Eligible organisations invited to join cyber-security group

International Airport Review | July 24, 2019

Eligible organisations invited to join cyber-security group
The European Centre for Cybersecurity in Aviation (ECCSA) has opened its doors to eligible organisations that would like to become members of the knowledge centre and information-sharing network, which was established two years ago to counter the threats to aviation posed by cyber-attacks. Industry-wide cooperation on cyber-security matters is particularly important in the aviation sector as most aviation services can only be offered with the contribution of many stakeholders. The vulnerabilities of one actor can therefore affect other organisations, who must be aware of a potential threat. This in turn increases the overall level of protection. ECCSA was initiated in response to a call to action by the European Commission and aviation stakeholders and is supported by the European Union Aviation Safety Agency (EASA). A further 12 founder members represent all aspects of the aviation industry in Europe: Airbus, Air France/KLM, Brussels Airport, the Civil Aviation Authority of the Republic of Poland, ENAV S.p.A., EUROCONTROL, Finnair, Frankfurt Airport, Leonardo S.p.A., Lufthansa Group, NAV Portugal and Thales Group.

Spotlight

Information security analysts plan and carry out security measures to protect an organization’s computer networks and systems. Their responsibilities are continually expanding as the number of cyberattacks increases. Most information security analyst positions require a bachelor’s degree in a computer-related field. Employers usually prefer to hire analysts with experience in a related occupation.

Related News

Niagara Networks to Provide Agile Deployment for In-line Cybersecurity to a Major Middle East Service Provider

Niagara Networks | July 08, 2020

Niagara Networks , the Open Visibility Platform pioneer, today announced that a prominent Middle East service provider has selected a Niagara Networks solution to serve as an agile deployment point for in-line cybersecurity solutions in its network edge data centers to protect its operations and customers. The Niagara Networks appliances enable direct flow of network traffic of varying rates—up to 100 gigabits per second—to flow through the cybersecurity systems with the ability to bypass them based on various conditions, including power failure or the security systems not being available."Service Providers simultaneously need to ensure the highest levels of security and performance, and they need agility to adapt to the latest challenges," said Stuart Howe, sales director EMEI, Niagara Networks. "Niagara Networks uniquely provides the agility service providers need with the performance and reliability designed for the most demanding networks in the world."In each of the Provider's data centers, the Niagara Networks appliances primarily operate as a bypass switch, enabling plugging in any cybersecurity or networking solution for in-line processing of network traffic with the capacity to quickly bypass the solution as necessary. The bypass capability also enables seamless installation or maintenance of the in-line solutions without any disruption to the network. Niagara Networks bypass technology enables NetOps and SecOps teams to upscale network and security design and implementation across the country. The Niagara solution enabled highly flexible configurations for long-range fiber optic lines, thus saving CAPEX on additional network elements, while simplifying operational rollout of Advanced Threat Protection platforms at 100Gbps wire speeds.

Read More

Cisco's 6 Unpatched Internal Servers Compromised

Cisco | June 01, 2020

Cisco's six servers that were compromised are used to support Internet Routing Lab Personal Edition, or VIRL-PE, and Modeling Labs Corporate Edition . The exploitability of the vulnerabilities in the six servers depends upon how the products that the servers' support are enabled. We expect that any competent hacker will be able to create 100% reliable exploits for these issues in under 24 hours. Six internal servers that Cisco uses to support its virtual networking service were compromised earlier this month after the company failed to patch two SaltStack zero day vulnerabilities, according to a security advisory sent to customers this week. Cisco gave no details on exactly what, if any, damage was done as a result of the attacks, but said a "limited set of customers" was impacted. If exploited, these zero-day vulnerabilities potentially could have allowed an attacker to gain full remote code execution within the servers. In its Thursday advisory, Cisco states that on April 29, the Salt Open Core team informed those using the SaltStack open-source configuration management and orchestration tool about two critical-rated vulnerabilities, an authentication bypass flaw, CVE-2020-11651, and a directory traversal problem, CVE-2020-11652. Cisco applied the patch in May, and a limited set of customers were impacted by exploitation attempts of the vulnerability," a company spokesperson tells Information Security Media Group. Despite this warning, Cisco placed six servers in service on May 7 that were not patched against these vulnerabilities, and the servers were immediately attacked, the company acknowledges. The vulnerabilities in SaltStack were originally uncovered by security firm F-Secure, which describes them as allowing an attacker "to bypass all authentication and authorization controls and publish arbitrary control messages, read and write files anywhere on the 'master' server file system and steal the secret key used to authenticate to the master as root. The impact is full remote command execution as root on both the master and all minions that connect to it. Read more: COVID-19 PANDEMIC MOVES ORGANIZATIONS TO INCREASE CYBERSECURITY SPENDING A software component of the Cisco Virtual Internet Routing Lab service was affected by a third-party software vulnerability that was disclosed in late April. Cisco applied the patch in May, and a limited set of customers were impacted by exploitation attempts of the vulnerability. ~ Information Security Media Group. SaltStack published its own advisory on April 20 and patched the vulnerabilities the following week with the release of versions 2019.2.4 and 3000.2, Alex Peay, a senior vice president at SaltStack, tells ISMG. Cisco's six servers that were compromised are used to support Internet Routing Lab Personal Edition, or VIRL-PE, and Modeling Labs Corporate Edition, or CML, a platform that enables engineers to emulate various Cisco operating systems, including IOS, IOS XR, and NX-OS, Cisco says in the advisory. The exploitability of the vulnerabilities in the six servers depends upon how the products that the servers' support are enabled. Attackers will often review the code and look at what changes have been made in a patch or release update to determine how the fix was applied. The company advises those using Cisco CML and Cisco VIRL-PE software releases 1.5 and 1.6, which have the salt-master service reachable on TCP ports 4505 and 4506, to inspect the software for compromise, re-image it and then patch it with the latest update. We expect that any competent hacker will be able to create 100% reliable exploits for these issues in under 24 hours," F-Secure says. Peay of SaltStack added that exploits immediately began to show up after the patches were released and publicized as malicious actors attempted to take advantage of the zero-day vulnerabilities before companies were able to install patches. Scott Caveza, research engineering manager at the security firm Tenable, offers a quick rundown of how threat actors use patch information to crack a system. Then working backwards, they can use this information to develop a working exploit and begin scanning and probing for targets across the internet. SaltStack went to great lengths to communicate the problem to its users and offer tools so mitigation efforts were conducted properly, Peay says. This included direct assistance for those lacking skills handling SaltStack along with a service that would scan to validate that the patches were properly applied, he adds. Some security experts question why Cisco did not immediately patch its servers when it was notified of the zero day vulnerabilities. "There are management tools that can help with the automation of checking, but even that requires someone setting it up to check for a version of software on a set of servers, so in the end it's the IT person who has to do the work," says Jayant Shukla, CTO and co-founder of K2 Cyber Security. Caveza of Tenable notes identifying systems that need a patch involves IT staff checking the version of SaltStack and verifying that versions 2019.2.4, 3000.2 or later have been applied. He points out that plugins are available to assist with this task. Read more: AI IS CRITICAL FOR AUTOMATION OF CYBERSECURITY THREAT DETECTION AND PREVENTION

Read More

DATA SECURITY

Cybriant to Launch CybriantXDR, a Complete Solution forThreat Detection and Remediation

Bineesh Mathew | June 08, 2021

A leader in managed cybersecurity services, Cybriant, announced recently the launch of CybriantXDR, an extended threat remediation and detection service. CybriantXDR is a complete cyber security solution that delivers extensive visibility across an establishment’s network, endpoints, and cloud workloads. By giving a more comprehensive picture of the setting, this service allows improved detection and more effective remediation of threats as compared to old-style methods. By using CybriantXDR tools, which comprise of behavioural analytics and machine learning algorithms, the Cybriant security analysts constantly screen the telemetry from an administration’s whole threat landscape. This thorough level of acumen offers a more exact level of uncovering across a broader range of possible threats. Another benefit of CybriantXDR is compliance. By mixing SIEM capabilities with vulnerability management technologies organizations and next generation EDR can attain compliance with most normal regulations and public security frameworks. The objective of CybriantXDR is to professionally make a combined threat analysis so our safety team can implement more alert and more effective detection and remediation of doubtful actions.

Read More

Spotlight

Information security analysts plan and carry out security measures to protect an organization’s computer networks and systems. Their responsibilities are continually expanding as the number of cyberattacks increases. Most information security analyst positions require a bachelor’s degree in a computer-related field. Employers usually prefer to hire analysts with experience in a related occupation.