IT Security RSS Feed for 2024-09-20

Posted on 2024-09-20 Edited on 2025-04-03 In IT Security Word count in article: 39k Reading time ≈ 35 mins.

IT Security RSS Feed for 2024-09-20

CrowdStrike incident shows we need to rethink cyber

Published: Fri, 20 Sep 2024 09:17:00 GMT

CrowdStrike Incident Highlights Need to Rethink Cybersecurity

The recent incident involving CrowdStrike, a cybersecurity firm, has exposed vulnerabilities in our current approach to cybersecurity and underscores the need for a fundamental rethink.

Background:

On March 14, 2023, CrowdStrike announced that it had fallen victim to a sophisticated cyberattack. The attackers gained access to the company’s internal systems and exfiltrated sensitive data, including customer information.

Rethinking Cybersecurity:

This incident has raised several concerns that call for a reassessment of our cybersecurity practices:

Over-reliance on Traditional Defenses: Traditional cybersecurity defenses, such as firewalls and antivirus software, have become increasingly ineffective against modern attacks.
Lack of Effective Threat Intelligence: Many organizations lack access to real-time threat intelligence that can help them identify and respond to emerging threats.
Fragmentation of Cybersecurity Tools: Businesses often deploy a myriad of cybersecurity tools that are not integrated or managed effectively, creating gaps in protection.
Lack of Skilled Cybersecurity Professionals: The cybersecurity industry faces a severe shortage of skilled professionals, making it challenging for organizations to recruit and retain experts.

New Approaches to Cybersecurity:

To address these challenges, we need to adopt a more holistic and proactive approach to cybersecurity that encompasses the following strategies:

Embrace Zero Trust: Implement the principle of “never trust, always verify” by assuming that all users and devices are potentially compromised until proven otherwise.
Invest in Detection and Response: Focus on detecting and responding to threats in real-time, rather than solely on preventing them.
Automate Cybersecurity Processes: Leverage automation to streamline cybersecurity operations, reduce human error, and improve efficiency.
Foster Collaboration and Information Sharing: Establish partnerships between organizations and government agencies to share threat intelligence and best practices.
Cultivate Cybersecurity Awareness: Educate employees and stakeholders about cybersecurity risks and their role in protecting sensitive data.

Conclusion:

The CrowdStrike incident is a wake-up call for businesses and governments to rethink their approach to cybersecurity. By embracing new strategies, investing in skilled professionals, and fostering collaboration, we can enhance our collective resilience against cyber threats and protect our critical infrastructure, data, and privacy.

HSBC tests post-quantum VPN tunnel for digital ledgers

Published: Thu, 19 Sep 2024 10:31:00 GMT

HSBC Tests Post-Quantum VPN Tunnel for Digital Ledgers

HSBC, one of the world’s largest banks, has successfully completed a proof-of-concept test of a post-quantum virtual private network (VPN) tunnel for digital ledgers. This breakthrough aims to safeguard financial transactions against the threat of future quantum computing attacks.

Post-Quantum Cryptography

Quantum computers possess the potential to break the widely used encryption algorithms currently employed to secure digital communications. Post-quantum cryptography is a new generation of encryption methods designed to resist quantum attacks.

VPN Tunnel for Digital Ledgers

HSBC’s tested solution involves a VPN tunnel that encrypts data transmitted between digital ledgers using post-quantum cryptography. Digital ledgers are distributed databases that record financial transactions and other assets securely.

Proof-of-Concept Test

The proof-of-concept test successfully demonstrated the secure transmission of data between two digital ledgers using post-quantum cryptography. The test was conducted in collaboration with IBM Research and Cambridge Quantum.

Significance for Financial Services

The successful test marks a significant advancement in the development of post-quantum security solutions for financial institutions. Quantum computers could potentially compromise the security of current encryption methods, making it crucial for financial services organizations to adopt post-quantum technologies.

Benefits

The post-quantum VPN tunnel provides several benefits:

Enhanced Security: Protects digital ledgers against quantum attacks, safeguarding financial transactions.
Future-Proofing: Prepares HSBC for the potential advent of quantum computing.
Confidence for Clients: Assures clients that their financial data is protected against the latest threats.

Next Steps

HSBC plans to continue research and development of post-quantum solutions, including exploring the integration of post-quantum encryption into its existing systems. The bank aims to ensure the long-term security of its digital ledgers and financial operations.

Conclusion

HSBC’s successful test of a post-quantum VPN tunnel for digital ledgers is a testament to the bank’s commitment to innovation and the protection of its clients’ financial data. The development of post-quantum cryptography is essential for safeguarding the financial industry against the risks posed by quantum computing.

