Tag Archives: UK

Big Data Horizons- Solution Providers, Security Needs

100 Most Promising Big Data Solution Providers 2017

“Data generation and utilization continues to grow by leaps and bounds and with it the investments in big data analytics solutions and services”

In present times, companies worldwide are starting to espouse newfangled big data technologies whereby they can establish viable partnerships, delve into new markets, and transform their businesses into a data-driven brand. This scenario is further getting augmented with the big data’s growing prominence in the development of artificial intelligence (AI) and deep learning applications. For the coming times, the increasing adoption of AI and machine learning alongside the spawning of IoT applications is going to be the key to success for data-driven enterprises.

The big data industry is growing larger and larger each day with the amount of information being collected and the potential insights it can deliver steadily growing. As the year comes to an end, CIO Review once again published their annual “100 Most Promising Big Data Solution Providers” list. In it, some of the biggest big data names of the year, including new companies that have delivered on new AI and deep learning applications that are made for big data solutions. It is clear that companies worldwide are jumping onto new innovations to provide the biggest value for their solution. A few notable listings include.

  • Cloudera
  • Hortonworks
  • MapR Technologies
  • Tableau Software
  • SAS institute

Big data in the UK Police Force

“Advanced uses of analytics to improve policing”

Among the numerous ways in which big data technology could be applied to UK policing, four are identified as key priorities by the report.

  • Predictive crime mapping: this ‘could be used to identify areas where crime is most likely to occur, allowing limited resources to be targeted most efficiently.
  • Predictive analytics: this ‘could also be used to identify the risks associated with particular individuals. This includes identifying individuals who are at increased risk of reoffending, as well as those at risk of going missing or becoming the victims of crime.’
  • Advanced analytics: this ‘could enable the police to harness the full potential of data collected through visual surveillance, such as CCTV images and automatic number plate recognition (ANPR) data.
  • Big data technology: this ‘could be applied to open-source data, such as that collected from social media, to gain a richer understanding of specific crime problems, which would ultimately inform the development of preventive policing strategies.

With new big data applications coming out everything, a common trend amongst consumers is the worry of what data should is being collected and how it is being utilized. Although the police force is seeing positive results from the use of big data analytics, it will be interesting to see the citizens’ response to the police force’s ability. However, as stated in the article, with the low number of officers available to the public, policing needs any technological help it can receive.

Big Data Needs Bigger Security

“The big data age has come, now we need security to back it up”

Last week, Equifax lost highly confidential personal and financial data on as many as 143 million people. The worst part? You didn’t even give them permission to obtain this information. They can legally collect, store and share it regardless.

Nearly two months after the breach, they are “letting consumers know” if they have been affected. You could supposedly go online to determine if your data was compromised, but that has already been exposed as a self-serving, non-functioning trick mostly aimed at providing “help” of only temporarily free services – profiteering from this breach in full view of all. Choosing paltry offers of either one year of free credit tracking or a one-time credit freeze, you had to also initially agree not to pursue legal action against them to obtain these fixes. What genuine contrition and offer of help does that constitute?

Big companies made “big data” happen. Now, “big security” must follow, despite the costs. Regulators and legislators need to remind them through coordinated actions that they can spend it now to protect us all in advance or pay it later in big fines when they don’t. But either way, they are going to pay. Otherwise, the only ones paying will be consumers.

With the ethical implications already being questioned regarding collected data without permission or knowledge of the consumer, the leaking of the unknown information is the cherry on top. As cyberattacks increase in potential threat and size everyday, corporations are in need now more than ever of the highest grades of cybersecurity. Consumers are becoming more weary of data protection, and it will be interesting to see how Equifax and other corporations will address their current implementations of security of data after this incident.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 199

Solar Panel Flaws Put Power Grids Security at Risk: Researcher

“Could allow widescale, lasting outages if hacked”

Researcher Willem Westerhof has identified several serious vulnerabilities in widely used solar power processes that he believes could trigger intense outages for thousands of people. Calling the potential scenario “Horus,” after the ancient Egyptian divine, Westerhof outlines how an attack on solar panel systems could cause billions in damages.

