Home Tags Birmingham

Tag: Birmingham

Vector Networks’ new Vizor shines light on Shadow IT

ITAM innovator announces SaaS optimization and cloud lifecycle management in Spring 17 release of its solution, VizorMay 24th 2017, Atlanta (USA), Montreal (Canada), and Birmingham (UK) – Vector Networks today announced SaaS optimization and cloud lifecycle management capabilities in its Spring 17 release of ITAM solution, Vizor (www.vizor.cloud).The new release of Vizor complements existing software license management and asset lifecycle functionality with new features and processes for managing software subscriptions and the approval and provision... Source: RealWire

HUBER+SUHNER to bring comprehensive Connected Mobility solutions to Railtex 2017

Global connectivity supplier HUBER+SUHNER will be exhibiting its extensive portfolio of technology and solutions for the rail industry at Railtex 2017, taking place in Birmingham, UK, 9-11 May.

The HUBER+SUHNER booth will focus on its solutions for Connected Mobility – merging both communications and rail through instrumental components, thus enabling broadband network connections on the train, train-to-ground and on the trackside.

As such, it will be showcasing a wide range of products allowing passengers, rail... Source: RealWire

Anexsys Continues Relativity ‘Best in Service’ Status

Following significant regional expansion, Anexsys continues to offer Best in Service Relativity experience London – 7th March 2017 - Anexsys, a leading independent legal technology and consultancy organisation, announced that they have again achieved kCura’s Relativity ‘Best in Service’ designation, which recognises Relativity Authorised Partners who provide an exceptional Relativity experience for end users.Anexsys, with sites in London, Birmingham, Bristol, Leeds and Manchester, is a leading legal technology and consultancy business supporting law firms, government... Source: RealWire

Maetrics launches NEW Training Courses for 2017

New public and in-house training courses announcedMaetrics, a leading global management consulting firm providing life sciences companies with deep quality, compliance, and regulatory solutions has launched its new series of public and in-house trainin...

YouTubers fined for running illegal FIFA 17 gambling site

Allowed kids as young as 12 to gamble on games of FIFA 17.

Secure I.T. Environments Delivers Challenging Data Centre For The Energy Systems...

Fast Track data centre service delivers new data centre in just eight weeks

London UK, 12 January 2017 – Secure I.T.

Environments Ltd
, one of the UK’s leading designers and builders of modular data centres, has today announced the completion of a new internal data centre for The Energy Systems Catapult, at its new head office in Birmingham, UK.

The new data centre, which is housed on the seventh floor of a central Birmingham office, was built on-time in just eight weeks. Key construction challenges included ensuring power supply cabling was adequate and could reach distribution boards, the close control air conditioning system condensers required extended pipework to enable the units to be housed on the roof.

The data centre has been built with raised flooring, cold aisle containment air conditioning, with great attention placed on ensuring space was utilised as efficiently as possible given restrictions of the physical building.
Secure I.T.

Environments was responsible for the design and delivery of the data centre which included power supply infrastructure, environmental controls, server racks, and UPS.

The Energy Systems Catapult’s vision is for a clean, intelligent energy system that works for people, communities and businesses.

They aim to take a whole systems approach to the challenge of transforming the UK’s energy sector, both affordably and securely, and is also helping the UK capture commercial opportunities and create new businesses across the energy sector.

With an emphasis on energy systems and efficiency central to the mission of the Energy Systems Catapult, delivering a data centre that reflected these qualities was essential.
Secure I.T.

Environments has used its skills in this area to ensure the data centre delivers a PUE of 1.17.

Chris Wellfair, projects director at Secure I.T.

Environments said, “Delivering a data centre quickly requires a great deal of skill, so as not to compromise success. We have built up a wealth of skills and a proprietary methodology in this area, which means we can deliver challenging projects at speed without compromising on attention to detail, energy efficiency, security or design quality.

This proven track record is one of the reasons that we were selected through the tender process to deliver this project for the Energy Systems Catapult.”

About Secure I.T.

Environments Ltd

Secure I.T.

Environments Ltd
is a UK company specialising in the design and build of energy efficient internal/external secure modular data centres and infrastructure.
Secure IT Environments Ltd has established an enviable relationship with its clients based on trust, mutual respect, working as a team with the client and proven performance.

The company offers a “Total Solutions Package” to the private, healthcare, education and government sectors, as well as co-hosting companies in the UK and offshore, by way of design, implementation and installation management services for projects from small stand-alone computer rooms to large public sector contracts and co-hosting locations.

All rooms are designed to meet the latest BS476/EN1047 standards, now regarded as the benchmark standard for new data centres being installed throughout the UK and Europe.

Secure I.T.

Environments’ primary aim is to ensure that clients’ critical hardware is protected against all external threats in a Green Data centre.

To this end the company has established long-standing partnerships with its manufacturers, who are at the forefront of R&D, to ensure the highest level of physical protection and energy efficiency is maintained.

For press enquiries, please contact:
Duncan Gurney
Ginger PR
07912 495 630
Duncan@gingerpr.co.uk

Car accident claims dominate mobile scam calls in 2016, according to...

Press Release London, 30 December 2016 - Scammers are increasing the number of calls where they claim ‘our records show you’ve been in a car accident’, according to call-blocking and caller ID Company, Hiya (www.hiya.com).

These types of calls were the most reported scams of 2016, says Hiya, closely followed by PPI calls, and calls claiming you’ve won a prize. The car accident scam peaked in October - the worst month of the year for mobile phone scams overall – with growth of 84% in the period January to November. PPI scam claims peaked in November and saw an 81% growth over the year.

The UK leads Europe in that it has the highest percentage of nuisance calls, at a significant 13% of all calls placed. “Defrauding people is big business, which is why the number of scam calls continues to grow and more elaborate schemes appear,” says Alex Algard, CEO of Hiya. “Scammers are getting more sophisticated.

They mask the calls by using common area codes so people answer them. Our advice is to be careful and trust your instinct.
If an offer sounds too good to be true, then it probably is.” The year in review: Newcomer scam of the year: ‘Lucky Winner’ Worst month for phone scams: October Scam that declined over the year: Betting, down 240% from Jan-Nov, peaked in March Worst area code offenders: (020) London (0161) Manchester (0141) Glasgow (0113) Leeds (0121) Birmingham (01922) Walsall (01268) Basildon (0151) Liverpool (0115) Nottingham (01792) Swansea Top Scams in the UK: Car accident claims, 84% growth over the year, peaked in October PPI scam calls, 81% growth over the year, peaked in November Lucky winner, 64% growth over the year, peaked in October Loan scams, 85% growth over the year, peaked in August All inclusive holiday compensation, 91% growth over the year, peaked in October About HiyaHiya provides enhanced caller ID products and services designed to make the phone experience better. With a database of more over 1.5 billion unique numbers globally, Hiya leverages its expansive algorithms to identify unknown calls and texts and to monitor phone-based threats for consumers and businesses. Hiya screens more than 665 million incoming calls per month, and has detected more than one billion robo, telemarketing and scam calls and texts to date. Hiya is available as a consumer app on Google Android and iPhone and is integrated into the phone experience for T-Mobile and Samsung Galaxy S7 users worldwide.

For more information, please visit www.hiya.com. For more information on the survey, contact:Kate Hartley / Malini MajithiaCarrot Communications0203 770 5836 / kate.hartley@carrotcomms.co.uk

Fatal flaws in ten pacemakers make for Denial of Life attacks

Brit/Belgian research team decipher signals and devise wounding wireless attacks A global research team has hacked 10 different types of implantable medical devices and pacemakers finding exploits that could allow wireless remote attackers to kill victims. Eduard Marin and Dave Singelée, researchers with KU Leuven University, Belgium, began examining the pacemakers under black box testing conditions in which they had no prior knowledge or special access to the devices, and used commercial off-the-shelf equipment to break the proprietary communications protocols. From the position of blind attackers the pair managed to hack pacemakers from up to five metres away gaining the ability to deliver fatal shocks and turn of life-saving treatment. The wireless attacks could also breach patient privacy, reading device information disclosing location history, treatments, and current state of health. Singelée told The Register the pair has probed implantable medical device and pacemakers, along with insulin pumps and neurostimulators in a bid to improve security understanding and develop lightweight countermeasures. "So we wanted to see if these wireless attacks would be possible on these newer types of pacemakers, as this would show that there are still security problems almost 10 years after the initial security flaws have been discovered, and because the impact of breaking the long-range wireless communication channel would be much larger as adversaries can be further away from their victim," Singelée says. "We deliberately followed a black-box approach mimicking a less-skilled adversary that has no prior knowledge about the specification of the system. "Using this black-box approach we just listened to the wireless communication channel and reverse-engineered the proprietary communication protocol. And once we knew all the zeros and ones in the message and their meaning, we could impersonate genuine readers and perform replay attacks etcetera." Laboratory setup: A USRP (left) and DAQ with antennas below. Their work is detailed in the On the (in)security of the Latest Generation Implantable Cardiac Defibrillators and How to Secure Them [PDF] authored by Marin and Singelée, KU Leven colleague Bart Preneel, Flavio D. Garcia and Tom Chothia of the University of Birmingham, and cardiologist Rik Willems of University Hospital Gasthuisberg. The team describes in limited detail to protect patients how the wireless communications used to maintain the implantable medical devices can be breached. "Adversaries may eavesdrop the wireless channel to learn sensitive patient information, or even worse, send malicious messages to the implantable medical devices. The consequences of these attacks can be fatal for patients as these messages can contain commands to deliver a shock or to disable a therapy." No physical access to the devices is required to pull off the attacks. The researchers say attackers could install beacons in strategic locations such as train stations and hospitals to infer patient movements, revealing frequented locations, and to infer patient treatment. Attackers could trigger a reprogramming session in order to grab that data. Programming flaws relating to the devices' standby energy saving mode allow denial of service attacks to be performed which will keep units in battery-draining alive states through continuous broadcasting of messages over long-range wireless. This could "drastically reduce" the units' battery life, the team says. The research, like all medical device hacking, has scope limitations that mean mass targeting of pacemakers is not immediately possible. Nor can attacks be extended to many metres. Another happy fact: the gear required isn't cheap. National Instruments sells its URSP-2920 for US$3670 (£2930, A$4972) and USB-6353 for US$2886 (£2724, A$3910). The team tells The Register they have been informed that the compromised vendor has issued a patch, but further details are not known. Medical devices' wireless could be jammed as a stop-gap measure, while the addition of shutdown commands to the devices would best serve long-term fix, as would the inclusion of standard symmetric key authentication. "We want to emphasise that reverse engineering was possible by only using a black-box approach," the team says. "Our results demonstrated that security-by-obscurity is a dangerous design approach that often conceals negligent designs." Medical device hacking has picked up pace in recent years, with much work made through the I Am The Calvary research and activist group. ® Sponsored: Customer Identity and Access Management

World-leading heart hospital ‘very, very lucky’ to dodge ransomeware hit

Papworth's timely backups saved the day World-leading Papworth Hospital has escaped a full-on zero-day crypto ransomware attack thanks to the "very, very lucky" timing of its daily backup. It's believed that an on-duty nurse at the heart and lung hospital in Cambridgeshire unwittingly clicked on something in an infected email, activating the attack at about 11pm on a Saturday night a few months back. But the malware did not start encrypting files until after midnight – just after the daily backup had completed, ICT director Jane Berezynskyj has said. The NHS foundation trust had made recovery plans and recruited experienced staff following earlier attacks, but Berezynskyj said: "We were also very, very lucky.

Timing absolutely was everything for us." Papworth has since moved to hourly incremental backups, using mixed media including tape, given that some attacks target digital backups. Berezynskyj, speaking at the EHI Live healthcare conference in Birmingham this week, said Papworth was hit by a new variant of crypto software for which there was no remedial software. "We've got some fairly ancient application architecture so we've got some file-shares, and actually that's what happened to us – a crypto attack went through our file-shares and encrypted the data." "Thank God for that full backup, then," she added. "We're pretty certain that when we suffered our ransomware attack, the user concerned navigated away from that screen that said: 'This is a ransomware attack, please pay X amount in bitcoins'," Berezynskyj said, but the person never reported what happened. "One of our key weaknesses is our people and user behaviour," she added, despite a programme of staff education and communication. The trust's four-person IT team worked from 1am to 9pm on the Sunday, with further work with suppliers on Monday and Tuesday, to recover its systems. Papworth had not budgeted for such an attack, although Berezynskyj said she had been able to absorb its cost within existing budgets.
It did not hit clinical care, but this again was down to timing. "We don't do Sunday operations, so it didn’t affect operating theatres," she said. "If we'd been doing a heart operation on a Sunday, it would have been a huge problem." Berezynskyj added that she is trying to persuade the trust's financial director to include provision for attack recovery. "It's not if, it's when it's going to happen," she said. "But that dialogue is still evolving, because finance people only like to plan for what's actually going to happen, and I can’t give cast-iron guarantees." She mentioned research suggesting that each cyber-attack in healthcare costs £80,672-£161,345 (€90,000-€180,000). Papworth is famous as the centre for the UK's first successful heart transplant in 1979. Speaking at the same session, Lydia Kostopoulos, a principal consultant for PA Consulting, said an experiment she ran sending benign phishing emails to staff at US hospitals found they were most likely to be clicked on between 11pm and 5am, particularly by nurses on graveyard shifts. Northern Lincolnshire and Goole NHS foundation trust is currently recovering from a major incident following a cyber-attack which led it to cancel operations. ® Sponsored: Customer Identity and Access Management

London City Bankers Under Siege From Ransomware Cyber Attacks

London City experiences more ransomware attacks than the rest of the United Kingdom combined. By Roland Moore-ColyerLondon's City bankers and workers are being hit by a substantial amount of ransomware as the Square Mile comes under more cyber-attacks than many countries.According to threat intelligence data collected by security firm Malwarebytes, the city came under nearly 10,500 ransomware hits in little over a year, significantly more than any other London borough, city or county in the United Kingdom. Attacking Bankers The density of financial organizations packed into the city's square mile presents a tempting target of cyber criminals looking to extort wealthy organizations via ransomware. "Given that only 7,000 people live in the City of London, but hundreds of thousands commute there every day, it is not a great leap to assume these attacks involved compromised work systems. With over 80m square ft. of office space in just 1.1 miles—that is a hugely tempting target for the bad guys," said Nima Samadi, data science analyst at Malwarebytes. The city received more ransomware attacks than the top ten highest areas of these attacks combined; more than Birmingham, Manchester, Essex, Kent and others.

The city suffered 670 percent more ransomware attacks than Manchester, the nearest other hotspot for such cyber-attacks.While spelling mistakes, typos and other oddities in emails can help savvy people detect dodgy emails hiding ransomware, the attacks are getting more sophisticated with botnets designed to propagate them at such a volume that someone is likely to get trapped by ransomware at some point."When analyzing the data it gave us an interesting snapshot into a growing problem facing companies.

These nefarious threats, which essentially demand money with menaces, are becoming a real problem for big business—encrypting company files for ever unless the ransom is paid.  It is a modern day protection racket," added Samadi.With universities getting plagued by ransomware attacks and nearly half of all cloud malware claimed to be ransomware, it would seem like the problem is only going to get worse before it gets better.

Verizon technician sold calling, location data for thousands of dollars

EnlargeBloomberg via Getty Images reader comments 36 Share this story An Alabama man who worked as a Verizon Wireless technician has agreed to plead guilty to a federal hacking charge in connection to his illegal use of the company's computers to acquire customer calling and location data.

The man, Daniel Eugene Traeger, faces a maximum five years in prison next month. He admitted Thursday that he sold customer data—from 2009 to 2014—to a private investigator whom the authorities have not named. According to the man's signed plea deal (PDF): At some point in 2009, the Defendant met a private investigator ("the PI") who wanted to buy Verizon customer information from the Defendant.

The Defendant accepted the PI's offer.

The defendant used Verizon computer systems and facilities to access customer call records and customer location data that he knew he was not authorized to access, and provided that information to the PI even though the Defendant knew that he was not authorized to provide it to a third party. The Defendant accessed customer call records by logging into Verizon's MARS system.

The Defendant then compiled the data in spreadsheets, which the Defendant provided to the PI, including by e-mail.

The Defendant accessed customer location data using a Verizon system called Real Time Tool. Using RTT, the Defendant "pinged" cellular telephones on Verizon's network and provided location data for those telephones to the PI. The plea agreement said that Traeger began making $50 monthly in 2009, when he sold two records a month.

By mid-2013, he was earning $750 each month by selling 10 to 15 records.
In all, the plea deal says he made more than $10,000 over a five-year period. The defendant was based in the Birmingham area.

The government did not say where the victims lived. Traeger is expected to appear in federal court October 20 and enter his plea.

The defendant's attorney, Michael Rasmussen in Birmingham, did not immediately respond for comment.

Hack of Automotive Keyless Entry Systems Puts More Than VWs at...

One hundred million Volkswagen vehicles are allegedly at risk after researchers reveal weaknesses in wireless key security.

But those aren't the only vehicles at risk. New research presented at the USENIX security conference this week revealed that there is a critical weakness in vehicles that could enable an attacker to unlock and start a car remotely.

The research was conducted by computer science researchers at the University of Birmingham in the UK."We show that the security of the keyless entry systems of most VW Group vehicles manufactured between 1995 and today relies on a few, global master keys," the research abstract states. "We show that by recovering the cryptographic algorithms and keys from electronic control units, an adversary is able to clone a VW Group remote control and gain unauthorized access to a vehicle by eavesdropping a single signal sent by the original remote."Not only does the paper provide insight into the flaws in Volkswagens, but it also details similar flaws in the Hitag2 mechanism used in Alfa Romeo, Chevrolet, Peugeot, Lancia, Opel, Renault and Ford vehicles that enable a rolling code approach for keyless entry."Our findings affect millions of vehicles worldwide and could explain unsolved insurance cases of theft from allegedly locked vehicles," the paper states. While the impact of vehicle theft is likely in the tens of thousands of dollars per stolen vehicle, the researchers' approach makes use of a $40 device they built using the open-source Arduino micro-controller. The researchers contacted Volkswagen Group in November 2015 and met with the company in February to discuss the findings.

According to the researchers, VW Group acknowledged the vulnerabilities."As mentioned in the paper, we agreed to leave out amongst others the following details: cryptographic keys, part numbers of vulnerable ECUs [electronic control units], and the used programming devices and details about the reverse-engineering process," the researchers stated.Vehicle security experts contacted by eWEEK were not surprised by the new disclosure of widespread issues in VW Group vehicles.

David Barzilai, co-founder of Karamba Security, noted that his company has been seeing similar security issues with multiple brands. Karamba launched its flagship Carwall security platform in June in an effort to help secure vehicles' ECUs."The innovation of the USENIX paper is that it shows that a single brand and its subsidiaries are exposed, with all cars that were sold since 1995, as they all use the same master key," Barzilai told eWEEK.Corey Thuen, senior consultant at IOActive, said the keyless entry risk is in line with IOactive's expectations."We see these types of vulnerabilities being systemic to the auto industry, and this area of vulnerability is the most likely to be exploited by attackers," Thuen told eWEEK. "Unless we're talking about nation states or similar groups, your average hacker is motivated by money, so any vulnerabilities that can be turned into dollars, like this keyless entry attack, are going to be a higher likelihood."In Thuen's view, the real trouble in the auto industry, and in particular with the keyless entry risk, is all about vendor failure to follow security industry best practices.
In this case, Thuen said that proper key infrastructure and management were lacking, with the vendor instead making use of hardcoded information. He added that in IOactive's recently released Commonalities in Vehicle Vulnerabilities report, the issue is documented in detail.Barzilai believes the Karamba Carwall platform could in fact be used to limit the risk of such keyless attacks. He noted that the reported hack on VW was done through reverse-engineering an ECU and obtaining a private key."With Karamba installed, hacking into the ECU and then reverse-engineering it would be detected and prevented as a deviation from factory settings," he said. "Therefore, the attack would have probably been prevented."Barzilai added, "The attack shows that security should be done from a system approach, and the ECU is the attack surface or attack gateway to the car."Security is a very difficult thing to "bolt-on" after the fact, according to Thuen.

A failure to follow security best practices during the design and implementation phases can be very difficult, and often impossible, to remediate afterward."Microsoft, Google, Apple, OWASP and now auto-specific organizations like the Auto-ISAC have learned a lot over the past couple decades, and the auto industry needs to take advantage of that," Thuen said.Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com.

Follow him on Twitter @TechJournalist.