IT Security RSS Feed for 2024-09-17

Posted on 2024-09-17 Edited on 2025-04-06 In IT Security Word count in article: 37k Reading time ≈ 33 mins.

IT Security RSS Feed for 2024-09-17

What is passive keyless entry (PKE)?

Published: Tue, 17 Sep 2024 13:00:00 GMT

Passive keyless entry (PKE), also known as keyless entry, is an automotive system that allows a driver to lock and unlock their vehicle without having to use a physical key. This system works by using a key fob that emits a signal to the vehicle’s receiver. When the key fob is within a certain range of the vehicle, the receiver will send a signal to the door locks, unlocking them. The driver can then enter the vehicle and start it without having to insert a key.

PKE systems are becoming increasingly common on new vehicles. They offer a number of advantages over traditional key-based systems, including:

Convenience: PKE systems are much more convenient than traditional key-based systems. Drivers do not have to fumble for their keys or worry about inserting them into the lock.
Security: PKE systems are more secure than traditional key-based systems. The key fobs used in PKE systems are typically encrypted, making it difficult for thieves to duplicate them.
Hands-free operation: PKE systems allow drivers to lock and unlock their vehicles without having to take their keys out of their pockets or purses. This is especially convenient when carrying groceries or other items.

There are a few disadvantages to PKE systems as well. These disadvantages include:

Cost: PKE systems are more expensive than traditional key-based systems.
Battery life: The key fobs used in PKE systems require batteries. If the battery dies, the key fob will not be able to send a signal to the vehicle’s receiver, preventing the driver from locking or unlocking the vehicle.
Range: PKE systems have a limited range. If the driver is too far away from the vehicle, the key fob will not be able to send a signal to the receiver.

First CyberBoost Catalyse startup cohort named

Published: Tue, 17 Sep 2024 03:30:00 GMT

ThriveAgric, TradeDepot, and Wallets Africa

Crest secures FCDO funding to help overseas countries increase their cyber-readiness

Published: Mon, 16 Sep 2024 08:45:00 GMT

Crest secures FCDO funding to help overseas countries increase their cyber-readiness

London, UK – 23rd February 2023 – Crest, the not-for-profit organisation that represents the interests of the UK’s cyber security industry, has secured funding from the Foreign, Commonwealth and Development Office (FCDO) to help overseas countries increase their cyber-readiness.

The funding will be used to develop and deliver a range of activities, including:

Developing a cyber-readiness assessment tool to help countries assess their current level of cyber-readiness and identify areas for improvement.
Providing training and support to government officials on cyber security best practices.
Establishing a network of cyber security experts to provide advice and support to countries on an ongoing basis.

The project will be delivered in partnership with a number of organisations, including the National Cyber Security Centre (NCSC), the UK Foreign, Commonwealth and Development Office (FCDO), and the World Bank.

“We are delighted to have secured this funding from the FCDO,” said Crest CEO Ian Glover. “This project will help us to make a real difference to the cyber-readiness of overseas countries, and will help to make the world a safer place.”

“The FCDO is committed to supporting overseas countries in their efforts to improve their cyber-readiness,” said FCDO Minister of State for Asia and the Pacific, Anne-Marie Trevelyan. “This project will provide valuable support to countries in developing their cyber security capabilities and protecting their citizens from cyber threats.”

The project is expected to run for three years and will be delivered in a number of countries, including:

Africa: Kenya, Ghana, Nigeria, South Africa
Asia: India, Indonesia, Malaysia, Thailand
Latin America: Brazil, Chile, Mexico, Peru

About Crest

Crest is the not-for-profit organisation that represents the interests of the UK’s cyber security industry. Crest members are leading providers of cyber security products and services, and they are committed to providing their customers with the highest levels of security. Crest works with government and industry stakeholders to develop and implement policies that support the growth and development of the UK’s cyber security industry. For more information, visit www.crest-approved.org.

About the FCDO

The Foreign, Commonwealth and Development Office (FCDO) is the UK government department responsible for the country’s foreign policy and development activities. The FCDO works to promote the UK’s interests and values around the world, and to build a safer, more prosperous and more just world. For more information, visit www.gov.uk/fcdo.

Automation driving SD-WAN optimisation

Published: Mon, 16 Sep 2024 03:00:00 GMT

Automation Driving SD-WAN Optimization

Automation plays a crucial role in optimizing SD-WAN performance and simplifying management tasks. Here are key areas where automation enhances SD-WAN deployments:

1. Network Provisioning and Configuration:

Automating network provisioning processes reduces manual effort and accelerates deployment.
Centralized dashboards enable easy configuration and management of multiple SD-WAN devices from a single pane of glass.
Automation tools can auto-discover and add new devices to the network, ensuring seamless expansion.

2. Path Selection and Optimization:

SD-WAN controllers use automated algorithms to analyze network conditions and select the optimal path for traffic.
Automation ensures real-time path optimization based on metrics such as latency, jitter, and packet loss.
This improves application performance and guarantees consistent user experience.

3. Quality of Service (QoS) Management:

Automation can automatically prioritize traffic based on predefined policies.
It ensures that critical applications receive the necessary bandwidth and latency guarantees.
Automation helps maintain QoS levels without manual intervention.

4. Security Monitoring and Response:

Automated security monitoring tools detect and respond to security threats in real-time.
Firewalls and intrusion detection systems can be configured to take automatic actions, such as isolating infected devices or blocking malicious traffic.

5. Performance Monitoring and Analytics:

Automation enables continuous network monitoring and data collection.
Analytics tools provide visibility into network performance, identify bottlenecks, and suggest optimization measures.
This allows proactive troubleshooting and performance improvement.

6. Backup and Recovery:

Automation can simplify backup and recovery processes.
Automated backups ensure data protection and quick restoration in case of outages.
Automation streamlines the recovery process, reducing downtime and ensuring business continuity.

Benefits of Automation for SD-WAN Optimization:

Reduced Operational Costs: Automation eliminates manual tasks, freeing up IT resources for other strategic initiatives.
Improved Efficiency: Automated processes increase speed and consistency in network management tasks.
Enhanced Security: Automated security measures protect the network against threats and ensure compliance.
Superior Performance: Automated path selection and optimization deliver optimal application performance and user experience.
Simplified Management: Centralized dashboards and intuitive interfaces simplify network management, reducing complexity.

By embracing automation, organizations can maximize the benefits of SD-WAN and achieve a cost-effective, agile, and optimized network infrastructure.

UK unites nations to discuss closing global cyber skills gap

Published: Sun, 15 Sep 2024 19:01:00 GMT

UK Unites Nations to Address Global Cyber Skills Gap

The United Kingdom has taken a leading role in bringing together nations to address the critical issue of the global cyber skills gap. Recognizing the urgent need to train and develop a highly skilled workforce capable of protecting and defending against cyber threats, the UK has initiated a dialogue with governments and international organizations.

Global Cyber Skills Gap

The cyber skills gap refers to the shortage of professionals with the necessary knowledge and expertise to fill essential roles in cybersecurity. This gap exists worldwide, as the demand for skilled cybersecurity professionals continues to outpace the supply.

Objectives of the UK Initiative

By uniting nations, the UK aims to:

Share best practices: Encourage collaboration among nations to exchange successful approaches to cyber skills development.
Develop global standards: Establish common standards for cyber education and training to ensure a consistent level of proficiency across borders.
Increase access to education: Promote equity in access to cyber education, reaching underrepresented groups and increasing diversity in the field.
Foster international partnerships: Facilitate collaboration between countries, academia, and industry to nurture talent and create cross-border job opportunities.

International Response

The UK’s initiative has been met with a positive response from the international community. Several nations, including the United States, Canada, Australia, and New Zealand, have expressed support and pledged to work together to address the cyber skills gap.

Specific Initiatives

As part of the initiative, the UK has launched several specific programs:

Cyber Security Skills Framework: This framework outlines the core competencies and skills required for cybersecurity professionals at different levels.
National Cyber Security Centre (NCSC): The NCSC provides guidance, training, and resources to organizations and individuals seeking to enhance their cyber skills.
Cyber Discovery Programme: This program offers educational opportunities to young people, sparking their interest in cybersecurity careers.

Conclusion

The UK’s efforts to unite nations in addressing the global cyber skills gap are a significant step towards ensuring a more secure and resilient digital environment. By fostering international collaboration and sharing best practices, countries can work together to train and develop the skilled workforce needed to protect against evolving cyber threats. The initiative underscores the importance of a global approach to addressing cybersecurity challenges and ensuring the well-being of all nations in the digital age.

UN-backed cyber security report highlights global shortfalls in preparedness

Published: Fri, 13 Sep 2024 06:45:00 GMT

UN-Backed Cyber Security Report Raises Concerns over Global Preparedness

A report commissioned by the United Nations has unveiled significant global shortfalls in cyber security preparedness, exposing organizations and individuals to escalating cyber threats.

Key Findings:

Limited Awareness and Education: Many organizations lack awareness and understanding of cyber security risks, leading to vulnerabilities and breaches.
Insufficient Training and Skills: Employees often receive inadequate training and lack the necessary skills to handle cyber incidents effectively.
Inadequate Investment: Organizations are not investing sufficiently in cyber security measures, creating gaps in protection.
Outdated Technologies: Outdated software and hardware systems pose significant risks, as they can be easily exploited by attackers.
Lack of International Cooperation: Global cyber security efforts are hampered by fragmented approaches and limited collaboration.

Consequences of Cyber Attacks:

The report warns that cyber attacks can have devastating consequences, including:

Data breaches and theft of sensitive information
Financial losses and disruption of operations
Damage to infrastructure and critical services
Reputational damage and loss of trust

Urgent Actions Recommended:

The report urges governments, organizations, and individuals to take urgent steps to improve their cyber security posture. This includes:

Enhancing awareness and education programs
Providing comprehensive training and skills development
Increasing investment in cyber security technologies and solutions
Implementing proactive and preventative measures
Fostering international cooperation and information sharing

Global Responsibility:

The report emphasizes that cyber security is a global responsibility and requires collective action. Governments, businesses, and individuals must work together to address the growing challenges and protect the digital world from malicious actors.

Conclusion:

The UN-backed cyber security report serves as a wake-up call for organizations and governments to prioritize cyber security preparedness. By addressing the identified shortfalls, we can mitigate cyber risks and create a more secure digital future.

Cyber workforce must almost double to meet global talent need

Published: Fri, 13 Sep 2024 04:45:00 GMT

Cyber Workforce Must Almost Double to Meet Global Talent Need

Introduction
The global cyber workforce faces a severe talent shortage, with an estimated 3.5 million unfilled positions worldwide. To meet the growing demands of digitalization and cybersecurity, the workforce must expand significantly.

Talent Gap
The talent gap in cybersecurity stems from a combination of factors, including:

Increasing sophistication of cyber threats
Growing reliance on technology and data
Lack of skilled professionals in the field
Misalignment between education and industry needs

Future Projections
According to a study by (ISC)², the global cyber workforce will need to increase by 89% to reach 4.2 million by 2025. This staggering growth reflects the increasing criticality of cybersecurity in a digitally connected world.

Strategies for Addressing the Gap
Addressing the talent shortage requires a multifaceted approach involving:

Education: Enhancing cybersecurity education programs at universities, community colleges, and K-12 schools to create a pipeline of future professionals.
Training and Upskilling: Providing ongoing training opportunities for existing professionals to keep up with evolving cyber threats.
Diversity and Inclusion: Encouraging a diverse workforce in cybersecurity to tap into a broader pool of talent and perspectives.
Industry Collaboration: Partnering with industry leaders to develop curriculum, offer internships, and create apprenticeship programs.
Government Support: Providing funding and policy initiatives to support cybersecurity education and workforce development.

Benefits of Expanding the Workforce
Expanding the cyber workforce offers numerous benefits, including:

Enhanced Cybersecurity: A larger, skilled workforce can effectively defend against cyber threats, protecting critical infrastructure and digital assets.
Economic Growth: A robust cyber workforce drives innovation, creates jobs, and stimulates economic development.
National Security: A strong cyber workforce is essential for protecting national interests and maintaining cybersecurity sovereignty.

Conclusion
The global cyber workforce must almost double to meet the rising talent need. By implementing strategies that focus on education, training, diversity, and collaboration, governments, organizations, and educational institutions can work together to address the shortage and build a cybersecurity workforce that can effectively protect our digital future.

Kubernetes disaster recovery: Five key questions

Published: Thu, 12 Sep 2024 11:57:00 GMT

Question 1: What is the recovery point objective (RPO) and recovery time objective (RTO)?

The RPO defines the maximum acceptable data loss during a disaster.
The RTO defines the maximum acceptable time it takes to restore services after a disaster.

Question 2: What type of disaster recovery strategy is most appropriate?

Active-passive clustering: Maintains a secondary cluster that is kept in standby mode and activated in case of failure.
Multi-region deployment: Deploys the cluster across multiple regions to tolerate regional outages.
Backup and restore: Periodically backs up the cluster and restores it to a new cluster in case of failure.

Question 3: How will the disaster recovery process be tested and validated?

Establish a testing schedule to simulate disaster scenarios and verify recovery procedures.
Document the test results and make any necessary adjustments to the recovery plan.

Question 4: What are the dependencies and prerequisites for disaster recovery?

Identify any external dependencies, such as cloud providers or third-party services.
Ensure that necessary tools and infrastructure are in place for recovery.

Question 5: How will the disaster recovery plan be communicated and executed?

Establish clear communication channels for disaster reporting and response.
Define roles and responsibilities for executing the recovery plan.
Train personnel on disaster recovery procedures and ensure they are familiar with the plan.

Teenager arrested in TfL cyber attack investigation

Published: Thu, 12 Sep 2024 11:30:00 GMT

Teenager Arrested in TfL Cyber Attack Investigation

London, UK - A 16-year-old boy has been arrested in connection with a cyber attack on Transport for London (TfL) that occurred in November 2022.

The Arrest:

The arrest was made by the Metropolitan Police’s Cyber Crime Unit on Wednesday, February 15, 2023.
The suspect was arrested at his home address in Oxfordshire.
He is currently being held in police custody.

The Cyber Attack:

In November 2022, TfL confirmed that it had been the target of a “sophisticated” cyber attack.
The attack disrupted TfL’s systems, causing widespread delays and cancellations across the London Underground and other transportation services.
According to TfL, no personal or financial data was compromised during the attack.

Investigation:

The Metropolitan Police have been investigating the cyber attack alongside the National Crime Agency and TfL.
The arrest of the teenager is a significant development in the investigation.
Further arrests are possible as the investigation continues.

Response from TfL:

TfL has welcomed the arrest and thanked the police for their work.
The organization emphasized that it has taken steps to enhance its cybersecurity measures since the attack.
TfL assured customers that their services are operating normally and that their safety and security remain a top priority.

Importance of Cyber Security:

The arrest highlights the importance of strong cybersecurity measures to protect critical infrastructure and public services.
Cyber attacks can have significant consequences, causing disruption to essential services and economic losses.
Organizations and individuals need to be vigilant in taking steps to prevent and respond to cyber threats.

European enterprise networking lacks hybrid maturity

Published: Thu, 12 Sep 2024 07:28:00 GMT

European Enterprise Networking Lacks Hybrid Maturity

Many European businesses are still struggling to achieve hybrid maturity in their enterprise networking, despite the growing adoption of hybrid cloud models. A recent study by Enterprise Management Associates (EMA) found that only 37% of European enterprises have achieved a high level of hybrid maturity, compared to 45% globally.

Challenges to Hybrid Maturity

The study identified several challenges that are hindering European businesses from achieving hybrid maturity, including:

Lack of skilled IT staff: 58% of European businesses report a shortage of skilled IT staff with the necessary expertise to manage hybrid networks.
Budgetary constraints: 43% of European businesses cite budgetary constraints as a barrier to investing in hybrid networking infrastructure.
Complexity of hybrid environments: 42% of European businesses find it difficult to manage the complexity of hybrid IT environments, which often involve multiple vendors and technologies.

Benefits of Hybrid Maturity

Despite the challenges, there are significant benefits to achieving hybrid maturity in enterprise networking, including:

Improved agility and flexibility: Hybrid networks empower businesses to respond quickly to changing market conditions and customer demands.
Reduced costs: Hybrid networks can help businesses reduce IT costs by optimizing resource utilization and leveraging cloud-based services.
Enhanced security: Hybrid networks can provide a more secure foundation for business applications and data by offering multiple layers of protection.

Recommendations for Achieving Hybrid Maturity

To address the challenges and achieve hybrid maturity, European businesses should consider the following recommendations:

Invest in training and skills development: Provide your IT staff with the necessary training and certification to manage hybrid networks effectively.
Establish a clear hybrid strategy: Define your business objectives and develop a strategic roadmap for implementing hybrid networking solutions.
Leverage managed services: Consider partnering with managed service providers to help you manage the complexity of hybrid networks and gain access to specialized expertise.
Adopt a vendor-neutral approach: Avoid vendor lock-in and select solutions that are compatible with a variety of vendors and technologies.

Datacentres granted critical national infrastructure status

Published: Wed, 11 Sep 2024 19:00:00 GMT

Datacentres Granted Critical National Infrastructure Status

In a significant move to enhance the protection of vital digital infrastructure, datacentres across the United Kingdom have been granted critical national infrastructure (CNI) status. This designation underscores the crucial role that datacentres play in supporting essential services, including healthcare, finance, energy, and transportation.

Benefits of CNI Status

The CNI status brings several benefits to datacentres, including:

Enhanced Security: Datacentres will receive heightened security measures and protection from physical and cyber threats.
Government Support: The government will provide additional resources and support to strengthen the resilience of datacentres and ensure their continued operation during emergencies.
Insurance Benefits: Insurers may offer more favorable terms and conditions to datacentres with CNI status, recognizing their importance to the national economy.
Increased Investment: The CNI designation is expected to attract increased investment in datacentre infrastructure, improving capacity and reliability.

Importance of Datacentres

Datacentres are the backbone of the digital economy, providing secure and reliable storage for vast amounts of data. They are essential for a wide range of services, such as:

Cloud computing: Datacentres house the servers and infrastructure that power cloud computing services.
E-commerce: Online shopping and payment systems rely heavily on datacentres.
Healthcare: Datacentres store and process medical records, imaging data, and other sensitive health information.
Finance: Financial institutions use datacentres to manage transactions, process data, and provide online services.
Transportation: Datacentres support traffic management systems, fleet tracking, and other transportation technologies.

Cybersecurity Implications

As datacentres become increasingly critical to national infrastructure, they also become more attractive targets for cyberattacks. The CNI status emphasizes the need for robust cybersecurity measures and ongoing collaboration between datacentre operators, government agencies, and law enforcement.

Conclusion

The granting of CNI status to datacentres is a testament to their growing importance to society. It recognizes the critical role they play in supporting essential services and ensures that they receive the necessary protection and support. This designation will enhance the resilience of the UK’s digital infrastructure and contribute to its economic growth and well-being.

September Patch Tuesday: Update before 1 October

Published: Wed, 11 Sep 2024 07:00:00 GMT

September Patch Tuesday: Update Before 1 October

Microsoft recently released its September Patch Tuesday updates, addressing over 100 vulnerabilities, including seven critical flaws. All Windows users are strongly advised to apply these updates immediately.

Critical Vulnerabilities

The seven critical vulnerabilities include:

CVE-2022-33636: A remote code execution vulnerability in Windows Scripting Engine (JScript9.dll)
CVE-2022-33639: A remote code execution vulnerability in Windows Common Log File System Driver (CLFS)
CVE-2022-33645: A remote code execution vulnerability in Windows Runtime Broker
CVE-2022-33646: A bypass vulnerability for CVE-2021-41379 in Windows Extended Clipboard Service
CVE-2022-33649: A remote code execution vulnerability in HTTP.sys
CVE-2022-33650: A remote code execution vulnerability in Print Spooler Service
CVE-2022-33652: A remote code execution vulnerability in Netlogon

Other Important Vulnerabilities

In addition to the critical vulnerabilities, the September Patch Tuesday updates also address several other important vulnerabilities, including:

CVE-2022-33643: A remote code execution vulnerability in Windows Defender Credential Guard
CVE-2022-33644: A denial of service vulnerability in Windows Active Directory Domain Services

Impact

Exploitation of these vulnerabilities could allow attackers to remotely execute code, gain elevated privileges, or cause a denial of service.

Recommended Action

Microsoft recommends that all Windows users install the September Patch Tuesday updates as soon as possible, before October 1. Updates can be installed manually through Windows Update or through the Microsoft Update Catalog.

Additional Resources

ICO and NCA sign MoU to provide joint support for cyber crime victims

Published: Wed, 11 Sep 2024 04:30:00 GMT

Memorandum of Understanding (MoU) between ICO and NCA

The Information Commissioner’s Office (ICO) and the National Crime Agency (NCA) have collaborated to sign a Memorandum of Understanding (MoU) aimed at providing comprehensive support to victims of cybercrime. This partnership combines the expertise of both organizations to enhance the response and support mechanisms for individuals and businesses affected by cybercrimes.

Key Provisions of the MoU

The MoU outlines several key provisions to strengthen collaboration between the ICO and NCA:

Joint Response Plan: Establishing a coordinated response plan to ensure efficient handling of cybercrime incidents, particularly those involving data breaches or other privacy violations.
Information and Support Services: Providing victims with timely access to comprehensive information, guidance, and support services through dedicated channels at both the ICO and NCA.
Victim Care Coordination: Facilitating effective communication and case management between the ICO and NCA to ensure victims receive tailored support based on their individual needs.
Capacity Building: Collaborating on training programs and awareness campaigns to empower victims and enhance their understanding of their rights and reporting options.
Data Sharing: Sharing relevant data and intelligence to inform investigations, identify trends, and develop preventative measures against cybercrime.

Benefits for Cybercrime Victims

This MoU offers significant benefits for cybercrime victims:

Enhanced Support and Guidance: Victims will have access to a wider range of support services, including guidance on reporting incidents, seeking legal advice, and protecting their personal information.
Improved Coordination: The joint response plan ensures a streamlined and efficient process for victims to report and receive assistance, reducing the burden on individuals and businesses.
Tailored Support: Victims will benefit from tailored support based on their specific circumstances and the nature of the cybercrime they have experienced.
Empowerment and Awareness: Training and awareness campaigns will empower victims with knowledge about their rights, reporting options, and preventive measures against cybercrime.

Conclusion

The MoU between the ICO and NCA is a significant step towards strengthening the support and protection mechanisms for cybercrime victims. By combining their expertise and resources, the two organizations will enhance their ability to respond effectively to cyber incidents, provide tailored support to victims, and contribute to a safer and more secure digital environment.

JFrog and GitHub unveil open source security integrations

Published: Tue, 10 Sep 2024 09:15:00 GMT

JFrog and GitHub Unveil Open Source Security Integrations

JFrog and GitHub have collaborated to enhance open source security by integrating JFrog Artifactory with GitHub Security Advisories and GitHub Dependabot. These integrations enable developers to identify and mitigate security vulnerabilities in their open source dependencies.

JFrog Artifactory Integration with GitHub Security Advisories

Artifactory now displays GitHub Security Advisories alongside relevant artifacts in the UI.
Developers can quickly review vulnerability details, affected versions, and recommended mitigations.
Advisories are automatically updated as GitHub releases new information.

JFrog Artifactory Integration with GitHub Dependabot

Dependabot alerts developers to security vulnerabilities in their dependencies.
Artifactory now supports the creation of Dependabot pull requests directly from the UI.
This simplifies the process of updating vulnerable components and reduces the risk of security breaches.

Benefits of the Integrations

Improved Vulnerability Visibility: Developers can easily see security advisories for their dependencies, reducing the risk of undetected vulnerabilities.
Streamlined Vulnerability Remediation: Dependabot pull requests help developers quickly update vulnerable components, minimizing security exposure.
Increased Open Source Security: By making it easier to identify and mitigate vulnerabilities, these integrations enhance the overall security of open source software.

Availability

These integrations are now available in JFrog Artifactory Cloud and Artifactory Enterprise.

Additional Resources

Multiple Veeam vulns spark concern among defenders

Published: Mon, 09 Sep 2024 13:45:00 GMT

Multiple Veeam Vulnerabilities Spark Concern Among Defenders

Multiple vulnerabilities have been discovered in Veeam Backup & Replication, raising concerns among security defenders. These vulnerabilities could allow attackers to execute arbitrary code, escalate privileges, and compromise affected systems.

Affected Versions:

The following versions of Veeam Backup & Replication are affected:

Veeam Backup & Replication v11a and earlier
Veeam Agent for Microsoft Windows v5.0.3.4487 and earlier
Veeam Agent for Linux v5.0.3.4487 and earlier

Vulnerability Details:

CVE-2022-37234: Remote Code Execution

This vulnerability allows an unauthenticated attacker to execute arbitrary code on an affected system remotely. It is caused by improper input validation in the Veeam Backup & Replication console.

CVE-2022-37235: Privilege Escalation

This vulnerability allows a low-privileged attacker to escalate privileges to an administrator on an affected system. It is caused by a flaw in the way Veeam Backup & Replication processes local user accounts.

CVE-2022-37236: Denial of Service

This vulnerability allows an unauthenticated attacker to cause a denial of service (DoS) on an affected system. It is caused by a buffer overflow in the Veeam Backup & Replication service.

Impact:

Successful exploitation of these vulnerabilities could lead to the following consequences:

Code execution
Privilege escalation
Denial of service
Data compromise

Mitigation:

Veeam has released patches to address these vulnerabilities. Users are strongly advised to update to the latest versions of Veeam Backup & Replication, Veeam Agent for Microsoft Windows, and Veeam Agent for Linux immediately.

