Tag Archive for: calls

Former NCSC chief calls for ransomware payments ban, but cyber security experts aren’t keen


The former chief executive of the UK’s National Cyber Security Centre (NCSC) has called for the government to ban organizations from making ransomware payments.

Writing in The Times, Ciaran Martin, who served as the NCSC’s inaugural chief executive, suggested a ban could help put a stop to the ever-increasing proliferation of ransomware, referring to the ‘apparently sanguine attitude’ of British policymakers to cyber criminals groups.

Source…

Deimos Calls for Bolstered Education for Cybersecurity Protection – Tech | Business



Sifax

Advertisements

…Only 24% of Africa’s financial businesses believe they have sufficient resources to counter attacks.

Deimos, a leading African cloud-focused cybersecurity company, renowned for its pivotal role in cloud-native development and security operations, is sounding the alarm for an urgent need to bolster cybersecurity awareness and education across multiple sectors.

With a diverse clientele spanning the public sector, fintech, and e-commerce, Deimos is resolute on the critical importance of proactive security measures in safeguarding businesses against cloud security vulnerabilities.

Deimos prioritises automated security processes to reduce manual reviews and controls, mitigating human errors.

In Verizon’s 2023 Data Breach Investigations Report, they estimate that 74% of breaches involved the human element, which includes social engineering attacks, errors or misuse.

As remote and hybrid work is the new normal, businesses increasingly rely on cloud technology. Deimos sheds light on three vital methods engineering teams must apply to increase their cloud security:

  1. “Shifting left” – moving the security planning, design, and testing of key products earlier in the software development life cycle, rather than after release.
  2. “Defending right” – Implementing firewalls and intrusion detection systems to protect products from external threats.
  3. Utilising automated tools to establish guardrails before moving into production – such as static and dynamic application security testing, or package vulnerability scanning, to analyse source code, software packages, or web application respectively, for vulnerabilities. Utilising automated tools to establish guardrails before moving into production.

These protections are crucial for Africa’s fast-growing tech ecosystem which holds lucrative data and assets within the cloud, making unprepared businesses an attractive target for cybercriminals.

Each breach further impacts millions of Africans, across the continent and diaspora, and whilst cyber security solutions are readily available, many are not followed.

Deimos highlights the common pitfalls that startup organisations…

Source…

China Calls Hacking Report ‘Far-Fetched’ – The Diplomat


China Power | Security | East Asia

The Mandiant report accused a “China-nexus threat actor” of infiltrating the email systems of a wide range of government agencies, trade offices, and academic organizations.

China’s government on Friday rejected as “far-fetched and unprofessional” a report by a U.S. security firm that blamed Chinese-linked hackers for attacks on hundreds of public agencies, schools, and other targets around the world.

A Chinese Foreign Ministry spokesperson repeated accusations that Washington carries out hacking attacks and complained the cybersecurity industry rarely reports on them.

Mandiant’s report came ahead of a visit to Beijing by Secretary of State Antony Blinken aimed at repairing relations that have been strained by disputes over human rights, security, and other irritants. Blinken’s visit was planned earlier this year but was canceled after what the U.S. government said was a Chinese spy balloon flew over the United States.

The report said hackers targeted email to engage in “espionage activity in support of the People’s Republic of China.”

“The relevant content is far-fetched and unprofessional,” said the Chinese spokesperson, Wang Wenbin.

Enjoying this article? Click here to subscribe for full access. Just $5 a month.

“American cybersecurity companies continue to churn out reports on so-called cyberattacks by other countries, which have been reduced to accomplices for the U.S. government’s political smear against other countries,” Wang said.

The latest attacks exploited a vulnerability in a Barracuda Networks email system and targeted foreign ministries in Southeast Asia, other government agencies, trade offices and academic organizations in Taiwan and Hong Kong, according to Mandiant.

It described the attacks as the biggest cyber espionage campaign known to be conducted by a “China-nexus threat actor” since a 2021 attack on Microsoft Exchange. That affected tens of thousands of computers.

China calls hacking report ‘far-fetched’ and accuses the US of targeting the cybersecurity industry


BEIJING — China’s government on Friday rejected as “far-fetched and unprofessional” a report by a U.S. security firm that blamed Chinese-linked hackers for attacks on hundreds of public agencies, schools and other targets around the world.

A foreign ministry spokesperson repeated accusations that Washington carries out hacking attacks and complained the cybersecurity industry rarely reports on them.

Mandiant’s report came ahead of a visit to Beijing by Secretary of State Antony Blinken aimed at repairing relations that have been strained by disputes over human rights, security and other irritants. Blinken’s visit was planned earlier this year but was canceled after what the U.S. government said was a Chinese spy balloon flew over the United States.

The report said hackers targeted email to engage in “espionage activity in support of the People’s Republic of China.”

“The relevant content is far-fetched and unprofessional,” said the Chinese spokesperson, Wang Wenbin.

“American cybersecurity companies continue to churn out reports on so-called cyberattacks by other countries, which have been reduced to accomplices for the U.S. government’s political smear against other countries,” Wang said.

The latest attacks exploited a vulnerability in a Barracuda Networks email system and targeted foreign ministries in Southeast Asia, other government agencies, trade offices and academic organizations in Taiwan and Hong Kong, according to Mandiant.

The American and Chinese flags wave at Genting Snow Park...

The American and Chinese flags wave at Genting Snow Park ahead of the 2022 Winter Olympics, in Zhangjiakou, China, on Feb. 2, 2022. Hackers linked to China were likely behind the exploitation of a software security hole in cybersecurity firm Barracuda Networks’ email security feature that affected public and private organizations globally, according to an investigation by security firm Mandiant. Credit: AP/Kiichiro Sato

It described the attacks as the biggest cyber espionage campaign known to be conducted by a ”China-nexus threat actor” since a 2021 attack on Microsoft Exchange. That affected tens of thousands of computers.

China is regarded, along with the United States and Russia, as a leader in the development of computer hacking…

Source…