An illustration picture shows projection of binary code on man holding aptop computer in Warsaw

Anti-ISIS group claims cyber-attack on BBC, says was only a test

LONDON (Reuters) – A group of computer hackers that wants to target Islamic State has claimed it was behind a cyber attack on the BBC which it intended as a test of its own capabilities, according to messages sent to a reporter at the broadcaster on Saturday.

“It was only a test, we didn’t exactly plan to take it down for multiple hours,” the group called New World Hackers said in a message sent to the BBC’s technology correspondent, Rory Cellan-Jones, which he posted on Twitter.

“We realize sometimes what we do is not always the right choice, but without cyber hackers … who is there to fight off online terrorists?”

The BBC’s online services, including its news website and iPlayer catch-up TV platform, were taken down for a few hours on Thursday by a large web attack. The broadcaster, citing sources inside the corporation, described as a “distributed denial of service (DDoS)” attack.

A DDoS attack typically targets sites by flooding servers with messages from multiple systems so they are unable to respond to legitimate traffic.

A BBC spokeswoman said the broadcaster would not comment on the claim of responsibility made by the group.

(Writing by William Schomberg, editing by Larry King)

This article was from Reuters and was legally licensed through the NewsCred publisher network.

The BBC website and iPlayer are hacked

BBC website and iPlayer down after cyber attack

The BBC website and iPlayer platform were the victims of a hack on Thursday, December 31, which took them both offline for several hours.

Having initally claimed a “technical issue” was responsible for the Error 505 message displayed when users tried to access its website or catch-up service iPlayer, the BBC has now announced that the problems were, in fact, due to a “large web attack” following a “distributed denial of service” cyber hack. A DDoS attack consists of false messages bombarding the server to prevent legitimate traffic getting through.

The hack occurred at 7 a.m. GMT, but services were functionning quasi-normally by 10.30 a.m.

This article was from AFP Relax News and was legally licensed through the NewsCred publisher network.

Illustration file picture shows a man typing on a computer keyboard in Warsaw

Ukraine to investigate suspected cyber attack on energy grid

KIEV (Reuters) – Ukraine will investigate a suspected cyber attack on its power grid, the energy ministry said on Thursday, an incident the country’s secret service has blamed on Russia.

A power company in western Ukraine, Prykarpattyaoblenergo, said on Dec. 23 that a swath of the area it serves had been left without energy, including the regional capital Ivano-Frankivsk, due to “interference” in the work of the system.

The Ukrainian Security Service SBU later blamed Russia, which has not so far commented on the allegation. The energy ministry in Kiev said on Thursday that it had set up a special commission to investigate what happened.

While cyber attacks are commonplace, few successful assaults on industrial targets have been documented. However, in 2010 the Stuxnet campaign, believed to be the work of the United States and Israel, damaged Iran’s nuclear programme while a 2014 attack shut down operations at a German steel mill.

The SBU said in a statement on Monday that it had managed to thwart the malware, which was launched by “Russian security services”.

“It was an attempt to interfere in the system, but it was discovered and prevented,” an SBU spokeswoman told Reuters on Thursday, adding that the region would have faced a much longer blackout if the malware had executed as the attackers had intended.

The Kremlin could not immediately be reached for comment.

Computer security experts consider Russia as one of the world’s most advanced cyber powers, along with the United States, China, Israel, France and Britain.

Relations between Russia and Ukraine have sharply deteriorated since Moscow annexed Crimea last year and supported pro-Russian rebels in eastern Ukraine.

Russia has complained that it itself has become a target. In 2014, President Vladimir Putin said Russian security services had detected a sharp rise in cyber attacks, particularly after the Ukraine crisis worsened and ties with the West deteriorated.

Crimea has lost at least one quarter of its power after Ukraine switched off supplies to the contested peninsula on Wednesday, a situation that Ukrainian police blamed on unidentified saboteurs blowing up an electricity pylon.

(Reporting by Pavel Polityuk in Kiev and Jim Finkle in Boston; Editing by Andrew Osborn and David Stamp)

This article was written by Pavel Polityuk from Reuters and was legally licensed through the NewsCred publisher network.

Illustration file picture shows a man typing on a computer keyboard in Warsaw

BBC reports own websites hit by cyber attack

LONDON (Reuters) – The BBC’s [TBBC.UL] online services, including its news website and iPlayer catch-up TV platform, were taken down on Thursday by a large web attack, the British broadcaster reported.

The BBC’s sites, which rank only behind Google and Facebook in visitor numbers in Britain, according to Internet analytics firm comScore, were hit from 0700 GMT, with many users receiving an error message rather than content.

The broadcaster itself reported it had been hit by a “distributed denial of service (DDoS)” attack, citing sources within the organization.

DDoS attackers typically target sites by flooding servers with messages from multiple systems so they are unable to respond to legitimate traffic.

The BBC press office said it would not confirm or deny it had been hit by an attack.

“We’re aware of a technical issue affecting the BBC website and we are working to fix this now,” the BBC press office said.

It said at 1145 GMT its sites were back up and operating normally.

(Reporting by Paul Sandle; Editing by Alison Williams)

This article was from Reuters and was legally licensed through the NewsCred publisher network.

Security, Exchange, Office, and more: The year's top Windows topics

Security, Exchange, Office, and more: The year’s top Windows topics

It’s been a good year for technical journalists. There’s been plenty to write about, both good and bad, especially when it comes to enterprise Windows. I’ve had fun doing it.

In case you missed them, here is a look back at some of the articles I most enjoyed writing over the past year:

[ The Windows 10 developer’s dilemma: Go Universal or stick with the desktop? The choice won’t be easy. | Stay up on key Microsoft technologies with the Enterprise Windows blog and Windows newsletter. ]”Prevent phishing attacks with OpenDNS, ‘Minority Report’-style”

My first article of 2015 remains relevant. We’re always looking for new ways to protect our environments, and DNS protection might be worth the investment at your organization. The ability to block threats at the DNS level can be yet another defense-in-depth layer as we face new attacks in the year ahead.

“Solution architect, reinvent yourself for the cloud”

IT professionals and solutions architects must stop sleepwalking into the cloud and instead look for a new career path going forward to remain relevant. It’s worth considering becoming a cloud solutions architect (aka a risk mitigation architect). Simply because you are moving off your own infrastructure doesn’t mean you should give up and let your cloud vendor (Microsoft or otherwise) do it all.

“Email security and spear phishing secrets of an ex-hacker”

This year, I had the pleasure of being on the same speaking program as famous hacker Kevin Mitnick. In this article, Mitnick shares his thoughts on protecting organizations from spear phishing threats and identity theft. What you don’t know is that the very next day, I was targeted by a false spear phishing drill and failed it. Yep, I clicked the link! Embarrassing? Indeed — but enlightening. You can train users extensively to protect against most attacks, but you also need technology in place to protect them when they fail. And we all fail from time to time.

“Exchange 2016:  You’ll swear it’s Exchange 2013″

In this article, I talk about the minimal number of enhancements and new features in Exchange 2016, which still feels more like a Service Pack than a new release. But that is all part of Microsoft goal of “cloud first” and the majority of their development creativity being put into Exchange Online.

“Microsoft Threat Protection may not be right for you”

I put a lot of effort this year into reviewing the new advanced threat protection (ATP) features that can be added on to Exchange Online Protection, the results of which can be found in this article. The upshot is that the features are lacking, and I explain why.  Definitely consider checking out that article if you are considering ATP.

“Bold prediction:  Microsoft will rule the cloud”

This was a fun one to write. Based off the purchase this past year of EMC by Dell, I decided to poke the haters and proclaim Microsoft the future king of the cloud, beating out all rivals. The responses to provocative articles like this one are always fun to read, as you might expect. It’s not personal, just business. Microsoft is gaining ground in both the IaaS world with Azure and the SaaS world with Office 365. Of course, the mobile device and/or tablet world are a different story for Microsoft.

“Beware the Death Star flaw in Office 365″ 

This year saw a few major outages for Office 365, and the one a few weeks back hit right at the same time the new “Star Wars” movie came out. Of course, there was an irresistible analogy to be made.

Side note (no spoilers): I saw the movie and liked it, but for those of us who already embraced the expanded universe view of what took place after “Return of the Jedi” it was a little difficult to rewrite that history and erase characters we’ve already become emotionally invested in. Somebody could have helped J.J. Abrams appease the true fans, those of us who read all those books. I mean, saying there is no Mara Jade is like saying there is no Ahsoka Tano. Am I right? (Use comments below to vent with me.)

Thank you to all who read my column faithfully (or sporadically for that matter). It’s been a great year with plenty to write about. I look forward to seeing what 2016 brings in terms of new tech, solutions, and strategies from the world of enterprise Windows.

Key trends shaping the Indian IT space in 2016

Key trends shaping the Indian IT space in 2016

By: Madhusudhan KM, Chief Technology Officer, Mindtree

Technology is pervasive in business environment and constantly creating new opportunities for every industry. Companies are bringing IT to the pole position of their strategic priorities in this fluid business environment. Be it Internet of Things, cyber security or digital transformation, the fast paced technological advancement pushes ahead a new way of thinking and doing things.

2015 set the pace for some remarkable technological leaps, which are bound to get even bigger in the coming year. There are plenty of exciting prospects for enterprises to undertake and stay ahead in their respective businesses. Let’s look at the key IT trends for 2016 that will impact the IT service enterprises:

Internet of Things (IoT) – Internet of EVERY-Thing

According to the industry experts, by 2020, the Internet of Things or IoT will comprise 50 billion objects. The industrial sector already uses IoT extensively. In manufacturing, assembly line and proactive maintenance of all the manufacturing equipment is based on a very robust IoT system. This is because the IoT apps can make quintessential business processes smoother to run for any industry.

For instance, in the retail space, the IoT apps can enable intelligent shelf replenishment where the shelf itself sends signals about when it needs to be replenished. In the supply chain landscape, features like route planning and management, logistics and geo fencing are actually possible today, thanks to IoT apps.

There are also many start-ups in India that are working towards building their ecosystem around IoT. The Indian IT firms are partnering with such start-ups to explore and build innovative industry solutions. IoT is also the base technology platform for concepts such as Smart Cities, Smart Buildings and Smart Home solutions.

Automation and Dev-Ops – Making Automation Intelligent

Automation is all about improving productivity and efficiency, while doing things faster with lesser human intervention. Everything in the software development lifecycle – architecture, coding, testing, deployment, operations or maintenance – can be automated

Dev-Ops (Development & Operations) will play a significant role in creating an environment where building, testing, and releasing software will happen more quickly, regularly, and reliably. For example, as soon as a developer checks in the code, the scripts integrate, test & deploy code and run automatically.

Using this method, one could also apply quality checks at various checkpoints in the pipeline. At the highest level of maturity, adoption of machine learning can be applied wherein systems continuously learn and get better at doing certain tasks. This technology would benefit businesses that are currently heavy on FTEs such as call centres, reducing 50-60% of the workforce, which may even grow to a staggering 80% over time!. This also means consistency in service quality because machines don’t get tired and apply the knowledge learned consistently every time.

Cybersecurity – The Bane of New Technology?

According to security researchers, most online devices can be hacked. In 2014, a duo proved this right by hacking into a 2014 Jeep Cherokee over the Internet and turned the steering wheel, disabled the brakes temporarily and turned the engine off. (See source article here)

For this reason, some refer to IoT as the “Internet of Targets”. While that description may be exaggerated, by the virtue of it being a technology, IoT is clearly not imperishable.

