find

now browsing by tag

 
 

Cyber #security #war games helping #businesses find & #recruit untapped #talent

Source: National Cyber Security – Produced By Gregory Evans

With the cyber security skills gap widening amidst a rise in the overall threat landscape, business are now relying on cyber security war games to find and recruit new cyber warriors whose talents have remained untapped for years.

The Cyber Security Challenge UK Masterclass competition ended on a high earlier this week with 22-year old Mo Rahman emerging as the overall winner, ahead of 41 other talented finalists, some of whom came from abroad to test their skills.

The three-day competition, which involved a team of such finalists breaching a shipping company’s servers and another defending the breach and as well as pin-pointing an insider threat, not only measured their cyber security skills, but also their presentation and leadership skills.

In order to qualify for the event, these cyber warriors had to pass an initial online test conducted by Cyber Security Challenge U.K., followed by competitive one-against-one challenges in real time. All the finalists were then grouped into teams, with each of the teams assigned different purposes.

Even though the competition was held every year since 2010, the organisers made sure that the challenge presented to the finalists this year would be as realistic as possible. The finalists were made to perform forensic analysis, and then to use the results of such analysis to build a case against an insider who was responsible for a breach. They were also made to conduct a live presentation in order to convince fictitious board members.

The purpose of the competition is basically to help industries and businesses hire talented cyber security warriors whose talents would remain hidden but for such competitions. Observers from businesses would not only be able to witness their cyber skills in real time, but also their analytical, communication, and leadership skills, things that are now believed as basic skills that cyber security professionals must possess.

‘This event is designed to mirror challenges faced by leading industry experts, in order to identify the UK’s best talent. Traditional recruitment methods don’t work in the world of cyber-security – often the most talented individuals don’t stand out on paper and events like this allow us to put the best talent in the country in front of many of the leading organisations in the country that are seeking more cyber security skilled workers,’ said Nigel Harrison, acting CEO of Cyber Security Challenge UK.

‘We face a shortage of cyber security professionals, not just here in the UK but worldwide. To address this, we are doing more than ever before to inspire people to pursue a career in cyber security,’ said Caroline Noakes, Minister for Government Resilience and Efficiency.

‘We will continue to work in partnership with organisations like the Cyber Security Challenge UK to make Britain secure, confident and prosperous in the digital world,’ she added.

With the rising cyber threats landscape, the existing cyber security skills gap is not only hurting businesses, the legal community, the media, as well as major industries, but also the country’s critical resources like the police forces, the armed forces as well as the NHS, whose recent encounter with ransomware attacks is well-known.

Recently, an eye-opening research from independent think-tank Reform revealed that only 40 out of 13,500 volunteers working for the UK Police were cyber security experts, and that the force was in dire need of as many as 12,000 volunteers from the civil society to fight the growing menace of cyber crimes which accounted for nearly half of all crimes.

The research paper also recommended the setting up of a new digital academy by the Home Office to offer cyber security training to as many as 1,700 police officers and staff every year. It also urged the Home Office to use administrative savings from accelerating the Government’s automation agenda to set up a £450 million a year capital grant for the forces, and also to use the £175 million Police Transformation Fund to implement a transformational technology.

 

The post Cyber #security #war games helping #businesses find & #recruit untapped #talent appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Researchers #Hack Car Infotainment #System and Find #Sensitive User #Data Inside

Source: National Cyber Security – Produced By Gregory Evans

People who are worried about their security will use a secure phone, lock down their computer, and use strong passwords for their online accounts. But how many people have considered that their car could be leaking their most sensitive data?

A researcher who recently decided to investigate his car’s infotainment system found that it was not designed using modern software security principles, yet it stored a lot of personal information taken from his phone that could be valuable to hackers.

Executing code on the car’s infotainment unit was extremely easy by connecting a USB flash drive with specially crafted scripts. The system automatically picked up those files and executed them with full administrative privileges.

Car enthusiasts have used the same method in the past to customize their infotainment systems and run non-standard applications on them, but Gabriel Cîrlig, a senior software engineer at security firm Ixia, wanted to understand the security implications of this technique.

What he found was a major privacy issue where call histories, contacts, text messages, email messages, and even directory listings from mobile phones that had been synchronized with the car, were being stored persistently on the infotainment unit in plain text.

Mobile operating systems like Android and iOS go to great lengths to protect such data by restricting which applications have access to it or by allowing users to encrypt their devices. All that security could be undone if people pair their devices over Bluetooth with an infotainment system like the one found in Cîrlig’s car.

Cîrlig and an Ixia colleague Ștefan Tănase decided to go even further and investigate how the car’s infotainment unit could be potentially abused by an attacker or even law enforcement to track users and obtain information about them that they couldn’t otherwise get from their mobile devices.

The researchers presented their findings Friday at the DefCamp security conference in Bucharest, but declined to disclose the car make or model because they’re still in the process of reporting the privacy issue they found. However, they mentioned that the car was made by a Japanese manufacturer.

Cîrlig told me that there is a firmware update available that blocks the USB attack vector on his car, but installing it requires going to a dealership. This means that a large number of cars will likely never be patched.

The infotainment system itself is a hacker’s paradise and is more powerful than most embedded devices, including home routers. It has a Cortex-A9 CPU with 1GB of RAM, as well as Wi-Fi and GPS. The operating system is based on Linux and has a fully functional Bash command-line shell with all its usual utilities. On top of that, there are various debugging tools, including for the GPS, that the system’s developers did not bother to remove, according to Cirlig.

It looks like technology that was created in a rush without any concern for security engineering, Cîrlig told me. “A production system, at least for a car, should be completely locked down.”

He thinks that some of the software design choices were driven by convenience, like the storing of unencrypted user sensitive data indefinitely instead of requesting it again from the phone when the device is in proximity.

In addition to data copied from mobile devices, Cîrlig found other sensitive information on the infotainment unit, such as a list of favorite locations the car has been driven to or from, voice profiles, vehicle status information, and GPS coordinates.

For their presentation, Cîrlig and Tanase showed a proof-of-concept malware program—a Bash script—that when executed via USB, continuously looked for open Wi-Fi hotspots, connected to them and could exfiltrate newly collected data. By combining this malware with location data from the GPS, an attacker could also track the car in real time on a map.

To make things worse, the rogue script is installed as a cron job—a scheduled task on Linux—and is persistent. Even if the infotainment system is reset to factory defaults, cron jobs are not removed, the researchers said.

Hackers could take the attack even further and create a USB worm, where a compromised infotainment system could infect all USB dongles plugged into it and potentially spread the infection to other cars, Cîrlig said. Or the car could be used in a wardriving scenario, trying to automatically exploit Wi-Fi networks and other systems it encounters, he said.

The development of infotainment systems is usually outsourced to third-party electronic component suppliers and not made by the automobile manufacturers themselves. Other researchers have shown in the past that there are ways to jump from the infotainment systems to more critical electronic control units (ECUs)—the specialized embedded computers that control a car’s functions.

The auto industry continues to work using outdated programming principles and very old technology stacks that would be unacceptable today in a modern software development environment; and that needs to change, Cîrlig said. “For someone like myself who has a software development background, that style of coding looks ancient, from the age of the dinosaurs.”

The post Researchers #Hack Car Infotainment #System and Find #Sensitive User #Data Inside appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

DHS: Hackers targeted other systems to find weak spots

Source: National Cyber Security – Produced By Gregory Evans

The Department of Homeland Security on Thursday sought to clear up confusion over its assessment that 21 states had their election systems targeted by Russian government hackers, saying just because the hackers in some states didn’t directly scan election systems, it doesn’t mean they weren’t looking to break into them….

The post DHS: Hackers targeted other systems to find weak spots appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Your computer could be infected without you knowing it: Here’s how to find out

Source: National Cyber Security – Produced By Gregory Evans

Until you become the target of data theft, a malware attack is only what you read about in the news. Yet there is a big possibility that malware keeps hiding in your system for a long time without you being aware of it. Theft of data or money is not…

The post Your computer could be infected without you knowing it: Here’s how to find out appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers Exploiting ‘Find My iPhone’ To Remotely Lock Mac Computers

Source: National Cyber Security – Produced By Gregory Evans

Apple’s Find My iPhone feature is meant to be a recovery feature of sorts, where if you’ve misplaced your iPhone, you will be able to locate it using the feature. Unfortunately it seems that in recent times, hackers have managed to exploit the feature and in turn have been locking…

The post Hackers Exploiting ‘Find My iPhone’ To Remotely Lock Mac Computers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Suspected identity thieves find treasure in trashed job applications

Source: National Cyber Security – Produced By Gregory Evans

More than 400 people who were looking for jobs instead may have instead become targets of identity thieves. Federal officials are investigating two people suspected of getting personal information from job applications in the trash of a Wichita Dollar Tree store, The Topeka Capital-Journal reports. An executed warrant showed that…

The post Suspected identity thieves find treasure in trashed job applications appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Researchers Find Cyberattacks on The Epoch Times Part of Larger Hacking Campaign

Source: National Cyber Security – Produced By Gregory Evans

New research suggests that a series of large-scale cyberattacks on The Epoch Times, starting in January and continuing to the present, are part of a coordinated campaign. CitizenLab of the University of Toronto published a report on July 5, which detailed the cyberattacks and noted that several Chinese-language news outlets…

The post Researchers Find Cyberattacks on The Epoch Times Part of Larger Hacking Campaign appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers Find ‘Ideal Testing Ground’ for Attacks: Developing Countries

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ Source: National Cyber Security – Produced By Gregory Evans The attack had the hallmarks of something researchers had dreaded for years: malicious software using artificial intelligence that could lead to a …

The post Hackers Find ‘Ideal Testing Ground’ for Attacks: Developing Countries appeared first on Become007.com.

View full post on Become007.com

Lonely penguin tries to find love on ‘Plenty of Fish’ dating website

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ Online dating can be tough. Trying to comb through the details of potential partners, swiping left and right and crafting the perfect “About Me” section. Not to mention the dating horror …

The post Lonely penguin tries to find love on ‘Plenty of Fish’ dating website appeared first on Become007.com.

View full post on Become007.com

Second grade teacher arrested after police find heroin, needles inside purse

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ An Oklahoma elementary school teacher was arrested after police say they found syringes, some filled with heroin, in her purse at school. Megan Sloan, a second grade teacher at Sapulpa Elementary …

The post Second grade teacher arrested after police find heroin, needles inside purse appeared first on Become007.com.

View full post on Become007.com