European Union diplomatic communications ‘targeted by hackers’

Hackers successfully targeted the European Union’s diplomatic communications over a period of several years, The New York Times reports. Thousands of messages were intercepted in which diplomats referenced a range of subjects from US President Donald Trump to global trade. The breach was reportedly discovered by the cyber-security company Area 1.

European officials say that information marked as confidential and secret was not affected by the three-year hack. One expert told the New York Times that the methods used by the hackers were similar to those previously used by the Chinese military.

“After over a decade of experience countering Chinese cyber-operations… there is no doubt this campaign is connected to the Chinese government,” he said. The intercepted messages, known as diplomatic cables, reveal one exchange in which diplomats describe July’s meeting between Mr Trump and his Russian counterpart Vladimir Putin as “successful (at least for Putin)”.

Another message gives details of a private meeting between Chinese President Xi Jinping and European officials that took place earlier this year. It quotes Mr Xi as saying China “would not submit to bullying” from Washington “even if a trade war hurt everybody”.

These comments echo a speech he gave on Tuesday in which he said “no-one is in a position to dictate to the Chinese people what should or should not be done”. A number of other institutions, including the United Nations, were also reportedly affected by the breach and have since been alerted.

Source : newsfirst.lk

IDC names High-Tech Bridge a Mobile App Security Testing Innovator

Pioneering Machine Learning and AI vulnerability detection technology combined with a zero false-positive SLA of ImmuniWeb® MobileSuite are recognized by IDC.

High-Tech Bridge is delighted to be selected as an IDC Innovator on the emerging Mobile Application Security Testing (MAST) market in a recent research “IDC Innovators: Mobile App Security Testing, 2018”.

IDC Innovators are vendors “that have demonstrated either a groundbreaking business model or an innovative new technology — or both”.

Organizations are pressed for time, resources, and money but simply cannot cut corners when it comes to mobile app testing,” says Denise Lund, research director, Enterprise Mobility at IDC. “Vendors will go far with buyers if they have proven that their use of machine intelligence reduces false positives in the identification of mobile app vulnerabilities or discovers unusual vulnerabilities before these wreak havoc on employees, businesses, and brands in the market.

High-Tech Bridge’s ImmuniWeb® AI Platform offers ImmuniWeb MobileSuite to test iOS and Android mobile applications and their backend for security, privacy and compliance issues. Our award-winning dynamic (DAST), static (SAST) and interactive (IAST) mobile application security testing technology leverages Machine Learning and AI for acceleration and intelligent automation of vulnerability detection. While scalable and cost-effective manual enhancement of testing process ensures detection of the most sophisticated vulnerabilities and offers a zero false-positives SLA to every customer.

We are delighted to see such a solid validation of our research and innovation on the application security market by one of the most reputable research companies” says Ilia Kolochenko, High-Tech Bridge’s CEO and Founder. “At High-Tech Bridge, we are committed to innovate and deliver value to our customers by solving real problems they have in a cost-effective manner. We believe that effective application security should be simple, holistic and risk-based. ImmuniWeb MobileSuite embodies all of these principles.

IDC is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications, and consumer technology markets. With more than 1,100 analysts worldwide, IDC offers global, regional, and local expertise on technology and industry opportunities and trends in over 110 countries.

Source: High-Tech Bridge

Alleged Amazon Data Breach Days Before Black Friday

Reports about an Amazon data breach are spreading fast and furiously, although the online retailer denies that what happened was actually a breach. At least one expert is siding with Amazon on this, but to the average consumer, it may seem like splitting hairs.

Black Friday is only days away, so many shoppers are making decisions about where to spend their hard-earned cash. This could be one reason the company is being so secretive about this alleged data breach.

Amazon data breach reports stem from emails

Amazon emailed a number of shoppers on Tuesday to report that its website had “inadvertently disclosed” their name and email address “due to a technical error.” The online retailer also said it has fixed the issue, so users don’t have to do anything else.

Social media users were quick to start posting about the email and expressing concern about this potential Amazon data breach. Some even questioned whether the email they had received was genuine, pointing out details about the email which made it look like a phishing message. However, the online retailer has confirmed to multiple media outlets and news blogs that the email was real. However, beyond those generic statements, Amazon is remaining tight-lipped.

