Economy Minister Gordon Lyons today hailed Northern Ireland’s cybersecurity industry as a world leader, providing world-class products and services, and said it offers significant benefits to potential investors.

The Minister was speaking during a visit to Maryland as part of his US trade visit where he is promoting Northern Ireland’s key assets to investors and business leaders. He met with representatives from the Department of Commerce and the State Department of Labor to strengthen ties under the joint cybersecurity memorandum of understanding.

Maryland is home to some of the United States’ major security agencies. In October 2019, the Department of Economy and Department of Commerce and the Department of Labor of the State of Maryland jointly signed a three-year memorandum of understanding. The objective of the MoU is to take advantage of the opportunities offered by cybersecurity to both economies.

Commenting on the growing importance of the cybersecurity sector in Northern Ireland, the Minister said:

“Northern Ireland has a global reputation for cybersecurity excellence with specialist academic research centres, innovative start-ups offering global cybersecurity solutions and an impressive group of international cybersecurity investors. That’s why we are the premier international investment location for US cybersecurity companies, with Nisos and Agio being some of the US companies that have recently chosen to invest with us.

The Minister continued:

“I was delighted to be here today to renew our Cyber ​​Security Memorandum of Understanding with Maryland. The MoU provides an excellent opportunity for Northern Ireland and Maryland to support each other by sharing knowledge and best practices. Nurturing relationships and attracting more high-value foreign investment is a priority in my 10X economic vision. MOUs can play an important role in helping to support this vision, which will benefit our economy and our people.

Also present at the cybersecurity MOU meeting was Invest Northern Ireland’s Executive Director of International Affairs, Steve Harper. He said:

“The growing importance of the cybersecurity sector in Northern Ireland cannot be underestimated. This Memorandum of Understanding continues to pave the way for Northern Ireland and the United States to work closely together through enhanced research, industry collaboration and the development of new businesses. We look forward to continuing to support the growth of our cybersecurity industry and helping businesses in Northern Ireland benefit from this MoU. »

The minister also traveled to Washington where he was due to hold a number of meetings, including one with US government energy officials to discuss opportunities around hydrogen. He was then due to attend the Ireland Fund’s 30th National Gala Dinner to engage with influential business leaders and corporate America.

Notes to Editors:

1. Caption: Economy Secretary Gordon Lyons pictured with (L-R) Signe Pringle, Under Secretary of Commerce and Tiffany Robinson, Secretary of Labor in Baltimore, Maryland.
2. The Department may take photos and videos during announcements and events to publicize its work. Photographs, interviews, videos or other recordings may be given to media organizations for publicity purposes or used in promotional material, including in publications, newspapers, magazines, other print media, television, radio and electronic media (including social media and the Internet) . Photographs and videos will also be stored in the Department’s internal records management system. The Department will retain photographs and recordings only as long as necessary for the purposes for which they were obtained. The Department’s privacy policy is available on our website.
3. To keep up to date with Department news, you can follow us on the following social networks:
   Twitter- @Economy_NI
   Facebook – @EconomyNI
   Skills for Facebook Success
   Instagram – economy_ni
   LinkedIn – NI Department of Economics
4. For media enquiries, contact the Department of Economics Press Office at pressoffice@economy-ni.gov.uk
5. The Executive Information Service runs an after-hours service for media inquiries only between 6:00 p.m. and 8:00 a.m. from Monday to Friday and on weekends and public holidays. The permanent press officer can be contacted on 028 9037 8110.

Share this page

A report published today dives into the technical aspects of a Linux backdoor now identified as Bvp47 that is linked to Equation Group, the Advanced Persistent Threat Actor tied to the US National Security Agency.

Bvp47 has survived until today almost undetected, although it was first submitted to Virus Total’s antivirus database nearly a decade ago in late 2013.

Until this morning, only one antivirus engine on Virus Total detected the Bvp47 sample. As the report spread through the infosec community, detection began to improve, being flagged by six engines at the time of writing.

The Equation Group Connection

The Advanced Cyber ​​Security Research team of Pangu Lab, a Chinese cybersecurity company, claims to have discovered the elusive malware in 2013, during a “forensic investigation of a host in a key national department”.