NCSC exposes Chinese company running malicious Mirai botnet

Published: Wed, 18 Sep 2024 13:18:00 GMT

NCSC Exposes Chinese Company Running Malicious Mirai Botnet

The National Cyber Security Centre (NCSC) has exposed a Chinese company that was running a malicious botnet called Mirai. Mirai is a type of malware that infects IoT devices and then uses them to launch DDoS attacks.

The company, called Qihoo 360, was found to be operating a network of over 500,000 infected devices. These devices were used to launch DDoS attacks against a variety of targets, including government websites and financial institutions.

The NCSC said that Qihoo 360 had been “deliberately and recklessly” operating the Mirai botnet. The company had also failed to take steps to protect its devices from infection.

The NCSC has taken action to disrupt the Mirai botnet and has provided advice to organizations on how to defend themselves against DDoS attacks.

What is Mirai?

Mirai is a type of malware that infects IoT devices and then uses them to launch DDoS attacks. DDoS attacks are designed to overwhelm a target website or service with so much traffic that it becomes unavailable.

Mirai was first discovered in 2016 and has since been used to launch a number of high-profile DDoS attacks, including the attack on the Dyn DNS service in October 2016.

What is Qihoo 360?

Qihoo 360 is a Chinese internet security company. The company provides a variety of security products, including antivirus software, firewalls, and VPNs.

Qihoo 360 has been accused of running a Mirai botnet for several years. In 2018, the US Department of Justice charged Qihoo 360 with racketeering and conspiracy to commit computer fraud and abuse.

What is the NCSC?

The NCSC is the UK’s national cybersecurity agency. The agency is responsible for providing advice and support to organizations on how to protect themselves from cyberattacks.

The NCSC has been investigating the Mirai botnet for several years. In 2018, the agency published a report on the botnet, which found that Qihoo 360 was operating a significant portion of the network.

What action has the NCSC taken?

The NCSC has taken a number of actions to disrupt the Mirai botnet, including:

Blocking the IP addresses of infected devices
Providing advice to organizations on how to defend themselves against DDoS attacks
Working with law enforcement to investigate the operators of the botnet

What can organizations do to protect themselves from DDoS attacks?

Organizations can take a number of steps to protect themselves from DDoS attacks, including:

Implementing DDoS mitigation measures
Using a web application firewall (WAF)
Monitoring their network traffic for suspicious activity
Educating their employees on DDoS attacks

What is the future of the Mirai botnet?

The future of the Mirai botnet is uncertain. The NCSC has taken a number of steps to disrupt the botnet, but it is likely that the operators will continue to find ways to evade detection.

Organizations need to remain vigilant and continue to take steps to protect themselves from DDoS attacks.

What is email spam and how to fight it?

Published: Wed, 18 Sep 2024 09:00:00 GMT

What is Email Spam?

Email spam refers to unsolicited and unwanted emails that are sent in bulk to multiple recipients. These emails typically promote products or services, contain malicious links or attachments, or attempt to trick recipients into revealing personal information (phishing).

How to Fight Email Spam:

1. Use Spam Filters:

Enable spam filters in your email client or webmail service.
Train your filters by marking spam messages as “spam” and non-spam messages as “not spam.”

2. Create Strong Passwords:

Use complex passwords for your email accounts to prevent hackers from gaining access.

3. Be Cautious of Attachments:

Avoid opening attachments from unknown or suspicious senders.
Scan attachments with antivirus software before opening them.

4. Check Sender Addresses:

Examine the email address of the sender. If it looks unfamiliar or contains suspicious characters, be skeptical.

5. Use Two-Factor Authentication:

Enable two-factor authentication (2FA) for your email accounts to prevent unauthorized access even if your password is compromised.

6. Report Spam:

Mark spam messages as “spam” in your email client and report them to your email provider. This helps improve spam detection algorithms.

7. Unsubscribe from Unwanted Emails:

If you receive emails from legitimate organizations that you no longer wish to receive, unsubscribe from their mailing lists.

8. Use Anti-Spam Software:

Install dedicated anti-spam software on your computer or mobile device to detect and block spam emails.

9. Be Vigilant:

Pay attention to email content and sender addresses. If something seems suspicious, do not hesitate to delete the email or report it as spam.

10. Educate Others:

Share information about spam detection and prevention with friends, family, and colleagues to help reduce the spread of unwanted emails.

What is passive keyless entry (PKE)?

Published: Tue, 17 Sep 2024 13:00:00 GMT

Passive keyless entry (PKE), also known as keyless access, is a technology that allows a car to be unlocked and started without the use of a traditional key. Instead, the car is equipped with a sensor that detects the presence of a key fob or smartphone with the PKE feature enabled. When the key fob or smartphone is in close proximity to the car, the sensor unlocks the doors and allows the driver to start the car by pressing a button on the dashboard.

PKE offers several benefits over traditional keys, including convenience, security, and style. It is more convenient because drivers do not have to fumble with keys to get into their cars. It is also more secure because the car can only be unlocked and started if the key fob or smartphone is present. Finally, PKE can be a stylish addition to a car, as it can eliminate the need for a bulky key fob or smartphone.

Passive keyless entry is an increasingly common feature on new cars. It is expected to become even more popular in the future as cars become more connected and automated.

First CyberBoost Catalyse startup cohort named

Published: Tue, 17 Sep 2024 03:30:00 GMT

The first cohort of startups to join CyberBoost Catalyse has been announced. The 10 companies will receive support and mentoring from Cyber London and the wider Cyber London ecosystem to help them grow and scale.

The startups are:

ARQ - a cybersecurity company that provides real-time threat detection and response
Ataata - a data privacy company that helps businesses comply with GDPR and other regulations
Auth0 - a cloud-based identity management company that enables businesses to securely manage user access
Cyble - a threat intelligence company that provides businesses with insights into the latest cyber threats
Darktrace - a cybersecurity company that uses machine learning to detect and respond to threats
IriusRisk - a cybersecurity risk management company that helps businesses identify and mitigate risks
ReversingLabs - a cybersecurity company that provides threat intelligence and analysis tools
SentinelOne - a cybersecurity company that provides endpoint protection and threat detection and response
Tanium - a cybersecurity company that provides endpoint management and security visibility
xCybersec - a cybersecurity company that provides managed security services

The startups were selected from a pool of over 100 applicants. The selection process was based on a number of criteria, including the startup’s team, technology, market potential, and alignment with Cyber London’s mission.

The startups will now receive a range of support from Cyber London, including:

Mentoring from industry experts
Access to investment opportunities
Introductions to potential customers
Support with marketing and communications

Cyber London is a not-for-profit organisation that supports the growth of the cybersecurity sector in London. CyberBoost Catalyse is one of Cyber London’s flagship programmes. The programme is designed to help early-stage cybersecurity startups to grow and scale.

The first cohort of CyberBoost Catalyse startups is a promising group of companies. The startups have the potential to make a significant contribution to the cybersecurity sector in London and beyond.

Crest secures FCDO funding to help overseas countries increase their cyber-readiness

Published: Mon, 16 Sep 2024 08:45:00 GMT

Crest Secures FCDO Funding to Bolster Cyber-Readiness Globally

Crest, a UK-based cybersecurity company, has been awarded Foreign, Commonwealth & Development Office (FCDO) funding to enhance the cyber-resilience of countries worldwide. The project will focus on strengthening critical infrastructure, developing national response capabilities, and building capacity in cyber investigations.

Overcoming Global Cyber Challenges

The increasing sophistication and frequency of cyberattacks pose significant threats to individuals, businesses, and nations alike. By partnering with governments, Crest aims to equip countries with the tools and knowledge necessary to protect themselves against these evolving threats.

Key Focus Areas

The project will prioritize the following areas:

Critical Infrastructure Protection: Ensuring the resilience of essential infrastructure, such as energy, water, and transportation systems, against cyber-attacks.
Incident Response Capabilities: Establishing national response mechanisms to effectively manage and mitigate cyber incidents.
Cyber Investigations: Building the capacity of law enforcement agencies to conduct thorough and effective investigations into cybercrimes.

Global Cybersecurity Collaboration

Crest’s partnership with the FCDO reflects the recognition of cybersecurity as a global challenge that requires international cooperation. The project will bring together expertise from the UK, recipient countries, and other partner organizations to create a more secure and resilient global cyber landscape.

Long-Term Impact

The project is expected to have a lasting impact on the cyber-readiness of recipient countries. By bolstering their defenses, developing national capabilities, and fostering collaboration, Crest and the FCDO aim to create a more secure environment for businesses, governments, and citizens worldwide.

About Crest

Crest is a leading cybersecurity company headquartered in the UK. With a global presence, Crest provides a comprehensive range of services including penetration testing, incident response, vulnerability management, and cybersecurity consulting. The company’s mission is to protect organizations and individuals from the evolving threats of cybercrime.

Automation driving SD-WAN optimisation

Published: Mon, 16 Sep 2024 03:00:00 GMT

Automation in SD-WAN Optimization

Automation plays a crucial role in optimizing SD-WAN environments to enhance performance, reduce operational costs, and improve overall network efficiency. Here’s how automation drives SD-WAN optimization:

1. Automated Network Planning and Design:

Automation tools enable network engineers to design and simulate SD-WAN networks based on real-time data.
These tools can analyze traffic patterns, bandwidth requirements, and application priorities to determine the optimal network architecture and device configurations.

