Britain’s security services cannot offer “absolute protection” against Russian hackers, a top spy has warned. GCHQ cyber defence chief Ciaran Martin warned that it is a matter of “when not if” the UK suffers a “serious cyber attack”. He claimed spooks are now battling to stop attacks that “most impact on our way of life” instead of trying to prevent every breach. Mr Martin – who heads the National Cyber Security Centre – told the Daily Telegraph that “services can be disrupted” by Putin’s crack hacking squads. He wrote: “Turning off the lights and the power supply by cyber attack is harder than Hollywood films sometimes make out,” he writes.
Many adversaries to enterprise cybersecurity are using sophisticated encryption tactics to bypass defences and infiltrate networks. Enterprises are trying to fight back by employing HTTPS and using SSH, as well as other advanced protocols for data exfiltration. SSH, for example, is often used for remote management access because it performs well. But, when nearly 70 percent of all enterprise traffic is encrypted, understanding what’s hiding inside that traffic is imperative. So, what can you do to inspect that traffic?
Positive Technologies experts Ilya Karpov, Evgeny Druzhinin, and Stephen Nosov have discovered four vulnerabilities in management cards for APC by Schneider Electric hardware. These uninterrupted power supply (UPS) units are used in various sectors. Two of the vulnerabilities received the maximum possible CVSS v3 score of 10, indicating a very high degree of risk.
As the general public tried to get its head around the concept of cryptocurrency and blockchain at the back-end of 2017, infosecurity professionals were facing one of the universal truths of our industry: whenever there is an innovation in technology or society, those who want to exploit it for illicit gain are never far behind.
Remember the anti-piracy campaign from years back about “You Wouldn’t Steal a Car”? This was the rather sensationalist piece put together by the Motion Picture Association of America in an attempt to draw parallels between digital piracy and what they viewed as IRL (“In Real Life”) equivalents. Here’s a quick recap:
The risks of non-compliance are serious, follow this GDPR action plan to avoid disaster
Drupalgeddon2 “is under active attack, and every Drupal site behind our network is being probed constantly from multiple IP addresses,” Daniel Cid, CTO and founder of security firm Sucuri, told Ars. “Anyone that has not patched is hacked already at this point. Since the first public exploit was released, we are seeing this arms race between the criminals as they all try to hack as many sites as they can.” China-based Netlab 360, meanwhile, said at least three competing attack groups are exploiting the vulnerability. The most active group, Netlab 360 researchers said in a blog post published Friday, is using it to install multiple malicious payloads, including cryptocurrency miners and software for performing distributed denial-of-service attacks on other domains. The group, dubbed Muhstik after a keyword that pops up in its code, relies on 11 separate command-and-control domains and IP addresses, presumably for redundancy in the event one gets taken down.
This article, pointed out by @TheGrugq, is stupid enough that it’s worth rebutting.
Responding to the talent shortage and increasing demand facing the cybersecurity industry, Udacity said that it is now developing a new nanodegree focused on security.
A shower of paper airplanes darted through the skies of Moscow and other towns in Russia today, as users answered the call of entrepreneur Pavel Durov to send the blank missives out of their windows at a pre-appointed time in support of Telegram, a messaging app he founded that was blocked last week by Russian regulator Roskomnadzor (RKN) that uses a paper airplane icon. RKN believes the service is violating national laws by failing to provide it with encryption keys to access messages on the service (Telegram has refused to comply).
More posts by this contributor
In The Better Angels of Our Nature, Harvard psychologist Steven Pinker makes the case for reading as a “technology for perspective-taking” that has the capacity to not only evoke people’s empathy but also expand it. “The power of literacy,” as he argues “get[s] people in the habit of straying from their parochial vantage points” while “creating a hothouse for new ideas about moral values and the social order.”
You’d think everybody would want to fly. It’s been a universal human dream since the first cave person saw the first pterodactyl¹. You’d think better technology, greater demand, economic growth, and population growth would mean more and more pilots. But the surprising, counterintuitive fact is that fewer and fewer people are flying, and now Earth needs pilots, badly.
Facebook has built some of the most advanced algorithms for tracking users, but when it comes to acting on user abuse reports about Facebook groups and content that clearly violate the company’s “community standards,” the social media giant’s technology appears to be woefully inadequate.
New York City is a marvel of infrastructure planning and engineering. There are the visible landmarks — the Brooklyn Bridge, the Lincoln Tunnel, the Empire State Building — and also the invisible ones that run the city beneath its crowded streets, such as one of the world’s most complex water tunneling and reservoir systems. That infrastructure was built for the economy of the 20th century, a market that emphasized the manufacturing and trading of goods.
While most people probably would not think of New York as a hotbed for enterprise startups of any kind, it is actually quite active. When you stop to consider that the world’s biggest banks and financial services companies are located there, it would certainly make sense for security startups to concentrate on such a huge potential market — and it turns out, that’s the case.
I’m speaking of the HITRUST CSF, Computer Security Framework.
Nation state attacks, and the threat of them, appear to be evolving. The theory that these state-backed cybercriminals are focused on hacking into military or diplomatic data for competitive intelligence now needs to be broadened to other motivating factors. Nation state hackers are expanding their targets to not only government institutions, but also businesses and industrial facilities. They are using more sophisticated techniques to disrupt organizations, and their respective countries, by leaking confidential, often sensitive, information.
Her Majesty The Queen, advised by the Prime Minister, has honoured Eskenzi PR and Marketing with a Queen’s Award for Enterprise 2018, recognising its outstanding achievement in International Trade. Eskenzi has been in business for over twenty years, working with cyber security companies all over the world, to raise awareness of security issues organisations face and the cutting edge technology available to thwart cyber attacks. This award comes at a time when the government is paying particular focus in this area, having recently launched its strategy to support the export of cyber security technology.
It’s happening more and more.
High profile vulnerabilities like Meltdown and Spectre are disclosed, and become headline-grabbing news not just in the technology press, but on general news outlets worldwide.