Russian hackers can breach UK security systems warns GCHQ

Britain’s security services cannot offer “absolute protection” against Russian hackers, a top spy has warned. GCHQ cyber defence chief Ciaran Martin warned that it is a matter of “when not if” the UK suffers a “serious cyber attack”. He claimed spooks are now battling to stop attacks that “most impact on our way of life” instead of trying to prevent every breach. Mr Martin – who heads the National Cyber Security Centre – told the Daily Telegraph that “services can be disrupted” by Putin’s crack hacking squads. He wrote: “Turning off the lights and the power supply by cyber attack is harder than Hollywood films sometimes make out,” he writes.

The importance of inspecting encrypted traffic

Many adversaries to enterprise cybersecurity are using sophisticated encryption tactics to bypass defences and infiltrate networks. Enterprises are trying to fight back by employing HTTPS and using SSH, as well as other advanced protocols for data exfiltration. SSH, for example, is often used for remote management access because it performs well. But, when nearly 70 percent of all enterprise traffic is encrypted, understanding what’s hiding inside that traffic is imperative. So, what can you do to inspect that traffic?

Positive Technologies uncovers critical vulnerabilities in APC uninterrupted power supplies

Positive Technologies experts Ilya Karpov, Evgeny Druzhinin, and Stephen Nosov have discovered four vulnerabilities in management cards for APC by Schneider Electric hardware. These uninterrupted power supply (UPS) units are used in various sectors. Two of the vulnerabilities received the maximum possible CVSS v3 score of 10, indicating a very high degree of risk.  

IRL Analogies Explaining Digital Concepts are Terrible

Remember the anti-piracy campaign from years back about “You Wouldn’t Steal a Car”? This was the rather sensationalist piece put together by the Motion Picture Association of America in an attempt to draw parallels between digital piracy and what they viewed as IRL (“In Real Life”) equivalents. Here’s a quick recap:

‘Drupalgeddon2’ Touches Off Arms Race To Mass-Exploit Powerful Web Servers

Researchers with Netlab 360 warn that attackers are mass-exploiting “Drupalgeddon2,” the name of an extremely critical vulnerability Drupal maintainers patched in late March. The exploit allows them to take control of powerful website servers. Ars Technica reports: Formally indexed as CVE- 2018-7600, Drupalgeddon2 makes it easy for anyone on the Internet to take complete control of vulnerable servers simply by accessing a URL and injecting publicly available exploit code. Exploits allow attackers to run code of their choice without having to have an account of any type on a vulnerable website. The remote-code vulnerability harkens back to a 2014 Drupal vulnerability that also made it easy to commandeer vulnerable servers.

Drupalgeddon2 “is under active attack, and every Drupal site behind our network is being probed constantly from multiple IP addresses,” Daniel Cid, CTO and founder of security firm Sucuri, told Ars. “Anyone that has not patched is hacked already at this point. Since the first public exploit was released, we are seeing this arms race between the criminals as they all try to hack as many sites as they can.” China-based Netlab 360, meanwhile, said at least three competing attack groups are exploiting the vulnerability. The most active group, Netlab 360 researchers said in a blog post published Friday, is using it to install multiple malicious payloads, including cryptocurrency miners and software for performing distributed denial-of-service attacks on other domains. The group, dubbed Muhstik after a keyword that pops up in its code, relies on 11 separate command-and-control domains and IP addresses, presumably for redundancy in the event one gets taken down.

Google confirms some of its own services are now getting blocked in Russia over the Telegram ban

A shower of paper airplanes darted through the skies of Moscow and other towns in Russia today, as users answered the call of entrepreneur Pavel Durov to send the blank missives out of their windows at a pre-appointed time in support of Telegram, a messaging app he founded that was blocked last week by Russian regulator Roskomnadzor (RKN) that uses a paper airplane icon. RKN believes the service is violating national laws by failing to provide it with encryption keys to access messages on the service (Telegram has refused to comply).

Empathy technologies like VR, AR, and social media can transform education

More posts by this contributor

In The Better Angels of Our Nature, Harvard psychologist Steven Pinker makes the case for reading as a “technology for perspective-taking” that has the capacity to not only evoke people’s empathy but also expand it. “The power of literacy,” as he argues  “get[s] people in the habit of straying from their parochial vantage points” while “creating a hothouse for new ideas about moral values and the social order.”

Where have all the pilots gone?

You’d think everybody would want to fly. It’s been a universal human dream since the first cave person saw the first pterodactyl¹. You’d think better technology, greater demand, economic growth, and population growth would mean more and more pilots. But the surprising, counterintuitive fact is that fewer and fewer people are flying, and now Earth needs pilots, badly.

Is Facebook’s Anti-Abuse System Broken?

Facebook has built some of the most advanced algorithms for tracking users, but when it comes to acting on user abuse reports about Facebook groups and content that clearly violate the company’s “community standards,” the social media giant’s technology appears to be woefully inadequate.

Special Report: New York’s enterprise infrastructure ecosystem

New York City is a marvel of infrastructure planning and engineering. There are the visible landmarks — the Brooklyn Bridge, the Lincoln Tunnel, the Empire State Building — and also the invisible ones that run the city beneath its crowded streets, such as one of the world’s most complex water tunneling and reservoir systems. That infrastructure was built for the economy of the 20th century, a market that emphasized the manufacturing and trading of goods.

In the NYC enterprise startup scene, security is job one

While most people probably would not think of New York as a hotbed for enterprise startups of any kind, it is actually quite active. When you stop to consider that the world’s biggest banks and financial services companies are located there, it would certainly make sense for security startups to concentrate on such a huge potential market — and it turns out, that’s the case.

IDG Contributor Network: Nation state attacks – the cyber cold war gets down to business

Nation state attacks, and the threat of them, appear to be evolving.  The theory that these state-backed cybercriminals are focused on hacking into military or diplomatic data for competitive intelligence now needs to be broadened to other motivating factors.  Nation state hackers are expanding their targets to not only government institutions, but also businesses and industrial facilities.  They are using more sophisticated techniques to disrupt organizations, and their respective countries, by leaking confidential, often sensitive, information.

Cyber Security Agency Eskenzi PR wins a Queen’s Award for Enterprise 2018

Her Majesty The Queen, advised by the Prime Minister, has honoured Eskenzi PR and Marketing with a Queen’s Award for Enterprise 2018, recognising its outstanding achievement in International Trade. Eskenzi has been in business for over twenty years, working with cyber security companies all over the world, to raise awareness of security issues organisations face and the cutting edge technology available to thwart cyber attacks.  This award comes at a time when the government is paying particular focus in this area, having recently launched its strategy to support the export of cyber security technology.