Following the publication of the second draft of the Investigatory Powers Bill, techUK has pulled together a summary of the changes that have been made. These relate to recommendations made by the three committees that scrutinised the bill. Privacy Committee recommendations: The Intelligence & Security Committee called for an entire section of the Bill dedicated to addressing privacy safeguards, clearly setting out the universal privacy protections which apply across all the investigatory powers. Key changes: Part 1 now contains a short overview of the safeguards throughout the Bill. This doesn’t go as far as the ISC’s recommendation that privacy protections…
ISBuzz Team
A flaw in the Oracle database listener, if not mitigated, could allow an attacker to take complete control of an Oracle database through an attack known as TNS Poison Attack. This vulnerability is remotely exploitable without authentication credentials. This classic man-in-the-middle (MITM) vulnerability has been published as security alert CVE 2012-1675 and received a CVSS base score of 7.5. It impacts confidentiality, integrity and availability of the database. Joxean Koret discovered this vulnerability in 2008 and publicly disclosed in 2012. TNS Poison Attack vulnerability exploits Oracle listener’s database service registration functionality. Oracle database users connect to the database services through…
Following the publication of the revised Draft Investigatory Powers Bill, which proposes service provider companies store even more personal data to be accessed by the authorities. Experts from 8MAN and teckUK have the following comments on it. Jens Puhle, UK Managing Director at 8MAN: “By expanding the collection of web browsing data and other information, the amount of data that needs safeguarding when Draft Investigatory Powers Bill is signed off is massive. Companies like BT and Sky will be required to store and protect considerably more customer data than their current operations. “All eyes are on how the authorities will…
The first ransomware of Apple Mac computers has targeted users this weekend. An Apple representative said the company had taken steps over the weekend to prevent attacks by revoking a digital certificate from a legitimate Apple developer that enabled the rogue software to install on Macs. The representative said he could not immediately provide other details. The malware is programmed to encrypt files on an infected personal computer three days after the original infection, according to Olson. That means that if Apple’s steps prove ineffective in neutralising malware that has already infected Macs, the earliest victims will have their files…
Building Online Communities: Deeplearning4j We asked Adam & Chris, the founders of Deeplearning4j — first commercial-grade, open-source, distributed neural net library written for Java and Scala, with one of the most active communities on Gitter — to share their thoughts, experiences and lessons learned on open source community building. Find out what they say and check out the deeplearning4j channel on Gitter. Tell us about a little bit about yourself and the Deeplearning4j community. How did it all begin? We started building Deeplearning4j in late 2013. Adam had been involved with machine learning for about four years, at that time, and deep artificial neural…
Today’s modern CRM systems are vital to your business’ success. CRM data now holds every aspect of your business’ proprietary information from corporate intelligence to sales data; as well as your customers’, from buying patterns to PII. A data breach to your CRM could be devastating to your organization resulting in lawsuits or irreparable harm to your brand’s reputation and customer trust. With so much at stake, here is what you need to know to protect your CRM. The Value of CRM Data Today’s modern CRM systems contain data that is invaluable. These systems hold significant information about corporate intelligence,…
There are a lot of security myths about cloud security needed to be clarified. One is that a lot of people think that as soon as they give something to the cloud, they do not have to worry about compliance with security. That is absolutely not correct. If you are a business, your clients are looking at you for security. Whether you go to the cloud or you do it internally using your private infrastructure, that doesn’t change your responsibility in terms of who owns compliance to security. There needs to be a very clear demarcation line. The second myth…
When most people are asked to think of a wall of fire, they might think of the pyrotechnic scene on any first-rate metal band stage, but unfortunately, firewall protection services aren’t quite like all that. That’s not to imply, though, that they aren’t terribly important or that meltdowns caused by failing to ensure proper firewall protections can’t be as damaging as a direct blast of a flame thrower. Firewalls adopt their name and function directly from physical structures that stand between danger, often fire, and fragile stuff, like your face. Computer firewalls do bear some similarity to their real-life counterparts.…
Cloud fan-out effect shows attackers use sync and share to propagate threats Netskope, the leading cloud access security broker, today announced the release of the February 2016 Netskope Cloud Report™ on enterprise cloud app usage and trends. According to the report, the fourth quarter of 2015 saw the highest number of cloud apps in use in all enterprises to date. On average, employees used 769 different cloud apps within a given enterprise organisation, a 26.5 per cent increase from the previous report. In addition, the report found that 4.1 per cent of enterprises have sanctioned cloud apps laced with malware,…
Kaspersky Lab experts have detected Triada, a new Trojan targeting Android devices that can be compared to Window-based malware in terms of its complexity. It is stealthy, modular, persistent and written by very professional cybercriminals. Devices running the 4.4.4. and earlier versions of the Android OS are at the greatest risk. According to the recent Kaspersky Lab research on Mobile Virusology, nearly half of the top 20 Trojans in 2015 were malicious programs with the ability to gain super-user access rights. Super-user privileges give cybercriminals the rights to install applications on the phone without the user’s knowledge. This type of…