Agency

now browsing by tag

 
 

#cybersecurity | #hackerspace | Marketing Agency Temporarily Halts Operations after Ransomware Attack

Source: National Cyber Security – Produced By Gregory Evans A marketing agency announced just days before Christmas that it would be temporarily suspending operations as it works to recover from a ransomware attack. Sandra Franecke, CEO of the Heritage Company, sent a letter to employees that the company would temporarily be suspending its operations. She […] View full post on AmIHackerProof.com

#hacking | CISA Wants a Vulnerability Disclosure Program At Every Agency

Source: National Cyber Security – Produced By Gregory Evans

The Homeland Security Department on Wednesday released a draft of a binding operational directive that would require every federal agency to create a vulnerability disclosure policy.

Under the measure, each civilian agency would need to create a formal process for security researchers to share vulnerabilities they uncover within the organization’s public-facing websites and other IT infrastructure. Agencies must also develop a system for reporting and closing the security gaps that are uncovered through the program.

Despite the growing popularity of public cyber initiatives like bug bounties, security researchers often find themselves in a legal gray area when reporting cyber weaknesses to the government. By creating vulnerability disclosure policies, agencies can set clear guardrails on legal hacking.

“A [vulnerability disclosure policy] allows people who have ‘seen something’ to ‘say something’ to those who can fix it,” Jeanette Manfra, assistant director for cybersecurity within the Cybersecurity and Infrastructure Security Agency, said in a blog post. “It makes clear that an agency welcomes and authorizes good faith security research on specific, internet-accessible systems.”

The BOD would bring the rest of the government up to speed with the Pentagon and the General Services Administration’s tech office, which have already established vulnerability disclosure programs. DHS is also in the process of finalizing its own policy.

CISA will accept public feedback on the proposed directive through Dec. 27.

Specifically, the measure would give agencies six months to create a web-based system for receiving “unsolicited” warnings about potential vulnerabilities. They must also develop and publish a vulnerability disclosure policy, outlining the systems and hacking methods that are authorized under the program and describing the process for submitting vulnerabilities. 

The directive would require agencies to consistently add new systems to the program over time. Within two years, “all internet-accessible systems and services” must be in scope of the policy, according to the measure. Every system launched after the directive is issued must automatically be considered in scope.

Agencies would also need to set procedures for handling submissions and report both specific vulnerabilities and program metrics directly to CISA.

While the directive gives agencies some latitude in the metrics and policies around their own policies, the measure could ultimately lay the foundation for a standardized, government-wide vulnerability disclosure program, Manfra said. 

“We think a single, universal vulnerability disclosure policy for the executive branch is a good goal … but we expect that goal to be an unrealistic starting place for most agencies,” she said. “The directive supports a phased approach to widening scope, allowing each enterprise–comprised of the humans and their organizational tools, norms, and culture–to level up incrementally.”

Source link

The post #hacking | CISA Wants a Vulnerability Disclosure Program At Every Agency appeared first on National Cyber Security.

View full post on National Cyber Security

Microsoft #adds #voice to #calls for #federal #cybersecurity #agency

Source: National Cyber Security News

Software giant Microsoft has added its voice to a growing chorus calling for the creation of a federal cybersecurity agency to coordinate the U.S. government’s response to nation-state and cyber criminal threats.

In a blog post on Monday, Microsoft’s Senior Director of Trustworthy Computing, Paul Nicholas, called on the U.S. and other nations to replace ad-hoc efforts to address cyber threats by creating a “single national cybersecurity agency” that will pull together key government functions related to information security and “ensure policies are prioritized across the nation.”

The recommendation, which Microsoft described in a whitepaper (PDF), comes amid increasing concern that events are overtaking governments, leaving the world vulnerable to catastrophes that may have their origins in activities that take place on the Internet. Speaking in Lisbon, Portugal on Monday, U.N. Secretary Antonio Guterres called for the creation of global rules that minimize the impact of electronic warfare on civilian populations.

“Episodes of cyber warfare between states already exist. What is worse is that there is no regulatory scheme for that type of warfare, it is not clear how the Geneva Convention or international humanitarian law applies to it,” Guterres said in the speech, which was given at the University of Lisbon, Reuters reported.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Attackers #hijack #state agency #server for #malware

Source: National Cyber Security – Produced By Gregory Evans

Attackers #hijack #state agency #server for #malware

Cybercriminals are always upping their game. One of their latest gambits, a sophisticated phishing attack that involved hosting malware on at least one state’s government servers, shows that they may be outpacing the good guys.

The multistage targeted attack, discovered and announced last week by researchers at the Cisco Talos threat intelligence group, began with the bad actors creating a realistic-looking “spoof” email that purported to be from the Securities and Exchange Commission. This spear-phishing email was sent out to a number of government agencies in a highly targeted scheme, which the researchers deduce came from a motivated threat actor or group that continues to operate.

At the government agencies where the phishing emails succeeded, the online criminals were able to surreptitiously plant malicious code on government servers in at least one state, Louisiana, to create a “malware infection chain” likely to dupe other targets. Representatives from the state of Louisiana had no comment for this story.

According to Craig Williams, senior technical leader at Cisco Talos, this attack is similar to previous so-called DNSMessenger attacks, which have become more frequent this year, whereby sophisticated techniques are used to infect legitimate enterprise and government computer systems with viruses, ransomware, Trojans and other types of malware.

“We have threat hunting techniques specifically designed to detect DNSMessenger,” said Williams, describing how he and his team of researchers tracked this exploit and the infected state government server. “Once we examined the malware sample, that led us to the web server.” He added that it appeared only “a single server” was affected.

While the researchers appear to have exposed this attack before it could gain too much traction (and impact more government servers), the growing creativity and sophistication of both the phishing attacks and hackers’ ability to insert malware into a legitimate government enterprise servers underscores how much more crafty and talented cybercriminals are becoming, according to Williams. “By using ‘known good’ servers, attackers are hoping to go unnoticed,” he said. “No one would normally question someone connecting to a state of Louisiana public web server, for example.”

And the government sector is becoming an increasingly attractive target for such attacks. According to the 2017 U.S. State and Federal Government Cybersecurity Report, released in August 2017 by SecurityScorecard, government organizations received the lowest security scores across multiple sectors, including transportation, retail and healthcare. “It’s clear that cybersecurity incidents are not going anywhere and that government will continue to remain a target,” the report concluded. “But with technology propelling forward and hackers as motivated as ever, government agencies are struggling to put up effective cybersecurity defenses, and hackers are taking advantage.”

Williams agreed. “We will likely see the actors behind DNSMessenger continue to use any public server they can compromise,” he said. “It helps the actors hide their infrastructure and go undetected longer.”

The post Attackers #hijack #state agency #server for #malware appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

What does creating a cybersecurity agency mean for the EU?

Source: National Cyber Security – Produced By Gregory Evans

Last month, in his annual State of the Union Address, European Commission President Jean-Claude Juncker announced a new pan-European cybersecurity agency, a new European certification scheme to ensure the safety of digital products and services, and some other related cybercrime measures. With this significant announcement, the EU admitted that to…

The post What does creating a cybersecurity agency mean for the EU? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Greece wants more money, top role for EU cyber security agency

Source: National Cyber Security – Produced By Gregory Evans

Greece wants the European Commission to give the Athens-based European Union Agency for Network and Information Security (ENISA) more money and the leading role in managing Europe’s cyber security issues as part of a legal overhaul next month. “We want ENISA to have a bigger role in cyber security and…

The post Greece wants more money, top role for EU cyber security agency appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Agency blames hackers over ‘F— Trump’ road sign in DC park

Source: National Cyber Security – Produced By Gregory Evans

Authorities are looking into the apparent hack of a road sign in Washington’s scenic Rock Creek Park that was emblazoned with a profane message Monday morning about President Trump. The electronic sign was supposed to inform drivers that a local road was closed for sewer work. Instead, all it said…

The post Agency blames hackers over ‘F— Trump’ road sign in DC park appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Woman sues international dating agency after string of bad matches

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ US woman Darlene Daggett had high hopes of finding her ideal partner when she took out a “CEO level” membership with an exclusive dating service. But the retired corporate spent US$150,000 (NZ$206,200) only to be sorely…

The post Woman sues international dating agency after string of bad matches appeared first on Become007.com.

View full post on Become007.com

Fed agency issues security alert on Siemens imaging systems

Source: National Cyber Security – Produced By Gregory Evans

The Department of Homeland Security and Siemens Healthineers have issued advisories detailing security vulnerabilities of four of the company’s diagnostic imaging systems. Even an attacker with a low skill level would be able to exploit the vulnerabilities, Siemens warns. The vulnerable systems are Windows 7-based versions of the following systems:…

The post Fed agency issues security alert on Siemens imaging systems appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Israel security chief: Agency strikes back at online hackers

Source: National Cyber Security – Produced By Gregory Evans

Israel’s security chief said Tuesday that the Shin Bet has gone on the offensive against hackers trying to carry out cyberattacks against Israel on the internet. The remarks by Nadav Argaman are a rare admission of Israel’s use of offensive cyber capabilities. Argaman comments were made at a cyber defense…

The post Israel security chief: Agency strikes back at online hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures