Tag Archive for: Minutes

Five minutes with: Abus – BikeBiz

/in


This month, BikeBiz sits down with Marius Schiller, Abus area sales and marketing manager

Can you give us a little background on Abus?
I know many people have already heard of us, especially seen as we’ve been around for almost a hundred years now. Abus started as a family-run business in Germany in 1924, primarily making locks which is still a massive focus for us today.

These days we’ve branched out much wider into home and business security solutions, as well as creating a full range of bicycle helmets for every level of rider, whether they’re racing in the Tour de France or just starting out on their very first bike.

What area of the market does Abus target?
As we’re such a big company, our reach is very broad, but for the mobile security segment, we’re focused on the whole cycling community – the need for mobile security, whether that be a lock, chain, or even a helmet, stretches across all price points and market segments.

Although our reach is broad, we focus on fully understanding the requirements of each sub-segment within cycling. For example, the requirements of a daily commuter who needs a lightweight and easily transportable lock is very different to someone who rides an e-MTB and is looking for the strongest possible home-security setup.

What makes Abus unique – what does it offer that its competitors perhaps do not?
Abus has extensive research and development facilities located in Germany which allows us to be extremely reactive to changing market needs. We also have very versatile manufacturing and testing facilities here too which means we can bring those new ideas to market quicker than a lot of our competitors and ensure that our products not only meet but exceed many of the existing standards.

In a rather bizarre twist of fate, COVID-19 has provided a significant boost to the cycling industry. What impact has it had on Abus?
Like many people, we’ve seen a significant increase in sales across all categories in line with the increased consumer interest in cycling. However, we’ve seen helmet sales grow more than the lock market which suggests that though many consumers understand the necessity for a helmet, many still aren’t…

Source…

Ransomware: How cybercriminals hold data hostage… and why the best solution is often paying a ransom – 60 Minutes

/in


We’re seeing just how defenseless our food and fuel supplies can be to hackers. This month, the largest meat producer in America was forced to close for several days. And that was only three weeks after hackers shut down the main source of gasoline for the East Coast. Both were ransomware, attacks by hackers who break into a computer network and lock it until ransom is paid. Colonial pipeline paid more than $4 million, in May, to get fuel flowing in the East again. As we first told you in 2019, critical public service networks are also targets. Twenty-six percent of cities and counties, for example, report that they fend off network attacks every hour. Perhaps even worse, dozens of hospitals have been held hostage all across the country.

In January 2018, the night shift at Hancock Regional Hospital watched its computers crash with deepest apologies. The 100-bed facility in the suburbs of Indianapolis got its CEO, Steve Long, out of bed.

Steve Long: We had never been through this before. And it’s something that I read in the journals. And I say, “Oh, those poor folks. I’m glad that’s never going to happen to us.” But when you come in and you see that the files on your computer have been renamed and all of the files were renamed either “we apologize for files” or “we’re sorry.” And there was a moment when I thought, “Well, maybe they’re not so bad. They said they were sorry.” But, in fact, they had encrypted every file that we had on our computers and on the network.

steve-long-1.jpg
Steve Long

Long told 911 to divert emergency patients to a hospital 20 miles away. His staff turned to pen and paper. Nothing electronic could be trusted.

Steve Long: This is a ransomware, so this is a virus that has gotten into the computer system. “Would it have the ability to jump to a piece of clinical equipment? Could it jump to an IV pump? Could it jump to a ventilator? We needed a little time just to make sure about that.”

But time was a luxury not offered in the ransom demand.

Steve Long: “Your network has been encrypted. If you would like to purchase the decryption keys, you have seven days to do so or your network files will be permanently deleted.” And then it gave us the…

Source…

Hackers scan for vulnerable devices minutes after bug disclosure

/in


Hackers scan the internet every hour for vulnerable devices

Every hour, a threat actor starts a new scan on the public web for vulnerable systems, moving at a quicker pace than global enterprises when trying to identify serious vulnerabilities on their networks.

The adversaries’ efforts increase significantly when critical vulnerabilities emerge, with new internet-wide scans happening within minutes from the disclosure.

Mind the gap

Attackers are tireless in their quest for new victims and strive to win the race to patched vulnerable systems. While companies strive to identify issues on their networks before it’s too late, they move at a much lower rate.

The data comes from the Palo Alto Networks Cortex Xpanse research team, who between January and March this year monitored scans from 50 million IP addresses of 50 global enterprises, some of them in Fortune 500.

The researchers found that companies take an average of 12 hours to find a new, serious vulnerability. Almost a third of all identified issues related to the Remote Desktop Protocol, a common target for ransomware actors as they can use it to gain admin access to servers.

Misconfigured database servers, zero-day vulnerabilities in critical products from vendors like Microsoft and F5, and insecure remote access (Telnet, SNMP, VNC) complete the list of high-priority flaws.

According to Palo Alto Networks, companies identified one such issue every 12 hours, in stark contrast with the threat actors’ mean time to inventory of just one hour.

In some cases, though, adversaries increased the scan frequency to 15 minutes when news emerged about a remotely exploitable, critical bug in a networking device; and the rate dropped to five minutes after the disclosure of the ProxyLogon bugs in Microsoft Exchange Server and Outlook Web Access (OWA) issues.

Palo Alto Networks recommends security teams look at the following list of services and systems to limit the attack surface.

The researchers note that they compiled the list based on two principles: certain things should not be exposed to the public web (bad protocols, admin portals, VPNs) and secure assets may become vulnerable over time.

  1. Remote access services (e.g., RDP, VNC, TeamViewer)
  2. Insecure file sharing/exchange services (e.g.,…

Source…

Tesla Model X entry system security flaw allows vehicles to be stolen in minutes

/in


A security flaw in Tesla Inc.’s Model X keyless entry system has been found to allow a would-be hacker to steal the vehicle in minutes.

Discovered by Lennert Wouters, a Ph.D. student at COSIC, a research group at the University of Leuven in Belgium, the hack involves exploiting a vulnerability in the way Tesla implements Bluetooth Low Energy in their Model X key fobs including support for firmware updates. The group revealed the exploit today.

The technique involves using a modified electronic control unit from a salvaged Model X to force key fobs to advertise themselves as connectable BLE devices. The BLE interface was found to be not properly secured through the update mechanism, allowing for the wireless takeover of the key fob to obtain valid codes to unlock the car.

“With the ability to unlock the car we could then connect to the diagnostic interface normally used by service technicians, ” Wouters explains. “Because of a vulnerability in the implementation of the pairing protocol we can pair a modified key fob to the car, providing us with permanent access and the ability to drive off with the car.”

Wouters discovered the vulnerability in the northern summer and reported it to Tesla in August. Tesla is said to be pushing out a software update this week to address the vulnerability hence Wouters is now releasing the details.

This isn’t the first time Tesla’s have been shown to be hackable. Researchers from COSIC have previously detailed how the keyless entry on the Tesla Model S can also be hacked. Past examples of Tesla getting hacking remotely included brakes in 2016.

“Automotive key fob attacks are real-world threats with significant impacts for automobile manufactures, law enforcement, vehicle finance companies and drivers,” Jacob Wilson, senior security consultant at electronic design automation firm Synopsys Inc., told SiliconANGLE. “With consumer demand for Bluetooth and internet-connected vehicle functionality on the rise, it’s more important than ever to ensure these technologies are secure.”

The research, he added, demonstrates the impacts of security requirements and…

Source…