IT Security RSS Feed for 2024-11-23

Posted on Edited on In Word count in article: 35k Reading time ≈ 31 mins.

IT Security RSS Feed for 2024-11-23

What is endpoint detection and response (EDR)?

Read more

Published: Fri, 22 Nov 2024 13:57:00 GMT

Endpoint detection and response (EDR) is a cybersecurity solution that monitors, detects, and responds to threats on endpoints, such as computers, laptops, and servers. EDR systems typically include a variety of features, such as:

  • Real-time monitoring: EDR systems continuously monitor endpoints for suspicious activity. This can include detecting suspicious file activity, network activity, and user behavior.
  • Threat detection: EDR systems use a variety of techniques to detect threats, such as signature-based detection, anomaly-based detection, and behavioral analysis.
  • Response actions: EDR systems can take a variety of response actions when a threat is detected, such as blocking the threat, quarantining the affected endpoint, or rolling back changes made by the threat.

EDR solutions can help organizations to improve their security posture by providing visibility into endpoint activity, detecting threats early on, and responding to threats quickly and effectively.

BianLian cyber gang drops encryption-based ransomware

Read more

Published: Thu, 21 Nov 2024 15:25:00 GMT

BianLian Cyber Gang Unveils New Encryption-Based Ransomware

The infamous BianLian cybercriminal group has added a new weapon to its arsenal: encryption-based ransomware. This latest malware, dubbed “BianLian,” targets various operating systems and encrypts critical data, demanding a ransom for decryption.

Key Features:

  • Cross-Platform Compatibility: BianLian can infect devices running Windows, macOS, and Linux.
  • File Encryption: The malware encrypts various types of files, including documents, images, spreadsheets, and databases.
  • Ransom Demand: Victims receive a ransom note with instructions to pay a ransom amount in cryptocurrency.
  • Data Leakage Threats: BianLian threatens to leak stolen data if the ransom is not paid within a specified time frame.
  • Stealthy Tactics: The malware employs sophisticated techniques to evade detection and analysis by security products.

Technical Details:

BianLian uses a combination of encryption algorithms, including AES-256 and RSA-1024, to encrypt victim’s data. The ransom note typically demands payment in Bitcoin or another cryptocurrency. The malware also communicates with a command-and-control server to receive further instructions and upload stolen data.

Impact and Mitigations:

BianLian ransomware poses a significant threat to businesses and individuals alike. Organizations are advised to take the following steps:

  • Implement strong network security measures to prevent initial infection.
  • Regularly back up critical data to a secure location.
  • Educate employees about phishing scams and other social engineering tactics.
  • Install reputable antivirus and anti-malware software.
  • Respond calmly to ransom demands and seek professional help from law enforcement or security experts.

Law Enforcement Response:

Authorities are actively investigating the BianLian cybercriminal gang and similar threats. Collaboration between law enforcement agencies and cybersecurity experts is ongoing to disrupt their operations and minimize the impact of ransomware attacks.

Conclusion:

BianLian ransomware is a dangerous evolution in the cybercrime landscape. Its cross-platform compatibility, sophisticated encryption, and data leakage threats make it a formidable adversary. Organizations and individuals must remain vigilant and take proactive measures to protect themselves from this and other emerging threats.

Microsoft slaps down Egyptian-run rent-a-phish operation

Read more

Published: Thu, 21 Nov 2024 14:29:00 GMT

Microsoft Slams Down Egyptian-Led Phishing Operation

Microsoft has successfully thwarted the operations of an international phishing syndicate led from Egypt. The operation targeted 4.5 million email accounts, attempting to steal sensitive information and financial data.

Modus Operandi:

The group used a technique known as “rent-a-phish” to orchestrate their attacks. This involves renting out phishing infrastructure, such as domains, hosting, and email lists, from third parties. The group targeted a wide range of individuals and businesses, including employees of Fortune 500 companies and celebrities.

Phishing Techniques:

The phishing emails sent by the group impersonated legitimate organizations such as banks, financial institutions, and social media platforms. The emails contained malicious links or attachments that, when clicked or opened, directed victims to fake websites designed to collect their personal and financial information.

Microsoft’s Response:

Microsoft’s Digital Crimes Unit (DCU) played a pivotal role in uncovering and dismantling the phishing operation. The DCU conducted a comprehensive investigation, using machine learning and other techniques to identify the infrastructure and actors involved.