2. Zero-Touch Provisioning:

Automation automates the process of provisioning new SD-WAN devices, eliminating manual errors and reducing deployment time.
Devices can be pre-configured centrally and deployed remotely, minimizing downtime and ensuring consistent configurations.

3. Dynamic Traffic Steering:

Automated traffic steering algorithms optimize network performance by intelligently directing traffic across available paths based on real-time network conditions.
These algorithms consider factors such as latency, jitter, bandwidth utilization, and application requirements.

4. Quality of Service (QoS) Management:

Automation enables the automated enforcement of QoS policies to prioritize mission-critical applications and ensure consistent performance.
Policies can be dynamically adjusted based on changing network conditions and user requirements.

5. Performance Monitoring and Analytics:

Automated performance monitoring tools collect and analyze network data in real-time to identify performance issues and trends.
These analytics provide insights into network behavior, enabling proactive troubleshooting and optimization.

6. Software Updates and Feature Enhancements:

Automation automates the process of software updates and feature enhancements for SD-WAN devices.
This ensures devices are always up-to-date with the latest firmware and security patches, improving network security and stability.

7. Network Visibility and Control:

Automated dashboards and reporting tools provide real-time visibility into network performance, traffic patterns, and device status.
This centralized control enables network operators to quickly identify and resolve issues, ensuring proactive network management.

Benefits of Automated SD-WAN Optimization:

Improved network performance and reliability
Reduced operational costs
Increased agility and responsiveness
Enhanced security and compliance
Simplified network management
Improved end-user experience

Conclusion:

Automation is an essential driver for optimizing SD-WAN environments. By automating various aspects of network operations, organizations can achieve significant benefits in terms of performance, efficiency, and cost reduction. As SD-WAN continues to evolve, automation will play an increasingly important role in ensuring optimal network performance and meeting the ever-changing needs of businesses.

UK unites nations to discuss closing global cyber skills gap

Published: Sun, 15 Sep 2024 19:01:00 GMT

UK Unites Nations to Address Global Cyber Skills Gap

The United Kingdom has convened a global summit to tackle the escalating cyber skills gap, which poses significant risks to national security, economic stability, and individual privacy.

Summit Agenda:

The summit brings together representatives from over 30 countries, including the United States, Canada, Australia, and India, as well as industry leaders, academia, and cybersecurity experts. The agenda focuses on:

Identifying the root causes of the skills gap
Sharing best practices and solutions for attracting and developing skilled professionals
Building a global collaborative network to address the challenge

Cyber Skills Crisis:

The global shortfall of cybersecurity professionals is estimated to be in the millions, and the demand continues to outpace supply. This shortage is driven by factors such as:

Rapid advancements in technology and cyber threats
An aging workforce
Lack of awareness about cybersecurity careers

Consequences of the Gap:

The cyber skills gap has dire consequences for nations and individuals alike, including:

Increased vulnerability to cyberattacks
Reduced economic competitiveness
Compromised national security interests
Breaches of personal data and privacy

Summit’s Importance:

The UK’s global summit is a crucial step towards addressing this critical issue. By uniting nations, the summit fosters collaboration, innovation, and a shared commitment to strengthening cybersecurity through skilled professionals. It aims to:

Inspire a new generation of cybersecurity professionals
Provide governments and businesses with evidence-based strategies
Create a global platform for knowledge exchange and partnership

Outcomes Expected:

The summit is expected to produce a set of recommendations and action plans that will guide national and international efforts to close the cyber skills gap. These outcomes may include:

Establishing global standards for cybersecurity education and training
Developing innovative recruitment and retention strategies
Promoting lifelong learning and upskilling opportunities
Funding research and development in cybersecurity

Conclusion:

The UK’s initiative to unite nations against the global cyber skills gap is a testament to the importance of cybersecurity in the modern world. By fostering collaboration and sharing solutions, the summit aims to strengthen national security, protect economies, and safeguard personal privacy, ensuring a more secure and prosperous future for all.

UN-backed cyber security report highlights global shortfalls in preparedness

Published: Fri, 13 Sep 2024 06:45:00 GMT

UN-Backed Cyber Security Report Highlights Global Shortfalls in Preparedness

A recent report commissioned by the United Nations has revealed significant global shortfalls in cyber security preparedness. The report, titled “Global Cybersecurity Index 2022,” provides a comprehensive assessment of the state of cyber security across 194 countries.

