How can governments and public authorities protect themselves against cyber attacks? Officials from EU and NATO institutions, representatives of the member states and providers of security solutions will gather at the Cyber Resilience Conference in Brussels on 20 February 2018 to discuss that question – and Greenbone will also be there.
The one-day conference “Under Cyber Attack – How to Immunize Government” will address three subject areas: First, there is a look at the status quo: What are currently the greatest cyber threats governments are facing and what is their resilience to them like? New security technologies will then be presented and subjected to a thorough joint examination. The final session then offers the chance to look outside the box: Apart from state-of-the-art technologies, what else is needed to make IT systems secure? One example would be to enhance employees’ awareness of security-related issues.
Not least, the conference also aims to force a rethink: The goal is not to establish an impregnable stronghold protecting your own IT landscape – such a system would be nowhere near agile enough. Instead, IT must be made resilient to attacks from outside. Technologies such as vulnerability management are vital here. An iterative process identifies the places in the system that are not adequately protected against external attacks at the moment and provides recommendations on how to remedy that. This process will be indispensable for governments in the future if they want to protect themselves and their citizens against ransomware and the like. After all, administrative processes are increasingly being digitized – and that ultimately means that a country’s democratic system is also at stake in the face of threats from cyber attacks. The persons responsible must take action to counter that now. We look forward to an exciting dialogue in Brussels!
https://www.greenbone.net/wp-content/uploads/01_Logo-mit-Schriftzug_500px_on_white_horiz1.jpg00Dirk Schraderhttps://www.greenbone.net/wp-content/uploads/01_Logo-mit-Schriftzug_500px_on_white_horiz1.jpgDirk Schrader2018-02-07 11:45:042018-02-07 11:55:05Protection against cyber attacks for governments: Greenbone at the Cyber Resilience Conference in Brussels
Currently, reports are accumulating about insecure processors that have been used for years. The two attack scenarios, Meltdown and Spectre exploit these vulnerabilities. Especially explosive: Every operating system on which more than one user is working is affected. Thus the “unprivileged user” is able to read each memory area of the RAM, as long as he can run the software at the system. An attacker can do this by placing malicious code on a website called from a web browser.
How massive the scale really is becomes clear when you realize that the vulnerability “Meltdown” affects every Intel-CPU since the Pentium II in 1997. Furthermore, “Spectre” affects ARM and AMD microprocessors. with similar influence to PCs, laptops, tablets, servers and smartphones. By taking advantage of these gaps, hackers are able to avoid barriers between user program and RAM to extract sensitive data such as passwords.
Cloud solutions are also affected: Office 360 or AWS data can be read by unauthorized users, as they usually are not encrypted in RAM. As long as Microsoft, Amazon and IBM have not patched and restarted their entire clouds, cloud applications should not be used for confidential information.
Greenbone‘s solution is protected
The Greenbone Security Manager is not affected by these vulnerabilities! Our authorization concept and system hardening does not allow users to exploit the proof-of-concept gap. In addition, since JAN 5th 2018 the security feed of our solution identifies unpatched systems and supports the user to quickly recognize and remediate the vulnerabilities.
https://www.greenbone.net/wp-content/uploads/01_Logo-mit-Schriftzug_500px_on_white_horiz1.jpg00Lukas Grunwaldhttps://www.greenbone.net/wp-content/uploads/01_Logo-mit-Schriftzug_500px_on_white_horiz1.jpgLukas Grunwald2018-01-08 12:47:042018-01-25 14:06:34Being among the most widespread and biggest security gaps in IT history:
31 million users of Ai.type entrusted their personal data to the app provider. It turned out to be a bad idea. A huge security leak handed user data – i.e. names, email addresses, IMEI and phone numbers, as well as contacts directories – to hackers, spammers and cyber criminals on a silver platter.
You can only shake your head when you read news like the data leak from the app Ai.type. The developer simply forgot to secure a MongoDB database that was 577 GB in size and thus threw the gates wide open for information thieves. Admittedly, everybody knows that mistakes can happen. The more serious element is the second failure: It seems the app provider had not implemented any security measures or test mechanisms to detect vulnerabilities like that – before they can be exploited by attackers.
