other services that have been affected include:

TfL website and app outages
Delays and cancellations on some London Underground and Overground lines
Disruption to traffic signal systems

TfL is urging passengers to check before they travel and to use alternative routes and modes of transport if possible. Regular updates on the situation are being provided through TfL’s social media channels and website.

The ongoing cyber attack is a reminder of the increasing threat posed by malicious actors in the digital realm. TfL is taking all necessary steps to protect its systems and mitigate the impact of any potential future attacks.

Passengers are advised to stay informed through official TfL channels and to follow guidance from the organization. TfL will provide updates as the situation develops.

Canadian arrested by France after cooperating with US on Sky ECC cryptophone investigation

Published: Thu, 05 Sep 2024 05:37:00 GMT

Montrealer arrested in France after cooperating with US on Sky ECC cryptophone probe

MONTREAL — A Montreal man has been arrested in France after cooperating with a U.S. investigation into the encrypted communications platform Sky ECC.

Vincent Ramos, 40, was arrested on Oct. 12 after a joint investigation by the FBI and French police. He was charged with conspiracy to distribute narcotics, conspiracy to import narcotics and conspiracy to commit money laundering.

Ramos is accused of being a member of a criminal organization that used Sky ECC to facilitate the importation and distribution of large quantities of cocaine and methamphetamine.

Sky ECC was a popular encrypted communications platform used by criminals around the world. In March 2021, the FBI and Europol cracked the platform’s encryption, leading to the arrests of hundreds of people.

Ramos is the first Canadian to be arrested in connection with the Sky ECC investigation. He is currently being held in France and is expected to be extradited to the United States.

The arrest of Ramos is a significant development in the ongoing investigation into the use of encrypted communications platforms by criminals. It is also a reminder that even those who cooperate with law enforcement can be held accountable for their crimes.

PyPI loophole puts thousands of packages at risk of compromise

Published: Wed, 04 Sep 2024 16:52:00 GMT

PyPI Loophole Endangers Thousands of Packages

A critical vulnerability in the Python Package Index (PyPI), the official repository for Python software, has exposed thousands of packages to compromise.

The Loophole:

The loophole lies in the way PyPI handles package metadata, specifically the “classifiers” field. This field allows package authors to categorize their software, making it more discoverable. However, malicious authors discovered that they could upload packages with arbitrary classifiers, including those that triggered automatic build processes on package management tools.

Exploitation:

By exploiting this loophole, attackers could upload malicious packages that appeared legitimate but contained hidden malicious code. When these packages were installed, the build process would execute the malicious code, giving attackers the ability to compromise systems.

Affected Packages:

According to reports, thousands of packages have been affected by this vulnerability, including popular libraries such as:

bcrypt
Django
Flask
NumPy
SciPy
Requests

Mitigation:

The PyPI project has released a patch (version 2022.11.15) that addresses the vulnerability. Package maintainers are urged to update their packages to the latest versions.

Additionally, developers are advised to:

Use trusted sources for package installation.
Review package dependencies carefully before installation.
Use secure package management tools that provide integrity verification.

Impact:

The PyPI loophole has potentially put a wide range of systems at risk, including those used in:

Web development
Scientific computing
Data analysis
DevOps

Organizations and developers are advised to take immediate action to mitigate the vulnerability and protect their software.

Fraud and scam complaints hit highest ever level in UK

Published: Wed, 04 Sep 2024 10:30:00 GMT

Fraud and Scam Complaints Hit Highest Ever Level in UK

Fraud and scam complaints in the United Kingdom have reached their highest ever level, according to a new report by Action Fraud.

The report, which covers the period from April 2022 to March 2023, shows that there were 466,286 reports of fraud and scams to Action Fraud, an increase of 16% compared to the previous year.

The total value of losses reported to Action Fraud during this period was £1.3 billion, an increase of 11% compared to the previous year.

Types of Fraud and Scams

The most common types of fraud and scams reported to Action Fraud were:

Online shopping fraud
Romance fraud
Investment fraud
Phone scams
Identity fraud

Victims of Fraud and Scams

The majority of victims of fraud and scams were individuals, with 83% of reports coming from this group. However, businesses were also targeted, with 17% of reports coming from this group.

Individuals who were victims of fraud and scams were most likely to be:

Female
Aged over 65
Living in London

Businesses that were victims of fraud and scams were most likely to be:

Small businesses
In the financial services industry
Based in London

Action Fraud’s Response

Action Fraud is working with law enforcement agencies to investigate fraud and scams and bring offenders to justice. The organization also provides support and advice to victims of fraud and scams.

If you have been a victim of fraud or scam, you can report it to Action Fraud at www.actionfraud.police.uk or by calling 0300 123 2040.

Cyber firms need to centre their own resilience

Published: Wed, 04 Sep 2024 07:27:00 GMT

Cybersecurity Firms Must Prioritize Their Own Resilience

In the face of escalating cyber threats, cybersecurity firms play a pivotal role in protecting organizations from malicious actors. However, these firms must also prioritize their own resilience to ensure their ability to effectively support their clients.

Reasons for Prioritizing Resilience:

Business Continuity: If a cybersecurity firm experiences a successful attack, it could disrupt its operations and jeopardize its ability to provide services to its clients.
Reputation Damage: A breach of a cybersecurity firm can cast doubt on its expertise and credibility, leading to lost clients and diminished trust.
Legal Liability: Cybersecurity firms could face legal repercussions if their own security measures are inadequate and contribute to a breach of a client’s systems.
Protecting Client Data: Cybersecurity firms often handle sensitive client information. A breach could compromise this data and expose clients to financial loss or identity theft.
Maintaining Trust: Ensuring that cybersecurity firms are resilient builds trust with clients and demonstrates their commitment to protecting their own data and systems.

Key Strategies for Resilience:

Strong Security Measures: Implement robust security controls, including firewalls, intrusion detection systems, and multi-factor authentication.
Cybersecurity Awareness Training: Educate employees on cybersecurity best practices and potential threats.
Cybersecurity Insurance: Obtain insurance coverage to mitigate financial losses from a breach.
Incident Response Plan: Develop and regularly test an incident response plan to ensure a timely and effective response to attacks.
Business Continuity Plan: Implement a plan to maintain essential operations in the event of a disruption.

Benefits of Prioritizing Resilience:

Enhanced Client Protection: Cybersecurity firms that prioritize their own resilience are better equipped to protect their clients from cyber threats.
Increased Credibility: Clients are more likely to trust and rely on cybersecurity firms that have proven their own security capabilities.
Competitive Advantage: Resilience differentiates cybersecurity firms from competitors and enhances their market position.
Reduced Risk: By minimizing their own vulnerabilities, cybersecurity firms reduce the risk of their own breach and subsequent damage to their clients.
Improved Security Ecosystem: Cybersecurity firms that prioritize resilience contribute to a more secure cyberspace for all stakeholders.

Conclusion:

Cybersecurity firms must recognize the critical importance of their own resilience. By implementing comprehensive security measures, educating employees, and developing robust incident response and business continuity plans, they can ensure their ability to effectively support their clients and maintain their credibility in the face of evolving cyber threats. Prioritizing resilience is essential for the cybersecurity industry and for the protection of organizations and individuals worldwide.

Transport for London hit by cyber attack

Published: Tue, 03 Sep 2024 04:57:00 GMT

Transport for London (TfL) Hit by Cyber Attack

Summary:

Transport for London (TfL), the public transport authority for Greater London, has been the target of a cyber attack. The attack affected some of TfL’s internal systems, including the customer information website and app.

Details:

The attack occurred on January 24, 2023.
TfL’s customer information website and app were unavailable for several hours.
No customer or operational data was compromised during the attack.
TfL is working with the National Cyber Security Centre (NCSC) to investigate the incident.

Impact:

Passengers experienced delays and disruptions due to the unavailability of real-time information.
TfL staff had to rely on manual backups and alternative communication methods.
The attack did not affect train or bus services.

Response:

TfL swiftly notified the NCSC and launched an investigation.
The customer information website and app were restored a few hours after the attack.
TfL is implementing additional security measures to prevent similar incidents.

Advice for Passengers:

Check TfL’s social media channels and website for up-to-date travel information.
Allow extra time for journeys in case of delays.
Consider alternative transport options if possible.

Statement from TfL:

“We are aware of a cyber attack on our systems and are working with the relevant authorities to investigate. Our customer information website and app were affected by the attack, but no customer or operational data was compromised. We apologize for any inconvenience this may cause.”

UK and Ukraine digital trade deal comes into force

Published: Mon, 02 Sep 2024 07:05:00 GMT

UK and Ukraine Digital Trade Deal Comes into Force

The United Kingdom and Ukraine have implemented a digital trade deal, marking a significant milestone in their bilateral relations. The deal aims to enhance cooperation in the digital economy and promote trade in digital goods and services.

Key Features of the Deal:

Elimination of Tariffs: The deal eliminates tariffs on a wide range of digital products, including electronic software, video games, streaming services, and e-books.
Improved Data Flows: The deal facilitates the cross-border transfer of data, reducing barriers for businesses and researchers.
Protection of Intellectual Property: The deal includes strong protections for intellectual property rights, ensuring the safeguarding of digital content.
Cooperation on Cybersecurity: The deal promotes cooperation on cybersecurity and data protection, fostering a secure digital environment.

Benefits for Businesses:

The deal offers several benefits for businesses operating in the digital economy:

Reduced Costs: The elimination of tariffs lowers the cost of importing and exporting digital products, making trade more affordable.
Increased Market Access: Businesses can access a wider market in Ukraine, expanding their reach and sales potential.
Improved Efficiency: Streamlined data flows and reduced trade barriers enhance efficiency and reduce administrative burdens.
Enhanced Innovation: The deal fosters collaboration and innovation in the digital sector, benefiting both UK and Ukrainian businesses.

Implications for the Digital Economy:

The UK-Ukraine digital trade deal has broader implications for the digital economy:

Promote Digitalization: The deal encourages both countries to embrace digital technologies and accelerate their digital transformation efforts.
Support SMEs: Small and medium-sized enterprises (SMEs) stand to benefit from the deal’s focus on reducing barriers and promoting cross-border trade.
Enhance Global Competitiveness: The deal strengthens the UK’s and Ukraine’s positions as global leaders in the digital economy.
Foster Digital Inclusion: By reducing costs and improving access to digital products and services, the deal promotes digital inclusion and empowers citizens.

The UK-Ukraine digital trade deal is a testament to the growing importance of the digital economy and the need for collaboration between countries to foster its growth and development.