Tag Archive for: road

Truck hacking: a New Age road hazard

/in


Speaker 1 (00:00):

This week’s 10-44 is brought to you by Chevron Delo 600 ADF ultra low ash diesel engine oil. It’s time to Kick Some Ash.

Jason Cannon (00:09):

Flat tires, fault codes, and now being hacked. These are the hazards of the new age highway.

Speaker 1 (00:15):

You’re watching CCJ’s 10-44, a weekly webisode that brings you the latest trucking industry news and updates from the editors of CCJ. Don’t forget to subscribe and hit the bell for notifications, so you’ll never miss an installment of 10-44.

Jason Cannon (00:29):

Hey, everybody, welcome back. I’m Jason Cannon and my co-host on the other side, as always, is Matt Cole. Hacking and cyber attacks are faceless strong-arm robberies. Internet pirates can shut down a carrier’s entire operation in a matter of minutes from thousands of miles away, but these incidents aren’t isolated just to back-office systems. Technology has granted sophisticated attackers a means into the truck itself.

Matt Cole (00:53):

All the new technology and connectivity within vehicles like tractor trailers not only makes vehicles smarter and improves efficiency, but it’s also a new attack vector for cyber criminals.

Jason Cannon (01:04):

Fleet Defender CEO and founder, Terry Reinert, joins the 10-44 this week. And while it sounds something like out of the Fast and Furious, he says the capabilities exist for cyber attackers to hijack a rig while it’s rolling down the road with the driver inside.

Terry Reinert (01:19):

So if you’ve got a satellite terminal, if you’ve got cellular modems, from part of your telematics, your ELD, or whatever else, so there’s different vectors in there. Even some of the more modern trucks, they’ve got upwards of seven or eight different wireless connectivity to the vehicle itself. But there’s other really interesting attack vectors against vehicles. Like the National Motor Freight Trucking Association, they released information about eight months ago on a vulnerability that would allow anybody with a small little software-defined radio, probably cost like 50 bucks down at the store, and an antenna, they could point the antenna at the truck, send the right RF signal, like the radio frequency signal, at the…

Source…

Gateway Casinos in Ontario face long road to recovery after ransomware attack, expert says

/in



Several casinos in Ontario remain closed nearly two weeks after a cyberattack, with no official reopening date.


The ransomware attack that knocked the servers out to Gateway Casinos facilities was first detected on April 16.


Technology analyst Carmi Levy said the situation is the digital equivalent of recovering from a major fire or similar disaster.


“It’s as bad as it gets. And unfortunately, the damage is going to take years to undo, even if they are able to undo it,” the London, Ont.-based digital expert said. “You don’t just flip a switch and come back on.”


On Thursday, Gateway posted online it hopes to reopen using a phased approach “later this week; however, the reopening timeline depends on the pace of restoration and approval by regulatory bodies.”


The cybersecurity incident impacted operations to 14 casinos, including Casino Rama in Orillia, Georgian Downs in Innisfil, and Playtime Casinos Wasaga Beach.


According to Levy, the recovery procedure is a “multi-faceted, multi-staged process” involving highly-trained people.


“We call these ‘business killer events’ for a reason. Many companies that are targeted successfully by ransomware never fully recover. The direct costs will be into the millions if not the tens of millions or beyond,” the tech analyst said.


While the company has said there is no evidence to believe customer’s data was breached, Levy believes it’s possible.


“There is a very strong likelihood that it has been – that it is either being bought and sold on the dark web or will be at some point in time because all of these ransomware events tend to play out in the same way. There’s no coming back from that. ,” he noted.


While Casino Rama’s gaming floor remains closed to gamblers, the Orillia facility welcomed back concertgoers Thursday night in an attempt at getting some operations back to normal.


“The concert was very well attended, and people seemed very excited to be there,” said Rob Mitchell, director of communications at Gateway Casinos and Entertainment Limited.


A Scotty McCreery concert is scheduled to go ahead on Saturday.


Still, the digital analyst believes Gateway will have a long road…

Source…

End Of The Road For Windows 7 Security Updates: ‘It’s About Time’

/in


Security News


Kyle Alspach


With Microsoft closing the book on Windows 7 bug fixes, one solution provider says we’re unlikely to see history repeat itself with the shift from Windows 10 to 11.

ARTICLE TITLE HERE

At long last, we’ve reached the end of the line with Windows 7.

On Tuesday, Microsoft cut the cord on security updates for the long-persevering operating system, which was hugely popular with many businesses in its day — and for some users, up through the present day.

[Related:
Microsoft Seeing Exploits Of Windows Zero Day Vulnerability
]

While the official end of support date for Windows 7 arrived back in January 2020, Microsoft had consented to continue offering Windows 7 security updates to businesses willing to pay for them. (Microsoft understands that “everyone is at a different point in the upgrade process,” wrote Jared Spataro, corporate vice president for Microsoft 365, in a blog post in 2019.)

Those “extended” Windows 7 security updates, however, came to a close on Tuesday. That gave Windows 7, which launched in the fall of 2009, a more than 13-year run.

As much as many businesses relied on Windows 7, “it’s about time” that the operating system reach its finale, said Luis Alvarez, president and CEO of Salinas, Calif.-based Alvarez Technology Group.

“In so many ways [the extended security updates] were a false sense of security for a number of people,” he told CRN. “They believed they could keep their Windows 7 systems secure by paying an annual fee — but really, the underlying issues that caused those security vulnerabilities weren’t being patched.”

Alvarez said that his firm can now get the “last stragglers” within the client base off of Windows 7, and onto Windows 10, the successor to Windows 7, or the latest version of the operating system, Windows 11.

Looking ahead, Alvarez doesn’t believe that we’ll encounter this type of issue again with…

Source…

The Road to Passwordless is Paved with Orchestration

/in


A new report from KuppingerCole Names ForgeRock an Overall Leader in Passwordless Authentication

If passwordless authentication is a destination, then identity orchestration is the highway to get there.

To define the term, “passwordless authentication” is the act of gaining access to digital resources without the use of traditional user-selected passwords. Given the pervasiveness of data breaches and their association with stolen or misused passwords, the momentum towards a passwordless future is undeniable. In recognition of this movement, KuppingerCole has published its very first Leadership Compass for Passwordless Authentication. But more on that in a minute.

The essential piece: orchestration

Identity orchestration, or just “orchestration,” is a way for organizations to quickly build and put in place user access journeys — from beginning to end — that are both easy for users and secure for the enterprise. Within this journey flow, passwordless methods can be enrolled, used, measured, and tweaked to give the organization the assurance that the benefits they seek — making users’ lives easier while elevating security — are truly being achieved.

Orchestration is a no-code no-brainer

Orchestration is both strategic and tactical. At a strategic level, orchestration is a critical capability of an identity and access management (IAM) solution, as essential as access management or identity management. It provides the capability to respond rapidly and with maximum agility to changing business conditions, using identity to create a competitive advantage for both your workforce users and for your consumer population, without breaking the budget.

At the tactical level, it is a graphical, drag-and-drop tool that IT administrators use to design different user journeys to support the business. In the past, user journeys needed to be hard-coded by developers, which was a timely and expensive process that would often take months to get even a few user journeys in place. When the business or security landscape changed, developers would need to be called back in to re-code those journeys.

Modern orchestration involves no coding. This means non-technical IT and identity…

Source…