In an era of easy data movement & access and BYOD strategies, it is IT service providers’ onus to educate and advise their customers on all the risks that come with adopting a certain technology and how those risks can be countered through security solutions.

Demand for reskilling

In an Oxford research on “Future of employment”, it is predicted that about 47% of total US employment is at risk. While they cover broader job families, this is for knowledge industry as well.

Today, the systems, technological issues and consequently their solutions are getting more complex. Also, the number of technologies that come into play has increased. Therefore, the IT service space will have to look at tweaking the traditional skills and focus on reskilling, along with experimenting with different methods of hiring and training from the campus.

Having said that, it is important to hark back to the fact that while there is a lot of interest and adoption of digital technology, there is still 60-70% traditional business and only 30% digital business every IT company in India is doing. This trend will continue till 2020, although traditional services like application maintenance, infrastructure support & tech services and Testing services will take different shapes and forms.

On the cusp of these tectonic technological shifts, the challenge for IT service providers will be to manage and find the right talent for both traditional and digital business models.

These exciting developments will have to be greeted by the IT service industry that is ready to move from a highly linear model to a nonlinear model. This trend will anyway be enforced by different forces in the market that will push the sector to employ less people, but the right people, while generating the same amount of revenue.

2016 will see the IT industry move up the value chain in India with increased automation, better cyber security awareness, increased IoT deployment and reskilled workforce ready to take the challenge head-on.

© Copyright © 2015. Cyber Media (India) Ltd. All rights reserved. Provided by SyndiGate Media Inc. (

This article was written by DQINDIA Online from Dataquest and was legally licensed through the NewsCred publisher network.

The Biggest Cyber Stories of 2015

The Biggest Cyber Stories of 2015

What are the top 10 Cyber security breaches of 2015? originally appeared on Quora: The best answer to any question.

Answer by Sai Ramanan, Lead Quora’s Corporate Information Security, on Quora.

Data breaches have become a status quo considering how attackers keep finding paths to infiltrate networks and steal confidential information. Last year, we have seen big industry breaches such as Sony, JP Morgan Chase, Target, eBay etc. This year hasn’t changed much. The security industry has seen not just targeted attacks at these organizations but also there is this theme around the nation-state-sponsored hackers because they are generally resourced the best, and their collective motivations run across the spectrum. While the security breach barrage on one end continues, investments are pouring into security technologies on the other end and it’s clearly not enough.

Here are the top 10 cyber security breaches of 2015 categorized from least to most compromised records.

10. Slack
When it happened: March 2015
No of records compromised: 500,000 email addresses and other personal account data (phone number, Skype ID, etc.)
Slack’s blog confirmed that Slack’s hashing function is bcrypt with a randomly generated salt per-password. We have seen so many unauthorized database incidents before. Haven’t we? Think about HipChat and Twitch. It was not too long before they experienced similar breach.
Lesson Learned: For companies that are still relying on passwords, it’s a blow. Do not just use salting. Invest in technologies and people to prevent hackers getting access to your database in the first place. Overcome the post-breach mindset.

9. Hacking Team
When it happened: July 2015
No of records compromised: 1 million emails
The Hacking Team develops spy tools for government agencies, including those that can go around traditional anti-virus solutions.This breach published more than 1 million emails from the Italian surveillance company, revealing its involvement with oppressive governments as well as multiple Flash zero-day vulnerabilities and Adobe exploits. As a cyber security professional, this is definitely frightening. A full list of Hacking Team’s customers were leaked in the 2015 breach that included mostly military, police, federal and provincial governments.
Lesson Learned: Patch your systems and applications. Inventory your systems and applications. This has been extensively covered as part of NIST SP-800-137, SANS CSC and ASD.

8. Kaspersky
When it happened: June 2015
No of records compromised: Affected multiple customers
Kaspersky blog reported that “We’ve found that the group behind Duqu 2.0 also spied on several prominent targets, including participants in the international negotiations on Iran’s nuclear program and in the 70th anniversary event of the liberation of Auschwitz”.
If you don’t know about Duqu, it’s sometimes referred to as the stepbrother of Stuxnet. One of the most notable features of Duqu 2.0 was its lack of persistence, leaving almost no traces in the system. The malware made no changes to the disk or system settings: the malware platform was designed in such a way that it survives almost exclusively in the memory of infected systems. The technical details about this are published here.
Kaspersky’s breach just proves that some of the security-conscious organizations can fall victim to determined hackers.
Lessons Learned: Security teams have to adopt this as part of continuous monitoring strategy. Know your network. Train your teams to alert for any suspicious activity on the network. Do not just monitor inbound communications. Be watchful of all the security updates as a general best practice.

7. CareFirst BlueCross BlueShield
When it happened: May 2015
No of records compromised: 1.1 million records
1.1 million members had their names, birth dates, email addresses and subscriber information compromised, but member password encryption prevented cybercriminals from gaining access to Social Security numbers, medical claims, employment, credit card and financial data.
CareFirst discovered the breach as part of a Mandiant-led security review that found hackers had gained access to a database that members use to get access to the company’s website and services
Lesson Learned: Enable DNS query logging to detect hostname lookup for known malicious C2 domains. Detect random string entropy – unknown certificates, file names etc. Disclose and communicate data breaches in a timely manner.

6. LastPass
When it happened: July 2015
No of records compromised: 7 million users
The password management company LastPass revealed that it had been the victim of a cyberattack, compromising email addresses, password reminders, server per user salts and authentication hashes. “LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed”, the company said.
Salts are really not useful for preventing dictionary attacks or brute force attacks. One of the drawbacks of the hashing algorithm PBKDF2-SHA256 employed by LastPass is that it was not designed to protect passwords.
Lesson Learned: For end users, make sure you rotate master passwords periodically. Also ensure that you have password reminders/recovery questions different for every critical application.

5. Premera BlueCross BlueShield
When it happened: March 2015
No of records compromised: 11.2 million records
Premera BlueCross BlueShield said in March that it had discovered a breach in January that affected as many as 11.2 million subscribers, as well as some individuals who do business with the company. The breach compromised subscriber data, which includes names, birth dates, Social Security numbers, bank account information, addresses and other information. There were suits filed against Premera for waiting roughly six weeks to tell victims that their data might have been exposed. Pile of lawsuits filed against Premera– for being negligent, breached its contract with customers, violated the Washington Consumer Protection Act and failed to disclose the breach in a timely manner.
ThreatConnect blog indicates that the prennera[.]com domain may have been impersonating the Healthcare provider Premera Blue Cross, where the attackers used the same character replacement technique by replacing the “m” with two “n” characters within the faux domain.
It definitely looks like suspicious domain, which is likely a spoof of Premera, and a malicious payload signed with the same digital certificate as malware from the Anthem hack.
Lesson Learned: Enable DNS query logging to detect hostname lookup for known malicious C2 domains. Detect random string entropy – unknown certificates, file names etc. Monitor for overly short certificates, certificates with missing information, etc. Disclose and communicate data breaches in a timely manner.

4. Experian/T-Mobile
When it happened: October 2015
No of records compromised: 15 million people’s records
T-Mobile uses Experian to process its credit applications. Experian Plc (EXPN.L), the world’s biggest consumer credit monitoring firm disclosed a massive data breach that exposed sensitive personal data of some 15 million people who applied for service with T-Mobile US Inc.
Experian explained the details on its Web site:
The unauthorized access was in an isolated incident over a limited period of time. It included access to a server that contained personal information for consumers who applied for T-Mobile USA postpaid services or products, which require a credit check, from Sept. 1, 2013 through Sept. 16, 2015.
Brian Krebs reported in his blog that the Experian’s Decision Analysis credit information support portal allowed anyone to upload arbitrary file attachments of virtually any file type. Those experts said such file upload capabilities are notoriously easy for attackers to use to inject malicious files into databases and other computing environments, and that having such capability out in the open without at least first requiring users to supply valid username and password credentials is asking for trouble. Experian’s insecurity has dragged T-Mobile into its privacy scandal.
Lesson Learned: Bake security assessment as part of acquisition strategy. Also, do not open systems exposed to internet without any form of authentication.

3. Office of Personnel Management
When it happened: June 2015
No of records compromised: 21-25 million federal workers records (including both breaches)
On Sep23, OPM Press Secretary Sam Schumach stated that “Of the 21.5 million individuals whose Social Security Numbers and other sensitive information were impacted by the breach, the subset of individuals whose fingerprints have been stolen has increased from a total of approximately 1.1 million to approximately 5.6 million”.
These kind of breaches involving biometric data like fingerprints are unique and particularly concerning because you cannot rotate these unlike passwords. These are permanent identity of those people.
A report (PDF) by OPM’s Office of the Inspector General on the agency’s compliance with FISMA finds “significant” deficiencies in the department’s IT security. The report found OPM did not maintain a comprehensive inventory of servers, databases and network devices, nor were auditors able to tell if OPM even had a vulnerability scanning program. The audit also found that multi-factor authentication (the use of a token such as a smart card, along with an access code) was not required to access OPM systems. “We believe that the volume and sensitivity of OPM systems that are operating without an active Authorization represents a material weakness in the internal control structure of the agency’s IT security program,” the report concluded.
Lesson Learned: Implement multi-factor authentication for admins accessing sensitive systems, implement continous monitoring strategy. It is important to constantly fine-tune your logs and baseline your environment.

2. Ashley Madison
When it happened: July 2015
No of records compromised: 37 million clientele records
Ashley Madison made headline after a hacking group, the Impact team penetrated its servers and published the information of all 37 million users online.
The hackers leaked maps of sensitive information – including internal company servers, employee network account information, company bank account data and salary information. According to security consultant Gabor Szathmari, Ashley Madison may have made things easy for their attackers by writing a variety of credentials directly into their source code — including database credentials, SSL private keys, Twitter OAuth tokens, and Amazon Web Services credentials.
In addition, the database passwords Szathmari found “were between 5 and 8 characters, and many of them contained 2 character classes only.” Aside from hardcoded credentials, Szathmari also noted that the website didn’t employ form or email validation to help screen out bots.
Lesson learned: Never ever store clear-text sensitive data in your source code, rotate your API tokens and service credentials. Educate software developers about secure coding practices

1. Anthem
When it happened: Feb 2015
No of records compromised: 80 million patient and employee records
The breach was revealed in February that exposed an astonishing 80 million patient and employee records. Anthem said the breach exposed names, date of birth, Social Security numbers, health-care ID numbers, home addresses, email addresses, employment information, income data and more. The attack would not have been possible if Anthem had ensured that data at rest was securely encrypted and as a result, millions of peoples’ confidential information would not be in the hands of the hackers.
Derusbi is a family of malware used by multiple actor groups but associated exclusively with Chinese APT as part of Anthem breach.
ThreatConnect blog indicates that the “Sakula” (aka. Sakurel) family of malware, a known variant of the Derusbi backdoor, and was configured to communicate with the malicious command and control (C2) domains extcitrix.we11point[.]com and www.we11point[.]com. They also confirmed that this malicious infrastructure was likely named in such a way to impersonate the legitimate Wellpoint IT infrastructure.
Lesson learned: Do not just rely on perimeter security. Use a threat intelligence platform to be able to recognize potential malware activity from multiple threat intelligence sources and act upon. Encrypt data-at rest and ensure that the encryption keys, network access control and identity management all work together to ensure data is secure.

In 2016, attacks are only going to get worse and we need to step up our game rather than just relying on tools. More security vendors will be targeted, drones hacked, ERP platforms continuing to be used as conduits to cause real-world physical damage by attacking industrial control systems, more darknets and blackmarkets surge and more nation-sponsored attacks to come.

This question originally appeared on Quora. Ask a question, get a great answer. Learn from experts and access insider knowledge. You can follow Quora on Twitter, Facebook, and Google+. More questions:

This article originally appeared in The Huffington Post

This article was written by Quora from Huffington Post and was legally licensed through the NewsCred publisher network.

Persistent Systems partners with Akumina, strengthening partner ecosystem for digital transformation

IT University and PwC India enter into a strategic partnership to develop talent for the cyber security industry

PwC India and NIIT University (NU) have entered into a strategic partnership towards creating a trained talent pool of Cyber Security professionals in India. To this end,academic experts from NU and senior professionals from PwC India have co-created a two-year work-integrated specialized Master’s Programme in Cyber Security.

The Master’s Programme in Cyber Security is amongst the first programmes that blend academic and professional education, with the industry player PwC India being an equal partner in developing and delivering the programme. The key driver in this programme is industry-led research in the Cyber Security space.

Cyber Security market currently at $1 billion, is expected to grow to $35 billion by 2025. The demand for skilled professionals in the space is very high. This demand is coming from domestic companies spending in the country; multinational companies investing in India; increasing government activity in the cyber and cyber security space; and information technology firms bringing in work from clients.

The apex body for the IT industry NASSCOM launched Cyber Security Task Force earlier this year to build India as a global hub for providing Cyber Security solutions, prepare the Cyber Security R&D plan and develop a skilled workforce of Cyber Security experts. The task force aims to build the Cyber Security industry in India from the 1% market share to 10% by 2025; create a trained base of 1 million certified and skilled Cyber Security professionals and build 1000+ startups in Cyber Security from India.

Rajendra S Pawar, Chairman NIIT Group and Founder NU, said, “Technology has changed the way businessesare run and has brought along with it unique challenges and threats. In today’s digitized environment securing our cyberspace has become a priority for businesses and citizens across the world. This calls for a team of trained professionals who are equipped to combat the challenges that are posed by hackers every day.  Our partnership with PwC India is a step in that direction.”

Deepak Kapoor,Chairman, PwC India said, “Cyber Security is a major focus area and the growth driver for PwC India. We currently have around 300 people in this practice and will need to increase it tenfold to about 3,000 people over the next 4-5 years.”

With this programme with NU, PwC India is collaborating with academia to bring industry-ready talent into the market, readily employable with required customized skills set.” Mr. Kapoor added.

First year of the Master’s Programme in Cyber Security will be held at the Neemrana Campus of NU, followed by an internship at PwC India under the supervision of NU faculty. The programme will emphasis on Security Analytics, Threat Intelligence, Industrial Control System and Vulnerability Analysis and also draw on practitioner-experts from PwC India to ensure the right blend of academic concepts and industry application. PwC has worked with NU to devise the curriculum for the programme. In addition, PwC India and NU will co-create specialised laboratories at the University, with advanced hardware and software required for the programme.

Dr Rajendra Pandey, President, NU, said “The Master’s Programme in Cyber Security in partnership with PwC India is yet another initiative by NU to offer industry-aligned, research focused programme that will enable our students to explore exciting career opportunities in today’s knowledge economy.”

PwC India will jointly select the candidates along with NU and also provide expert faculty from within the firm and other industry practitioners for delivery of the programme. It will help NU select the right persons from industry, with relevant work experience, to join the programme. PwC and NU will jointly pick some of the bright students from other Universities as well.

PwC will invest in training and development of the candidates who will be employed with PwC India after the programme. In the second year of the programme, PwC India will provide six months’ on-site training to the candidates at its offices, where they will get the first-hand experience of real-life work situation. Also, the firm will jointly select the research topics with NU for the industry research for the last six months of the programme. PwC India will pay the students a scholarship throughout the two years of the programme towards maintenance costs.

Deepankar Sanwalka, Leader–Advisory, PwC India said, “India is at the cusp of a big shift towards Cyber Security, both in terms of the risks, as well as in terms of the opportunities for the country. Cyber space changes the dynamics due to the ability of perpetrators to operate from any part of the world. Navigating the complexity and vastness of cyber risks requires building a trained base of 1 million certified and skilled Cyber Security professionals. PwC has been working and will continue to work for the betterment of the Cyber Security posture in the country along with government departments and corporates through its innovative methods and solutions. This tie-up is a step in that direction.”

© Copyright © 2015. Cyber Media (India) Ltd. All rights reserved. Provided by SyndiGate Media Inc. (

This article was written by DQINDIA Online from Dataquest and was legally licensed through the NewsCred publisher network.

Hackers who breached US government databases stole personal information of 21.5 million people, officials said

Turkish Internet servers reeling under huge cyber attack

Turkish Internet servers are suffering a powerful cyber attack, slowing banking services and fanning fears that it could be a politically motivated attack from abroad., a non-governmental organisation that administers addresses for websites using the “tr” domain, said Thursday that the attack appeared to be from “organised sources” outside Turkey.

The domain is used by websites belonging to Turkish ministries, commercial enterprises and banks.

Transport and Communications Minister Binali Yildirim called it a “serious” attack and asked an Ankara-based university to beef up security measures, saying they were “insufficent”.

Banking sources said the attack has seriously disrupted transactions.

Experts have been unable to identify the source of the attack.

Some newspapers said it could have originated in Russia, citing fraught bilateral relations since the downing by Turkey of a Russian fighter jet last month on the Syrian border.

According to local media, the Anonymous hacking group posted a message saying it would continue to attack Turkey for “supporting the Islamic State by buying their oil and tending to their injured fighters.”

This article was from Agence France Presse and was legally licensed through the NewsCred publisher network.

Hyatt Hotels computers infected with malicious sofware

Hyatt Hotels on Wednesday revealed that it recently discovered malicious computer code on computers used for processing payments at locations it manages.

In a short statement, Hyatt did not disclose what, if anything, the cyber attack accomplished but said that the company immediately “launched an investigation and engaged leading third-party cyber security experts.”

Hyatt also said it strengthened the security of its systems and that “customers can feel confident using payment cards at Hyatt hotels worldwide.”

The hotel group advised customers, as a precaution, to watch payment card account statements for unauthorized charges.

Cyber threats blogger Brian Krebs at said in an online post that “Hyatt joins a crowded list of other hotel chains similarly breached in the past year.”

Hyatt competitors Hilton, and Starwood Hotels which operates the Sheraton and Westin chains, last month separately announced that payment systems had been targeted by hackers.

US hotel chain Hilton said that hackers infected some of its point-of-sale computer systems with malware crafted to steal credit card information.

Malicious code that infected registers at hotels had the potential to take cardholders’ names along with card numbers, security codes and expiration dates, Hilton said in an online post.

Starwood Hotels said that hackers had infected payment systems in some of its establishments, potentially leaking customer credit card data.

The hack occurred at a “limited number” of its hotels in North America, according to Starwood, whose other well-known chains include St Regis and W Hotels.

The cyber attacks on Hilton and Starwood sounded similar to one disclosed earlier in the year by Trump Hotel Collection.

“We believe that there may have been unauthorized malware access to some of the computers that host our front desk terminals and payment card terminals in our restaurants, gift shops and other point-of-sale purchase locations at some hotels,” Trump Hotel Collection said at a website devoted to details of the incident.

Locations affected were listed as Trump SoHo New York, Trump National Doral, Trump International New York, Trump International Chicago, Trump International Waikiki, Trump International Hotel & Tower Las Vegas, and Trump International Toronto.

This article was from AFP Relax News and was legally licensed through the NewsCred publisher network.