agencies

now browsing by tag

 
 

US #Gov’t #Agencies Fail to #Implement #Anti-Hacking #Security #Measures

Chief Information Officers (CIOs) at 24 US government agencies have yet to act on hundreds of recommendations to improve cybersecurity and protect personal information, the Government Accountability Office (GAO) said in a report on Wednesday.

“GAO’s preliminary results suggest that none of the 24 selected agencies have policies that fully address the role of their CIO, as called for by federal laws and guidance,” a press release summarizing the report said.

In recent years, the GAO has made 2,700 recommendations to improve the security of US federal information systems, the release explained.

“These recommendations identified actions for agencies to take to strengthen their information security programs and technical controls over their computer networks and systems,” the release said.

As of May 2018, about 800 of the information security-related recommendations had not been implemented, the release concluded.
In April, the Democratic National Committee (DNC) sued the Trump campaign, WikiLeaks and Russia over the 2016 hack of its emails.

The sphere of cybersecurity gains importance in the modern world, as with the development of technology states’ critical infrastructure increasingly depends on data security. In July 2017, Donald Trump’s administration announced it was finalizing plans to revolutionize the US’ military command for defensive and offensive cyber operations, in hopes of intensifying America’s ability to wage cyberwar against foes.

advertisement:

The post US #Gov’t #Agencies Fail to #Implement #Anti-Hacking #Security #Measures appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Agencies have #one-year #deadline to #identify #cyber workforce #shortages

The Office of Personnel Management (OPM) is giving federal agencies a one-year deadline to identify and report on skill shortages in their cybersecurity workforces.

A memorandum unveiled Monday requires each agency to tell the government’s human resource office what their “critical needs” are in a broad range of cyber workforce areas, including security and information technology.

They must submit their findings by April 2019 and provide reports for three more years after.

“I am pleased to provide guidance that will help federal agencies pinpoint their cybersecurity workforce’s most critical skill shortages,” Mark Reinhold, OPM’s associate director for employee services, wrote in a memo sent to human resources directors at different federal agencies.

“Based on these agency reports, the U.S. Office of Personnel Management will identify common needs to address from the Governmentwide perspective,” he continued.

The guidance says agencies must determine whether there is a critical need based on two criteria.

The first criteria includes what an agency deems its most glaring skill shortages in terms of staffing as well as proficiency and competency levels — both current and emerging.

The second criteria is what an agency decides is “critical to meeting the agency’s most significant organizational missions, priorities, challenges,” or its mission importance.

According to the guidance, agencies will need to conduct a self-examination to determine the “root causes” of their skill shortages in their report, including reasons like the talent pipeline, recruitment and retention, training, performance management, as well as resources and budget.

Once the agency uncovers those core issues, they must then submit a plan that lays out how they will “address and mitigate the root causes,” partly through establishing metrics and goals for mitigating such workforce shortages.

The Federal Cybersecurity Workforce Assessment Act of 2015 serves as the basis for this guidance because it outlined how the federal government would identify and then assess the critical needs for its cybersecurity workforce — specifically the National Initiative for Cybersecurity Education Workforce Framework (NICE Framework).

“The NICE Framework establishes a common lexicon that describes cybersecurity work,” Reinhold wrote.

advertisement:

The post Agencies have #one-year #deadline to #identify #cyber workforce #shortages appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

12 #Connecticut #state agencies #hit by a #cyber attack

The Department of Administrative Services (DAS) announced that the State of Connecticut suffered a ransomware attack on Friday, February 23. Although most computers were protected with adequate antivirus software, approximately 160 machines in 12 agencies were not.

DAS spokesperson Jeffrey Beckham said that, through a collaboration with agency IT and other partners, the virus was contained by the evening of Sunday, February 25. There were no reports of encrypted files or data loss, and the DAS does not believe state business will be affected by the breach.

NRA targeted by DDoS cyber criminals
Three US National Rifle Association (NRA) websites were the latest victims of memcached-based distributed denial-of-service (DDoS) attacks, as reported by Qihoo 360’s Network Security Research Lab (Netlab). nra.org, nracarryguard.com, and nrafoundation.org join other large-platform targets, including Amazon and Google. This also follows the biggest DDoS attack to date, which targeted GitHub in February 2018.

As early as February 25, Twitter users were posting about the NRA DDoS takedown. It’s likely that these attacks are politically motivated, as the pro-gun organization has been criticised following the Parkland school shooting on February 14, in which 17 people were killed. It is not uncommon for criminal hackers to launch DDoS attacks on controversial organizations and figures – past victims include the Ku Klux Klan, ISIS, and Donald Trump.

Read More….

advertisement:

The post 12 #Connecticut #state agencies #hit by a #cyber attack appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Man, 30, held over #hacking attacks on two #Hong Kong #travel #agencies

Source: National Cyber Security – Produced By Gregory Evans

Officers raid IT worker’s flat on Cheung Chau and also seize two desktop computers, two laptops, one tablet, three hard disks and five mobile phones

A 30-year-old Hong Kong man was arrested in connection with cyberattacks in which the computers of two travel agencies in the city were hacked and their clients’ sensitive personal information held for ransom, with payouts in bitcoin sought last week.

The two travel agencies reported the incidents to police on January 1 and 2.

One bitcoin (HK$123,735 or US$15,819) was demanded as a ransom in each hacking case, according to police.

Officers from the force’s Cyber Security and Technology Crime Bureau raided a flat in the outlying island of Cheung Chau and arrested the man on Saturday.

During the operation, police seized two desktop computers, two laptops, one tablet, three hard disks and five mobile phones in the flat.

At lunchtime on Monday, police escorted the suspect to his workplace on Hoi Yuen Road in the Kwun Tong district of Kowloon to gather evidence.

The Post understands the suspect, a computer technician, hacked into the computers of the agencies on New Year’s Day through security loopholes on their websites hours before the companies were hit with demands for a ransom to be paid in bitcoin.

“An email was sent to the persons in charge of the companies after the personal information of more than 20,000 customers was stolen from the computer servers of the agencies,” a police source said.

“The companies were told to pay in bitcoin in a newly opened account with threats that their customers’ data would be posted on the internet if the firms failed to pay on Saturday.”

The stolen information included customers’ names, identity card numbers and contact numbers but no credit card information was involved.

Officers from the Cyber Security and Technology Crime Bureau were understood to have worked around the clock and checked tens of thousands of log records to the servers to gather information.

“Investigations showed circuitous routes were used to hack into the computer servers, but officers eventually identified the suspect through his IP address,” another source said.

He said the man was nabbed at home on Cheung Chau hours before the payment deadline.

Officers would carry out a forensic examination of the victims’ computers and hard disks to gather information, he said.

At about 5pm on Monday, the suspect was still being held for questioning and had not been charged.

“We believe his motive was to look for money,” said bureau superintendent Swalikh Mohammed said.

Investigations were continuing and he did not rule out the possibility of further arrests.

“The cyber world is not a lawless place where criminals can hide. A majority of the laws applicable to the real world can also be applied to the internet,” he warned.

He said blackmail was a serious offence that carries a maximum penalty of 14 years in prison.

Travel agency Goldjoy Holidays revealed on Thursday that unauthorised parties accessed its customer database containing personal information such as names and identity card numbers, passport details and phone numbers.

The company apologised to customers and promised it was taking steps to tighten cybersecurity.

The other agency, Big Line Holiday, said on Wednesday night that hackers might have broken into its database a day earlier and gained possession of some of its customers’ personal information.

The data was believed to include ID card numbers, home return permit numbers and phone numbers.

In a statement, Big Line said: “Our company attaches great importance to this incident and deeply apologises to the affected clients.”

Big Line, which has 13 branches and organises tours to mainland China and Asia, said it received a letter from perpetrators demanding a sum of money for the release of the information.

In November, one of the city’s largest travel agencies, Hong Kong-listed WWPKG Holdings, revealed that its customer database had also been hacked, putting at risk personal data such as ID card numbers and credit card information of some 200,000 customers.

The culprits had asked for a seven-figure ransom, to be paid in bitcoin, but the firm did not pay and instead called the police, who later managed to decrypt the data. Because of the hacking incident, all four of the agency’s branches -in Tsim Sha Tsui, Mong Kok, Causeway Bay and Sha Tin – were closed for a day.

The force recorded 653 cases of cybercrimes in 2005, the first year it began tracking such offences, and saw the number reach 5,939 in 2016, with financial losses hitting HK$2.3 billion.

The post Man, 30, held over #hacking attacks on two #Hong Kong #travel #agencies appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Agencies’ approach to IoT security highlights differences in cybersecurity approach

Source: National Cyber Security – Produced By Gregory Evans

Despite recent White House efforts to bring some standardization to federal cybersecurity, agencies are still taking different paths to secure their systems and data. Speaking at the July 18 AFCEA Energy and Earth Science IT symposium in Washington, D.C., Sean Kelley, chief information security officer at the Environmental Protection Agency, said when…

The post Agencies’ approach to IoT security highlights differences in cybersecurity approach appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How Microsoft’s Azure platform can help agencies with the Cybersecurity EO

Source: National Cyber Security – Produced By Gregory Evans

How Microsoft’s Azure platform can help agencies with the Cybersecurity EO

Microsoft Security Response Center research into recent cyberattacks indicates that the average time for infection or exploitation of an unpatched node on a compromised network is as little as 90 seconds. Verizon’s Data Breach Investigation Report found that 12 percent of phishing mail recipients will click on a link or…

The post How Microsoft’s Azure platform can help agencies with the Cybersecurity EO appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The biggest cybersecurity threat facing federal agencies is legacy IT

The biggest cybersecurity threat facing federal agencies is legacy ITSource: National Cyber Security – Produced By Gregory Evans Improving our cyber posture is among the top priorities for the Trump administration. However, there are still many questions raised as to how they hope to achieve this goal. As we have seen over the past several years, high-profile hacks are practically the norm. Starting with […]

The post The biggest cybersecurity threat facing federal agencies is legacy IT appeared first on AmIHackerProof.com.

View full post on AmIHackerProof.com | Can You Be Hacked?

U.S. Spy Agencies Leave Americans Vulnerable to Hackers In the Name of “Protection”

Source: National Cyber Security – Produced By Gregory Evans

If those of us who regularly use the Internet for work, recreation, shopping, and more find ourselves increasingly vulnerable to hackers, malware, spies and cyber-thieves out to steal our personal information, we have U.S. intelligence agencies to thank. Furthermore, those …

The post U.S. Spy Agencies Leave Americans Vulnerable to Hackers In the Name of “Protection” appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Child sexual abuse: Agencies to get £40m funding boost

Ministers have pledged £40m towards the fight against child sexual abuse, exploitation and trafficking.
The cash will go towards bringing offenders to justice, targeting online exploitation, and protecting vulnerable children at risk of trafficking.
A new £7.5m “centre of expertise” will be set up to offer support and guidance to professionals on the front line.
But councils are warning that a “funding gap” of £1.9bn could put child protection services at risk.
In 2015, the government published a new strategy for addressing failures in child protection across England in response to the Rotherham abuse scandal – in which more than 1,400 children were abused between 1997 and 2013.

Read More

The post Child sexual abuse: Agencies to get £40m funding boost appeared first on Parent Security Online.

View full post on Parent Security Online

Russian cybercriminal hacked more than 60 government, education agencies

Source: National Cyber Security – Produced By Gregory Evans

Russian cybercriminal hacked more than 60 government, education agencies

Studies have shown that millions of internet-connected machines are vulnerable to cyberattack based on a variety of configuration and other issues. One vulnerability that cybercriminals can use to relatively easily attack systems is called “SQL injection,” meaning that a database …

The post Russian cybercriminal hacked more than 60 government, education agencies appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures