Eskenzi PR has been a pillar within the industry for nearly three decades and brings a wealth of experience and expertise to the Nineteen Group team. The agency currently offers PR support for over thirty tech companies worldwide.  

In recent years, the UK government has set its sights on cultivating the country’s cybersecurity sector and, as announced in December 2021, they aim to “solidify its position as a global cyber power”. As a result, the industry has flourished; bringing in a record level of investment amounting to £10.1 billion in the last financial year. Naturally, the next step would be to make the UK home to the industry’s most rewarding and unmissable event. Nineteen Group, together with Eskenzi PR, endeavour to lead that effort.   

Taking place at the Olympia London on 27-28 September 2022, the International Cyber Expo intends to disrupt the status quo by producing a dynamic and inclusive annual event where business, innovation and education converge. Over the two days, cybersecurity veterans and newcomers can attend CISO roundtables, informative talks by experts in the field, as well as delve into immersive demonstrations of the latest cutting-edge technologies. The space will serve as a networking hub for everyone from government officials and entrepreneurs, to venture capitalists and software developers.   

“Eskenzi PR is the cybersecurity PR agency. They have turned hundreds of companies into household names over the years and were pivotal to making Infosecurity Europe into the success it is today. There was no doubt who we wanted to take on board to guide us through this exciting venture,” said Rachael Shattock, Group Event Director at Nineteen Group. “We are thrilled to work alongside Yvonne Eskenzi and team to deliver a phenomenal event for the cybersecurity community.” 

“I founded Eskenzi PR when the cybersecurity industry was still in its infancy, allowing us to establish ourselves within the heart of the community and get to the crux of what they want and need. And what we have long-needed is an event for the community, by the community,” said Yvonne Eskenzi, co-founder and director at Eskenzi PR and Marketing. “Nineteen Group has convened an Advisory Council made up of cybersecurity all-stars, and they are making significant investments to do right by us. They are all in, and I could not think of a better partner to bring this vision to life.” 

To find out more about the International Cyber Expo, visit: https://www.internationalcyberexpo.com/welcome 

< <  END > >  

About International Cyber Expo 

Launched as the first dedicated event to bridge the gap between physical and cyber security industries, the International Cyber Expo is now one of the key cybersecurity events on the industry’s calendar. The event is overseen by a top-level Advisory Council made up of credible Government, industry and leading academic stakeholders to help shape its agendas and maintain the top-level content that includes the high-level two-day Global Cyber Summit.  

It also features a large exhibition area with International Pavilions, a Government Zone and Immersive Cyber Demonstrations that focus on technology and services that protect businesses’ digital and physical future. For more information visit: https://www.internationalcyberexpo.com 

About Nineteen Group 

Nineteen Group is a rapidly expanding, dynamic and ambitious events business, which like our portfolio has a clear focus. Our corporate vision is to become the most successful events business in the UK. 

At the heart of Nineteen Group lies over 100 years of industry experience and an unrelenting commitment to deliver customer satisfaction. 

Following substantial investment from Phoenix Equity Partners, a leading growth-focused private equity firm, Nineteen Group is delivering major-scale trade exhibitions within the retail, security, cyber security, fire, emergency services, health and safety, facilities management, engineering and manufacturing sectors. www.nineteengroup.com 

About Eskenzi PR  

With over 26 years of experience, Eskenzi PR is an award-winning PR and Marketing agency that specializes in cybersecurity. Founded by Yvonne Eskenzi and Neil Stinchcombe, Eskenzi PR is at the forefront of the industry and is renowned for building startups into household names and creating global brands. With a presence in the U.K., US, Singapore, Australia, France and Germany no time zone is left unmanned. Eskenzi PR is also the creators and host of industry-renowned events like the European Cyber Security Blogger’s Awards, Security Serious Week, IT Security Analyst & CISO Forum as well as founding the highly regarded news site itsecurityguru.org. To learn more visit https://www.eskenzipr.com.  

The post NINETEEN GROUP APPOINTS QUEEN’S AWARD WINNING ESKENZI PR TO PROMOTE UK’S NEWEST CYBERSECURITY EVENT appeared first on IT Security Guru.

The platform integrates with their existing computer login and removes the need for users to manage any additional application passwords, enabling the transition to a passwordless environment. This means clinicians only need to sign into their computer once to get access to all the information they require, enabling them to spend more time providing critical patient care.

London Central & West (LCW) is one of largest providers of Integrated Urgent Care in London, serving over 4.6 million citizens. To offer its patients faster and more efficient care, LCW is becoming increasingly reliant on cloud applications and digital platforms to access medical records. However, a key challenge they have encountered, is clinicians having to manage multiple passwords to get access to these critical systems. As a result, LCW has recognised it needs a more efficient way for clinicians to securely access medical applications to improve efficiency, which does not require them to have to remember multiple passwords for numerous different applications.

Liam Mahon, Director of Digital & Innovation IT – BI – PMO at LCW, explains “We see digital as a key enabler to provide innovative, uninterrupted and responsive care to our patients. However, a key challenge we are frequently facing is clinicians having to manage multiple logins to access systems. This means passwords often get forgotten and doctors have to go through lengthy password resets to get access to patient records. We recently concluded that an overhaul of our traditional identity access management strategy was needed, where staff could more efficiently get access to critical systems, without compromising security. In My1Login, we have found a partner that can symphyses these two issues into a simple solution, significantly improving security, whilst simplifying the user experience, thus allowing clinicians to focus their time on patient care, rather than password management.”

Mike Newman, CEO of My1Login, said: “We are delighted to be helping London Central and West mitigate the risk of data breaches whilst freeing up valuable time for clinicians to focus on patient care. My1Login enables the transition to a passwordless environment, removing passwords from the hands of users and placing LCW in control of corporate identities, which reduces exposure to cyber security risks and makes it secure and effortless for clinicians to access NHS applications.”

The post NHS 111 urgent care provider leads the way in secure and flexible workforce identity and access management with My1Login appeared first on IT Security Guru.

Police arrested Aigbonohan in July 2021 after he was found with a fake driving licence and overstaying his visa in the UK for two years. “Romance fraud is a particularly callous offense, involving exploitation of an individual’s emotional needs and caring qualities, to extract money from them. People should be particularly vigilant over the coming month as we head towards Valentine’s Day and more people seek a partner,” warned James Lewis of the Crown Prosecution Service (CPS).

The post Romance Fraudster who Targeted more than 650 Victims has been Convicted for Two Years appeared first on IT Security Guru.

Ransom-motivated DDoS attacks increased 29% year-on-year and 175% between Q3 2021 and Q4 2021, according to the research on cyberattack trends showing that companies must do more to prevent DDoS attack vectors.

The manufacturing industry was the most targeted vector in Q4 of 2021 by application-layer DDoS attacks, racking up a concerning seven-fold (641%) increase in the number of attacks. The business services and gaming & gambling industries were the second and third most targeted industries by DDoS attacks.

Michael Isbitski, technical evangelist at Salt Security said in an email to IT Security Guru that it regularly identifies and mitigates flaws in APIs that can result in denial of service (DoS) or distributed denial of service (DDoS) conditions if attackers find and abuse them. He added: “Application-layer or layer 7 (L7) DoS conditions are common in application designs where application functionality, often initiated API calls, may be too “heavy” in terms of the data served to clients in responses or computing resources functionality will consume. The API calls or application functions generate excessive load that in turn creates availability problems for end users.”

In terms of DDoS techniques, Isbitski noted that: “There are numerous forms of DoS/DDoS and techniques that attackers use to distribute, reflect, and amplify requests to impact systems availability. The report calls out traditional network DoS/DDoS attacks like SYN floods or those attacks that target specific protocols like UDP or SMTP. Enterprise web applications typically communicate using HTTP. Attackers aiming to perform DoS/DDoS against enterprise applications usually focus less on abusing the HTTP protocol itself and instead zone in on functionality coded into the application and APIs. The ways attackers can abuse applications and APIs varies depending on what functionality is exposed and how business logic is coded, which also complicates detection and mitigation. The
added geo-graphic distribution and amplification that’s inherent with DDoS greatly exacerbates availability problems and can quickly bring applications or systems to a halt if not mitigated promptly.”

He also stressed that these types of flaws are present in all vertical sectors, but that potential business impacts vary based on the product or service offerings of the impacted organisation. “Cloudflare noted that it sees manufacturing being heavily targeted, and successful DoS and DDoS attempts by attackers can
result in physical supply chain impacts. Salt Labs has documented a few examples of API flaws that can lead to DoS/DDoS in its published threat reports, many of which were observed in financial services and financial technology platforms,” Isbitski concluded.

The post DDoS Attacks Increasing Again appeared first on IT Security Guru.

According to the researcher who disclosed the details, Apple has been aware of the vulnerability since August 2021, but has not addressed the issue.

To trigger ‘doorLock,’ an attacker would change the name of a HomeKit device to a string larger than 500,000 characters.

To demonstate the doorLock bug, Spinolas, the original researcher who uncovered the bug,. has released a proof-of-concept exploit in the form of an iOS app that has access to Home data and can change HomeKit device names.

The post New iOS vulnerability DoS bug revealed appeared first on IT Security Guru.

Although a patch was released in September, any still-vulnerable Hikvision IP Network Video Recorder (NVR) products are being actively targeted by the Mirai-based botnet known as Moobot.

Source: https://threatpost.com/moobot-botnet-hikvision-surveillance-systems/176879/

The post Cybercriminals take advantage of unpatched Hikvision systems appeared first on IT Security Guru.

Commenting on this story was Javvad Malik lead security awareness advocate at KnowBe4:

“We’ve seen several hotels and others in the travel and hospitality industry targeted in the last few years. Much of this is driven due to the fact that these organisations hold an incredible amount of personal information on large numbers of individuals.

In addition, we are seeing as more organisations adopt IoT devices throughout, the attack surface increases, as does the impact of any system becoming unavailable. 
It is why organisations across all verticals and industries need to carefully consider their security obligations. This includes properly securing customer information, and making sure that only information needed is saved. It also requires organisations to be mindful of what smart or IoT devices they acquire and install and ensure there is a thorough security check undertaken to ensure these devices are fit for purpose.”

The post Ransomware attack locks hotel guests out of rooms appeared first on IT Security Guru.

The post United States military hacking unit acknowledges offensive action to disrupt malware appeared first on IT Security Guru.

It looks like the criminals behind BloodyStealer are targeting gamers, as they are selling access to specific accounts, both individually and wholesale. Accounts with add-on and expensive items hold particular value, but they are typically sold at a huge discount. The content of these accounts is often traded, often for a fraction of its value. For less than 50 cents, one could by access to Need for Speed and other titles.

Here’s what security experts had to say on this threat:

Sam Curry, chief security officer at Cybereason:

“It’s become almost a reflex now: another letter or email in your mailbox, “we regret to inform you that due to a breach, your personal data may have been….” and in the gaming industry, user data is still highly sought after, but at much cheaper prices than in the past with attackers successfully using the malware as a service model to generate revenue and driving down costs as the supply increases. Overall, the number of identity compromises by this point is more than 10 times larger than the world’s population and yet life continues. The unthinkable has become the mundane and the routine. In the short term, consumers should protect themselves with strong passwords and also enable two-factor authentication. Also, double check websites, email addresses and phone numbers to verify their authenticity. Fraudsters will oftentimes deploy phone numbers, email addresses or URLs that differ slightly from the real one. Also, never click on links or open attachments from unknown sources. And take advantage of free credit reporting services. And immediately contact law enforcement if you think you have been victimized”

Jordan Dunne, security consultant at edgescan:

“As the gaming industry continues to grow, so too does the potential for malicious attackers to make a profit. As more users create accounts on gaming platforms, buy more games and content on these accounts, and attach their payment details to these accounts, there will also be an increase in the market for stolen accounts.

With this in mind, these platforms must take major steps in securing the data of their users and combat threats such as the BloodyStealer trojan as quickly as possible. As the gaming industry becomes a more prominent target, the tools used to target the users become more sophisticated, which can be seen with BloodyStealer using methods such as anti-debugging tools to help it evade detection. A $40 price tag in order to potentially access content worth over thousands of dollars would of course be a tempting offer to many attackers, and it’s important that all lucrative industries identify their threats and risks quickly and implement the correct response to combat equally imposing threats as these cheap, easy to use and meticulous attacks become increasingly present.

In order to prevent these attacks going forward, gaming platforms should enable protections such as Multi-Factor authentication by default when applicable, alerting a user when their has been suspicious activity on their account, and explaining to their users these threats in a simple to understand manner so that they may better protect themselves (explaining the importance of enabling MFA, using strong and unique passwords, etc.)”

Dean Ferrando, lead systems engineer at Tripwire:

“There is obvious value in obtaining personal identifiable information and account details of users, but these are also a goldmine for malicious actors intending to plan further attacks – be it phishing or otherwise. It is paramount that the involved parties take all the necessary steps to mitigate the consequences of this incident, which include changing all their passwords, especially if they were used on accounts related to the impacted companies.”

“Those within the gaming industry should take this opportunity to visit their own security controls to ensure they are adequately deployed. A security team should be able to easily assess how many of what kind of assets are on the network, how securely they are configured, and what the vulnerability posture of those assets are. All organizations should use this as a wakeup call to ensure that security is not just a check box for compliance. Hardening systems help to safeguard the integrity of your digital assets and protect against threats and vulenerabilities. Brands like EA and Steam etc want to provide a safe and secure space for gamers and not a game over experience.”

The post BloodyStealer trojan targets most major gaming platforms appeared first on IT Security Guru.

After a year of high-profile cyberattacks, it appears executives lack faith in the government’s ability to protect them from cyberattacks, with 60% of respondents saying they are spending on new security tools as they believe it is the most effective way to secure their organisations.

Nation State sponsored attacks remain a big concern, with China (41%) and Russia (41%) topping the chart of the most feared foreign powers when it comes to cyber capabilities.

More worryingly, 78% of C-level executives said they would be willing to pay a ransom were their company fall victim to an attack, and 56% said they would be willing to pay over $100,000. According to the survey’s findings, one-third (32%) of enterprises experienced a six-figure breach last year and well over half (61%) of business owners admitted to concealing a breach.

Commenting on the findings, Matt Williams, regional manager for UK and Ireland at Illusive, said: “Unfortunately, it’s not massively surprising that business owners or security leaders would be ashamed to disclose a breach. Even if the breach doesn’t lead to complete compromise or loss of data, the fact that bad-actors managed to bypass security defences feels like a defeat. This should not be the case. Organisations should be able to discuss breaches more openly in order to learn from one another. As a matter of fact, companies should just assume breach at all times and deploy software to protect valuable assets and information.”

Experiencing a ransomware attack can lead to dramatic consequences, not to talk of the PR nightmare, but if companies implement the right security measures, a breach would not lead to disaster, explained Williams. “Deception technology will allow companies to secure their data even if an attacker manages to sneak onto the network. This way organisations can rest easy as lateral movement will spark an alert and allow them to take the necessary measures to stop an attacker in their tracks. This would not only give them top tier security but it also that they wouldn’t have to hide a breach in the first place,” Williams advised.

The post New survey reveals executive’s attitudes on cybersecurity issues appeared first on IT Security Guru.