Tag Archive for: tighten

Cyber Security Today, April 23 2021 – More SolarWinds news, UK law will tighten consumer internet device security and a warning to QNAP storage users

/in


More SolarWinds news, UK law will tighten consumer internet device security and a warning to QNAP storage users.

Welcome to Cyber Security Today. It’s Friday April 23rd. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.

 

The number of organizations hit after the compromise of SolarWinds’ Orion network monitoring software last year may be more than originally thought. Security company RiskIQ took a closer look at the scheme and found 18 more servers for command and control than investigators first found. These servers would be used to distribute malware to compromised Orion installations. It was thought that of the 18,000 organizations that downloaded the compromised Orion security update perhaps 100 around the world had their systems hacked. But with the discovery that more servers were involved in the scheme there may be more victim organizations. The U.S., Canada and other countries say Russia’s intelligence service is responsible for the Orion compromise.

If your organization is going to create an app for its products the software had better be secure. According to a security researcher, until recently the app and website for tractor maker John Deere wasn’t. The researcher told Vice.com the vulnerabilities could have exposed data about John Deere customers including names, addresses, the equipment’s ID number and its vehicle ID number. The company has fixed the vulnerabilities, which it called “code misconfigurations.”

Many internet-connected consumer devices have poor security, including weak default passwords. In an effort to increase the cybersecurity of devices sold in the United Kingdom, the government this week promised new legislation with minimum product security requirements. No consumer-connected product will be allowed to be sold unless it has basic cybersecurity measures. These include a ban on default and easily guessable default passwords, having a way device owners can report vulnerabilities to the manufacturer and stating how long security updates will be available for a product. The government will create an enforcement authority to back up the law. It would apply to almost everything except laptops and…

Source…

As security forces tighten noose, Pak-based terror groups resort to cyber recruitment in J-K: Officials

/in


SRINAGAR :
Pakistan’s intelligence agency and terror groups are now carrying out recruitment in Jammu and Kashmir using applications in cyber and mobile space as direct physical interactions have become difficult due to the security forces’ hawk-eyed vigil, officials said on Sunday.

Fake videos of alleged atrocities committed by the security forces and building a false narrative are now often used by the ISI handlers from Pakistan to whip up emotions among the new recruits, they said, citing intelligence reports and technical surveillance.

Earlier, terrorist sympathisers used to establish physical contact with the prospective recruits to bring them into a terror group’s rank and files. However, after security agencies cracked down on such sympathisers, they changed their modus operandi.

In 2020, over two dozen terror modules were busted by security agencies leading to the arrest of over 40 such sympathisers.

Two surrendered terrorists, Tawar Waghey and Amir Ahmed Mir, who laid down their arms before 34 Rashtriya Rifles of the Army late last month, had given an insight into their joining of terror modules that showed that cyber recruitment was being carried out on a large scale.

Both the terrorists had come in contact with a Pakistan-based handler via Facebook who indoctrinated them before handing them over to a recruiter code-named Khalid and Mohammed Abbas Sheikh.

The two terrorists were provided training online using various links available on public platforms like YouTube and both of them had met their local contact only once in Shopian in south Kashmir, the officials said.

This, according to the officials, is done to avoid exposure of sleeper cells created by Pakistan’s ISI within the valley. Security agencies have busted several modules following intelligence inputs provided by local residents.

The two terrorists, after being recruited into The Resistance Front (TRF), which is believed to be a shadow outfit of banned terror group Lashkar-e-Taiba, were receiving orders as well as religious teachings from Pakistan-based Burhan Hamza.

The officials said there were around 40 such cases…

Source…

Some transit workers tighten belts after payroll hit by ransomware

/in


One consequence of the workaround is that overtime isn’t being paid out right now. But employees can request $500 bumps in their advance pay to account for expected shortfalls.

“Is it going to be 100 per cent accurate? No. But they’re giving us assurance that they’re willing to help out anybody who requests (it),” Mann said.

Asked whether he believed TransLink was prepared for the kind of attack it suffered, Mann said he did. He guessed it could still be a few weeks before the payroll system was back online.

Dominic Vogel, a cybersecurity expert and founder and chief strategist of Vancouver-based firm CyberSC, said it isn’t necessarily a poor reflection of a company’s technical capabilities when it’s hit by asuccessful ransomware attack. And hesaid it can be a very, very substantial task for a company and its IT team to repair the damage done in an attack.

“I guarantee they have been working tirelessly, even throughout the holidays to try and recover this,” he said.

Earlier this month in a news release, TransLink CEO Kevin Desmond confirmed the transit authority had been attacked.

“Upon detection, we took immediate steps to isolate and shut down key IT assets and systems in order to contain the threat and reduce the impact on our operations and infrastructure,” he said.

Desmond said TransLink planned to do a “comprehensive forensic investigation” to find out how the ransomware attack happened and what information might have been accessed. But he said TransLink uses a third-party payment processor for fare transactions and it doesn’t store fare payment data.

Source…

Premier League clubs to tighten cyber security methods after Manchester United hack

/in


Premier League clubs are expected to tighten cyber security methods as investigators warn a hack on Manchester United is just the tip of an iceberg.

United are believed to be facing a seven-figure ransom demand over the attack, which has left the club unable to yet fully restore its computer systems. GCHQ cyber security agents have been called in to help.

The National Cyber Security Centre recently published a report showing 70 per cent of major sports organisations are targeted by hackers every 12 months.

Ciaran Martin, a professor at the University of Oxford’s Blavatnik School, told Telegraph Sport on Friday night how he saw attacks on sporting organisations rise while he was chief executive at the NCSC.

“The risk to sport was on the up, not markedly, but incrementally, because of the realisation by potential attackers of rich sources of data and money that might be available from sporting organisations,” he said. “It’s big business, as we all know.”

Manchester City say it is a “matter of public record” that they have also been repeatedly targeted. In February, an IT worker was arrested amid claims he got players’ personal details and records of confidential transfer talks from Pep Guardiola’s email account. Last week, it also emerged British athletes were among hundreds of female sports stars and celebrities whose personal photographs had been breached in an iCloud attack.

“Sports organisations are at risk from cyber attacks for two reasons,” Martin, one of the leading figures in the UK’s fight against cyber crime, said. Nation-state attacks – such as Russia’s breach against the World Anti-Doping Agency in August 2016 – are high profile, but rare, he explained. “The other, which looks more likely here – although I must stress I don’t know the details because I’m not in Government any more – would appear to be a standard criminal ransom attempt to extort money by encrypting data or otherwise compromising data.”

The Football Association beefed up its security ahead of the World Cup in Russia in 2018, but many Premier League clubs have yet to bring their security levels in line with some other sectors.

Government has no powers to…

Source…