Tag Archive for: Spot

Your telephone system is your security weak spot

/in


While your telephony solution may not immediately spring to mind when you think about security risks, you could inadvertently be giving hackers the keys to the kingdom.

Modern voice-over-IP (VoIP) telephony solutions run on the same kinds of networks that your computing systems do. Unfortunately, says Euphoria Telecom chief technology officer Nic Laschinger, they are seldom secured as tightly as your computer systems and this makes them vulnerable.

“It’s important to realise that if someone can get to your telephony system, they can get to your IT systems. A lot of people define their security at the perimeter. For example, they deploy a firewall to keep people out. Once someone is inside, however, it’s relatively easy for them to get anywhere else, including to your operational IT systems and data,” Laschinger says. “People tend to ignore security on telephony systems as they don’t recognise them as full-fledged computer systems. This can be a costly omission.”

Operational technology, like telephony systems and the systems running factories, power plants and such, are increasingly being recognised as weak areas by attackers.

According to the Fortinet 2022 State of Operational Technology and Cybersecurity Report, 93% of organisations surveyed had an intrusion in the past year, and 61% of those intrusions impacted OT systems. Worse, says Fortinet, it took hours to restore service in 90% of those cases.

Weakness in VoIP systems and network or device compromises are increasing resulting in losses for businesses globally. The 2021 CFCA Global Telecommunications Fraud Loss Survey highlighted that IP PBX hacking resulted in US$1.82-billion worth of fraud that year. Spoofing, the most common telephony fraud method, cost businesses some $2.63-billion.

In addition to standard security measures like implementing IPSec (which secures data traffic across networks) and secure authentication, your cloud telephony provider should be implementing additional features and functions that help keep your telephone system secure. Below, Laschinger outlines some…

Source…

The Vice Society Ransomware Gang Thrives in a Crucial Blind Spot

/in


Throughout 2021, Vice Society’s health care targets included Barlow Respiratory Hospital in California, Eskenazi Health in Indiana, Centre Hospitalier D’Arles in France, United Health Centers in California, and a dental company in Brazil. The group also attacked New Zealand’s Waikato District Health Board that summer, which, among other impacts, resulted in the cancellation of two Air New Zealand flights; the airline couldn’t obtain proof of negative Covid-19 tests for crew members because the health department’s digital systems were down.

Vice Society also targeted schools and universities in 2021 and seems to have favored this sector more and more as the United States and other countries devote more resources to ransomware enforcement and hone mitigation techniques. In the wake of high-profile 2021 attacks, like the Colonial Pipeline ransomware incident, prominent Russian-speaking actors faced infrastructure takedowns, indictments, and even rare Russian arrests for their brazen crimes. 

Vice Society may view education as a quieter and less well funded category where it can fly under the radar. For example, the group hit the Austrian Medical University of Innsbruck in June and Linn-Mar Community School District in Iowa at the beginning of August—neither of which many people would flag as major, obvious targets. The Bluets maternity hospital in Paris accused the group last week of a ransomware attack on its systems. Vice Society has not taken credit so far for the hack.

“They’re a perfect example of the success of mediocrity in the ransomware ecosystem,” says Claire Tills, a researcher for the security firm Tenable who has studied Vice Society’s tactics and organization. “You have the top-tier groups developing their own zero days and acting all polished and professional. But meanwhile, Vice Society is just chugging along, not really innovating, stealing tools from other folks, but they have just enough stability to launch attacks, get paid, keep moving.”

Researchers view the group’s attack on the Los Angeles Unified School District as significant because LAUSD is a major target, and it made more of a splash than most of Vice Society’s other hacks. Tills notes that the…

Source…

UNSW takes top spot for number of new start-ups and spinouts

/in


UNSW Sydney has ranked number one nationally for the greatest number of new start-up and spinout companies founded in 2021 through technology developed at UNSW. The latest Survey of Commercialisation Outcomes from Public Research (SCOPR) Summary Report revealed that UNSW supported 10 spinouts – 14 per cent of the 69 companies established across Australia. This figure is up from five companies in 2020, where UNSW placed an equal third. Of the 10 spinouts, six were founded by UNSW staff members. 

The spinouts established in 2021 include: 

Infinity Avionics provides optical sensors, thermal sensors, and radiation sensors designed for space asset monitoring, space robotics, space-based manufacturing, and earth observation. Infinity Avionics was named the Start-up of the Year in the 2022 Australian Space Awards. 

EnerJin provides hardware and data platforms to enable clients to assess solar energy generation potential in unconventional locations. 

Zyteum is a revolutionary technology company changing the face of Internet of Things (IoT) security and transactions such as distributed supply chain. 

CHELTech develops technology that can provide an efficient and cost-effective way to produce hydrogen from splitting water using renewable energy.  

RadioDynamic Therapeutics commercialises a unique UNSW drug delivery technology where drug release is spatially localised and triggered by light and/or clinical radiation.  Key applications are in rectal cancer and gene therapies. 

Kandui Technologies manufactures products from waste materials and has partnered with The SMaRT Centre at UNSW, which has developed a series of waste-to-product technologies.  

Vesi Water provides market disruptive, smart and sustainable solutions to the water industry utilising proprietary technology developed in collaboration with UNSW to harvest fresh water from airborne humidity, creating fresh water where none exists. 

LM Plus develops unique liquid metal-based technology that can improve the efficiencies of the electronic and optical-based systems of the future. 

Healthy@Home develops telehealth solutions for chronic condition management including Chronic Obstructive Pulmonary Disease (COPD)…

Source…

Week in review: Spot deep-faked job candidates, data exfiltration via bookmarks, Patch Tuesday forecast

/in


Cybersecurity news

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Browser synchronization abuse: Bookmarks as a covert data exfiltration channel
Two universal and seemingly innocuous browser features – the ability to create bookmarks (aka “favorites”) and browser synchronization – make users’ lives easier, but may also allow hackers to establish a covert data exfiltration channel.

Ransomware gangs are hitting roadblocks, but aren’t stopping (yet)
Ransomware attacks are in decline, according to reports by several cybersecurity companies. Why is that?

Cyberattack prevention is cost-effective, so why aren’t businesses investing to protect?
In this Help Net Security interview, Former Pentagon Chief Strategy Officer Jonathan Reiber, VP Cybersecurity Strategy and Policy, AttackIQ, offers insight for CISOs – from talking to the Board to proper budget allocation.

August 2022 Patch Tuesday forecast: Printers again?
Looking ahead to next week, we have a server end-of-life and still more updates that can impact printers.

How to minimize your exposure to supply chain attacks
Supply chain attacks are on the rise, and many organizations seem unsure on how to respond to the threat. Here are are several steps you can take to minimize your risk of being involved in a supply chain breach.

The most impersonated brand in phishing attacks? Microsoft
Vade announced its H1 2022 Phishers’ Favorites report, a ranking of the top 25 most impersonated brands in phishing attacks.

6 ways your cloud data security policies are slowing innovation – and how to avoid that
As practically every organization shifts from managing their data in network-based data centers to storing it in the cloud, cloud data security policies are created to secure this data in a cloud environment. With more and more data migrating to the cloud, these policies must adapt to a wide range of data stores, locations, uses and environments.

Phishers use custom phishing kit to hijack MFA-protected enterprise Microsoft accounts
An ongoing, large-scale phishing campaign is targeting owners of business email accounts at companies in the FinTech, Lending, Insurance, Energy and…

Source…