HID Global Unveils Signature Line of Readers, HID Signo; Unlocks A New World of Open, Connected and Adaptable Access Control
HID Global Extends Passwordless FIDO2 Authentication Throughout the Workplace
HID Global Recognized as a Microsoft Security 20/20 Partner Awards Finalist in Identity Trailblazer Category
Frost & Sullivan: Amid an evolving global risk landscape, Taiwan vendors redefine cybersecurity innovation
Irdeto and VOXX Automotive Bring Simple and Secure Key Management to Fleet Owners
The Quantum Internet Is Within Reach: Secure Communication Between Quantum Computers Implemented
Radiflow and Asset Guardian introduce joint solution to enrich industrial asset monitoring and risk assessment
Internet Society’s Online Trust Alliance Reports Cyber Incidents Cost $45B in 2018
Versa Networks Achieves NSS Labs Recommended Rating in the 2019SD-WAN Group Test with its Security-Enabled SD-WAN
QNAP Announces Limited-Time Special Offer of McAfee Antivirus for QNAP NAS at Computex 2019
-
InfiNet Wireless partners with Maicrotel SAS to complete major security overhaul at South American port
InfiNet Wireless, the global leader in fixed broadband wireless connectivity, has successfully completed a radical overhaul of a local port security system in South America. Puerto de Mamonal, Cartagena, Columbia, has become the first sea terminal to adopt InfiNet Wireless technology as part of a project to showcase the diverse range of environments it can operate in. In partnering with Colombian communications solutions provider, Maicrotel SAS (Maicrotel), InfiNet Wireless technology successfully delivered a comprehensive modern wireless solution to enhance the security measures of the port. The solution entailed an InfiNet Wireless point-to-multipoint network, with security cameras, cabinets, transmission radios, data security and Wi-Fi network transmission. The monitoring of and provision of security of the port’s 310,000 m2 territory, was extensively enhanced by the solution, which covered more than 240,000 m2 of storage area used for many types of merchandise. Due to the sensitive nature of the port’s operations and the commercial value of the diverse range of goods handled on-site, it was of the utmost importance that an effective CCTV system was implemented to control the operations inside the port and to monitor the handling of merchandise. “The port security staff have been highly impressed by the system – the wireless solution delivers all of the closed-circuit audio and video data from the port to the control center 24 hours a day,” said José Arsenio Galvis, head of Puerto de Mamonal. “We have had a timely response and the result of the implementation has been impeccable. It has allowed us to have a reliable control system, in addition to complying with the safety regulations that underpin the effective operation of the port terminal.” “InfiNet Wireless’ security system has also given the port the confidence to expand its area of operations and further investment in this state-of-the-art solution to safeguard the port is expected,” added Galvis. By enabling the monitoring of the handling and logistics of the merchandise, control staff had the tools to prevent theft and drug trafficking in the terminal. This system is made up of technological solutions such as radios, cameras and data, making it easy to monitor movements and the handling of merchandise from the control center. A system of physical protection and data protection was installed, with optimal connectivity, to safeguard port activity. This includes a video surveillance system, the design of which was tailored to cater the critical conditions of the management and the processing of goods. “This successful implementation at Puerto de Mamonal demonstrates the immense versatility of InfiNet Wireless’ solutions to operate in a variety of markets and conditions,” said Carlos de Lamadrid, head of LATAM region at InfiNet Wireless. “Given that this was the first time deploying our solutions at a seaport, the transition was seamless, and the operational efficiency has been flawless since. We look forward to seeing more projects like this rolled out in the future and for new regions around the world to benefit from what we have to offer.”
-
HID Global Teams with The World’s Top Turnstile Manufacturers to Bring Mobile Access to Lobby Security
HID Global, today announced that it has teamed up with six of the world’s top turnstile manufacturers who have tested and certified HID’s Mobile Access® as part of their commitment to a mobile future. Major turnstile manufactures exhibiting at this year’s ISC West exhibition, namely Alvarado, Automatic Systems, Boon Edam, Gunnebo, Orion Entrance Control and Smarter Security, have integrated the new Essex Electronics iROX-T with embedded iCLASS SE® technology from HID. Each company will showcase mobile access in their booths to illustrate how mobile is upping the convenience factor at the turnstile. “Leveraging mobile and cloud technologies at every access point, from turnstiles and elevators to doors, is a crucial part of creating a truly connected security experience in today’s smart building,” said Michael Chaudoin, Vice President of Product Management and Marketing, Extended Access Technologies business unit with HID Global. “HID Global and Essex Electronics are making this vision real by solving the challenge of increasing turnstile security with a solution that enables secure access using credentials provisioned to a user’s mobile phone. This will help people move more efficiently through the hustle and bustle of busy building lobbies.” Already certified with the six turnstile manufacturers, the Essex Electronics iROX-T reader with HID’s embedded iCLASS SE® technology supports Bluetooth Low Energy (BLE) and Near Field Communications (NFC) for mobile access and optional OSDP for secure communications. It is also interoperable with smart cards, HID’s 13.56MHz Seos® credentials, iCLASS SE, iCLASS®, and other high frequency formats. Garrett Kaufman, President of Essex Electronics, added, “Building on our successful launch of the iRox-T, the latest integration of BLE, NFC and OSDP illustrates the reader’s ability to streamline upgrades in order to meet the demands of today’s mixed credential environment that is increasingly incorporating mobile IDs on smartphones.” See HID Mobile Access in action at ISC West 2019 Visit HID Global in Booth #11063 and the following turnstile manufacturers to see live demonstrations of HID Mobile Access at ISC West from April 10-12, 2019 at the Sands Expo in Las Vegas. Alvarado Booth #12101 Automatic Systems Booth #2065 Boon Edam Booth #8037 Gunnebo Booth #4077 Orion Entrance Control Booth #5065 Smarter Security Booth #21117
-
‘Ransomware’ and ‘Cryptojacking’ Mining Cryptocurrency Declined, While ‘Formjacking’ Stealing Credit Card Information Increased
Cybercriminals are always wondering about get-rich-quick schemes, that is, how much money they can earn quickly. Cybercriminals have been using cryptojacking to mine cryptocurrency and ransomware to demand money. Recently, however, they are turning their attention to formjacking, a method of stealing credit card information. Cryptojacking, which is the most common way for cybercriminals, is the process of mining cryptocurrency using the processing power of the target computer and cloud CPU usage. With the attention of bitcoin, the notion of cryptocurrency has attracted great popularity. In addition, cybercriminals favored the cryptojacking technique of extracting cryptocurrency by planting malicious codes. However, according to a recent ISTR report released by Symantec, the value of the cryptocurrency ‘Monero(XMR)’ has fallen to 90%, and the cryptojacking peaked at the beginning of 2018, but showed a 52% decline throughout the year. As the adoption of cloud and mobile computing has increased, both the effectiveness of attacks and the profit have fallen. However, cryptojacking should not be ignored as it is still attracting attackers with low entry barriers, minimal overhead and guaranteed anonymity. At the same time, ransomware also shows a decline in overall attack activity and in profit. The number of infections by ransomware fell 20% last year, down for the first time since 2013. However, in 2018, the number of ransomware attacks against enterprises has risen by 12%, showing a contradiction to the overall downturn, which is a constant threat to them. In fact, more than eight out of ten ransomware infections are affecting the enterprises. Furthermore, the ransomware is evolving. Ransomware is mainly targeting enterprises through e-mail with office files. The reason why enterprises are targeted is that they typically use Windows, do not back up important files well, and there will be a lot of profit when the attack succeeds. The certain ransomware families, such as a wanted SamSam, usually attack with a lot of ‘PowerShell’ scripts and mainly target medical institutions and local governments. In 2018, they already attacked at least 67 agencies, and the amount of extortion is estimated to reach $6 million. According to the latest annual report of the IBM X-Force security research, the number of cryptojacking is more than double that of ransomware, as the ransomware attacks were greatly reduced last year. While the attempts to install ransomware on devices in the fourth quarter of last year were declined 45% from the first quarter, the increasing rate of cryptojacking attacks grew to 450%. The industries that received the most cyber-attacks include finance (19%), transportation (13%), service (12%), distribution (11%), and manufacturing (10%). ▲ Cryptojacking is on the decline, but it cannot be ignored. As cryptojacking and ransomware are slowing down, a new form of crime has emerged among cybercriminals, which is ‘Formjacking’. Formjacking is a virtual ATM skimming that steals financial and personal information of individual users through card information and credit card fraud on online purchasing sites. According to Symantec’s reports, on average, over 4,800 websites appear to be infected with formjacking codes every month. It is estimated that cybercriminals will make at least tens of millions of dollars in revenue in 2018 in underground markets such as ‘Dark Web’. Information that was hijacked by formjacking is sold for up to $45 for one credit card. In the case of British Air, where more than 380,000 pieces of credit card information were leaked, the offenders are expected to earn more than $17 million. Individual users cannot know whether visited online sites are infected without using a security solution, so their risk of identity theft and personal and financial information are likely to be exposed. For companies, the risk of attacking the supply chain as well as the risk of reputation or legal liability experienced during infection is increasing. Formjacking, which is continuously on the rise, is expected to continue in 2019 and beyond. Cybercriminals are constantly intellectualizing and diversifying their methods of attack. Cryptojacking, which has been crammed with cryptocurrency, but the attack rate has fallen by 52% when the value and attack effect have fallen, and also ransomware has an attack pattern concentrated on enterprises that suffer greater than individuals. Though the attack has diminished, cybercriminals have evolved to develop more intelligent techniques and to use various other methods, such as formjacking, to launch various attacks. In addition, the number of formjacking has increased, making cybercrimes more likely to occur to ordinary users who are not related to cryptocurrency or enterprise computers. Even ordinary users who have been excluded from the target cannot easily know whether they have been infected after making a payment on their website. In the United States, the structure of online shopping is easy and fast based on JavaScript, making it easy for cybercriminals to do formjacking. Korea seems to be relatively safe because it has a different payment method and does not use JavaScript, but it has to be noted that recently cases of overseas direct purchase have increased and damage cases are increasing rapidly as well. As the attacking method is becoming more intelligent and diverse, users are advised to recognize and prevent the danger. In addition to the aforementioned cryptojacking, ransomware and formjacking, in 2019, security will be important in various aspects such as clouds, 5G and IoT devices. Users need to avoid crybercrimes as intelligent as the cyberciminals through improving their security awareness and getting more comprehensive training on threat limitations and corrective actions. ▲ Formjacking is emerging as a new information extortion method.
-
telent and Innaxys launch first UK-centric digital evidence management solution to cut police costs and increase conviction rates
telent today launched a pioneering digital evidence management solution which could potentially save police forces millions of pounds per year. Jointly developed with UK-based specialist policing software application provider Innaxys and in conjunction with emergency services across the country, telent’s digital evidence management solution is designed to specifically meet the needs of UK police forces. It provides 100% UK sovereignty of the storage of digital evidence with all data encrypted and held securely on telent’s Public Services Network (PSN) accredited and UK-based cloud platform. Addressing the increase in digital evidence, such as CCTV footage, photos and videos recorded by the public, and body camera and dashcam clips, the solution will significantly reduce the time officers spend physically collecting CCTV images and enable faster analysis and processing of evidence. Police forces will also be able to securely share evidence with the criminal justice system to ensure evidence cannot be misplaced, lost or damaged, reducing court case adjournments and delays. A proof of concept has already been successfully delivered, with the first live deployment currently in the final stages of user acceptance testing ahead of its planned go live date later this year. While specific cost savings will be proportional to the size of individual police forces, a medium sized force has estimated that the solution will save 2,100 officer shifts per annum. The same force also believes a 50% reduction in court case adjournments can be achieved through the solution’s secure sharing of digital evidence. “Jointly with Innaxys we have developed this solution in consultation with UK police forces specifically to address the challenges faced by officers collecting data in the modern policing age where there has been a huge increase in public and business CCTV use,” said Barry Zielinski, General Manager Public Safety & Defence at telent. “This is combined with a proliferation of smartphones, dash cams, social media and body worn cameras, creating both opportunities and challenges for policing. This solution helps officers efficiently collect, manage, store and share these new digital evidence sources. It will save officer time collecting images, reduce court case adjournments and ensure the security of digital evidence by eliminating the risk of it being destroyed, tampered with, lost or even left in public places.” telent’s solution follows the CoPaCC/Police ICT User Perspectives 2018 report, which is based on a survey across UK police forces. This research highlights concerns regarding the management of digital evidence, stating that urgent action is required to manage the proliferation of digital evidence and replace current time consuming and insecure processes. The solution is available via a national police procurement framework and forces which choose to use the solution will be provided with management options for each digital asset or piece of evidence, including who has access, how long they have access, and what metadata about the evidence is shared. When collecting evidence from members of the public, the force can email a link which lets people securely upload their footage from anywhere with an Internet connection. The solution also integrates directly with the Digital Evidence Transfer System (DETS) which will link police forces to the criminal justice system. DETS was also developed by Innaxys and is currently being trialled by the Home Office in conjunction with five police forces across the UK. It is expected to be mandated by the Home Office for use by all police forces in 2020. Jean-Claude Lafontaine, CEO at Innaxys, said: “Through the digital evidence management solution, the time and cost of collecting evidence from the public is massively reduced. Such a system will become more and more necessary in the future, as digital evidence continues to grow and officer resources are put under increasing strain.” Additional key benefits of telent’s digital evidence management solution include faster processing and sharing of digital evidence with suspects which will reduce “no comment” interviews and ensure criminals are brought to justice faster. Providing more efficient analysis and management of digital assets is particularly important for larger and complex investigations. Simple crowd sourcing of phone and dash cam images for both minor incidents and major terrorism incidents will also be made possible, while police forces’ reputation will be protected due to the solution eliminating the risk of digital evidence being destroyed, tampered with, lost or left in public places. “In the context of legacy IT systems, budget cuts and increasing demand for frontline policing, this solution is exactly what’s required to ensure that the UK’s police forces have a cost-effective solution that will them see them well into the future and supplement the incredible work that they do,” added Barry Zielinski at telent.
-
Ziften Announces Rapid Adoption of its Cloud-Delivered Endpoint Protection Plus Visibility and Hardening Platform (EPP+)
Ziften, a leader in endpoint protection plus visibility and hardening, today announced the rapid adoption of its EPP+ platform. Ziften is the first cyber-security platform that provides one agent for all endpoints – laptops, desktops, servers and cloud – preventing a full-range of cyber-attacks by addressing all 3 phases of the endpoint security continuum – attack protection; threat analysis, response and remediation; and proactive endpoint posture hardening and hygiene. Enterprise security buyers have quickly recognized the value of this full continuum EPP+ approach which is fueling Ziften’s business successes in 2018 and now into 2019, including: 130% increase in monthly sales velocity – for the 2H of 2018, after its August EPP+ product release. 100% growth in 3-year purchase agreements – for the 2H of 2018 as enterprise customers lock into longer term EPP+ contracts. Rapid upturn in early 2019 channel led sales – through indirect resellers, managed security service providers, and OEM arrangements. “As a strategic IT planning and security solutions provider, we’re thrilled to include the Ziften Zenith endpoint protection suite of capabilities into our offering for our customers”, said Jon Craig, Chief Information Security Officer, Black Bottle Security. “Ziften’s endpoint protection plus full visibility is an absolute differentiator and allows us to deliver a full-set of endpoint security capabilities with a single agent for all our customers’ endpoints including Windows, Mac and Linux.” Additionally, Ziften is participating at the RSA Conference at the Moscone Center in San Francisco this week and will be: Providing demonstrations of its EPP+ platform at booth #1149 in the South Hall. Jointly presenting on “The Lost Boys: How Linux and Mac Intersect in a Windows-Centric Security World” with German IT services and solutions partner Sepago, on Wednesday, Mar 06 at 01:30 - 02:20 P.M. in Moscone West 3001. "We’re thrilled to see the quick uptick in customer acceptance of our new EPP+ endpoint security model”, said Mike Hamilton, Chief Executive Officer, Ziften. “I believe Ziften’s the only endpoint security vendor to provide full-featured endpoint protection plus continuous endpoint monitoring and posture hardening. And although our focus on process, technology and discipline is now paying off for Ziften, we have more exciting announcements to come and continue to be hyper-focused on accelerating our innovation for our customers, partners and service providers.”
-
JASK Enhances Multi-Cloud Monitoring Capabilities in ASOC Platform
JASK today announced new dynamic multi-cloud visibility and workload monitoring features that extend its leadership position as the market’s first cloud-native SIEM. The enhanced capabilities include advanced analytics expressly designed to process the constantly changing, high-volume data unique to AWS and Microsoft Azure cloud environments. JASK will demonstrate these capabilities at RSA Conference in San Francisco, March 4-8, 2019. JASK is a SIEM in the cloud, for the cloud. The ASOC platform was built in AWS by some of the world’s foremost architects in cloud-native development, including Rob Fry, VP of Engineering at JASK and former lead architect for cloud security at Netflix – the largest public cloud-native company in the world. As a result, JASK ASOC uniquely understands what cloud data to monitor and how to monitor it. “Legacy SIEM products were designed for use cases and include analytics for traditional on-premises architectures,” said Fry. “The methodologies that power these SIEMs to analyze on-premises data streams from firewalls, proxies and hosts don’t apply to cloud data. With integrations and analytics built for both AWS and Azure, JASK ASOC provides organizations with unprecedented visibility into cloud environments because it understands how to monitor cloud data, where workloads may come and go within hours or minutes and clusters it with on-premises data to streamline analyst workflows.” As a cloud-native platform, JASK ASOC fully leverages the elastic capabilities of cloud computing, such as horizontal-scaling data-ingestion pipelines, to ensure it scales to handle any data volume that customers desire. The cloud also affords JASK the processing power necessary for the analytics that provide automated alert triage, ensuring seamless monitoring of both cloud and on-premises infrastructure in a single platform. JASK ASOC now includes integrations with AWS CloudTrail, AWS GuardDuty and VPC Flow Logs to ingest, aggregate and analyze dynamic workload information about user activity, malicious behavior and IP traffic as part of JASK Insights. For example, JASK ASOC can correlate an alert about an open S3 bucket with information about who opened it and who accessed it to tell security analysts a story about what happened with S3 and address the issue immediately. JASK ASOC also fully supports the Microsoft Graph Security API to ingest a robust set of Azure cloud data and information related to Microsoft users, applications and events into its advanced SIEM platform. Through this support, JASK uniquely integrates with Microsoft Azure Event Hubs to stream millions of events per second from OneDrive, Exchange, Azure Active Directory and Office 365 to the ASOC platform for processing, correlation and analysis.
-
QNAP Releases QVR Pro Unlimited Playback for Playing Recordings Older than 14 Days
QNAP® Systems, Inc. today released QVR Pro version 1.2.1 with selectable license plans that fit diverse needs. While the existing QVR Pro Gold provides the full range of QVR Pro’s advanced features for business users, the new QVR Pro Unlimited Playback is for users who need to play back recordings older than 14 days via the QVR Pro Client. A single Unlimited Playback plan can be used for all of the channels on one NAS unit. “QNAP provides flexible QVR Pro license plans for different surveillance scenarios, allowing users to build their surveillance solutions based around their individual requirements and budgets. In addition to the included eight camera channels, business users can purchase QVR Pro Gold to take full advantage of QVR Pro's advanced features. SMB and Home users can now consider purchasing Unlimited Playback or purchase extra camera channels to extend their monitoring channels,” said Alan Kuo, Product Manager of QNAP. Where to buy : QNAP License Store, QTS License Store > License Store Availability : QVR Pro 1.2.1 can be downloaded from the QTS App Center.
-
SK Infosec EQST Regular Media Day : IoT Hacking and Privacy Invasion
On the morning of January 30th, SK Infosec held EQST regular media day at Ferrum Tower in Jung-gu, Seoul. The media day was held by SK Infosec to show the hacking demonstration and presentation on the theme of IoT (Internet of Things) hacking and privacy invasion. The officials including Jae-woo Lee EQST group leader, Tae-hyung Kim EQST Lab chief and Hyung-wook Jang EQST group and Lab expert member attended the event. EQST is a security expert group of SK Infosec, which is involved in cyber threat analysis and research as well as responding to security incidents at the actual hacking incidents. In addition, the announcement of this day cited the results of domestic and overseas institutions' investigation and warned of the explosion of IoT devices and the risk of hacking on home IoT devices. ▲ SK Infosec’s EQST regular media day was held. ▲ Tae-hyung Kim EQST Lab chief got the presentation. According to the announcement, the number of devices connected to the Internet worldwide exceeds 17 billion in 2018. Among the 17 billion devices activated, the number of IoT-related devices reached 7 billion, and in 2025, it is expected to exceed 20 billion. As a result, the number of new vulnerability reports and rewards in Korea is on a year-on-year increase. Specifically, in 2018, 80% of IoT attacks were Satori and Mirai botnet. Mirai botnet operates in the way of scanning and accessing IoT devices with malicious administrator accounts, spreading malignant codes, and generating a DDoS (Distributed Denial of Service) attack with a massive botnet consisting of IoT devices. According to Mirai botnet’s analysis of the degree of infection by country, Korea was ranked as 8th place with 4%, but it is never safe since Japan, which has larger area than Korea, showed lower percentage. Mirai botnet is not a new method but an existing method, but IoT devices are vulnerable and can be easily attacked by Mirai botnet. Moreover, the survey on information protection in 2017 said that the most popular products for domestic IoT users are smart home devices and the key concerns were the increase in management vulnerabilities, threat of personal information infringement, and the strength and possibility of cyber-attack. The IoT devices with insufficient security can be used as a tool for hacker’s attack by being accessed through the system with account information that can be acquired from the Internet. In fact, it was introduced that it is easy to acquire IoT device administrator account information simply by searching 'default password' on a portal site. Next, the cases of privacy invasion through IoT hacking were introduced. First, the cases of stealing private video files through the unauthorized remote access to IP cameras with the acquired information from web server hacking were mentioned. For example, there was a case of hacking home IoT devices for companion animals, which had a lot of problems last year, or hacking baby monitors installed for babies in the United States. There was also a case of hacking a smart toy with a microphone or speaker to remotely control the device and steal personal information stored in the server. Furthermore, at the beginning of this year, there was another case that the door was opened by a hacker through hacking the signal occurred when the digital door lock is opened. ▲ Domestic new vulnerability reports/awards are on a year-on-year increase, and 80% of IoT attacks in 2018 were found to be Satori and Mirai botnets. ▲ The privacy invasions through IoT hacking were presented. The cases of webcam hacking were announced. As hacking cases of webcams such as laptop cameras and CCTVs increased, the Ministry of Science and ICT conducted a monitoring service, resulting in a sharp decrease in the number of cases from 3,568 in the first quarter of 2018 to 256 in the third quarter. The continuous monitoring by government has reduced the number of webcam hackings, but many images are still being exposed in real time. The first example is the Russian ‘Incecam’ site. Incecam collects pages that do not change the default setting values such as administrator ID and password through GHDB&Shodan in the site, so that it can view CCTVs of the country in real time through the weak webcam list in the main homepage. In addition, it discloses information about CCTVs using the fact that there is no authentication procedure in the CCTV management mode. Moreover, IP Scanner, which scans the neighboring IPs for accessing and manipulating vulnerable webcams after logging in through the unchanged default settings, such as administrator ID and password, was introduced. Likewise, there was a case of stealing webcam recording files by accessing with ID, password, and telnet service through port scan after accessing unchanged open AP (webcam for server storage) and determining the IP that is currently using webcam. EQST recommended setting a different secure password for each webcam product and performing regular firmware updates for webcams and AP devices as security measures for these IoT devices. In addition, EQST introduced ‘IoT product security certification service’ from KISA, and proposed to follow ‘mandatory setting and change of initial password for IP camera and CCTV’, which will be implemented from February. Tae-hyung Kim EQST Lab chief said, “As Web services evolve, hackers enjoyed making money by hijacking personal information, and the growing number of IoT devices has become an interesting content for these hackers. So, the spread of 5G is expected to lead to more intrusive privacy violations in our lives. Although there are many types of webcam hacking, it is important to remember that simply changing the password greatly reduces the risk of hacking, since most hackers target at the devices with default administrator and password setting.” What’s more, the case of Dark Web was introduced – it is accessible only with certain software such as Tor (The Onion Routing) and it cannot be accessed through a normal browser or domain. As a result, contract murders, drugs, illegal video distribution, and illegal transactions take place, and the invasion problems including personal information and video of famous foreign celebrities, IP camera hacking video, and webcam arise. Lastly, Jae-woo Lee EQST group leader announced that EQST will progress security for expanding IoT diagnosis area and systematizing. Through security consulting on IoT devices, EQST will analyze IoT environment, identify threats according to information protection areas, analyze and evaluate risks, and demonstrate security solutions through simulation hacking. Moreover, a guide to security consulting and mock hacking will also be provided. As for DSaaS service, industrial safety services and power/energy/building facility management services will be offered. ▲ According to the monitoring service by the Ministry of Science and ICT, the number of webcam hacking has dramatically decreased. ▲ Jae-woo Lee, EQST Group Leader ▲ EQST announced that it will carry out security for expansion of IoT diagnosis area and systematization.
-
HID Global and Phunware Collaborate to Improve Wayfinding for Patients and Visitors within Hospitals
HID Global®, a worldwide leader in trusted identity solutions, and Phunware, Inc. (NASDAQ: PHUN), a fully integrated enterprise cloud platform for mobile that provides products, solutions, data and services for brands worldwide, today announced their collaboration to improve the experience for hospital patients and visitors to find their way within medical facilities, using wayfinding on their mobile phones. Wayfinding is indoor navigation to guide a person step-by-step on the way to a desired destination. “The combination of Phunware’s market-leading wayfinding and mobile engagement capabilities with innovative HID Location Services will ultimately revolutionize wayfinding within healthcare institutions,” said Phunware co-founder and CEO Alan S. Knitowski. “It’s easy for visitors and patients to get lost in hospitals, and every time they do it puts appointment times and patient satisfaction at risk. With our location-aware app on a mobile device, we equip the visitor to get instant, turn-by-turn navigation that creates a better experience than that which is currently available on the market.” Phunware and HID are addressing the need of healthcare institutions to deploy standardized technology to provide a better wayfinding and visitor engagement experience inside the hospital, across campus and even in parking lots. “Wayfinding is one more application that we are integrating into HID’s unified healthcare IoT solution to make it easier for healthcare systems to manage a growing demand for automated and streamlined experiences,” said Rom Eizenberg, Vice President of Sales, Bluvision, part of HID Global. “With HID technologies, we have changed the location-aware landscape, delivering location as a service. Now, healthcare organizations can easily lay out the foundation for IoT applications, such as wayfinding.” HID’s healthcare IoT solution-enablement platform simplifies the delivery of real-time location of clinicians, patients and devices. The platform is enabled by Bluvision (part of HID Global). Phunware’s Multiscreen-as-a-Service (MaaS™) platform also provides enterprise-level mobile wayfinding, engagement, data and more for other vertical markets, including retail, residential, hospitality, media and entertainment and more.
-
The international reference guidelines for assessing information security controls have just been updated to help
For any organization, information is one of its most valuable assets and data breaches can cost heavily in terms of lost business and cleaning up the damage. Thus, controls in place need to be rigorous enough to protect it, and monitored regularly to keep up with changing risks. Developed by ISO and the International Electrotechnical Commission (IEC), ISO/IEC TS 27008, Information technology – Security techniques – Guidelines for the assessment of information security controls, provides guidance on assessing the controls in place to ensure they are fit for purpose, effective and efficient, and in line with company objectives. The technical specification (TS) has recently been updated to align with new editions of other complementary standards on information security management, namely ISO/IEC 27000 (overview and vocabulary), ISO/IEC 27001 (requirements) and ISO/IEC 27002 (code of practice for information security controls), all of which are referenced within. Prof. Edward Humphreys, leader of the working group that developed the standard, said ISO/IEC TS 27008 will help organizations to assess and review their current controls that are being managed through the implementation of ISO/IEC 27001. “In a world where cyber-attacks are not only more frequent but increasingly harder to detect and prevent, assessing and reviewing the security controls in place needs to be undertaken on a regular basis and be an essential aspect of the organization’s business processes,” he said. “ISO/IEC TS 27008 can help give organizations confidence that their controls are effective, adequate and appropriate to mitigate the information risks the organization faces.” ISO/IEC TS 27008 is of benefit to organizations of all types and sizes, be they public, private or not-for-profit, and complements the information security management system defined in ISO/IEC 27001. It was developed by ISO technical committee ISO/IEC JTC 1, Information security, subcommittee SC 27, IT security techniques, the secretariat of which is held by DIN, ISO’s member for Germany. It can be purchased from your national ISO member or through the ISO Store.
-
HID Global Launches Cloud Platform To Help Create a Worldwide Innovation Ecosystem for the Connected Workplace
HID Global, today announced the availability of its HID Origo™ cloud platform that opens a brand-new world of opportunities for partners to create more seamless and intuitive workplace experiences that are built on HID’s proven access control infrastructure. The platform combines HID’s technologies for mobile IDs (and location services in the future) with its expansive access control architecture to bring together physical security and a wide range of building applications, services and IoT use cases via a unified cloud experience. “HID Origo lays the foundation for a broad ecosystem of cloud-based access control technologies, products, services and business models that will accelerate workplace innovation; it dramatically increases our partners’ capabilities to create more connected and seamless building experiences for end users,” said Hilding Arrehed, Vice President of Cloud Services, Physical Access Control, with HID Global. “The platform will remove integration barriers between access control systems and smart building applications, and we will continue to expand its value with capabilities that further improve how people securely move through a facility and interact with its services.” The new platform provides an app-based innovation model that delivers a comprehensive suite of integration, enablement, developer tools and services geared towards simplifying how partners and a growing community of new developers and resellers bring access control solutions to market. Rather than requiring that entire solutions be developed and enabled one customer or site at a time, HID Origo will make it possible to develop new applications and integrated solutions for HID’s complete installed base of millions of access control devices and system—all at once. - How HID Origo Works The HID Origo platform embeds cloud connections and IoT functionality as app extensions into mobile devices, HID readers and controllers, and gives developers direct access to this hardware via HID Origo application programming interfaces (APIs) and software developer kits (SDK) already proven through HID’s mobile access solution. The platform also enables data analytics to be used for new capabilities, including remote reader configuration, predictive access control system maintenance and intent detection for more seamless and personalized workplace experiences. - Enabling New Business Models for Ordering and Managing Mobile IDs Today, the platform enables subscription-based services, with customers already taking advantage of the model’s simplicity. Examples include a deployment by a world-leading biotechnology company who has been an early adopter of HID Origo subscription services for ordering and managing mobile ID replenishment over the air when employees lose or must replace their smartphones. The company has replaced its traditional access control readers with 2,300 Bluetooth-enabled iCLASS SE® readers to support their mixed environment of 12,000 mobile IDs and 40,000 Seos ID cards. The subscription billing model offered through HID Origo makes it easier for the company to order and manage mobile IDs while improving forecasting, budgeting and reporting. It also streamlines transferring mobile ID subscription licenses across employees and registering multiple mobile IDs across multiple devices without any additional cost.
-
HP Labs Boris Balacheff Vice President had Media Group Interview in Korea
On January 14, 2019, at Millennium Seoul Hilton Hotel in Seoul, HP (HP Inc.) held a media group interview with Boris Balacheff, Chief Technologist for System Security Research and Innovation at HP Labs. At the interview, he introduced HP's view of security, countermeasures, and technologies. Currently, Boris Balacheff is coordinating security research on cyber physical system as well as personal device architectures in HP Labs. In addition to setting up technology strategies for the HP portfolio as a whole, he is also committed to academic collaboration and standard establishment in industry. On behalf of HP, Boris is participating in Trusted Computing Group (TCG) and Certification Program Committee, and is the founder of the first concepts. He has also been successful in smart card research and HP Trusted Computing research and has conducted cloud client security research to support the IT needs of cloud-based mobile customers. At the interview, he said that the starting point for the security of enterprise IT environments starts with 'devices', and the process by which companies select IT devices to use in addition to their network over the next few years is also a decision process in aspect of security. Furthermore, he emphasized that the ‘devices’ refers to all devices connected to the networks as well as the PC. And HP well understands the importance of this hardware-level security, continues to apply it to the product with ongoing research, and continues to work hard to keep the industry moving along with ongoing technology development. ▲ Boris Balacheff, Chief Technologist for System Security Research and Innovation at HP Labs Boris Balacheff stated that he has been committed to improving security at the interfaces of hardware and network, inventing key elements of early stage of trust computing technology, and designing the first version of the Trusted Computing Module (TPM). In addition to making these industry standards, Boris has taken a step further to study firmware security. Through this, he is striving to cope with the increasingly sophisticated attacks and to jointly design and respond to firmware and hardware security based on this. In hardware security, two primary vulnerable sources were mentioned. The first is that the number of devices is increasing, more and more users are using more devices, the interface between physical and mechanical world such as IoT is increasing, and new applications are emerging. Endpoint devices are used to create information, access information, and output information for users, and while there has been much effort in orchestration related to infrastructure security and cloud management security in an enterprise environment, the device environment has become more and more complex and more security-related solutions have been added. This also means that the attack surface and opportunities have increased for attackers. The second point is that devices are connected to more diverse networks in the IT environment. The workspace is changing to open space, and devices are connected to various types of wired and wireless connections anytime and anywhere, thereby weakening the security of the connection. In response to this situation, HP has been working on the overall situation of threat, and designing and developing products by analyzing where the attacks are taking place and where the attackers with what capabilities are active. Over the past several years, both the attackers and the security industry have been in a relationship of ‘cat and mouse’. Now, however, Boris explained that attackers are no longer willing to play hide-and-seek, and their attacks are showing attempts to attack at different levels, not software levels. There are two major types of attacks at ‘different levels’. The first is an attempt to penetrate deep into the system below the OS layer. In this case, if the intrusion works successfully up to the firmware level, there will be no software for detection or defense. Of course, this is not easy, but the reward will be great. It is expected that these attacks will not be done only on PCs. Another way to avoid detection of anti-malware solutions is to move to other devices on the network. And Boris introduced that HP has been working on a study of this possibility, since some of HP's businesses, such as printers and IoT devices, are connected to the network and are likely to be used in such attacks. Especially in recent years, printers are connected to almost all devices, and malware could be hidden in the network by sneaking into the devices such as printers that are less manageable or protected than PCs. In this case, it will be difficult to cope with traditional security solutions. In addition, expertise to attack firmware embedded in PCs and printers can be applied to IoT, etc., and various security-related conferences have been actively announced about attacks on printers. Whereupon, HP stressed that manufacturers are the only vendors that can respond to hardware and firmware security, and that solutions for software and network are not enough. In addition, security enhancements in terms of devices and firmware are becoming more important, so ‘HP SureStart’ technology for it continuously check whether firmware is falsified and prevent firmware tampered by malware attacks from running. Boris introduced that HP is securing resilience against attacks by applying protection, detection and recovery technologies from the hardware level in the design of enterprise-class appliances. On top of that, not only at the individual device level but also over the situation connected by network, management tools to ensure the integrity of devices are provided. Also, he emphasized that the starting point for corporates’ cyber security starts with 'devices', and the process of selecting IT devices that companies will use in addition to the network over the next few years is a process of decision in aspect of security. ▲ Boris Balacheff stated that technology-leading companies are responsible for proving and disseminating the technology. Q) (Acrofan) Recently, the area to consider regarding security is becoming wider. It seems that the movement to utilize ‘standard technology’ is becoming more prominent in the industry as a whole, focusing on cooperation among companies rather than the movement by a single corporation. For example, TPM is now used by a variety of manufacturers like the standard technology of the PC platform. In this case, it is unlikely to be differentiated from an individual corporation’s position. In this situation, what do you think about how can companies solve differentiation and verification of this differentiated technology? A) (Boris Balacheff) In terms of the quality of the security features we provide, verifying and demonstrating that the security features are working well is also a challenge in security. As a matter of fact, in the cases of TPM and TCG Group, we have tried to make various related programs. And not all TPMs are certified. However, HP only ships certified products. The review committee is also reviewing whether our assertions about security are well supported. In addition to the standard, it is not easy to prove the security features that we have differentiated, but we know that security is important at the hardware level. For instance, in the case of the 'HP SureStart' function, it is being certified by an external certification authority for microcontrollers and endpoint security controllers that are used to the function. In fact, in the position of an innovative company or leader in the industry, there are difficulties such as the burden of representing cutting-edge technology on behalf of the industry. It is also important to showcase new features and help industry follow. Although the process of the authentication is slow, it is slow and costly. But I think there may be other options besides the certification. HP also has internal processes for security technology, testing, and evaluation. Testing through external agencies is also important. In addition, HP announced the industry's first 'Bug Bounty' program for printers a few months ago. Because we have put a lot of effort into internal security technology, investment and development, we now think it is important to include outside experts. HP is testing more robust platforms internally. Nonetheless, HP believes certification is also very significant.
-
Imperva Korea Network Connectivity Hub Opening Press Conference
Imperva held a press conference at Oakwood Premier Coex Center Seoul Hotel in Gangnam-gu, Seoul on March 21, 2018. The event was organized to show how to protect a company's core business from the DDoS attack and the benefits of using a domestic DDoS Protection PoP, with the attendance of officials including Yong-hun Shin, Country manager of Imperva Korea, and Andrew Draper, Asia-Pacific area vice president for Imperva. “The goal of expanding the infrastructure in the Asia-Pacific region was realized with the establishment of Korea DDoS scrubbing center. Imperva will continue to invest in the expansion of the worldwide DDoS scrubbing center to strengthen the protection of DDoS threats and will focus on meeting customer expectations and providing differentiated services.” – says Yong-hun Shin, Country manager of Imperva Korea ▲ Imperva’s press conference on opening a network connectivity hub was held. According to the announcement, Imperva is continuously expanding its network capacity in line with the exponential growth of the online traffic. It has established 40 DDoS scrubbing centers in North America, South America, Europe, Asia, Africa and Oceania including Korea, and it is rapidly analyzing and responding to the dramatically growing network traffic. INCAPSULA, a DDoS protection service of Imperva, can detect DDoS attacks and defend them within a few seconds, regardless of the attack mode. So, it can control web traffics by a large amount of DDoS and Bot, which are continuous threats targeting enterprises’ web services. In order to respond effectively to security threats to corporate web services, security services such as DDoS protection, web security, global load balancing, and 24-hour security services are handled as one-stop. Through global level of virtual DDoS scrubbing center, ‘Incapsula’ blocks attacks at the center near the users and provides various solutions such as website protection, bot blocking, enhancement of the speed that users feel, server and data center load distribution, DNS caching and protection, and infrastructure protection. ▲ There are many security challenges. ▲ Imperva has set Korea as one of the major markets. 'Incapsula' provides 99.999% availability and SLA of Time to Mitigation within 10 seconds to protect customer's mission critical application and personal information. The logs containing personal information is 100% masked and stored to safeguard against the leakage. On the other hand, Imperva is constantly expanding its network capacity to accommodate the exponential growth of online traffic. Imperva has recently established 40 DDoS scrubbing centers in six continents such as America, Europe, Asia, South America, Africa and Oceania, including Korea, for the long-term goal of Imperva's stable support for customer service in major countries around the world. Hence, Imperva has strengthened DDoS protection service, ‘Incapsula’, by analyzing and rapidly responding to dramatically growing network traffic.
-
InfiNet Wireless delivers fast and reliable CCTV connectivity in Guaymas port, improving Mexico’s national security
InfiNet Wireless, the global leader in fixed broadband wireless connectivity, today announced the successful deployment of a video surveillance system solution in Guaymas, a port in north-western Mexico. In recent years, the previous network infrastructure had been severely affected by environmental factors such as hurricanes and corrosion due to the presence of sea salt in the air. Also, the cameras were connected by standard UTP cabling meaning a viewing range of only 100m for security officials was possible. The legacy system was simply not adequate enough to monitor the entire port area and needed a major overhaul. "Since a strong and reliable CCTV infrastructure is critical for the management of any port, a robust system was needed to allow it to constantly monitor the perimeter areas in order to avoid theft of materials, and drugs and weapon trafficking. At the same time the safety and well-being of all employees of the port authority is paramount," said Carlos de la Madrid, Regional Business Development Manager for LATAM at InfiNet Wireless. After originally considering a fibre optic solution, Guaymas port management eventually settled on a wireless solution as it was deemed more cost-effective, operating reliably even in adverse weather conditions. The project was implemented jointly with Global VoIP, a regional InfiNet partner in Mexico, and a system integrator which deployed the InfiMAN 2×2 point-to-multipoint (PtMP) solution. The experts installed a number of high-capacity base station sectors feeding data and video streams to a central control room. The InfiMAN 2×2 is a field-proven family of wireless solutions designed for various applications and has been used in all types of environments, from remote mining locations in Russia to the Olympic sailing security network in Dorset, UK, where during the 2012 Summer Olympics, InfiNet launched a video surveillance network to provide security for the competition. “Thanks to the new solution, a very important goal has been achieved – the operations team of the port is able to remotely and dynamically monitor all activities in and around the port area, to keep people safe and to prevent trafficking of all types. This has allowed our security staff to have wider visibility of the port and enabled them to pre-empt criminal activities and even to apprehend potential criminals much quicker than ever before,” said Axel Humberto Perez Flores, IT expert at API Guaymas.
-
DECENT’s Feature-Packed Wallet Stores Custom Tokens
DECENT is reaching yet another milestone towards decentralization with the release of its newly designed, feature-packed web wallet, going simply by the name ‘DECENT Wallet’. The company has a proven track record of accomplishing its targets when it comes to the most recent projects in its roadmap. The new web wallet was initially released as a beta version for DECENT’s community to test and explore. Now, with their feedback taken into consideration, the global blockchain company officially releases its new web wallet. DECENT’s Senior Product Manager, Miroslav Majtaz, states: “Our official wallet has not only been thoroughly tested by our own team but also by our miners to ensure a fluid experience for the users. The wallet packs a brand new UI design and numerous incredible features, like storing custom tokens, instant transfers and an effortless account creation. We are happy to see users already reaching out to us and enjoying the wallet.” As one would expect, the new wallet will store DECENT’s own token, DCT, but also brings many new features to the table. The list of features includes: A new responsive, modern and user-friendly UI design Storing DCT and custom tokens (UIAs) Instant sending and receiving of tokens (running on DCore, with 2,000+ TPS) A simplified and secure wallet account creation process Creating a custom wallet account name or generating one automatically Paper wallet print-out option (with user account name, brain key, private and public key, and also a QR code) Wallet file export for an easy login Account keys regeneration Real-time conversion rates to USD, EUR and GBP The wallet, released on October 2, is fully functional and freely accessible to any user who creates a DECENT Wallet account on wallet.decent.ch The team has prepared easy, step-by-step guidance to give wallet users the best experience. The DECENT team plans on continually updating the wallet and encourages their wallet users to send feedback so they can continue to make improvements. In the world of crypto, blockchain wallets are a crucial element for users to store their assets. With DECENT’s new web wallet, users can expect security, reliability, quick transactions, an easy-to-use interface and much more.
-
InfiNet Wireless LATAM conference drives wireless development forward following Colombian crime crackdown
Delivering affordable technology to grow wireless architecture and improve public safety in Latin America was top of the agenda last week when InfiNet Wireless, the global leader in fixed broadband wireless connectivity, addressed its regional partners at its annual exclusive LATAM conference. Held in Punta Cana, the conference enabled InfiNet Wireless to present brand-new solution lines planned for 2018 and beyond, including the recently launched Quanta 5. Affordable, rapidly deployable and with a processing power of up to 800,000 packets per second, the Quanta 5 boasts the highest spectral efficiency available in today’s wireless marketplace. In his keynote speech to attendees, Carlos de la Madrid, Regional Business Development Manager for LATAM at InfiNet Wireless, said: “Offering affordable wireless technology such as the Quanta 5 is core to the backbone of InfiNet Wireless. As operators across Latin America realise the importance of fast, wireless solutions to increase economy and improve safety, InfiNet Wireless pricing trends, coupled with its industry-acclaimed technology for zero interference, solidifies its position to tackle interruptions in connectivity head-on.” The conference follows success in the region for InfiNet Wireless, after it successfully reduced crime in Bojacá, a popular tourist destination in Colombia, by improving the CCTV network. Its wireless Point-to-Point and Point-to-Multipoint solutions were installed to combat crime and resulted in a 45% decrease in violent injury crime as well as a 22% decrease in theft since the deployment. “There is a clear link between a country’s national security and its wireless network architecture, which, when selected carefully and correctly, can cause huge benefits to areas and businesses lacking coverage in Latin America,” he continued. A significant year for InfiNet, it also supported its valued partner Avantec as it tapped into the Colombian market, as part of an expansion drive to target growth in Latin America. InfiNet Wireless has its own commercial and support offices in Mexico, Colombia and Brazil. The conference, held from 4-5 September 2018, also saw the annual award gala for partners in recognition for their efforts and contribution in deploying InfiNet solutions in the region. Awards are classified on various achievements, such as Best InfiNet partner in Latin America for 2018, Best Project of the Year and Best Individual Contribution. La Madrid added: “There are thousands of InfiNet Wireless links deployed across Latin America, covering all sectors of the industry. This exclusive conference is an important forum for our growing LATAM community as ultimately, both parties can benefit. We add value to their business and vice-versa, not just by sharing information about products or services, but also through conversation on market intelligence and industry trends. Holding this conference right in their back garden shows our partners we are committed to building lasting relationships. We look forward to holding our fifth event next year!”
-
QNAP Extends Surveillance Integration Scale with Dahua Technology Network Cameras
QNAP® Systems, Inc. today announced that QVR Pro, the next-generation surveillance solution featuring the QVR Center central management software and QVR Guard failover protection, is now compatible with an additional 88 models of Dahua Technology’s Eco-savvy 3.0, WiFi 265 and H.265 PTZ series network cameras. QNAP has worked with Dahua Technology to provide users with greater choice and compatibility in deploying a comprehensive surveillance solution. Dahua's Eco-savvy 3.0 network camera series can deliver real-time 4K video streams at 15 fps, providing security applications with impressive range of smart detection features. Dahua's WiFi 265 series supports H.265 compression. Dahua's H.265 PTZ camera provides a large monitoring range with clear details, while the latest H.265 compression cuts bandwidth in half to ensure video recording with greater efficiency and lower cost. QVR Pro, the professional surveillance solution on QNAP NAS, includes 8 monitoring channels, allowing users to quickly build a home surveillance environment hosted on the QNAP NAS without any extra software required. Businesses can easily expand the number of monitoring channels up to 128 by purchasing QVR Pro licenses to deploy a large-scale surveillance project. QVR Pro uses an independent operating environment on the QNAP NAS, and by leveraging the storage expandability of the NAS, surveillance videos are safely stored for on-demand playback. The enhanced QVR Pro Client cross-platform software allows for rapid multi-channel playback and can support simultaneous play multiple 4K network cameras. Synchronous playback can focus on moving objects, while the diversified event notification setting ensures all urgent events are delivered. QVR Pro Client is available for mainstream operating systems on desktop and mobile, making surveillance management more convenient.
