Latest news with #ethicalhacking
Sky News
3 days ago
- Sky News
Hackers prove age verification systems on pornography sites can be bypassed in seconds
Ethical hackers have shown Sky News how new age verification systems can be bypassed on pornographic websites in a matter of seconds. On Friday, toughened rules came into force that mean companies hosting adult content online must block under-18s using "highly effective age verification". That could include AI tools that use pictures to estimate someone's age, bank or ID checks, or more technical solutions using browser cookies. But hours later, two ethical hackers demonstrated just how simple it is to get around the measures designed to protect young people on the internet. Using widely available technology, Chris Kubecka and Paula Popovici quickly accessed numerous pornography sites without ever verifying their ages. Their devices were running standard software, and the tricks they used were simple. This, Ms Kubecka said, showed the systems will not be effective at stopping under-18s from accessing explicit content online. The simplicity of their method was confirmed by multiple viewers, who contacted Sky News to say they had also managed to bypass the systems. One viewer said it had taken him "less than 30 seconds". 3:53 Although Sky News has verified the methods used by Ms Kubecka and Ms Popovici, we won't give details or name any software used. Some of the explicit websites they checked had not turned on any age verification, despite declaring in June that they would. In response to our findings, Ofcom said these checks "will help stop young children from stumbling across porn". The regulator added: "While the new rules have only been in place for a matter of hours, we will be actively assessing compliance to make sure platforms have age checks in place and that they are highly effective. "Companies that fall short can expect to face enforcement action." 1:36 A spokesperson for the Department for Science, Innovation and Technology told Sky News: "We expect these laws to be robustly implemented by tech companies. If they fail to do so, the regulator is ready to take severe enforcement action, including tough fines." There is also a risk that age verification could push users towards more dangerous corners of the internet in search of pornography. By 10am on Friday, data suggested an extra 66,000 internet users in the UK had begun using the dark web. Ms Kubecka fears this number may only increase. "That is one of the concerns that I have because I don't want illegal or extreme content being normalised in our teens," she said. 1:22 Google Trends data shows searches for online tools to help people bypass age verification have surged, too. Ofcom told Sky News it had been clear that sites "must not encourage or direct users to get around age checks". "People should be aware that children and adults who use [certain software] to bypass age checks will not benefit from the wider protections offered by our online safety rules." Despite those warnings, in the days running up to the rules being enforced, advertising data shows companies were targeting UK users and promoting tools that could bypass the verification. "Platforms have clear legal obligations and must actively prevent children from circumventing safety measures, including blocking content that promotes ... workarounds targeting young users."
Bloomberg
4 days ago
- Business
- Bloomberg
Microsoft Hack Victims Need to Be on Alert for Sleeper Cells
In May, Vietnamese cybersecurity researcher Dinh Ho Anh Khoa uncovered a vulnerability in Microsoft Corp.'s document management software, SharePoint, at an event designed to encourage ethical hacking that makes our technology more robust. He received $100,000 from Trend Micro, the security group that sponsored the event. As part of the deal, flaws discovered in these competitions must be kept under wraps to give affected companies time to assess the threat, work on a fix, test it and then release it. In this case, Microsoft released its patch by July 8 — a reasonable timeframe, cybersecurity experts say, given there had been no indication the hack had been used 'in the wild' until July 7.
Times
16-07-2025
- Business
- Times
Co-op partners with Hacking Games to promote ethical careers after cyberattack
The Co-op has announced a partnership with a social impact business aimed at tackling cybercrime by steering young people toward ethical careers in cybersecurity. In the wake of the ransomware attack it suffered this year, the retailer has teamed up with The Hacking Games, an organisation that promotes cybersecurity careers through immersive simulations, which replicate real-world ethical hacking environments. The Co-op said the 'cyber threat landscape is evolving at an alarming rate'. It is expected to cost £12 trillion globally this year. The partnership will initially be tried out within the Co-op Academies Trust, which supports 20,000 students across 38 schools. Figures cited by the retailer showed that 69 per cent of European teenagers have committed some form of cyber crime or online offence, highlighting the need for 'channelling these skills into positive, ethical careers'. Already valued at £13.2 billion, the government has identified cybersecurity as a key frontier industry with an exceptional potential for growth. Yet tens of thousands of cybersecurity jobs in the UK remain vacant. Fergus Hay, chief executive of The Hacking Games, said: 'There is an incredible amount of cyber talent out there — but many young people don't see a path into the industry, or simply don't realise their skills can be used for good.' Co-op was one of the three retailers, including Marks & Spencer and Harrods, hit by a co-ordinated ransomware attack earlier this year. The Cyber Monitoring Centre, an independent watchdog for major cyber events, has estimated that the total financial impact of the cyberattacks on both M&S and Co-op is somewhere in the range of £270 million to £440 million, including legal and IT costs. Co-op had to keep some of its systems offline, which affected the ability to place orders, leaving shelves empty throughout May. Shirine Khoury-Haq, the chief executive of Co-op, said: 'We know first-hand what it feels like to be targeted by cyber crime. The disruption it causes, the pressure it puts on colleagues, and the impact it has on the people and communities we serve.' Khoury-Haq told BBC Breakfast on Wednesday that all 6.5 million of its members had their data stolen in the cyberattack in April. While there was no financial or transaction data leaked, information on names and addresses was taken, for which she said she was 'incredibly sorry'.
National Post
09-07-2025
- Business
- National Post
Andersen Consulting Advances Cybersecurity Presence with 10Guards
Article content SAN FRANCISCO — Andersen Consulting enhances its consulting capabilities through a collaboration with 10Guards, a service-oriented company based in Ukraine that specializes in providing a wide range of professional services without offering any products (software or hardware). Article content Founded in 2017, 10Guards provides tailored cybersecurity services including compliance audits, gap assessments, and strategic advisory to strengthen security posture. They also provide outsourced cybersecurity support through virtual CISOs and full virtual teams; optimization of Security Operations Centers for more effective threat detection and response; and ethical hacking services such as penetration testing, social engineering simulations, and application security assessments across web, mobile, and cloud environments. Article content Article content 'In today's digital environment, cyber resilience isn't optional—it's foundational,' said Vitaliy Yakushev, CEO of 10Guards. 'Our goal is to equip organizations with clear, actionable insights that not only shield them from evolving threats but also empower them to grow securely. Collaborating with Andersen Consulting enables us to bring our expertise to a broader global audience, driving more impactful outcomes in cybersecurity.' Article content '10Guards adds another layer of expertise to our cybersecurity capabilities, particularly in offensive security and post-incident response,' said Mark L. Vorsatz, global chairman and CEO of Andersen. 'Their hands-on approach and proven track record in navigating complex cyber risks further enhances our ability to protect clients' digital ecosystems and ensure business continuity. With their addition, we are better positioned to seamlessly deliver resilient, future-ready security strategies across industries.' Article content Andersen Consulting Article content is a global consulting practice providing a comprehensive suite of services spanning corporate strategy, business, technology, and AI transformation, as well as human capital solutions. Andersen Consulting integrates with the multidimensional service model of Article content Andersen Global Article content , delivering world-class consulting, tax, legal, valuation, global mobility, and advisory expertise on a global platform with more than 20,000 professionals worldwide and a presence in over 500 locations through its member firms and collaborating firms. Andersen Consulting Holdings LP is a limited partnership and provides consulting solutions through its member firms and collaborating firms around the world. Article content Article content Article content Article content Article content
Geeky Gadgets
09-07-2025
- Geeky Gadgets
How to Use Docker to Hack Safely : Ethical Hacking with Docker Containers
What if the tools you use to test vulnerabilities could turn against you? Ethical hacking is a double-edged sword—on one hand, it's a vital skill for identifying and fixing security flaws; on the other, it can expose your own system to the very threats you're trying to prevent. Running scripts or tools directly on your host or virtual machine (VM) is like inviting a stranger into your home without locking the doors. Even a seemingly harmless script can fingerprint your system, access sensitive files, or create unauthorized connections. That's where Docker comes in. By using its ability to create secure, isolated environments, you can test tools safely while shielding your VM and host from unintended consequences. In this guide by So Batista Cyber, you'll discover how to use Docker as a hacking sandbox that protects your system while offering the flexibility to experiment freely. From setting up a containerized workspace to managing internet access and organizing results, this guide walks you through the essentials of ethical hacking with Docker. You'll also learn how to avoid common pitfalls, like hardcoding sensitive information or overlooking cleanup tasks, and explore best practices for maintaining a secure and efficient environment. Whether you're a seasoned ethical hacker or just starting out, this approach offers a practical way to test tools without compromising your system—or your peace of mind. Secure Ethical Hacking with Docker Why Isolating Hacking Tools Matters Running hacking tools directly on your host system or VM can lead to unintended consequences. These tools may attempt to fingerprint your system, access sensitive files, or establish unauthorized connections. Even a seemingly harmless script could compromise your system if executed without isolation. By using Docker, you create a controlled environment where tools can be tested securely. This isolation minimizes risks, making sure that any potentially harmful activity remains confined to the container. How to Set Up Docker for Ethical Hacking Docker offers a lightweight, containerized environment that isolates applications from your host system. Setting up Docker for ethical hacking involves several key steps: Install Docker: Begin by downloading and installing Docker along with Docker Compose. These tools are essential for creating and managing containers. Begin by downloading and installing Docker along with Docker Compose. These tools are essential for creating and managing containers. Create a Workspace: Organize your tools and results by setting up a structured directory. This ensures that your work remains organized and accessible. Organize your tools and results by setting up a structured directory. This ensures that your work remains organized and accessible. Configure a Dockerfile: Use Kali Linux as the base image for your container. Configure the container to run as a non-root user to reduce vulnerabilities and enhance security. This setup establishes a secure foundation for ethical hacking, allowing you to test tools in an isolated environment without risking your primary system. Using Docker to Hack Safely Watch this video on YouTube. Unlock more potential in Docker by reading previous articles we have written. Building and Using Your Hacking Sandbox Once your Dockerfile is configured, build and launch the container. By default, the container should have no internet connectivity, which prevents unauthorized data transmission. If you need to download tools or scripts, temporarily enable internet access and disable it immediately after completing the download. This controlled approach ensures that external connections are intentional and limited, reducing the risk of unintended exposure. To further enhance security, consider using environment variables to manage sensitive information, such as API keys or credentials, without hardcoding them into your container. This practice helps protect critical data while maintaining the flexibility to test various tools. Organizing and Saving Results Maintaining a clear and organized workflow is essential for effective ethical hacking. Create a dedicated results directory within your container to store findings securely. Map this directory to your host system, allowing you to analyze and manage data outside the container. Use clear naming conventions and a logical folder structure to streamline your analysis and reporting process. Additionally, consider using version control tools like Git to track changes to your scripts and results. This practice not only helps you maintain a record of your work but also allows for collaboration and easier troubleshooting. Cleaning Up and Maintaining Your Environment After completing your testing, it's important to clean up your Docker environment to maintain system efficiency. Remove unused containers, images, and volumes to free up resources and prevent clutter. For convenience, you can create aliases or scripts to automate common tasks, such as starting or stopping your sandbox environment. Regular maintenance is crucial to ensure your system remains secure and ready for future use. Periodically update your Docker images and tools to address vulnerabilities and take advantage of the latest features. By staying proactive, you can maintain a reliable and efficient ethical hacking setup. Limitations and Best Practices While Docker provides robust isolation, it has certain limitations. For example, tools requiring a graphical user interface (GUI), such as Burp Suite or Firefox, may require additional configurations to run effectively within a container. To maximize security and efficiency, follow these best practices: Review Scripts: Always review and verify scripts before running them, even in a sandbox environment. Always review and verify scripts before running them, even in a sandbox environment. Limit Internet Access: Restrict internet connectivity to the container unless absolutely necessary. This minimizes the risk of unauthorized data transmission. Restrict internet connectivity to the container unless absolutely necessary. This minimizes the risk of unauthorized data transmission. Adopt Cautious Habits: Develop a disciplined approach to ethical hacking by following established best practices and maintaining a security-conscious mindset. Remember, while Docker's isolation significantly reduces risks, it does not eliminate them entirely. Staying vigilant and adhering to best practices is essential for maintaining a secure environment. Key Takeaways Using Docker to create an isolated environment for ethical hacking is an effective way to protect your VM and host system. By isolating tools, controlling internet access, and securely organizing results, you can safely test scripts and tools without compromising your primary system. This approach not only safeguards your system but also fosters a disciplined, security-focused mindset—an essential quality for ethical hackers. Through careful planning, regular maintenance, and adherence to best practices, you can maximize the benefits of Docker while minimizing potential risks. Media Credit: SoBatistaCyber Filed Under: Guides Latest Geeky Gadgets Deals Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.
