13.6 C
London
Tuesday, September 26, 2017
Home Tags Spectre

Tag: Spectre

Spend hundreds less, get more stuff and comparable performance.
Just the thing for the eco-conscious 00 agent?
Sharper edges, new kickstands, Intel and AMD processors, and more.
Elevating HP's affordable notebooks with useful hardware tools.
There are a couple issues, but overall you get good features for the price.
No matter where you’re working, HP’s newest business notebook has your back.
Flexibility is usually left to smaller devices, but this one’s up to the challenge.

What went wrong at Tesco Bank?

Internal systems blamed for monster cyber-attack Tesco Bank has enlisted the help of recently established National Cyber Security Centre (NCSC) following the most serious cyber-attack ever launched against a UK bank. The attack against the supermarket giant's banking arm involved the theft of £2.5m from 9,000 customers' accounts, funds that the bank quickly reimbursed.
Initially theft against 20,000 accounts was feared but this figure was revised downwards late on Tuesday night.

At the same time Tesco announced that it was restoring normal service following the suspension of online and contactless transactions from current accounts applied in the immediate wake of the breach last weekend. NCSC is working alongside the National Crime Agency to look into the cyber-attack, which is believed to be the biggest of its kind in the history of British banking. Ian Mann, chief exec of cyber-security service ECSC, said the size of the breach indicates that is it likely either Tesco's internal systems, or their mobile application, have been hacked.

Tesco Bank's method of access for customers is "weak for this type of system", according to Mann. "Username is your email by default, and you only need digits from a numeric PIN.

By requiring limited digits from the PIN on login, they make it virtually impossible to hash (encrypt) the PINs they have stored. This means a compromise of their customer database will reveal all logins and passwords to the attacker." Tesco Bank manages around 136,000 current accounts.
Security pundits have variously blamed credential stuffing, an inside job, and exploitation of a third-party supplier retail partner for the breach. Nigel Hawthorn, chief European spokesperson at Skyhigh Networks, said: "While the details are still patchy, there's no doubt that this was a hugely sophisticated, coordinated and advanced attack – and as recent months have proven, no organisation is immune from similar attacks going forward. With cloud computing, hackers have so many more points of entry, and organisations need to put security in place to guarantee the safety of data, even if it falls into the wrong hands.
In practice, this means putting multiple layers of control around their most sensitive data and closely monitoring access to stop theft on the way out rather than betting on the 'hard shell' approach with a sealed perimeter." Tesco might face a huge fine under the recently revamped EU data protection rules over the breach, according to Hawthorn. "When it comes to data security, the silent spectre of EU General Data Protection Regulation is slowly kicking organisations into action, and incidents such as this will only accelerate this trend," Hawthorn said. "One estimate is that Tesco Bank could be fined nearly £2bn under GDPR rules for this incident.

The bottom line is that data security is no longer simply an issue for the IT department to tackle, and organisations can no longer sit back and ignore it.

The stakes are higher than they have ever been, so when it comes to reviewing your security position, tomorrow may just be too late." ® Sponsored: Customer Identity and Access Management
Press Release LONDON, October 20, 2016 – Unisys Corporation (NYSE: UIS) announced today its latest series of security-related milestones, including a major win in border protection and the launches of leading-edge technologies to help enterprises protect their data and operations from the growing spectre of cybercrime. Made in conjunction with National Cyber Security Awareness Month in the U.S. as well as security-related events the company is sponsoring this week, today’s announcements include: “These milestones serve to highlight Unisys’ unmatched focus on securing the data and operations of organisations across industries ranging from financial services and travel and transportation to government and life sciences,” said Inder M.
Singh, chief strategy and marketing officer for Unisys. “These announcements are particularly significant in light of this week’s theme as part of National Cyber Security Awareness Month in the U.S.: ‘Recognising and Combating Cybercrime.’ The high-value software, services and solutions Unisys brings to its global markets today offer much-needed ammunition in this fight.” About UnisysUnisys is a global information technology company that works with many of the world's largest companies and government organisations to solve their most pressing IT and business challenges. Unisys specialises in providing integrated, leading-edge solutions to clients in the government, financial services and commercial markets. With more than 20,000 employees serving clients around the world, Unisys offerings include cloud and infrastructure services, application services, security solutions, and high-end server technology.

For more information, visit www.unisys.com. Follow Unisys on Twitter and LinkedIn. Contacts:Media: Brad Bass, Unisys, 703-439-5887brad.bass@unisys.com Jay Jay Merrall-Wyre, Unisys, +44 (0) 20 3837 3729unisys@weareoctopusgroup.net Investors: Courtney Holben, Unisys, 215-986-3379courtney.holben@unisys.com ### Unisys and other Unisys products and services mentioned herein, as well as their respective logos, are trademarks or registered trademarks of Unisys Corporation.

Any other brand or product referenced herein is acknowledged to be a trademark or registered trademark of its respective holder.