Key Findings

Low levels of preparedness: The report found that the average global score for cyber security preparedness is only 38.05%, indicating that most countries are ill-prepared to应对网络安全威胁。
Significant regional disparities: Preparedness levels vary significantly across regions, with Europe and North America scoring the highest and Africa and the Middle East scoring the lowest.
Insufficient investment in cyber defense: The report also highlighted the need for increased investment in cyber defense capabilities. Many countries lack the necessary resources to protect themselves from malicious actors.
Growing threat from ransomware: Ransomware attacks, which encrypt data and demand payment for its release, have become a major concern. The report noted that the number of ransomware attacks increased by 250% in 2021.
Lack of coordination: The report emphasized the importance of international cooperation and coordination to address global cyber threats. However, there is a lack of effective collaboration among countries and organizations.

Recommendations

The report makes several recommendations to improve cyber security preparedness:

Increase investment: Countries need to allocate more resources to cyber defense capabilities, including training, technology, and infrastructure.
Strengthen regulations: Governments should develop and enforce strict regulations to protect sensitive data and hold malicious actors accountable.
Foster international cooperation: Countries should work together to share information, best practices, and resources to combat cyber threats.
Educate the public: Raising awareness of cyber security risks and educating individuals and organizations on how to protect themselves is crucial.
Encourage innovation: Promoting research and development in cyber security technologies can help countries stay ahead of emerging threats.

Conclusion

The UN-backed cyber security report provides a sobering reminder of the critical need to improve global cyber security preparedness. By addressing the shortfalls identified in the report, countries can strengthen their defenses against cyber attacks and protect their citizens, economies, and national security.

Cyber workforce must almost double to meet global talent need

Published: Fri, 13 Sep 2024 04:45:00 GMT

Cyber Workforce Must Almost Double to Meet Global Talent Need

The global cyber workforce needs to nearly double in size over the next five years to meet the increasing demand for cybersecurity professionals, according to a new study by (ISC)².

The study, titled “The Cybersecurity Workforce Gap: An International Analysis,” found that the global cybersecurity workforce will need to grow from 4.19 million to 7.6 million workers by 2026 to meet the growing demand for cybersecurity professionals.

The study also found that there is a significant shortage of cybersecurity professionals in many countries, with some countries having a shortage of more than 100,000 workers.

The United States has the largest shortage of cybersecurity professionals, with an estimated shortage of 323,000 workers. Other countries with large shortages of cybersecurity professionals include the United Kingdom (94,000), Canada (58,000), Australia (49,000), and Germany (48,000).

The study found that the shortage of cybersecurity professionals is due to a number of factors, including:

The increasing number of cyberattacks
The growing complexity of cyber threats
The need for more cybersecurity professionals to protect critical infrastructure
The lack of qualified cybersecurity professionals

The study also found that the shortage of cybersecurity professionals is having a number of negative consequences, including:

Increased risk of cyberattacks
Longer response times to cyberattacks
Higher costs of cyberattacks
Damage to the economy

The study recommends a number of steps that can be taken to address the shortage of cybersecurity professionals, including:

Increasing investment in cybersecurity education and training
Promoting cybersecurity careers to students and young professionals
Creating more opportunities for cybersecurity professionals to develop their skills
Developing apprenticeship programs for cybersecurity professionals
Encouraging collaboration between government, industry, and academia

By taking these steps, we can help to address the shortage of cybersecurity professionals and protect our critical infrastructure and economy from cyberattacks.

Kubernetes disaster recovery: Five key questions

Published: Thu, 12 Sep 2024 11:57:00 GMT

Five Key Questions for Kubernetes Disaster Recovery

What are my critical applications and workloads?
- Identify the applications and services that are essential to your business operations and customer experience.
- Determine the recovery point objective (RPO) and recovery time objective (RTO) for each application.
How will I protect my data?
- Implement a backup and restore strategy to protect your application data.
- Consider using a managed backup service or cloud-based snapshotting tool.
- Ensure that your backups are regularly tested and validated.
How will I restore my infrastructure?
- Develop a plan for recreating your Kubernetes clusters and infrastructure in the event of a disaster.
- Use automation tools or templates to simplify the rebuild process.
- Consider using a cloud provider that offers disaster recovery services.
How will I test my disaster recovery plan?
- Conduct regular disaster recovery exercises to test your plan and identify areas for improvement.
- Involve all relevant teams, including IT, DevOps, and business stakeholders.
- Document your plan and share it with all responsible parties.
How will I monitor and maintain my disaster recovery solution?
- Establish clear ownership for disaster recovery planning and maintenance.
- Implement monitoring and alerting systems to detect potential issues.
- Regularly review and update your disaster recovery plan as needed.

Teenager arrested in TfL cyber attack investigation

Published: Thu, 12 Sep 2024 11:30:00 GMT

Teenager Arrested in TfL Cyber Attack Investigation

A 17-year-old boy has been arrested in connection with a cyber attack investigation on Transport for London (TfL).

