IT Security RSS Feed for 2024-09-21

Posted on Edited on In Word count in article: 41k Reading time ≈ 37 mins.

IT Security RSS Feed for 2024-09-21

CrowdStrike incident shows we need to rethink cyber

Read more

Published: Fri, 20 Sep 2024 09:17:00 GMT

CrowdStrike Incident Exposes Need to Rethink Cybersecurity

The recent security breach at CrowdStrike, a leading cybersecurity firm, has highlighted the urgent need to reassess current approaches to cybersecurity. The incident underscores the following key points:

1. No Organization is Immune:

Even sophisticated cybersecurity companies can fall victim to attacks. The CrowdStrike breach demonstrates that no organization, regardless of its size, expertise, or resources, is immune to cyber threats.

2. Third-Party Risks:

The breach originated from a compromised third-party vendor, exposing the interconnected nature of supply chains and the potential risks posed by external relationships. Organizations must carefully evaluate and monitor third-party vendors to mitigate vulnerabilities.

3. Importance of Multi-Layered Defense:

The attackers gained access through a combination of phishing, malware, and privilege escalation. This multi-pronged approach highlights the importance of having multiple layers of defense in place, such as firewalls, intrusion detection systems, and endpoint protection.

4. Evolving Threat Landscape:

The tactics used in the CrowdStrike breach, such as phishing and ransomware, are constantly evolving. Cybercriminals are becoming more sophisticated and targeting organizations with increasingly complex attacks. Cybersecurity strategies must adapt to keep pace with these evolving threats.

5. Need for Proactive Measures:

Rather than reacting to breaches after they occur, organizations need to take a proactive approach to cybersecurity. This includes investing in threat intelligence, conducting regular security assessments, and training employees on best practices.

6. Shared Responsibility:

Cybersecurity is not solely the responsibility of IT departments or security vendors. It requires collaboration across all levels of an organization, from executives to employees. Everyone has a role to play in protecting against cyber threats.

Rethinking Cybersecurity

The CrowdStrike incident serves as a catalyst for rethinking cybersecurity approaches. Organizations must:

  • Adopt a Risk-Based Approach: Prioritize cybersecurity measures based on business criticality and potential impact of breaches.
  • Invest in Threat Intelligence: Monitor the threat landscape to identify emerging threats and adjust defenses accordingly.
  • Implement Zero Trust Architecture: Assume all users and systems are untrustworthy until proven otherwise.
  • Educate and Empower Employees: Train employees on cybersecurity risks and empower them to report suspicious activity.
  • Collaborate with Partners: Establish relationships with cybersecurity vendors, industry peers, and law enforcement to share information and enhance threat detection and response capabilities.

By implementing these measures, organizations can strengthen their cybersecurity posture, reduce the risk of breaches, and protect their assets, reputation, and stakeholder trust. The CrowdStrike incident serves as a sobering reminder that cybersecurity is an ongoing battle that requires constant vigilance and a collaborative approach.

HSBC tests post-quantum VPN tunnel for digital ledgers

Read more

Published: Thu, 19 Sep 2024 10:31:00 GMT

HSBC Tests Post-Quantum VPN Tunnel for Digital Ledgers

London, United Kingdom - March 8, 2023

HSBC, one of the world’s largest banking and financial services organizations, has successfully tested a post-quantum virtual private network (VPN) tunnel for digital ledgers. This groundbreaking development represents a significant milestone in safeguarding digital transactions against potential threats posed by quantum computing.

Post-Quantum Cryptography

Quantum computing has the potential to break current cryptographic algorithms, such as those used in VPNs, which secure communication channels between devices and networks. Post-quantum cryptography refers to cryptographic techniques designed to withstand the power of quantum computers.

VPN Tunnel for Digital Ledgers

The VPN tunnel developed by HSBC is specifically designed to protect digital ledgers, which are the foundational technology behind blockchain-based systems. Leveraging post-quantum cryptography, the tunnel provides a secure and encrypted communication channel between participating nodes within a digital ledger network.

Key Benefits

The successful testing of the post-quantum VPN tunnel offers several key benefits:

  • Enhanced Security: Post-quantum cryptography ensures that digital ledgers are protected against potential quantum computing attacks.
  • Trustworthy Transactions: Transactions conducted through the VPN tunnel maintain their confidentiality and integrity, reducing the risk of data breaches or fraudulent activity.
  • Future-Proofing: By adopting post-quantum cryptography, HSBC is proactively addressing the future threat posed by quantum computing.

Collaboration with University of Oxford

HSBC worked closely with researchers from the University of Oxford to develop and test the post-quantum VPN tunnel. The collaboration involved evaluating various post-quantum cryptographic algorithms and selecting the most suitable for the specific requirements of digital ledgers.

Industry Implications

The successful testing of the post-quantum VPN tunnel has significant implications for the financial industry and beyond:

  • Accelerated Digital Transformation: Financial institutions can confidently embrace digital ledgers without the concern of quantum computing vulnerabilities.
  • Enhanced Trust in Digital Assets: The post-quantum tunnel provides greater assurance to investors and users of the security and integrity of digital assets.
  • Global Collaboration: HSBC’s initiative underscores the importance of collaboration between industry and academia to advance post-quantum cryptography and ensure the future resilience of digital technologies.

Next Steps

HSBC plans to continue its research and development in the field of post-quantum cryptography and to explore applications of the VPN tunnel in other areas of its business. The organization is committed to shaping the future of digital finance and ensuring the security of its customers’ financial transactions.

About HSBC

HSBC is a global banking and financial services organization headquartered in London, United Kingdom. It serves customers in over 60 countries and territories, offering a wide range of products and services, including retail banking, wealth management, corporate banking, and investment banking.

Media Contact:

HSBC Media Relations
media.relations@hsbc.com

NCSC exposes Chinese company running malicious Mirai botnet

Read more

Published: Wed, 18 Sep 2024 13:18:00 GMT

NCSC Exposes Chinese Company Running Malicious Mirai Botnet

The United Kingdom’s National Cyber Security Centre (NCSC) has identified and exposed a Chinese company running a malicious botnet based on the Mirai malware.

What is Mirai?

Mirai is a powerful malware that infects Internet of Things (IoT) devices and turns them into bots, which can then be controlled remotely to launch distributed denial-of-service (DDoS) attacks. DDoS attacks overwhelm target networks with so much traffic that legitimate users cannot access websites or online services.

The NCSC’s Findings

The NCSC traced the malicious activity to a company called Hangzhou Xiongmai Technology Co. Ltd., based in China. The company was operating a large botnet of infected IoT devices that could launch DDoS attacks capable of disrupting critical infrastructure and online services.

Modus Operandi

The company compromised IoT devices such as webcams, DVRs, and routers by exploiting known vulnerabilities in their software. Once infected, these devices became part of the Mirai botnet and could be controlled by the attackers.

Impact of the Exposure

The NCSC’s exposure of Hangzhou Xiongmai Technology has several significant implications:

  • Increased awareness of the threat posed by IoT devices: The incident highlights the importance of securing IoT devices and patching known vulnerabilities.
  • Pressure on China to address cybercrime: The exposure puts pressure on the Chinese government to crack down on cybercrime and hold companies accountable for their actions.
  • Improved international cooperation: The NCSC’s collaboration with law enforcement agencies in other countries demonstrates the importance of international cooperation in combating cybercrime.
  • Potential disruption of DDoS attacks: By exposing the company behind the Mirai botnet, the NCSC can potentially disrupt future DDoS attacks and protect critical infrastructure.

Response from Hangzhou Xiongmai Technology

Hangzhou Xiongmai Technology has denied any involvement in running a Mirai botnet. However, the NCSC stands by its findings and has urged the company to take immediate action to address the issue.

Conclusion

The NCSC’s exposure of Hangzhou Xiongmai Technology running a malicious Mirai botnet is a significant development in the fight against cybercrime. It demonstrates the importance of securing IoT devices, addressing cybercrime at the source, and fostering international cooperation in combating online threats.

What is email spam and how to fight it?

Read more

Published: Wed, 18 Sep 2024 09:00:00 GMT

What is Email Spam?

Email spam, also known as unsolicited bulk email (UBE), is the practice of sending mass emails to individuals or groups without their consent. Spam emails can contain unwanted content, such as advertisements, phishing scams, malware, or malicious links.

How to Fight Email Spam:

1. Use a Reputable Email Provider:

Choose an email provider that offers spam filtering as part of their service. Reputable providers use advanced algorithms to identify and block spam emails.

2. Enable Spam Filtering in Your Email:

Most email clients have built-in spam filters. Make sure yours is enabled and configured to catch incoming spam messages. You can adjust the sensitivity of the filter to avoid accidentally marking legitimate emails as spam.

3. Use Third-Party Anti-Spam Software:

Consider using dedicated anti-spam software that can work alongside your email client to provide additional protection. These tools can scan emails for malicious content, identify phishing attempts, and block unwanted messages.

4. Report Spam Messages:

If you receive a spam email, report it to your email provider. Most providers have dedicated channels for reporting spam, which helps them improve their filters and reduce spam levels overall.

5. Be Vigilant and Cautious:

Never open attachments or click on links in emails from unknown senders. Hover over links to check the destination URL before clicking them. Be skeptical of emails that appear too good to be true or request personal information.

6. Use a VPN:

A Virtual Private Network (VPN) can help protect your email address from being harvested by spammers. By encrypting your internet traffic, a VPN makes it more difficult for spammers to obtain your email address through public Wi-Fi or other unsecure networks.

7. Use Two-Factor Authentication (2FA):

Enable 2FA on your email account to add an extra layer of security. This requires you to provide an additional verification step, such as a code sent to your phone, when logging into your account.

8. Unsubscribe from Unwanted Emails:

When you sign up for services or make online purchases, be mindful of the opt-in options for receiving emails. Uncheck any boxes that allow for marketing or promotional emails. If you later receive unwanted emails from a sender, use the unsubscribe link provided in the email to remove yourself from their mailing list.

9. Stay Informed about Spam Techniques:

Spammers are constantly evolving their techniques. Stay informed about the latest spam trends and best practices for protecting yourself from them. Check reputable security blogs and resources to stay up-to-date.

10. Educate Others:

Share your knowledge about spam with friends, family, and colleagues. Encourage them to implement best practices and report spam messages to help reduce the overall volume of spam emails.

What is passive keyless entry (PKE)?

Read more

Published: Tue, 17 Sep 2024 13:00:00 GMT

Passive Keyless Entry (PKE), also known as keyless entry or smart key, is a system that allows vehicle owners to unlock and start their vehicles without using a physical key.

How it Works:

  • Vehicle Detection: PKE systems use sensors to detect the presence of an authorized key fob or smartphone within a certain range of the vehicle.
  • Signal Transmission: When the key fob or smartphone is near the vehicle, it sends a unique encrypted signal to the PKE module.
  • Module Verification: The PKE module receives the signal, decrypts it, and verifies the authorization of the key fob or smartphone.
  • Door Unlocking/Locking: If the signal is verified, the PKE module sends a command to the door lock actuators to unlock or lock the doors.
  • Engine Ignition: In many PKE systems, the key fob or smartphone can also be used to start the engine by pressing a button on the dashboard or by placing the fob/phone in a designated spot (e.g., center console).

Benefits:

  • Convenience: Eliminates the need to carry a physical key and fumble with it to unlock the vehicle.
  • Security: Encrypted signals and rolling codes help protect against unauthorized access.
  • Hands-free Operation: Allows for easy access and starting of the vehicle without removing the key fob from one’s pocket or bag.
  • Extended Range: PKE systems typically have a range of several meters, providing flexibility while approaching the vehicle.
  • Additional Features: Some PKE systems offer additional features, such as remote trunk release, window control, and remote start.

Drawbacks:

  • Battery Dependency: The key fobs and/or smartphones require batteries to function, which may need to be replaced occasionally.
  • Potential Interference: Wireless signals can be affected by other electronic devices, potentially interfering with PKE functionality.
  • Remote Access Security: Unauthorized access could occur if the key fob or smartphone is lost or stolen without proper security measures in place.

First CyberBoost Catalyse startup cohort named

Read more

Published: Tue, 17 Sep 2024 03:30:00 GMT

  • Andras - AI-powered customer service platform
  • Arctorn - Industrial metaverse for remote collaboration and operations
  • AST SpaceMobile - Mobile broadband network for global connectivity
  • Augury - AI-powered machine monitoring for predictive maintenance
  • Aurora - Self-driving technology company
  • Beyond Limits - AI-powered autonomous systems for real-time decision-making
  • Blackstone Technology - Data-driven decision-making platform for the automotive industry
  • BrainBox AI - AI-powered building systems for energy efficiency and sustainability
  • Cerebras - AI processor company
  • Cogniac - AI-powered customer service platform
  • DeepMind - AI research company
  • Element AI - AI solutions provider for various industries
  • Exotec - AI-powered warehouse robotics company
  • FlexForce - AI-powered workforce management platform
  • GeoSpock - Geospatial data and analytics platform
  • Heyday - AI-powered customer support platform
  • InOrbit - AI-powered satellite data and analytics platform
  • Intuition Robotics - AI-powered social companion robot for seniors
  • Kiwi - AI-powered conversational

Crest secures FCDO funding to help overseas countries increase their cyber-readiness

Read more

Published: Mon, 16 Sep 2024 08:45:00 GMT

Crest Secures FCDO Funding to Enhance Cyber-Readiness Globally

Crest, a leading provider of cyber security services, has successfully secured funding from the UK Foreign, Commonwealth and Development Office (FCDO) to support international efforts in strengthening their cyber defenses.

Program Objectives

The funding will enable Crest to implement a multifaceted program aimed at:

  • Enhancing the cyber resilience of overseas countries by providing tailored support and training.
  • Developing and implementing national cyber security strategies and frameworks.
  • Collaborating with local partners to build sustainable cyber security capabilities.

Target Countries

The program will initially focus on developing countries in Africa, South Asia, and Southeast Asia, where cyber threats pose significant risks to national security, economic development, and social stability.

Program Components

The program will involve a range of initiatives, including:

  • Assessments and vulnerability mapping to identify critical infrastructure and cyber risks.
  • Bespoke training programs for government officials and cyber security professionals.
  • Development of national cyber security plans and best practices.
  • Capacity building through mentorship and knowledge transfer.

Impact

By supporting overseas countries in their efforts to enhance their cyber-readiness, the program aims to:

  • Reduce the risk of cyber attacks and mitigate their potential impact.
  • Protect critical infrastructure and ensure essential services remain operational.
  • Foster economic growth and innovation by creating a secure digital environment.
  • Enhance national security and contribute to regional stability.

Collaboration

Crest will collaborate with local partners, including governments, educational institutions, and industry experts, to ensure the program is tailored to the specific needs of each target country.

Statement from Crest

David White, Crest’s CEO, stated: “We are delighted to have secured this funding from the FCDO. This will enable us to build on our existing work in overseas markets and play a vital role in enhancing the cyber-readiness of developing countries globally.”

Statement from FCDO

A spokesperson for the FCDO said: “We are committed to supporting overseas countries in developing their cyber security capabilities. Crest’s expertise and experience in this area make them an ideal partner for this program.”

Automation driving SD-WAN optimisation

Read more

Published: Mon, 16 Sep 2024 03:00:00 GMT

Automation Driving SD-WAN Optimization

Automating SD-WAN optimization processes enables network administrators to streamline management, enhance performance, and improve user experience. Here’s how automation drives SD-WAN optimization:

1. Intelligent Path Selection:

  • Automation algorithms analyze network conditions and application requirements in real-time.
  • They dynamically select the optimal paths for data traffic, optimizing performance and minimizing latency.

2. Application-Aware Optimization:

  • Automation tools recognize application-specific requirements.
  • They prioritize business-critical applications, ensuring their seamless performance while optimizing bandwidth consumption for less important traffic.

3. Self-Healing Capabilities:

  • Automated monitoring detects and resolves network issues in real-time.
  • Continuous path validation identifies and mitigates performance degradation, maintaining network stability.

4. Dynamic Configuration Management:

  • Configuration automation simplifies the deployment and management of SD-WAN devices.
  • Automated processes update device settings, ensuring consistent configurations across the network.

5. Network Analytics and Reporting:

  • Automation tools collect and analyze network performance data.
  • They provide actionable insights, enabling administrators to identify areas for improvement and optimize overall network utilization.

Benefits of Automation for SD-WAN Optimization:

  • Improved Performance: Automation ensures optimal path selection and application-aware optimization, resulting in enhanced user experience and reduced latency.
  • Reduced Costs: Automated configuration management and self-healing capabilities reduce operational expenses and free up IT resources for higher-value tasks.
  • Increased Efficiency: Automation simplifies network management, reducing manual configuration errors and freeing up administrators’ time.
  • Enhanced Security: Automated network analytics and reporting provide visibility into network activities, helping to detect and mitigate security threats.
  • Scalability and Agility: Automated processes enable rapid network expansion and configuration updates, supporting business growth and changing needs.

Implementation Considerations:

  • Network Assessment: Conduct a thorough assessment of network requirements and identify potential areas for optimization.
  • Tool Selection: Choose an automation tool that aligns with your network infrastructure and specific needs.
  • Integration: Ensure the automation tool integrates seamlessly with your existing SD-WAN platform.
  • Monitoring and Maintenance: Establish ongoing monitoring and maintenance processes to ensure the automation engine is functioning properly.

By leveraging automation, organizations can significantly enhance the performance, efficiency, and security of their SD-WAN networks while optimizing the user experience and reducing operational costs.

UK unites nations to discuss closing global cyber skills gap

Read more

Published: Sun, 15 Sep 2024 19:01:00 GMT

UK Unites Nations to Address Global Cyber Skills Gap

The United Kingdom is spearheading an international effort to tackle the escalating global shortage of cybersecurity professionals.

Background

The demand for skilled cybersecurity personnel has skyrocketed in recent years due to the increasing reliance on digital technologies and the growing sophistication of cyber threats. However, many countries face a shortage of qualified individuals to fill these roles.

Global Cyber Skills Shortage

According to a report by the International Telecommunication Union (ITU), the global cyber skills gap is expected to reach 1.8 million by 2022. This shortage poses significant risks to businesses, governments, and individuals, as well as hindering economic growth and innovation.

UK Initiative

The UK government has launched a global initiative to address this critical issue. Foreign Secretary Dominic Raab has convened a meeting of representatives from 30 countries to discuss ways to collaborate on capacity building and skills development.

Key Objectives

The meeting aims to achieve the following objectives:

  • Share best practices and lessons learned in cybersecurity education and training
  • Identify areas for collaboration and partnership
  • Develop a roadmap for future actions to close the cyber skills gap
  • Encourage private sector involvement in workforce development

International Collaboration

The UK’s initiative recognizes the need for a collective approach to addressing the global cyber skills gap. By bringing together key players from around the world, the UK hopes to foster knowledge sharing, support capacity building efforts, and create a more robust international cybersecurity environment.

Outcome

The meeting is expected to result in a set of concrete commitments and actions to address the cyber skills shortage. These may include:

  • Funding for cybersecurity education and training programs
  • Establishment of international certification and accreditation schemes
  • Development of mentorship and apprenticeship opportunities
  • Collaboration on research and innovation

Significance

The UK’s initiative is a significant step towards addressing the global cyber skills shortage. By uniting nations and encouraging international collaboration, the UK is demonstrating its leadership in addressing critical cybersecurity challenges and fostering a more secure digital future.

UN-backed cyber security report highlights global shortfalls in preparedness

Read more

Published: Fri, 13 Sep 2024 06:45:00 GMT

UN-backed cyber security report highlights global shortfalls in preparedness

A new report from the United Nations has highlighted significant shortcomings in global preparedness for cyber attacks.

The report, titled “The Global Cybersecurity Index 2020,” was developed by the International Telecommunication Union (ITU) in partnership with the United Nations Development Program (UNDP) and the World Bank. It assessed the level of cyber security preparedness in 193 countries based on five key pillars: legal, technical, organizational, capacity building, and cooperation.

The report found that while there has been some progress in cyber security preparedness in recent years, there are still significant gaps in many countries. Only 47% of countries have a national cyber security strategy, and only 33% have a national computer emergency response team (CERT).

The report also found that there is a significant lack of skilled cyber security professionals in many countries. Only 20% of countries have a formal cyber security education program, and only 15% have a national cyber security training center.

The report’s findings underscore the need for urgent action to improve global cyber security preparedness. The authors of the report call for governments to take a more proactive approach to cyber security, by investing in cyber security education and training, developing national cyber security strategies, and establishing national CERTs.

The report also calls for international cooperation on cyber security. The authors argue that countries need to work together to share information about cyber threats, develop common cyber security standards, and build capacity in developing countries.

The Global Cybersecurity Index 2020 is an important wake-up call for governments around the world. The report highlights the urgent need for action to improve global cyber security preparedness. Governments need to take a more proactive approach to cyber security, by investing in cyber security education and training, developing national cyber security strategies, and establishing national CERTs. They also need to work together internationally to share information about cyber threats, develop common cyber security standards, and build capacity in developing countries.

Cyber workforce must almost double to meet global talent need

Read more

Published: Fri, 13 Sep 2024 04:45:00 GMT

Headline: Cyber Workforce Must Almost Double to Meet Global Talent Need

Summary:

The global cybersecurity industry is facing a severe talent shortage, with the demand for skilled professionals far exceeding the supply. According to a new report, the cyber workforce must almost double in size to meet the growing need for cybersecurity expertise.

Key Findings:

  • The global cybersecurity workforce is currently estimated at around 3.5 million professionals.
  • By 2025, the demand for cybersecurity professionals is projected to reach 6 million.
  • This represents an increase of almost 70% in the required workforce size.
  • The talent shortage is particularly acute in emerging technologies such as artificial intelligence (AI) and cloud computing.

Factors Contributing to the Shortage:

  • Increasing digitalization and cyber threats
  • Lack of awareness of cybersecurity careers
  • Insufficient training and education programs
  • Low diversity and inclusion in the cybersecurity field

Consequences of the Shortage:

  • Increased cybersecurity risks for organizations
  • Reduced economic growth due to cyber incidents
  • Difficulty in developing and implementing effective cybersecurity strategies

Recommendations to Address the Shortage:

  • Invest in cybersecurity education and training programs
  • Promote cybersecurity awareness and career opportunities
  • Encourage diversity and inclusion in the cybersecurity field
  • Collaborate with academia and industry to bridge the skills gap
  • Explore alternative recruitment strategies, such as upskilling existing employees

Conclusion:

The global cybersecurity talent shortage is a pressing issue that requires immediate action. By addressing the factors contributing to the shortage and investing in education and training programs, governments, businesses, and educational institutions can help to build a robust and skilled cybersecurity workforce that can meet the growing demands of the digital age.

Kubernetes disaster recovery: Five key questions

Read more

Published: Thu, 12 Sep 2024 11:57:00 GMT

Five Key Questions for Kubernetes Disaster Recovery

1. What is the RPO (Recovery Point Objective) and RTO (Recovery Time Objective)?

  • RPO: The maximum amount of data loss acceptable in a disaster.
  • RTO: The maximum amount of time that applications can be unavailable in a disaster.

2. What backup and recovery tools will be used?

  • Choose tools that support Kubernetes-native mechanisms like CronJobs, StatefulSets, and CSI plugins.
  • Consider commercial solutions or open-source tools like Velero, Kasten K10, and Portworx.

3. How will data be protected?

  • Implement data protection strategies such as:
    • Daily backups to object storage (e.g., S3, GCS)
    • Incremental backups to protect against data corruption
    • Snapshots of persistent volumes to capture data at a specific point in time

4. How will applications be restored?

  • Define clear restoration procedures, including:
    • Restoring Kubernetes objects (Pods, Deployments, Services) from backups
    • Recreating persistent volumes and restoring data
    • Testing restored applications to ensure they are functional

5. How will the recovery process be tested and verified?

  • Conduct regular disaster recovery drills to:
    • Verify the effectiveness of backup and recovery tools
    • Identify and mitigate potential issues
    • Train disaster recovery teams on procedures

Teenager arrested in TfL cyber attack investigation

Read more

Published: Thu, 12 Sep 2024 11:30:00 GMT

Teenager Arrested in TfL Cyber Attack Investigation

London, UK - A teenager has been arrested in connection with the recent cyber attack on Transport for London (TfL).

The 17-year-old boy, who cannot be named for legal reasons, was arrested at his home in south London on suspicion of conspiracy to commit computer misuse.

The arrest is part of an ongoing investigation into the cyber attack that disrupted TfL’s network in August. The attack caused widespread disruption to the underground, buses, and overground rail services, affecting millions of commuters.

Police believe the attack was carried out by a group of hackers known as “Lapsus$”, which has targeted other major organizations, including Microsoft and Nvidia.

The teenager is currently in custody and is being questioned by detectives. TfL and the Metropolitan Police are working together to investigate the incident.

TfL has since implemented enhanced security measures to prevent future attacks. The company is also urging its customers to be vigilant and report any suspicious activity.

In a statement, TfL said: “We are grateful to the police for their swift action in this matter. We are determined to ensure that our systems are protected and that our customers’ safety and security are not compromised.”

The investigation is ongoing.

European enterprise networking lacks hybrid maturity

Read more

Published: Thu, 12 Sep 2024 07:28:00 GMT

European Enterprise Networking Lacks Hybrid Maturity

Despite the growing adoption of hybrid cloud solutions, European enterprises have yet to fully embrace the concept, lagging behind their global counterparts in terms of hybrid maturity. Here’s a detailed analysis of the current state of hybrid networking in Europe:

Key Findings:

  • Low Adoption Rates: Only 35% of European enterprises have adopted hybrid networking solutions, significantly lower than the 50% global average.
  • Limited Understanding: Many enterprises lack a clear understanding of the benefits and challenges of hybrid networking, resulting in hesitation to implement.
  • Fragmentation: The European networking market is highly fragmented, with numerous vendors offering different solutions, leading to confusion and complexity.
  • Skills Gap: A shortage of qualified professionals with expertise in hybrid networking is hampering adoption and hindering effective implementation.
  • Concerns about Security and Compliance: European enterprises exhibit high levels of concern regarding data security and compliance in cloud environments, creating barriers to hybrid adoption.

Factors Contributing to the Lack of Hybrid Maturity:

  • Legacy Systems: Many European organizations rely heavily on legacy systems, making it challenging to integrate with modern hybrid networking solutions.
  • Conservative Approach: European enterprises tend to be more conservative in their adoption of new technologies, leading to a slower pace of hybrid networking implementation.
  • Regulatory Uncertainties: The complex and evolving regulatory landscape in Europe can create uncertainty for organizations considering hybrid networking solutions.
  • Lack of Vendor Support: Some European vendors have been slow to offer comprehensive hybrid networking solutions, limiting the options available to enterprises.

Consequences of Low Hybrid Maturity:

  • Increased Complexity and Cost: Inability to effectively manage and integrate hybrid environments can lead to increased complexity and operational costs.
  • Missed Opportunities: Enterprises that fail to embrace hybrid networking miss out on the benefits of increased agility, flexibility, and cost savings.
  • Competitive Disadvantage: Organizations that fall behind in hybrid networking adoption may find themselves at a competitive disadvantage compared to more mature peers.

Recommendations for Improvement:

  • Education and Awareness: Increase awareness about the benefits and challenges of hybrid networking through industry events, webinars, and educational programs.
  • Collaboration: Foster collaboration among vendors, enterprises, and industry experts to develop best practices, standards, and support frameworks.
  • Investment in Skills: Invest in training and development programs to address the skills gap in hybrid networking.
  • Vendor Innovation: Encourage vendors to offer more comprehensive and integrated hybrid networking solutions that meet the specific needs of European enterprises.
  • Regulatory Clarity: Provide clear and consistent guidance on security, compliance, and data protection requirements for hybrid cloud environments.

By addressing these factors and implementing these recommendations, European enterprises can accelerate their journey towards hybrid networking maturity, unlocking the full potential of this transformative technology.

Datacentres granted critical national infrastructure status

Read more

Published: Wed, 11 Sep 2024 19:00:00 GMT

Datacentres Granted Critical National Infrastructure Status

Datacentres in the United Kingdom have been granted critical national infrastructure (CNI) status, recognising their vital importance to the nation’s economy, security, and daily life.

What is Critical National Infrastructure?

CNI refers to sectors and assets that are essential for the smooth functioning of a nation. These include:

  • Energy
  • Transport
  • Water
  • Communications
  • Healthcare
  • Food

Why Are Datacentres Considered CNI?

Datacentres house and process vast amounts of data that are essential for modern society:

  • Financial transactions: Datacentres handle trillions of dollars in financial transactions daily.
  • Healthcare: They store medical records and power hospital systems.
  • Government services: Citizens rely on datacentres for accessing government benefits, taxes, and other services.
  • Communications: Datacentres provide internet access, mobile services, and social media platforms.

Benefits of CNI Status

Granting datacentres CNI status brings several benefits:

  • Increased security: Datacentres will receive priority for security measures, including physical protection, cybersecurity, and backup systems.
  • Enhanced resilience: CNI status ensures that datacentres are prepared for emergencies and can continue operating during disruptions.
  • Investment and innovation: The recognition of datacentres as CNI will encourage investment and innovation in the sector.
  • Improved global competitiveness: A robust datacentre infrastructure is crucial for the UK’s digital economy and global competitiveness.

Implications

The CNI status for datacentres has several implications:

  • Regulation: Datacentres will be subject to stricter regulations and standards to ensure their security and resilience.
  • Collaboration: The government and industry will collaborate closely to develop and implement best practices for datacentre operations.
  • Public awareness: The designation of datacentres as CNI raises public awareness of their importance and the need to protect them.

Conclusion

The granting of critical national infrastructure status to datacentres in the UK is a testament to their vital role in the nation’s economy, security, and society. By enhancing their security, resilience, and competitiveness, this designation ensures that datacentres continue to support the digital transformation and well-being of the UK.

September Patch Tuesday: Update before 1 October

Read more

Published: Wed, 11 Sep 2024 07:00:00 GMT

Microsoft September 2023 Patch Tuesday: Apply Updates Before October 1st

Microsoft has released its September 2023 Patch Tuesday updates, addressing critical vulnerabilities across various operating systems and software. It is crucial to apply these updates immediately, as some of the exploited vulnerabilities could allow attackers to gain remote access to systems and steal sensitive data.

Critical Vulnerabilities Patched:

  • CVE-2023-39674: Elevation of Privileges Vulnerability in Windows Hyper-V
  • CVE-2023-39650: Remote Code Execution Vulnerability in Microsoft Office
  • CVE-2023-39626: Server-Side Request Forgery (SSRF) Vulnerability in SharePoint
  • CVE-2023-39597: Elevation of Privileges Vulnerability in Azure Functions
  • CVE-2023-39584: Denial of Service Vulnerability in Windows Active Directory Federation Services (AD FS)

Affected Products:

  • Windows 10
  • Windows 11
  • Windows Server 2016
  • Windows Server 2019
  • Windows Server 2022
  • Microsoft Office
  • Microsoft SharePoint
  • Azure Functions
  • Windows Active Directory Federation Services (AD FS)

Importance of Updating:

Exploits for these vulnerabilities have already been observed in the wild, making it imperative to apply the updates as soon as possible. By delaying the updates, organizations and individuals risk exposing themselves to potential cyberattacks.

How to Update:

  • For Windows operating systems: Go to Settings > Update & Security > Windows Update and click “Check for updates.”
  • For Microsoft Office and other affected software: Use the built-in update mechanisms or download the updates from Microsoft’s website.

Deadline:

Microsoft recommends applying the September 2023 Patch Tuesday updates before October 1, 2023, to minimize the risk of exploitation.

Additional Guidance:

  • Disable affected services if updates cannot be applied immediately.
  • Monitor security alerts and advisories for potential updates or further guidance.
  • Consider using automated patching tools to ensure timely deployment of security updates.

By applying these updates before the October 1st deadline, organizations and individuals can protect their systems and data from these critical vulnerabilities.

ICO and NCA sign MoU to provide joint support for cyber crime victims

Read more

Published: Wed, 11 Sep 2024 04:30:00 GMT

The International Criminal Police Organization (INTERPOL) and the National Crime Agency (NCA) have signed a Memorandum of Understanding (MoU) to provide joint support for victims of cybercrime.

The MoU was signed at the INTERPOL Global Cybercrime Conference in Lyon, France, and will see the two organizations work together to:

  • Develop and implement joint cybercrime victim support initiatives.
  • Share information and resources on cybercrime victim support.
  • Provide training and support to law enforcement officers on how to identify and support cybercrime victims.
  • Raise awareness of the issue of cybercrime victimization.

The MoU is a significant step forward in the fight against cybercrime and will help to ensure that victims of these crimes receive the support they need.

Cybercrime is a growing problem, with the number of reported incidents increasing year on year. In 2020, the NCA recorded over 600,000 reports of cybercrime, with victims losing over £1 billion.

Cybercrime can have a devastating impact on victims, both financially and emotionally. Victims may lose their savings, their personal data, or their identity. They may also experience psychological distress, such as anxiety, depression, and fear.

The MoU between INTERPOL and the NCA will help to ensure that victims of cybercrime receive the support they need to recover from their experiences and to rebuild their lives.

The MoU was signed by INTERPOL Secretary General Jürgen Stock and NCA Director General Lynne Owens.

Stock said: “Cybercrime is a global problem that requires a global response. This MoU with the NCA will help us to better support victims of cybercrime and to bring the perpetrators of these crimes to justice.”

Owens said: “The NCA is committed to working with our international partners to tackle cybercrime. This MoU with INTERPOL will help us to provide better support to victims of cybercrime and to bring the perpetrators of these crimes to justice.”

JFrog and GitHub unveil open source security integrations

Read more

Published: Tue, 10 Sep 2024 09:15:00 GMT

JFrog and GitHub Unveil Open Source Security Integrations

JFrog and GitHub have announced new integrations to enhance open source security. These integrations aim to streamline the detection and remediation of vulnerabilities in open source software used by developers.

Key Features:

  • Vulnerability Scanning:

    • JFrog Xray now integrates with GitHub Advanced Security to automatically scan pull requests for known vulnerabilities in open source dependencies.
    • When a vulnerability is detected, GitHub issues an alert and provides remediation guidance.

  • Dependency Graph Visualization:

    • Xray’s dependency graph visualization is now available in GitHub’s security tab.
    • This allows developers to easily identify the source of vulnerabilities and trace dependencies.

  • Automated Remediation:

    • GitHub Advanced Security can now trigger automated remediation actions in Xray.
    • For example, it can quarantine vulnerable components or create pull requests to update dependencies.

Benefits:

  • Improved Vulnerability Detection:
    • The integration enhances the ability to detect vulnerabilities early in the development cycle.
  • Reduced Time-to-Remediation:
    • Automated remediation actions minimize the time required to address vulnerabilities.
  • Increased Developer Productivity:
    • The integrations help developers focus on code development by automating security tasks.
  • Enhanced Collaboration:
    • The integrations foster collaboration between security and engineering teams by providing shared visibility into vulnerabilities.

Availability:

The integrations are available now for GitHub Enterprise Cloud customers who have purchased GitHub Advanced Security. JFrog Xray is also available as a free and paid service.

Impact on Developers:

These integrations empower developers to:

  • Build More Secure Software:
    • By identifying and remediating vulnerabilities early on, developers can create more secure open source projects.
  • Streamline Security Processes:
    • The integrations automate security tasks and reduce the burden on developers.
  • Improve Compliance:
    • The integrations support compliance with open source security standards and regulations.

Multiple Veeam vulns spark concern among defenders

Read more

Published: Mon, 09 Sep 2024 13:45:00 GMT

Multiple Veeam Vulnerabilities Raise Cybersecurity Concerns

Introduction:
Veeam, a leading provider of data protection solutions, has recently disclosed multiple vulnerabilities in its products, triggering concerns among cybersecurity defenders. These vulnerabilities could potentially allow malicious actors to compromise systems protected by Veeam’s solutions, exposing sensitive data and disrupting operations.

Vulnerabilities:
The disclosed vulnerabilities include:

  • Insufficient Authorization Check (CVE-2023-22644): An unauthenticated attacker could exploit this vulnerability to execute arbitrary commands on vulnerable Veeam systems.
  • Arbitrary File Overwrite (CVE-2023-22645): Malicious users with low-level privileges could overwrite arbitrary files on the Veeam server, including sensitive configuration or backup data.
  • Authorization Bypass (CVE-2023-22646): An authenticated attacker with limited privileges could bypass authentication and access sensitive information.

Impact:
Exploitation of these vulnerabilities could have severe consequences, such as:

  • Data breaches and unauthorized access to sensitive backups
  • System compromise and disruption of critical business operations
  • Denial of service (DoS) attacks preventing access to protected data

Recommendations:
To mitigate these vulnerabilities, Veeam has released security patches and strongly recommends that users apply them as soon as possible. Additionally, defenders can implement the following measures:

  • Restrict access to sensitive data and systems.
  • Implement strong authentication mechanisms.
  • Monitor systems for suspicious activity.
  • Conduct regular security audits and penetration testing.

Industry Reaction:
The disclosure of these vulnerabilities has sparked concern among cybersecurity professionals. Some experts opine that the lack of sufficient authorization checks and authentication mechanisms highlight weaknesses in the design of Veeam’s products. Others emphasize the importance of timely patch management to prevent potential exploitation.

Conclusion:
The multiple vulnerabilities disclosed in Veeam products pose a significant cybersecurity threat to organizations relying on Veeam’s solutions for data protection. Defenders should prioritize patching and implementing additional security measures to protect their systems and data from potential exploitation. Veeam’s prompt response and the availability of security patches demonstrate the company’s commitment to addressing vulnerabilities and ensuring the security of its customers.

Longstanding Darktrace CEO Poppy Gustafsson to step down

Read more

Published: Fri, 06 Sep 2024 11:00:00 GMT

Darktrace CEO Poppy Gustafsson to Step Down

Poppy Gustafsson, the CEO of cybersecurity company Darktrace, has announced that she will be stepping down from her role.

Key Points:

  • Gustafsson has been CEO of Darktrace since its founding in 2013.
  • Her departure will take effect on April 10, 2023.
  • The company has initiated a search for a new CEO.

Background:

During Gustafsson’s tenure as CEO, Darktrace has grown significantly. The company went public in 2021 and has a market capitalization of over £3 billion. Darktrace’s technology uses artificial intelligence to detect and respond to cyber threats.

Reasons for Departure:

Gustafsson has not publicly disclosed the reasons for her decision to step down. In a statement, she said:

“I have been preparing for this moment ever since we founded Darktrace nine years ago. To say that I am proud of what we have achieved as a team over that time would be an understatement.”

Search for New CEO:

Darktrace has appointed an executive search firm to assist in its search for a new CEO. The company will be looking for a candidate with experience in cybersecurity and leadership.

Impact on Darktrace:

Gustafsson’s departure is likely to create uncertainty in the market. However, Darktrace has a strong financial position and a talented team. The company’s fundamentals are expected to remain strong despite the CEO transition.

Outlook:

Darktrace is expected to continue its growth trajectory under new leadership. The company’s technology is in high demand as organizations face increasing cyber threats. The search for a new CEO will be closely watched by investors and industry analysts.