News outlets and tech blogs have been trying to get more details from the company about the data leak, but spokespeople are refusing to say anything more about it. They won’t say how many customers were infected, what caused
the leak, or how long it took them to realize there was a problem.

Amazon data breach may not have been a breach at all

Amazon’s U.K. office denies that there was a breach, in the technical sense of the word, and the founder of a web security company agrees, although he admits that more details are needed. High-Tech Bridge CEO and founder Ilia Kolochenko advised against drawing “premature conclusions” about the alleged Amazon data breach until more technical information is available, but he also urged the company to stop being so tight-lipped about the issue.

“Based on the information currently available, it is technically incorrect to call this incident a ‘data breach,’ he said in a statement. “This rather looks like an inadvertent programming error that made some details of Amazon’s profiles publicly available to random people… Amazon’s reaction seems to be quite prompt, however an official statement would certainly be helpful to prevent any speculation and unnecessary exaggeration of the incident and its scope.”

For those who like splitting hairs, the incident may be considered more of a data leak than a data breach, in that Amazon appears to have accidentally exposed users names and email addresses. A breach, on the other hand, involves someone hacking into a database or network and gaining unauthorized access.

Nonetheless, consumers will likely see this incident as an Amazon data breach because at the end of the day, the average shopper cares only that their information was exposed. It matters little whether their data was exposed thanks to a hacker or an accidental leak.

Shoppers prepare for Black Friday

The reported Amazon data breach comes just two days before Black Friday, one of the busiest shopping days of the year. This could be one reason the company is trying to keep a tight lid on information about the incident. Because of the data leak, shoppers may hesitate to spend money on Amazon on Black Friday or even later in the holiday shopping season.

Ref: Author: Michelle JonesMichelle Jones was a television news producer for eight years. She produced the morning news programs for the NBC affiliates in Evansville, Indiana and Huntsville, Alabama and spent a short time at the CBS affiliate in Huntsville. She has experience as a writer and public relations expert for a wide variety of businesses. Michelle has been with ValueWalk since 2012 and is now our editor-in-chief. Email her at Mjones@valuewalk.com.

Cybercrime is everywhere, and is out of control and we hear about it every single day.

Cybercrime is to reach 6 trillion dollars in 2021 as against 3 trillion in 2016.

How would you know if your security is already compromised?

In most of the recent cases, no one even knew that their data were stolen until months passed. That means todays cyber criminals are very much organised, coordinated and work according to a certain standard. 

What if the door to your key is already cut and kept by a thief and you are not aware of it?

What if your employees are already accessing information which they are not supposed to access in your database?

Today, security has become digital, and the criminals are white collar workers who have bachelor degrees in ICT who go to work from 9 to 5 like most of us do.

Yes, todays career criminals don’t look scary, and they don’t carry weapons, they don’t;

The only weapon in their pocket is the vulnerability in your locket. 

According to the United Nations, 80% of the cybercrime are a result of ultra organised, highly sophisticated crime group’s activities.

Cyber criminals made an estimated illegal profits up to 445 billion dollars last year which is larger than the GDP of 160 nations, and most of these incidents were a result of internal breaches which were done by employees of companies.

Sri Lankan companies are at higher risk as either most of the ICT security specialists are either not competent or unaware of the security threats which are prevalent in the Sri Lankan ICT infrastructure.

For instance many Sri Lankan financial institutions don’t have basic two factor authentication, and that means, the financial data of the customers could be easily breached without any serious hacking attempts.

 

Another security hole is that the websites of many financial institutions which give access to customers online for transactions can be easily hacked through browser level trojans and malware which are designed to steal online information.

These issues have been rather neglected or not highlighted as these will scare away customers from using online facilities.

Most financial institutions do not share information on breaches as this could lead to legal issues or may give competitive advantage to their counterparts.

For instance there is no public record or archive of breaches for other financial institutions to learn from breaches due to fear of being legal action taken against them from customers.

Just like the telecommunication industry steal money from unsuspecting customers due to various VAS features which customers don’t enable, financial institutions are also sometimes unable to disclose important security failures occurring from their end which may illicit very smaller amounts of money from customers accounts without anyones awareness.

In such instances what ever the industry dealing with peoples intimate financial details must strengthen their belts on security to be ahead of organised cyber criminals by implementing advanced security protocols which are rather difficult to breach.

We live in an era in which what ever the the security measure we take to protect is important.

After all, its just not about business anymore, its our life and the lives of our loved ones we protect.

25th May 2018. Marks the Day GDPR comes into Effect

25TH MAY 2018

TODAY MARKS THE GDPR COMES INTO EFFECT

DAMAGES TO YOUR ORGANIZATION FOR NON-COMPLIANCE IS IRREVERSIBLE

GDPR is a new EU legislation introducted affecting
190+ countries including sri lanka

If your organization is providing any type of service to EU citizens  residents and dealing with their personal data including contact information, if non complaint with GDPR you are liable to be fined.

An organization must brace itself in Technological and process angles utilizing advanced Data Leak Prevention technologies to safeguard EU citizens personal data. A company must be able to safely store, retrieve, and delete any data held in their possession with the full consent of the data owner.

Our solutions addresses the Articles 25, 30, 32, 33, 34 & 37 of the GDPR requirements dealing with Data Protection by Design and by Default, Records Processing, Security of Processing, Notification of Personal Data Breach (to Supervisory Authority and Personal Data Subject), Designation of the Data Protection Officer and thereby strengthens any organization from breach and ensures compliance.

 

GDPR IS HERE ARE YOU READY?

General Data Protection Regulation is here are you ready?

If your organization is dealing with any EU citizens’ personal data, if non complaint with GDPR you could be liable. Failure to comply with the new rules could result in fines of €20m (or 4% of total annual global turnover) which ever is higher.

If you are now aware of GDPR, and your organization or your partners deal with the data of EU citizens or residents, your organization is in danger.

Talk to us. We are able to help your organization to comply
+94 723 100 200  |  info@exiretechnologies.com

USA’s SnoopWall Inc. signs technology distribution partnership with Exire Technologies.

In a groundbreaking move, Exire Technologies Ltd., a subsidiary of Shifting Lifestyles Ltd., has launched NetSHIELD, the world’s first breach prevention security technology of SnoopWall Inc; a US-based company delivering a suite of products from enterprise to endpoint, protecting all computing devices, networks from prying eyes and new threats through patented cloaking technology.

SnoopWall’s NetSHIELD was featured in Gartner Report as one of the leading Network Access Control Devices (NAC) which uses agentless technology.

Baseline Security Standard for Information Security Management Assurance Guideline (BSS) of Central Bank of Sri Lanka (CBSL) identifies the importance of strengthening the security in ICT infrastructure in the financial sector which could prevent financial fraud.

NetSHIELD addresses the mission critical security factors which are identified by BSS which is the standard established in collaboration with CBSL, Sri Lanka Computer Emergency Readiness Team Coordination Centre (Sri Lanka CERT|CC) and the Sri Lanka Bank’s Association (SLBA).

While financial institutions are vulnerable to even greater threats now, deploying NetSHIELD is the need of the hour to prevent security breaches whilst adhering to International security standard features addressed in the ISO 27001.

 

SnoopWall’s NetSHIELD is the next generation agentless NAC appliance that protects corporate networks against internal intrusion and malicious insiders by effectively managing access of devices into corporate networks. NetSHIELD’s pre-cognition engine is designed to quarantine an endpoint prior to infection. A proprietary mechanism ensures quarantining with zero-false positives. 

Nishan Wimalachandra, CEO – Exire Technologies Ltd. – Snoopwall’s Technology Partner in Sri Lanka, Bangladesh and the Maldives stated, “Until I saw how SnoopWalls NetShield works, I did not realize that Sri Lankan companies’ ICT Infrastructure was alarmingly vulnerable, including the Telecommunication Industry as well as the Financial sector.” He added,” 

I strongly think that this is a serious concern as most recent incidents in the Financial sector were internal security breaches which could have been prevented if the right technology was deployed.”

He further added, “We live in a highly competitive world, where information security is the key to success, and the technology introduced by Snoopwall can protect the organizations’ integral ICT infrastructure from even employees. Considering that this technology is already deployed in over 32 countries, now Sri Lanka too can reap its benefits.”

Source : Daily F