|
We want your nominations!
As the countdown to the 2021 Computing Security Awards begins, we want you to nominate the companies, products and services that have impressed them most in the past 12 months
You may want to reflect on some of the following criteria, for example, in reaching your verdict:
• Which companies have helped to secure your organisation's digital infrastructure over the past year?
• What Cyber Security products/services have most impressed you?
• Are you a Cyber Security company who is proud of the service or technology you have provided for your customers?
Go to the awards nominations page now – computingsecurityawards.co.uk. The nominations phase will remain open until Friday, 24 September, but please make your choices now – time soon flies and we don’t want to miss out on your selections.
The winners and runners-up will be revealed at the Computing Security Awards Ceremony in London on Thursday, 2 December, 2021.
Yes, it’s back - and it's live!
CS AWARDS 2021 – KEY DATES:
• Nominations close - 24 September
• Finalists announced & voting opens - 1 October
• Voting closes - 19 November
• Awards Ceremony, London - 2 December
How Northern Ireland is helping to build a cyber-secure future
Special Focus | September 2021
A small, nascent cluster of native businesses has been nurtured into a global centre of excellence
Covid-19 attack surge
Feature | September 2021
As business have adopted to new ways of working, the COVID-19 pandemic has exposed them to more and increasingly sophisticated cyber-attacks, and brought underfunded cyber defences into the spotlight.
Same victims hit multiple times
Comment | September 2021
Of all the organisations hit by attacks relating to ransom-related distributed denial of service – RDDoS – 70% had been targeted multiple times
Finger on the button
Feature | September 2021
Jump in demand for biometric authentication in consumer and enterprise PCs
Adding Multi-Factor Authentication to Windows Logon
Feature | September 2021
One key area of security that can often be overlooked is the authentication to the laptop or the server itself, cautions SecurEnvoy's Michael Urgero
More than a roll of the dice
Feature | September 2021
Making assumptions can be a big mistake – yet sometimes it can pay off handsomely. Paul Harris, Managing Director, Pentest Limited, explains
How to disrupt the kill-chain
Industry View | September 2021
It might take only minutes for a cybercriminal to break into your network – so how do you ensure they never get that far?
ADISA sets the Standard
News | September 2021
ADISA Asset Recovery Standard 8.0 formally approved by UK Information Commissioner's Office
|
|
|
Comment
Welcome to the September 2021 issue of your Computing Security Newsletter.
A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer, according to Bleeping Computer. The threat actor claims these VPN credentials are still valid, despite the fact the exploited Fortinet vulnerability has since been patched.
This leak is a serious incident, as the VPN credentials could allow threat actors to access a network to perform data exfiltration, install malware and perform ransomware attacks. The list of Fortinet credentials was leaked for free by a threat actor known as 'Orange,' who is the administrator of the newly launched RAMP hacking forum and a previous operator of the Babuk Ransomware operation. Analysis on the credentials revealed that they are all Fortinet VPN servers and the IP addresses are for devices worldwide.
According to Jake Moore, cybersecurity specialist at global cybersecurity firm ESET:."The whole point of a VPN is to remain secure and private, making this breach slightly embarrassing - even though it has since been patched. Hopefully, those using VPNs understand the nature of security and these particular credentials will not be the same as any used elsewhere on the web. However, if you are an administrator of Fortinet VPN servers, it is vital these passwords are changed and you check the recent logs."
This will likely damage the community of advocates promoting VPNs as a staple in cybersecurity, but hopefully it won’t discourage people from using them, adds Moore. “With current threats coming in all directions, it is far safer to use a VPN, as it is better to prevent attacks with more tools, rather than worry about them becoming an exploitable target.”
With best wishes…
Brian Wall, Editor
Computing Security
To make sure you get your copy of the Newsletter emailed to you personally, every time, click here to register.
Follow us :
|
|
