Security

Ievo appoints NIT as META distributor for biometric products

ievo ultimate coloursIevo Ltd, the Newcastle-based manufacturer of fingerprint biometric solution, has appointed Network Information Technology (NIT) as a new distribution partner for its biometric recognition products in the Middle East, Turkey and Africa (META) region

Hits: 803

Read more ...

DNV GL introduces recommended practice to fight cyber threats in oil and gas

2016 DSC4443DNV GL’s new DNVGL-RP-G108 cyber security aims to help the operators, system integrators and vendors to manage and prevent emerging cyber threat in the oil and gas industry, which is caused due to the increased digitalisation in the sector across the world

Hits: 1045

Read more ...

Global cyber attack 'biggest in history'

29723649810 8cb4a06489 zThe global malware attack that affected more than 200,000 organisations in 150 countries has brought cyber crime to the top of the risk news agenda


Wanna Decryptor, also known as WannaCry, started taking over people’s computers on 12 May 2017, demanding payments of US$300 to restore access to the files it encrypted. It threatened to delete files within seven days if no payment was made, and threw the UK's National Health Service into chaos.

While it is difficult to prevent determined, well-resourced hackers from launching a technical attack on a network, the truth is that most ransomware attacks generally rely on an interaction with our own users, says Mike Gillespie, IIRSM's Cyber Security Expert and Director of security consultancy Advent IM.

“Cyber attackers usually need to download the malicious software onto a computer, phone or other connected device, including – in the case of the NHS – such things as medical imaging devices and laboratory analysers to name a few, combined with many organisations failing to apply appropriate system and security patches. This combination effectively presents a much more vulnerable environment to the potential attackers, yet without organisations fully understanding the inherent risk.”

The most common ways of installing malware – malicious software – which includes the ever growing family of ransomwares, are through compromised emails and websites. For example, hackers could send an employee a phishing email that looks like it comes from their boss asking them to open a link – but it actually links to a malicious website that surreptitiously downloads the malware onto their computer.

The WannaCry ransomware appears to have used a flaw in Microsoft's software, discovered by the National Security Agency and leaked by hackers, to spread rapidly across networks locking away files. While the exact means of delivering the payload is not yet known, WannnaCry is especially interesting for the manner in which it spread, acting more like a worm than most other ransomware does.

A security expert managed to stop the attack by triggering a 'kill switch' about 24 hours later but it continued to wreak havoc, with a second variant being released hot on the heels of the original one.

“All organisations need to become much more familiar with threat and vulnerability, two key components of risk,” adds Mike. “There is a growing need to fully understand the increased connectivity of everything, the convergence of physical and cyber threat and the significant vulnerability that under-aware staff can introduce. Cyber security is no longer in its own silo, but rather it is all-pervasive and affects almost everything we touch and interact with.”

It is time for organisations to realise that the threat is holistic, and so too must be the defence, Mike concludes.

Risk Reducing tips from IIRSM's cyber security expert: 

- Educate all staff ... this includes senior management. Education should be targeted, pertinent, interesting, ongoing and effective.

- Make information asset ownership an integral part of all senior management roles.

- Protect especially sensitive information assets as identified by Information Asset Officers more rigorously, using a range of blended technical defences including network access controls, protective monmitoring and regularly updated anti-malware software.

- Implement an effective and risk based backup strategy to ensure that all vital information assets can be recovered in the event of a compromise. This should be an integral part of your business continuity, resilience and forensic readiness planning.

- Never, ever pay a ransom.

Hits: 826

Siemens and ISA form global partnership to grow awareness of industrial cybersecurity

IM2016030536DF 300dpiAs threats to automation equipment are always changing and evolving, so too is the protection concepts for industrial plants. To address this challenging landscape, Siemens and the International Society of Automation (ISA) have entered a global partnership to foster the awareness for industrial security needs and global standards

Hits: 980

Read more ...

Runecast Analyzer 1.6 delivers automation VMware integration and security compliance

runecastRunecast has announced the availability of version 1.6 of Runecast Analyzer. Runecast Analyzer 1.6 will be showcased on Runecast booth number 832 at VMworld, Las Vegas, Mandalay Bay Hotel and Convention Center, 27-31 August


Runecast Analyzer is a proactive VMware vSphere management solution that installs as an OVA format virtual appliance. It combines the current VMware Knowledge Base articles and Runecast expertise to analyze the virtual infrastructure and expose potential issues and best practice violations, before they cause major outages.

Version 1.6 delivers the following new enhancements:

• REST API: Allows users to programmatically pull Runecast analysis results. This enables integration with other monitoring and alerting software; it also allows custom actions to be written based on the data reported by Runecast.

The new API also fully automates the deployment and configuration of Runecast Analyzer.

• vSphere Web Client plugin: Leveraging the newly released Runecast API, users can easily install a vSphere Web client plugin which will allow them to see the results of Runecast Analyzer in the vSphere Web client, without opening the Runecast Analyzer GUI. It will display issues (Knowledge Base, Best Practices, Security Hardening Guide) for each of the inventory item when explored and easily integrates with companies’ VMware management stack.

• Security compliance – STIG: Implementation of the DISA STIG (Defense Information Systems Agency - Security Technical Implementation Guide), allows users to analyze their environment against these standards. It was a feature requested by US Defense Agencies.

“We continue to deliver innovation based upon customer - and VMware - requests and suggestions,” commented Stanimir Markov, CEO and co-founder of Runecast. “Version 1.6 of Runecast Analyzer takes us deeper into the VMware ecosystem and management stack and expands the usability of our solution into new markets, such as US Defense agencies.”

All existing customers will be able to seamlessly upgrade. If the Runecast Analyzer appliance is configured to download the latest update, the upgrade will be automatic. In the case where the appliance is configured for manual updates, customers will have the option of manually triggering the update or performing an offline update where the ISO update file can be downloaded and then copied over into a more secure environment where the Runecast Analyzer appliance resides.

Hits: 507

Alain Charles Publishing, University House, 11-13 Lower Grosvenor Place, London, SW1W 0EX, UK
T: +44 20 7834 7676, F: +44 20 7973 0076, W: www.alaincharles.com

twn Are you sure that you want to switch to desktop version?