Tag Archive for: companies

Quantum hacking is a looming privacy threat. Companies should start worrying now

/in


Now that everyone else has had a turn, quantum hackers are coming for your data.

Well, not quite yet. But they’re working on it.

Quantum computers, which are still in development by players such as Google, IBM, and Microsoft, hold enormous promise to do good as well as harm. The U.S. and Chinese governments are pouring billions into them.

For a primer on this new breed, I turned to Martin Lee, technical lead of security research and EMEA lead at Cisco Talos, the networking giant’s threat intelligence and response group.

Traditional computers operate on binary digits, or bits, that are either one or zero. In a quantum machine, “the bits are one, zero, or everything in between, all at the same time,” Lee says. So it “has the possibility of being able to calculate and consider many different solutions to a problem all at the same time to find the correct answer.”

That’s ideal for calculating the shapes of proteins to discover new drugs, Lee notes, or the thermodynamics of an engine.

It’s also perfect for stealing data.

Because a quantum computer makes calculating the factors of prime numbers much easier, it could swiftly crack many existing encryption algorithms, Lee says.

How soon? Maybe next year, maybe in five years, or maybe never, Lee reckons. But it’s time to start considering the problem so it doesn’t become an emergency, he warns. “Certainly, CIOs and CTOs need to think about ‘How do we prepare for a post-quantum world?’”

In response, companies are already developing and deploying quantum security. One is QuSecure, a California startup whose clients include Cisco, Dell, and the U.S. military.

Hackers are harvesting data now for quantum decryption later, says cofounder, chief product officer, and CTO Rebecca Krauthamer. Prime targets include electronic health and financial records, as well as national security data, Krauthamer adds. “All those kinds of things, they have a shelf life, and that’s why for some sectors, it’s a very urgent problem.”

To ward off quantum attacks, you fight fire with fire, right? Actually, no.

QuSecure’s software sits atop a client’s existing encryption, explains Skip Sanzeri, cofounder, chair, and COO. Besides some…

Source…

Price of zero-day exploits rises as companies harden products against hackers

/in


Tools that allow government hackers to break into iPhones and Android phones, popular software like the Chrome and Safari browsers, and chat apps like WhatsApp and iMessage, are now worth millions of dollars — and their price has multiplied in the last few years as these products get harder to hack.

On Monday, startup Crowdfense published its updated price list for these hacking tools, which are commonly known as “zero-days,” because they rely on unpatched vulnerabilities in software that are unknown to the makers of that software. Companies like Crowdfense and one of its competitors Zerodium claim to acquire these zero-days with the goal of re-selling them to other organizations, usually government agencies or government contractors, which claim they need the hacking tools to track or spy on criminals.

Crowdfense is now offering between $5 and $7 million for zero-days to break into iPhones, up to $5 million for zero-days to break into Android phones, up to $3 million and $3.5 million for Chrome and Safari zero-days respectively, and $3 to $5 million for WhatsApp and iMessage zero-days.

In its previous price list, published in 2019, the highest payouts that Crowdfense was offering were $3 million for Android and iOS zero-days.

The increase in prices comes as companies like Apple, Google, and Microsoft are making it harder to hack their devices and apps, which means their users are better protected.

“It should be harder year over year to exploit whatever software we’re using, whatever devices we’re using,” said Dustin Childs, who is the head of threat awareness at Trend Micro ZDI. Unlike CrowdFense and Zerodium, ZDI pays researchers to acquire zero-days, then reports them to the companies affected with the goal of getting the vulnerabilities fixed.

“As more zero-day vulnerabilities are discovered by threat intelligence teams like Google’s, and platform protections continue to improve, the time and effort required from attackers increases, resulting in an increase in cost for their findings,” said Shane Huntley, the head of Google’s Threat Analysis Group, which tracks hackers and the use of zero-days.

In a report last month, Google said it saw hackers use 97 zero-day…

Source…

Polycab, Motilal Oswal, Bira91 Among Latest Companies To Be Hit By Ransomware Attacks

/in



Polycab, Motilal Oswal, Bira91 among latest companies to be hit by ransomware attacksImage: Shutterstock

India is one of the most attacked countries in cyberspace, and ransomware attacks are the biggest growing threat. In the last two weeks, multiple reports published by global cybersecurity companies point out that ransomware and malware attacks have surged in the country. Despite this, only a handful of organisations have a formal ransomware plan in place, with some of them even resorting to paying the ransom demands.
On March 17, Polycab India was targeted by LockBit, the most active global ransomware group. According to Polycab, the incident did not impact the core systems and operations of India’s largest wire and cable maker. “The technical team of the company along with a specialised team of external cybersecurity experts are working actively on analysing the incident,” it said in a filing with the stock exchanges. There was no mention of any ransom paid in the filing.
Similarly, prominent brokerage firm Motilal Oswal (MOSL), which has over 6 million clients, was attacked by the same ransomware group in mid-February. LockBit claimed the attack on its dark website. MOSL detected a cyber-incident in the form of some malicious activity on a few of the employees’ computers. Their IT security team activated its cybersecurity incident response process to investigate, contain, and remediate the incident in an hour.
“This incident has not affected any of our business operations or IT environment. It is business as usual. We also proactively went ahead and reported this matter to relevant law enforcement and regulatory authorities immediately,” the company said in a formal statement.

Lockbit has hacked some of the world’s largest organisations recently. On February 19, Britain’s National Crime Agency, the US Federal Bureau of Investigation, Europol, and a coalition of international police agencies disrupted Lockbit’s operations by taking over its website. “This site is now under the control of the National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos’,” a post on the ransomware group’s website said.
Shortly…

Source…

Top 5 Best Penetration Testing Companies in 2024

/in






Jules R. , Tech Times

man in black jacket using computer
(Photo : KeepCoding / Unsplash)

Businesses in every industry are under threat of data breaches as threat actors discover new ways of pinpointing weaknesses in the IT infrastructure. Companies are under pressure to fortify their defense before cybercriminals can exploit them. They need the help of penetration testing companies who know the right tools and methods to ensure the defenses remain strong.

Why is penetration testing important?

Penetration testing involves simulating cyberattacks on a company’s systems and network. It verifies the security controls to assess if a company is ready for real-life cyberattacks as the service uncovers vulnerabilities and weaknesses before threat actors can exploit them.

Penetration testing services help companies obtain information about the different ways cybercriminals conduct their malicious activities, which can cause irreversible damage to the financial health and reputation of an organization. IT personnel can learn how to handle any type of break-in with insights into which channels or applications are most at risk, thereby preparing an effective and appropriate response to a cyberattack.

Read further to learn how the top 5 best penetration testing companies in 2024 address security concerns and fortify their clients’ security posture.

Silent Breach
(Photo : Silent Breach)

Overview

Silent Breach specializes in network security and protection of digital assets. They provide cutting-edge services and expertise across many industries in the private and public sectors. They are an award-winning provider, delivering a level of service that far exceeds industry standards.

Silent Breach employs real-world methods that closely mimic the behavior of determined hackers, including a blend of automated and manual testing to provide the broadest coverage. Their penetration testing services support a wide variety of tests, including web apps, mobile, wireless, physical, social, cloud, and more.

Back in 2021, Silent Breach…

Source…