Connect with us

ZDNET

Vodafone NZ pinned for flogging FibreX HFC as full fibre

Avatar

Published

on

Vodafone New Zealand has been found guilty of misleading consumers over the branding of its FibreX HFC-based broadband service.

Auckland District Court ruled last Friday that Vodafone NZ was guilty on nine charges of violating the Fair Trading Act between October 2016 and March 2018.

The New Zealand Commerce Commission (ComCom), which brought the case last year, argued fibre was a generic description of fibre to the home, especially in relation to the country’s government-subsidised Ultra-Fast Broadband network, and consumers where likely to think the same in Wellington, Kapiti, and Christchurch where Vodafone was promoting its FibreX service.

“Judge Sinclair agreed that fixed line broadband networks are identified in telecommunications markets by the technology used for the last mile to the home/premise, and that in the case of the UFB networks, that is fibre optic cable,” the ComCom said on Wednesday.

“She rejected Vodafone’s argument that consumers would understand that FibreX was a ‘fibre like’ network delivering superfast reliable broadband but not pure fibre, due to the ‘X’ in its name.”

It was argued that the X was derived from “coaXial”.

The HFC network Vodafone was promoting, was gained as part of its 2012 purchase of TelstraClear. During 2015-16, the network was updated to DOCSIS 3.1, after which it took on its FibreX branding. The network passed 250,000 households.

Lead counsel for Vodafone, Antonia Horton, said during the trial that a background stock image containing beams of light that was used, was “night sky filled with shooting stars”. Expert witness for ComCom, Professor Phillip Gendall from the Department of Marketing at the University of Otago, said the suffix “X” put forward that the service was a superior form of fibre, and the stock image was “reminiscent of fibre optic cable”.

Gendall pointed to UFB retailers offering plans with names such as Fibre 100 for why consumers would assume the service had an “X factor”.

Sinclair added in the judgement that the HFC network has a number of limitations not found in a full fibre network — such as variability, congestion, speed, reliability, latency, upgrade pathways — and that consumers would wish to know about them.

Sentencing is due later in the year.

More from New Zealand

Checkout PrimeXBT
Trade with the Official CFD Partners of AC Milan
Source: https://www.zdnet.com/article/vodafone-nz-pinned-for-flogging-fibrex-hfc-as-full-fibre/#ftag=RSSbaffb68

ZDNET

US pipeline ransomware attack serves as fair warning to persistent corporate inertia over security

Avatar

Published

on

Organisations that continue to disregard the need to ensure they have adopted basic cybersecurity hygiene practices should be taken to task. This will be critical, especially as cybercriminals turn their attention to sectors where cyber threats can result in real-world risks, as demonstrated in the US Colonial Pipeline attack. 

In many of my conversations with cybersecurity experts, there is a shared sense of frustration that businesses still are failing to get some of the most basic things right. Default passwords are left unchanged, frontline staff and employees are still falling for common scams and phishing attacks, and major businesses think nothing of using technology that are decades old

Just this month, UOB Bank revealed an employee had fallen prey to a China police impersonation scam that compromised the personal data of 1,166 customers, including their mobile number and account balance. This specific impersonation use case had been flagged as a common scam tactic and even featured in a crime prevention TV programme months before. That an employee of a major bank still could have fallen for it is shocking. 

It begs the question whether its frontline staff or any employee with access to customer data has been adequately trained as well as regularly updated on how they should deal with potential cyber threats. 

Should such inertia continue to fester, there’s real cause for concern ahead especially as cyber attackers turn their attention towards operational technology (OT) sectors, such as power, water, and transport. As it is, businesses seem ill-prepared to cope with the growing threat. 

Consider the stats. Some 68% of businesses in Asia-Pacific were breached last year, up from 32% in 2019, and 17% had to deal with more than 50 cyber attacks or errors a week. And they took way too long to pick themselves up after an attack, with an average of 60.83% needing more than a week to remediate the attacks, citing lack of funds and skillsets as their key challenges. 

in Singapore, 28% had been breached in the past year, with almost 15% having to deal with at least 50 attempted cyber attacks a week. Some 33% described the resulting data loss as very serious or serious. 

Things will only get worse as businesses in the region and around the world rush to adopt tools that facilitate remote work, leaving their networks vulnerable to attacks. As it is, 54.7% viewed enabling and managing remote workforces a top ICT challenge and another 49.7% felt likewise about securing remote workers. 

As online adoption grows, supply chains will widen as businesses rush to cope with the spike in transactions. This means attack surfaces, too, will expand and it is crucial that enterprises get the fundamentals right to better mitigate potential security risks. 

When cyber risks become physical threats

And in the case of the Colonial Pipeline, the risks can be severe. 

The privately-held pipeline operator supplies 45% of the East Coast’s fuel, including gasoline, diesel, jet fuel, home-heating oil, and fuel for the US military. It transports more than 100 million gallons of fuel a day across an area that spans Texas to New York.

The cyber attack forced the company to temporarily shut its operations and freeze IT systems to contain the infection. It triggered supply shortage concerns and pushed gasoline futures to their highest level in three years. It also prompted the US Department of Transportation to invoke emergency powers to make it easier to transport fuel by road.

Colonial Pipeline reportedly paid the ransomware group responsible for the attack $5 million to decrypt locked systems.

That it paid up shouldn’t come as a surprise, since a majority of businesses in Asia-Pacific also choose to pay up after falling victim to ransomware attacks. These include 88% in Australia and 78% in Singapore that have forked out the ransom in full or in part. 

Global pandemic opening up can of security worms

Caught by the sudden onslaught of COVID-19, most businesses lacked or had inadequate security systems in place to support remote work and now have to deal with a new reality that includes a much wider attack surface and less secured user devices.

Read More

On its part, Singapore has recognised the risks cybersecurity attacks pose to its critical infrastructures. Early this month, it created a cybersecurity expert panel focused on OT, with the first meeting slated to take place in September. The move comes months after the country last October unveiled a new cybersecurity blueprint that looked to safeguard its core digital infrastructure. 

In particular, the government pointed to OT systems, where a successful attack can manifest as a severe disruption in the physical world. Such systems, including those in the energy, water, and transport sectors, are critical for delivering essential services and supporting the economy. 

In forming the OT expert panel, Singapore’s Cyber Security Agency Chief Executive David Koh said: “While OT systems were traditionally separated from the internet, increasing digitalisation has led to more IT and OT integration. Hence, it is crucial for OT systems to be better protected from cyber threats to prevent outages of critical services that could result in serious real-world consequences.”

The ransomware attack against the Colonial Pipeline has clearly demonstrated that the consequences are real and, no doubt, more are coming our way. 

That Singapore has put strong focus on OT is a positive step forward. And it is hoping the expert panel will provide some guidance on a range of issues, including governance policies, OT technologies, supply chain, threat intelligent information sharing, and incident response. 

However, with most of the industry still stuck in apparent inertia, firmer action is necessary to ensure businesses across all sectors, including OT, do not slip up. 

This should encompass even the simplest and most basic rules, such as outlawing the use of software that is more than 15 years old or mandating that all employees–including senior management–chalk up minimum training hours a year on cybersecurity threat management. 

In addition, all organisations that have encountered a security incident should be required to detail how their systems were breached. An abridged version of the attack, excluding specifics that can further compromise the company’s security, also should publicly released. 

It should no longer be sufficient for any company to simply say the attack was “sophisticated” without giving any other information to justify that description. 

In the Colonial Pipeline case, details have been slow to trickle out, with the US government yet to receive any information from the oil pipeline operator. The Biden administration had expressed frustration over what they perceived to be weak security protocols on Colonial Pipeline’s part as well as well a lack of readiness to deal with cyberattacks.

It is clearly time for all organisations, not just those in Asia, to get a grip. Because if they don’t, they won’t just be losing millions in ransom payments, actual physical lives will be at risk. Transport and healthcare operators, in particular, should take heed. 

And with cybercriminals increasingly skilled in their craft, future attacks will indeed be so complex it will put to shame use of the word “sophisticated” that appears in almost every statement companies currently make to describe they breach they suffered.

Be better. Because when it comes to cybersecurity, that is what many businesses have yet to be.

RELATED COVERAGE

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.zdnet.com/article/us-pipeline-ransomware-attack-serves-as-fair-warning-to-persistent-corporate-inertia-over-security/#ftag=RSSbaffb68

Continue Reading

ZDNET

ASD knows who attacked the APH email system but isn’t revealing who

Avatar

Published

on

parliament-house-canberra.jpg
Image: Getty Images

The Australian Cyber Security Centre (ACSC), and the overseeing Australian Signals Directorate (ASD), know who attacked the email system of the Australian Parliament House, but they are not saying who it is.

“Attribution is a matter for government, and is made only when in the national interest,” it said in response to Senate Estimates Questions on Notice.

Many of the questions were passed off onto the Department of Parliamentary Service (DPS), which revealed earlier this week that it had pulled down and replaced its mobile device management (MDM) system as a result of the attack.

“The attack did not cause an outage of the DPS systems. DPS shut down the MDM system. This action was taken to protect system security while investigation and remediation were undertaken,” DPS said.

“To restore services, DPS brought forward the rollout of an advanced mobile services solution that replaced the legacy MDM. The new solution provides greater security and functionality for mobile devices. This rollout was a complex activity and extended the outage experienced by users.”

The legacy MDM system remains in use in a limited capacity.

One tidbit ASD did part with was agreeing that the attacker was unsophisticated and that the ACSC was involved in “searching for any potential implants” in the APH Exchange server.

An unsophisticated attack would have had a higher than expected chance of succeeding, thanks to the lack of 2FA.

“Before users came back on line after this incident, they were asked to implement new security controls to access APH emails via mobile handsets — namely multi-factor authentication,” Senator Kimberley Kitching said in a question.

“In the course of providing cybersecurity advice and assistance to DPS following the incident, the ACSC provided broad advice on security controls,” the ASD said.

ASD said there was no “specific threat” that led to the introduction of 2FA, and instead pointed to its Essential Eight advice first published in 2017.

DPS said earlier this week it had seen no evidence of any email accounts being compromised due to the attack, and the attack had nothing to do with recent Exchange vulnerabilities.

In another answer, ASD said no code review has been completed on the systems of the Australian Electoral Commission, but it has “conducted a vulnerability assessment and partnered with the AEC to conduct multiple uplift activities on the AEC network.”

Related Coverage

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.zdnet.com/article/asd-knows-who-attacked-the-aph-email-system-but-isnt-revealing-who/#ftag=RSSbaffb68

Continue Reading

ZDNET

Labor pitches ‘startup year’ as key to Australia’s future

Avatar

Published

on

anthony-albanese.jpg
Image: Getty Images

Opposition leader Anthony Albanese has outlined his plan for Australia should Labor be successful at the next federal election, one that’s centred on things the Coalition missed in its 2021-22 Budget.

“We have a once in a century opportunity to reinvent our economy, to lift wages and make sure they keep rising, to invest in advanced manufacturing and in skills and training with public TAFE at its heart, to provide affordable childcare, to fix aged care, to address the housing crisis, to champion equality for women, and to emerge as a renewable energy superpower,” he declared in his Budget reply speech, delivered Thursday night.

“That’s the better future I want to build for Australia as Prime Minister.”

A centrepiece of Albanese’s plan is a “startup year”.

“Australia has always produced scientific innovations, but we always haven’t been good at commercialising them,” he continued, listing the black box, Google Maps, the Cochlear implant as some examples.

He said a lot of what Australia uncovers via research gets converted into manufacturing jobs overseas.
 
“And if we don’t get smart, if we don’t get serious, if we don’t get moving — the same thing is going to happen again,” he said.

The startup year, Albanese declared, is a program to “help drive innovation and increase links between universities and entrepreneurs”.

The program will allow final year university students, or recent graduates, to learn from experts about how to transform their ideas and research into products and services that Australia can sell to the world.
 
The students would do their training at established “accelerators” or “incubators”.

Startup loans will be offered to students and new graduates with ventures attached to the tertiary institution or designated private accelerator. Albanese believes this will assist in the identification of opportunities for commercialisation of university research.

Startup year will train up to 2,000 students per year and will be supported by HELP/HECS loans, up to a maximum of AU$11,300.

The loans can go towards paying for things such as training, equipment, or building prototypes.

Expanding further on this plan, Shadow Minister for Industry and Innovation Ed Husic said Labor wants to send a signal to young Australians that it “backs them and their ideas to build new firms and new jobs”.

“We want to do that through the range of university accelerators that exist across the country. We want to work with the university sector and others in the innovation space to determine how we do that selection process. And the big thing for us is to build that momentum, build that interest in starting new firms. Because really, what we need to see in this country apart from current firms getting bigger and stronger, we need to see an influx of new firms coming in with new ideas to improve the way the economy works,” he said.

This requires, however, talented people on the ground to do the work that will support startups and encourage their growth, Husic declared.

“If you’ve had a federal government that continually cuts or fails to support the university sector can’t get its act together on commercialising the research and ideas coming out of universities is cutting TAFE and is dragging the chain on innovation, this is a real problem,” he continued.

On Tuesday night, the government unveiled a “patent box” to drive research in medical and biotech technologies, and a National Centre of AI Excellence. Husic said the first was taken from similar overseas initiatives and the second was stolen from his party.

Australian Budget 2021

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.zdnet.com/article/labor-pitches-startup-year-as-key-to-australias-future/#ftag=RSSbaffb68

Continue Reading

ZDNET

HelpSystems expands email, cloud security portfolio with acquisition of Agari, Beyond Security

Avatar

Published

on

HelpSystems has announced the acquisition of Agari and Beyond Security as the firm continues to expand its cybersecurity portfolio. 

The financial details of the transactions were not disclosed. 

Headquartered in Cupertino, California, Beyond Security is a provider of automated vulnerability assessment and compliance solutions. 

The firm’s products, beSecure, beSource, and beStorm, cover vulnerability scanning and management, code analysis, and black box testing. 

“The team and solutions from Beyond Security will fit into HelpSystems’ popular infrastructure protection portfolio featuring Digital Defense, Core Security, and Cobalt Strike,” the company says. 

This is the second acquisition made public by HelpSystems this week. On Thursday, the company also announced a deal to secure Agari, a Software as a Service (SaaS) solutions provider for phishing protection based in Foster City, California. 

Email, when combined with social engineering, leads to business email compromise (BEC) and may result in wider compromise of enterprise networks. Agari solutions attempt to filter out phishing attempts using data science, machine learning (ML), and cloud computing. 

Agari is also a founding member of the consortium which created the Domain Message Authentication Reporting Conformance (DMARC) email authentication standard, a technical standard designed to prevent phishing, spam, and spoofing. 

“Cybercriminals increasingly use email as a prime way to infiltrate businesses and gain access to sensitive data and IP, causing untold damage in terms of cost and reputation,” commented Kate Bolseth, HelpSystems chief executive. “We’re thrilled to welcome Agari and their email phishing defense prowess to the HelpSystems family. Agari will be a notable asset to HelpSystems as we work together to give global customers new tools for securing their valuable data and achieving peace of mind.”

The purchases build upon the acquisition of Texas-based Digital Defense in February, a company that develops SaaS vulnerability scanning, network asset analysis, and risk score generation software to assist IT teams in patch and remediation efforts. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.zdnet.com/article/helpsystems-expands-email-cloud-security-portfolio-with-acquisition-of-agari-beyond-security/#ftag=RSSbaffb68

Continue Reading
AI2 days ago

Build a cognitive search and a health knowledge graph using AWS AI services

Energy3 days ago

ONE Gas to Participate in American Gas Association Financial Forum

Blockchain1 day ago

Shiba Inu: Know How to Buy the New Dogecoin Rival

SaaS5 days ago

Blockchain5 days ago

Yieldly announces IDO

Blockchain2 days ago

Meme Coins Craze Attracting Money Behind Fall of Bitcoin

Blockchain5 days ago

Opimas estimates that over US$190 billion worth of Bitcoin is currently at risk due to subpar safekeeping

Esports3 days ago

Pokémon Go Special Weekend announced, features global partners like Verizon, 7-Eleven Mexico, and Yoshinoya

SaaS5 days ago

Fintech3 days ago

Credit Karma Launches Instant Karma Rewards

Esports2 days ago

Valve launches Supporters Clubs, allows fans to directly support Dota Pro Circuit teams

Esports1 day ago

‘Destroy Sandcastles’ in Fortnite Locations Explained

SaaS5 days ago

Business Insider3 days ago

Bella Aurora launches its first treatment for white patches on the skin

Blockchain2 days ago

Sentiment Flippening: Why This Bitcoin Expert Doesn’t Own Ethereum

Esports3 days ago

How to download PUBG Mobile’s patch 1.4 update

Esports4 days ago

5 Best Mid Laners in League of Legends Patch 11.10

Cyber Security4 days ago

Top Tips On Why And How To Get A Cyber Security Degree ?

Blockchain5 days ago

Decentraland Price Prediction 2021-2025: MANA $25 by the End of 2025

Private Equity3 days ago

Warburg Pincus leads $110m Aetion Series C in wake of company doubling revenue last year

Trending