now browsing by tag


#infosec | Docker Registry Snafus Expose Firms to Cloud Compromise

Source: National Cyber Security – Produced By Gregory Evans

Security experts are warning that widespread Docker registry misconfigurations could be exposing countless organizations to critical data theft and malicious attacks.

Palo Alto Networks’ Unit 42 research group focused on one of the most popular platforms around for managing containers. Docker registries are servers designed to store and organize the all-important images, which contain bundled application code, dependent libraries and operating system files.

As these registries therefore provide access to app source code and business-critical data, it’s vital that they are properly secured. However, Palo Alto Networks discovered misconfigurations in registries’ network access controls which left many exposed.

In total, the Unit 42 team found 941 Docker registries exposed to the internet and 117 registries accessible without authentication. There were 2956 repositories and 15,887 tags in these registries, meaning effectively that nearly 3000 applications and almost 16,000 unique versions of these were exposed.

Scores of registries allowed the “push” operation, meaning hackers could replace legitimate app images with those containing backdoors. Others allowed for deletion, meaning cyber-criminals could encrypt or delete and hold them for ransom, while more still allowed any user to pull and run the images.

“The remediation strategy for this particular misconfiguration is straightforward, such as adding a firewall rule to prevent the registry from being accessed from the internet and enforcing authentication header in all the API requests,” the firm concluded.

“However, with an ever-increasing number of applications and complexity of infrastructure, security becomes a daunting job. Automated tools are needed to scan for vulnerabilities and monitor malicious activities constantly. The earlier the issues can be identified, the less chance they will be exploited in the production.”


#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity

Source link

The post #infosec | Docker Registry Snafus Expose Firms to Cloud Compromise appeared first on National Cyber Security.

View full post on National Cyber Security

Financial tech firms disagree on ban of customer data screen-scraping – Naked Security

Source: National Cyber Security – Produced By Gregory Evans For years, financial technology (fintech) companies have used screen-scraping to retrieve customers’ financial data with their consent. Think lenders, financial management apps, personal finance dashboards, and accounting products doing useful things: like, say, your budgeting app will use screen-scraping to get at the incoming and outgoing […] View full post on

#nationalcybersecuritymonth | Police in states across India are relying on private firms and consultants to solve cybercrime cases

Source: National Cyber Security – Produced By Gregory Evans Cyber forensics firms, such as Volon and AVS Labs, are increasingly being asked to crack cases of cybercrime, even as law enforcers build their own teams of cyber intelligence experts. Take this recent instance. A businessman was accused of deceit in a deal, and a court […] View full post on

#city | #ransomware | 90pc of UK’s biggest law firms at risk of having confidential client data stolen

Source: National Cyber Security – Produced By Gregory Evans Around nine in 10 of the UK’s biggest law firms are at risk of being scammed or having their clients’ confidential data stolen or compromised due to sub-standard IT security. A new study of 200 of the country’s biggest law firms found more than 90pc are […] View full post on

#cyberfraud | #cybercriminals | Firms to combat cyberattacks and fraud in UAE banking sector

Source: National Cyber Security – Produced By Gregory Evans

The event in progress in Abu Dhabi on Monday.

Business Bureau, Gulf Today

In a collective effort to promote a secure and stable financial landscape in the UAE, UAE Banks Federation (UBF), in partnership with SWIFT, the leading provider of secure financial messaging services, on Monday hosted the ‘SWIFT Customer Security Programme (CSP)’ conference. The CSP conference, which took place in Abu Dhabi, witnessed industry experts coming together to discuss how the widespread implementation of SWIFT CSP can support banks in combating all types of threat of cyberattacks by equipping them with necessary information and tools to mitigate electronic financial frauds.

SWIFT CSP is an initiative aimed at reinforcing the overall security of the global banking system by improving information sharing throughout the community, enhancing SWIFT-related tools for customers, sharing best practices for fraud detection and enhancing support by third party providers. Through the programme, SWIFT has also recently launched the Customer Security Control Framework (CSCF), which outlines a series of compulsory and advisory security controls for customers, which can help them strengthen and improve cyber security standards across the UAE.

Commenting on the occasion,  AbdulAziz Ghurair, Chairman of UBF, said: “On the back of accelerated technological innovation, the threat of cybercrime has significantly increased over the years, and the localised instances of payment fraud have reiterated the necessity for greater and more extensive partnerships to solve these issues. In line with our commitment to foster a safer and more protected banking environment across the UAE, we are delighted to collaborate with SWIFT to encourage the industry-wide adoption of the SWIFT CSP. Cybercriminals are becoming quickly smarter, and we are developing more sophisticated technologies that are becoming fundamental for banks to implement innovative platforms that promote improved transaction processes and provide relief and security for customers.”

Onur Ozan, Head of the Middle East, North Africa & Turkey, SWIFT, said: “With the Customer Security Programme, SWIFT is reinforcing the security of the entire global banking system. Worldwide, financial institutions are adopting SWIFT’s CSP as attackers prove increasingly determined and cunning. The CSP is delivering tangible results, supporting institutions in stepping up to this growing threat.”

The conference included several discussions focusing on SWIFT CSP and CSCF initiatives and the profound impact that such could have on finance and banking environment, emphasising the evolution of the payment landscape as a primary reason to adopt safer security measures.

Meanwhile, a meeting between members of the CEOs Advisory Council of the UAE Banks Federation (UBF) was held in Dubai to discuss recent developments, issues and advancements in the finance and banking sector in the UAE, with a particular focus on Emiratisation.

Directed by AbdulAziz Al Ghurair, Chairman of UBF, the meeting focused on a wide range of topics, including progress on existing UBF programs and initiatives, advances on Emiratisation efforts, findings and results from UBF’s latest Trust Index Survey, and the upcoming Middle East Banking Forum (MEBF) in November 2019.

Speaking on the occasion, AbdulAziz Al Ghurair said: “The astounding amount of change and transformation in the UAE banking industry means it is increasingly necessary for us to regularly hold these meetings, so that we may analyse key strengths, opportunities, and challenges in the sector. For this specific meeting we identified our priorities based on the current happenings in the financial and banking industry, as well as the overall larger economy. The recent announcement of the creation of more than 20,000 jobs for Emiratis in top-tier sectors, including banking, has driven us to focus on Emiratisation efforts within banks, and evaluate ways of working together to enhance the skills and expertise of UAE nationals. Additionally, we are confident that the banking sector will continue progressing and evolving in lieu of the highly positive results from the recently announce Trust Index Survey 2018.”

Distinctively positioned at the centre of the banking industry, which underpins the economy, UBF has a responsibility to support the UAE’s progressive vision to empower society at all levels. Whether it’s addressing the ever-changing challenges in the market, or developing the skills of UAE nationals to increase their recruitment to vital positions in the industry, UBF is continuously working towards a sustainable and diversified economy.

Current plans and initiatives in the banking sector focus on innovation and digitisation, and aim to provide easy access to multiple government and non-government services. From next month, banks will start adopting UAE Pass, a new mobile app which acts as a digital identity and digital signature solution, enabling individuals to conduct financial transactions, upload documents, validate documents and share data. The Emirates Digital Wallet, a tool aimed at promoting financial inclusion and driving a cashless society, is also being developed and will be launched soon.

Source link

The post #cyberfraud | #cybercriminals | Firms to combat cyberattacks and fraud in UAE banking sector appeared first on National Cyber Security.

View full post on National Cyber Security

77 Per cent #firms lack #proper #cyber security measures #globally

Nearly 77 per cent companies lack proper cyber security measures and almost half of them have either informal/ad hoc or completely non-existent response plans in case of a data breach, a global study said on Wednesday.

Despite the lack of formal planning, 72 per cent still feel more cyber resilient today than they were last year, said the study conducted by leading IT security research organisation Ponemon Institute and sponsored by IBM Resilient, an IBM company.

“In fact, 60 percent of respondents consider a lack of investment in Artificial Intelligence (AI) and Machine Learning (ML) as the biggest barrier to cyber resilience.

“A response plan that orchestrates human intelligence with machine intelligence is the only way security teams are going to get ahead of the threat and improve overall cyber resilience,” said Ted Julian, Vice President of Product Management and Co-Founder, IBM Resilient.

Nearly 57 per cent of the respondents said the time to resolve an incident has increased while 65 per cent reported the severity of the attacks has increased.

“These areas represent some of the key factors impacting overall cyber resiliency. These problems are further compounded by just 31 per cent of those surveyed having an adequate cyber resilience budget in place and difficulty retaining and hiring IT Security professionals (77 per cent), the report noted.

Read More….


The post 77 Per cent #firms lack #proper #cyber security measures #globally appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity #law causing #mass concerns among #foreign firms in #China

Source: National Cyber Security News

New rules have added to costs and had a big impact on how they do business, survey finds, and tax regime and land acquisition policy are also headaches

Most of the 215 foreign firms polled said the country’s tax regime, land acquisition policy and cybersecurity law were all headaches, according to a white paper and report on the business environment in China released on Thursday.

But of the three areas, it is the new cybersecurity law introduced in June that is causing “mass concerns” among foreign firms because it has greatly increased operating costs and has had a big impact on how business is done in China, said Harley Seyedin, president of AmCham South China.

“It created uncertainties within the investment community and it’s resulting in, at the minimum, postponement of some R&D investment,” Seyedin said.

“The law requires approval … to be obtained for cybersecurity, but it does not tell you where to apply, how long it takes you to apply, how long it takes for the results to come out, and what the process might be in case you want to appeal the decision,” he said. “All of these are vague but it’s going to result in .

Read More….


View full post on National Cyber Security Ventures

Law #firms plan to #bolster #cyber security

Source: National Cyber Security – Produced By Gregory Evans

Law #firms plan to #bolster #cyber security

Law firms plan to bolster cyber security
More than 40% of law firms are planning spend more on cyber security in the next 12 months as the legal profession is targeted more frequently.

Robert Half Legal says that its recent survey of law firms in the US shows that firms are taking the issue of protecting sensitive information very seriously and advises that this should involve IT professionals as well as the latest software defences.

“As evidenced by recent news headlines, data security breaches are becoming more frequent and sophisticated,” said Jamy Sullivan, executive director of Robert Half Legal. “Law firms, in particular, are targets for cyber criminals due to the high volume of sensitive information they maintain, so they are investing significant resources to develop robust defenses.”

The average increased spend on cyber security based on respondents to the survey is 13%.

Ashurst considering Luxembourg office
As post-Brexit Britain crawls ever closer, another international law firm is weighing its options.

Ashurst is considering expanding on its Luxembourg desk by opening an office in the small European nation which is an important financial centre despite its diminutive stature.

The firm’s Luxembourg desk is currently part of its London City practice and headed by partner Isabelle Lentz, a former partner from Luxembourg firm Oostvogels Pfister Feyten.

According to a report in LegalWeek, Ashurst is reviewing its options but has made no decision yet.

Charity swim around HK for Herbert Smith Freehills manager
Herbert Smith Freehills’ learning and development manager is to swim around Hong Kong Island for charity.

Simon Holliday will undertake the 45km endurance challenge with the aim of completing it non-stop in under 17 hours, setting a new world record to raise HK$1 million for Splash, which helps people from disadvantaged backgrounds to learn to swim.

The only person to have completed the challenging route so far is Australian Olympian Linda McGill 41 years ago.

Lawyers force pause on Vegas shooter’s hotel room
Lawyers acting for one of the victims of the Las Vegas shooting which killed 58 people and injured 546, have won an important court decision to protect vital evidence.

The Nettles Law Firm is acting for Rachel Shepperd, who suffered three gunshot wounds when a gunman opened fire on the Route 91 Harvest Festival from a hotel room at MGM.

Judge Mark Denton has granted a Temporary Restraining Order to prevent the room being sanitized or changed before victims’ representatives have been able to inspect it.

“The ruling means MGM is on notice that there will be serious legal consequences if evidence currently in their possession is altered, discarded, lost, destroyed or otherwise disappears,” said attorney James Lee. “This also applies to evidence outside the hotel room.”

The law firm has filed suit against MGM Resorts International, Mandalay Corp and Live Nation Entertainment alleging proper security by MGM would have prevented the mass shooting.

The allegation has not been proven in court.

The post Law #firms plan to #bolster #cyber security appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers attacking US and European energy firms could sabotage power grids

Source: National Cyber Security – Produced By Gregory Evans

A hacking campaign is targeting the energy sector in Europe and the US to potentially sabotage national power grids, a cybersecurity firm has warned. The group, dubbed “Dragonfly” by researchers at Symantec, has been in operation since at least 2011 but went dark in 2014 after it was first exposed,…

The post Hackers attacking US and European energy firms could sabotage power grids appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Student hacker, 19, admits high-profile cyber-attacks on the websites of multinational firms including Amazon, Netflix, BT and the BBC

Source: National Cyber Security – Produced By Gregory Evans

A teenager has admitted carrying out a string of high-profile cyber attacks on the websites of multi-national firms. Jack Chappell, 19, of Stockport, committed Distributed Denial of Service (DDoS) attacks on NatWest, the National Crime Agency, Vodafone, the BBC, BT, 02 and Amazon. DDoS attacks involve crashing websites by flooding…

The post Student hacker, 19, admits high-profile cyber-attacks on the websites of multinational firms including Amazon, Netflix, BT and the BBC appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures