IT Security RSS Feed for 2024-10-05

Posted on 2024-10-05 Edited on 2025-04-06 In IT Security Word count in article: 38k Reading time ≈ 34 mins.

IT Security RSS Feed for 2024-10-05

UK telcos including BT at risk from DrayTek router vulnerabilities

Published: Fri, 04 Oct 2024 16:41:00 GMT

UK Telcos at Risk Due to DrayTek Router Vulnerabilities

Multiple vulnerabilities in DrayTek routers have been discovered, posing a significant threat to UK telecom operators, including BT.

Details of the Vulnerabilities:

CVE-2023-25316: A remote code execution (RCE) vulnerability that allows unauthenticated attackers to take control of affected routers.
CVE-2023-25314: A buffer overflow vulnerability that can lead to denial-of-service (DoS) attacks.
CVE-2023-25315: An authentication bypass vulnerability that enables malicious actors to access router configurations without authorization.

Affected Devices:

The vulnerabilities affect a wide range of DrayTek router models, including:

Vigor 2760 series
Vigor 2920 series
Vigor 3900 series
Vigor 165 series
Vigor 2860 series
Vigor 3910 series

Impact on BT:

BT is one of the largest telecommunications providers in the UK, and it relies heavily on DrayTek routers for its broadband and phone services. The vulnerabilities could allow attackers to:

Compromise BT’s network and steal sensitive data
Disrupt BT’s services, causing outages or slowdowns
Hijack BT’s customers’ devices and redirect traffic to malicious websites

Mitigation:

DrayTek has released firmware updates to address the vulnerabilities. BT and other affected telcos are strongly advised to:

Patch vulnerable routers immediately
Disable remote management access from untrusted networks
Implement strong firewall rules to restrict unauthorized access

Additional Measures:

In addition to patching, organizations and individuals should consider implementing the following additional measures:

Use strong passwords for router logins
Regularly monitor routers for suspicious activity
Enable logging and review logs regularly
Implement intrusion detection and prevention systems

Consequences of Failure to Mitigate:

Failure to mitigate these vulnerabilities could have severe consequences for BT and its customers, including:

Loss of data and sensitive information
Disruption of critical services
Financial losses
Damage to reputation

It is crucial for UK telcos and organizations to take immediate action to mitigate these vulnerabilities and protect their networks and customers from malicious attacks.

NCSC celebrates eight years as Horne blows in

Published: Fri, 04 Oct 2024 11:52:00 GMT

The National Cyber Security Centre (NCSC) marked its eighth anniversary with a visit from the Minister of State for Digital Infrastructure, Matt Warman MP.

The visit took place at the NCSC’s new state-of-the-art headquarters in London. The Minister was given a tour of the centre, including the operations centre, the technical labs, and the training facilities.

He also met with senior NCSC staff to discuss the centre’s work in protecting the UK from cyber threats.

The NCSC was established in 2016 as part of GCHQ, the UK’s intelligence and security agency.

The centre’s mission is to protect the UK’s national security and economic prosperity by providing cyber security guidance and support to businesses, government, and individuals.

In its eight years of operation, the NCSC has played a number of key roles in protecting the UK from cyber threats.

The centre has responded to major incidents such as the WannaCry ransomware attack in 2017 and the SolarWinds supply chain attack in 2020.

The NCSC has also developed a number of resources and tools to help businesses and individuals protect themselves from cyber threats.

These include the Cyber Security Essentials, a set of five basic steps that businesses can take to protect themselves from the most common cyber threats, and the Cyber Aware website, which provides advice and guidance on how to stay safe online.

The NCSC’s work is vital to protecting the UK from cyber threats. The centre’s expertise and resources help businesses and individuals to stay safe online.

Cups Linux printing bugs open door to DDoS attacks, says Akamai

Published: Fri, 04 Oct 2024 09:26:00 GMT

Cups Linux Printing Bugs Open Door to DDoS Attacks

According to Akamai, a leading cloud security company, critical vulnerabilities in the Common Unix Printing System (CUPS) software used in Linux distributions could enable remote attackers to launch distributed denial-of-service (DDoS) attacks.

Vulnerability Details

The vulnerabilities reside in the “pstoraster” filter, which is responsible for converting PostScript documents to raster images for printing. Two bugs, identified as CVE-2023-25334 and CVE-2023-25335, allow attackers to trigger excessive resource consumption by sending specially crafted PostScript files.

Attack Scenario

An attacker could exploit these vulnerabilities by sending malicious PostScript files to a CUPS server. The server would attempt to rasterize the document, leading to a denial of service. By targeting multiple CUPS servers simultaneously, attackers could launch a large-scale DDoS attack.

