first

now browsing by tag

 
 

Department of #Homeland #Security Finds #Cybersecurity #Flaws in First #Responder Apps

Source: National Cyber Security – Produced By Gregory Evans

The Department of Homeland Security found critical cybersecurity flaws in mobile apps being used by public safety official during emergencies in pilot project.

Thanks to a pilot project run by the Department of Homeland Security (DHS) Science and Technology Directorate (S&T), numerous cybersecurity vulnerabilities discovered in mobile apps used by first responders have been patched.

In emergency and disaster situations, mobile devices and apps enable public-safety professionals to receive and share critical information in real-time. The department’s S&T Directorate established the pilot projectin order to test how vulnerable smartphone apps used in the public safety sector are to cyberattack, including ransomware and spyware, and whether certain apps have coding vulnerabilities that could compromise device security, expose sensitive data, or allow for spying.

The pilot-testing project discovered potential security and privacy concerns — such as access to the device camera, contacts or SMS messages — in 32 of 33 popular apps that were tested. In all, 18 apps were discovered to have critical flaws such as hard-coded credentials stored in binary, issues with handling Secure Sockets Layer certificates or susceptibility to “man-in-the-middle” attacks.

Pilot project leaders worked with each app developer to remediate identified vulnerabilities, according to a press release. So far, 10 developers successfully remediated their apps, and as a result of the pilot project, the security and privacy concerns of 14 mobile apps were addressed.
“This pilot project illustrates the efficacy, benefits and value an ongoing app-testing program will provide to the public-safety community and the nation,” says Vincent Sritapan, S&T’s program manager for mobile security research and development. “During the testing phase, numerous cyber vulnerabilities were identified and remediated. This model can be used to ensure all apps used by the public-safety professionals are secured against cyberattacks and other security and privacy weaknesses.”

The post Department of #Homeland #Security Finds #Cybersecurity #Flaws in First #Responder Apps appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

China #unveils its first #civil-military #cybersecurity innovation #center

Source: National Cyber Security – Produced By Gregory Evans

China on Tuesday unveiled the nation’s first cybersecurity innovation center developed under the national strategy of civil-military integration, amid Beijing’s call to step up its national cyber defenses.

The freshly-established center has set the ambitious goal of setting up a cutting-edge cybersecurity defense system for the military to help win future cyber wars.

It was set up under the instruction of the Central Commission for Integrated Military and Civilian Development and related military bodies, which will also supervise and manage the center during its operation by one of China’s leading cybersecurity companies, 360 Enterprise Security Group.

According to Wu Yunkun, president of the security group, the center will focus on building cyber defense systems for military-related internet services and a threat intelligence sharing mechanism for military users in the first stage.

It will work to encourage more small- and medium-sized companies to cooperate on technology R&D projects in order to guarantee the supply of cyber defense services that can meet practical combat requirements, Wu introduced.

Specifically, the center wants to set up a special fund for cybersecurity innovation investment and teams of researchers that are supported by local governments, the military, and enterprises. It is also mulling to conduct a pilot study on cyber militia construction and to set up a mechanism to offer cyber emergency response services and advanced persistent threat (APT) analysis and monitoring services to the military and local government bodies.

China has long attached significance to cybersecurity, and the eminent influence of cybersecurity in the military domain in particular has been increasingly valued by the central government.

In a strategy paper released by Cyberspace Administration of China (CAC) last December, China vowed to develop a cyber defense compatible with its international status as a major cyber power – a national goal with a development timeline by 2035.

Three months later, an international strategy document published by the Chinese foreign ministry and CAC made clear that national defense in cyberspace is one crucial part of Chinese military modernization, following the same military strategy of active defense.

“Countries like the US and Israel that are taking the lead in cyberspace development have demonstrated how cybersecurity companies can help support a nation’s national defense needs in the virtual world. In turn, the development of cyber defense can help give a boost to the whole industry,” Qi Xiangdong, Chairman of the 360 Enterprise Security Group, noted at the ceremony.

The post China #unveils its first #civil-military #cybersecurity innovation #center appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Risk #assessment: The #first step in #improving #cyber security

Source: National Cyber Security – Produced By Gregory Evans

Despite the proliferation of high profile cyber-attacks over the last 18 months, many organisations are still too disorganised in their approach to security. While it is no longer feasible to guarantee 100% protection against a breach, businesses are setting themselves up for a fall by failing to adequately understand and prepare for the risks facing them.

PwC’s 2018 Information Security Survey, which surveyed more than 9,000 business and technology executives around the world, found that more than a quarter (28%) don’t know how many cyber-attacks they have suffered in total, and a third also don’t know how they occurred. While some security incidents are the result of high level attackers using advanced techniques to disguise their activity, the vast majority of cases are caused by common security failings and could be easily prevented with better governance and process control.

Perhaps the most important step an organisation can take to improve its security is to undertake a thorough IT risk assessment. This is crucial to understanding where the biggest vulnerabilities within the organisation are, as well as what potential external threats it may be facing. Any company attempting to create an IT security strategy without this knowledge will simply be throwing money at the problem. This approach will certainly miss the basic mistakes in IT management that enable attacks and lead to accidental breaches.

A comprehensive risk assessment needs to not only take into account the internal processes at the company, but also a variety of third parties including suppliers and contractors, as well as the role of an increasingly mobile workforce. With this in mind, a thorough assessment is no small task, and usually takes a great deal of planning and preparation to execute.

Choosing a risk framework

As a result of the complexity involved, most companies usually turn to one of the various pre-existing risk assessment frameworks that have been developed over the last few decades as the IT industry has matured. While these frameworks are extremely useful resources, companies should not rely on them to entirely shape their strategy. We still see too many organisations taking a premade framework and going through it as a tick-box exercise. No two businesses are the same, so assessment frameworks can only ever be a general guide and starting place.

Instead, companies need to base their assessment around their own unique structure and risk profile, incorporating elements of existing frameworks where they are appropriate. Encouragingly, 53% of respondents in PwC’s survey stated that spending on their information security budget was based exclusively around risk.

Perhaps the most popular choice of risk assessment frameworks are those created by NIST, the National Institute of Standards and Technology. The NIST 800-53 and NIST Cybersecurity Framework (CSF) are regularly used by governmental agencies and educational institutions as well as private enterprises.

Exploring NIST and ISO

The earlier framework NIST 800-53 was designed to support compliance with the U.S. Federal Information Processing Standards (FIPS). This special publication provides organisational officials with evidence about the effectiveness of implemented controls, indications of quality of risk management processes used and information regarding the strengths and weaknesses of information systems.

The CSF was designed to help organisations of all sizes and any degree of cyber security sophistication apply best practice of risk management. The framework is comprised of three components: framework profile, framework core and framework implementation tiers.

NIST’s roots with the US Commerce Department make it fairly US-centric, but the CSF also incorporates globally recognised standards, making it useful for risk assessment around the world. It is also designed to be flexible and can be used alongside other cybersecurity risk management processes, such as the ISO (International Organisation for Standardization) standards.

Indeed, the ISO/IEC 27000-series, jointly published by the ISO and the International Electrotechnical Commission (IEC), is another of the most well-known and widely used frameworks. Like NIST, the ISO frameworks are flexible enough to fit most organisational sizes and structures. The frameworks can be useful in dissuading an organisation from the tick box compliance mindset, as they encourage organisations to assess their own information security risks and implement controls according to their needs. The ISO series also promotes a continuous feedback approach to address changes in the threat landscape or within the company and implement iterative improvements.

Other strong framework choices to consider include OCTAVE, which has a broader, simpler approach that easy to integrate, and COBIT, an operational framework with a focus on uptime that is well-suited to manufacturing firms and others where uptime is important.

Taking risk assessment to the top

Whichever combination of frameworks the company decides to incorporate for its risk assessment, it is essential to relate the process back to the organisation’s unique operational structure and business objectives. One of the most important activities in preparing a comprehensive assessment is to conduct in-depth interviews with senior management, IT administrators and other stakeholders across the organisation. This will help to develop a much more realistic understanding of the organisation’s potential threats, likelihood of compromise and the impact of the loss, as well as relating everything back to its business priorities.

It is also essential that the risk assessment is understood and supported at the highest level of the organisation. PwC’s survey found that only 44% of boards are actively participating in their security strategy. Without buy-in from the board and other senior leaders, a risk assessment is likely to end up being little more than a series of recommendations that are never actually implemented. By aligning popular industry assessment frameworks with their business objectives, organisations can conduct an assessment that not only highlights potential threats, but goes on to implement real changes that improve its security posture.

The post Risk #assessment: The #first step in #improving #cyber security appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Ukrainian hacker became first witness in FBI’s ‘Russian case’ of hacking servers of US Democratic Party

Source: National Cyber Security – Produced By Gregory Evans

The Ukrainian hacker gave confessions and witnessed the US Federal Bureau of Investigation in the case of hacking servers of the US Democratic Party during the campaign, which for Hillary Clinton turned into a series of scandals and became victorious for Republican Donald Trump. Russia is accused of organizing crack…

The post Ukrainian hacker became first witness in FBI’s ‘Russian case’ of hacking servers of US Democratic Party appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Chester County First Responders and Citizens Are Vulnerable to Hackers Due to Cyber Security Gaps

Source: National Cyber Security – Produced By Gregory Evans

Chester County First Responders and Citizens Are Vulnerable to Hackers Due to Cyber Security Gaps

If you’ve ever been pulled over by police or had an ambulance rush to your home, laptop computers offer a way for first responders to check some of your most personal information. Former Chester County Technical Communications Specialist David Cucchi …

The post Chester County First Responders and Citizens Are Vulnerable to Hackers Due to Cyber Security Gaps appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Corvil Develops World’s First Virtual Security Expert to Address Cybersecurity in Financial Markets

Source: National Cyber Security – Produced By Gregory Evans

Corvil Develops World’s First Virtual Security Expert to Address Cybersecurity in Financial Markets

Corvil today announced a cybersecurity solution specifically designed to address the unique security needs of today’s electronic trading businesses looking to solve escalating concerns over cyber attacks while demonstrating compliance with evolving regulations. Powered by sophisticated machine learning algorithms, Corvil “Cara” acts as a virtual security expert that autonomously identifies vulnerabilities and possible attacks within trading environments that often process …

The post Corvil Develops World’s First Virtual Security Expert to Address Cybersecurity in Financial Markets appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

GDaddy: First Gay Sugar Daddy and Young Gay Men Dating APP Coming Out To UK

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ GDaddy, A brand new, also the first dating app aiming to bring a simple way for gay sugar daddies and gay sugar babies, making his first appearance in UK. As a …

The post GDaddy: First Gay Sugar Daddy and Young Gay Men Dating APP Coming Out To UK appeared first on Become007.com.

View full post on Become007.com

How to ward off homesickness, bullies and other problems that could arise at your child’s first sleepaway camp

The first time Lisa Fleming dropped her children off at sleepaway camp, she was a nervous wreck.

“I was so worried,” Fleming says. “I had a miserable week.”

Luckily, none of her fears were realized. “They had the most amazing week ever and were crying when we picked them up,” she says. “They didn’t want to leave their friends and counselors.”

This summer, she’s dropping off her 10-year-old son — the youngest of her three kids — at the same camp (Camp Quest Chesapeake, an educational adventure camp in Courtland, Va., about a three-hour drive from D.C.) with a lot more peace of mind.

Read More

The post How to ward off homesickness, bullies and other problems that could arise at your child’s first sleepaway camp appeared first on Parent Security Online.

View full post on Parent Security Online

“Hacking the Cosmos” –China Completing World’s First ExaScale Supercomputer

Source: National Cyber Security – Produced By Gregory Evans

“Hacking the Cosmos” –China Completing World’s First ExaScale Supercomputer

China is moving quickly to solidify its lead in the world’s digital arms race. Last year, the country unveiled the world’s fastest supercomputer, the Sunway TaihuLight (above). This year, according to state news agency Xinhua, the government has set its …

The post “Hacking the Cosmos” –China Completing World’s First ExaScale Supercomputer appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

You’ll Have To Face Your Ex Eventually, Why Not Make A Great Second First Impression

I couldn’t possibly care less about getting my last ex back. We were only together for five months, but it felt like forever. Now, don’t get me wrong, he’s a great guy, but I don’t want to have people in my life that don’t want to be there. However, if I see him out and about, which is highly likely seeing as we live in the same small town and spend our time doing the same things with the same groups of people, I wouldn’t mind making him second-guess his decision to end the relationship. Read More….

The post You’ll Have To Face Your Ex Eventually, Why Not Make A Great Second First Impression appeared first on Dating Scams 101.

View full post on Dating Scams 101