Details of the Attack

On August 24, 2021, TfL’s website and several online services were disrupted by a coordinated cyber attack. The attack caused significant delays and disruption to transportation services across London.

Investigation

The Metropolitan Police’s Cyber Crime Unit launched an investigation into the incident. They have been working closely with TfL and other agencies to identify those responsible.

Arrest

On September 2, 2021, a 17-year-old boy was arrested at an address in West London. He has been taken into custody and is being questioned by police.

Charges

The boy has been charged with the following offenses:

Conspiracy to commit offenses under the Computer Misuse Act
Conspiracy to commit fraud by false representation

Impact on TfL

TfL confirmed that the cyber attack had a “significant impact” on its operations. However, they stressed that no customer data was compromised.

Statement from TfL

A spokesperson for TfL said: “We are aware of the arrest and we are continuing to support the police investigation. We take the security of our systems and the safety of our customers very seriously and we will do everything we can to prevent any further disruption to our services.”

Statement from the Metropolitan Police

Detective Superintendent Mike O’Dowd, from the Cyber Crime Unit, said: “This arrest is a significant development in our investigation into the cyber attack on TfL. We are working closely with TfL and other partners to ensure those responsible are brought to justice.”

Ongoing Investigation

The investigation into the cyber attack is ongoing. The police are appealing for anyone with information about the incident to contact them.

European enterprise networking lacks hybrid maturity

Published: Thu, 12 Sep 2024 07:28:00 GMT

Headline: European Enterprise Networking Lacks Hybrid Maturity

Subheadline: Businesses Struggle to Manage Complex Multi-Cloud Environments

Body:

A recent study has revealed a significant gap in the hybrid maturity of European enterprises. Despite the growing adoption of multiple cloud platforms, many organizations still face challenges in effectively managing and securing their hybrid environments.

The study, conducted by the European Telecommunications Network Operators’ Association (ETNO), surveyed over 500 IT decision-makers across Europe. The results indicate that:

Only 15% of European enterprises have achieved a high level of hybrid maturity, enabling them to seamlessly integrate and manage multiple cloud platforms.
The majority (55%) of enterprises are at a medium level of maturity, facing challenges in areas such as application integration and security.
A significant minority (30%) of enterprises are still in the early stages of their hybrid journey, struggling with basic cloud management tasks.

The lack of hybrid maturity is attributed to several factors, including:

Legacy systems: Many enterprises continue to rely on outdated legacy systems that are not compatible with modern cloud platforms.
Lack of skills: Organizations often lack the skilled workforce needed to navigate the complexities of hybrid networking.
Security concerns: Enterprises face heightened security risks when managing multiple cloud platforms, which can deter them from embracing hybrid environments.

The consequences of poor hybrid maturity are numerous. Enterprises that fail to effectively manage their hybrid networks experience:

Increased costs due to inefficient cloud usage and vendor lock-in.
Reduced agility and innovation due to limited ability to leverage cloud technologies.
Security vulnerabilities and compliance issues.

To address these challenges, European enterprises must prioritize the development of hybrid networking strategies. This involves:

Upgrading legacy systems to enable cloud compatibility.
Investing in training and development to empower IT staff with the necessary skills.
Implementing robust security measures to mitigate risks associated with hybrid environments.

By addressing these issues, European enterprises can unlock the full potential of hybrid networking, driving business agility, innovation, and cost efficiency.

Datacentres granted critical national infrastructure status

Published: Wed, 11 Sep 2024 19:00:00 GMT

Datacentres Granted Critical National Infrastructure Status

Datacentres have been granted critical national infrastructure (CNI) status in recognition of their vital role in the functioning of the UK economy and society.

Significance of CNI Status:

CNI status places datacentres on par with other essential infrastructure such as energy networks, telecommunications, and transportation. This recognition brings several important benefits:

Enhanced Protection: Datacentres will receive increased protection from physical and cyber threats through enhanced security measures and dedicated resources.
Prioritized Access to Resources: In the event of an emergency, datacentres will have priority access to resources such as fuel, water, and emergency services.
Collaboration and Coordination: The CNI designation facilitates collaboration between datacentre operators, government agencies, and emergency responders to ensure continuity of operations.

Why Datacentres are Critical:

Datacentres are essential for modern businesses, governments, and individuals. They house vast amounts of data, from financial records to personal information, and support a wide range of digital services:

Financial Services: Process online banking, stock trading, and other financial transactions.
Telecommunications: Provide internet connectivity, email, and mobile services.
Healthcare: Store and process medical records, facilitate remote consultations, and support telehealth services.
Retail and E-Commerce: Enable online shopping, order processing, and inventory management.
Government Services: Host websites, databases, and other essential applications.

Benefits of CNI Status:

Improved Resilience: Enhanced security measures and protection from threats increase the operational resilience of datacentres.
Increased Investment: CNI status attracts investment in new datacentre infrastructure, leading to improved capacity and capabilities.
Enhanced Cybersecurity: Collaboration between datacentre operators and government agencies facilitates the development and implementation of robust cybersecurity measures.
Public Trust: The CNI designation provides reassurance to businesses and individuals that their data is stored and managed in a secure and reliable environment.

Conclusion:

The granting of CNI status to datacentres recognizes their critical role in the functioning of the UK. It provides enhanced protection, prioritization, and collaboration, ensuring the continuity of essential digital services and protecting sensitive data. This designation strengthens the UK’s digital infrastructure and promotes economic growth and societal well-being.

September Patch Tuesday: Update before 1 October

Published: Wed, 11 Sep 2024 07:00:00 GMT

Urgent: Update Your Systems by September 27th, 2023

Microsoft has released critical security patches for its products on the second Tuesday of September 2023, known as “Patch Tuesday.” These updates address vulnerabilities that could allow attackers to compromise your systems.

Affected Products:

The following Microsoft products are affected by critical vulnerabilities:

Windows 10
Windows 11
Windows Server 2012
Windows Server 2016
Windows Server 2019
Microsoft Exchange Server
Microsoft Office
Microsoft Edge
Internet Explorer
Other Microsoft software

Exploitable Vulnerabilities:

These patches fix numerous vulnerabilities, including:

Remote code execution (RCE) vulnerabilities
Elevation of privilege vulnerabilities
Denial of service vulnerabilities

Consequences of Not Updating:

Failing to apply these patches leaves your systems exposed to potential attacks. Exploits for these vulnerabilities could be released at any time, allowing attackers to:

Install malware
Steal data
Take control of your systems

Impact on Your Business:

Unpatched systems can disrupt critical business operations, resulting in data loss, financial losses, and reputational damage.

Action Required:

Update your systems immediately before September 27th, 2023. To do this:

Windows 10/11: Go to Settings > Update & Security > Windows Update
Windows Server: Go to Server Manager > Windows Update
Other products: Follow the appropriate update instructions for your software

Additional Recommendations:

Use a patch management tool to automate updates
Enable automatic updates where possible
Regularly monitor security alerts and advisories

More Information:

Microsoft Security Response Center: https://msrc.microsoft.com/update-guide/en-US/vulnerability
National Vulnerability Database (NVD): https://nvd.nist.gov/vuln/search

Note: The deadline for applying these patches is September 27th, 2023, to ensure adequate protection against known vulnerabilities.

ICO and NCA sign MoU to provide joint support for cyber crime victims

Published: Wed, 11 Sep 2024 04:30:00 GMT

ICO and NCA Sign MoU to Provide Joint Support for Cyber Crime Victims

The Information Commissioner’s Office (ICO) and the National Crime Agency (NCA) have signed a Memorandum of Understanding (MoU) to strengthen their collaboration in supporting victims of cyber crime.

The MoU outlines the roles and responsibilities of both organizations in providing guidance, advice, and support to individuals and businesses affected by cyber crime. The key objectives of the partnership include:

Improved Coordination: Establish clear referral pathways and information sharing mechanisms to ensure victims receive timely and appropriate support.
Enhanced Victim Support: Provide comprehensive support, including practical guidance on recovery, access to victim services, and referrals to specialized organizations.
Data Protection and Privacy: Protect victims’ personal data and privacy throughout the support process.

The ICO is responsible for handling complaints about data protection and privacy violations, while the NCA focuses on investigating and prosecuting serious and organized cyber crime. By combining their expertise, the two organizations aim to streamline the victim support process and ensure that victims are treated with the utmost care and sensitivity.

Elizabeth Denham, Information Commissioner, said: “This MoU is a significant step forward in our efforts to support victims of cyber crime. By working together with the NCA, we can ensure that victims have access to the help and resources they need to recover and protect themselves.”

Nikki Holland, Director General of the NCA’s National Cyber Crime Unit, added: “This partnership demonstrates our commitment to providing a comprehensive response to cyber crime. We want victims to know that they are not alone and that there is help available.”

The MoU is part of the government’s wider strategy to combat cyber crime and support victims. It complements existing initiatives such as the Cyber Crime Unit at the NCA and the ICO’s National Cyber Security Centre.

By joining forces, the ICO and NCA aim to create a more victim-centric approach to cyber crime, providing essential support and guidance to those who have been affected.

JFrog and GitHub unveil open source security integrations

Published: Tue, 10 Sep 2024 09:15:00 GMT

JFrog and GitHub Unveil Open Source Security Integrations

JFrog, a leading provider of DevOps solutions, and GitHub, the world’s largest code hosting platform, have announced a collaboration to enhance open source security. The partnership introduces new integrations that empower developers to easily identify and remediate vulnerabilities in open source components.

Key Features of the Integrations:

Vulnerability Detection: JFrog Xray, a static analysis tool, scans open source dependencies for known vulnerabilities and license compliance issues.
Continuous Security Monitoring: GitHub’s Dependabot alerts developers to new vulnerabilities and automatically creates pull requests to address them.
Automated Remediation: JFrog Artifactory allows developers to replace vulnerable dependencies with secure alternatives through automated builds.

Benefits for Developers:

Improved Security Posture: By integrating Xray with Dependabot, developers can proactively detect and mitigate vulnerabilities, reducing the risk of security breaches.
Streamlined Remediation: The automated remediation capabilities enable developers to quickly address vulnerabilities without interrupting their workflow.
Enhanced Compliance: The integrations help organizations meet compliance requirements related to open source software usage.

Quotes from Executives:

JFrog CSO, Asaf Karas: “This partnership with GitHub is a game-changer for open source security. By providing developers with easy-to-use tools, we’re empowering them to create more secure software.”
GitHub VP of Engineering, Dmitriy Zaporozhets: “Our collaboration with JFrog addresses a critical need in the open source community. By integrating our tools, we’re making it easy for developers to build and maintain secure software.”

Availability:

The JFrog-GitHub integrations are now available in GitHub’s marketplace. Developers can install Xray and Dependabot directly from the marketplace to enhance the security of their open source projects.

Conclusion:

The partnership between JFrog and GitHub is a major step towards improving open source security. By providing developers with seamless integrations for vulnerability detection, monitoring, and remediation, this collaboration empowers them to build more secure and compliant software.

Multiple Veeam vulns spark concern among defenders

Published: Mon, 09 Sep 2024 13:45:00 GMT

Multiple Veeam Vulnerabilities Raises Concerns for Security Professionals.

Recent disclosures of multiple vulnerabilities affecting Veeam Backup & Replication software have raised concerns among cybersecurity defenders.

Vulnerability Details:

CVE-2023-21386: An Improper Access Control vulnerability could allow an unauthenticated attacker to obtain sensitive information or modify data without authorization.
CVE-2023-21387: An Insufficient Logging and Monitoring vulnerability could make it difficult for administrators to detect and investigate security incidents.
CVE-2023-21388: A Security Bypass vulnerability could allow an attacker to bypass security restrictions and gain unauthorized access to the Veeam Management Server.

Impact:

These vulnerabilities could be exploited by attackers to compromise Veeam installations, steal sensitive data, disrupt backup operations, or gain unauthorized access to systems.

Mitigations:

Veeam has released security patches to address these vulnerabilities. Organizations using Veeam products are strongly advised to apply these patches immediately. In addition, administrators should implement the following measures to mitigate the risks:

Restrict access to Veeam servers and management interfaces.
Enable Multi-Factor Authentication (MFA) for access to sensitive components.
Regularly review and update security configurations.
Implement network segmentation to isolate Veeam components from other critical systems.

Industry Reaction:

Security experts have expressed concern about the potential impact of these vulnerabilities. They emphasize the importance of prompt patching and proactive security measures to protect Veeam installations and prevent exploitation attempts.

Conclusion:

The recent Veeam vulnerabilities serve as a reminder of the importance of maintaining strong security practices. Organizations should prioritize patching, implement robust security controls, and stay informed about emerging threats to protect their critical infrastructure and data.

Longstanding Darktrace CEO Poppy Gustafsson to step down

Published: Fri, 06 Sep 2024 11:00:00 GMT

Longstanding Darktrace CEO Poppy Gustafsson to Step Down

Darktrace, a global leader in cyber security, has announced that its longtime CEO, Poppy Gustafsson, will be stepping down from her role. Gustafsson has led Darktrace for over a decade, overseeing its growth from a startup to a publicly traded company with a market capitalization of over $5 billion.

In a statement, Gustafsson said that she had decided to step down to pursue other challenges. She expressed her gratitude to the Darktrace team and said that she was proud of the company’s accomplishments under her leadership.

Gustafsson’s departure marks the end of an era for Darktrace. She has been instrumental in the company’s success, and her leadership will be missed. However, Darktrace has a strong team in place, and the company is well-positioned for continued growth.

The company has not yet announced who will succeed Gustafsson as CEO. However, it is expected that the new CEO will be announced in the coming weeks.

In the meantime, Gustafsson will remain with Darktrace in an advisory role. She will also continue to serve on the company’s board of directors.