now browsing by tag


The rise of assistive devices: How tech is helping people with special needs | #specialneeds | #kids | #parenting | #parenting | #kids

Source: National Cyber Security – Produced By Gregory Evans

Written by Anuj Bhatia| New Delhi |Updated: November 23, 2020 12:56:09 pm Xbox Adaptive Controller is specifically designed for gamers with disabilities. (Image credit: Xbox)With over a billion people (about […]

The post The rise of assistive devices: How tech is helping people with special needs | #specialneeds | #kids | #parenting | #parenting | #kids appeared first on National Cyber Security.

View full post on National Cyber Security

#computersecurity | #comptia | Ageing devices biggest threat to cybersecurity as work from home becomes norm – | #cybersecurity | #informationsecurity

Source: National Cyber Security – Produced By Gregory Evans

The IT companies are contemplating over extending this arrangement even after COVID-19 infections reduce. But, most companies agree to cybersecurity threat being a sword hanging over their heads

Rukmini Rao        Last Updated: June 10, 2020  | 18:54 IST


  • In 2019, network infra assets of 47.9% businesses aged or turned obsolete
  • Ageing and obsolete devices in technology sector at 59.6%
  • Redirection of spend towards cloud services is resulting in decreased investment

Various sectors across the globe are slowing and in a staggered fashion opening up after nearly five months of lockdown, perhaps with the only exception of information technology sector, which adapted to a different working model to tide over the crisis. The IT companies are contemplating over extending this arrangement even after COVID-19 infections reduce. But, most companies agree to cybersecurity threat being a sword hanging over their heads. However, a recent report by NTT Ltd shows the root cause of cybersecurity threat having substantially increased is perhaps the obsolete or ageing devices.

“The assets of 47.9 per cent  organisations were ageing or turning obsolete as a weighted average, representing a significant surge from 2017, when this figure was just 13.1 per cent. Both connectivity and security are being compromised by enterprises leaving obsolete devices on the network,” the report  said. While the industry average in the use of obsolete and ageing devices is 47.9 per cent, public sector leads the way with 61.7 per cent, and surprisingly close second is the technology sector with 59.6 per cent of devices either ageing or turning obsolete. On an average, an obsolete device has twice as many vulnerabilities per device (42.2 per cent) compared to ageing (26.8 per cent) and current devices (19.4 per cent). Interestingly, the report says that around 2015-16,  businesses started investing and deploying new technology and spending on new devices peaked in 2017 when there were 86.9 per cent of organisations with current (latest) devices. Even as adoption of new wireless infrastructure is on the rise, with an average increase of over 13 per cent year-on-year, ageing and obsolete devices create security vulnerabilities and put businesses at risk of cyber attacks with people logging in from co-working spaces and remote work locations.

One of the biggest reasons behind the lower investment in  on-premises infrastructure, according to report, is the growth in cloud spend outpacing that in overall IT spend. This is what is leading to lower investments. Cloud adoption and spend were predicted to grow at a faster rate and in the region of 21-25 per cent CAGR until 2023. “The increase in on-premises, ageing and obsolete devices is partially due to a redirection of spend towards Software-as-a-Service (SaaS) and other cloud services, which results in a decrease in investment in on-premises infrastructure. However, we anticipate that there will be a significant increase in people working from home, even after pandemic reduction measures are lifted,” the report said.

Also Read: Coronavirus treatment cost: Tamil Nadu hospitals can’t charge above Rs 15,000 a day

Also Read: Vizag gas leak: Andhra govt forms committee to probe incident; seeks report by June 22

Source link


Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.

Posted in Computer Security, Hacking, Network Security, News Wire

Source link
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

The post #computersecurity | #comptia | Ageing devices biggest threat to cybersecurity as work from home becomes norm – | #cybersecurity | #informationsecurity appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Security lifeline: WhatsApp to pull support for older Android and iOS devices next month

Source: National Cyber Security – Produced By Gregory Evans

Upgrade or be left behind

ANALYSIS Millions of smartphone users may have a little less mobile security next month, after WhatsApp withdraws its support for older versions of Android and iPhone operating systems.

Devices running on iOS 8 and earlier, or Android versions 2.3.7 and earlier, will no longer receive updates from the free messaging service, with app features expected to deprecate on these systems from February 1.

“WhatsApp for iPhone requires iOS 9 or later,” WhatsApp said in a recent statement on its website.

“On iOS 8, you can no longer create new accounts or reverify existing accounts.

“If WhatsApp is currently active on your iOS 8 device, you’ll be able to use it until February 1, 2020.”

According to the UK’s National Cyber Security Centre, a security vulnerability is much more likely to be exploited on end-of-life devices that run unsupported software.

The damage that these issues can cause also increases, with attackers finding an easy target in technology where the only fix available is to upgrade to patch supported hardware or operating system.

The general functionality of the retired product tends to break, as well.

“We don’t explicitly restrict the use of jailbroken or unlocked devices,” WhatsApp said.

“However, because these modifications might affect the functionality of your device, we can’t provide support for devices using modified versions of the iPhone’s operating system.”

There is no industry standard as to when to end support for dated versions of an app or software. The decision is largely decided in the boardrooms of tech conglomerates, and generally viewed as a balancing act between consumer market share, cost, and security.

In order to keep on top of the software lifecycle, consumers are often required to upgrade their hardware. In the case of Apple, iOS 13 – the latest version of its mobile OS – is only compatible with the iPhone 6S and above.

At the other end of the spectrum, iOS 8, Apple’s eighth major operating system released in 2014, receives only minimal third-party application support.

“Of course Apple wants us to upgrade to their latest and greatest iPhones and MacBooks,” Patrick Wardle, Mac security expert and creator of the infosec blog and security toolkit site Objective-See, told The Daily Swig last year.

“But from a security point of view (versus just a consumer/marketing point of view), there is no denying that the latest version of their software and hardware (for example devices) are often far more secure than their predecessors,” Wardle said.

“Users should really upgrade to newer versions,” he added.

Read the latest mobile security news and breaches

This is an ongoing game for consumers, and indeed businesses, to have a healthy level of security and rid themselves of, what is known in the industry, as technical debt – the migration away from Windows 7 is one example.

Affordability can outweigh the guarantee of vendor support, however, which illustrates the reality of many individuals who lose the security guarantee that comes alongside regular patches on compatible hardware.

While there are no official statistics related to the version types of mobile ownership, Angela Siefer, executive director of the US non-profit National Digital Inclusion Alliance (NDIA), says it’s safe to assume that those in low income brackets are less likely to be using the latest devices.

The most vulnerable populations are put at even more risk, she says.

“The situation with WhatsApp is definitely alarming, but it’s also not surprising,” Siefer told The Daily Swig.

“As technology keeps innovating there is going to continue to be people left behind, and society needs to figure out how to support those folks as technology moves forward.”

The NDIA works to address affordability issues related to internet access and ownership of digital devices. Part of that mandate is education, where security, in particular, needs to move outside the tech industry bubble in order to reach individuals who may not realize that their software needs fixes.

“They’re [consumers] not reading tech blogs, they’re probably not reading anything about WhatsApp, they’re just frustrated because now it [WhatsApp] doesn’t work anymore,” Siefer said.

There are certain cases where tech companies or software vendors provide extended support for their products, whether in full due to their popularity or through open sourcing specific applications, as the case with the iPhone.

But these third-party applications fall few and far between, and some, including Paul Roberts, founder of the right to repair infosec group Securepairs, believing legislation should compel companies to release unsuppoprted software into the public domain.

“So, in the context of WhatsApp, open source discontinued versions of the app and put it on GitHub,” Roberts told The Daily Swig.

“That way, technically minded users can pick up where the company left off: making a ‘public’ version of the app that will continue to work on older phones and tablets.”

WhatsApp deciding to make versions of iOS and Android obsolete follows a move to end its support for all Windows phones at the beginning of the year, similar to one taken by parent company Facebook in April 2019, which sunset Facebook, Messenger, and Instagram apps for users of the limited Microsoft smartphone.

WhatsApp is currently one of the most popular chat apps for smartphones operated in 2017 by an approximate 1.5 billion consumers across the globe.

The company did not reply to The Daily Swig’s request for comment about how many people use its service on the soon-to-be out-of-date operating system, but as Facebook, and other tech giants, continue to gain a foothold in emerging markets, consumer desire to hold onto older devices may drive the industry to rethink the end-of-life ecosystem.

RELATED Apple pulls U-turn on right to repair

Source link

The post #nationalcybersecuritymonth | Security lifeline: WhatsApp to pull support for older Android and iOS devices next month appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | US Navy Bans TikTok From Military Devices | Avast

Source: National Cyber Security – Produced By Gregory Evans

The U.S. Navy issued a bulletin announcing that the widely used social app TikTok is now seen as a cybersecurity threat and will no longer be allowed on any government-supplied devices. Reuters reported that the bulletin, posted on a Facebook page used by military personnel, warned government members that any device with the TikTok app installed would be blocked from the Navy Marine Corps Intranet. TikTok is a highly popular video-sharing app owned by the Beijing company ByteDance, which is currently under a U.S. national security review. The Navy is the second U.S. military branch to flag TikTok after Army leadership instructed cadets not to use the app last month. 

*** This is a Security Bloggers Network syndicated blog from Blog | Avast EN authored by Avast Blog. Read the original post at:

Source link

The post #cybersecurity | #hackerspace |<p> US Navy Bans TikTok From Military Devices | Avast <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices

Source: National Cyber Security – Produced By Gregory Evans Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices. One of the two vulnerabilities, assigned as CVE-2019-5096, is a critical code execution flaw that can be exploited […] View full post on

#cybersecurity | #hackerspace | End-of-Life Devices Pose Data Breach Risk

Source: National Cyber Security – Produced By Gregory Evans End-of-life devices not properly sanitized of data can cause compliance issues and make corporate data vulnerable GDPR, CCPA and the rest of the alphabet soup of privacy laws should have organizations looking more deeply at how and where they store and use data. While most companies […] View full post on

#infosec | #ISC2Congress: IoT Devices Pose Off-Network Security Risk

Source: National Cyber Security – Produced By Gregory Evans

Internet of Things (IoT) devices can still be a serious security threat even when they are off network.

Speaking on day three of the (ISC)² Security Congress in Orlando, Florida, 802 Secure CSO Michael Raggo shared research that demonstrated the risks posed by everyday IoT devices. 

In his talk titled “Cyber Physical Security: Addressing IoT Risks,” Raggo cited examples of threat actors gaining access to data centers via WiFi thermostats and spying on conferences by hacking into smart TVs mounted on boardroom walls.

“The problem goes far above and beyond the potential breach of data or risks to that data. It also has an impact on safety, privacy, and the whole operation of your entire network, especially if it’s an industrial IoT type of network,” said Raggo.

“What that means in terms of your policies and how you approach the problem, is that this is more than just protecting data and avoiding data exfiltration. Now we are talking about the safety and the privacy of people and employees.”

The impact of IoT security issues is far-reaching. According to Raggo, “roughly 50% of the new buildings being built in the United States have some kind of IoT functionality.”

Raggo said that ensuring the reliability and security of the lighting, power, and HVAC systems of your home and your business is a real challenge if those systems aren’t connected to your own network.

Although many people are familiar with Wi-Fi and Bluetooth, according to Raggo they often don’t have a clear understanding of how IoT devices are configured and who can actually connect to them.   

Raggo referenced experiments conducted in his own lab that had produced worrying results, exposing vulnerabilities in smartphones and surveillance cameras. In one test, he used a wireless thumb drive to access data on a hub.

“I simply plugged it into a USB port in the back of the hub and immediately videos started being recorded to my thumb drive. There was no authentication required,” said Raggo.

One threat Raggo drew attention to was Bluetooth skimming, where threat actors steal money by breaching credit card details used in transactions. After being asked to investigate a fast-food restaurant that had suffered a breach, Raggo used readily available Bluetooth scanning tools to detect a long-range Bluetooth device placed under the cash register that had been used to skim data.


#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity

Source link

The post #infosec | #ISC2Congress: IoT Devices Pose Off-Network Security Risk appeared first on National Cyber Security.

View full post on National Cyber Security

A #Basic Z-Wave #Hack #Exposes Up To 100 #Million Smart #Home #Devices

So-called “smart” locks and alarms are proliferating across people’s homes, even though hackers have shown various weaknesses in their designs that contradict their claims to being secure.

Now benevolent hackers in the U.K. have shown just how quick and easy it is to pop open a door with an attack on one of those keyless connected locks. And, what’s more, the five-year-old flaw lies in software that’s been shipped to more than 100 million devices that are supposed to make the home smarter and more secure. Doorbells, bulbs and house alarms are amongst the myriad products from 2,400 different vendors shipping products with the flawed code. Tens of millions of smart home devices are now vulnerable to hacks that could lead to break-ins or a digital haunting, the researchers warned.

For their exploits, the researchers – Ken Munro and Andrew Tierney from Pen Test Partners – focused on the Conexis L1 Smart Door Lock, the $360 flagship product of British company Yale. As relayed to Forbes ahead of the researchers’ report, Munro and Tierney found a vulnerability in an underlying standard used by the device to handle communications between the lock and the paired device that controls the system. The flaw meant the communications could be intercepted and manipulated to make it easy for someone in the local area to steal keys and unlock the door.

The problematic standard was the Z-Wave S2. It provides a way for smart home equipment to communicate wirelessly and is an update from an old protocol, Z-Wave S0, that was vulnerable to exploits that could quickly grab those crucial keys. Indeed, they were “trivial” to decrypt, according to Pen Test Partners’ research.

Z-Wave S2 is more secure than S0. It comes with a method for sharing keys known as the Diffie-Helmann exchange; it’s a highly-regarded, tested method for ensuring that the devices shifting keys between one another are legitimate and trusted. But whilst the Yale device, purchased by Munro and Tierney just a couple of weeks ago and kept up to date, used that S2 protocol, the researchers found it was possible to quickly downgrade the device to the older, much less secure key-sharing mechanism.

During the period when a user paired their controller (such as a smartphone or smart home hub) with the device, Munro and Tierney could ensure the less-secure S0 method was used. From there, they could crack the keys and get permanent access to the Yale lock and therefore whatever building it was protecting, all without the real user’s knowledge. They believe they could carry out their attack, dubbed Z-Shave, from up to 100 meters away.

“It’s not difficult to exploit,” Munro said. “Software Defined Radio tools and a free software Z-Wave controller are all that’s needed.” In 2016, hackers created a free program designed to exploit Z-Wave devices called EZ-Wave.

Yale owner ASSA ABLOY said it understood the Z-Wave Alliance was conducting an investigation into the matter and was in close contact. ASSA ABLOY will also be conducting its own investigation, a spokesperson said, adding that it was “constantly updating and reviewing products in line with the latest technologies, standards and threats.”

No updates?

Munro told Forbes it should be possible to update many Z-Wave-based devices with a wireless update of both the app and the device. “However, it’s an issue with the Z-Wave standard, so would require a massive change by the Alliance, then an update pushed to all devices that support S2, which would likely stop them working with S0 controllers. And there are hardly any S2 controllers on the market. None in the U.K.,” he added.

Silicon Labs (SiLabs), the $4.5 billion market cap firm that owns the Z-Wave tech, admitted “a known device pairing vulnerability” existed. But it didn’t specify any upcoming updates and downplayed the severity of the attack, adding “there have been no known real-world exploits to report.”

The company referred Forbes to the first description of the S0 decryption attack, revealed way back in 2013 by SensePost, which determined the hack wasn’t “interesting” because it was limited to the timeframe of the pairing process. As a result, SiLabs said it didn’t see the S0 device pairing issue “as a serious threat in the real world” as “there is an extremely small window in which anyone could exploit the issue” during the pairing process, adding that a warning will come up if a downgrade attack happens. “S2 is the best-in-class standard for security in the smart home today, with no known vulnerabilities,” the spokesperson added, before pointing to a blog released by SiLabs Wednesday.

Munro said it would be possible to set up an automated attack that would make it more reliable. “It should be easy to set up an automated listener waiting for the pairing, then automatically grab the key,” he said.

The company said the problem existed because of a need to provide backwards compatibility, as a spokesperson explained: “The feature of S2 in question – device pairing – requires both devices have S2 to work at that level. But of course the adoption of this framework across the entire ecosystem doesn’t happen overnight. In the meantime, we do provide the end user with a warning from the controller or hub if an S0 device is on the network or if the network link has degraded to S0.”

Munro was flabbergasted at the vendor’s overall response. “After attempting responsible disclosure and getting little meaningful response, on full disclosure Z-Wave finally acknowledge that it’s been a known issue for the last few years. Internet of Things (IoT) devices are at their most vulnerable during initial set-up. S2 Security does little to solve that problem.”


The post A #Basic Z-Wave #Hack #Exposes Up To 100 #Million Smart #Home #Devices appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Gov’t to #put new #cybersecurity #measures in #place for smart #devices

Source: National Cyber Security News

As the number of devices grows, so does the level of security needed. The UK government is aiming to tackle this with a new initiative, but what is the tech sectors take on it?

The Government has announced new cybersecurity guidelines will need to be put in place to ensure smart devices are made safer.

Following a stream of cyber security breaches among Internet of Things (IoT) devices, the UK Government has said new cyber security guidelines are necessary to better protect users. The aim is to change the way devices are manufactured, as well as increasing the safety of individuals.

The government has predicted that each household across the UK has at least 10 internet connected devices, which is set to increase to 15 by 2020. With this increase of devices comes a bigger increase in security threats, meaning more must be done from a cybersecurity perspective. Recently, attacks have been carried out on various IoT devices such as smart watches, CCTV cameras and even children’s dolls.

The governments initiative has been developed alongside the National Cyber Security Centre (NCSC), and coincides with the new £1.9bn Cyber Security Strategy that is set to be implemented.

Read More….


View full post on National Cyber Security Ventures

Forever 21 #POS #Devices Contract #Malware #Infections

Source: National Cyber Security – Produced By Gregory Evans

Apparel retailer Forever 21 said in the end-week of December 2017 that malware infection on its point-of-sale machines resulted in hacking of data related to payment cards from a few specific stores during the year. Reportedly, the attack got aggravated due to encryption absent on those machines.

The $4bn retail firm based in Los Angeles published one news release on December 28 to confirm that some party with sinister intentions gained admission into data from the credit and debit cards of a section of customers during the period April 3-November 18, 2017. The attacker could do so via a malware-laced assault combined with inadequate POS security.

With a cyber forensics company that Forever 21 hired, investigation into the problem started. Initially when concrete details couldn’t be obtained, the retail firm cautioned about a few POS devices within certain Forever 21 stores as being impacted where there was little utilization of encryption. posted this dated January 2, 2018.

It got determined from the investigation that encryption was halted while malicious software was loaded onto certain devices within a few stores in USA at different times from 3rd April-18th November, 2017.

In addition, Forever 21 stated that a machine which logged entire transaction authorizations on payment cards too had malicious software planted onto it within a few of the outlets.

And while it isn’t yet known about the data hack’s intensity it’s also still not clear about the number of outlets and customers impacted albeit Forever 21 is presently having suppliers of POS machines and cyber-security experts with whom it’s working for enhancing its future security.

‘Forever 21’ was as well working with the hacked point-of-sale device manufacturer, the payment processors along with law enforcement for additional probe into the online infiltration, the business firm stated.

Meanwhile, the apparel shop isn’t alone in being victimized with the kind of attack. Point-of-sale contaminations are an increasingly frequent mode by which crooks carry out big-scale seizures of credit and debit card information. Among the targets so far, the Hilton hotel chain, Target the big-box retailer as well as restaurant chains are also included.

The post Forever 21 #POS #Devices Contract #Malware #Infections appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures