Tag: Platforms | Page 2

Securing Electric Vehicle Charging Platforms

September 22, 2022/in Mobile Security

Automotive technology concept. Electric vehicle charging overlaid with automotive icons

Spikes in the prices of fossil fuels have provided yet another incentive for consumers to move towards electric vehicles (EVs). Alongside that trend is the pressing requirement to have a charging infrastructure which provides enough capacity to satisfy this need. In this article we will explore how EV charging platforms are being architected and deployed while answering a question seldom asked – what security holes are being opened?

Are EV Charging Platforms Already Being Targeted?

The simple answer to that is yes. Typically what we see when new digital services such as EV charging come online is that initially there are a few attacks, mainly by independent researchers. These gain some publicity and although any issues raised normally get dealt with by the providers, it is often stated that the scenarios exposed are ‘academic’ so they may be taken seriously from a marketing perspective but not from a technical perspective.

Although it may sometimes be difficult to see how the early attack vectors which are identified would result in a meaningful gain for a hacker, in my opinion it’s more common that you think that the exposed security hole is real. In other words, even if it is ‘academic’ it is still indicative of non-optimal security practices within the vendor’s operation. As such these reports should absolutely be taken seriously.

Let’s look at some recent examples of reported attacks against EV charging platform and see what trends we can see:

In August 2021, researchers found vulnerabilities in 5 of the 6 EV charging platforms that they tested, including one that could enable a home charging station to become a route into the associated home network.
In November 2021, researchers announced they had found a vulnerability in the mobile app of a charging provider which enabled the exposure of the details of 140,000 users of that service.
In January 2022, researchers completed a comprehensive assessment of the security of 16 EVCSMS (Electric Vehicle Charging Station Managing Systems), uncovering a plethora of issues in their firmware, mobile apps and web apps.
In March 2002, at the start of the war in Ukraine, EV charging stations in Russia were hacked…

Source…

NetSecurity Corporation Reveals Why Endpoint Detection and Response (EDR) Platforms are Inadequate for Computer Forensics Investigation

August 11, 2022/in Computer Security

ThreatResponder^® Platform Allows Enterprises and Forensics Firms to Conduct Deep and Legally-Defensible Remote Computer Forensic Investigations or Incident Response at Scale Within a Few Hours

DULLES, Va., Aug. 11, 2022 /PRNewswire/ — NetSecurity^® Corporation, a leader in endpoint threat protection, vulnerability detection, and computer forensics investigations, announced today that traditional Endpoint Threat Detection and Response (EDR) platform and “collector scripts,” are inadequate to quickly and thoroughly conduct remote forensics investigation and incident response that can withstand legal scrutiny.

NetSecurity's ThreatResponder® Platform is an all-in-one cloud-native and machine learning powered endpoint threat detection, prevention, response, analytics, intelligence, hunting, and forensics product. Unlike traditional endpoint threat detection and response (EDR) products, ThreatResponder is designed with Swiss-Army-Knife concept by combining multiple cybersecurity capabilities into a single platform delivered in a single-pane of glass to better protect digital assets against attacks. — NetSecurity’s ThreatResponder® Platform is an all-in-one cloud-native and machine learning powered endpoint threat detection, prevention, response, analytics, intelligence, hunting, and forensics product. Unlike traditional endpoint threat detection and response (EDR) products, ThreatResponder is designed with Swiss-Army-Knife concept by combining multiple cybersecurity capabilities into a single platform delivered in a single-pane of glass to better protect digital assets against attacks.

When there is a data breach, insider threat, or a cyber attack, organizations often struggle to identify the right skills, tools or product to use for the investigation and often resort to open source scripts, freeware, collector scripts, or traditional EDR. These technologies do not scale and are not capable of conducting forensics at scale and timely. NetSecurity recognized this problem and developed ThreatResponder to help organizations conduct remote forensics investigation, eliminating travel costs and delays.

“Today’s adversaries remain relentless and highly sophisticated, often leveraging attack techniques or exploiting vulnerabilities that are largely unknown to defenders. A technology that can drill deep and tell the full story (of the who, what, when, where, why, and how) relating to attack or breach is imperative,” said Inno Eroraha, founder and chief strategist of NetSecurity. “ThreatResponder allows digital forensic investigators to conduct forensic investigations of thousands of computer systems wherever they may be located within hours instead of weeks or…

Source…

Digital Platforms Empower Investors through Control, Convenience and Confidence

August 7, 2022/in Mobile Security

The pandemic may have changed how we use technology, and ultimately how we manage our finances.

Throughout the pandemic, people increasingly relied on digital platforms, such as websites, apps and videoconferencing tools, for work and personal activities. At the same time, organizations improved their online customer experiences by embedding new technologies, making investments, and accelerating enhancements to respond to increased digital traffic. These advances often came with the goal of nudging people’s everyday choices and behaviors as well as improving consumer decision-making.

It appears to be working. Companies are interacting with customers through digital channels more than ever. In fact, in the U.S. 65% of customer interactions were digital in nature in July 2020, up from just 41% in December 2019, according to McKinsey research. It would have taken three years to see this increase under prior digital adoption rates.

Interactions with financial companies were no exception. In a recent survey of U.S. investors, Vanguard found that digital engagement for completing financial activities is strong. Roughly 70% of respondents reported they are comfortable conducting financial business online, and more than half (53%) are comfortable doing most of their investing online. Further, 60% of respondents prefer conducting financial activities online over other methods, such as in-person transactions and phoning customer service.

Survey participants cite a plethora of benefits to engaging with their money digitally, which primarily boil down to a sense of control and the ability to save time. Specifically, investors cited saving time (81%), the ability to conduct financial business at any time (75%), and faster access to their money (67%) as reasons investors prefer digital engagement.

Advantages such as the ability to transact business in real-time and broad accessibility of online financial websites allow people to take many financial interactions into their own hands. More control (47%) and more responsiveness (38%) also ranked among the top benefits of digital engagement. Whether simply checking the performance of specific stocks or interacting with their 401(k) investments,…

Source…

Google enhances password manager to boost security across platforms

June 30, 2022/in Mobile Security

This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

Google is rolling out key updates to its password management capabilities as part of an effort to boost security across multiple operating systems and browsers for mobile and desktop users, the company said in an announcement Thursday.
Google Password Manager users will now have the same unified experience whether using Chrome or Android, and iPhone users can now manage passwords through the iOS platform.
Google will automatically warn users about compromised credentials, on top of reused and weak passwords. In addition, Google will warn users about compromised passwords on a range of operating systems and platforms, including Android, Chrome OS, Windows, iOS, MacOS and Linux.

Dive Insight:

The security enhancements are part of a larger push by Google and its competitors to help users create more secure ways to authenticate their identities. As millions of corporate workers and third-party contractors have shifted to remote work, managing authentication has become a much more difficult and sensitive task for organizations.

“Password management software fills an important niche use case,” Ant Allan, Gartner VP Analyst said via email. “It can integrate applications that don’t warrant or support integration with an identity provider – (such as) a federated single sign-on or ‘access management’ solution.

The shift to remote work has created additional work for enterprise security leaders, because they have limited visibility into how workers do their jobs. Some employees use applications that are not approved by corporate policy while others are using personal email or unsecured devices to access corporate servers.

These workers often share computers with other family members, too.

“We’re now making a more active effort to consolidate our password manager offerings on different platforms,” Andreas Tuerk, group product manager at Google, said via…

Source…

Tag Archive for: Platforms

Are EV Charging Platforms Already Being Targeted?

Dive Brief:

Dive Insight: