Department

now browsing by tag

 
 

Is Gavin Williamson the worst education secretary ever? | Department for Education | #teacher | #children | #kids | #parenting | #parenting | #kids

Source: National Cyber Security – Produced By Gregory Evans

Since 1900, 44 men and nine women have had charge of English education. They included one duke, two marquesses, two earls, two viscounts and three hereditary baronets. Eight were old […]

The post Is Gavin Williamson the worst education secretary ever? | Department for Education | #teacher | #children | #kids | #parenting | #parenting | #kids appeared first on National Cyber Security.

View full post on National Cyber Security

U conducts external review of its police department; crime near campus rises | #College. | #Students | #parenting | #parenting | #kids

The University of Minnesota has tapped an outside expert to review its campus police department’s policies and practices in response to student demands for accountability following George Floyd’s death. Cedric […] View full post on National Cyber Security

#collegesafety | Vancouver Fire Department delivers friendly wake-up knock for fire safety | #parenting | #parenting | #kids

Opening your front door and chatting with strangers is not what most people are eager to do on a Saturday morning during a global pandemic. That didn’t stop four firefighters […] View full post on National Cyber Security

Health Department Warns Parents of the Virus’ Impact on Children | #covid19 | #kids | #childern | #parenting | #parenting | #kids

The L.A. County Department of Public Health today has confirmed 2,885 new COVID-19 infections and 62 deaths related to the virus. To date, the Health Department has identified 150,319 COVID-19 […] View full post on National Cyber Security

#nationalcybersecuritymonth | bne IntelliNews – US Justice Department indicts Russian national Yevgeniy Nikulin in several major cybercriminal offenses

Source: National Cyber Security – Produced By Gregory Evans

The US Department of Justice indicted Russian national Yevgeniy Nikulin in several major cybercriminal offenses, such as stealing personal identities, usernames and credit card information of customers  from Formspring, LinkedIn and Dropbox.

Nikita Kislitsin, an employee of a cybersecurity firm with offices in Moscow and Singapore Group-IB is an alleged co-conspirator in the Formspring 2012 case, according to the DOJ. Kislitsin joined the company in January 2013, about six months after the US prosecutors say Kislitsin tried to sell the Formspring data. US prosecutors have not alleged any wrongdoing by Group-IB.

Russian software firms are under scrutiny too after leading anti-virus software firm Kaspersky Labs, that has sold its software all over the world, was cooperating with the Russian Federal Security Service (FSB) – a claim the company has stringently denied.

Group-IB is a leading Russian cyber-security firm that also has an international clientele however, the company dismissed the charges against Kislitsin in statement the company shared with bne IntelliNews, as “only allegations,” arguing that no case has been made yet.

Indeed, Group-IB said that company representatives and Kislitsin met with representatives of the Justice Department to discuss Kislitsin research into hackers and the dark web that he conducted before joining Group-IB, while editor of the magazine “Hacker.”

From 2006-2012, Nikita Kislitsin was a famous journalist and as chief editor of Hacker wrote extensively about information security, programming, and computer network administration. The magazine paid particular attention to research into cyberattacks, analysis of cybercriminal groups’ tools, case studies of online fraud and hacking, and recommendations on cybersecurity measures and protection against cyberthreats. Kislitsin has also worked in the US as independent threat researcher in the US in 2012.

In Russia the cases of “poacher turned game-keeper” are common amongst the software engineering community and are usually amongst Russia’s best engineers.

Group-IB has offered to fully cooperate with the authorities as the company’s raison d’etre is to prevent cybercrime and hacking attacks. Like most countries Russia also suffers from digital crime and the Central Bank of Russia (CBR) reported earlier this year that Russian banks lost hundreds of millions of dollar to cybercrime in 2019. Last October the state-owned retail banking giant Sberbank was hacked and the personal details of millions Sberbank’s clients were offered for sale on the black marketing in what was Russia’s largest ever data breach, according to security experts. Group-IB regularly publishes research about payment fraud techniques and other cyber threat as a public service and has assisted international law enforcement in its investigations on occasion, according to a company spokesman.

Group-IB said it will support Kislitsin and has taken advice from international lawyers before taking its next steps. Kislitsin is currently employed as the head of network security, according to a company webiste

The indictment is short on details of the alleged crime and the evidence that has been publically released is based on little more than a conspiracy theory.

According to US press reports the case against Kislitsin is largely built on linking him to Yevgeniy Nikulin, a Russian national, who is set to stand trial in March in San Francisco for allegedly stealing 117mn usernames and passwords from Formspring, LinkedIn and Dropbox in a separate case.

Source link

The post #nationalcybersecuritymonth | bne IntelliNews – US Justice Department indicts Russian national Yevgeniy Nikulin in several major cybercriminal offenses appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Here’s why the State Department may need a new cyber office

Source: National Cyber Security – Produced By Gregory Evans

The Cyberspace Solarium Commission will recommend that the Department of State establish a bureau focused on international cybersecurity efforts and emerging technologies as part of its forthcoming report, commissioners said March 3 at the Carnegie Endowment for International Peace.

The suggestion from the commission, made up of government and non-government cybersecurity experts developing cyber policy recommendations, comes as part of a broader belief in the group that the State Department needs to be more involved on cybersecurity issues.

Among the report’s 75 recommendations, set for release March 11, will be the proposal for a new State Department office called the “Bureau for Cyberspace Security and Emerging Technologies,” in addition to a new assistant secretary of state position to coordinate international outreach for cyber issues and emerging tech.

The new position would report to the deputy secretary of state or undersecretary of political affairs, according to Rep. Jim Langevin, D-R.I., a member of the commission. The goal of the new office is to take cybersecurity issues at the department and “raising its level of importance and stature … to reinforce that this is an international approach that we need to and want to take,” Langevin said.

In its fiscal 2021 budget request, released in February, the State Department asked Congress for $6 million in new funding for establish an “Cyberspace Security and Emerging Technologies” office. According to the budget request, the office would “allow the Department of State to ensure the development of long-term, comprehensive expertise in order to fully support U.S. foreign policy and diplomatic initiatives needed to meet the national security challenges posed by cyberspace and emerging technologies.”

Right now, the top cybersecurity official at the State Department is Robert Strayer, who has headed 5G policy and international outreach for that issue. That effort has centered on convincing allies not to use hardware from the China-based Huawei company in their 5G networks — an effort that has had limited success.

For example, Great Britain announced last month that it would allow Chinese tech in non-critical portions of its 5G network. Germany is also reportedly expected to make a decision soon. Chris Inglis, former deputy director of the NSA and current Solarium commissioner, said that the United States may have had limited success on the issue because U.S. policymakers were “late to the game” and there wasn’t an agency charged with that role. That’s a gap the suggested bureau would fill.

The commission is needed “so that in the future hopefully 6G, 7G, 10G will be the responsibility of somebody at least in terms of the international portfolio,” Inglis said.

Two weeks ago, the State Department was a key part of an international effort attributing a 2019 cyberattack on the country of Georgia to Russian military intelligence. Langevin wants to see more.

“They need more resources, more people, more expertise within the State Department to raise the profile and also to be able to be proactive in being involved with international …. groups that are involved in setting international cyber norms,” he said.

Source link

The post #nationalcybersecuritymonth | Here’s why the State Department may need a new cyber office appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Department of Parliamentary Services gives itself cyber tick of approval

Source: National Cyber Security – Produced By Gregory Evans


Image: Asha Barbaschow/ZDNet

The Australian Department of Parliamentary Services (DPS) has self-assessed that everything is mostly fine with its infrastructure, following a leaked report that everything was not.

Last month, the ABC reported that an internal audit written by KPMG had given many elements of DPS the lowest cyber maturity rating possible.

At Senate Estimates on Monday morning, DPS secretary Rob Stefanik said the leaked report was a draft prepared after the advisory giant had completed its “preliminary field work”.

“It wasn’t until a process of validation and verification that a lot of the information presented in that draft was simply found to be incorrect and the final report that they had produced, which had an implementation plan in it, in July 2019, did not have the statements in it that the original draft did.”

Stefanik said that instead of receiving the “ad hoc” rating — the lowest possible rating on a scale that ranges from ad hoc to developing, to managing, to embedded as the highest rating — the department bagged a “managing” rating in 85 of 88 criteria, with the remaining three being scored as “developing”.

Labor Senator Kimberley Kitching asked to what extent the department was able to self-assess its cyber maturity.

“It’s entirely self-assessment,” Stefanik replied.

Senate President Scott Ryan said the final report would not be released, and senators could take their concerns to the private Senate Standing Committee on Appropriations, Staffing, and Security.

“It is not appropriate to release that report because it contains information that could be used to weaken our cybersecurity,” he said.

“We have more lengthy discussions on these matters in a non-public forum to which all senators are entitled to attend and, having consulted officials, both in the Department of the Senate and in DPS, it is the view that that committee, which has a specific mandate regarding information technology in its terms of reference, is the appropriate place to discuss matters that should not be drawn to public attention or exposed to public.”

In earlier remarks, Ryan said public sector networks were targeted across a four-day period in October.

“During this period, the investment that DPS made in cybersecurity has paid dividends,” Ryan said.

“Our cybersecurity operation centre was able to leverage information from partners to be well prepared in advance of the campaign, and protective controls in place, blocked many attempts to inject malware into the environment.”

The attackers also went after parliamentary staff on their personal email addresses in an attempt to gain access to the parliamentary network.

“I’m pleased to report that there was a high degree of co-operation by users during this period, combined with the maturing cybersecurity defences that have been put in place. They both ensured that the parliamentary environment was protected from this attack,” the Senate President said.

“This is one example of many cases on a daily basis where parliament is targeted by malicious actors.”

The parliamentary network and Australia’s political parties were not successfully defended during an attack in February 2019.

For eight days, the attacker described as a state actor was able to remain on the network.

“While I do not propose to discuss operational security matters in detail, I can state that a small number of users visited a legitimate external website that had been compromised,” Ryan said at the time.

“This caused malware to be injected into the Parliamentary Computing Network.”

The incident highlighted the awful password practices present with Australia’s parliament.

Related Coverage

Parliament House hack report reveals poor password practices

It took eight days to flush February’s cyber attackers from Australia’s parliamentary network. A procedure to authenticate staff asking to reset their boss’ passwords only came another week later.

Ransomware infection takes some police car laptops offline in Georgia

Ransomware infection impacted police car laptops for the Georgia State Patrol, Georgia Capitol Police, and the Georgia Motor Carrier Compliance Division.

Department of Parliamentary Services says February attack was ‘detected early’

The department admitted it has work to do on fighting external threats.

Australian government computing network reset following security ‘incident’

Department of Parliamentary Services says there is no evidence to suggest data has been taken or accessed, or that the incident is part of a plan to influence electoral processes.

Cybercriminals flooding the web with coronavirus-themed spam and malware (TechRepublic)

Hackers have expanded their exploitation of the outbreak fears with hundreds of scams and operations.

Source link

The post #cyberfraud | #cybercriminals | Department of Parliamentary Services gives itself cyber tick of approval appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | State Department Official Condemns Harassment Of Iranian Journalists Abroad

Source: National Cyber Security – Produced By Gregory Evans

U.S. Assistant Secretary of State Roberto Destro has blasted Islamic Republic officials for threatening and persecuting Iranian journalists living abroad.

“The U.S. condemns the harassment and threats that Persian-language reporters are receiving from Iranian regime officials while working abroad,” Destro tweeted on Thursday, February 6.

Assistant Secretary of State in the Bureau of Democracy, Human Rights and Labor at the U.S. Department of State also asserted in his tweet, “We stand with the Iranian people in their right to freedom of information and with independent journalists fighting to inform the public.”

Reports on threats and harassment of Iranian journalists living and working outside the country have been rife in the past few months, leading to widespread international condemnation. The same kind of pressures were also intense prior to the start of nuclear negotiations in 2013.

Iran-linked hackers pose as journalists in email scams to obtain passwords and break into the email accounts of journalists, Reuters said in an exclusive report on Wednesday, February 5.

In a report published Wednesday, London-based cybersecurity company, Certfa, has named a hacking group nicknamed Charming Kitten, which has long been associated with Iran.

Israeli firm ClearSky Cyber Security provided Reuters with documentation of impersonations of two media figures at CNN and Deutsche Welle, a German public broadcaster. ClearSky also linked the hacking attempts to Charming Kitten, describing the individuals targeted as Israeli academics or researchers who study Iran. ClearSky declined to give the specific number of people targeted or to name them, citing client confidentiality, Reuters reported.

Source link

The post #cyberfraud | #cybercriminals | State Department Official Condemns Harassment Of Iranian Journalists Abroad appeared first on National Cyber Security.

View full post on National Cyber Security

2,000 #computers were #shut down due to #SamSam virus #attack to #Colorado Department of #Transportation

Source: National Cyber Security News

On Wednesday morning the workday in Colorado Department of Transportation (CDOT) was disturbed. The institution went back to good old days when computers were not existing due to SamSam ransomware virus attack.

On February 22, the file-encrypting virus hit CDOT’s computers, encrypted files and demanded to pay the ransom in Bitcoins. More than 2,000 computers were shut down to stop and investigate the attack.

According to the CDOT spokeswoman, the version of SamSam ransomware hit only Windows OS computers even though they were secured by McAfee antivirus. However, CDOT and security software providers are working on virus elimination.

Fortunately, Colorado Department of Transportation has all data backed up. Therefore, they are not going to pay the ransom and crooks attempts to blackmail the institution did not succeed.

Meanwhile, employees are forbidden from accessing the Internet until the problem is solved. Ransomware did not affect any critical services, such as cameras, alerts on traffics or variable message boards.

Authors of SamSam ransomware already received money from victims in 2018
SamSam ransomware is known for a while. Numerous versions of malware hit hospitals and other institutions last year. Colorado Department of Transportation is not the first organization that was in the target eye of the ransomware creators this year too.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Department of #Homeland #Security Finds #Cybersecurity #Flaws in First #Responder Apps

Source: National Cyber Security – Produced By Gregory Evans

The Department of Homeland Security found critical cybersecurity flaws in mobile apps being used by public safety official during emergencies in pilot project.

Thanks to a pilot project run by the Department of Homeland Security (DHS) Science and Technology Directorate (S&T), numerous cybersecurity vulnerabilities discovered in mobile apps used by first responders have been patched.

In emergency and disaster situations, mobile devices and apps enable public-safety professionals to receive and share critical information in real-time. The department’s S&T Directorate established the pilot projectin order to test how vulnerable smartphone apps used in the public safety sector are to cyberattack, including ransomware and spyware, and whether certain apps have coding vulnerabilities that could compromise device security, expose sensitive data, or allow for spying.

The pilot-testing project discovered potential security and privacy concerns — such as access to the device camera, contacts or SMS messages — in 32 of 33 popular apps that were tested. In all, 18 apps were discovered to have critical flaws such as hard-coded credentials stored in binary, issues with handling Secure Sockets Layer certificates or susceptibility to “man-in-the-middle” attacks.

Pilot project leaders worked with each app developer to remediate identified vulnerabilities, according to a press release. So far, 10 developers successfully remediated their apps, and as a result of the pilot project, the security and privacy concerns of 14 mobile apps were addressed.
“This pilot project illustrates the efficacy, benefits and value an ongoing app-testing program will provide to the public-safety community and the nation,” says Vincent Sritapan, S&T’s program manager for mobile security research and development. “During the testing phase, numerous cyber vulnerabilities were identified and remediated. This model can be used to ensure all apps used by the public-safety professionals are secured against cyberattacks and other security and privacy weaknesses.”

The post Department of #Homeland #Security Finds #Cybersecurity #Flaws in First #Responder Apps appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures