FireSale HackBoy

Knowledge Shared By FireSale HackBoy...

Hacking

The Art Of Exploitation...

Ethical Hacking

Security Experts...Same Techniques To Make Hacker's Stuff Useless.

Black Hat Hacking

Dark Side Of Hacking... In Short Destruction Of Cyber Stuff.

Digital Stuff

All The Digital Stuff Is Under The Influence Of Cyber Attacks... Be Safe

Saturday, July 31, 2021

Your top five questions on biometric bank cards answered

As we stated in a previous blog, biometric bank cards are a strong trend defining the future of payments. Whether it’s the enhanced security, the sleek and simple customer experience or the smooth enrolment process, biometric bank cards will soon set the precedent of what the payment process should look like.

However, as a relatively new technology, you may have some questions about biometric cards. How do they work? Are they more secure than other EMV cards? Are they easy to use?

To help explain this innovation in payment technology, we’ve answered your top five questions on biometric cards from our recent webinar:

Q1: What will be the main method of fingerprint registration to the card?

The main method of registering customers on biometric bank cards is done very simply with a sleeve. In short, a sleeve is a small card reader, made of recycled plastic. There are no electronics inside a sleeve, just a button battery which provides energy when the card is inserted during the registration process. Similar to how we onboard our biometrics on smartphones, the user needs to place their finger on the card’s sensor several times. When the green light flashes, it means the fingerprint is correctly registered.

Once registered, the activation of the biometric data in the card is done after a security step: the cardholder must be authenticated with a first transaction or cash withdrawal using their PIN code or via online approval.

There are other ways users can set up their biometric payment card, depending on a banks’ strategy. For example, banks can enrol their customers’ fingerprints in the branch. This is done using a device composed of a screen and a keypad allowing to enter the card’s PIN before starting the registration. Onboarding could also be done using the consumer’s smartphone.

Q2: What is the real market pain point that biometric payment can remove now that contactless limit has been increased and security does not seem to be an issue anymore?

First and foremost, biometric bank cards offer a streamlined, simpler user experience than traditional EMV bank cards. With a simple tap, a user can perform a transaction, removing the need to enter a PIN number on the point-of-sale (POS) terminal – for both contact and contactless payments.

What’s more, despite the recent increases in contactless payment limits, biometric bank cards remove the limit on these transactions altogether. This is because users are securely authenticated by the fingerprint scanner on the card, offering the level of security needed to enable unlimited contactless payments.

Another benefit of biometric bank cards is the enhanced security for both consumers and banks. With an in-built biometric scanner, biometric cards can only be used if the user’s biometric features are presented to the scanner at the time of transaction. Even if a biometric card is stolen, it cannot be used for even the smallest transactions without the biometric authentication.

Q3: What changes are required from the banks’ processing platform and existing POS infrastructure to accommodate biometric bank cards?

In regard to banks’ processing platforms, there is very little to no impact when it comes to integrating biometric bank cards.  During a transaction, some new data is sent by the card to the bank and tell the bank whether a payment was approved by biometric verification.

If banks do not want to update their current systems, the fingerprint transaction will be seen by default as an offline PIN. Consequently, banks can either fully integrate biometric bank cards progressively or instantly.

With POS terminals, there is no change required. Biometric bank cards use the same existing protocols within payment terminals as for mobile payments, so there is no need to update the POS terminal.

Q4: What is the power source of the card to ensure that the sensor can match the stored fingerprint properly?  Is it inside the card?  How long does it last and is it rechargeable?

One of the beauties of the biometric bank card is that it doesn’t need an integrated battery to power it. Through the power of near field communication (NFC) technology, the card takes the energy directly from the payment terminal when it is used.

The antenna of the card is designed to retrieve the maximum power from the terminal, which is enough to run the sensor and the transaction flow.

Therefore, the card can work as long as any other standard EMV payment cards.

Q5: Are you storing the fingerprint image in the sensor and if yes how secure is this?

Biometric bank cards actually do not store the full fingerprint image, but rather an extraction of very specific points of the fingerprints.

What’s more, instead of storing these data points on a bank’s central server, biometric information is stored locally inside the secure chip integrated into the card, offering a far greater level of security to both banks and consumers.

Even if someone could access the data on the chip, it would be impossible to reconstruct the fingerprint image, meaning that the card would be unusable to the hacker.

Interested and want to learn more? Leave us a question in the comments below or tweet us @ThalesDigiSec and we will get back to you!

The post Your top five questions on biometric bank cards answered appeared first on Cybersecurity Insiders.


August 01, 2021 at 09:10AM

‘Numberless’ bank cards could be the future: here’s why

In the last few years, the EMV payment card has become increasingly popular and familiar to us all. This is, in part, due to innovations such as contactless communications, different card bodies (such as metal or repurposed ocean plastic) and biometric fingerprint authentication. Today around 3 billion cards are issued every year and the total number of cards in use exceeds seven billion. For every 100 payments in store, 45 were made using a card in 2019, and that figure is expected to grow to 49 by 2023.

As a result of the EMV (Europay MasterCard Visa) standard, payment cards have achieved worldwide acceptance.

No matter where you go, no matter which issuing bank you have, you will be able to pay with your card, in store and online, as long as they are EMV compliant. The EMV standard has made efficient progress over time: they have introduced innovations without dropping older functionalities – which means greater acceptance and versatility for the end user.

Given the rise of the smartphone as the personal digital bank branch, it’s probable that we’re moving towards a future where cards and mobiles will coexist rather than compete. The first likely evolution could very well be the proliferation of ‘numberless cards.’

The case for removing numbers on banking cards

The printed cardholder name, the PAN (Personal Account Number), the card expiration date, and the CVV/CVK (Card Verification Value or Key) are used today to fill payment checkout forms on ecommerce websites. If all this data was available within the cardholder’s bank mobile app, it could be removed from the card body without truly changing the cardholder experience.

Besides the cardholder’s name that the standard mandates, all other data on cards can, in theory, be removed. Usually, the business motivation for the issuer is to make sure all online cardholder transactions are performed by that card are ‘top of wallet’. That is why nearly all cards come with the complete data set printed or embossed for old carbon copy credit cards machines – just in case some cardholders did not have access to the mobile app.

Combining card and mobile services

One solution for the issuer could be a digital copy of the card body information within the bank mobile app. In a very near future, mobile banking will become sufficiently widespread so that consumers know where to find the card data within the app.

Today banks can provide the PAN, expiration date and CVV of an issued card in the cardholder mobile app. According to the PCI DSS (Payment Card Industry Data Security Standard) rules, only the first five digits and the last four can be displayed. One possible method to cope with the PCI DSS rule is to allow all digits to be displayed in the app if the cardholder performs a strong (re)authentication on their mobile when the data display is requested. This new mobile app function allows the card to essentially be numberless, protecting the sensitive data in case the card is lost or stolen.

A seamless duo

Soon the acceptance of Mobile Banking and Mobile Payments will be so widespread that the printed security data on the EMV card body can be removed. We’re already seeing this today with high-end financial service providers who offer metal cards, where text and numbers are often removed for aesthetic reasons. The Apple Card for example is a duo Apple Wallet + Titanium card. The physical card has a minimum number of printed elements on the card body; the ISO dimensions and chip placement are of course standard, the magnetic stripe is present – especially since US merchants POS are not all yet 100% EMV ready . The cardholder’s name is laser-printed, and the scheme and the BIN sponsor logos are displayed. The result is a very elegant design with titanium as a material to express quality and excellence. The last four digits of the PAN are available within the mobile wallet.

With this pairing of mobile wallet and card, contactless payments in-store use Apple Pay, while online purchases use Apple Pay in-app and in-web wherever available. The Titanium card is used for in-store payments wherever Apple Pay NFC tap is not available yet, and the card data, available in the mobile wallet, is for online purchases wherever Apple Pay in-app and in-web are not available yet.

So, in effect, this combination of card and mobile wallet cover all transaction scenarios.

Taking a digital-first approach

Neobanks are already taking a digital first approach to new customer acquisitions. Within a few minutes of a new sign-up, they give the user a solution for in-store and online payments through the instant generation of a PAN and issuance of an EMV token for the newly created EMV wallet. This allows a virtual card to be delivered to the mobile app to allow the customer to start making online purchases straight away.

All such mobile-centric, user-managed and instantaneous services are known as ‘Digital First’ by leading payment schemes in the EMV ecosystem. Within this philosophy, physical and digital cards issuance is made seamless, as is the setting of certain parameters for cards such as the PIN, spending limits, temporary activation/de-activation and more.

The physical card requires an activation procedure upon receiving the card, meaning that it must get all the way to the genuine cardholder’s hands. This type of activation is simply not necessary for the digital issuance channel as the mobile app’s strong authentication enables instant issuance and availability of the digital cards.

Until now, the physical card issuance was a prerequisite for subsequent digital card issuance. Digital First creates a direct, instantaneous digital channel, independent from the physical card issuance process. The end result is a more seamless and secure user journey, higher rates of satisfaction for the customer, and a heavily reduced chance of the new user leaving the banking service shortly after joining.

The post ‘Numberless’ bank cards could be the future: here’s why appeared first on Cybersecurity Insiders.


July 31, 2021 at 09:09PM

Friday, July 30, 2021

How can Digital First banking benefit financial institutions?

The benefits of Digital First banking for the consumer are clear. Whether it’s both physical and digital card issuance, real-time card management or secure, hassle-free online payments, the services on offer to consumers when it comes to Digital First banking are almost endless. With these digital features comes increased convenience and instantaneity, the core principles of modern banking.

But what is the benefit of Digital First for banks? While better serving the consumer is always the core goal for financial institutions, Digital First can also enhance the services that banks offer in a variety of key areas. So, before investing in a best-in-class digital banking infrastructure, it is important to know how digital first can benefit your bank as well as your consumers.

Empowering EMV as the premier online payment method

While the use of EMV bank cards is a staple when it comes to physical, in-person purchases, their use for buying goods and services online is less consistent. The meteoric rise of online shopping has seen the payment market diversify, with more consumers paying for goods and services with digital wallets and person-to-person (P2P) payments, displacing EMV bank cards as the primary option when shopping online.

What’s more, the use of EMV cards online can come with its own problems. Research has found that as many as 27% of shoppers abandon their online shopping carts due to complicated checkout processes. While seemingly easy, the constant process of entering in card details has proven to be a sticking point for consumers.

With this in mind, how can banks make EMV cards more accessible than other payment methods?

With a Digital First approach, banks can cut out the hassle of entering card details by offering consumers instant digital card payment through their mobile apps. With services such as virtual card display, consumers can seamlessly pay for their products without having to spend time repetitively punching in their card details.

Why does this benefit banks? With a more convenient transaction process, consumers will be incentivized to use their EMV cards from their mobile. As a result, the increased convenience of the virtual card leads to more consumers using their bank issued EMV card for online transactions.

The battle for online purchases is far from over, and with the help of Digital First banking, banks can strengthen the online position of their EMV cards against competing methods.

Enhanced Security for the issuer and consumer

We can all agree that when it comes to payments, security will remain a top priority across the board, both for banks and consumers. As of last year, global payment fraud has been predicted to increase to as much as $40.62 billion in 2027 (25% higher than 2020), What’s more, CNP (card not present) fraud accounted for 76% of fraud losses in Europe in 2020. With these numbers in mind, it is critical that banks equip themselves and their consumers with the tools needed to prevent illegal activities from occurring.

With Digital First banking being anchored around the mobile banking app, banks can use measures such as biometric authentication or digital signatures to ensure that only the certified user of the app can access the mobile banking suite.

And, in the unfortunate case of a physical card being stolen, consumers can be alerted of unwanted transactions through real-time transaction display in the form of notifications on their smartphone. Upon being alerted, consumers can simply cancel or freeze their card in real time through the mobile app, to prevent any further unwanted transactions.

By empowering consumers with the tools to protect their payment information, banks can in turn provide further protection to themselves through Digital First.

Increased competitiveness (through a wide, adaptable range of services)

Today, banks are well aware of what the consumer wants when it comes to banking: simplicity and instantaneity. As such, banks across the financial services landscape, including online-based ‘neobanks’, have expanded their offering to cater to these evolving consumer expectations. So, as each bank broadens the spectrum of services they offer, maintaining a competitive advantage in a fierce market is crucial.

With a Digital First methodology, banks can become more competitive by giving consumers the keys to their own banking experience, offering an adaptable service that can fit the needs of any consumer, all the while maintaining the core tenets of convenience and instantaneity.

Whether it is an online shopper who wants to use specific cards or particular eCommerce sites, or a traditional bank customer who prefers to collect their new cards in store, Digital First enables banks to shapeshift to fit the needs of any customer, regardless of their personal of preferences.

While better serving consumers will always remain a priority for any bank, it’s important that the solutions they implement offer additional benefits that help take their range of services to the next level. With Digital First, the promotion of customer experience can simultaneously improve a bank and their services.

Looking to find out more about Digital First? Learn more at our dedicated webpage. If you have any questions, let us know in the comments or tweet us @ThalesDigiSec, and we’ll get back to you with an answer!

The post How can Digital First banking benefit financial institutions? appeared first on Cybersecurity Insiders.


July 31, 2021 at 09:10AM

New Harris Poll: Cybersecurity Fears May Stall COVID-19 Digital Vaccine Card Adoption in the United States and United Kingdom, Identity Theft and Fake Cards Top List of Concerns

REDWOOD CITY, Calif.–(BUSINESS WIRE)–Anomali, the leader in intelligence-driven cybersecurity solutions, today announced availability of its latest survey conducted by The Harris Poll. The study, which gathered responses from more than 2,000 adults 18 and older in the United States and more than 1,000 adults 18 and over in the United Kingdom, reveals that more than three-quarters of American and British adults have cybersecurity fears around the use of COVID-19 digital vaccination cards. Additional findings showed which entities respondents believe are responsible for protecting them against cyberattacks and who they believe the most likely culprits will be.

The survey revealed similarities and differences between the populations. A majority of British and American adults predict that a disruptive cyberattack will follow digital vaccine card adoption, but they differ in other areas, such as confidence levels when it comes to how prepared each nation is to mount a defense. Among key findings:

  • 80% of Americans and 76% of those in the U.K. have cybersecurity concerns related to COVID-19 digital vaccination cards. Identity theft topped the list for both groups at 51%, with fake vaccine cards that could be used to hack smartphones (Americans 45%, British 44%) and data breaches (Americans 44%, Brits 45%) close behind.
  • 93% of Americans and 89% of British adults have smartphones capable of supporting COVID-19 digital vaccination cards.
  • 45% of Americas and 54% of Brits say they are very “likely” to use COVID-19 digital vaccination cards if they become a requirement for certain activities, such as traveling, attending sports venues, school attendance, entering a store or government building, etc. However, doubt remains, as 23% of U.S. respondents and 26% in the U.K. said they are “somewhat” likely. A full 32% of Americans rejected the idea of using digital vaccine cards (i.e., were not very or not at all likely to use them), as did 21% of Brits.
  • 64% of respondents in both countries expect that COVID-19 digital vaccination cards will lead to a cyberattack causing “moderate to major” disruption to business, government, and consumers. 23% of Americans and 27% of those in the U.K. said that disruption would only be “slight.” 12% of Americans and 9% of Brits do not expect any relate disruptions.
  • When asked to identify what type of adversary is most likely to carry out a cyberattack related to COVID-19 digital vaccination cards, Americans most frequently choose nation-state cyber actors like Russia, China, or North Korea (36%). U.K. respondents expressed that organized cybercriminal gangs were most likely (42%).
  • Confidence in defensive capabilities varied considerably between the U.S. and United Kingdom. 64% of the British “somewhat to strongly” agree that government and private business is prepared to defend consumers against a related cyberattack, while only 48% of Americans felt the same. When asked which entity was responsible for providing defense, 63% of U.S. and 74% of British respondents pointed to government.
  • Although COVID-19 passport standards haven’t been established, when asked to pick from a list of organizations that will most likely be responsible for creating and managing standards, the World Health Organization (WHO) was most frequently cited by Americans (45%), while the British most frequently chose Government (55%).

“Over the course of the pandemic, our intelligence analysts detected thousands of cyberattacks that were taking advantage of people’s desire to consume information online about how COVID-19 was impacting their lives and world. We’ve detected adversaries doing everything from using fake contact tracing apps to hijack smart phones and steal credentials to launching mass phishing campaigns to infect networks with things like ransomware,” said Hugh Njemanze, President, Anomali. “The easing of restrictions, rise in cyberattacks, and consumers’ willingness to use their smartphones to break free from restrictive lockdowns are at a nexus. Organizations responsible for keeping consumers and businesses safe online need to know who the adversaries are, where the attacks are coming from, and how to detect them before they develop into catastrophes.”

Methodology

This survey was conducted online by The Harris Poll on behalf of Anomali from June 30 – July 7, 2021 among 2,021 U.S. adults and among 1,007 U.K. adults all ages 18 and older. Raw data were weighted by the following demographic variables where necessary to reflect the general adult population as follows: age, gender, education, region, race, HH size, and marital status. Propensity score weighting was also used to adjust for respondents’ propensity to be online. This online survey is not based on a probability sample and therefore no estimate of theoretical sampling error can be calculated.

Twitter: https://twitter.com/Anomali

LinkedIn: https://www.linkedin.com/company/anomali/

Blog: https://www.anomali.com/blog

About The Harris Poll

The Harris Poll is one of the longest-running surveys in the U.S., tracking public opinion, motivations and social sentiment since 1963. It is now part of Harris Insights & Analytics, a global consulting and market research firm that strives to reveal the authentic values of modern society to inspire leaders to create a better tomorrow. We work with clients in three primary areas; building twenty-first century corporate reputation, crafting brand strategy and performance tracking, and earning organic media through public relations research. Our mission is to provide insights and advisory to help leaders make the best decisions possible.

About Anomali

Anomali is the leader in global intelligence-driven cybersecurity. Our customers rely on us to see and detect threats, stop breaches, stop attackers, elevate resiliency, and improve the productivity of their security operations. Our solutions serve customers around the world in every major industry vertical, including many of the Global 1000. We are a SaaS company that offers native cloud, multi-cloud, on-premises, and hybrid technologies. As an early threat intelligence innovator, Anomali was founded in 2013 and is backed by leading venture firms including Google Ventures, IVP, General Catalyst, and several others. Learn more at www.anomali.com.

The post New Harris Poll: Cybersecurity Fears May Stall COVID-19 Digital Vaccine Card Adoption in the United States and United Kingdom, Identity Theft and Fake Cards Top List of Concerns appeared first on Cybersecurity Insiders.


July 31, 2021 at 09:09AM

CloudCover Announces Two New Appointments to Board of Directors

MINNEAPOLIS–(BUSINESS WIRE)–CloudCover®, an automated intelligence (AI)-driven cybersecurity platform, announced today that it has appointed Jimmie Lee, former head of security applications at Facebook, and Peter Lacey, executive chairman at Cervus Equipment Corporation, to its board of directors, effective immediately.

“We are pleased to welcome Jimmie and Peter to our board of directors at a time when our company is poised to experience significant growth,” says Stephen Cardot, CEO and co-founder of CloudCover. “Their expertise will be instrumental as we continue to scale our company and shift our industry’s approach from reactive cybersecurity to a proactive, predictive CyberSafety posture.”

CloudCover delivers XDR/SOAR Platform-as-a-Service (X/S-PaaS), with a mission to bring certainty back to an uncertain digital world. The company’s CC/B1™ technology functions as an advanced AI-based XDR/SOAR platform providing proactive security protection for an organization’s network security needs, safeguarding all network data automatically, and stopping malware threats at microsecond speeds with near-perfect accuracy.

As board members, Lee and Lacey will help guide CloudCover’s management and direction – and both bring an incredible wealth of knowledge to their appointments. Lee is a cybersecurity engineering executive with over 25 years of security innovation experience and leadership. He has designed, implemented, and led engineering, IT, security, and risk management platforms for Fortune 100, including Microsoft and Facebook.

“I’ve had the pleasure of knowing Stephen for over a year, and I’ve watched as he and the CloudCover team are working hard to market and scale their innovative CC/B1 platform,” Lee says. “CC/B1 isn’t like anything else in the market right now – it’s going to transform multiple industries, and I’m looking forward to serving on CloudCover’s board during this exciting time.”

Lacey is an executive with over 35 years of experience in manufacturing, agriculture, and sales operations. Prior to his role as chairman of Cervus Equipment Corporation, a world-leading equipment dealer, he was the president and CEO of the company and its predecessor for nearly 15 years. “CloudCover’s goal of a world with ‘no more hacking’ is incredibly compelling – and I know they have the technology, the expertise, and the vision to make it happen,” Lacey says. “I am proud to play a role in helping drive the organization with strategic direction and planning.”

About CloudCover

CloudCover®, an AI-driven cybersecurity platform, has reimagined cybersecurity – delivering real-time extended threat detection and response (XDR) through a patented, math-based security orchestration automated response (SOAR) risk-aware and control platform. The SOAR system accumulates data between an organization’s diverse security technologies and environments and streamlines them for a holistic action on potential risks. Our CC/B1 platform provides an ever-evolving, protective layer to your existing cybersecurity tech stack – meaning network threats are detected with 99.9999999% accuracy and eliminated in microseconds. With CloudCover, the elusive “single pane of orchestration” capability of an organization’s network security isn’t a myth – it’s reality. To learn more, visit www.cloudcover.cc or follow us on LinkedIn.

The post CloudCover Announces Two New Appointments to Board of Directors appeared first on Cybersecurity Insiders.


July 31, 2021 at 09:09AM

Northern Virginia Talent Initiative Website Draws 483,000 Visitors and 72,000 Job Views

FAIRFAX COUNTY, Va.–(BUSINESS WIRE)–Just over one year after the official launch of its workinnorthernvirginia.com website and accompanying talent initiative funded by the Fairfax County government, the site created by the Fairfax County Economic Development Authority (FCEDA) has logged more than 483,000 visitors and 72,000 job views.

The website connects a new and diverse talent pool – in Northern Virginia and in key target markets such as the Bay Area and New York City – with companies in the region. Launched in collaboration with the Northern Virginia Economic Development Alliance (NOVA EDA), the site this morning lists more than 121,000 job opportunities from innovative local companies in industries ranging from cybersecurity to aerospace and healthcare.

“We are thrilled to have already connected thousands of job seekers from across the nation with hiring companies in our region, but this is only the beginning,” said Victor Hoskins, president and CEO of the FCEDA.

In addition to displaying job opportunities, workinnorthernvirginia.com serves as a digital hub for the FCEDA’s initiative funded by the Fairfax County Board of Supervisors to attract, retain, retrain and grow talent that businesses need to grow and succeed here.

The website features a cost-of-living calculator, a commuting tool, a neighborhood quiz to help relocating talent learn more about Northern Virginia’s diverse living options, an interactive map that showcases the density of top employers in the area, and a wealth of information on local upskilling programs and resources. A robust digital marketing campaign has driven traffic to the website.

The talent initiative has featured a series of virtual career fairs that have focused on different segments of the job market, from entry-level jobs for recent college graduates to open positions in cyber and cloud for mid-career technology professionals. In total, five career fairs have attracted 3,470 attendees and resulted in more than 7,000 completed conversations between job seekers and hiring representatives.

Together with two more virtual career fairs that the FCEDA sponsored, the events have involved more than 500 recruiters from 170 businesses ranging from Fortune 500 firms to small and minority-owned firms. Some 100 colleges and universities also have been involved, including 40 historically black institutions of higher learning. Partners also have included organizations that promote diversity and inclusion in hiring, such as Women Who Code, BDPA-African American STEM Association, NOVA Hispanic-American Chamber of Commerce and the Virginia Department of Veterans Services.

“Fairfax County funded the Economic Development Authority’s talent initiative to build awareness of the thousands of open jobs here and the quality of life that people can enjoy in Northern Virginia. I am pleased to see after a year of investment, the success we are having in growing our talent pool,” said Jeffrey C. McKay, chairman of the Fairfax County Board of Supervisors.

The Fairfax County Economic Development Authority promotes Fairfax County as a business and technology center. In addition to its headquarters in Tysons, Fairfax County’s largest business district, the FCEDA maintains business investment offices in six important global business centers: Bangalore/Mumbai, Berlin, London, Los Angeles, Seoul and Tel Aviv. Follow the FCEDA on Facebook, Instagram, LinkedIn, Twitter and YouTube.

The FCEDA is a member of the Northern Virginia Economic Development Alliance. Other members: the Alexandria Economic Development Partnership, Arlington County, City of Fairfax, City of Falls Church, Fauquier County, Loudoun County, City of Manassas, City of Manassas Park and the Prince William County Department of Economic Development.

The post Northern Virginia Talent Initiative Website Draws 483,000 Visitors and 72,000 Job Views appeared first on Cybersecurity Insiders.


July 31, 2021 at 09:09AM

Why digital issuance is the perfect recipe for modern financial services

While instant card issuance has become a common service for many banks, digital issuance, where banks can issue card credentials directly to a customer’s mobile wallet, looms as the next development to revolutionise the way consumers interact with their financial services provider. 

However, while this innovation seems to only apply to the issuing of digital cards, digital issuance, in combination with a bank’s mobile app, has the potential to unlock a whole variety of different services for the consumer.  

But first… 

What is digital issuance? 

Differing to instant card issuance, where payment cards can be immediately issued to a consumer when they head into a bank’s branch, digital issuance  removes the physical interaction by issuing a bank card’s credential’s straight to the consumer’s mobile wallet or mobile banking app.  

At a time where some consumers may want to keep physical contact to a minimum, digital issuance affords a greater level of flexibility to the ways in which a consumer can receive their card. In fact, according to research by OnDot, cards which are issued to digital wallets are nearly 100% activated and 70% are used within the five days, demonstrating the instantaneity and convenience digital issuance offers. 

This flexibility, combined with the speed in which cards can be issued, could offer the perfect solution for consumers who are increasingly looking for convenience and efficiency from service providers in all parts of their lives. 

The additional benefits of digital card issuance 

In addition to the greater levels of convenience offered by the issuance of digital cards, its benefits extend even further. When combined with a comprehensive mobile app, financial services providers have the opportunity to deliver a broader range of services than just card procurement. Here are three broader benefits digital issuance can offer: 

  • Enhancement of physical cards and digital cards 

The future is neither fully digital nor fully physical when it comes to how consumers use their bank cards. Instead, digital issuance can create a future where both digital and physical cards complement each other, providing a consumer with the best possible banking experience, whether online or in-store. 

Through a combination of digital issuance and a bank’s mobile app, new capabilities for physical cards and digital cards could diversify a bank’s portfolio of services. 

In the case of physical cards, digital issuance could build the platform for the roll-out of services such as setting geographic spending limits, enabling or disabling contactless purchases and the ability to order numberless EMV bank cards. For the digital part, the virtual card could enable EMV tokenization services for digital wallets, as well as card in-app display. 

Anchored in a bank’s mobile app, consumers can be put in full control of their digital and physical cards, providing them with a full repertoire of payment options. 

  • The right card for the right purchase 

Today, consumers are always looking to get the best deal when it comes to buying goods and services. Whether accumulating loyalty points with their favourite supermarket or landing a killer discount when using a certain card at a particular retailer, there are several benefits that using the right card for a right purchase can bring to the consumer. 

However, carrying one card for every different type of purchase is less than practical. But through digital issuance, consumers never have to worry about carrying a plethora of cards in their wallet. 

As digital issuance can enable banks to issue digital cards directly to a mobile wallet, consumers are able to carry the virtual versions of every card they own, all conveniently stored on their smartphone. 

  • Increased level of security

Core to any best-in-class financial service are the security measures to keep consumers’ financial data safe. And, unfortunately, criminal actors in the financial services space aren’t slowing down in their pursuit of consumers’ financial information. According to UK Finance, the total value of remote purchase fraud in the UK was £452.6 million in 2020, with the number of reported incidents of remote purchase fraud increasing by 12% to 2.4 million. 

The security benefit of digital issuance is that credentials are shared directly with the customer, with no exchanging of details being made with any other party. What’s more, when sent to the consumer, a digital card’s credentials are safely stored within a mobile wallet or, alternatively, the bank’s mobile app. 

In the case of the latter, the bank has the opportunity to leverage PSD2-level app security to delegate authentication to the mobile app, allowing a user to seamlessly authenticate their identity with the biometric features of their smartphone. 

 

In an increasingly decentralised, mobile-based industry, the need to provide digital services which can be accessed remotely by consumers has become essential for banks. With digital issuance, banks can position themselves to offer a convenient and speedy issuance system, all the while enhancing their wider portfolio of services in the process. 

Interested and want to learn more? Leave a comment below and make sure to also follow us on Twitter at @ThalesDigiSec! 

The post Why digital issuance is the perfect recipe for modern financial services appeared first on Cybersecurity Insiders.


July 30, 2021 at 09:10PM

Fidelis Vulnerability and Trends Report – Q2 2021

At Fidelis Cybersecurity®, our Threat Research team continuously monitors the current threat landscape to provide coverage and vigilance on the most menacing vulnerabilities. Our Real-Time Vulnerability Alerting Engine harnesses public data and applies proprietary data analytics to cut through the noise and get real-time alerts for highly seismic cloud vulnerability exposures and misconfigurations—making vulnerability fatigue a thing of the past. Since its first launch at BSidesSF, we have made enormous improvements in our real-time vulnerability alerting engine, allowing us to provide a quarterly vulnerability and trends report to keep you ahead of the most pressing threats. It has been humming and churning data ever since. Here is the most recent vulnerability report, including the top CVE list for the second quarter of 2021.

Figure 1: Fidelis – Vulnerability Report from the Real-Time Vulnerability Alerting Engine

The X-axis above depicts all vulnerabilities found in the second quarter from 1 April to 30 June 2021. The Y-axis represents the vulnerability trending quotient calculated by the engine (see the BSides presentation for more info). For simplicity, the Y-axis has been divided into four colors—Red, Orange, Yellow, and Gray—which represent the criticality of each vulnerability. Each blue line represents a vulnerability, and they are sorted on the X-axis by their CVE numbers. All CVEs are not shown on the X-axis due to space constraints. In Q2 we collected a total of about 150,000 data points for 5026 vulnerabilities. Here are some findings along with details on the top vulnerabilities for Q2 – 2021:

The total number of vulnerabilities increased by 14%

Q2 saw a dramatic increase in the number of vulnerabilities as compared to Q1. In Q1, the vulnerability increased only by 0.3% (when compared to Q4 of 2020). But in Q2, the number of vulnerabilities increased by 14%. In total 5026 vulnerabilities were analyzed in this report.

Critical vulnerabilities increased by 20%

We did not see an increase in the total number of data points collected in Q2. But the number of critical vulnerabilities increased by about 20%. Also, in Q2 the vulnerability data points were more evenly divided between critical CVEs compared to Q1, in which a few numbers of vulnerabilities (like CVE-2021-3156 and CVE-2021-26855) dominated the landscape.

Web application exploits continue to dominate

The dominance of web application exploits has continued in this quarter. Web application exploits contributed to more than double all other types of exploits, including remote, local, and denial-of-service exploits. This comes as no surprise as the number of reported vulnerabilities for web applications far surpass other types of vulnerabilities, therefore, exploits for them are abundant.

Improper privilege management doubles

Vulnerabilities caused by improper assignment, modification, tracking or checking of privileges doubled as compared to this time last year. This included incorrect use of privileged APIs, dropping or lowering errors, privilege chaining, and context switching errors. Reflected, Stored and DOM-Based XSS still tops the root cause category, but the highest growth was seen in privilege management issues.

Older vulnerabilities continue to resurface

We have always seen older vulnerabilities resurface, typically at low rates. In the chart above, about 20% of the vulnerabilities originated prior to 2019 and their severity scores are mostly low to medium. Some exceptions and noteworthy older vulnerabilities that resurfaced include:

  • Fortinet SSL VPN vulnerability (CVE-2018-13379) resurfaced in Q2 due to ‘Cring’ ransomware being deployed via unpatched Fortinet VPNs.
  • Cisco ASA and FTD XSS vulnerability (CVE-2020-3580) resurfaced due to the availability of recent proof-of-concept exploit and some hacktivism activity.
  • Exim 4 use-after-free vulnerability (CVE-2020-28018) resurfaced due to the availability of exploit code and subsequent release of patches.

The CVE Dirty Dozen for Q2 2021

Although the number of web application vulnerabilities surpass other categories, the dirty dozen listed below are ranked by various factors, including severity, wormability, exploit, urgency and many other factors as described in the BSides presentation. None of the web application vulnerabilities made it into the vulnerability and trends report this quarter.

1. Windows print spooler vulnerability – CVE-2021-1675

CVE-2021-1675 became public at the end of June, followed by its sister vulnerability, CVE-2021-34527. We’ll have more insight on 34527 next quarter. For 1675, the Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers. This vulnerability can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system. Exploit for this vulnerability is available publicly.

2. Windows HTTP protocol stack remote code execution vulnerability – CVE-2021-31166

The Windows HTTP protocol stack is used by IIS as well as many other services under windows. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted ‘Accept-Encoding’ HTTP header in a web request to the target system. Successful exploitation of this vulnerability can result in code execution with kernel privileges or denial-of-service. Exploit for this vulnerability is available publicly.

3. vSphere client remote code execution vulnerability – CVE-2021-21985

Remote code execution in the vSphere Client exists due to a lack of input validation in the Virtual SAN Health Check plug-in. This plug-in is enabled by default in the vCenter Server. If exploited, an attacker may execute commands with unrestricted privileges. A Showdan search reported thousands of vCenter Server exposed to the internet.

