Tag: Urged | SpinSafe

UK Businesses Urged to Fortify Against Global Cyber Threats

February 24, 2024/in Internet Security

In the shadow of Russia’s invasion of Ukraine, an unprecedented cyber conflict unfolds, sending ripples across the globe and awakening businesses to the stark realities of digital warfare. The National Cyber Security Centre (NCSC), a beacon of guidance in these turbulent times, has stepped forward with critical advice for UK enterprises. Amidst a landscape where cyber-attacks on Ukraine bear international consequences, the NCSC’s counsel serves as both a shield and a strategy, urging businesses to bolster their cyber defenses.

Empowering Businesses Against Invisible Threats

The digital realm, often invisible yet omnipresent, harbors threats that can cripple the unprepared. Recognizing this, the NCSC’s guidance is a clarion call to action for business owners. The advisory emphasizes fundamental cyber security measures such as ensuring software and devices are consistently updated, tightening access controls, and maintaining robust anti-virus and firewall defenses. Moreover, the importance of logging and monitoring systems, reviewing backup processes, and having an up-to-date incident response plan cannot be overstated. In a move to preempt potential cyber onslaughts, the NCSC also advises on the meticulous management of external internet footprints and establishing phishing response processes.

Building a Resilient Digital Ecosystem

Amid the digital cacophony, the recommendation to engage in threat information sharing and educating the organization about cyber threats is a step towards cultivating a culture of cyber resilience. The NCSC’s guidance is not just about defense but about fostering an environment where every member is aware and vigilant. Armstrong Watson’s initiative to host a free webinar further underscores the importance of equipping businesses with the knowledge to protect against cyber threats. This collaborative approach towards cyber security underscores the significance of unity in the face of digital adversaries.

Global Cyber Warfare’s Local Impact

The global cyber conflict, with its epicenter in Ukraine, serves as a stark reminder of the interconnectedness of our digital world. As historical patterns…

Source…

SEC urged to fix cyber security after X account hack – Security

January 12, 2024/in Computer Security

US lawmakers have urged the Securities and Exchange Commission (SEC) to review its cyber security preparedness after the financial regulator’s X account posted market material information earlier in the week due to a hack.

SEC urged to fix cyber security after X account hack

Someone briefly accessed its X, formerly called Twitter, account this week, the agency had confirmed, and posted a fake message saying it had approved exchange traded funds (ETF) for bitcoin.

The SEC eventually approved the first US-listed ETFs to track bitcoin the following day, but the unauthorised post a day earlier led to a rise in the price of Bitcoin to around US$48,000 ($71,770) before falling to below US$45,000 minutes later.

In a letter to the agency on Thursday, Ron Wyden, a Democratic senator from Oregon, and Cynthia Lummis, a Republican senator from Wyoming, sought an investigation into the incident, which they deemed as “SEC’s apparent failure to follow cyber security best practices”.

X, which is owned by billionaire and Tesla boss Elon Musk, confirmed that hack.

It said that an “unidentified individual” obtained control over a phone number associated with the agency’s account and that the SEC did not have multi-factor authentication enabled at the time.

Multi-factor authentication (MFA) is a two-pronged privacy tool which allows access to an internet account only after the user has keyed in the password and a security key sent over on email, to a phone or generated via an authenticator app or fob.

“We urge you to investigate the agency’s practices related to the use of MFA, and in particular, phishing-resistant MFA, to identify any remaining security gaps that must be addressed,” Wyden and Lumis said in their letter.

The SEC had earlier said it was working with law enforcement to investigate the hack.

Source…

iPhone users urged to install new software immediately after powerful security hole found

September 9, 2023/in Internet Security

Apple iPhone Security Update (Copyright 2022 The Associated Press. All rights reserved)

iPhone users have been urged to download a new update immediately.

The update was pushed out by Apple to iPhones and iPads after a major security vulnerability was found in the devices.

Patching up that hole with the new software update should keep those devices safe. But without it, attackers could break into an iPhone and spy on its user.

The security issue was found by researchers at the University of Toronto’s Citizen Lab. They said the problem was being “actively exploited” by hackers, and that all users should update immediately.

They were doing so by delivering commercial software called Pegasus, which is made and sold by Israeli company the NSO Group. That software is expensive and targeted, and has primarily been used on specific activists, journalists and politcians, who are likely to know if they are at particular risk of an attack.

The latest attack was used on the iPhone of a member of staff at a US civil society organisation with international offices, Citizen Lab said. It named the new exploit BLASTPASS and said that it did not even require users to click anything on their device.

The NSO Group and Apple have in recent years been engaged in a long-running fight to find and fix security flaws that could allow for the delivery of that software.

Recent iPhone updates brought a new “Lockdown Mode” that places extra restrictions on the device in an attempt to close up potential security flaws. That includes not downloading images that could include spyware, for instance – which is how attackers deliver the hack in this most recent scare.

Downloading the new update is simple. It is done through the Settings app on iPhones and iPads, by clicking the “general” and then “software update” options – that will check for any new updates, and offer the option to download it.

Phones may eventually automatically install the new operating system, which could mean that no download shows up in that screen. Users can check if they have already updated to the new, patched operating system by clicking the “about” option in the general settings, and looking whether they have the…

Source…

Vatican urged to create “Cyber Security Authority”

June 30, 2023/in Computer Security

A group of Catholic computer experts, two whose services are employed by the Roman Curia, are calling for the creation of a “Vatican Cyber Security Authority”. The proposal, which was made at the end of May in an article published on the LinkedIn social network, comes at a time when the Holy See has experienced an increasing number of cyber attacks.

The authors of the article – Professors Chuck Brooks and Alessio Pecorario of Georgetown University in Washington, IT specialist Andreas Iacovou, and lawyer Yuriy Tykhovlis – aim to draw attention to two points. Firstly, the Vatican can no longer wait to take action on its own against the threats it is facing. Secondly, the Catholic Church should participate in the global reflection on the subject.

The authors say the “Catholic world” itself is in fact exposed to major threats. In particular, they say the Church runs the risk of having its “online donations” hacked. And they say Catholic healthcare facilities are prime targets from hackers who cease data in return for a ransom. Furthermore, they say the Holy See as a state-like entity is a target of “interference in diplomatic activities”.

“Weaknesses in the Vatican’s digital infrastructure”

In the face of these threats, a “Vatican cyber authority” could thus develop “policies and procedures to protect the Vatican’s digital assets, including its networks, servers, and databases”, as well as “identify potential cyber threats and weaknesses in the Vatican’s digital infrastructure” and provide internal training in the matter.

To be effective, the researchers recommend, this new Vatican authority should “be staffed by experienced cyber security professionals with expertise in a wide range of areas, including network security, incident response, and digital forensics”.

This group of experts, of which there is no equivalent in the Vatican today, should also “share information about cyber threats” with authorities in other governments, and contribute to global thinking on the subject.

“The Holy See is entitled to propose, discuss, negotiate, and promote a new normative paradigm on the governance of new technologies,” write the authors of the article,…

Source…

Tag Archive for: Urged

Empowering Businesses Against Invisible Threats

Building a Resilient Digital Ecosystem

Global Cyber Warfare’s Local Impact

“Weaknesses in the Vatican’s digital infrastructure”