Discount Offers

Personal Self Defence Spray UK's No1 Spray Legal Pepper Spray Clone UK Sale Only

£22.99
End Date: Sunday Mar-18-2018 9:46:38 GMT
Buy It Now for only: £22.99
Buy It Now | Add to watch list

SIA Licensed Security Tie Pin Badge K4S® Exclusive Design

£5.75
End Date: Sunday Mar-11-2018 19:04:15 GMT
Buy It Now for only: £5.75
Buy It Now | Add to watch list

Bomber Jacket Black Bouncer Security Door Supervisor

£35.99
End Date: Tuesday Mar-20-2018 16:26:22 GMT
Buy It Now for only: £35.99
Buy It Now | Add to watch list

Combat Trousers Security Bouncer Police Security Door Supervisor

£19.19
End Date: Tuesday Mar-20-2018 16:47:09 GMT
Buy It Now for only: £19.19
Buy It Now | Add to watch list
0024505
Visit Today : 1
Visit Yesterday : 1
This Month : 20
This Year : 51
Total Visit : 24505
Hits Today : 255
Total Hits : 4420692
Who's Online : 1

Kent

Reference Library – England – Kent

Global security crackdown, a host of code nasties, Brit cops mocked, and more

Roundup Here’s a summary of this week’s security news beyond what we’ve already reported1.

At the Munich Security Conference in Germany, major companies, including Siemens, Airbus, Allianz, Daimler Group, IBM, NXP, SGS and Deutsche Telekom, signed a Charter of Trust for cybersecurity . The signatories were joined by El bieta Bie kowska, the EU Commissioner for Internal Market, Industry, Entrepreneurship and Small- and Medium-sized Enterprises, and Canada’s foreign minister and G7 representative Chrystia Freeland.

The charter2 has ten rules that signatories both commercial and governmental must follow, including having a chief information officer, getting independent third-party security testing of critical infrastructure, sharing of threat data and building in not only security but also patching and upgrading capabilities to all Internet of Things devices.

“We’re eating our own dog food on this,” said Siemens president and CEO Joe Kaeser. “Siemens is in the top ten programming companies in the world and we will be adhering to the charter in all areas.”

Kaeser floated the idea at the World Economic Forum in Davos this year, and said the response from companies and governments had been very promising . But that it was clear that something had to be done on security, he said. Part of the problem is that regulators are always playing catch-up with technology, he said . Bitcoin was a perfect example, with Kaeser calling it “the biggest money laundering scheme ever invented.”

How well the charter will work depends entirely on how many people sign up and whether or not the big players take part . In particular, the Chinese government needs to be on board, and that could be a stretch.

Spectre, coin theft and scammers oh my!

The industry is still sorting out the kerfuffle of the Spectre processor flaws and there was more movement this week. Microsoft added Spectre tools to Windows Analytics, which will be welcomed by admins, and some boffins made weaponized exploit code to exploit the weakness (don’t worry the code is under wraps). Now virtual machines are also getting their act in order . The latest build (2.11.1) of the QEMU hypervisor will protect against a Spectre attack for x86 KVM guests, pseries and s390x guests .

The work was pushed up the priority list to allow for safer virtualization.

“What is being addressed here is enabling a guest operating system to enable the same (or similar) mitigations to protect itself from unprivileged guest processes running under the guest operating system,” the advisory states3.

“Thus, the patches/requirements listed here are specific to that goal and should not be regarded as the full set of requirements to enable mitigations on the host side (though in some cases there is some overlap between the two with regard to required patches/etc).”

While digital currency prices continue to go up and down like the Assyrian empire, it’s clear that the scummier parts of the internet are taking note . Cisco’s Talos security team found an interesting piece of malware that may have netted its operators many millions in virtual currency. Dubbed Coinhoarder, the attack uses a fake blockchain.info login page to harvest credentials and drain virtual wallets . What made this unusual is that the phishers are using Google Adwords to promote their products in specific locations, primarily Eastern Europe.

“While working with Ukraine law enforcement, we were able to identify the attackers’ Bitcoin wallet addresses and thus, we could track their activity for the period of time between September 2017 to December 2017,” the Talos team said4. “In this period alone, we quantified around $10m was stolen . In one specific run, they made $2m within 3.5 week period.”

The team thinks the gang behind the phishing attack has been operating for at least three years . Back when Bitcoin wasn’t worth much, it would have provided some income . But the rising price of Bitcoin seems to have given the crooks more money to play with and ply their wares.

Brit plod rocked

Finally, British police were left red-faced after the ringleader of a card skimming operation fled his trial the UK and has begun uploading the blueprints for his devices to mock his former captors . Alexandru Sovu, 39, was sentenced to 11 years in prison in absentia and is believed to be in Romania or China.

“He has released the methods he used on the internet . This will allow fraudsters to build their own scams,” said5 Judge Rajeev Shetty. “He has shown breathtaking arrogance and put two fingers up to law and order.”

Sovu came to the UK from Romania as a software engineer but was laid off in 2008 . He then developed hardware to install in ATMs and grab card data and PINs and the card creating machinery to exploit the accounts of his victims. The kit he developed was of very high quality, the court heard, and was easy to install .

With the blueprints now out there, be very careful when using your cards.

References

  1. ^ we’ve already reported (www.theregister.co.uk)
  2. ^ The charter (www.siemens.com)
  3. ^ states (www.qemu.org)
  4. ^ said (blog.talosintelligence.com)
  5. ^ said (www.dailymail.co.uk)

Global security crackdown, a host of code nasties, Brit cops mocked …

Roundup Here’s a summary of this week’s security news beyond what we’ve already reported1.

At the Munich Security Conference in Germany, major companies, including Siemens, Airbus, Allianz, Daimler Group, IBM, NXP, SGS and Deutsche Telekom, signed a Charter of Trust for cybersecurity . The signatories were joined by El bieta Bie kowska, the EU Commissioner for Internal Market, Industry, Entrepreneurship and Small- and Medium-sized Enterprises, and Canada’s foreign minister and G7 representative Chrystia Freeland.

The charter2 has ten rules that signatories both commercial and governmental must follow, including having a chief information officer, getting independent third-party security testing of critical infrastructure, sharing of threat data and building in not only security but also patching and upgrading capabilities to all Internet of Things devices.

“We’re eating our own dog food on this,” said Siemens president and CEO Joe Kaeser. “Siemens is in the top ten programming companies in the world and we will be adhering to the charter in all areas.”

Kaeser floated the idea at the World Economic Forum in Davos this year, and said the response from companies and governments had been very promising . But that it was clear that something had to be done on security, he said. Part of the problem is that regulators are always playing catch-up with technology, he said . Bitcoin was a perfect example, with Kaeser calling it “the biggest money laundering scheme ever invented.”

How well the charter will work depends entirely on how many people sign up and whether or not the big players take part . In particular, the Chinese government needs to be on board, and that could be a stretch.

Spectre, coin theft and scammers oh my!

The industry is still sorting out the kerfuffle of the Spectre processor flaws and there was more movement this week. Microsoft added Spectre tools to Windows Analytics, which will be welcomed by admins, and some boffins made weaponized exploit code to exploit the weakness (don’t worry the code is under wraps). Now virtual machines are also getting their act in order . The latest build (2.11.1) of the QEMU hypervisor will protect against a Spectre attack for x86 KVM guests, pseries and s390x guests .

The work was pushed up the priority list to allow for safer virtualization.

“What is being addressed here is enabling a guest operating system to enable the same (or similar) mitigations to protect itself from unprivileged guest processes running under the guest operating system,” the advisory states3.

“Thus, the patches/requirements listed here are specific to that goal and should not be regarded as the full set of requirements to enable mitigations on the host side (though in some cases there is some overlap between the two with regard to required patches/etc).”

While digital currency prices continue to go up and down like the Assyrian empire, it’s clear that the scummier parts of the internet are taking note . Cisco’s Talos security team found an interesting piece of malware that may have netted its operators many millions in virtual currency. Dubbed Coinhoarder, the attack uses a fake blockchain.info login page to harvest credentials and drain virtual wallets . What made this unusual is that the phishers are using Google Adwords to promote their products in specific locations, primarily Eastern Europe.

“While working with Ukraine law enforcement, we were able to identify the attackers’ Bitcoin wallet addresses and thus, we could track their activity for the period of time between September 2017 to December 2017,” the Talos team said4. “In this period alone, we quantified around $10m was stolen . In one specific run, they made $2m within 3.5 week period.”

The team thinks the gang behind the phishing attack has been operating for at least three years . Back when Bitcoin wasn’t worth much, it would have provided some income . But the rising price of Bitcoin seems to have given the crooks more money to play with and ply their wares.

Brit plod rocked

Finally, British police were left red-faced after the ringleader of a card skimming operation fled his trial the UK and has begun uploading the blueprints for his devices to mock his former captors . Alexandru Sovu, 39, was sentenced to 11 years in prison in absentia and is believed to be in Romania or China.

“He has released the methods he used on the internet . This will allow fraudsters to build their own scams,” said5 Judge Rajeev Shetty. “He has shown breathtaking arrogance and put two fingers up to law and order.”

Sovu came to the UK from Romania as a software engineer but was laid off in 2008 . He then developed hardware to install in ATMs and grab card data and PINs and the card creating machinery to exploit the accounts of his victims. The kit he developed was of very high quality, the court heard, and was easy to install .

With the blueprints now out there, be very careful when using your cards.

References

  1. ^ we’ve already reported (www.theregister.co.uk)
  2. ^ The charter (www.siemens.com)
  3. ^ states (www.qemu.org)
  4. ^ said (blog.talosintelligence.com)
  5. ^ said (www.dailymail.co.uk)

12m security bill for North East hospitals as thousands of staff and …

Health bosses have spent more than 12million on security in the last five years amid a rise in attacks on NHS staff and patients. A total of 4,249 physical and non-verbal assaults were recorded at hospitals in the North East between April 2012 and March last year – an average of two a day.

NHS1 chiefs said attacks on its workers and patients were completely unacceptable . Figures released through a Freedom of Information request show The Newcastle Hospitals NHS Foundation Trust spent 5,083,009 on security during the five years.

And the trust, which runs Royal Victoria Infirmary2 and Freeman Hospital3, recorded 208 physical incidents in 2012, but this rose to 249 five years later – a 20% increase. A trust spokesman said: The safety of our patients and staff is the trust s first priority and we take any incidents of aggression or violence towards staff very seriously.

The trust s annual security spend covers the security provision for all of our hospital sites and we have a number of schemes in place to help maintain the safety and wellbeing of our patients and staff.

Read More

The County Durham and Darlington NHS Foundation Trust, which spent 3,107,252 on security, saw a huge 61% increase in the number of physical attacks at its hospitals. It recorded 147 incidents in 2012/13 but 238 assaults were reported five years later.

The RVI in Newcastle

A trust spokesman said: Our security team works around the clock, seven days a week, and has a number of responsibilities, principally protecting our buildings and facilities across several sites.

No one should ever feel at risk of attack while at work and we take the safety of our colleagues very seriously . We have policies, guidance and support in place designed to ensure they are kept as safe as possible.

We also have robust processes for the occasions when they feel threatened to give them appropriate help and support quickly. The figures show the City Hospitals Sunderland NHS Foundation Trust spent 3,073,082 on security over five years, while 699 physical and non-verbal attacks were reported.

Meanwhile, the South Tyneside NHS Foundation Trust said its security budget is set a 400,000 a year, meaning it could have spent up to 2m between April 2012 and March last year. During this period, health bosses recorded 553 incidents at its hospitals.

Queen Elizabeth Hospital in Gateshead

A joint statement from the South Tyneside and Sunderland Healthcare Group, which runs hospital services in South Tyneside and Sunderland, said: The safety and security of our patients, visitors and staff is always a priority and we have security measures in place 24 hours a day, 365 days a year at South Tyneside District Hospital4, Sunderland Royal Hospital and Sunderland Eye Infirmary.

We do not tolerate violent or abusive behaviour of any kind across our organisations and take a very proactive approach to make sure that we meet the highest security standards and protect people within our care.

The majority of security incidents reported are minor, but we have robust security procedures in place to ensure that any incident can be dealt with quickly and by working closely with the police where necessary.

Read More

The figures also revealed Gateshead Health NHS Foundation Trust, which runs the Queen Elizabeth Hospital, spent 1.504,692 on security and recorded 780 incidents. Andy Colwell, who manages facilities and security at QE Gateshead, said: Our security team play a vital role in the hospital in protecting staff from abuse, but also providing support and assistance to the public.

It s important to note that a large proportion of violence against NHS staff in Gateshead is by patients who are unwell with diminished capability, so we need to provide specialist support, training and the appropriate level of intervention and protection .

At the hospital we also have a full range of panic alarms, security equipment and CCTV to help ensure the safety of staff and the public.

The Northumbria Healthcare NHS Foundation Trust refused to disclose how much money it spent on security.

References

  1. ^ NHS (www.chroniclelive.co.uk)
  2. ^ Royal Victoria Infirmary (www.chroniclelive.co.uk)
  3. ^ Freeman Hospital (www.chroniclelive.co.uk)
  4. ^ South Tyneside District Hospital (www.chroniclelive.co.uk)