UK organisations could face huge fines for cyber security failures

“Fines of up to £17m in talks”

British organizations could be hit with fines amounting to 4% of global turnover if measure to ensure cybersecurity are not undertaken. Financial penalties, according to the proposals, are intended to be used only as a last resort and not applicable if the institutions can claim that they assess and protect against risk adequately.

Three Hungarian banks targeted by phishing attempts: central bank

“No funds reported as lost”

Three major Hungarian banks have been the targets of phishing attempts in the last several months, with earliest reports of attacks in the month of June. The National Bank of Hungary, the nations central bank who oversees regulations for lending institutions and financial markets, has indicated that no funds have been lost but advises caution in future processes.

Top 5 tools to protect internet privacy

“Learn how to protect and monetize data here”

Years ago the big web search engines like Google, Bing, Yahoo, etc., began to harvest and monetize user web data. This resulted in a public outcry for security and protection services, birthing a new industry. Governments allowing ISP’s to engage in the same practices has created an even bigger demand for these products. Check out the full article for the top 5 internet privacy tools.

Hackers hiding malware threats inside images, report says

“Steganography used to hide malicious code”

Kaspersky Labs is reporting that Cybercriminals are using what has been called the equivalent of cyber steganography, the hiding of hidden messages inside images to conceal activities on a targets computer. Researchers are seeing at least three large-scale operations employing this shifty technique as regular methodology, prompting developing security concerns.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 192

GOOGLE FINDS AND BLOCKS SPYWARE LINKED TO CYBERARMS GROUP

“Android spyware blocked”

Google has discovered a new strain of Android malware, Lipizzan, that is able to surveil users text message, emails, calls, and much more. It has yet to appear on many devices, but experts say that it has all the telltale signs signs of a professional, targeted malware intending to attack users in wealthier nations.

Four-Star Kentucky Hotel: Data Breach Could Affect Guests

“Breach threatens customer information”

The Galt House hotel in Louisville, Kentucky has stated that an internal investigation revealed malware has been feeding off the payment processing systems. Any guests staying at the hotel between December 21, 2016 and April 11 are said to have possibly been affected.

Hackers are winning the war as companies worldwide fail on cyber security

“Too many firms are falling short in security”

A new report from Thycotic has shown that most companies worldwide are failing to accurately assess cyber security effectiveness. Survey criteria based on internationally accepted standards in ISO 27001 and best practices from industry experts provides a comprehensive way to define and measure IT security.

Gas Pump Skimmer Sends Card Data Via Text

“Can be detected with mobile devices”

Gas pump card skimming devices most often rely on Bluetooth connectivity to collect the stolen credit card data wirelessly. While often very effective, there is a very apparent downside. Bluetooth-based skimmers can be detected by any user with a bluetooth connected device, and investigators are starting to see these devices send stolen data via text message.

Cyber security not a priority for most sectors, study finds

“Little concern despite huge losses”

A recent study from Savoy Stewart has shown that although data breaches cost UK firms almost £30bn last year, cyber security is still not a big concern for industry sectors. Just 60% of directors or senior managers in finance and insurance consider it a high priority, with data taken from 1,500 firms.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 163

“Patched” WannaCry Ransomware Has No Kill-Switch

“New variant proves tough to stop”

The recent WannaCry ransomware outbreak was stopped by registering domains that act as kill-switches, ending a particularly malicious software that attacked government organizations, hospitals, ISP’s, carmakers, and more in a matter of days. A new variant that is not affected by the previous kill-switch is now available, however, making researchers concerned over a new potentially serious outbreak of the same malware. Organizations in Europe are the most critically affected thus far, prompting Europel to organize a task force specifically to assist in the investigation.

‘WannaCry’ Malware Attack Could Just Be Getting Started: Experts

“200,000 computers estimated to be affected”

Computers worldwide have been affected by a massive ransomware attack last week. Researchers believe this attack could just be the beggining of a storm of new malware, with two fresh variants detected since the end of last week.

The 22-year-old who saved the world from a malware virus has been named

“WaanaCry was no match for this young researcher”

Marcus Hutchins has been credited with the stop of the notorious WannaCry ransomware attack last week. From a small bedroom in his parents home on the Devon coast, cyber security researcher Hutchins was able to impede the spread of the malware from causing any further damage.

Microsoft Warns Governments Against Exploit Stockpiling

“Should serve as a ‘wake up call'”

Microsoft President and Chief Legal Officer Brad Smith has reiterated a call for a ‘Digital Geneva Convention’ after news of the WannaCry outbreak broke last week. Smith claimed that the recent scare should remind all governments that the internet security realm is still vulnerable, and coordination internationally is a worthy and necessary cause.

NHS Hack Could Be About to Become Far Worse As People Switch on Computers After Weekend

“Experts believe a re-infection possible”

NHS specialists are concerned that equipment and comouters may be re-infected after they were shut off over the weekend to stop the spread of last weeks malware attack. Over 200,000 devices in 150 countries were infected, originating in the UK Friday before making it to all parts of the globe in mere hours.

10Fold- Security Never Sleeps- 118

Tesco Acknowledges, Apologizes for Compromise of Over 40,000 Accounts

“Cash stolen from about half of accounts accessed”

One of the biggest hacking events on a bank in United Kingdom history occurred Monday, ending with nearly 40,000 accounts compromised according to Tesco CEO Benny Higgins. “Online criminal activity” was reported by the firm over the weekend, and it was later reported that 15% of its total accounts had shown signs of fraudulent withdrawal. The bank has issued various statements on the refunding of cash thefts to date.

RCE Flaw in Bopup Found

“Enterprise IM manager has significant security breach”

Cybersecurity service firm Trustwave has found a remote code execution flaw in Bopup Communications servers, a buffer overflow that cybercriminals to exploit the application. A packet is able to be sent to a remote administration port and allows for remote execution of commands on the communication sites servers.

Controversial Cybersecurity Law Passes in China

“Watchdog organizations warn of human rights violations”

Greater control over the internet in China has many worried about implications towards businesses and individual rights. While the government added certain amendments to address these concerns, it did little to appease critics. Many corporations have announced that the law will force them out of the country, while Sophie Richardson of Human Rights Watch has declared that the requiring of local storage data is in violation with many international treaties.

Moxa Ethernet Products Found to Have Serious Issues

“Critical and moderate vulnerabilities found”

Several security flaws have been detected in Taiwan based Moxa Industrial Ethernet products, according to an advisory recently distributed by ICS-CERT. The Moxa OnCell LTE cellular gateways, AWK Wireless AP/bridge/client products, TAP railway wireless units, and WAC wireless access controllers have improper authentication and other vulnerabilities.

 

 

10Fold- Security Never Sleeps- 115

‘Serious’ Windows Vulnerability Found by Google

“Adobe have issued fix, Windows has yet to issue its own patch”

Per Google’s new policy of exposing exploitative problems to the software creator, the firm has issued a public notice to Microsoft regarding sections of code that are capable of being appropriated by cyber criminals. The flaw, described as a “security sandbox escape,” bypasses cyber defense measures and allows malicious or dysfunctional programs to damage of collect sensitive information from the rest of the device. As of now Adobe’s patch for this issue, released October 21st, have been successful at resolving the issue. Microsoft itself has offered no security fix yet.

New Malware for Mirai Botnet Observed

“Coded partially with Tsunami/Kaiten protocol”

A new strain of malware that specifically targets IoT vulnerabilities and converts the into ‘slave’ devices has been released in the last few days by a collective of cybercriminals. ‘Linux/IRCTelnet’ is capable of conducting massive DDoS attacks, using common IoT appliances such as DVR’s, routers, lighting systems, and more, according to a research team on Malware Must Die.

Major ‘upgrade’ for Nymaim Malware

“Includes increased obfuscation and blacklisting softwares”

Verint researchers have observed several new events where the infamous Nymaim malware has been able to use new code based targets for phishing, rather than its original drive-by-download approach. This particular strain of malicious software has been in circulation since 2013, and has managed to stay ahead of threat researchers consistently with various upgrades that give it a leg up on those studying it. With this advantage, attacks have been seen to rise with use of the malware, with over 63 percent more incidents observed over the last year.

UK commits £1.9B to Cyber Security, Many Firms Contracted

“Recent threats from international actor’s prompts concern”

Just over £1.9B has been committed to increasing British cyber security measures after threats against the United States have been made in recent months. Giving new advantages to both defensive and offensive strategies, the new cyber defense plan will contract with both public and private firms to ensure top of the line systems within the next few years.

10Fold- Security Never Sleeps- 108

Vulnerabe IBM Code Pulled After Insistence From Security Experts

“Potential to affect several versions of WebSphere”

A researcher who was able to successfully exploit a proof of concept code able to affect WebSphere versions 7, 8, 8.5, and 9 was censored without major damages occurring. Maurizio Aggazini was cooperating with IBM to responsibly patch and censor vulnerabilities experienced in the firm’s products. These include the deserialization of untrusted data sources, causing DoS issues and allowing re,ote execution of hacking.

Half of Androids Able to be Compromised to Seemingly Outdated Malware

“Ghost Push capable on infecting Androids up to version 5”

A fairly dated yet successful malware program known as Ghost Push is reportedly still one of the most widely effective software’s used to exploit unsuspecting users. Cheetah Mobile experts say that the majority of the infections are received from application downloads not installed through the Google Play store. The Trojan program is capable of preventing third parties from gaining root privilege.

UK Firms Could Face Huge Increase in Data Breach Fines in 2018

“New EU legislations could enact harsh penalties”

PCI Security Standards Council is recommending technology companies to bypass extremely increased costs of fines that new legislation from the European Union is poised to enact. In 2015 90% of large scale firms and 74% of SME’s had reported at least one security breach, reaching just about 1.4 billion pounds worth of consumer protection fines. The EU General Data Protection Regulation is set to put harsher regulations into place that will affect firms that will instill penalties of up to €20m.

Hackers Successfully Infiltrate Senate GOP Committee

“Accelerates fears of security vulnerabilities”

While news reports of Democratic Party server hacks run rampant through the press, Republicans have been hit with a particularly devastating cyberattack by Russian operatives. For the last six months, cybercriminals have allegedly been siphoning credit card information from customers in the web storefront of the National Republican Senatorial Committee, selling the data in the black market.

 

10Fold-Security Never Sleeps- 105

U.K. to Ban Apple Watch in Cabinet Meetings

“Russian hacking attempts feared”

U.K. Prime Minister Theresa May has now restricted the use of Apple watches from government cabinet meetings, according to The Telegraph. Russian hacking attempts have become a leading concern for those worrying about the cybersecurity in the British government, fearing Russian hackers listening in on classified conversations.

Source code for DDOS app Mirai Released

“C code designed to run on IP cameras”

The creator of Mirai have allegedly released the source code of the botnet on Github. This same program, designed to exploit insecure IoT devices to run huge DoS attacks. It attempts several root passwords and infects the device if successful.

Nuclear Power Plant Disrupted by Cyber Attack

“A serious threat of militant attacks reported”

Director of the IAEA Yukiya Amano has announced that a nuclear power plant was attacked by cybercriminals two to three years ago. Nuclear plants have been a target of bad actors for years, as Amano also cited a case of an individual tried to smuggle enriched uranium to build a ‘dirty bomb,’ and it is widely speculated by experts that cyber-attacks may often be a ‘tip of the iceberg’ of a serious threat.

US may attempt sanctions against Russia for potential election hacks

“Many potential measures being considered”

Economic sanctions, among many other options, are being considered by the White House to respond to the alleged Russian hacking attempts. Congressman Gardner has proposed legislation to move this proposal forward, paralleling his similar attempt against North Korea for its hack of Sony early in 2015.