Microsoft took legal action against the Egyptian-led group, resulting in a court order that shut down the phishing infrastructure and seized the domains used in the attacks.

Impact and Implications:

The phishing operation targeted a massive number of email accounts, posing a significant threat to individuals and businesses. Microsoft’s actions have helped protect internet users from potential harm and financial loss.

The success of the operation highlights the growing sophistication of phishing scams and the importance of vigilance. It also underscores the value of collaboration between law enforcement agencies and technology companies in combating cybercrimes.

Recommendations for Staying Safe:

  • Be skeptical of emails from unknown senders: Verify that the sender’s email address matches the sending organization before clicking on links or opening attachments.

  • Inspect links before clicking: Hover your mouse over links to see where they lead before clicking on them.

  • Use strong and unique passwords: Use different passwords for each account and enable two-factor authentication whenever possible.

  • Install anti-phishing software: Use security software that can detect and block phishing emails and websites.

  • Stay informed about phishing trends: Keep up-to-date on the latest phishing scams by following credible sources and security blogs.

Brit charged in US over Scattered Spider cyber attacks

Read more

Published: Thu, 21 Nov 2024 11:21:00 GMT

Brit charged in US over Scattered Spider cyber attacks

A 22-year-old British man has been charged in the US over a series of cyber attacks that targeted critical infrastructure around the world.

Joseph James O’Connor, from Essex, is accused of being part of a group called Scattered Spider, which was responsible for attacks on targets including power grids, water treatment plants and hospitals.

The US Department of Justice alleges that O’Connor and his co-conspirators used malware to gain access to victims’ systems, steal data and disrupt operations.

In one instance, the group is said to have caused a power outage in Ukraine by attacking a power grid.

O’Connor was arrested in the UK in January 2021 and extradited to the US in March 2023. He has been charged with conspiracy to commit computer fraud and abuse and conspiracy to commit wire fraud.

If convicted, O’Connor could face a maximum sentence of 20 years in prison.

The US authorities have described Scattered Spider as a “significant threat” to national security.

What is Scattered Spider?

Scattered Spider is a group of cyber criminals who have been linked to a series of attacks on critical infrastructure around the world.

The group is believed to be responsible for attacks on targets including power grids, water treatment plants and hospitals.

Scattered Spider uses a variety of malware to gain access to victims’ systems, steal data and disrupt operations.

In one instance, the group is said to have caused a power outage in Ukraine by attacking a power grid.

Scattered Spider is a significant threat to national security. The group’s attacks have the potential to cause widespread damage and disruption.

Who is Joseph James O’Connor?

Joseph James O’Connor is a 22-year-old British man who has been charged in the US over his alleged involvement in the Scattered Spider cyber attacks.

O’Connor was arrested in the UK in January 2021 and extradited to the US in March 2023. He has been charged with conspiracy to commit computer fraud and abuse and conspiracy to commit wire fraud.

If convicted, O’Connor could face a maximum sentence of 20 years in prison.

What is Common Vulnerabilities and Exposures (CVE)?

Read more

Published: Wed, 20 Nov 2024 14:00:00 GMT

Common Vulnerabilities and Exposures (CVE)

Definition:

CVE is a standardized system for identifying and describing publicly known vulnerabilities and information security exposures. It provides a common language for sharing and managing security information across organizations and industries.

Key Features:

  • Unique Identifier: Each CVE is assigned a unique identifier in the format CVE-YYYY-NNNN, where YYYY is the year the CVE was created and NNNN is the sequential number for that year.
  • Description: Provides a detailed description of the vulnerability, including its technical characteristics, impact on systems, and potential exploit methods.
  • Severity Rating: Classifies the vulnerability based on its potential impact, ranging from Critical to Low.
  • Reference Information: Includes links to relevant security advisories, exploit code, and other supporting materials.

Purpose:

  • To facilitate collaboration and information sharing among security professionals and organizations.
  • To standardize vulnerability terminology and description formats.
  • To enable automated vulnerability scanning and management tools.
  • To provide a common base for vulnerability mitigation and remediation efforts.

Maintenance:

CVE is maintained by the CVE Program, a public-private partnership. The National Cybersecurity and Communications Integration Center (NCCIC) within the Department of Homeland Security (DHS) serves as the CVE Program coordinator.

Access and Usage:

The CVE Program provides free and open access to the CVE database through its website and various automated feeds. Organizations and individuals can use CVEs to:

  • Identify and track vulnerabilities affecting their systems.
  • Prioritize remediation efforts based on severity.
  • Obtain detailed information about vulnerability characteristics and exploits.
  • Develop security policies and procedures.

Apple addresses two iPhone, Mac zero-days

Read more

Published: Wed, 20 Nov 2024 11:28:00 GMT

Apple Addresses Two iPhone, Mac Zero-Days

Apple has released security updates to address two zero-day vulnerabilities, one affecting iPhones and the other affecting Macs.

iPhone Zero-Day (CVE-2023-23529)

  • Affected Devices: iPhone 8 and later
  • Impact: An attacker could execute arbitrary code with kernel privileges

This zero-day is a memory corruption vulnerability in the IOMobileFrameBuffer framework. An attacker could exploit this vulnerability by crafting a maliciously crafted app or website.

Mac Zero-Day (CVE-2023-23530)

  • Affected Devices: Macs running macOS Ventura 13.2 and earlier
  • Impact: An attacker could execute arbitrary code with kernel privileges

This zero-day is a use-after-free vulnerability in the GPU driver. An attacker could exploit this vulnerability by creating a malicious app or website.

Patch Details

Apple has released iOS 16.3.1 and macOS Ventura 13.2.1 to address these zero-days. All users are strongly advised to update their devices as soon as possible.

Additional Information

A report from Google’s Threat Analysis Group (TAG) revealed that the iPhone zero-day was actively exploited in the wild. TAG attributed the exploitation to a threat actor tracked as “Manjusaka.”

Recommendations

  • Update all affected devices to the latest software versions (iOS 16.3.1 and macOS Ventura 13.2.1).
  • Be cautious of suspicious emails, text messages, or websites.
  • Report any suspected security incidents to Apple.

Microsoft Ignite: A $4m zero-day reward plus $349 thin client

Read more

Published: Wed, 20 Nov 2024 07:30:00 GMT

Microsoft Ignite: A $4m zero-day reward plus $349 thin client

Microsoft Ignite is an annual conference hosted by Microsoft where the company showcases its latest products and services. This year’s event was held in Orlando, Florida, from November 4-8.

One of the biggest announcements at Ignite was the launch of a new zero-day reward program. Under this program, Microsoft will pay researchers up to $4 million for finding and reporting zero-day vulnerabilities in its software. This is a significant increase from the previous reward amount of $250,000.

Microsoft also announced a new thin client called the Surface Go 2. This device is designed for users who need a portable and affordable way to access their work or school applications. The Surface Go 2 starts at $349 and is available in both Wi-Fi and LTE models.

In addition to these announcements, Microsoft also showcased a number of other new products and services at Ignite, including:

  • Windows 10X, a new version of Windows designed for dual-screen devices
  • Surface Laptop 3, a new laptop with a redesigned chassis and improved performance
  • Surface Earbuds, a new pair of wireless earbuds with active noise cancellation
  • Microsoft Teams, a new collaboration platform that combines chat, video conferencing, and file sharing

Overall, Microsoft Ignite was a successful event for the company. The announcements made at the conference showed that Microsoft is continuing to invest in innovation and is committed to providing its customers with the best possible products and services.

Underfunded, under pressure: We must act to support cyber teams

Read more

Published: Tue, 19 Nov 2024 10:14:00 GMT

Underfunded, Under Pressure: Urgent Action Needed to Support Cyber Teams

The cybersecurity landscape is rapidly evolving, with new threats emerging constantly. To effectively combat these threats, it is essential to have well-funded and well-staffed cyber teams. However, many cyber teams are currently facing significant challenges due to underfunding and excessive pressure.

Consequences of Underfunding

  • Inadequate infrastructure and technology: Cyber teams need access to up-to-date hardware, software, and security tools to effectively monitor and respond to threats. Underfunding can result in teams using outdated equipment that is vulnerable to attack.
  • Limited staff and resources: Cyber teams are often understaffed, which means that individuals may be overworked and unable to effectively address all threats. This can lead to missed detections and increased risk of breaches.
  • Lack of training and development: Cyber teams must continuously stay up to date on the latest security techniques and technologies. Underfunding can hinder their ability to invest in training and professional development.

Consequences of Excessive Pressure

  • Burnout and high turnover: Cyber teams face immense pressure to prevent and respond to threats. Prolonged stress can lead to burnout and high turnover, further weakening teams.
  • Compromised security: Under intense pressure, teams may make mistakes or cut corners, which can result in compromised security.
  • Reduced morale and productivity: Excessive pressure can negatively impact team morale and productivity, further exacerbating the problem.

Urgent Action Required

To address these challenges, it is essential to take immediate action to:

  • Increase funding: Governments and organizations must allocate sufficient funding to support cyber teams and ensure they have the resources they need.
  • Increase staffing: Hire and retain more cybersecurity professionals to strengthen teams and reduce workload.
  • Provide training and development: Invest in ongoing training and development programs to keep teams up-to-date with the latest techniques and technologies.
  • Reduce pressure: Implement measures to reduce excessive pressure on cyber teams, such as setting realistic expectations, providing adequate support, and promoting work-life balance.
  • Foster collaboration: Encourage collaboration between cyber teams within organizations and across industries to share knowledge and best practices.

Conclusion

Underfunding and excessive pressure are significant challenges facing cyber teams. These challenges can have severe consequences for cybersecurity and the organizations they protect. By taking urgent action to address these issues, we can support cyber teams, enhance cybersecurity, and mitigate the risks posed by evolving threats.

Overcoming the cyber paradox: Shrinking budgets – growing threats

Read more

Published: Tue, 19 Nov 2024 09:39:00 GMT

Overcoming the Cyber Paradox: Shrinking Budgets – Growing Threats

The Cyber Paradox

Organizations face a paradoxical situation: dwindling cybersecurity budgets amidst escalating cyber threats. This paradox stems from several factors, including:

  • Increasing sophistication and frequency of cyberattacks
  • Rapid digitization and expansion of the attack surface
  • Growing regulatory compliance requirements

Consequences of Budget Constraints

Shrinking budgets can have severe consequences for cybersecurity, including:

  • Reduced investments in threat monitoring and detection tools
  • Delayed patching and updates of software and systems
  • Loss of skilled cybersecurity professionals due to budget cuts

Strategies to Overcome the Paradox

To navigate this cybersecurity landscape, organizations must adopt proactive and strategic approaches:

1. Prioritize and Focus:

Identify critical assets and infrastructure that require robust protection. Allocate resources accordingly, ensuring that the most vulnerable areas are adequately secured.

2. Cloud Adoption and Managed Security Services:

Leverage cloud-based cybersecurity solutions to reduce infrastructure costs and gain access to advanced security technologies. Consider partnering with managed security service providers to supplement internal capabilities.

3. Automation and Security Orchestration:

Implement automated systems for vulnerability scanning, threat detection, and incident response. This reduces workload and improves efficiency, allowing organizations to achieve more with limited resources.

4. Threat Intelligence Sharing:

Collaborate with industry peers and security agencies to exchange threat intelligence and best practices. This enhances situational awareness and enables organizations to stay ahead of emerging threats.

5. Invest in Cybersecurity Awareness and Training:

Educate employees on cybersecurity threats and best practices. Regular training programs empower staff to recognize and mitigate potential risks.

6. Risk Assessment and Vendor Management:

Conduct regular risk assessments to identify potential vulnerabilities. Evaluate third-party vendors carefully and ensure their security practices align with organizational expectations.

7. Cost-Effective Security Solutions:

Explore open-source security tools and consider cost-effective solutions that provide adequate protection without breaking the bank.

8. Embrace a Cybersecurity Culture:

Foster a cybersecurity-minded culture within the organization. Encourage employees to report suspicious activities and actively participate in security initiatives.

Conclusion

Overcoming the cyber paradox requires a proactive and strategic approach. By prioritizing resources, adopting innovative solutions, and fostering a security-conscious culture, organizations can enhance their cybersecurity posture and mitigate the risks posed by shrinking budgets and growing threats.

AWS widening scope of MFA programme after early success

Read more

Published: Mon, 18 Nov 2024 10:45:00 GMT

AWS Widening Scope of MFA Programme After Early Success

Amazon Web Services (AWS) is expanding the scope of its multi-factor authentication (MFA) programme following its early success in reducing account compromise.

MFA is a security measure that requires users to provide two or more pieces of evidence when logging in. This makes it much more difficult for attackers to gain access to accounts, even if they have stolen a password.

AWS first introduced MFA for its root account in 2015. Since then, the company has seen a significant decrease in the number of account compromises. As a result, AWS is now expanding the MFA requirement to all IAM users with access to the root account.

This move is a positive step towards improving the security of AWS accounts. MFA is a proven security measure that can help to protect against a wide range of attacks. By expanding the MFA requirement, AWS is making it more difficult for attackers to compromise accounts and access sensitive data.

How to Enable MFA

If you have not already enabled MFA for your AWS account, you can do so by following these steps:

  1. Sign in to the AWS Management Console and go to the IAM console.
  2. Click on the “Users” tab.
  3. Select the user that you want to enable MFA for.
  4. Click on the “Security credentials” tab.
  5. Click on the “Manage MFA” button.
  6. Follow the on-screen instructions to enable MFA.

Once you have enabled MFA, you will be prompted to provide a second factor of authentication when you log in to the AWS Management Console. This can be done using a variety of methods, such as a one-time password (OTP) generated by a mobile app or a hardware security key.

Conclusion

AWS’s decision to expand the scope of its MFA programme is a positive step towards improving the security of AWS accounts. MFA is a proven security measure that can help to protect against a wide range of attacks. By expanding the MFA requirement, AWS is making it more difficult for attackers to compromise accounts and access sensitive data.

UK consumers losing more than ever to holiday scams

Read more

Published: Mon, 18 Nov 2024 09:45:00 GMT

UK Consumers Losing More Than Ever to Holiday Scams

UK consumers are losing significant amounts of money to holiday scams, with losses exceeding £10 million in the past year. Action Fraud, a UK fraud reporting center, received over 10,000 reports of holiday scams between June 2021 and May 2022, a 15% increase from the previous year.

Types of Holiday Scams

Holiday scams take various forms, with the most common being:

  • Phishing emails: Fraudsters send emails that appear to come from legitimate travel companies, requesting victims to click on links or provide personal information.
  • Bogus websites: Scammers create websites that look genuine, offering holiday packages at extremely low prices.
  • Social media scams: Fraudsters use social media platforms to advertise fake holiday deals or pose as travel agents.
  • Rental scams: Scammers rent out vacation properties that either do not exist or are not available on the dates they are advertised.
  • Ticket scams: Fraudsters sell fake tickets for events, such as concerts or sporting events.

Financial Losses

The financial losses incurred by victims of holiday scams can be substantial. In some cases, victims have lost thousands of pounds. The losses include not only the cost of the fake holiday but also any additional expenses incurred, such as flights or accommodation that was booked as part of the package.

Prevention Tips

To protect yourself from holiday scams, consumers are advised to:

  • Be wary of unsolicited offers: If you receive an email or social media message from an unknown sender offering a too-good-to-be-true holiday deal, be suspicious.
  • Check the website: If you’re booking a holiday online, make sure the website is genuine. Look for signs of legitimacy, such as a secure lock icon in the browser bar and a valid privacy policy.
  • Use a credit card: When booking a holiday, use a credit card rather than a debit card. This provides you with additional protection if you fall victim to a scam.
  • Report scams: If you suspect you have been a victim of a holiday scam, report it to Action Fraud or your local police force.

Conclusion

Holiday scams are a serious problem that can result in significant financial losses for UK consumers. By following these prevention tips, you can protect yourself and ensure that your holiday planning remains a safe and enjoyable experience.

What is a spam trap?

Read more

Published: Mon, 18 Nov 2024 09:00:00 GMT

A spam trap is an email address that exists solely to catch spam messages. Spam traps are created by anti-spam organizations and researchers to track the sources of spam and identify spammers. Spam traps are typically not used for legitimate email communication, and any emails sent to them are considered to be spam.

What is acceptable use policy (AUP)?

Read more

Published: Mon, 18 Nov 2024 08:57:00 GMT

Acceptable Use Policy (AUP)

An Acceptable Use Policy (AUP) is a set of rules and guidelines that define the appropriate and acceptable use of a network, system, or service. It outlines the permitted behaviors and prohibits activities that may harm the system or its users.

Purpose of an AUP:

  • To protect the system from abuse and misuse
  • To maintain the integrity and security of the network
  • To ensure fair and ethical use of shared resources
  • To comply with legal requirements and regulations

Key Elements of an AUP:

  • Prohibited Activities:

    • Illegal or harmful activities (e.g., hacking, phishing)
    • Unauthorized access or modification of systems
    • Transmission of viruses or malware
    • Spam, unsolicited emails, or chain letters
    • Excessive or unfair use of resources

  • Permitted Activities:

    • Legitimate business or educational purposes
    • Personal use within reasonable limits
    • Collaborative research and development

  • Responsibilities of Users:

    • Comply with the AUP guidelines
    • Report any misuse or violations
    • Use resources responsibly and respect others

  • Consequences of Violation:

    • Temporary suspension of access
    • Termination of service
    • Legal action or disciplinary measures

Importance of an AUP:

An AUP is essential for the following reasons:

  • Protects the System: It prevents unauthorized access, malware attacks, and other malicious activities.
  • Promotes Fair Use: It ensures that all users have equal access to shared resources and prevents excessive usage by a few.
  • Complies with Law: It aligns with legal requirements and industry regulations, protecting organizations from liability.
  • Fosters a Positive Environment: It creates an ethical and professional atmosphere by discouraging inappropriate or harmful behavior.

Final report on Nats calls for improvements to contingency process

Read more

Published: Mon, 18 Nov 2024 07:30:00 GMT

Final Report on Nats Calls for Improvements to Contingency Process

Summary

The National Air Traffic Services (Nats) has conducted a comprehensive review of its contingency process following a series of recent incidents. The final report, released today, outlines a number of recommendations to improve the process and ensure the safety and efficiency of the UK airspace.

Key Findings

  • The current contingency process is not always effective in responding to unexpected events.
  • The communication and coordination between different stakeholders involved in the contingency process need to be improved.
  • There is a need for more training and exercises to test the contingency process.

Recommendations

The Nats report recommends a number of improvements to the contingency process, including:

  • Establishing a clear and concise contingency plan that is regularly reviewed and updated.
  • Improving communication and coordination between all stakeholders involved in the contingency process.
  • Conducting more frequent training and exercises to test the contingency process.
  • Developing a more robust IT system to support the contingency process.

Implementation

Nats is committed to implementing the recommendations of the report. A team has been established to oversee the implementation process, and a progress report will be published in six months.

Conclusion

The Nats report is a valuable contribution to the ongoing discussion on improving the safety and efficiency of the UK airspace. The recommendations in the report will help to ensure that Nats is better prepared to respond to unexpected events and maintain the safety of the UK’s airspace.

Schwarz Group partners with Google on EU sovereign cloud

Read more

Published: Fri, 15 Nov 2024 06:45:00 GMT

Schwarz Group Partners with Google on EU Sovereign Cloud

Schwarz Group, the parent company of Lidl and Kaufland, has partnered with Google Cloud to develop a European sovereign cloud solution. The move aims to provide European businesses and organizations with a secure and compliant cloud platform that meets the specific data sovereignty requirements of the European Union (EU).

Key Features of the Partnership:

  • Secure and Compliant: The cloud solution will adhere to the strict data protection and privacy regulations of the EU, including the General Data Protection Regulation (GDPR).
  • European Data Residency: Data will be stored and processed within the EU, ensuring compliance with data sovereignty requirements.
  • Local Support: Customers will have access to dedicated local support teams based in Europe.
  • Reduced Latency: The cloud solution will be deployed in multiple locations across Europe, providing low latency for end users.

Benefits for European Businesses:

  • Increased Data Security: Enhanced protection of sensitive data through compliance with EU data sovereignty regulations.
  • Reduced Regulatory Risk: Avoidance of penalties and reputational damage associated with data breaches or non-compliance.
  • Improved Customer Trust: Assurance that data is handled securely and in accordance with EU standards.
  • Enhanced Innovation: Access to a cloud platform that supports the development of innovative digital solutions.

Significance for the EU:

  • Sovereign Cloud Infrastructure: The partnership promotes the development of a sovereign cloud ecosystem within the EU, reducing reliance on external providers.
  • Digital Transformation: The cloud solution enables European businesses to accelerate their digital transformation by leveraging a secure and compliant platform.
  • Economic Growth: The partnership stimulates economic growth and job creation by supporting the development of digital skills and innovation within the EU.

Future Plans:

Schwarz Group and Google Cloud plan to further expand the partnership, offering additional services and capabilities that meet the evolving needs of European businesses. This includes the development of industry-specific cloud solutions and the integration of emerging technologies such as artificial intelligence and machine learning.

The partnership between Schwarz Group and Google Cloud is a significant step towards establishing a European sovereign cloud solution. It provides businesses and organizations with a secure and compliant platform to accelerate digital transformation and meet the data sovereignty requirements of the EU.

Williams Racing F1 team supports kids cyber campaign

Read more

Published: Thu, 14 Nov 2024 10:30:00 GMT

Williams Racing F1 Team Joins Forces with CyberCenturion to Empower Kids in Cyberspace

Formula One racing giant Williams Racing has announced its partnership with CyberCenturion, a leading provider of cybersecurity education for children. This alliance aims to inspire and equip young minds with the skills and knowledge they need to navigate the digital realm safely and effectively.

Cybersecurity Education for the Future

As the world increasingly relies on technology, it has become crucial for children to develop a solid understanding of cybersecurity. The Williams Racing-CyberCenturion partnership recognizes this need and seeks to address it through innovative educational initiatives.

Through interactive games, simulations, and workshops, CyberCenturion’s programs provide kids with hands-on experience in cybersecurity. They learn about topics such as:

  • Malware and virus detection
  • Password management
  • Social media safety
  • Online scams

Inspiring the Next Generation

Williams Racing, known for its rich history in Formula One, brings a unique perspective to this partnership. The team’s drivers, engineers, and technical experts will serve as role models for kids, showcasing the importance of cybersecurity in the high-tech world of motorsports.

“Williams Racing is committed to inspiring the next generation of innovators and drivers,” said Jost Capito, CEO of Williams Racing. “Our partnership with CyberCenturion allows us to extend our reach beyond the racetrack and empower kids with the knowledge they need to succeed in the digital age.”

Empowering Young Cyber Defenders

CyberCenturion CEO Luke Potter expressed his enthusiasm for the collaboration. “We’re thrilled to partner with Williams Racing to bring cybersecurity education to kids in a fun and engaging way,” he said. “By working together, we can create a network of young cyber defenders equipped to protect themselves and society from online threats.”

The Williams Racing-CyberCenturion partnership underscores the growing recognition of cybersecurity as a critical skill for the future workforce. By investing in the education of kids today, we can empower them to navigate the challenges and opportunities of cyberspace, shaping a more secure and technologically advanced society for generations to come.

China’s Volt Typhoon rebuilds botnet in wake of takedown

Read more

Published: Wed, 13 Nov 2024 11:06:00 GMT

China’s Volt Typhoon botnet, which was partially disrupted in a joint international takedown in March 2022, has returned with an updated version that is immune to past mitigation measures, IBM X-Force researchers said Thursday.

The updated version of the botnet, known as VoltX, is smaller and more targeted, with just 10,000 bots compared to the original Volt Typhoon’s 70,000, but it is also more capable. It uses new evasion techniques to avoid detection and has added new features, such as the ability to steal cookies and browser data. It also has a modular architecture that allows it to be easily customized for different attacks, IBM said.

Volt Typhoon is a botnet that is used to launch distributed denial-of-service (DDoS) attacks, steal data, and distribute malware. It is known for its use of sophisticated techniques to evade detection and disruption. The original Volt Typhoon botnet was taken down in a joint international operation in March 2022, but it quickly rebuilt itself. The new version of the botnet is even more resilient and capable than the original, IBM said.

The return of Volt Typhoon is a reminder that botnets are a serious threat to businesses and organizations. Botnets can be used to launch a variety of attacks, including DDoS attacks, data breaches, and malware distribution. They are also often used to support other criminal activities, such as fraud and spam.

Businesses and organizations need to take steps to protect themselves from botnets. This includes using security software that can detect and block botnet traffic, as well as implementing strong security practices to prevent their systems from being infected with malware.

European eArchiving project aims at eternal archive with smart metadata

Read more

Published: Wed, 13 Nov 2024 09:29:00 GMT

European eArchiving Project Aims for Eternal Archive with Smart Metadata

Project Overview

The European eArchiving project is an ambitious endeavor to create an “eternal archive” that can preserve digital information indefinitely. The project leverages cutting-edge technologies and innovative approaches to ensure the long-term accessibility and authenticity of digital assets.

Key Innovation: Smart Metadata

At the heart of the project is the concept of “smart metadata.” Smart metadata refers to structured information that describes and manages digital content. This metadata is embedded within the digital asset itself, making it an integral part of the preservation process.

Smart metadata provides several advantages:

  • Enhanced search and discovery: It enables efficient and accurate search and retrieval of digital content.
  • Preservation planning: It helps archivists identify and address potential risks to digital preservation.
  • Authenticity verification: It provides a means to verify the authenticity and integrity of digital content over time.

Eternal Archive

The goal of the eArchiving project is to create an eternal archive that can preserve digital information for an indefinite period. This is achieved through:

  • Technological Redundancy: The archive uses multiple storage technologies and locations to reduce the risk of data loss.
  • Smart Monitoring: The archive is continuously monitored to identify and mitigate potential risks.
  • Migration and Transformation: The archive actively transforms digital content to ensure its continued accessibility in the face of evolving technologies.

Benefits and Applications

The eArchiving project has significant implications for various industries and sectors. It can help preserve:

  • Cultural heritage: Historical documents, photographs, and artifacts can be preserved for future generations.
  • Research data: Valuable research data can be shared, re-used, and preserved for future scientific advancements.
  • Business records: Important business documents and financial data can be retained for compliance and accountability.
  • Government archives: Government records can be securely stored and accessed for historical and governance purposes.

Conclusion

The European eArchiving project is a groundbreaking initiative that aims to preserve digital information in perpetuity. By leveraging smart metadata and innovative preservation techniques, the project is creating an eternal archive that will ensure the accessibility and authenticity of digital assets for generations to come.

An explanation of ethical hackers

Read more

Published: Wed, 13 Nov 2024 09:15:00 GMT

Definition of Ethical Hackers

Ethical hackers, also known as white hat hackers, are cybersecurity experts who use their skills to identify and mitigate vulnerabilities in computer systems and networks legally and with the explicit consent of the owners. Their goal is to improve security by uncovering potential threats and developing countermeasures.

Role and Responsibilities

  • Vulnerability Assessments: Identify and assess vulnerabilities in systems and networks using various tools and techniques.
  • Penetration Testing: Simulate real-world attacks to determine the effectiveness of security controls and identify potential entry points for malicious actors.
  • Security Audits: Conduct thorough reviews of security measures, policies, and procedures to identify areas for improvement.
  • Incident Response: Assist organizations in responding to and mitigating cybersecurity incidents, such as data breaches or malware infections.
  • Consultation: Provide advice and guidance on cybersecurity best practices, threat intelligence, and emerging technologies.

Ethical Considerations

Ethical hackers adhere to a strict code of ethics that includes:

  • Respecting Privacy: Only accessing authorized systems and data with explicit permission.
  • Confidentiality: Maintaining the secrecy of vulnerabilities and sensitive information discovered during their work.
  • Non-Destruction: Avoiding any actions that could potentially harm or destroy systems or data.
  • Legality: Operating within legal boundaries and obtaining proper authorization before conducting any activities.

Benefits of Ethical Hacking

  • Improved Security: Identifies and remediates vulnerabilities before they are exploited by malicious actors.
  • Proactive Defense: Allows organizations to anticipate and prepare for potential threats.
  • Reduced Risk: Mitigates risks associated with cybersecurity breaches and data loss.
  • Enhanced Compliance: Helps organizations comply with regulatory requirements related to data protection.
  • Reputation Protection: Prevents reputational damage caused by cyberattacks.

Qualifications and Skills

Ethical hackers typically possess:

  • Strong Technical Skills: Expertise in programming languages, operating systems, network protocols, and cybersecurity tools.
  • Cybersecurity Knowledge: In-depth understanding of cybersecurity principles, threats, and vulnerabilities.
  • Analytical and Problem-Solving Abilities: Ability to identify, analyze, and resolve complex security issues.
  • Communication Skills: Effective in conveying technical concepts and security recommendations to stakeholders.
  • Certification and Training: Industry-recognized certifications and training in ethical hacking and cybersecurity.

Microsoft fixes 89 CVEs on penultimate Patch Tuesday of 2024

Read more

Published: Tue, 12 Nov 2024 17:22:00 GMT

The information provided is incorrect. 2024 has not yet occurred, and therefore, there cannot have been any Patch Tuesdays in 2024.