Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label communication. Show all posts
Signal
AWS communication Data Decentralised Platform Matrix Outage Privacy Signal

AWS Outage Exposes the Fragility of Centralized Messaging Platforms




A recently recorded outage at Amazon Web Services (AWS) disrupted several major online services worldwide, including privacy-focused communication apps such as Signal. The event has sparked renewed discussion about the risks of depending on centralized systems for critical digital communication.

Signal is known globally for its strong encryption and commitment to privacy. However, its centralized structure means that all its operations rely on servers located within a single jurisdiction and primarily managed by one cloud provider. When that infrastructure fails, the app’s global availability is affected at once. This incident has demonstrated that even highly secure applications can experience disruption if they depend on a single service provider.

According to experts working on decentralized communication technology, this kind of breakdown reveals a fundamental flaw in the way most modern communication apps are built. They argue that centralization makes systems easier to control but also easier to compromise. If the central infrastructure goes offline, every user connected to it is impacted simultaneously.

Developers behind the Matrix protocol, an open-source network for decentralized communication, have long emphasized the need for more resilient systems. They explain that Matrix allows users to communicate without relying entirely on the internet or on a single server. Instead, the protocol enables anyone to host their own server or connect through smaller, distributed networks. This decentralization offers users more control over their data and ensures communication can continue even if a major provider like AWS faces an outage.

The first platform built on Matrix, Element, was launched in 2016 by a UK-based team with the aim of offering encrypted communication for both individuals and institutions. For years, Element’s primary focus was to help governments and organizations secure their communication systems. This focus allowed the project to achieve financial stability while developing sustainable, privacy-preserving technologies.

Now, with growing support and new investments, the developers behind Matrix are working toward expanding the technology for broader public use. Recent funding from European institutions has been directed toward developing peer-to-peer and mesh network communication, which could allow users to exchange messages without relying on centralized servers or continuous internet connectivity. These networks create direct device-to-device links, potentially keeping users connected during internet blackouts or technical failures.

Mesh-based communication is not a new idea. Previous applications like FireChat allowed people to send messages through Bluetooth or Wi-Fi Direct during times when the internet was restricted. The concept gained popularity during civil movements where traditional communication channels were limited. More recently, other developers have experimented with similar models, exploring ways to make decentralized communication more user-friendly and accessible.

While decentralized systems bring clear advantages in terms of resilience and independence, they also face challenges. Running individual servers or maintaining peer-to-peer networks can be complex, requiring technical knowledge that many everyday users might not have. Developers acknowledge that reaching mainstream adoption will depend on simplifying these systems so they work as seamlessly as centralized apps.

Other privacy-focused technology leaders have also noted the implications of the AWS outage. They argue that relying on infrastructure concentrated within a few major U.S. providers poses strategic and privacy risks, especially for regions like Europe that aim to maintain digital autonomy. Building independent, regionally controlled cloud and communication systems is increasingly being seen as a necessary step toward safeguarding user privacy and operational security.

The recent AWS disruption serves as a clear warning. Centralized systems, no matter how secure, remain vulnerable to large-scale failures. As the digital world continues to depend heavily on cloud-based infrastructure, developing decentralized and distributed alternatives may be key to ensuring communication remains secure, private, and resilient in the face of future outages.


Read more »
Telegram
Child pornography communication Cyber Security Online Scams Telegram

Is Telegram Still a Safe Messaging App? An In-Depth Look


Telegram, a popular messaging app launched in 2013, has earned a reputation for its robust security features. This Dubai-based platform offers end-to-end encryption for video and voice calls and in its optional feature, Secret Chats. This encryption ensures that only the sender and recipient can access the communication, making it a secure option compared to many other messaging apps.

However, recent developments have sparked concerns about the app's safety. Telegram's CEO, Pavel Durov, was recently arrested and charged in France. The charges stem from illicit activities, such as drug trafficking, online scams, and child pornography, that were reportedly facilitated through the app. While this incident has raised questions about the app's security, it’s crucial to understand whether these events affect the app’s functionality and what precautions users should take.

Telegram's Security Measures

When evaluating Telegram's safety, it's important to recognise the app's commitment to privacy. End-to-end encryption is considered the gold standard for securing digital communications, ensuring that even the platform itself cannot access the content of the messages. This level of protection is available by default for video and voice calls and can be enabled in private text messages through Secret Chats. 

However, despite these measures, Telegram is not entirely impervious to scrutiny from authorities. In past instances, the platform has been compelled to provide user data to law enforcement agencies. This highlights that while Telegram offers full proof privacy protections, users should not assume absolute immunity from official oversight.

Impact of the CEO's Arrest on Telegram

The arrest of Pavel Durov has undoubtedly raised eyebrows. Typically, tech entrepreneurs have not been held accountable for the actions of users on their platforms to this extent. The charges against Durov are linked to criminal activities conducted through Telegram, a substantial departure from the usual treatment of tech executives.

Despite these legal challenges, there is no indication that Durov's arrest will affect Telegram's core security features, including end-to-end encryption. The legal case primarily concerns the misuse of the platform by third parties, not the app’s technical infrastructure or its security protocols. Notably, some influential figures, such as Elon Musk, have criticised the arrest, arguing that it is unreasonable to hold a platform owner accountable for how the platform is used.

Tips for Staying Safe on Telegram

While Telegram provides strong security features, users should remain vigilant against potential scams. The anonymity and encryption offered by Telegram make it an attractive platform for scammers. To protect yourself, it's essential to be cautious when receiving unsolicited messages, particularly from unknown contacts. Even messages that appear to come from customer service representatives or familiar sources should be treated with scepticism until the sender’s identity is verified.

Another crucial safety tip is to avoid sharing sensitive information, such as credit card details or personal data, on Telegram, especially with strangers. Impersonation scams are increasingly sophisticated, and once your information is compromised, it can lead to significant harm.

Bottom line is while Telegram remains a secure messaging app, users must stay alert to potential risks. The app's encryption provides a strong layer of security, but it is not foolproof. By being cautious and informed, users can enjoy the benefits of Telegram while minimising their exposure to scams and other risks.


Read more »
Unicoin
communication cryptocurrency cyber attack Google Drive Hacking Unicoin

Unicoin's Four-Day Cyberattack: Disruption, Recovery, and Ongoing Investigation

 



Unicoin, a leading cryptocurrency company, experienced a cyberattack beginning on August 9, 2024, which severely disrupted its operations for nearly four days. The breach occurred when a hacker gained unauthorised access to the company’s Google G-Suite account, affecting all employees using the "@unicoin.com" domain. As a result, employees were locked out of critical Google services like Gmail and Google Drive, causing major disruptions in internal communication and file sharing.

In a regulatory filing with the U.S. Securities and Exchange Commission (SEC), Unicoin detailed the extent of the attack, noting that the hacker not only altered account passwords but also restricted access to essential tools. The company managed to restore access to its systems by August 13, 2024. However, ongoing investigations have revealed additional issues stemming from the breach.

Several senior management email accounts were compromised, and further investigations uncovered anomalies in the personal information of employees and contractors. The company’s accounting department discovered several discrepancies, including an instance of identity forgery involving a contractor, which led to their immediate termination. Investigators are still determining whether these incidents are isolated or part of a larger cyber threat, potentially involving North Korean hackers.

Financial Impact and Investigation

Despite the severity of the breach, Unicoin has assured its stakeholders that there is no evidence of stolen funds or compromised cryptocurrency assets. While the situation is serious, the company stated that the attack has not immensely impacted its financial condition or operational performance. However, the full extent of the breach is still under review, and Unicoin has not ruled out the possibility of long-term financial consequences.

In its SEC filing, Unicoin emphasised that no immediate financial losses had been identified. The company has committed to continuing its assessment of the situation and will report any significant impact in future filings if necessary.

Cybersecurity Concerns in the Cryptocurrency Sector

Unicoin's adherence to regulatory compliance stands out in the cryptocurrency industry, where oversight is often limited. The company consistently files reports with the SEC, demonstrating its commitment to transparency. With more than $500 million in Unicoins sold and a diverse portfolio that includes real estate and equity investments, the recent cyberattack is a telling event of how even the well regulated firms are not immune to combating such vulnerabilities. 

As investigations continue, the broader cryptocurrency industry will be closely monitoring Unicoin's response to this breach and the steps it takes to better amp up its cybersecurity defenses.

Read more »
Technology
communication Data protection QSN Quantum computing Security Technology

The Quantum Revolution: What Needs to Happen Before It Transforms Our World



When Bell Labs introduced the transistor in 1947, few could have predicted its pivotal role in shaping the digital age. Today, quantum computing stands at a similar crossroads, poised to revolutionise industries by solving some of the most complex problems with astonishing speed. Yet, several key challenges must be overcome to unlock its full potential.

The Promise of Quantum Computing

Quantum computers operate on principles of quantum physics, allowing them to process information in ways that classical computers cannot. Unlike traditional computers, which use bits that represent either 0 or 1, quantum computers use qubits that can exist in multiple states simultaneously. This capability enables quantum computers to perform certain calculations exponentially faster than today’s most advanced supercomputers.

This leap in computational power could revolutionise industries by simulating complex systems that are currently beyond the reach of classical computers. For example, quantum computing could imminently accelerate the development of new pharmaceuticals by modelling molecular interactions more precisely, reducing the costly and time-consuming trial-and-error process. Similarly, quantum computers could optimise global logistics networks, leading to more efficient and sustainable operations across industries such as shipping and telecommunications.

Although these transformative applications are not yet a reality, the rapid pace of advancement suggests that quantum computers could begin addressing real-world problems by the 2030s.

Overcoming the Challenges

Despite its promise, quantum computing faces technical challenges, primarily related to the stability of qubits, entanglement, and scalability.

Qubits, the fundamental units of quantum computation, are highly sensitive to environmental fluctuations, which makes them prone to errors. Currently, the information stored in a qubit is often lost within a fraction of a second, leading to error rates that are much higher than those of classical bits. To make quantum computing viable, researchers must develop methods to stabilise or correct these errors, ensuring qubits can retain information long enough to perform useful calculations.

Entanglement, another cornerstone of quantum computing, involves linking qubits in a way that their states become interdependent. For quantum computers to solve complex problems, they require vast networks of entangled qubits that can communicate effectively. However, creating and maintaining such large-scale entanglement remains a significant hurdle. Advances in topological quantum computing, which promises more stable qubits, may provide a solution, but this technology is still in its infancy.

Scalability is the final major challenge. Present-day quantum computers, even the smallest ones, require substantial energy and infrastructure to operate. Realising the full potential of quantum computing will necessitate either making these systems more efficient or finding ways to connect multiple quantum computers to work together seamlessly, thereby increasing their combined computational power.

As quantum computing progresses, so too must the measures we take to secure data. The very power that makes quantum computers so promising also makes them a potential threat if used maliciously. Specifically, a cryptographically relevant quantum computer (CRQC) could break many of the encryption methods currently used to protect sensitive data. According to a report by the Global Risk Institute, there is an 11% chance that a CRQC could compromise commonly used encryption methods like RSA-2048 within five years, with the risk rising to over 30% within a decade.

To mitigate these risks, governments and regulatory bodies worldwide are establishing guidelines for quantum-safe practices. These initiatives aim to develop quantum-safe solutions that ensure secure communication and data protection in the quantum era. In Europe, South Korea, and Singapore, for example, efforts are underway to create Quantum-Safe Networks (QSN), which use multiple layers of encryption and quantum key distribution (QKD) to safeguard data against future quantum threats.

Building a Quantum-Safe Infrastructure

Developing a quantum-safe infrastructure is becoming increasingly urgent for industries that rely heavily on secure data, such as finance, healthcare, and defence. Quantum-safe networks use advanced technologies like QKD and post-quantum cryptography (PQC) to create a robust defence against potential quantum threats. These networks are designed with a defence-in-depth approach, incorporating multiple layers of encryption to protect against attacks.

Several countries and companies are already taking steps to prepare for a quantum-secure future. For instance, Nokia is collaborating with Greece's national research network, GRNET, to build a nationwide quantum-safe network. In Belgium, Proximus has successfully tested QKD to encrypt data transmissions between its data centres. Similar initiatives are taking place in Portugal and Singapore, where efforts are focused on strengthening cybersecurity through quantum-safe technologies.

Preparing for the Quantum Future

Quantum computing is on the cusp of transforming industries by providing solutions to problems that have long been considered unsolvable. However, realising this potential requires continued innovation to overcome technical challenges and build the necessary security infrastructure. The future of quantum computing is not just about unlocking new possibilities but also about ensuring that this powerful technology is used responsibly and securely.

As we approach a quantum-secure economy, the importance of trust in our digital communications cannot be overstated. Now is the time to prepare for this future, as the impact of quantum computing on our lives is likely to be profound and far-reaching. By embracing the quantum revolution with anticipation and readiness, we can ensure that its benefits are both substantial and secure.


Read more »
Technology
aviation communication GPS Spoofing Navigation Technology

GPS Spoofing Incidents Spike 400%: Here's What You Should Know


Global Positioning System (GPS) technology has become an integral part of our daily lives, from smartphone navigation apps to precision agriculture and aviation. However, recent incidents have highlighted a growing threat: GPS spoofing. In this blog, we delve into GPS spoofing, its implications for aviation safety, and the measures to address this issue.

What Is GPS Spoofing?

GPS spoofing involves broadcasting false GPS signals to deceive receivers. Instead of providing accurate location data, spoofed signals mislead devices into believing they are in a different location. While this can be used for harmless pranks or privacy protection, it poses significant risks when applied maliciously.

The Aviation Context

1. Commercial Airliners at Risk: GPS spoofing incidents have surged by 400% in recent years, particularly near conflict zones. Commercial airliners are vulnerable targets due to their reliance on GPS for navigation, approach procedures, and timing synchronization.

2. Disruptions and Confusion: Spoofed signals can cause disruptions, such as sudden shifts in aircraft position. In one incident, during a spoofing event, a major Western airline's onboard clocks were abruptly advanced by years. This caused the aircraft to lose access to digitally encrypted communication systems, grounding it for weeks.

3. Safety Implications: While GPS spoofing itself is unlikely to directly cause a plane crash, it can create confusion. Pilots rely on accurate GPS data for navigation, especially during critical phases of flight. Misleading information could lead to incorrect decisions or cascading errors.

Mitigation Strategies

  1. Receiver Authentication: Implementing receiver authentication mechanisms can help detect and reject spoofed signals. Manufacturers are working on secure receivers that validate incoming GPS data.
  2. Redundancy and Backup Systems: Airlines are encouraged to use multiple navigation sources, including inertial navigation systems (INS) and ground-based radio navigation aids. Redundancy reduces reliance on GPS alone.
  3. Jamming Detection: Detecting intentional jamming or spoofing is crucial. Advanced algorithms can identify abnormal signal behavior and trigger alerts.
  4. Regulatory Measures: Aviation authorities must address GPS spoofing as a safety concern. Guidelines and best practices should be disseminated to airlines and pilots.
Keep in mind these strategies to stay safe and secure from GPS spoofing attacks.
 
Read more »
Technology
Advanced Technology AI Models AI technology Artifcial Intelligence communication Dutch Language Model Technology

Teaching AI Sarcasm: The Next Frontier in Human-Machine Communication

In a remarkable breakthrough, a team of university researchers in the Netherlands has developed an artificial intelligence (AI) platform capable of recognizing sarcasm. According to a report from The Guardian, the findings were presented at a meeting of the Acoustical Society of America and the Canadian Acoustical Association in Ottawa, Canada. During the event, Ph.D. student Xiyuan Gao detailed how the research team utilized video clips, text, and audio content from popular American sitcoms such as "Friends" and "The Big Bang Theory" to train a neural network. 

The foundation of this innovative work is a database known as the Multimodal Sarcasm Detection Dataset (MUStARD). This dataset, annotated by a separate research team from the U.S. and Singapore, includes labels indicating the presence of sarcasm in various pieces of content. By leveraging this annotated dataset, the Dutch research team aimed to construct a robust sarcasm detection model. 

After extensive training using the MUStARD dataset, the researchers achieved an impressive accuracy rate. The AI model could detect sarcasm in previously unlabeled exchanges nearly 75% of the time. Further developments in the lab, including the use of synthetic data, have reportedly improved this accuracy even more, although these findings are yet to be published. 

One of the key figures in this project, Matt Coler from the University of Groningen's speech technology lab, expressed excitement about the team's progress. "We are able to recognize sarcasm in a reliable way, and we're eager to grow that," Coler told The Guardian. "We want to see how far we can push it." Shekhar Nayak, another member of the research team, highlighted the practical applications of their findings. 

By detecting sarcasm, AI assistants could better interact with human users, identifying negativity or hostility in speech. This capability could significantly enhance the user experience by allowing AI to respond more appropriately to human emotions and tones. Gao emphasized that integrating visual cues into the AI tool's training data could further enhance its effectiveness. By incorporating facial expressions such as raised eyebrows or smirks, the AI could become even more adept at recognizing sarcasm. 

The scenes from sitcoms used to train the AI model included notable examples, such as a scene from "The Big Bang Theory" where Sheldon observes Leonard's failed attempt to escape a locked room, and a "Friends" scene where Chandler, Joey, Ross, and Rachel unenthusiastically assemble furniture. These diverse scenarios provided a rich source of sarcastic interactions for the AI to learn from. The research team's work builds on similar efforts by other organizations. 

For instance, the U.S. Department of Defense's Defense Advanced Research Projects Agency (DARPA) has also explored AI sarcasm detection. Using DARPA's SocialSim program, researchers from the University of Central Florida developed an AI model that could classify sarcasm in social media posts and text messages. This model achieved near-perfect sarcasm detection on a major Twitter benchmark dataset. DARPA's work underscores the broader significance of accurately detecting sarcasm. 

"Knowing when sarcasm is being used is valuable for teaching models what human communication looks like and subsequently simulating the future course of online content," DARPA noted in a 2021 report. The advancements made by the University of Groningen team mark a significant step forward in AI's ability to understand and interpret human communication. 

As AI continues to evolve, the integration of sarcasm detection could play a crucial role in developing more nuanced and responsive AI systems. This progress not only enhances human-AI interaction but also opens new avenues for AI applications in various fields, from customer service to mental health support.

Read more »
Safety
communication Cyber Security Cyberattack Cybersecurity data security Optum CEO Safety

Optum CEO Stresses Communication's Vital Role in Cyberattack Management

 

UnitedHealth Group's subsidiary, Change Healthcare, is anticipated to provide a significant update possibly by Tuesday, following a severe ransomware attack that has persisted for five consecutive days, causing disruptions in healthcare services nationwide.

Change Healthcare plays a pivotal role in handling claims and payments for various healthcare entities, including hospitals and pharmacies.

Dr. Amar Desai, CEO of Optum Health, a division of UnitedHealthcare, stated that the company is actively addressing the issue. Desai, along with other Optum executives, has been in constant communication with affected companies' top executives, particularly those in charge of security, information, and technology.

Desai emphasized the importance of robust communication channels among stakeholders during such incidents to ensure a coordinated response. He made these remarks during the Vive healthcare conference in Los Angeles, where he was part of a panel discussion alongside Huntington Health CEO Dr. Lori Morgan, moderated by Yahoo Finance.

UnitedHealth initially reported the cyberattack to the Securities and Exchange Commission (SEC) on Thursday, revealing that the attack commenced on February 21. The filing indicated that the company was suspected of involvement of a nation-state-linked cyber threat actor.

According to Optum, the perpetrator behind the attack has been identified as Blackcat, a ransomware group with Russian sponsorship. Despite the FBI's efforts to dismantle Blackcat late last year, the group has persisted in its malicious activities, targeting healthcare entities and government agencies.

In response to the ongoing threat, the American Hospital Association (AHA) advised healthcare systems to disconnect from Change Healthcare and develop contingency plans should the attack prolong.

As of the latest update on Monday, Change Healthcare stated that it promptly disconnected its systems upon detecting the threat. Notably, Optum, UnitedHealthcare, and UnitedHealth Group systems remain unaffected.

Change Healthcare reiterated its commitment not to compromise on security measures during the recovery process, emphasizing a proactive approach to addressing any potential issues promptly.

The full extent of the impact on Change Healthcare's partners remains unclear, and it may take some time before a comprehensive assessment is possible.
Read more »
Social Media
Artifical Intelligence communication Cyber Security Healthcare Social Media

Revolutionizing the Future: How AI is Transforming Healthcare, Cybersecurity, and Communications


Healthcare

Artificial intelligence (AI) is transforming the healthcare industry by evaluating combinations of substances and procedures that will improve human health and thwart pandemics. AI was crucial in helping medical personnel respond to the COVID-19 outbreak and in the development of the COVID-19 vaccination medication. 

AI is also being used in medication discovery to find new treatments for diseases. For example, AI can analyze large amounts of data to identify patterns and relationships that would be difficult for humans to see. This can lead to the discovery of new drugs or treatments that can improve patient outcomes.

Cybersecurity

AI is also transforming the field of cybersecurity. With the increasing amount of data being generated and stored online, there is a growing need for advanced security measures to protect against cyber threats. 

AI can help by analyzing data to identify patterns and anomalies that may indicate a security breach. This can help organizations detect and respond to threats more quickly, reducing the potential damage caused by a cyber attack. AI can also be used to develop more advanced security measures, such as biometric authentication, that can provide an additional layer of protection against cyber threats.

Communication

Finally, AI is transforming the field of communications. With the rise of social media and other digital communication platforms, there is a growing need for advanced tools to help people communicate more effectively.

AI can help by providing language translation services, allowing people to communicate with others who speak different languages. AI can also be used to develop chatbots that can provide customer service or support, reducing the need for human agents. This can improve the efficiency of communication and reduce costs for organizations.

AI is transforming many industries, including healthcare, cybersecurity, and communications. By analyzing large amounts of data and identifying patterns and relationships, AI can help improve outcomes in these fields. As technology continues to advance, we can expect to see even more applications of AI in these and other industries.

Read more »
virus
communication Cyber Attacks DNS Informationblox malware RAT Trojan virus

DNS Malware Toolkit Discovered by Infoblox and Urged to be Blocked

 


This week, Infoblox Inc. announced the release of its threat report blog on a remote access Trojan (RAT) toolkit with DNS command and control, which is being used for remote access and data theft. Infoblox provides a cloud-enabled networking and security platform capable of improving performance and protection. 

In the U.S., Europe, South America, and Asia, an anomalous DNS signature had been observed in enterprise networks that were created through the use of the toolkit. Across a wide range of sectors such as technology, healthcare, energy, financial services, and others, these trends were seen. The communications with the Russian controller can be traced to some of these communications. 

A malware program is a software application that infiltrates your computer with the intent of committing malicious acts. Viruses, worms, ransomware, spyware, Trojan horses, Trojan horses, spyware, and keylogging programs, all of which can be classified as malware. There are alarming challenges network and security professionals face daily in the face of malware that is becoming more sophisticated and capable of circumventing traditional defenses. 

By leveraging DNS infrastructure and threat intelligence, Infoblox's Malware Containment and Control solution can help organizations reduce malware risk by employing the most effective mitigation methods. Additionally, it enables leading security technologies to use contextual threat data, indicators of compromise, and other context-sensitive information to automate and accelerate the threat response process. 

Informationblox's Threat Intelligence Group discovered a new toolkit known as "Decoy Dog" that was branded as an attack toolkit. To disrupt this activity, the company collaborates with other security vendors, customers, and government agencies to work together. 

Furthermore, it identifies the attack vector and even secures networks across the globe. A crucial insight is that DNS anomalies that are measured over time proved to be important in detecting and analyzing the RAT, but also enabling the C2 communications to be tracked together despite appearing to be independent on the surface. 

Analyzing threats, identifying them, and mitigating them: 

During the first and second quarters of 2023, Infoblox discovered activity in multiple enterprise networks caused by the remote access Trojan (RAT) Puppy being active in multiple enterprise networks. C2 communication has not been found since April 2022, indicating that this was a one-way communication. 

An indicator of the presence of a RAT can be uncovered by investigating its DNS footprint. It does, however, show some strong outlier behavior when analyzed using a global cloud-based DNS protection system such as Infoblox's BloxOne® Threat Defense, when compared to traditional DNS protection systems. The integration of heterogeneous domains within Infoblox was also made possible by this technology. 

Communication between two C2 systems takes place over DNS and is supported by an open-source RAT known as Puppy. The project is an open-source project but it has always been associated with actors that are acting on behalf of nations despite its open nature. 

The risks associated with a vulnerable DNS can be mitigated by organizations with a protective DNS. There is no need to worry about these suspicious domains because BloxOne Threat Defense protects customers against them. 

In the detection of the RAT, anomalous DNS traffic has been detected on limited networks and devices on the network, like firewalls, but not on devices used by users, like laptops and mobile devices. 

Malware uses DNS to connect to its command and control (C&C) servers to communicate with them. As a result of its ability to contain and control malware, DNS is ideally suited for the task. Infoblox, for example, should focus on DNS as the point of attack from where malware can be injected to contain and control malware. 

It is imperative to highlight that malware prevention solutions are becoming more and more adept at sharing threat data with the broader security ecosystem. This is thanks to APIs, Syslog, and SNMP communication protocols.
Read more »
SEG
communication Cyber Attacks Cybersecurity Emails Ransoware SEG

Email Security: Secure Email Gateways


You expect a message to reach the intended recipient without any errors when you send it via email. There is a small group of people who are within this group as cybercriminals. They are constantly trying to hijack emails. They also trick people into opening malicious attachments or clicking on links that will provide them with malware to install on their devices.  

Therefore, what are the best ways to protect yourself, your family, your friends, and your employees from these risks? By implementing a secure email gateway, you can prevent these threats from occurring. 

There are several types of secure email gateways (SEG), some of which are used by businesses, organizations, or governments to protect their internal email servers from cyberattacks that can infiltrate the email servers of those organizations. SEGs ensure that outgoing and inbound emails contain no malicious elements. Using this feature, users can keep track of emails they have sent and received and decide if they should be processed according to their previous instructions.  

To protect email communications, secure email gateways are placed to connect the organization's server to the public internet. As any message enters or leaves the server, it is scanned by the SEG. 

Essentially, SEGs are designed to prevent unwanted emails from being able to reach the servers of your email service provider to cause any damage. In this way, SEGs offer a level of protection for confidential information from cyber criminals, provide data privacy, and encrypt sensitive emails to protect data from being breached. 

Several types of emails could be harmful, including 

  • Spam
  • Malware
  • Viruses
  • Business Email Compromise (BEC)
  • Fraudulent content
  • Ransomware
  • Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attacks
  • Trojan
  • Phishing attacks
Further, SEGs are expected to thoroughly scan outbound emails and internal email communications between employees. This is to prevent sensitive information about the business from being leaked into the public domain. If malicious content is detected on the server, emails will not be allowed to leave the server. 

What Are the Functions of a Secure Email Gateway? 

SEGs are designed to scan and filter incoming and outgoing emails on an email server. They employ a set of rules that the system uses to assess the potential for spam. Both inbound and outbound emails are protected against harmful content that can be transmitted between your devices and your network. 

As part of the scanning process, SEGs confirm whether any malicious content has been included in the domain, its contents, and any attachments inside the email. If the messages are found free of malware following the scanning process, the SEG routes them to the email server. The SEG also routes them to the user's mailbox if they do not contain malware. 

What are the features of secure email gateways? 

SEGs have their unique functions and features, but here are some of the most common security features that SEGs offer. 

Filtering spam mail 

Technology for spam filtering uses algorithms to identify spam from known spam email domains and quarantine or block it. 

Spammers use specific patterns of email content to detect new emails with spam-related patterns, such as keywords and malicious links, as well as new emails. In addition, this feature will allow users to report spam and block the sender if certain spam emails pass the gateway and enter your mailbox. 

Protection against malware and viruses 

Additionally, it protects you against malware and viruses that may infect your email network due to malware on your computer. The company employs antivirus software to scan emails and block or quarantine any that have viruses or malware in them, thereby protecting the company from liability. As cybercrime continues to evolve, it is imperative to keep your antivirus software up to date at all times. 

Archiving of e-mails 

Email services are managed by SEGs. You can use them to store and manage your organization's emails so that you can meet your organization's data management and legal compliance requirements. 

Security Email Gateways Can Help You Keep Your Emails Safe 

Various cyber threats can be found in the form of phishing, spam, denial-of-service attacks, and extremely advanced fraud attacks. Thus, individual, business, corporate, and government entities, along with their employees, should employ SIEGs to secure their email accounts from malicious entities that often seek to steal data or cause harm through other means.   

Read more »
net neutrality
communication FCC free internet net neutrality

Net Neutrality Repealed in US by FCC

In a 3-2 vote on Thursday, the Federal Communications Commission, in response to a proposal by Ajit Pai, Chairman of the FCC, has accepted the discard of the net neutrality rules that stopped broadband providers from blocking websites, charging extra for higher-quality service, or certain content.

These regulations were created to ensure that providers treat all internet traffic equally and the dismantling of net neutrality has caused outrage and panic among U.S. citizens on the social media.

This action has reversed their 2015 decision to have stricter and stronger oversight over internet providers to ensure the safety of free communication online.

The commission’s chairman, Ajit Pai, has defended the vote saying that this would ultimately benefit the customers as corporations like AT&T and Comcast would be able to provide them a wider range of services, adding that this move would encourage competition and prove as an incentive to build networks.

However, the general consensus seems that this is a move in favor of large corporations and not the consumers. This will also affect start-ups and smaller companies as they have to pay to reach a wider audience.

Democratic Leader Nancy Pelosi described this decision as "a stunning blow" to the promise of a free and open Internet.

"With this unjustified and blatant giveaway to big providers, FCC Chairman Ajit Pai is proving himself an eager executor of the Trump Administration's anti-consumer, anti-competition agenda," Pelosi said.

After the uproar caused over this decision, major broadcast providers like AT&T and Comcast have promised their customers that their online experience will not change, but many are skeptical that companies will not adhere to their promise now that there is lighter regulation over their activities.

Several public interest groups and democratic state attorneys have allegedly promised to file a suit to stop this change.
Read more »
WhatsApp
Apps business app Business application communication New app WhatsApp

WhatsApp for Business: Standalone App Set for Release

It seems like WhatsApp is finally ready to launch its new standalone app for businesses to interact separately on their platform. In an FAQ on its website, it detailed how WhatsApp for Business is going to work and its features. 

The interface of the app remains the same, but the features afforded to businesses differ from the original messaging app. 

To communicate with customers using this new messaging app, businesses will first have to register using their business number, separate from their normal WhatsApp messenger number. Once they are registered, they will have a ‘business account’ which will be marked by a gray question mark symbol beside their name showing that the business has neither been confirmed or verified by WhatsApp.

Once a business confirms their business number, they become a ‘confirmed account’ and a gray tick appears next to their name. A green check-mark means it is a ‘verified account’ used by a business that is authentic and verified by WhatsApp. 

The new app is already live in Play Store but is yet to be released to general public. 

Back in September, WhatsApp announced that it was experimenting and beta-testing ‘WhatsApp Business’ with few pilot-testers. Users may remember communicating with brands like BookMyShow, MakeMyTrip, or Goibibo using the messaging app.


Kshitija Agrawal


Read more »
Subscribe to: Comments (Atom)