A Look Back on 2021
2021 has been an eventful year for cybersecurity! We started seeing a considerable uptake in security expertise as part of
Read More
General
The Crucial steps for Securing IoT devices this Holiday Season: Asset Inventories
As new laptops, mobile phones, WiFi routers, smart TVs, tablets, and other internet-connected holiday or year-end purchases make their way into workplaces, IT admins and cybersecurity professionals face the annual challenge of securing those devices. This year the scope of allowing new internet-connected devices into organizational settings is compounded by the recent vulnerability crisis posed by the Log4Shell vulnerability.
Read More
AWS Lambda Command Injection
Command Injection vulnerability is a daunting one. In this vulnerability, a threat actor can execute arbitrary commands on a host.
Read More
Security experts reveal their predictions for 2022
It is hard to believe that another year is about to pass, and while not quite as unpredictable as last year, 2021 held a lot of its own trials and tribulations – especially for the tech sector. Ransomware has hugely increased this year – in fact, the UK has been ranked number 10 on the list of countries worst affected by ransomware in a new report commissioned by Google – and we are in the eye of the storm of the ‘Great Resignation’, which is hitting the cybersecurity industry hard.
Despite this however, the year has also had its wins. This year the UN declared 2021 the International Year of Peace and Trust, Kamala Harris became the first female and black Vice-President of the United States, and more than 7.5 billion Covid vaccinations (so far) had been administered.
o as we celebrate the winds, wind down, and bring the year to a close, what can we expect from 2022? Cybersecurity Magazine spoke with eight technology experts to find out what they predict for the next 12 months. Here is what they had to say
The Problem with Statistics of Compromised Credentials in the Dark Web
These reports do often include a “shopping list” of Dark Web prices for various types of credentials and many do delve deeper into the details of these findings, often speculating as to why certain things cost as much as they do. However, the reality of the Dark Web is usually much more complex, to the point that quoting credentials volume and price is usually meaningless. Some reports do a better job than others touching on these complexities, but the fact remains that normally only the numbers in the reports – the volumes and prices – are the focus and what only gets quoted, with the full intent of those who wrote the report. But as noted, these numbers are usually meaningless. Here is why, and why you should always take them with a pinch of salt.
Read More
International Computer Security Day 2021: A Day to Strengthen Our Cyber Defences
Something that most businesses are beginning to understand is that, in today’s hyper connected age, robust cybersecurity is no longer an option, it’s a necessity. In the UK alone, 39% of all businesses have suffered a data breach within the past 12 months, and this figure increases substantially for medium (65%) and large enterprises (64%). So, this Computer Security Day, what should organisations be doing to better protect their most valuable assets from cyber threats?
Read More
Black Friday 2021: Top tips to keep your business safe and maximise sales
Black Friday has gathered momentum in the UK over the past decade, becoming the peak Christmas shopping day. This year, customers are expected to spend £9.2 billion over the weekend – 15% more than last year.
However, while retailers are looking to ramp up their offerings and optimise sales, businesses and consumers alike must protect themselves against the cyber-criminals poised to take advantage of the spike in online-spending – from ‘too good to be true’ phishing emails, to online fraud.
This Black Friday weekend, we spoke to a range of industry experts, who offered their advice on getting ready for the busy period – and protecting against the increased threat.
Authentication Mechanisms in the 5G System
The 5G system introduces multiple new authentication mechanisms. The initial 5G specification in 3GPP Release 15 defines the initial security solution including primary and secondary authentication. Further enhancements and additional security features are added in Release 16; some of them introduce new types of authentication. As a result, the scope and meaning of ‘authentication’ has expanded. This is a new trend in the 5G system as it introduces new concepts that did not exist in the preceding generation systems. One such example is the slice authentication for which the authentication is performed at the network slice level. As a result, the authentication mechanisms become more complex. This paper clarifies the details of each of these different authentication mechanisms.
Read More
DDoS Attacks on the Educational Sector are Threatening Online Learning
With the onset of Covid, online classes are starting to become a staple of modern learning. Many schools, colleges, and universities remain closed for months due to social distancing. Over 1.2 billion children are out of school globally.
Instead of whiteboards, we’re starting to use digital boards and software such as Miro. Instead of classrooms, we’re using Zoom and Skype calls. And for many, the only way to find out when the next lesson is starting is to look up a digital timetable on a school’s website.
At the same time, online learning infrastructure is largely unprotected. Many local schools or university websites operate under the pretense that they won’t become a DDoS target. And it’s easy to think that way. These platforms are small, they don’t generate a lot of income, if any, and they contribute to a good cause. So who would DDoS them?
and launch a powerful network flood for just a few dollars.
Encrypted Traffic Integration: A Persistent Challenge
When the operators and government representatives first met at Vienna in 1850 to work out the arrangements for connecting electrical telegraph networks across borders, they wrestled with a problem that has remained a persistent challenge ever since. The problem was the handling of communication traffic in Morse binary code by users pursuing perfect end-to-end encryption. In an attempt by users to keep their traffic messages from being read by anyone except for the intended recipient, they developed mathematical techniques for encrypting them, i.e., rendering them unintelligible and essentially invisible, along the transmission path.
Read More