Tag Archive for: drop

Expert: ‘Drop passwords altogether’ to improve online security

/in


LONDON: The public and businesses need to “drop passwords altogether” and move to other technology to protect personal information from hackers, a top cybersecurity expert has said.

Marking World Password Day on May 5, Grahame Williams, identity and access management director at defence firm Thales, said passwords were “becoming increasingly insecure” and “easily hacked”.

He called on the industry to move to other forms of log-in such as multi-factor authentication (MFA) – where users must provide an additional layer of identification to log in – or biometrics such as face or fingerprint scans to improve the general safety of personal data.

Williams said a key issue was the widespread use of simple and easy-to-guess passwords.

Data shows that common and obvious phrases such as “password” and “qwerty” – in reference to the common computer keyboard layout – are often among the most used passwords globally.

“Research has come out in the last few days showing the number of CEOs who are still using ‘12356’ as their password is actually quite comical – the assumption is that we’ve moved away from that but actually the data really isn’t supporting that,” he told the PA news agency.

“We know that people are using these ridiculously easy passwords, but the most alarming fact is that they’re not actually just using them for one thing, they use that password over and over again.

“So if somebody gets access to one of your passwords they get access to your crown jewels.

“With everyone working from home, with Covid and people going online for the consumption of everything, the threat landscape is getting worse and worse, and there are some seriously unscrupulous people out there.

“So it really is in everyone’s interest to take it seriously and make sure that we put as many hurdles up as we can.”

Experts advise people who are creating a password to use a collection of three unique, random words and not to reuse them across multiple accounts.

But Williams said where possible, platforms should introduce other ways for people to log in and users should strive to use them.

Source…

We’ll drop SBOMs on UK.gov to solve Telecoms Security Bill’s technical demands, beams Cisco • The Register

/in


Britain’s Telecoms Security Bill will be accompanied by a detailed code of practice containing 70 specific security requirements for telcos and their suppliers to meet, The Register can reveal.

The Telecom Security Bill (TSB), which is near the end of its journey through Parliament, has been rather unpopular with some ISPs who have previously complained about the high cost of compliance.

Introduced as part of 2019-20’s “ban Huawei immediately” panic, the bill includes provision for £100k-a-day fines.

Now El Reg can reveal more about the detailed requirements due to be imposed on the industry, thanks to Cisco publishing a detailed paper [PDF] explaining how it already complies with UK.gov and National Cyber Security Centre requirements. That paper is a response to a document called the Vendor Annex, an NCSC-authored technical bolt-on to the main bill.

“We expect that the way it will work is there will be some expectation that the operators will be obliged to do much more scrutiny when they go through their procurement exercises with telco vendors,” Cisco’s UK&I national cybersecurity advisor, Mark Jackson, told The Register.

Jackson added that many of the requirements in the bill and the Vendor Annex could be satisfied through provision of a software bill of materials (SBOM), though that specific term isn’t mentioned. SBOMs as a security management concept have come in for some criticism recently because they could create the illusion that picking (for example) one specific software library and saying “job done, it’s secure” doesn’t set the expectation that the library will need updating in future.

This kind of problem was endemic in Huawei’s mobile network equipment firmware, as NCSC’s Huawei examination cell revealed in 2019. The Chinese firm was, among other things, using “70 full copies of 4 different OpenSSL versions” which contained 10 “publicly disclosed” vulns, some “dating back to 2006”.

Referring to the…

Source…

Oman sees 30% drop in COVID-19 cyberattacks to 640 in Q3 2020

/in


Oman has seen an impressive 30% drop in the number of COVID-19-related cyberattacks from 920 in Q2 2020 to 640 in Q3 2020, according to new research from Trend Micro Incorporated, a cloud security vendor.

In Q3 2020, Oman’s COVID-19 related cyberattacks included: 610 email spam attacks, down 27% from 833 in Q2 2020; 29 malicious URL hits, down 67% from 87 in Q2 2020 and one malware detection, up from 0 in Q2 2020.

“Oman’s 30% decrease in COVID-19 related cyberattacks is an impressive signal that Oman’s IT decision-makers are taking pandemic-related attacks seriously,” said Assad Arabi, Managing Director – Gulf Cluster, Trend Micro. “We are seeing Oman’s organisations deploy the right cybersecurity solutions and processes to enable secure remote work and work from home environments.”

During Q3 2020, the 14 countries of the MENA region experienced a total of 125,219 COVID-19 related cyberattacks, including 101,188 email spam attacks, 23,696 malicious URL hits and 335 malware detections, according to Trend Micro’s Smart Protection Network.

MENA’s COVID-19 attacks were down by 54%, with a 29% decrease in email spam attacks, an 82% decrease in malicious URL hits, but a 4.5-fold increase in malware detections.

“While Oman and the Middle East are beginning to emerge from the pandemic, organisations must continue to protect their employees and malicious URLs and files that are embedded with malware,” added Arabi. “One of the biggest concerns is about phishing emails related to COVID-19 health and safety measures or career updates, which could also expose sensitive corporate data to hackers.”

Click below to share this article





Source…