However, preventive security tools have long been part of standard security strategies to secure the IT network. This also includes a comprehensive vulnerability management tool that continuously checks the IT infrastructure, detects and reports vulnerabilities to those who are in charge of. This way, an open database like the one in Ai.type would have been noticed very fast. Let’s hope that other providers deal with sensitive customer data in a much more responsible way. From next May onwards at the latest, there will be even more reasons to do so as the GDPR will come into force and costly penalties can be imposed.
https://www.greenbone.net/wp-content/uploads/01_Logo-mit-Schriftzug_500px_on_white_horiz1.jpg00Lukas Grunwaldhttps://www.greenbone.net/wp-content/uploads/01_Logo-mit-Schriftzug_500px_on_white_horiz1.jpgLukas Grunwald2017-12-18 11:31:212017-12-18 11:31:21Please help yourself: When app providers leave the door open for attackers
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.OKMore info
Protection against cyber attacks for governments: Greenbone at the Cyber Resilience Conference in Brussels
/in Blog, News /by Dirk SchraderHow can governments and public authorities protect themselves against cyber attacks? Officials from EU and NATO institutions, representatives of the member states and providers of security solutions will gather at the Cyber Resilience Conference in Brussels on 20 February 2018 to discuss that question – and Greenbone will also be there.
The one-day conference “Under Cyber Attack – How to Immunize Government” will address three subject areas: First, there is a look at the status quo: What are currently the greatest cyber threats governments are facing and what is their resilience to them like? New security technologies will then be presented and subjected to a thorough joint examination. The final session then offers the chance to look outside the box: Apart from state-of-the-art technologies, what else is needed to make IT systems secure? One example would be to enhance employees’ awareness of security-related issues.
Not least, the conference also aims to force a rethink: The goal is not to establish an impregnable stronghold protecting your own IT landscape – such a system would be nowhere near agile enough. Instead, IT must be made resilient to attacks from outside. Technologies such as vulnerability management are vital here. An iterative process identifies the places in the system that are not adequately protected against external attacks at the moment and provides recommendations on how to remedy that. This process will be indispensable for governments in the future if they want to protect themselves and their citizens against ransomware and the like. After all, administrative processes are increasingly being digitized – and that ultimately means that a country’s democratic system is also at stake in the face of threats from cyber attacks. The persons responsible must take action to counter that now. We look forward to an exciting dialogue in Brussels!
Being among the most widespread and biggest security gaps in IT history:
/in Blog /by Lukas GrunwaldSpectre and Meltdown cause trouble worldwide
Currently, reports are accumulating about insecure processors that have been used for years. The two attack scenarios, Meltdown and Spectre exploit these vulnerabilities. Especially explosive: Every operating system on which more than one user is working is affected. Thus the “unprivileged user” is able to read each memory area of the RAM, as long as he can run the software at the system. An attacker can do this by placing malicious code on a website called from a web browser.
How massive the scale really is becomes clear when you realize that the vulnerability “Meltdown” affects every Intel-CPU since the Pentium II in 1997. Furthermore, “Spectre” affects ARM and AMD microprocessors. with similar influence to PCs, laptops, tablets, servers and smartphones. By taking advantage of these gaps, hackers are able to avoid barriers between user program and RAM to extract sensitive data such as passwords.
Cloud solutions are also affected: Office 360 or AWS data can be read by unauthorized users, as they usually are not encrypted in RAM. As long as Microsoft, Amazon and IBM have not patched and restarted their entire clouds, cloud applications should not be used for confidential information.
Greenbone‘s solution is protected
The Greenbone Security Manager is not affected by these vulnerabilities! Our authorization concept and system hardening does not allow users to exploit the proof-of-concept gap. In addition, since JAN 5th 2018 the security feed of our solution identifies unpatched systems and supports the user to quickly recognize and remediate the vulnerabilities.
Please help yourself: When app providers leave the door open for attackers
/in Blog /by Lukas Grunwald31 million users of Ai.type entrusted their personal data to the app provider. It turned out to be a bad idea. A huge security leak handed user data – i.e. names, email addresses, IMEI and phone numbers, as well as contacts directories – to hackers, spammers and cyber criminals on a silver platter.
You can only shake your head when you read news like the data leak from the app Ai.type. The developer simply forgot to secure a MongoDB database that was 577 GB in size and thus threw the gates wide open for information thieves. Admittedly, everybody knows that mistakes can happen. The more serious element is the second failure: It seems the app provider had not implemented any security measures or test mechanisms to detect vulnerabilities like that – before they can be exploited by attackers.
However, preventive security tools have long been part of standard security strategies to secure the IT network. This also includes a comprehensive vulnerability management tool that continuously checks the IT infrastructure, detects and reports vulnerabilities to those who are in charge of. This way, an open database like the one in Ai.type would have been noticed very fast. Let’s hope that other providers deal with sensitive customer data in a much more responsible way. From next May onwards at the latest, there will be even more reasons to do so as the GDPR will come into force and costly penalties can be imposed.