CYBER NEWS - European Champions Alliance
6426
post-template-default,single,single-post,postid-6426,single-format-standard,ajax_fade,page_not_loaded,,qode_grid_1300,footer_responsive_adv,qode-content-sidebar-responsive,qode-child-theme-ver-1.0.0,qode-theme-ver-10.1.1,wpb-js-composer js-comp-ver-7.6,vc_responsive,elementor-default,elementor-kit-6046,elementor-page elementor-page-6426
 

CYBER NEWS

21 May CYBER NEWS

Posted at 10:33h in Cybersecurity by

CYBER NEWS :

EUROPOL, the criminal investigation Agency, is reported to have suffered a cyber-attack resulting in a big data leak.

According to SESAME IT, a French threat detection vendor, IntelBroker, a cyber criminal, claims it has succeeded to infiltrate EUROPOL and other EU bodies specialized in security, investigation and justice. IntelBroker says they have stolen a lot of confidential data. Waiting for confirmation (or not).


Reports of more DDoS attacks 

According to a Netscout report, the number of DDoS attacks (by mean of massive flows of requests on DNS servers) is significantly higher. Two motivations appear : political (probably linked to state services, such as Russian campaigns against countries supporting Ukrainia), and malicious competition aiming at disturbing a competitor’s activity.

DELL hit by a cyberattack, customers data have leaked

Who knows Menelik ? This is the nickname of the hacker who claims to have stolen millions of customer data by cheating a Dell portal dedicated to partners. Even worse, the hacker says he has proceeded by two succeeding attacks, the second one resulting in the capture of telephone numbers.

 

RECOMMANDATIONS

Our partner CYBERUN has published a smart White paper on the “why and how” to sensibilize staff to cybersecurity issues. Among other ideas :

– Sensibilisation is all but a one shot activity. Like Quality, it must be a permanent effort to improve behaviours and reflexes.

– management should fix measurable objectives (again, as for quality) and … measure the results.

– software tools exist, you can rely on them for instance to organize a “white-phishing” campaign, measure the results, and sort out which population has clicked on the malicious message.

– correctly managing identity and access rights is more and more important, as our information systems are so connected. 

– even when a software tool is known to include some vulnerabilities, most users end up “hoping that” the vulnerability will not be exploited …No need to say this doesn’t work.

– another way to enhance sensibilization is to resort to cyber wargames. These tools have a different objective than pen-testing, as they help modifying the behaviour of staff.

Finally, Cyberun exposes a number of criteria to help decision-makers choose the appropriate tools to help them sensibilizing the employees.

 

XM CYBER a subsidiary of Schwarz Group, has published a survey on misconfigurations in the Cloud, leading to open doors for hackers

According to this survey, most vulnerabilities are due to bad organization of Identity checks and of access rights. This comes as a major problem as more than 50% of companies and organizations’ data are now hosted in the Cloud. Hackers exploit defaults which are embedded in each large provider’s system. Hence the necessity for users to resort to tools looking for such misconfigurations and proposing remediation actions. MITIGANT, a member of the ECA exactly provides this sort of tool.

 

ANSSI to keep an eye of software defaults

The French cybersecurity Agency has been tasked to monitor new software vulnerabilities. A new rule has been issued, by which all software vendors producing or just delivering software tools in France have to report ANSSI defaults having a possible significative impact on cybersecurity.

 

ANSSI & BSI extend their agreement on mutual certification recognition

On May 15, 2024, the German and French national cybersecurity Agencies have agreed to extend their initial agreement, regarding mutual recognition of the French CSPN (1st degree security certification) and the German BSZ (Accelerated Security Certification). The agreement relies on the EU standard EN 17640, which defines the methodology to follow to certify IT and Communication systems. This agreement is widely seen as paving way to further European harmonization in the context of the Cyber Security Act (CSA).

 

STRATEGIC SECTOR CONTRACT

After two years of work,  the French sector “Trusted digital solutions” has its framework, with a strategic sector contract signed. Among others, this document exemplifies the link between trust and sovereignty, and underlines the responsibility of public and private purchasers.

ACN publishes a memo regarding the EU Parliament coming election

ACN (Alliance for Trust in Digital), a French professional union of cybersecurity actors, has issued statements on the occasion of the coming EUP election. Among others, ACN pledges for a Buy European Trust Act by which at least 50% of public orders in Europe should go to European trusted solutions.


SMEs, the unfortunate segment of Cybersecurity ?

According to new reports, SMEs are still un-at ease with Cybersecurity, precisely at a moment when hackers are turning their eyes onto this segment. Among concerns are the lack of resources, and when available, of time to simply manage the different tools which are proposed to them. A good answer might come from those vendors that provide unified systems to cover the needs of SMEs and stop the threats they are exposed to. The question is : what is a unified system? If it’s simply a collection of different tools poorly linked, even if sold as a bunch, the progress will be little. The SME’s CISO, or the service provider it resorts to, should be able to manage all tools seamlessly with one administrator interface. A need that members of the ECA are trying to fulfill. Interested by the subject ? : please send us contributions !

 
Print page
Léa Terrier
leaconseilencom@gmail.com