The Bvp47 sample obtained from the forensic investigation turned out to be an advanced backdoor for Linux with a remote control function protected by the RSA asymmetric cryptography algorithm, which requires a private key for the activate.

They found the private key in leaks published by the Shadow Brokers hacker group between 2016 and 2017, which contained hacking tools and zero-day exploits used by the NSA’s cyberattack team, the Equation Group.

Some components of the Shadow Brokers leaks have been integrated into the Bvp47 framework – “dewdrop” and “solutionchar_agents” – indicating that the implant covered Unix-based operating systems like mainstream Linux distributions, JunOS, FreeBSD and Solaris from Juniper .

Besides Pangu Lab attributing the Bvp47 malware to the Equation group, the automated analysis of the backdoor also shows similarities to another sample from the same actor.

Kaspersky’s Threat Attribution Engine (KTAE) shows that 34 out of 483 strings matched those in another equation-related sample for Solaris SPARC systems, which had a 30% similarity with encore another malware Equation submitted to Virus Total in 2018 and published by threat researcher Deresz on January 24, 2022.

Costin Raiu, Director of the Global Research and Analytics Team at Kasperskytold BleepingComputer that Bvp47’s code-level similarities match a single sample of the company’s current malware collection.

This indicates that the malware has not been widely used, as usually happens with high-level malicious actor hacking tools, which use them in highly targeted attacks.

In the case of the Bvp47 Linux backdoor, Pangu Lab researchers say it has been used on targets in the telecommunications, military, higher education, economics, and science sectors.

They note that the malware affected more than 287 organizations in 45 countries and went largely unnoticed for more than 10 years.

Attack stages

Pangu Lab’s incident analysis involved three servers, one being the target of an external attack and two other internal machines – a mail server and a corporate server.

According to the researchers, the rotated threat actor established a connection between the external server and the mail server via a TCP SYN packet with a payload of 264 bytes.

The company’s server then connected to the mail machine to download additional files, “including the Powershell script and the second stage encrypted data”.

An HTTP server is started on one of the two compromised machines, serving two HTML files to the other. One of the files was a base64-encoded PowerShell script that downloads “index.htm”, which contains asymmetrically encrypted data.

A connection between the two internal machines is used to communicate encrypted data via “its own protocol”, the Pangu Lab researchers explain in their report.

The researchers were able to restore communication between the servers and summarized it in the following steps, where machine A is the external system and V1/V2 are the mail and corporate server respectively:

1. Machine A connects to port 80 of server V1 to send a keystroke request and start the backdoor program on server V1
2. Server V1 reverse connects the high-end port of machine A to establish a data pipeline
3. V2 server connects to open backdoor web service on V1 server and gets powershell execution from V1 server
4. The V1 server connects to the SMB service port of the V2 server to perform command operations
5. The V2 server establishes a connection with the V1 server on the high-end port and uses its own encryption protocol for data exchange
6. Server V1 synchronizes data interaction with machine A, and server V1 acts as data transfer between machine A and server V2

Referring to the above communication technology between the three servers, the researchers assess that the backdoor is the creation of “an organization with strong technical capabilities”.

New Jersey, United States,- The latest report published by Verified Market Reports indicates that the Telecommunications Cybersecurity Solutions Market is expected to accelerate sharply in the coming years. Analysts have studied market drivers, restraints, risks, and opportunities in the global market. The Telecom Cybersecurity Solutions market report shows the probable direction of the market in the coming years along with its estimations. An accurate study aims to understand the market price. By analyzing the competitive landscape, the authors of the report have made excellent efforts to help readers understand the key business tactics that major companies are using to maintain market sustainability.

The report includes company profiles of almost all the major players in the Telecommunications Cybersecurity Solution Market. The Company Profiles section provides valuable analysis of strengths and weaknesses, business trends, recent advances, mergers and acquisitions, expansion plans, global presence, market presence and portfolios of products from major market players. This information can be used by players and other market participants to maximize their profitability and streamline their business strategies. Our competitive analysis also provides vital information that will help new entrants identify barriers to entry and assess the level of competitiveness in the Telecom Cybersecurity Solutions market.

Get Sample Full PDF Copy of Report: (Including Full TOC, List of Tables & Figures, Chart) @ https://www.verifiedmarketreports.com/download-sample/?rid=104222

Key Players Mentioned in the Telecom Cyber ​​Security Solutions Market Research Report:

Kaspersky, Huntsman Security, Prodaft, Solusi, MWR InfoSecurity, IBM, BAE Systems, Cisco, Senseon

Telecommunications Cybersecurity Solutions Market Segmentation:

By Product Type, the market is primarily split into:

• Device
• Services
• Software

By application, this report covers the following segments:

• Small enterprises
• Medium-sized companies
• Large companies

The global telecommunications cybersecurity solutions market is segmented on the basis of product and type. All of these segments were studied individually. The detailed investigation helps to evaluate the factors influencing the Telecom Cybersecurity Solutions market. Experts analyzed the nature of development, investments in research and development, changing consumption patterns and the growing number of applications. In addition, analysts have also assessed the development of the economy around the Telecom Cybersecurity Solutions market which is likely to affect its development.

The regional analysis section of the report enables players to focus on high growth regions and countries that could help them expand their footprint in the Telecom Cyber ​​Security Solutions market. Besides expanding their footprint in the Telecom Cybersecurity Solutions market, the regional analysis helps players to increase their sales while having a better understanding of customer behavior in specific regions and countries. The report provides CAGR, revenue, production, consumption and other important statistics and figures related to global and regional markets. It shows how different types, applications, and regional segments are advancing in the Telecom Cyber ​​Security Solutions market in terms of growth.

Get a discount on the purchase of this report @ https://www.verifiedmarketreports.com/ask-for-discount/?rid=104222

Scope of the Telecommunications Cyber ​​Security Solutions Market Report

ATTRIBUTES	DETAILS
ESTIMATED YEAR	2022
YEAR OF REFERENCE	2021
FORECAST YEAR	2029
HISTORICAL YEAR	2020
UNITY	Value (million USD/billion)
SECTORS COVERED	Types, applications, end users, and more.
REPORT COVER	Revenue Forecast, Business Ranking, Competitive Landscape, Growth Factors and Trends
BY REGION	North America, Europe, Asia-Pacific, Latin America, Middle East and Africa
CUSTOMIZATION SCOPE	Free report customization (equivalent to up to 4 analyst business days) with purchase. Added or changed country, region and segment scope.

Geographic segment covered in the report:

The Telecom Cyber ​​Security Solution report provides information about the market, which is sub-divided into sub-regions and countries/regions. In addition to the market share in each country and sub-region, this chapter of this report also contains information on profit opportunities. This chapter of the report mentions the market share and growth rate of each region, country and sub-region over the estimated period.

• North America (USA and Canada)
• Europe (UK, Germany, France and rest of Europe)
• Asia-Pacific (China, Japan, India and the rest of the Asia-Pacific region)
• Latin America (Brazil, Mexico and rest of Latin America)
• Middle East and Africa (GCC and Rest of Middle East and Africa)

Answers to key questions in the report:

1. Who are the top five players in the Telecom Cyber ​​Security Solutions Market?

2. How will the telecommunications cybersecurity solutions market evolve in the next five years?

3. Which products and applications will capture the lion’s share of the telecommunications cybersecurity solutions market?

4. What are the drivers and restraints of the Telecommunications Cyber ​​Security Solution Market?

5. Which regional market will show the strongest growth?

6. What will be the CAGR and size of the Telecom Cyber ​​Security Solutions market throughout the forecast period?

For more information or query or customization before buying, visit @ https://www.verifiedmarketreports.com/product/global-telecom-cyber-security-solution-market-growth-status-and-outlook-2019-2024/

Visualize the Telecom Cyber ​​Security Solutions Market Using Verified Market Intelligence:-

Verified Market Intelligence is our BI platform for market narrative storytelling. VMI offers in-depth forecast trends and accurate insights on over 20,000 emerging and niche markets, helping you make critical revenue-impacting decisions for a bright future.