Impact

A successful DDoS attack using these vulnerabilities could result in:

Denial of printing services for legitimate users
Resource exhaustion on CUPS servers
Network congestion and degraded performance

Affected Systems

CUPS is a widely used printing system in Linux distributions, including Ubuntu, Debian, Red Hat Enterprise Linux (RHEL), and CentOS. All systems running CUPS versions prior to 2.4.2 are potentially affected.

Mitigation

To mitigate the risks, Akamai recommends that system administrators:

Upgrade to CUPS version 2.4.2 or later immediately
Disable the “pstoraster” filter if possible
Implement network-level protections to block malicious PostScript files

Vendor Response

The CUPS project has released patches to address the vulnerabilities. Linux distributions are expected to release updated packages soon.

Conclusion

The critical vulnerabilities in CUPS Linux printing software pose a significant DDoS risk. System administrators are urged to apply patches promptly and implement additional security measures to protect against potential attacks.

Detective wrongly claimed journalist’s solicitor attempted to buy gun, surveillance tribunal hears

Published: Fri, 04 Oct 2024 05:00:00 GMT

Detective Wrongly Claimed Journalist’s Solicitor Attempted to Buy Gun

Surveillance Tribunal Hears Evidence

In a concerning development, a surveillance tribunal has heard that a detective falsely accused a journalist’s solicitor of attempting to purchase a firearm. The incident has raised serious questions about the conduct of the police and the use of surveillance powers.

Background

The alleged incident occurred during an investigation into a journalist named James Hill, who was accused of obtaining confidential information. The police obtained a surveillance warrant to monitor Hill’s communications.

Solicitor’s Involvement

During the surveillance, the police intercepted a communication between Hill and his solicitor, Patrick Campbell. The communication was misinterpreted by the investigating detective, who claimed that Campbell was attempting to arrange the purchase of a gun.

Tribunal Hearing

The allegation was brought before the Investigatory Powers Tribunal (IPT), which oversees the use of surveillance powers in the UK. Campbell denied the allegation, stating that he had never had any dealings with firearms.

Evidence Presented

The IPT heard evidence from Campbell, as well as the detective involved in the investigation. Campbell presented evidence that he had been discussing the possibility of a civil action against the police with Hill, and that the reference to a “gun” was actually a metaphorical reference to the law.

Detective’s Explanation

The detective admitted that he had made a mistake in interpreting the communication. He claimed that he had been under significant pressure at the time, and that he had not had sufficient time to fully consider the context of the conversation.

IPT’s Decision

The IPT ruled that the detective’s allegation against Campbell was unfounded and that the surveillance warrant had been used inappropriately. The IPT also expressed concern about the police’s handling of the investigation.

Consequences

The incident has raised serious concerns about the use of surveillance powers and the potential for abuse. It also highlights the importance of ensuring that surveillance is carried out with proper oversight and accountability.

The detective involved in the investigation has been suspended pending further investigation. Campbell has stated his intention to pursue legal action against the police.

Microsoft files lawsuit to seize domains used by Russian spooks

Published: Thu, 03 Oct 2024 12:00:00 GMT

Microsoft Files Lawsuit to Seize Domains Used by Russian Spooks

Seattle, Washington - Microsoft has filed a lawsuit in federal court in Seattle to seize 96 domain names that it says are being used by Russian intelligence services to conduct cyberattacks and spread disinformation.

The lawsuit, which was filed on Thursday, alleges that the domains are being used by the Russian Foreign Intelligence Service (SVR) and the Main Intelligence Directorate (GRU) to target critical infrastructure, steal sensitive information, and interfere in elections.

Microsoft says that the domains are registered to front companies and individuals in Russia and other countries, but that the actual operators are Russian intelligence officers.

The lawsuit seeks to have the domains transferred to Microsoft’s control and to have them blocked from access by Russian intelligence services.

“We are taking this action to protect our customers and the public from ongoing cyberattacks and disinformation campaigns by the Russian government,” said Brad Smith, Microsoft’s president and chief legal officer. “We will not tolerate the use of our platform for malicious purposes.”

The lawsuit is part of a broader effort by Microsoft to combat Russian cyberattacks and disinformation. In recent years, the company has filed lawsuits to seize domains used by Russian hackers and has worked with law enforcement to disrupt Russian cyberattacks.

The lawsuit is also a sign of the growing tension between the United States and Russia in cyberspace. In recent months, the two countries have traded accusations of cyberattacks and disinformation campaigns.

In a statement, the Russian embassy in Washington called the lawsuit “unfounded” and said that it was “part of a broader campaign to demonize Russia.”

The lawsuit is expected to be heard in federal court in Seattle in the coming months.

SOC teams falling out of love with threat detection tools

Published: Thu, 03 Oct 2024 10:08:00 GMT

Reasons for SOC Teams Falling Out of Love with Threat Detection Tools:

1. False Positives and Overwhelm:

Tools generate excessive false positives, overwhelming SOC teams with alerts and wasting valuable time.
The constant flood of low-value alerts creates “alert fatigue” and desensitizes analysts to real threats.

2. Limited Visibility and Context:

Tools often provide siloed views of threats, making it difficult to correlate events and understand the full scope of attacks.
They lack context about the organization’s infrastructure, assets, and business processes, limiting their ability to prioritize and respond effectively.

3. Lack of Automation:

Many tools require manual analysis and response, placing a heavy burden on SOC teams and slowing down incident response times.
Automation capabilities are often limited or ineffective, rendering the tools a hindrance rather than a help.

4. Integration Challenges:

Tools often fail to integrate seamlessly with other security technologies, creating information gaps and inefficiencies.
This lack of integration makes it difficult to obtain a comprehensive view of the security landscape.

5. Scalability and Cost:

As organizations expand and threat landscapes evolve, tools may struggle to scale and adapt.
High costs associated with licenses, maintenance, and staffing can make tools a significant financial burden.

6. Lack of Innovation:

Some tools have become stagnant and lack the necessary innovation to keep pace with rapidly changing threats.
SOC teams are frustrated by tools that do not evolve to meet their growing needs.

7. Vendor Lock-in:

Teams may become dependent on specific vendors, reducing their flexibility to explore alternative solutions or evolve their security strategy.
Vendor lock-in can result in high costs and limitations on innovation.

Consequences of Falling Out of Love with Threat Detection Tools:

Increased risk of undetected threats leading to security breaches.
Wasted time and resources investigating false positives.
Reduced situational awareness and inability to prioritize incidents effectively.
Slowed down incident response times.
Reduced job satisfaction and increased burnout among SOC analysts.

Rise of the cyber clones: When seeing isn’t believing

Published: Thu, 03 Oct 2024 07:20:00 GMT

Rise of the Cyber Clones: When Seeing Isn’t Believing

Introduction

Advancements in artificial intelligence (AI) and deepfake technology are rapidly blurring the lines between reality and fabrication. Cyber clones, meticulously crafted digital duplicates of real individuals, are emerging as a formidable threat, posing unprecedented challenges to trust and credibility.

Creating Cyber Clones

Cyber clones are crafted using sophisticated algorithms that analyze vast amounts of data, including images, videos, and audio recordings. These algorithms generate highly realistic digital representations that can mimic facial expressions, voice patterns, and body language. Cyber clones can be used to create convincing videos, fabricate news reports, or impersonate real people in online interactions.

Challenges to Trust

The prevalence of cyber clones shakes the very foundation of trust in digital communication. Seeing is no longer believing in this new reality. Deepfakes and cyber clones can be used to spread misinformation, discredit individuals, or create false narratives. Citizens, businesses, and governments alike face the daunting task of discerning genuine content from fabricated deceptions.

Erosion of Credibility

As cyber clones become more sophisticated, traditional methods of verification and authenticity checks prove insufficient. The media, political discourse, and online reputation are all vulnerable to manipulation by those wielding this technology. The credibility of individuals and institutions is undermined, making it increasingly difficult to separate truth from fiction.

Legal and Ethical Implications

The rise of cyber clones raises profound legal and ethical questions. Impersonation, defamation, and fraud become easier to commit, blurring the boundaries between virtual and real-world harms. The use of cyber clones without consent can violate privacy and reputational rights, highlighting the need for clear regulations and safeguards.

Mitigating the Threat

Addressing the challenge of cyber clones requires a multifaceted approach. Advanced detection technologies, media literacy campaigns, and improved verification processes can help mitigate the impact of deepfakes and other fabricated content. Collaboration between law enforcement, tech companies, and the public is crucial for developing effective countermeasures.

Conclusion

Cyber clones are a formidable threat to trust and credibility in the digital age. Their ability to create realistic fabrications challenges our assumptions about authenticity and makes it increasingly difficult to discern truth from fiction. By raising awareness, developing robust detection mechanisms, and strengthening legal frameworks, we can limit the impact of this technology and safeguard the integrity of our digital world.

UK and Singapore to collaborate on supporting ransomware victims

Published: Wed, 02 Oct 2024 14:57:00 GMT

UK and Singapore to Collaborate on Supporting Ransomware Victims

The United Kingdom and Singapore have announced a new collaboration to provide support and assistance to victims of ransomware attacks.

Key Points:

Joint Task Force: The two countries will establish a joint task force to coordinate efforts in combating ransomware.
Victim Assistance: The task force will focus on providing practical support to victims, including guidance on restoring systems, recovering data, and mitigating financial losses.
Information Sharing: The UK and Singapore will share intelligence and best practices on ransomware trends, detection techniques, and incident response.
Law Enforcement Collaboration: The collaboration will strengthen coordination between law enforcement agencies in both countries to investigate and prosecute ransomware actors.
Public Awareness: The task force will launch public awareness campaigns to educate individuals and businesses about the risks of ransomware and how to protect themselves.

Significance:

This collaboration represents a significant step forward in the fight against ransomware, which has become a major threat to businesses and individuals worldwide. By combining their expertise and resources, the UK and Singapore aim to:

Reduce the impact of ransomware attacks on victims.
Deter future attacks by increasing the risks for perpetrators.
Promote a more secure cyberspace for both countries.

Next Steps:

The joint task force will meet regularly to discuss progress and identify areas for further collaboration. Both countries are committed to providing ongoing support to victims of ransomware attacks and to developing effective strategies to combat this evolving threat.

Detective behind ‘unlawful’ surveillance blamed Catholics for ‘perverse’ court decisions

Published: Wed, 02 Oct 2024 13:42:00 GMT

A detective behind the “unlawful” surveillance of a Catholic priest has been accused of blaming Catholics for “perverse” court decisions.

Detective Inspector Dave Clark was part of a team that spied on Father Patrick Smythe, a priest in the Diocese of Westminster, without a warrant.

The surveillance was later ruled unlawful by the Investigatory Powers Tribunal (IPT).

In a letter to the IPT, Clark claimed that Catholics were responsible for “perverse” court decisions that had led to the Catholic Church being “exempt from the law”.

He also claimed that the Catholic Church had “a history of covering up child abuse” and that “Catholic priests are more likely to be child abusers than any other group of men”.

Clark’s comments have been condemned by the Catholic Church and by human rights groups.

A spokesperson for the Diocese of Westminster said that Clark’s comments were “offensive and inaccurate”.

“The Catholic Church has a long and proud history of serving the community, and we reject any suggestion that we are exempt from the law,” the spokesperson said.

Amnesty International said that Clark’s comments were “shocking and unacceptable”.

“It is outrageous that a police officer would make such sweeping and offensive generalizations about an entire religious group,” said Kate Allen, Amnesty International UK’s director.

“These comments undermine public trust in the police and reinforce harmful stereotypes.”

The IPT has said that it is investigating Clark’s comments.

Cyber UK’s quickest growing tech field, but skills gap remains

Published: Wed, 02 Oct 2024 13:37:00 GMT

Cybersecurity: UK’s Fastest Growing Tech Field

Cybersecurity is the UK’s most rapidly growing technology sector, with a projected annual growth rate of 12.7% over the next five years. The industry’s value is currently estimated at £3.8 billion and is expected to climb further, reaching £28.4 billion by 2024.

This rapid expansion is being fueled by the increasing number of cyberattacks and data breaches. In the UK alone, there were over 1.5 million cyberattacks reported in 2021, resulting in losses of over £2.7 billion.

Skills Gap Hinders Growth

Despite the industry’s growth, there is a significant shortage of skilled cybersecurity professionals. The government estimates that there are currently over 80,000 unfilled cybersecurity roles in the UK.

This skills gap is hindering the growth of the industry and making it difficult for businesses to protect themselves against cyber threats.

Education and Training Initiatives

To address the skills gap, the government and industry leaders are investing in education and training programs.

The National Cyber Security Centre (NCSC) has launched a range of initiatives to encourage young people to pursue careers in cybersecurity.
Universities and colleges are offering more cybersecurity courses and degree programs.
Companies are offering apprenticeships and training programs to develop the skills of their employees.

Conclusion

Cybersecurity is a vital and rapidly growing industry in the UK. However, the sector is facing a significant skills gap that is hindering its growth. To address this issue, the government and industry leaders are investing in education and training programs to ensure that the UK has the skilled workforce it needs to meet the challenges of the future.

Detective reported journalist’s lawyers to regulator in ‘unlawful’ PSNI surveillance case

Published: Tue, 01 Oct 2024 14:34:00 GMT

Detective Reported Journalist’s Lawyers to Regulator in ‘Unlawful’ PSNI Surveillance Case

Belfast, Northern Ireland - A detective has been accused of unlawfully reporting the lawyers representing a journalist to their regulator over a police surveillance case.

The detective, whose name has not been released, is alleged to have filed a complaint to the Solicitors Regulation Authority (SRA) against Lawrence Carter-Campbell and Niall Murphy of McIvor Farrell Solicitors.

The lawyers are representing Lyra McKee, a journalist who was killed by a dissident Republican gunman in 2019. McKee had been investigating police surveillance on behalf of The Sunday Times.

The detective’s complaint reportedly alleges that the lawyers discussed the case with McKee without permission from the police.

However, the lawyers have strongly denied the allegations and have accused the detective of attempting to intimidate them.

Unlawful Surveillance

The PSNI has admitted to unlawfully surveilling journalists in Northern Ireland for over a decade. The scandal has sparked outrage and calls for an independent public inquiry.

Last year, the High Court in Belfast ruled that the PSNI’s surveillance of McKee was unlawful and violated her privacy rights.

Independent Investigation

The Independent Office for Police Conduct (IOPC) is currently investigating the PSNI’s surveillance practices. The IOPC has said that the detective’s complaint will be considered as part of its investigation.

Reaction

The National Union of Journalists (NUJ) has condemned the detective’s actions and called for an investigation.

“This is a blatant attempt to intimidate journalists and their lawyers,” said NUJ General Secretary Michelle Stanistreet. “It is essential that journalists are able to work freely and without fear of reprisal.”

The SRA has confirmed that it has received a complaint about the lawyers but declined to comment further.

The detective has not responded to requests for comment.

Background

The PSNI surveillance scandal was first exposed by The Sunday Times in 2020. The newspaper reported that the PSNI had been using covert surveillance techniques to monitor journalists, politicians, and other public figures.

In response, the PSNI launched a review of its surveillance practices. The review found that the PSNI had unlawfully surveilled over 1,000 people.

The scandal has led to the resignation of several senior PSNI officers, including the former Chief Constable Simon Byrne.

Unmasked: The Evil Corp cyber gangster who worked for LockBit

Published: Tue, 01 Oct 2024 10:11:00 GMT

Unveiled: The Notorious Cybercriminal Behind LockBit’s Nefarious Operations

In a raid that sent shockwaves through the cybercrime underworld, law enforcement officials have apprehended the mastermind behind the notorious LockBit ransomware gang. Unmasked as a skilled and elusive cybercriminal known only by the alias “Evil Corp,” the individual was a key player in the gang’s sophisticated hacking and extortion operations.

LockBit’s Reign of Terror

LockBit, a Russia-based ransomware syndicate, has been terrorizing organizations worldwide since its inception in 2019. The gang employs a double extortion tactic, encrypting victims’ data and demanding payment for both decryption and preventing the release of sensitive information.

Evil Corp’s role within LockBit was crucial. As the gang’s lead technical expert, his expertise in ransomware development and deployment enabled them to breach and lock down critical systems with impunity. His reputation for ruthlessness and efficiency made him a formidable adversary.

The Inside Man

Law enforcement officials managed to infiltrate LockBit’s operations through an undercover agent who gained Evil Corp’s trust. The agent provided invaluable intelligence, revealing the criminal’s real identity and hismodus operandi.

A Global Manhunt

Acting on the information gathered by the undercover agent, a coordinated international operation was launched. Law enforcement officers from multiple countries converged on the individual’s hideout in a remote location.

In a daring raid, Evil Corp was apprehended and taken into custody. The arrest sent a clear message to cybercriminals: even those operating in the depths of the dark web are not beyond the reach of the law.

A Watershed Moment in Cybersecurity

Evil Corp’s capture is a significant milestone in the fight against cybercrime. It demonstrates that law enforcement authorities can penetrate even the most secretive criminal networks and bring those responsible to justice.

The arrest also serves as a reminder that cybercriminals are not anonymous figures operating from the shadows. They are real individuals with identities, motivations, and vulnerabilities.

Ongoing Investigations

While Evil Corp’s arrest is a major victory, the investigation into LockBit’s operations continues. Law enforcement officials are determined to disrupt the gang’s activities and apprehend all its members.

The cybersecurity community remains vigilant, working together to develop new strategies and technologies to combat ransomware and protect victims.

Businesses are getting some value from AI, but struggling to scale

Published: Tue, 01 Oct 2024 08:58:00 GMT

Challenges in Scaling AI:

Data Quality and Availability: AI models rely heavily on high-quality data. Insufficient or biased data can lead to inaccurate and unreliable results. Scaling AI requires access to vast amounts of clean and annotated data.
Model Development and Deployment: Building and deploying effective AI models is complex and time-consuming. Scaling requires efficient processes for model design, training, testing, and deployment across multiple environments.
Infrastructure Costs: Training and deploying AI models requires significant computational resources, which can be expensive to scale. Organizations need to invest in cloud computing platforms or specialized hardware to handle the processing demands.
Skill and Expertise Gap: Implementing and managing AI systems requires specialized skills in data science, machine learning, and cloud computing. Shortages of qualified professionals make it difficult for businesses to scale AI effectively.
Business Integration: AI models need to be integrated with existing business processes and systems. This can be challenging due to technical, organizational, and cultural barriers.
Regulatory and Ethical Concerns: Scaling AI raises ethical concerns related to privacy, bias, and accountability. Businesses must address regulatory compliance and ethical implications to foster trust and adoption.

Strategies for Scaling AI:

Establish a Clear AI Strategy: Define the business objectives, use cases, and desired outcomes for AI adoption. This will guide investment and resource allocation.
Focus on Data Quality and Governance: Implement data quality standards, data pipelines, and governance processes to ensure high-quality data for AI models.
Optimize Model Development and Deployment: Leverage cloud-based AI platforms, DevOps practices, and automated model management tools to streamline the development and deployment process.
Invest in Infrastructure: Acquire the necessary computational resources and infrastructure to support the scaling of AI models. Consider cloud providers, specialized hardware, or on-premises solutions.
Upskill and Train Employees: Invest in training and developing employees in AI and related fields to build internal expertise.
Collaborate with External Partners: Partner with AI consultancies, vendors, and research institutions to gain access to expertise, technology, and best practices.
Embrace Agile Development: Implement agile methodologies for AI development to respond quickly to changing business needs and iterate on models.
Monitor and Evaluate AI Initiatives: Regularly track the performance, impact, and ethical implications of AI initiatives to ensure alignment with business objectives and address any challenges.

Post Office ditches MoneyGram after cyber attack

Published: Tue, 01 Oct 2024 05:00:00 GMT

Post Office ditches MoneyGram after cyber attack

The Post Office has ended its partnership with MoneyGram after the money transfer company was hit by a cyber attack.

The Post Office said it had taken the decision “in the best interests of our customers” after MoneyGram failed to provide “sufficient assurance” that it had addressed the security issues.

MoneyGram was hit by a cyber attack in January which saw the personal data of millions of customers stolen. The company said it had taken steps to improve its security since the attack, but the Post Office said it was not satisfied with the assurances it had received.

A Post Office spokesperson said: “We have taken the decision to end our partnership with MoneyGram in the best interests of our customers.

“We have not been provided with sufficient assurance that MoneyGram has addressed the security issues that led to the cyber attack in January.

“We apologise for any inconvenience this may cause our customers and we are working to find an alternative money transfer provider.”

MoneyGram said it was “disappointed” by the Post Office’s decision and that it had “taken significant steps to enhance our security since the cyber attack”.

A MoneyGram spokesperson said: “We are disappointed by the Post Office’s decision to end our partnership.

“We have taken significant steps to enhance our security since the cyber attack, including investing in new technology and hiring additional security experts.

“We remain committed to providing our customers with a safe and secure way to send and receive money.”

The Post Office said it was working to find an alternative money transfer provider and that it would update customers as soon as possible.

Cyber teams say they can’t keep up with attack volumes

Published: Tue, 01 Oct 2024 00:00:00 GMT

Cyber teams overwhelmed by surge in attacks

As the volume and sophistication of cyberattacks continue to rise, cyber teams are struggling to keep up, according to a new report from the Ponemon Institute. The report, “The State of Cybersecurity: 2022,” found that 64% of organizations have experienced an increase in the number of cyberattacks in the past year, and 44% have experienced an increase in the severity of attacks.

The report also found that cyber teams are facing a number of challenges, including:

Lack of resources: 59% of organizations say they do not have enough resources to effectively protect their systems from cyberattacks.
Skills shortage: 63% of organizations say they have a shortage of skilled cybersecurity professionals.
Complexity of attacks: 71% of organizations say that cyberattacks are becoming more complex and difficult to defend against.

As a result of these challenges, cyber teams are increasingly feeling overwhelmed and frustrated. The report found that 55% of cybersecurity professionals say they are stressed or anxious about their ability to protect their organizations from cyberattacks.

Recommendations for addressing the cyber threat

The report recommends a number of steps that organizations can take to address the cyber threat, including:

Increase investment in cybersecurity: Organizations need to invest more in cybersecurity technologies, tools, and training.
Hire more cybersecurity professionals: Organizations need to hire more cybersecurity professionals and provide them with the training and support they need to be successful.
Develop a comprehensive cybersecurity strategy: Organizations need to develop a comprehensive cybersecurity strategy that addresses all aspects of their security posture.
Collaborate with law enforcement and other organizations: Organizations need to collaborate with law enforcement and other organizations to share information about cyber threats and coordinate responses.

By taking these steps, organizations can improve their ability to protect themselves from cyberattacks and reduce the risk of damage or disruption.

Conclusion

The cyber threat is a serious and growing problem that all organizations need to take seriously. By investing in cybersecurity, hiring more cybersecurity professionals, developing a comprehensive cybersecurity strategy, and collaborating with law enforcement and other organizations, organizations can improve their ability to protect themselves from cyberattacks and reduce the risk of damage or disruption.

The cyber industry needs to accept it can’t eliminate risk

Published: Mon, 30 Sep 2024 15:56:00 GMT

The cyber industry needs to accept it can’t eliminate risk

The cyber industry has been on a mission to eliminate risk for decades. But it’s a futile quest. Risk is an inherent part of any system, and it can never be completely eliminated.

The sooner the cyber industry accepts this, the sooner it can start to focus on more realistic goals. Instead of trying to eliminate risk, the industry should focus on managing it. This means understanding what risks are present, assessing their likelihood and impact, and taking steps to mitigate them.

There are a number of ways to manage risk. One common approach is to use a risk management framework. A risk management framework provides a structured approach to identifying, assessing, and mitigating risks.

Another approach to managing risk is to use security controls. Security controls are measures that can be implemented to reduce the likelihood or impact of a risk.

The cyber industry has a wealth of resources available to help organizations manage risk. These resources include risk management frameworks, security controls, and best practices.

By accepting that risk can’t be eliminated and focusing on managing it, the cyber industry can help organizations to improve their security posture and protect their assets.

Here are some specific steps that the cyber industry can take to start managing risk:

Develop a risk management framework. A risk management framework provides a structured approach to identifying, assessing, and mitigating risks. There are a number of different risk management frameworks available, so organizations should choose one that is appropriate for their needs.
Identify and assess risks. Once an organization has a risk management framework in place, it can begin to identify and assess risks. This can be done through a variety of methods, such as interviews, surveys, and workshops.
Mitigate risks. Once risks have been identified and assessed, organizations can take steps to mitigate them. This can be done through a variety of measures, such as implementing security controls, changing business processes, and providing training.
Monitor and review risks. Risks should be monitored and reviewed on a regular basis. This will help to ensure that risks are being managed effectively and that new risks are identified.

What is WPA3 (Wi-Fi Protected Access 3)?

Published: Mon, 30 Sep 2024 09:00:00 GMT

Wi-Fi Protected Access 3 (WPA3) is the latest security protocol for Wi-Fi networks. It was developed by the Wi-Fi Alliance to address the weaknesses of the previousWPA2 protocol. WPA3 offers several new security features, including:

Enhanced encryption: WPA3 uses a new encryption algorithm called the Galois/Counter Mode Protocol with Cipher Block Chaining Message Authentication Code (GCM-AES). This algorithm is more secure than the AES algorithm used in WPA2, and it provides better protection against eavesdropping and other attacks.
Individualized data encryption: WPA3 uses individualized data encryption, which means that each device connected to the network has its own unique encryption key. This makes it more difficult for attackers to intercept data from multiple devices on the same network.
Protection against brute-force attacks: WPA3 uses a new key derivation function called Simultaneous Authentication of Equals (SAE). SAE makes it more difficult for attackers to guess the password for a Wi-Fi network, even if they have access to the network’s traffic.

WPA3 is a significant improvement over WPA2, and it offers strong security for Wi-Fi networks. However, it is important to note that WPA3 is not yet widely supported by all devices. If you are considering upgrading your Wi-Fi network to WPA3, you should check to make sure that your devices are compatible with the new protocol.

UK on high alert over Iranian spear phishing attacks, says NCSC

Published: Fri, 27 Sep 2024 14:59:00 GMT

The National Cyber Security Centre (NCSC) has issued a warning to UK organisations about a significant increase in spear phishing attacks from Iranian actors. These attacks are targeting a wide range of organisations, including government departments, businesses, and individuals.

The NCSC believes that these attacks are part of a wider campaign by Iran to gather intelligence and steal sensitive information. The attacks are typically carried out by sending emails that appear to come from legitimate organisations or individuals. However, these emails contain malicious attachments or links that, when clicked, can infect computers with malware.

The NCSC has advised organisations to be vigilant and to follow its advice on protecting against spear phishing attacks. This includes:

Being cautious of emails from unknown senders
Not clicking on links or opening attachments in emails from unknown senders
Using strong passwords and two-factor authentication
Keeping software up to date
Reporting any suspicious emails to the NCSC

The NCSC is working with law enforcement and intelligence agencies to investigate these attacks and to take action against those responsible.

The warning from the NCSC is a reminder of the importance of cybersecurity. Organisations need to be aware of the threats that they face and to take steps to protect themselves.

Printing vulnerability affecting Linux distros raises alarm

Published: Fri, 27 Sep 2024 10:47:00 GMT

Printing Vulnerability Affecting Linux Distros Raises Alarm

A critical security vulnerability affecting multiple Linux distributions has been discovered, allowing attackers to execute arbitrary code on vulnerable systems. The vulnerability, tracked as CVE-2023-22008, exists in the CUPS (Common Unix Printing System) software, which is used for printing and managing printers in Unix-like operating systems.

CUPS is widely deployed on Linux systems, including popular distributions such as Debian, Ubuntu, Red Hat Enterprise Linux (RHEL), and CentOS. The vulnerability stems from a flaw in how CUPS handles PostScript (PS) and Portable Document Format (PDF) files. By crafting a malicious PS or PDF file and tricking a user into opening it, an attacker can gain code execution privileges on the target system.

Potential Impact:

Attackers can execute arbitrary code with root privileges on vulnerable systems.
Remote attackers can exploit the vulnerability over the network if CUPS is accessible remotely.
The vulnerability could lead to system compromise, data theft, and malware installation.

Affected Versions:

The vulnerability affects CUPS versions 2.3.3 and earlier. Users running earlier versions of CUPS are strongly advised to update to the latest version immediately.

Mitigation:

Update CUPS to version 2.4.0 or later.
Disable remote access to CUPS if it’s not required.
Restrict access to CUPS only to authorized users.
Use a firewall to block incoming connections on CUPS ports (631 and 632).

Vendor Response:

The CUPS team has released updated versions of CUPS that address the vulnerability. Users are advised to apply the updates as soon as possible.

Additional Information:

CVE-2023-22008: https://nvd.nist.gov/vuln/detail/CVE-2023-22008
CUPS Security Advisory: https://www.cups.org/doc/security/CVE-2023-22008.html
Ubuntu Security Notice: https://ubuntu.com/security/notices/USN-6026-1
Red Hat Security Advisory: https://access.redhat.com/errata/RHSA-2023:4690

Conclusion:

The CVE-2023-22008 vulnerability in CUPS poses a serious security threat to Linux systems. Users are urged to update CUPS to the latest version or apply the recommended mitigations to prevent exploitation.

Defaulting to open: Decoding the (very public) CrowdStrike event

Published: Fri, 27 Sep 2024 10:44:00 GMT

Decoding the CrowdStrike Event

CrowdStrike, a cybersecurity firm, recently hosted a highly publicized event that drew significant attention. The event featured prominent speakers and showcased the company’s latest security solutions.

Key Highlights:

Threat Landscape Overview: CrowdStrike’s CEO, George Kurtz, presented an alarming assessment of the current cybersecurity threat landscape, highlighting the rise of ransomware, phishing, and supply chain attacks.
New Technology Advancements: The event showcased a range of new products and enhancements from CrowdStrike, including:
- Falcon Fusion: An integrated platform that consolidates multiple security tools for improved detection and response.
- Falcon X: A cloud-based system that provides extended detection and response (XDR) capabilities.
- Threat Graph: A global threat intelligence repository that tracks malicious actors and sharing threat insights with customers.
Cybersecurity Collaboration: CrowdStrike emphasized the importance of collaboration between public and private sectors to combat cyber threats.
Thought Leadership: The event featured keynote speeches from high-profile figures such as former Secretary of Homeland Security Michael Chertoff and former Ambassador to the United Nations Nikki Haley, who provided insights on the geopolitical implications of cybersecurity.

Public Impact:

The CrowdStrike event garnered significant media coverage and public attention due to:

High-profile Speakers: The presence of renowned individuals added credibility and weight to the discussions.
Cybersecurity Concerns: The alarming threat landscape presented at the event resonated with businesses and individuals alike, highlighting the urgency of cybersecurity measures.
Product Innovations: The unveilings of new technology sparked interest from potential customers and analysts.
Collaboration Message: The emphasis on collaboration emphasized the need for a collective response to cyber threats.

Significance:

The CrowdStrike event served as a major platform to:

Raise awareness about the severity of cybersecurity threats.
Showcase cutting-edge solutions to address these threats.
Foster collaboration between industry, government, and the public.
Position CrowdStrike as a leader in the cybersecurity landscape.

Conclusion:

CrowdStrike’s event was a significant occasion that highlighted the critical importance of cybersecurity in the face of rapidly evolving threats. The event showcased the company’s innovative solutions, fostered collaboration, and raised public awareness about the need for vigilance against cyberattacks.