The rest of the top vulnerabilities that made our list are in the table below.

Our goal with the quarterly vulnerability and trends report is to identify trends, reduce vulnerability noise, and provide the most accurate, timely, and broad coverage. For additional information on the top vulnerabilities in your environment learn more about Fidelis Halo Cloud Server Secure®. You can also sign up to get a free vulnerability assessment of your infrastructure in minutes.

The post Fidelis Vulnerability and Trends Report – Q2 2021 appeared first on Cybersecurity Insiders.


July 30, 2021 at 09:09PM

Amazon penalized 746m Euros over Data Security in UK

Amazon, the American retail giant, has been slapped with a penalty of 746 million Euros($849 USD) for using its consumer data for ad targeting without permission of the populace of Luxembourg—a small European country surrounded by Belgium, France and Germany.

Highly placed sources say that the Luxembourg’s National Commission for Data Protection(CNPD) pronounced the fine on July 16th,2021 on the Retailing giant for not complying with the EU General Data Protection Regulation(GDPR).

The Jeff Bezos led company confirmed the news through its SEC filing and stated that it intends to challenge the penalty and will respond legally.

To those who want to hear more on this news, it has to be notified over here that the penalty was not related to any data breach and that no customer data was exposed in the incident.

E-commerce giant Amazon says that it cooperated throughout the investigation, but is against the findings & analysis and so plans to appeal on a legal note.

Already such kind of anti-trust litigation’s are being faced by Amazon from the past three years and one such complaint is that it accesses info from its marketplace platform and gains knowledge of popular products that are being sold by 3rd party vendors/suppliers and offers the same products through its label at a very low price. And if and when found guilty, the cloud computing company might face a penalty that could be as much as 10% of the company’s annual revenue.

NOTE- Penalty was issued as per the complaint lodged in 2018 by the La Quadrature Du Net, a privacy rights group from France.

The post Amazon penalized 746m Euros over Data Security in UK appeared first on Cybersecurity Insiders.


July 30, 2021 at 08:35PM

DarkTrace Cyber Protects Fashion retailer Ted Baker

Cyber Security firm DarkTrace that uses the technology of Artificial Intelligence to track down cyber threats is nowadays busy protecting the computer network of British Fashion retailer Ted Baker.

Britain-based luxury clothing designer & lifestyle service offering company says that DarkTrace has thwarted most of the weekly cyber attacks that include 200 targeted hacks such as spear phishing emails targeting high-level executives and cyber campaigns that help steal critical data from companies.

Ted Baker announced an official note DarkTrace services such as DarkTrace Antigena, DarkTrace Autonomous Response Product are helping in identifying and interrupting threats of all range including ransomware that is found targeting the network on per second basis.

Leon Shepherd, the CIO of Ted Bakers confirmed that DarkTrace AI technology is helping the company in understanding whether any threat is underway and its intensity of impact.

The Autonomous Response feature helps users protect their devices in an automated way that helps cut down responsibilities for the admin who can then focus on other important tasks.

Note 1- With over 490 stores across the globe, Ted Baker’s retailing company had over 2000 staff members, out of which nearly 700 of them were furloughed due the COVID-19 lock-down crisis.

Note 2- Established in 2013, Darktrace is a British American company that helps protect its users from various cyber attacks. The company’s Enterprise Immune System is an automated defense software that uses machine learning language to study the operational life of an individual, devices and networks. At the end of 2017, Darktrace opened a new business unit named Darktrace Industrial that was dedicated to protecting SCADA and Industrial networks.

The post DarkTrace Cyber Protects Fashion retailer Ted Baker appeared first on Cybersecurity Insiders.


July 30, 2021 at 10:18AM

How to thwart phone hackers

Many of you might search for tips that help in keeping phone hackers at bay. So Angus King, the member of secretive Senate Intelligence Committee, is giving advice that could help in keeping a cellphone secure and away from prying eyes.

The tip is to switch off the phone and wait for a minute and then turn it on!

Well, this might sound naïve to some people. But Sen. Angus King insists that following this age old technique can help keep hackers away from stealing info from smart phones.

Sen. King insists that the regular restart of phone doesn’t help as the cyber crooks are becoming sophisticated and are seen maintaining access to a smart phone and stealing data.

Supporting the act is Neal Ziring, the technical director of National Security Agency. Mr. Ziring said that the only way to block malicious threats is to shut down the phone for a few minutes and then switch it on. The technical man also insists on practicing this technique once or twice a week to stop being hacked.

As cell phones are holding lots of personal and sensitive data, they are becoming smart targets to hackers whose only aim is to steal text messages, contacts, photos, videos, and user whereabouts, such as location details and audio files, if any.

There are n number of incidents where hackers have taken a device though hacking and the best example to prove is the recent revelation of NSO Group developed Pegasus Spyware being used to spy on politicians, journalists and human rights activists from India, France, UK and Hungary.

Thus, by switching off a phone and then switching it on, hackers planning to gain access to mobile devices will be cut down by half. The practice can also help in slowing down of zero click exploits that allow a hacker to take a device with the help of zero click exploits even though the user did not interact with any app or internet.

The post How to thwart phone hackers appeared first on Cybersecurity Insiders.


July 30, 2021 at 10:17AM

Thursday, July 29, 2021

Six existential threats posed by the future of 5G (Part Two)

The COVID-19 pandemic has made it explicitly clear to many of us just how important connectivity is in our daily lives. With the introduction of lockdowns across the globe, our reliance on internet networks to work remotely, call relatives across seas, or even to take part in leisure activities via a screen has soared.

As such, the demand for a network that can handle more users, with more devices, has never been greater. Luckily, with 5G, we have the infrastructure available to address this. However, certain challenges remain in securing this network to the point where consumers feel comfortable enough to trust it with their data.

In our previous blog on this topic, we looked into how a virtual network infrastructure, combined with the use of an unprecedented volume of data, and the introduction of the IoT on 5G networks, all posed a significant challenge to mobile operators in their desire to create secure 5G. Here, we take a deeper look into another three high-risk areas telecoms companies need to address as 5G technology progresses and more people begin to use the network.

  1. Meeting Rising Customer Onboarding Expectations

In today’s digital world, the way we receive access to services is increasingly done online. However, many mobile operators have not seemingly jumped upon this trend, continuing to onboard customers at brick-and-mortar stores. Yet we’ve seen from the impact of the pandemic the limitations that taking a pure physical approach to onboarding can cause, with the lack of alternative options ultimately hurting both the telecom company revenues and the relationships they have with their customers.

The reluctance to provide customers with a mobile app-first experience, may come from the belief that with online onboarding, it is more difficult to maintain a connection with customers. Interestingly though, the opposite tends to often be true. With more customers using digital services, more anonymous data is generated, which can be analysed by mobile operators in order to improve customer services (and boost average revenue per user), as well as to diagnose and fix network issues.

Given that most customers only change network provider if they are unhappy with the network quality they are receiving, or due to the fact they want more for the price they’re paying, the role of data analytics in solving these industry problems is increasingly important. Without innovation in this area, the telecoms sector is ripe for the kind of disruption seen in other industries – with challengers sweeping in with a purely digital offering to break up the market.

  1. Bridging the Digital Divide

As of January 2021, there were 4.66 billion active internet users worldwide. Notwithstanding this progress, the quality of the internet services provided varies greatly. Millions of people around the world today live in regions with very little high speed internet access. In the US alone, approximately 19 million Americans—6 percent of the population—still lack access to fixed broadband service at threshold speeds. This is particularly apparent in rural areas, where nearly one-fourth of the population —14.5 million people—lack access to this service.

While demand for voice and data services is high, installing the infrastructure to provide it remains an expensive and slow process, with cities often benefitting from increased network capabilities long before rural counterparts. Ultimately, this splits countries and populations by their quality of connectivity, impacting their ability to take part in all the services high speed internet provides – like online learning.

Given this slow role out, it is clear mobile network operators still need expert external support to realise the opportunities of 5G for all. By working with a partner who can provide satellite and terrestrial coverage, mobile network operators are able to provide better internet for hard-to-reach communities, as well as outdoor IoT devices or moving platforms.

  1. Leveraging the possibility offered by private networks

Unlike with previous generations of network connectivity, 5G allows for the creation of private networks that are designed specifically to give enterprises communications autonomy in a self-contained environment. These private networks are characterised by security and privacy, control, and flexibility they offer companies – particularly in areas like manufacturing, where machines on the assembly line can wirelessly connect to the private 5G network. These can be used in conjunction with AI to gain deeper insights into the business for predictive maintenance.

However, these new use cases will only be possible if critical questions around identity and security are addressed – protecting the amount of sensitive data set to be generated. This data will need to be secured to the highest standards, using encryption, in case it is stolen, and authentication practices, to ensure only authorised personnel can access it. Yet, with more companies than ever before exploring the possibility of their own 5G network, not everyone will have the internal expertise available to manage these security demands, putting them at risk.

For mobile network operators, on the other hand, the rise of these private 5G networks is an opportunity to provide a new offering known as ‘Security-as-a-Service’. This includes a package of security best practices like identity and access management, key management, and intrusion detection, to name but a few. The easiest way to help manage these new enterprise customer connectivity, security, and identity requirements, is to work in collaboration with a well-established security company that have a range of products designed to address these concerns.

Tackling these three areas successfully will provide mobile network operators with a huge new stream of revenue and customers. Nonetheless, adapting to the increasingly digital world, both in terms of cybersecurity challenges and day-to-day operations isn’t an easy task. It is clear that without a great deal of forward planning and investment from these operators to secure the trust they need from customers, 5G will not be able to reach its potential which would mean missed opportunities for all parties involved.

For more information on building a 5G world we can all trust, see our whitepaper here, or tweet us @ThalesDigiSec with your questions.

The post Six existential threats posed by the future of 5G (Part Two) appeared first on Cybersecurity Insiders.


July 30, 2021 at 09:10AM

How Digital ID can help citizens access government services from anywhere

Over the last 18 months, the digitalisation of public and private services has accelerated like never before. Due to limitations on physical contact and lockdowns around the globe, citizens – often out of necessity – have had to turn to the digital equivalent of services they previously accessed in person. From internet banking to filling out tax returns online, the pandemic has acted as a catalyst for a wholesale change in consumer behaviour. 

Even as we start to return to a sense of normality, this digitalisation of services looks set to gather momentum. This is, in part, due to governments around the world asking their citizens to carry digital health passes to prove they are doubly vaccinated or have a negative test before they can access certain services. As a recent example of this, the UK government made proof of ‘full vaccination’ a requirement for entering nightclubs from September and countries like Italy or France are following a similar path. 

So-called digital ‘vaccination passports’ will play a key role in enabling citizens to access all manner of services and will act as a precursor to the rollout of mobile digital IDs.  

A gateway to other government services 

In some regions, the deployment of Digital IDs and modernisation of once analogue services is already well underway. Florida, for example, is about to provide mobile Driving Licenses to its citizens as it aims to develop more convenient and secure identification methods. The same is true of Queensland in Australia, where the state’s first Digital License App was recently piloted before deployment.    

In both cases, the deployment of a digital wallet – primarily for digital driving licenses – will act as a gateway and the foundations for other vital government services, such as health passes.    

Meeting the EU digital wallet ambitions 

In June this year, the European Union took a step towards one of the largest digital identity projects ever when it proposed a framework for a Europe-wide Digital Identity. This would be available for all EU citizens, residents and businesses in the EU. 

The ambition is huge; both in terms of scale – as it applies to all EU member states – and also in the power it would grant to citizens throughout the Bloc. For the first time, citizens would be able to use a European Digital Identity wallet, from their phone, that would give them access to services in any region across Europe.  

It will also help governments to carry out modernisation projects across public sector departments as they digitise to match the capabilities of these virtual identities. 

The wallet would, in essence, transform access to government services for EU citizens. It would be based on some key principles: 

  • Enabling citizens to prove who they are: The ability to prove who you are is something many of us take for granted, but without an identity, you’d be surprised at how difficult it is to access basic services like healthcare. The foundation of proving your identity is trust and the EU Digital Wallet will help citizens prove who they are at the click of a button. Public and private organisations can also be confident that the ID is authentic. 
  • Security first approach: One of the key principles of the digital wallet is its approach to security. At the core of the wallet are cybersecurity protocols which protect the device’s EU sovereignty, amongst other things. Citizen’s expectations for mobile security are high which is why the deployment of regional mobile wallets will have to take a layered security approach. This means that potential hackers would encounter different security measures in every part of the wallet. Ensuring this level of security is a priority for markets wishing to address consumer fears as well as ensuring strong take-up of the EU Digital Identity. 
  • Multiple documents in one place: The digital wallet is convenient as it can hold multiple documents in a single place – instead of citizens having to carry around wallets bulging with cards. Even more interesting when you think that 90% of users have a mobile device in reach at all times.  
  • Combining payment and identity: It gets really exciting when you realise that the wallet can host both digitalised identity and payment credentials. This could allow people, for example, to pay a deposit on a new apartment or settle an outstanding speeding fine directly from their smartphone.  
  • Allowing digital signatures: Digital wallets can manage digital signatures, enabling contracts to be signed and accepted at the convenience of the user (for the apartment, they’re in the process of buying for example). 
  • Built with data privacy in mind: People are increasingly wary of how their data is being used. Digital wallets can help address these concerns in a couple of ways through security and transparency of data use; firstly, citizens can choose which information they show businesses and organisations. Need to prove your ID at a bar? You can just show your date of birth without having to share your address. Secondly, the Digital ID will comply with EU data principles (GDPR) ensuring data minimisation, data protection and privacy rights management. 
  • Cross-border identity: Last but certainly not least, the EU Digital Identity will allow citizens to use their documentation across the entire region. Each member state will be responsible for providing their own citizens with a wallet, but these will become universally accepted wherever people are across the European Union. This should allow citizens to access government services of any member state just as they do at home, heavily reducing extra costs and complexity.  

In order to meet the EU target of 80% of its citizens using eIDs by 2030, it’s vital that governments address these pillars and work with a provider that can satisfy these requirements.  

If they do, the impact on people and how they access services has the potential to be truly transformative and will usher in a period of accelerated digitisation for governments across Europe.

The post How Digital ID can help citizens access government services from anywhere appeared first on Cybersecurity Insiders.


July 29, 2021 at 09:10PM

Death Kitty Ransomware and BlackMatter Ransomware details

Death Kitty Ransomware that targeted South African Port Transnet has disrupted the networks, forcing the company to declare Force Majeure at Container Terminals and Cargo shifting, forcing the staff to switch to manual paper and pen work.

According to a report, CrowdStrike Holdings Inc has confirmed that the malware that hit the South African port was the ransomware strain known as Death Kitty, Hello Kitty or Five Hands. And the said strain also hit Poland-based video game producer CD Projekt and SonicWall Products early this year.

Reports are in that the port survived the attack and returned to normalcy from Wednesday this week and reports are in that TransNet did not pay a single penny as Ransom to those who induced file encrypting malware in to the network…..that’s superb news!

Coming to BlackMatter Ransomware strain, a Cybersecurity firm named Recorded Future has offered some intelligence related to the malware.

It was discovered that the said ransomware gang only targets corporate networks that have a minimum 500 to 15,000 hosts on a network and have an annual revenue earnings of $100 million, and operate in the US, UK and Canada and Australian regions.

Interestingly, the gang only targets firms that are in a position to pay $100,000(similar to REvil and DarkSide ransomware group demands) and targets operating systems and architecture that include Linux, Windows, VMware, and Network Attached Storage (NAS) produced by Synology, FreeNAS, OpenMediaVault, and TrueNAS.

Good news is that the said file encrypting gang never attacks hospitals, firms belonging to defense industry, nuclear power plants, water utilities, oil and gas supply firms, non-profit organizations and federal agencies. And in case any of the firms from the specified industries get infected, then the BlackMatter Ransomware group is ready to decrypt their database for free.

The post Death Kitty Ransomware and BlackMatter Ransomware details appeared first on Cybersecurity Insiders.


July 29, 2021 at 08:43PM

Hackers Cyber Attack UK Aerospace Company by posing a beautiful Aerobics instructor

According to a report from Sky News, a UK based Aerospace company was targeted by a phishing attack, where a top official from the company was befriended by an Iranian hacker in disguise of a beautiful Aerobics Instructor named Marcella Flores.

The highlight of this saga was that the hacker siphoned some classified documents related to the company that included fighter jet designs and some information related to the control and management of the fighter jet.

In a separate incident, intelligence forces from UK accessed classified documents from an Iranian agency that was assigned the activity of targeting western companies with cyber attacks. And as per the accessed cache, the documents contained info on how to sink a cargo ship, blow a fuel station, meddle with the satellite communications devices of shipping companies, meddle with devices connected to smart homes or buildings such as heating, ventilation and lights.

Therefore, all these developments predict a highly sophisticated cyber attack from Iran on the civilian infrastructure of UK, France, Canada, or US in near future.

Sky News proclaims that the data stealing tactics were being employed by an Iranian hacking group named Shahid Kaveh, linked to Islamic Revolutionary Guard Corps (IRGC) cyber arm.

Highly placed sources from Sky report that the activity was assigned to IRGC to make Islamic Republic of Iran a powerful cyber force in the entire world.

Ben Wallace, the Secretary for UK Defense, claimed he is aware of the developments notified by Sky News and said that the Johnson led nation will take all appropriate measures to counter such Malicious Cyber Threats on National Infrastructure in the future.

Patrick Sanders, the British Military Cyber Chief, stated that the retaliation measures might turn harsh if Iran doesn’t mend its ways.

The post Hackers Cyber Attack UK Aerospace Company by posing a beautiful Aerobics instructor appeared first on Cybersecurity Insiders.


July 29, 2021 at 10:35AM

Upgrade to BIG Iron for better Cloud, AI and security support on IBM

The Big Iron OS of IBM was upgraded a short while ago to address all issues related to provisioning and use of Linux applications and utilities. The move should attract new enterprise customers who were looking for an all-inclusive mainframe cloud platform that offers utmost security and AI application development and support.

IBM’s latest z/OS V2.5 operating system was also induced with added capabilities that support extreme transnational and batch workloads running on containers, AI and security.

As enterprises are busy in developing existing applications as per their needs, under digital transformation strategy, they need supporting cloud platforms from time to time.

Earlier it was complex and time-consuming to conduct operations such as Cloud provisioning and management of new applications to IBM Z LPAR. And so most customers delayed such activities that negatively affected DevOps agility and processes.

IBM’s Big Iron’s latest update offers customers the ability to cloud provisioning and management of new applications to the new z/OS with ease. Also, the tech giant expects that its latest upgrade of Big Iron will help in supporting Open Source Open Container Initiative runtime and Kubernetes container orchestration for applications and workloads running on IBM cloud.

Coming to the upgrade of security, IBM said that its z/OS V2.5 feature authorization, authentication, system integrity, encryption and a range of other improvements that could help customers encrypt data-sets with no changes to the application.

Next, to speed up the adoption of AI tech on IBM Z, the IT giant has integrated Machine Learning Frameworks such as TensorFlow onto the IBM Z and LinuxOne Container Image Repository.

Note- IBM z/OS V2.5 is likely to be available from October 1st,2021.

The post Upgrade to BIG Iron for better Cloud, AI and security support on IBM appeared first on Cybersecurity Insiders.


July 29, 2021 at 10:34AM

Wednesday, July 28, 2021

The Bitglass Blog

Why are CIOs and IT organizations prioritizing investment in cloud infrastructure? The answer is simple: to better support virtual workforces, supply chains, and partners. Getting the most value out of legacy systems typically involves integrating them with cloud infrastructure and apps. As a result, cloud infrastructure in IaaS is projected to see an end-user spending increase of 38.5% this year alone – growing to $223B in 2025, making it one of the fastest growing cloud services according to Gartner. Popular infrastructure services include Amazon’s Elastic Compute (EC2), the Google Compute Engine, and Microsoft Azure.

The post The Bitglass Blog appeared first on Cybersecurity Insiders.


July 29, 2021 at 09:11AM