VMI provides a global overview and competitive landscape with respect to region, country and segment, as well as key players in your market. Present your market report and results with an integrated presentation function that saves you more than 70% of your time and resources for presentations to investors, sales and marketing, R&D and product development. products. VMI enables data delivery in Excel and interactive PDF formats with over 15+ key market indicators for your market.

Visualize the Telecom Cybersecurity Solutions Market Using VMI@ https://www.verifiedmarketresearch.com/vmintelligence/

Most Popular Reports

Global SaaS Spend Management Software Market Size and Forecast

Global SaaS Operations Management Software Market Size and Forecast

Global Unified Threat Management (UTM) Software Market Size and Forecast

Global Webinar and Webcasting Market Size and Forecast

Global Telecommunications Cybersecurity Solutions Market Size and Forecast

Global Monolithic Microwave Integrated Circuit (MMIC) Market Size and Forecast

Global Target Acquisition Systems Market Size and Forecast

Global Self-Service BI Tools Market Size and Forecast

Global Change Management Tools Market Size and Forecast

Global Visual Analytics Tools Market Size and Forecast

About Us: Verified Market Reports

Verified Market Reports is a leading global research and advisory company serving over 5000 global clients. We provide advanced analytical research solutions while delivering information-enriched research studies.

We also provide insight into the strategic and growth analytics and data needed to achieve business goals and critical revenue decisions.

Our 250 analysts and SMEs offer a high level of expertise in data collection and governance using industry techniques to collect and analyze data on over 25,000 high impact and niche markets. Our analysts are trained to combine modern data collection techniques, superior research methodology, expertise and years of collective experience to produce informative and accurate research.

Our research spans a multitude of industries, including energy, technology, manufacturing and construction, chemicals and materials, food and beverage, and more. Having served many Fortune 2000 organizations, we bring a wealth of reliable experience that covers all kinds of research needs.

Contact us:

Mr. Edwyne Fernandes

USA: +1 (650)-781-4080
UK: +44 (753)-715-0008
APAC: +61 (488)-85-9400
US toll free: +1 (800)-782-1768

E-mail: [email protected]

Website: – https://www.verifiedmarketreports.com/

The White House will meet with executives from major tech companies, including Google, Apple and Amazon, owned by Alphabet, on Thursday to discuss software security after the United States suffered several major cyber attacks last year.

In December, White House National Security Advisor Jake Sullivan sent a letter to CEOs of tech companies after a security vulnerability was discovered in open source software called Log4j that organizations around the world use to save data in their applications.

In the letter, Sullivan noted that such open source software is widely used and maintained by volunteers and is of “major national security concern”.

Thursday’s meeting, which will be hosted by Anne Neuberger, deputy national security adviser for cybersecurity and emerging technologies, will discuss concerns about the security of open source software and how it can be improved, the House said. Blanche in a press release.

Other top tech companies present at the meeting included IBM, Microsoft, Meta Platforms, owner of Facebook and Oracle. Government agencies, including the Department of Homeland Security, the Department of Defense and the Department of Commerce, will also be present.

Cyber ​​security has been a top priority for the Biden administration after several major cyber attacks last year, which exposed thousands of files held by businesses and government agencies to hackers.

A hack, which the U.S. government says was likely orchestrated by Russia, hijacked software made by SolarWinds and gave hackers access to the thousands of businesses and government offices that used its products. The hackers gained access to emails from the US Treasury, Justice, and Commerce departments and other agencies.

The increasing frequency and impact of these attacks prompted the administration to issue an executive order last year creating a review board and new software standards for government agencies.

© Thomson Reuters 2022

---

Honeywell and Acalvio Technologies have launched a new solution designed to detect known and unknown (zero-day) attacks in operational technology (OT) environments in commercial buildings.

Honeywell Threat Defense Platform (HTDP) powered by Acalvio uses active defense, with autonomous deception tactics to outwit attackers, and provides high-fidelity threat detection.

Honeywell’s technology presents a government-recommended and standard-setter approach to cybersecurity because of its ability to detect and control attacks, the company says.

Traditionally, the creation of OT environments has relied on prevention technology and passive detection, such as perimeter security and network traffic analysis to secure systems.

However, more than one in four facility managers surveyed (27%) have experienced a cyber breach of their OT systems in the past 12 months, according to a recent survey by Honeywell Building Technologies.

Threat actors continue to target building systems with both targeted attacks and ransomware attacks. These attacks can go beyond accessing private customer data and can potentially harm the operations of critical organizations such as utilities, data centers, hospitals and airports.

HTDP uses deception tactics to confuse and deflect threats to critical assets and devices, resulting in low false alarm rate and high detection rate.

The solution leads threat actors to lure assets, which appear to be valuable OT and IT devices. However, none of the devices are real and there is no access to company assets.

The solution makes real and critical operational devices harder to find, slowing down adversaries and helping security teams capture them faster, the company says.

Mirel Sehic, Global Director of Cyber ​​Security at Honeywell Building Technologies, said: “The quantity and complexity of cyber attacks is unfortunately increasing every day, reinforcing the need for building owners and operators to rigorously monitor, maintain and protect their assets. OT environments.

“The integration of Acalvio’s autonomous deception technology into our OT cybersecurity toolbelt provides a very effective solution to help protect our customers’ buildings from increasingly sophisticated attacks. “

Powered by Acalvio deception technology, HTDP integrates industry-specific design, intent, and knowledge into a workflow to deploy effective deception on distributed enterprise OT networks.

Using specially crafted deception elements, HTDP also helps detect ransomware and even zero-day variants accurately and quickly. HTTP uses advanced scans to confirm and investigate threats.

Acalvio Technologies co-founder and CEO Ram Varadarajan said, “We are delighted to be working with Honeywell to secure and keep OT systems running smoothly while protecting people and data across an entire network. organization.

“It is important to note that this technology can benefit all buildings and facilities, especially those that do not have teams of cyber experts.

“It does not require any prior knowledge of attacker tactics and can be deployed without special training or modification of existing OT environments.”

The HTDP solution includes deployment and continuous monitoring, freeing up resources for the internal security team, the company said.

Advanced artificial intelligence makes the service simpler and scalable. According to the company, HTDP is well suited for organizations that want advanced intrusion detection into their building network without having to install or use complex technology.

HTDP can be deployed in IT and OT environments as an on-premise offering or as a cloud service. This new offering also helps clients improve their resilience and business continuity efforts to help them achieve their environmental, social and governance (ESG) goals.

Honeywell’s relationship with Acalvio includes the investment by Honeywell Ventures to further support the development of the latest cybersecurity solutions and disruptive technologies.

OSHKOSH, Wisconsin (WBAY) – The University of Wisconsin Oshkosh has opened a new Cyber ​​Security Center, providing a new space for cyber security related research, training and awareness, in partnership with the Wisconsin Cyber ​​Threat Response Alliance .

The Cyber ​​Security Center of Excellence, located in the Culver Family Visitor Center on the Oshkosh Campus, has a live-fire cyber zone where users can experience real-world cyber threats in a controlled educational environment. The center also includes classrooms, a laboratory and a small data center.

Michael Patton, director of the center, said the space seeks to help not only students with their cybersecurity, but Wisconsin as a whole.

“We really want to embody the idea of ​​Wisconsin that the universities here in the UW system are not just there to educate students, but to have meaning in everyday Wisconsinite life,” Patton said.

The center is free for college students and offers programming for the larger Oshkosh community. Students can use the center to expand their cybersecurity awareness and through classes, events, lab work, and internship opportunities.

“Our goal is not to make everyone an expert in cybersecurity. Our goal is to take everyone’s knowledge of cybersecurity and improve just one. So if you don’t know anything about cybersecurity, let’s talk about some of the basic things you can do, ”Patton said.

The center also seeks to serve nearby schools by offering hands-on events. The public will also benefit from training events and opportunities.

“You know, all too often, when we talk about cybersecurity, we get into real technical and technical terms. And yet it’s important that we can communicate these things in simple English, ”Patton said.

The 2020 FBI Internet Crime Report found that more than $ 4.1 billion was lost in 2020 due to cyber scams.

Copyright 2022 WBAY. All rights reserved.

The security landscape has changed from malware to data breaches and social engineering – phishing and other manipulative tactics to trick you into voluntarily handing over sensitive data. At the same time, browsers, email programs, and operating systems have tightened their security to protect users. Are you one of the estimated 45 million households in the United States that pay for some type of antivirus software?

Earlier this year, research and review firm Security.org conducted a survey of 841 U.S. households and combined the results with their own software tests, Google Trends, AV-Labs, and other sources to give an overview of who uses antivirus software (free or paid). and why. He has determined the current market to be around $ 1.8 billion and expects that figure to increase as COVID-related scams continue to plague users.

The survey found that 85% of people over 60 are the most likely to use antivirus software, but the difference between the age ranges for 30-44 and 45-60 year olds was no more than two percentage points. Half of antivirus customers pay for protection with an average annual cost of $ 40, and the majority purchased their software before 2018.

There seems to be a mismatch between the perception of what third-party antivirus programs can do and the types of threats the average user (we’re not talking about governments!) Is likely to encounter. The biggest threats most users face come from hackers who can easily adapt to trends, such as increasing numbers of remote workers, and fine-tune their social attacks for better results, such as usage of tax scams in the first months of a new year.

“When I look at all of the personal account compromises I’ve seen over the past three years, I don’t think any of them were caused by malware,” Bob Lord, who revised the strategy Cyber ​​Security Council of the Democratic National Committee for the 2018 and 2020 elections following Russian interference, NBC said in an interview. “They came because the victims had poor password hygiene and didn’t have two-factor authentication on their accounts. “

This doesn’t mean that computer viruses are a thing of the past, but Windows 10 and later computers come with Windows Defender which provides real-time protection against spyware, malware, and other viruses in apps, storage. cloud, email and the web. Coupled with the protection found in all modern browsers, you’re well covered as long as you keep them up to date. And for all that passes, the free version of Malwarebytes should take care of it.

Since hackers primarily target average computer users to break into their personal email, social media, and bank accounts, protection is up to you. Use strong, unique passwords and don’t reuse them for different accounts. If you’re curious about how strong your password is, check out Security.org’s How Secure Is My Password tool. Type in a password and it will tell you how long – from microseconds to years – it would take a computer to crack your password.

Best practice for passwords is 16 characters or more using a combination of letters (upper and lower case), numbers, and characters; do not use a sequence containing easily referenced data such as your phone number, date of birth or address; no consecutive letters or numbers; and don’t use a common word or phrase.

Security levels are important, so enable two-factor authentication wherever it is offered. This will require you to receive a one-time code through a second device and enter it to access your account. If you have a computer that uses a biometric ID feature or a phone with facial recognition or fingerprint recognition, activate it and configure your device to lock after a few minutes of inactivity. Starting last September, Microsoft offered its home users the Microsoft Authenticator app, completely eliminating passwords in accordance with its “future without passwords” policy.

Still, you can’t prevent data breaches, so monitor your personal accounts for any unusual activity and take action if Google warns you that your password was found in a data breach. Change any leaked passwords. If you’ve used unique, secure passwords, they’re less likely to allow hackers to gain access to your accounts. Despite what you may have heard (or what your organization requires), it is not necessary to change passwords regularly. The security community recommends changing a password only if the account has been compromised.

Leslie Meredith has been writing about technology for over a decade. As a mother of four, online value, utility and safety come first. Have a question? Email Leslie at asklesliemeredith@gmail.com.

Newsletter

Join the thousands of people who already receive our daily newsletter.

In one of those delightful coincidences that warm the hearts of every tech columnist, the same week the entire internet community struggled to fix a blatant vulnerability affecting countless millions of web servers around the world, the UK government announced a big new National Cyber ​​Security Strategy which, even if effectively implemented, would have been largely unrelated to the current crisis.

At first it looked like a farce in the very popular Minecraft Game. If someone inserted a seemingly meaningless string of characters into a game chat conversation, it would effectively take control of the server it was running on and download malware that could then have the effect. ability to do all kinds of bad things. Because Minecraft (now owned by Microsoft) is the best-selling video game of all time (over 238 million copies sold and 140 million monthly active users), this vulnerability was obviously worrisome, but hey, that’s only ‘a video game…

This slightly heartwarming thought was exploded on December 9 with a tweet from Chen Zhaojun of Alibaba’s cloud security team. He posted sample code for the vulnerability, which exists in a subroutine library called Log4j of the Java programming language. The implications of this – that any software using Log4j is potentially vulnerable – were startling, as countless numbers of programs in the IT infrastructure of our networked world are written in Java. To make matters worse, the nature of Java makes it very easy to exploit the vulnerability – and there was evidence that a lot of bad actors were already doing just that.

At this point, a short gobbledegook break may be in order. Java is a very popular high-level programming language that is especially useful for client-server web applications – which basically describes all the applications most of us use. “The first rule of thumb to be a good programmer,” says Berkeley computer scientist Nicholas Weaver, “is not to reinvent things. Instead, we reuse code libraries, packages of previously written code that we can simply use in our own programs to accomplish particular tasks. And let’s face it, computer systems are finicky beasts, and mistakes happen all the time. One of the most common ways to find problems is to simply log everything that is going on. When programmers do, we call it “logging”. And good programmers use a library to do this rather than just using a bunch of print () – which means onscreen print instructions scattered throughout their code. Log4j is one such incredibly popular library for Java programmers.

There are something like 9 million Java programmers in the world, and since most network applications are written in the language, an unimaginable number of these programs use the Log4j library. At the moment, we have no real idea how many of these vulnerabilities. It is as if one suddenly discovered a hitherto unknown weakness in the mortar used by masons around the world which could be liquefied by spraying it with a specific liquid. A better question, says Mr. Weaver, is what is not affected? “For example, it turns out that at least somewhere in Apple’s infrastructure is a Java program that will register a user’s iPhone name, so a few hours ago you could l use to tap iCloud! The Minecraft and Steam gaming platforms are both written in Java and end up having code paths that log chat messages, which means they’re vulnerable as well.

It is a global mess, in other words, that will take a long time to dissipate. And the question of who is responsible for it is, in a way, unanswered. Writing software is a collaborative activity. Reusing code libraries is the rational thing to do when building something complex – why start from scratch when you can borrow? But the most compelling review from the software community I’ve seen this week says that if you’re going to reuse someone else’s wheel, shouldn’t you check to see if it’s reliable first? “Developers are lazy (yes, ALL),” wrote an angry respondent to Bruce Schneier’s succinct summary of the vulnerability. “They’ll be using a tool like Log4j because it’s an easy way to deal with the logging routines and someone else has already done the job, so why reinvent the wheel, right?” Unfortunately, most of them won’t be RTFM, so they have no idea if it can actually do the things it was designed to do and therefore, [they] do not take any precaution against it. It’s a bit of a Dunning-Kruger effect where developers overestimate their abilities (because they have l337 coding skills!). “

Well he could say that but as an unqualified programmer I couldn’t comment.

What i read

It gets meta all the time
Novelist Neal Stephenson designed the Metaverse in the 90s. He’s not impressed with Mark Zuckerberg’s version. Read the transcript of her conversation with Kara Swisher on the New York Times website.

Words to live
This Is Water is the title of David Foster Wallace’s opening speech. The only one he’s ever given – in 2005 to graduates of Kenyon College, Ohio.

Doom and sadness
Visualizing the end of the American republic is a grim essay by George Packer in the Atlantic.

Cybersecurity jobs alone account for over 20% of total IT jobs

Along with the incredible growth of digital technologies, cybersecurity concerns are also increasing. One thing everyone can agree on is the growing demand for cybersecurity professionals. Nearly 4,000 cyberattacks took place in 2020 alone, with more than 37 billion records believed to have been exposed to the vulnerability, according to one report. Due to the growing number of cyber attacks, companies seeking cybersecurity professionals have also increased significantly. However, this comes at a time when there is a serious shortage of candidates trained for cybersecurity positions. Research suggests that there are currently 3.1 million unfilled cybersecurity jobs globally. Cybersecurity jobs alone account for over 20% of total IT jobs. Fortunately, more and more people are trying to enter the cybersecurity space recently. Working in the field of cybersecurity gives candidates the chance to work in a fast-paced environment where they can learn and explore. Analytics Insight has listed the best cybersecurity jobs that aspirants should apply to advance their careers in December 2021.

The best cybersecurity jobs to apply

Cybersecurity Engineer / Analyst / Advisor at OYO

Locations): Hyderabad, Gurgaon, Bangalore

Roles and responsibilities: The Cybersecurity Engineer / Analyst / Advisor will be a key team member, influencer and advisor in technology and business areas. The candidate should be able to understand, interpret, advise and report quickly on all risk management, compliance and audit activities. He / she must identify, analyze and resolve compliance issues. They are responsible for leading audits and reporting on the organization’s compliance. The candidate should proactively seek to stay up to date with regulations and rules. He / she must implement and document all policies and procedures.

Qualifications:

• The candidate should have 3 to 9 years of work experience in related fields.
• Experience in the design and conduct of information security training modules is mandatory.
• He / she must have superb analytical and research skills.
• The ability to understand complex data sets is also expected.

Apply here For the job.

Threat Management- Consultant- Cybersecurity- ISA at IBM

Locations): Bangalore

Roles and responsibilities: As a Threat Management Consultant, the candidate will be responsible for analyzing large amounts of data from vendors and internal sources, including various metric feeds, Splunk, and several threat intelligence tools. He / she will be responsible for improving security operations and threat intelligence workflow by redesigning the process and approach to operationalize the sharing and use of intelligence and actionable metrics. They should help identify and profile threat actors and TTPs. The candidate must implement the integration or orchestration of the infrastructure and existing security indicators.

Qualifications:

• The candidate must have at least 7 years of technical experience in threat intelligence, incident response, security operations or a related field of information security.
• He / she must have 2 years of experience in application design / engineering including but not limited to programming, scripting, administration of Windows, Linus systems, etc.
• A thorough understanding of common network and application stack protocols is required.
• They should have extensive experience with various common security infrastructure tools.

Apply here For the job.

Embedded Cyber ​​Security Engineer at Tata Autocomp Systems

Locations): Bangalore

Qualifications:

• The candidate should have previous experience in designing security solutions for automotive ECUs.
• He / she is mandated to have a solid knowledge of the crypto architecture Autosar, EB tresos, Da Vinci, Autosar Builder, etc.
• They should also have experience with cybersecurity concepts including cryptography, HSM, etc.
• Experience in C language and in application development is also expected.

Apply here For the job.

Manager – Cyber ​​Security Assurance at Genpact

Locations): Bangalore

Roles and responsibilities: As cybersecurity assurance manager, the candidate is responsible for translating business requirements into a secure solution. He / she must identify contractual risks, security risks and technological risks and recommend risk mitigation measures. They must maintain compliance with regulatory and industry safety standards for the organization. The candidate will contribute to the continuous improvement of processes related to information security and the respect of customer security commitments. He / she will be responsible for the customer’s response (RFx).

Qualifications:

• The candidate must have a degree in engineering or technology or science.
• He / she should have experience of the customer lifecycle including RFx, contracts, solutions and governance.
• They should have prior work experience on solutions for business operations, technology services and digital.
• The candidate must hold professional certifications such as CISSP, CISA, etc.
• They should have been heavily involved in the process reviews with regard to the identification of risks and the testing of controls.

Apply here For the job.

Solution Architect – Cyber ​​Security at Capgemini

Locations): Chennai

Roles and responsibilities: As a cybersecurity solutions architect at Capgemini, the candidate will have to comply with the company’s security policy and protect against all types of threats.

Qualifications:

• The candidate should have practical experience in solving, designing and estimating, sizing and writing proposals.
• He / she must lead a pre-sales and bid support team while overseeing responses to multiple proposals.
• The ability to work with multiple stakeholders, business units and partners for complex opportunities is essential.
• They must be able to be process-oriented and meet reporting and approval requirements.
• The candidate should have at least 3 to 4 years of professional experience in customer development projects.

Apply here For the job.

Share this article

Share