DCL Connecting talent
  • Virgin
  • SingTel
  • Tata
  • Nebulas
  • CNS
  • Secure Data
  • Telstra Global
  • Telecity
  • KCOM
Comments Off on Virgin Media Tells 800,000 Users to Change Passwords Over Hub Hacking Risk

Virgin Media Tells 800,000 Users to Change Passwords Over Hub Hacking Risk

Posted by Admin | June 23, 2017 | IT Security

Virgin Media is advising more than 800,000 customers with a specific router to change their password immediately after an investigation found hackers could gain access to it.

Virgin Media said the risk to customers with a Super Hub 2 router was small, but advised them to change both their network and router passwords if they were still set as the default shown on the attached sticker.

The advice comes after a Which? investigation found that hackers could access to home networks and connected appliances in as little as four days.

Ethical security researchers SureCloud gained access to the Super Hub 2, although Virgin Media said the issue existed with other routers of the same age, not just their model.

A Virgin Media spokesman said: “The security of our network and of our customers is of paramount importance to us. We continually upgrade our systems and equipment to ensure that we meet all current industry standards.

“To the extent that technology allows this to be done, we regularly support our customers through advice and updates and offer them the chance to upgrade to a Hub 3.0 which contains additional security provisions.”

The Which? study tested whether popular smart gadgets and appliances, including wireless cameras, a smart padlock and a children’s Bluetooth toy, could stand up to a possible hack.

Some of the devices proved harder than others to infiltrate, such as the Amazon Echo, but eight out of 15 appliances were found to have at least one security flaw.

The test found that the Fredi Megapix home CCTV camera system operated over the internet using a default administrator account without a password, and Which? found thousands of similar cameras available for anyone to watch the live feed over the internet.

The watchdog said that a hacker could even pan and tilt the cameras to monitor activity in the house.

SureCloud hacked the CloudPets stuffed toy, which allows family and friends to send messages to a child via Bluetooth and made it play its own voice messages.

Which? said it contacted the manufacturers of eight affected products to alert them to flaws as part of the investigation, with the majority updating their software and security.

It did not receive a response from the manufacturers of either Fredi Megapix or CloudPets.

The consumer group said the industry needed to take the security of internet-enabled and smart products seriously by addressing the basics such as ensuring devices required a unique password before use, using two-factor authentication, and issuing regular security updates for software.

Alex Neill, Which? managing director of home products and services, said: “There is no denying the huge benefits that smart-home gadgets and devices bring to our daily lives. However, as our investigation clearly shows, consumers should be aware that some of these appliances are vulnerable and offer little or no security.

“There are a number of steps people can take to better protect their home, but hackers are growing increasingly more sophisticated. Manufacturers need to ensure that any smart product sold is secure by design.”

Source: theguardian

Comments Off on Trump to Meet with Telecom CEOs

Trump to Meet with Telecom CEOs

Posted by Admin | June 23, 2017 | Telecoms

WASHINGTON (CNNMoney) – The White House isn’t done talking about technology.

President Trump will meet Thursday with the heads of Verizon, AT&T, Sprint and other companies, according to a White House official.

The meeting will focus on “how government can help American ingenuity and technological innovation continue to thrive,” the official said. Two dozen business leaders, including GE’s Jeff Immelt, and a host of top Trump administration officials are expected to attend.

Trump’s top aides have tried to bring order to a White House that can get derailed by the president’s Twitter account by focusing on certain issues each week, like infrastructure and workforce development.

The latest, technology week, kicked off Monday when Trump met with about 20 CEOs, including Jeff Bezos of Amazon, Tim Cook of Apple and Satya Nadella of Microsoft.

The plans haven’t always worked.

The companies meeting with Trump on Thursday will show off two demonstrations, according to the White House official.

Kespry, a commercial drone company, will showcase how its drones are used to survey quarries in Alabama.

And the telecom companies will use a 3D model of a city to show how 5G — the fifth generation of wireless networks — can work with existing broadband infrastructure without disruption.

Senior adviser Jared Kushner, who helped organize many of this week’s technology meetings, is also expected to attend. He’s coming fresh off a trip to the Middle East where he met with Israeli and Palestinian officials to talk peace.

Source: good4utah

Comments Off on Grandstream Completes Metaswitch Certification

Grandstream Completes Metaswitch Certification

Posted by Admin | June 22, 2017 | Unified Commuication

As a result of this and previous certifications, all of Grandstream´s award-winning IP phones are now fully interoperable with Metaswitch´s world-class communications platform. Metaswitch service providers and their customers, can now use any of Grandstream´s 18 IP phones to achieve an enhanced user experience, cost savings and improved productivity.

Grandstream was one of the first companies in the world to manufacturer IP phones in 2002 and now has one of the largest and most successful IP phone portfolios on the market.

The company currently manufactures 18 different IP phones and offers an ideal model for every type of user. Metaswitch service providers can choose from the GXP1600 series of Basic IP phones, the GXP1700 series of Mid-Range IP phones, the GXP2100 series of High-End IP phones, the DP series of DECT Cordless IP phones and the GXV series of IP Video Phones for Androidâ„¢.

These devices are supported by the Metaswitch SIP Provisioning Server endpoint packs available from the Metaswitch Communities Mosaic website to enable service providers to easily configure these devices in the field.

Grandstream Networks, Inc. has been connecting the world since 2002 with SIP Unified Communications products and solutions that allow businesses to be more productive than ever before.

Source: financial-news

Comments Off on Israel Telecom Firm Bezeq’s Chairman Suspected of Fraud – Regulator

Israel Telecom Firm Bezeq’s Chairman Suspected of Fraud – Regulator

Posted by Admin | June 22, 2017 | Telecoms

TEL AVIV, June 21 – Israel’s markets regulator said on Wednesday that it suspected the chairman of Bezeq Israel Telecom of fraud after it opened an investigation into the country’s largest telecom group.

The Israel Securities Authority  raided the company’s offices on Tuesday as part of an investigation into Chairman Shaul Elovitch and other executives over alleged improprieties surrounding a billion-shekel deal.

Elovitch, who controls the telecoms company through holding company Eurocom Group, was held for questioning and then released on 5 million shekels ($1.4 million) bail by a Tel Aviv court on Wednesday.

He has denied any wrongdoing.

The case focuses on Bezeq’s 2015 acquisition of the remaining stake in its satellite TV unit, YES, from parent company Eurocom.

The ISA said it suspects Elovitch acted in a conflict of interest and that Bezeq executives are suspected of interfering with operations connected to that deal over the following year to artificially impact financial reports.

Elovitch and two senior officers at YES – both of whom were remanded to house arrest while denying wrongdoing – are suspected of fraud, financial reporting crimes and obstruction of justice, the ISA said.

Both Bezeq and Eurocom declined to comment.

Bezeq shares fell nearly 5 percent on Tuesday, but held steady on Wednesday at 6.16 shekels.

Eurocom gives Elovitch control over a myriad of assets such as satellite operator Spacecom and Enlight Renewable Energy. He is also a close friend of Prime Minister Benjamin Netanyahu, a relationship that bars Netanyahu from dealing with all things Bezeq.

Bezeq has dominated Israel’s telecom sector for decades and, with a generous dividend policy of distributing all its net profit, is a favourite among foreign investors. ($1 = 3.5410 shekels)

Source: dailymail

Comments Off on Corporate Procrastination: IT Security’s Biggest Weakness

Corporate Procrastination: IT Security’s Biggest Weakness

Posted by Admin | June 21, 2017 | IT Security

By now, there’s no excuse for ignoring IT security – lack of awareness is no longer a credible defence. Similarly, there’s no shortage of places to go for advice, tools and services to protect vital systems, services and data. There’s a multi-billion dollar security industry out there providing tried and tested technology, where the best levels of protection usually defeat all but the most determined attack.

But a quick look at media coverage around IT security disasters underlines not only the ongoing risks, but also a sense of urgency for a stronger response from businesses and authorities alike:

“. . . as companies count the cost, IT directors are drawing up radical plans to prevent a repeat.”

“So what do we, and what should we expect the UK Government to do about computer security?

“Unless we come up with some better protection than at present for the virus threat, our systems could be facing a major catastrophe in the near future.”

The thing is – these are concerns and opinions as they were expressed in the media 17 years ago in the aftermath of the damage caused by the ‘Love Bug’ computer virus.

Yet, this coverage could just as easily have appeared last week. So, what’s going on? Is the technology industry fighting a losing battle? Are the products and services just not good enough, or is the challenge more closely related to how many businesses treat IT challenges in general and security in particular – it’s just not a big enough priority for them.

We’re in this situation despite the fact that security breaches are exceptionally expensive. The 2016 Ponemon Institute ‘Cost of Data Breach Study’ put the average consolidated cost of a data breach at $4million.

And, according to Dark Reading, 2016 saw over 4,000 data breaches exposing 4.2 billion records. The report goes on to detail that 82,000 cyber incidents (data loss, ransomware, phishing, etc) hit 225 organisations around the world every day. Experts quoted in the report believe that “more than 90% of cyber incidents could have been prevented.”

Now, it’s difficult to draw detailed conclusions by just looking at these reports, but what they help illustrate is that it’s a very big problem costing an enormous amount of money.

As for the capabilities of the security industry – yes, security breaches are numerous, they happen globally and undoubtedly the ones we hear about probably represent a fraction of the real scale of the problem. But even then, the vast majority of organisations are rarely breached and a great many can resist most threats. Even though the volume of IT security incidents continues to rise, it seems clear that organisations determined to protect themselves can do a good job.

That’s certainly reflected in the value of the global IT security market, which one study estimates will reach $202bn by 2021.

Procrastination is the thief of time

If we accept that the problem of IT security breaches is well understood, are a very common, hugely expensive problem but can often be prevented, where does that leave us?

Arguably, we are back to a self-imposed mindset that was as well known in the year 2000 as it is today: it’s all about priorities.

Is there perhaps a common mindset out there that stops businesses taking security seriously?  Is it because business leaders see security as an investment with no return?  You pay for IT security, but you never get anything back as a result because the ultimate objective is just that nothing bad happens.

Or is it just that the perceived danger isn’t tangible enough?  Either way, somehow, the risk/reward element doesn’t create enough urgency, so businesses just put it off until later.  Then, they get hit by an attack or breach, and only then do the financial brakes come off and they spend to prevent it happening again.

From the ‘Love Bug’ virus in 2000 to WannaCry a month ago, corporate procrastination has consumed nearly 20 years as if it never happened. Yet, something as simple as a change in mindset could go a huge way to frustrating the efforts of cyber criminals so we aren’t having the very same debate for the next two decades.

Source: huffingtonpost

Comments Off on Tripwire ExpertOps Eases Resource Constraints In Cyber security Management

Tripwire ExpertOps Eases Resource Constraints In Cyber security Management

Posted by Admin | June 13, 2017 | IT Security

Solution provides cyber security and compliance risk management software and services, acts as virtual extension of an organisation’s security team.

London, UK – Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today announced the launch of Tripwire® ExpertOpsSM, a cloud-based file integrity monitoring  and security configuration management solution for organizations lacking the in-house resources needed to maintain cybersecurity and compliance risk at their desired levels.

Tripwire ExpertOps helps customers focus more on detecting breaches and maintaining compliance by deploying, managing and ensuring optimal operation of their security and compliance solutions. By providing FIM and SCM with personalized consulting and managed services, Tripwire ExpertOps reduces both the workload and complexity of managing critical security controls.

“Tripwire ExpertOps helps our customers understand what they should be focusing on in terms of security and compliance,” said Jeff Simon, vice president of customer services at Tripwire.  “Acting as an extension of our customers’ teams, Tripwire ExpertOps provides analysis of security and compliance data and is a huge benefit for our customers, as it allows their own teams to spend less time managing tools and more time on protecting their organizations.”

With the cybersecurity industry suffering a workforce shortage that’s expected increase 80% to 1.8 million by 2022, many organizations are struggling to build and maintain a full in-house staff of security professionals to manage security processes and tools on their own. These organizations not only need streamlined product deployment and management, they need consistent expertise.

Tripwire ExpertOps provides customers with guidelines and status reports for security, compliance and configuration hardening. The Tripwire ExpertOps team also provides insights when security incidents occur and offers recommendations on how to defend against them. In addition, the solution provides executive-level reports that indicate an organization’s status in meeting their security goals and objectives, along with insight into areas of improvement.

“Cybercrime continues to be one of the biggest challenges organizations face today. Businesses need robust security solutions that are easy and efficient, and sometimes hands-off,” said Tim Erlin, vice president of product management and strategy at Tripwire “With Tripwire ExpertOps, organizations benefit from security solutions that perform at their best, despite limited internal resources.”

Tripwire ExpertOps is available now, and features:
– Simple subscription pricing for best-in-class FIM and SCM.
– Detailed understanding of good vs. bad changes.
– Broadest depth and breadth of compliance policy and platform coverage.
– Support from designated Tripwire experts.
– Cloud-hosted infrastructure combined with managed services

Source: informationsecuritybuzz

Comments Off on Cyber Security in 2020: Boosting Protection with Traps and Tripwires

Cyber Security in 2020: Boosting Protection with Traps and Tripwires

Posted by Admin | June 13, 2017 | IT Security

Threat intelligence sharing will define the cyber security industry by 2020, as an effective method to combat the cyber attackers.

A cyber attacker determined to breach a business’s IT defences will do whatever they can to succeed. They’ll come at them with sophisticated malware and a detailed knowledge of your business, trying to bypass security measures by sneaking in via an infected email attachment, malicious web link, compromised website or USB stick opened by an unsuspecting employee.

They may lie dormant in a business’s systems for months, but one day they will strike, unleashing cyber-espionage tools designed to seek out and steal your most precious and confidential information. Whether any of this effort gets them anywhere is another question.

Companies now realise that securing every endpoint, network and system is still critical, but is unlikely to be enough on its own. Certainly not against an advanced, targeted attacker.  Welcome to the brave new world of anti-targeted attack solutions and threat deception.

Anti-targeted attack solutions are embedded deep within your IT operations and can monitor and detect even the slightest anomaly in daily workflow.  Such solutions sit at the heart of a new approach to cyber-defence, one that regards security as a continuous process. Threat deception complements this approach, adding a new strategy to the fight against targeted attacks.

Threat deception involves adapting your internal IT in such a way that attackers are never quite sure whether what they are looking at is real. It includes the use of decoys (credentials, documents, servers, networks and more), placed at strategic points in the network, and carrying false information to confuse and trap attackers.  The main purpose is to distract the attacker from the genuine information.

These decoys have a built-in tripwire that triggers the security alarm as soon as they are accessed, so that attackers can be contained and neutralised, or sent off on a fruitless journey through the network.  With every step they reveal valuable intelligence about their intentions and, together with your other security solutions, the compromised points in your business processes.

Gartner estimates that one in ten businesses will have adopted threat deception techniques by 2018, with numbers set to rise further into the next decade as business awareness improves and the technology evolves.

Battle tactics

The approach of deceiving opponents into thinking you’re something or somewhere you’re not is one of the oldest military tricks in the books. Lures and decoys have been used in conflicts throughout history to distract, delay or confuse the enemy, often with great success.

Cyber attackers have embraced this approach – for example, by planting ‘false flags’ in their malware code to muddy the waters of attribution and point the finger of blame at other attack groups or even countries.

The most basic implementation of cyber deception is the use of a classic ‘honeypot’, which, in most cases, involves isolated traps often outside the main infrastructure and its sensitive data. Honeypots have been used in cybersecurity since about 1990.

However, attackers have learned how to spot – and avoid – such traps and even how to use them as a way to break into the network. The emerging approach of threat deception is taking defensive subterfuge to a whole new level.

Feel the fear and do it anyway

Organisations sometimes don’t realise they, or their partners and contractors, have been compromised until days or even months after it has happened; unaware that attackers are inside their network helping themselves to their intellectual property, financial records, confidential communications, encrypted information, contacts and more. Putting an end to such potential damage requires new technologies, but also a new mind-set about IT security: don’t fear the invasion, prepare for it.

Divert, distract, delay

Threat deception strategy can be implemented on many levels, with false or misleading components installed on various levels like networks, endpoints, applications, documents, or even records in databases. None of them should get in the way of day-to-day operational needs.

The following scenario is an example of how it might work: upon breaching the perimeter, cyber attackers tend to deploy their malware tools on an endpoint – such as a computer – to extract credentials during an active session of the operating system.

Through threat deception they could receive fake credentials. Then, when they try to use these credentials on other network resources, the organisation will be able to monitor their appearance and movement in the network, control and mitigate the attack.

Or, if the attackers make it as far as the data – either without detection or detected-but-contained, and under surveillance – they could find themselves capturing a tagged decoy document where they expect the confidential goodies to be, such as on a computer belonging to the CEO. They have no way of telling the difference.

Tracking the trackers

The key is to understand your network, and the systems or data of greatest potential interest to an attacker.  Then set your traps in these areas. As soon as the attacker strikes, the alarm is triggered and their cover is blown. They can then be contained or, using other deceptive techniques, sent off on a wild goose chase where they can do no harm, but their actions can be tracked and analysed.

In the meantime, the company can isolate the targeted areas and learn more about what kind of data the attackers were after, the malicious tools they used and the weaknesses they have exposed. This kind of intelligence will help the victim to close any gaps and better understand who might want to target them, why and how.

Know your enemy – your enemy knows you

Knowledge is power. As the stakes between cyber attackers and their targets continue to rise over the coming years, the value of such knowledge will only increase. Cyber security in 2020 will be marked by more subtle, intelligence-led tactics, complemented by human insight and analysis. Threat deception, either on its own or as part of a multi-layered anti-targeted attack process, will be an integral part of this.

Source: information-age

Comments Off on Oxial Provides Real-Time View of Cyber Security Threats

Oxial Provides Real-Time View of Cyber Security Threats

Posted by Admin | June 13, 2017 | IT Security

Organisations can now benefit from a real-time and integrated view of all cyber security threats, thanks to the new IT GRC solution from new generation GRC solution provider OXIAL, that integrates IT risks and threats with overall risk and compliance structures.

Based on years of experience managing IT systems, and collaborating with information security experts, OXIAL IT GRC combines disciplines to guarantee a better level of security and performance, and provides powerful features to manage IT priorities in line with business expectations.

OXIAL IT GRC offers risk, audit and control modules, as well as information security modules focused on an IT Governance approach, for either the Financial Services or Insurance Industry. It allows quantitative and qualitative measurement of the risks and their financial impact, thus reducing human errors, fraud, or quality issues.

“The cyber threat in 2017 is more professional and targeted than ever before and organisations are increasingly vulnerable to such attacks,” said Eric Berdeaux, CEO, OXIAL. “Because IT risks are now business risks that come with business consequences, organisations must adapt the way they manage those risks. This is not an “IT Department” contained matter and it requires an effective risk management capability, a common language and a common framework for decisions and controls. Thus, reducing fires to fight, reducing costs, re-focusing on more productive activities creating business value. By incorporating IT GRC into a company’s overall GRC framework, employee interactions are moulded from the bottom up, with checks at all levels and types of access point.”

Key benefits of the solution include:
• Manage unified compliance framework with pre-formatted regulations, methodologies, frameworks and security policies (Cyber, GDPR, ISO27001,NIST CSF,..)
• Assign measures to team or people, follow up on actions, manage delays
• Manage security control catalog based on best practices
• Provide a flexible issue management system
• Produce in seconds dynamic compliance reports
• Assess environments by using best in class audit programs
• Compare year on year trends
• Link assets to entities to business and IT processes
• Load external audit programs, remarks, recommendations & actions
• Monitor
• End to end data protection using best in class encryption management system (Global Data Sentinel)
• Use watchdog technology to find inappropriate behavior

OXIAL IT GRC is based on the idea that IT risk management begins with smart and effective governance. IT risks are so many and varied, and have such serious consequences for the entire business, that they really are business risks and should be managed as such. The new solution therefore provides a balanced and comprehensive view of all an enterprise’s business risks, bringing together all elements of IT risk including availability, security, project management and disaster recovery and integrating with overall risk and compliance structures.

Based on the COBIT IT framework and fully COSO compliant, IT GRC provides a quantitative and qualitative measurement of the risks and their potential financial impact, and guides senior executives on how best to manage these risks.

“Bringing IT security into a more centralised risk management strategy is not only more effective for cyber security, but it will improve communication between IT and management,” continued Eric Berdeaux. “Risk management is a board-level issue and this approach makes it easier to secure budget and resource when senior executives understand the risk and potential damage to the business.”

Source: finextra

Comments Off on Look to AIM For These Tech Innovators

Look to AIM For These Tech Innovators

Posted by Admin | June 13, 2017 | Unified Commuication

Head of technology research at finnCap, Andrew Darley, tells us why AIM is the best place to invest in fast-growing businesses that drive productivity and efficiency.

With companies under increasing regulatory burdens and pressure to demonstrate corporate best practice to stakeholders, there has been a significant uptick in digital transformation, enhanced by the opportunities derived from automation, data analytics and artificial intelligence, and minimum cybersecurity requirements.

Innovations in enterprise software have been part of this trend. Communications technology such as “Unified Communications” embodies the “convergence” principles which have received lip service for over a decade.

Unified processes, systems, and workflow management increase overall productivity and efficiency. They can also be the difference between mere survival and thriving in any given industry, regardless of size and scale.

All non-core elements of a business should be able to be outsourced or pushed to the cloud: digitally transformed with next-generation software, particularly the less glamourous roles within any organisation like administration, inventory and stock-taking, financial controlling and risk management.

Ideagen plc (IDEA) provides governance, risk and compliance management software. The company recently acquired PleaseTech, which specialises in providing simultaneous, controlled and secure collaboration for co-authoring and redacting documents, incorporating an audit trail of transparency and accountability.

It isn’t just internal processes that provide benefits. Customer relationships can also be significantly improved. If we consider what we demand on a personal level from our technology today, businesses must step up if they are to succeed and retain customers.

Banks that have developed apps for ease of access to accounts, and route optimisation software for delivery vans employed by the likes of Ocado (OCDO), are perfect examples.

Moreover, “omnichannel” customer contact capabilities provided by the likes of Netcall (NET) offer interaction and unified record keeping with customers whether through email, phone, tweets, or web interaction.

We can expect many more new developments given that vendors are in a state of constant flux in order to cater for the significant shift from office-based to mobile technologies.

Given the human fallibility of manual data input into spreadsheets – recent research showing more than four out of 10 companies struggling to use them efficiently – businesses are moving towards what Deloitte describes as the “kinetic enterprise”.

Simply put, this is companies developing the capacity to keep up and flourish in an ever-evolving environment. Niche, cloud-delivered, interoperable software is now the norm, the opposite of the monolithic systems preferences worshipped by impractical IT departments of old.

Global IT research firm Gartner predicts a growth in enterprise software spending of 5.5% in 2017, while simultaneously seeing a cut in investment on hardware as companies opt to use more cloud-based technologies.

This makes good business sense if we consider that, according to McKinsey, large IT projects costing over $15 million (£11.6 million) run on average 45% over budget while delivering 56% less value than forecast. Small is beautiful, delivered by specialists.

Many businesses, large and small, are still dragging their feet on updating archaic systems and infrastructure under the misconception that introducing new digital technology will be expensive, time-consuming and require costly user training. True, change can be disruptive, but the efficiencies of the cloud for small and mid-size companies can’t be ignored.

An increasing number of companies are embracing tech advances to improve productivity and efficiency with faster reaction and turnaround times, enhanced collaboration and improved decision-making.

This is not bleeding edge, or even leading edge, with the cloud now the accepted norm as opposed to the risky choice. Software and services to achieve this are already out there.

Taking the time to explore them with a needs-based approach might be the most worthwhile investment a company makes – and AIM offers investment opportunities in a fleet of companies benefiting from customers likely to adopt just that logic.

Source: iii

Comments Off on Virgin Media Plugs Security Flaw In A Brace Of Its Wireless Routers

Virgin Media Plugs Security Flaw In A Brace Of Its Wireless Routers

Posted by Admin | June 12, 2017 | IT Security

Hackers could have exploited the flaw to gain administrative access to affected home hubs.

A security flaw has been discovered in a brace of Virgin Media wireless routers that allowed unauthorised administrative-level access the home hubs. 

Discovered by Context Information Security through reverse engineering the software on the Virgin Media Super Hub 2 and Super Hub 2AC  wireless routers, a flaw in the backup feature of the devices allowed hackers to download the router configurations, such as dynamic DNS and port forwarding settings. 

Though such backups are encrypted, the encryption key is the same for all of the routers, meaning hackers with administrative access to the vulnerable routers could get access to the backups information, add their own instructions to it then restore the backup to the hub, thereby compromising it. 

Hackers with this access could gain remote access to the targeted hub and monitor all network traffic to and from the device. 

Hacked hubs

“The Super Hub represents the default home router offering from one of the UK’s largest ISPs and is therefore present in millions of UK households, making it a prime target for attackers. While ISP-provided routers like this are generally subject to more security testing than a typical off-the-shelf home router, our research shows that a determined attacker can find flaws such as this using inexpensive equipment,” said Andy Monaghan, a principal security researcher at Context. 

The cyber security firm notified Virgin Media of the flaw, and the telecoms company rapidly pushed out a patch to plug the security hole. 

“Virgin Media has deployed a firmware patch to our SuperHub 2 and 2AC routers that addresses this issue,” a Virgin Media spokesperson told Silicon

“We take the security of our customers very seriously and experts within our organisation often work with trusted third-parties to help keep our customers as secure as possible. We thank Context for their professionalism and cooperation.”

Router of all evil 

Netgear is the provider of routers to Virgin Media, so it would appear that the flaw originated from it rather than a a problem introduced by Virgin Media. 

“[Internet Service Providers] will always be at the mercy of their hardware suppliers to some extent,” said Jan Mitchell, a senior researcher at Context. “Recent press coverage of attacks such as the Mirai worm highlights the importance to vendors of carrying out independent security testing of their products to reduce the likelihood of exploitation in production devices. Thankfully, Virgin Media was quick to respond to Context’s findings and start the remediation process.”

So far there have been no reports of the routers being hijacked by hackers out in the wild, so it would appear Virgin Media’s rapid response helped it dodge a nasty cyber security bullet. 

TalkTalk has not been so lucky with its routers, as the most of the Mirai botnet in the UK consist of routers from TalkTalk.

Source: silicon