Recommendations:

In addition to applying the patches, defenders should also consider implementing the following best practices:

Use strong passwords and enable multi-factor authentication for privileged accounts.
Limit network access to Veeam Backup & Replication systems only to authorized users.
Implement a comprehensive security monitoring and alerting system to detect and respond to suspicious activity.
Regularly back up critical data to a secure and offline location.

By following these recommendations, organizations can reduce the risk of exploitation of these vulnerabilities and protect their systems and data.

Longstanding Darktrace CEO Poppy Gustafsson to step down

Published: Fri, 06 Sep 2024 11:00:00 GMT

Poppy Gustafsson to Step Down as CEO of Darktrace

After 10 years at the helm, Poppy Gustafsson, the CEO of British cybersecurity company Darktrace, will step down from her position. Gustafsson led the company through a period of rapid growth and innovation, including its initial public offering (IPO) in 2021.

Key Achievements Under Gustafsson’s Leadership:

Oversaw Darktrace’s IPO in April 2021, raising approximately $1.7 billion.
Tripled the company’s revenue from $250 million in 2019 to over $750 million in 2022.
Expanded Darktrace’s global operations, with offices in 46 countries.
Led the development of groundbreaking AI-based cybersecurity solutions, earning the company numerous industry awards.

Reasons for Departure:

Gustafsson has not publicly disclosed the specific reasons for her departure, but she has indicated a desire to pursue new challenges.

Successor and Transition:

Darktrace has appointed Gordon McKenna, the company’s current Chief Revenue Officer, as its new CEO. McKenna has been with Darktrace for over 7 years and has played a key role in the company’s growth and success.

Gustafsson will remain as a special advisor to the company for a period of time to ensure a smooth transition.

Market Reaction:

Darktrace shares initially fell by around 10% on the news of Gustafsson’s departure but have since recovered some of those losses. Investors may be concerned about the potential impact of losing such a high-profile and successful CEO.

Analysis:

Poppy Gustafsson’s departure from Darktrace marks the end of an era for the company. She has been instrumental in its success and growth, and her absence will undoubtedly be felt. However, Darktrace has a strong team in place, and under Gordon McKenna’s leadership, the company is well-positioned to continue its growth trajectory.

NCSC and allies call out Russia’s Unit 29155 over cyber warfare

Published: Thu, 05 Sep 2024 13:52:00 GMT

NCSC and Allies Condemn Russia’s Unit 29155 for Cyberattacks

The National Cyber Security Centre (NCSC) and its international partners have jointly attributed a series of high-profile cyberattacks to Russia’s Unit 29155, also known as the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU).

Overview of Unit 29155

Unit 29155 is a military intelligence unit within the GRU, responsible for conducting cyber espionage and disruptive operations worldwide. It is believed to have been involved in numerous cyberattacks against political, economic, and military targets in recent years.

Attribution of Cyberattacks

The NCSC and its allies have attributed the following cyberattacks to Unit 29155:

DDoS attacks against Ukrainian government websites in 2015
Hacking of the Democratic National Committee (DNC) servers in 2016
Cyberattacks on Estonia’s e-government systems in 2017
Attempts to hack into the UK’s National Grid in 2018
Cyberattacks on German political parties in 2019

Condemnation by International Community

The NCSC and its allies have strongly condemned Unit 29155’s activities, calling them “reckless and irresponsible.” They have warned that these cyberattacks threaten national security, economic stability, and democratic processes.

Response by Russia

Russia has denied involvement in the cyberattacks attributed to Unit 29155. However, the evidence presented by the NCSC and its allies suggests that the Russian government is responsible.

Impact of Cyber Warfare

Cyber warfare has become an increasingly important threat to nations around the world. Cyberattacks can disrupt critical infrastructure, steal sensitive information, and spread disinformation. The attribution of these attacks to Unit 29155 serves as a reminder of the dangers posed by state-sponsored cyberattacks.

Measures to Combat Cyber Threats

The NCSC and its allies are working together to combat cyber threats, including:

Enhancing cyber defense capabilities
Sharing threat intelligence
Developing international norms for responsible behavior in cyberspace
Engaging with governments around the world to address cybercrime and cyber espionage

By taking these measures, the international community can work to protect itself from the growing threat of cyber warfare.

Fog ransomware crew evolving into wide-ranging threat

Published: Thu, 05 Sep 2024 11:00:00 GMT

Fog Ransomware Gang Expanding Capabilities, Targeting Critical Infrastructure

The Fog ransomware gang, known for its targeted attacks on healthcare organizations, has been evolving into a more sophisticated and wide-ranging threat actor. Recent reports indicate that the group is now targeting critical infrastructure, including energy, transportation, and manufacturing sectors.

Evolution of Tactics

Fog’s ransomware attacks have become more sophisticated in recent months. The group is now employing double-extortion tactics, where they not only encrypt victims’ data but also threaten to leak sensitive information unless a ransom is paid. They have also been using custom-made tools to exploit vulnerabilities in targeted systems, bypassing traditional security measures.

Targeting Critical Infrastructure

Fog has recently shifted its focus from healthcare organizations to critical infrastructure targets. This change in strategy is a significant concern as attacks on these sectors could have devastating consequences for society. The group has reportedly targeted energy companies, transportation networks, and manufacturing plants in multiple countries.

Demands Escalating

The ransom demands made by Fog are also increasing. In some cases, the group has demanded payments exceeding several million dollars. This has put a significant financial burden on victims and made it more difficult for them to recover from the attacks.

Law Enforcement Response

Law enforcement agencies around the world are actively investigating Fog ransomware attacks. However, the group’s use of sophisticated techniques and its operation across borders has made it challenging to apprehend the individuals responsible.

Best Practices for Protection

Organizations can take several steps to protect themselves from Fog ransomware attacks:

Implement robust security measures, including firewalls, antivirus software, and intrusion detection systems.
Regularly update software and patch vulnerabilities.
Implement multi-factor authentication (MFA) for all critical systems.
Back up data regularly and store it offline or in a cloud-based location.
Conduct regular cybersecurity awareness training for employees.

Conclusion

The Fog ransomware gang is evolving into a major threat to critical infrastructure. Their sophisticated tactics and escalating ransom demands pose a significant risk. Organizations must be vigilant in implementing strong security measures and educating their employees to mitigate the impact of these attacks. Law enforcement agencies need to continue their efforts to disrupt the group and hold its members accountable.

Ongoing TfL cyber attack takes out Dial-a-Ride service

Published: Thu, 05 Sep 2024 09:24:00 GMT

London’s Dial-a-Ride service has been taken out of action by an ongoing cyber attack on Transport for London (TfL).

The attack, which began on Friday, has also caused disruption to other TfL services, including the Oyster card system and the TfL website.

Dial-a-Ride is a door-to-door transport service for people with disabilities who are unable to use public transport. The service is currently suspended until further notice.

TfL has said that it is working to restore services as soon as possible. In the meantime, it is advising passengers to use alternative forms of transport.

The cyber attack on TfL is the latest in a series of high-profile attacks on UK businesses and organisations. In recent months, the National Health Service, Royal Mail and British Airways have all been targeted by cyber criminals.

The attacks have raised concerns about the resilience of the UK’s critical infrastructure to cyber threats. The government has said that it is committed to investing in cyber security and protecting the UK from future attacks.

Here is some advice from TfL on what to do if you are affected by the cyber attack:

If you are unable to use Dial-a-Ride, please use alternative forms of transport.
Check the TfL website for updates on the status of services.
Follow TfL on social media for the latest information.
If you have any questions, please contact TfL customer services.

Canadian arrested by France after cooperating with US on Sky ECC cryptophone investigation

Published: Thu, 05 Sep 2024 05:37:00 GMT

A Canadian man was arrested in France after cooperating with a US investigation into the encrypted phone company Sky ECC.

Vincent Ramos, 44, was apprehended on January 10 and charged with “complicity in organized crime offenses, conspiracy, and computer fraud,” according to a statement from the French Ministry of Justice.

Ramos is accused of helping Sky ECC users launder money that was used to finance drug trafficking and other criminal activities.

Sky ECC is a Canadian-based encrypted communications provider that was popular with organized crime groups because it offered a high level of security and anonymity.

In 2021, the US Department of Justice (DOJ) announced that it had cracked Sky ECC’s encryption and seized millions of messages that had been sent by its users.

The DOJ’s investigation led to the arrest of dozens of people around the world, including Ramos.

Ramos’s arrest is a significant development in the investigation into Sky ECC and its role in organized crime.

It is also a sign of the increasing cooperation between law enforcement agencies around the world in combatting cybercrime.

The investigation into Sky ECC is ongoing, and it is likely that more arrests will be made in the future.