now browsing by tag


#nationalcybersecuritymonth | Here’s why the State Department may need a new cyber office

Source: National Cyber Security – Produced By Gregory Evans

The Cyberspace Solarium Commission will recommend that the Department of State establish a bureau focused on international cybersecurity efforts and emerging technologies as part of its forthcoming report, commissioners said March 3 at the Carnegie Endowment for International Peace.

The suggestion from the commission, made up of government and non-government cybersecurity experts developing cyber policy recommendations, comes as part of a broader belief in the group that the State Department needs to be more involved on cybersecurity issues.

Among the report’s 75 recommendations, set for release March 11, will be the proposal for a new State Department office called the “Bureau for Cyberspace Security and Emerging Technologies,” in addition to a new assistant secretary of state position to coordinate international outreach for cyber issues and emerging tech.

The new position would report to the deputy secretary of state or undersecretary of political affairs, according to Rep. Jim Langevin, D-R.I., a member of the commission. The goal of the new office is to take cybersecurity issues at the department and “raising its level of importance and stature … to reinforce that this is an international approach that we need to and want to take,” Langevin said.

In its fiscal 2021 budget request, released in February, the State Department asked Congress for $6 million in new funding for establish an “Cyberspace Security and Emerging Technologies” office. According to the budget request, the office would “allow the Department of State to ensure the development of long-term, comprehensive expertise in order to fully support U.S. foreign policy and diplomatic initiatives needed to meet the national security challenges posed by cyberspace and emerging technologies.”

Right now, the top cybersecurity official at the State Department is Robert Strayer, who has headed 5G policy and international outreach for that issue. That effort has centered on convincing allies not to use hardware from the China-based Huawei company in their 5G networks — an effort that has had limited success.

For example, Great Britain announced last month that it would allow Chinese tech in non-critical portions of its 5G network. Germany is also reportedly expected to make a decision soon. Chris Inglis, former deputy director of the NSA and current Solarium commissioner, said that the United States may have had limited success on the issue because U.S. policymakers were “late to the game” and there wasn’t an agency charged with that role. That’s a gap the suggested bureau would fill.

The commission is needed “so that in the future hopefully 6G, 7G, 10G will be the responsibility of somebody at least in terms of the international portfolio,” Inglis said.

Two weeks ago, the State Department was a key part of an international effort attributing a 2019 cyberattack on the country of Georgia to Russian military intelligence. Langevin wants to see more.

“They need more resources, more people, more expertise within the State Department to raise the profile and also to be able to be proactive in being involved with international …. groups that are involved in setting international cyber norms,” he said.

Source link

The post #nationalcybersecuritymonth | Here’s why the State Department may need a new cyber office appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | G Suite Vs Office 365: How do you Pick the Right One?

Source: National Cyber Security – Produced By Gregory Evans

G Suite’s Advantages

Built for Mobile Usage
G Suite was built with a mobile-first design ethos. It works OOTB on a browser with a seamless device-agnostic UX from desktop to mobile devices. Owing to its leanness, it works at a high speed even with slow connectivity and low device processing power. 

Designed for Distributed Workforces
G Suite pioneered cloud-based document collaboration — view comments and edits made by your distributed team in real-time. Documents, spreadsheets, and presentations can be viewed directly from your email, without opening separate apps.

Rapid Adoption
G Suite’s star quality would be usability. It’s intuitive enough for employees to use from the get-go with minimal training. Moreover, as personal GMail has such ubiquitous adoption, there will be existing familiarity with the UI and workings of G Suite. This is particularly helpful for SMBs, educational institutions and non-profits with non-technical users and stretched IT teams.

Office 365’s Advantages

Built for Occasionally Connected Users
The “origin” of Office 365 is Microsoft Office, a set of desktop tools that remains the gold standard for personal productivity. Consequently, Office 365 has robust desktop clients for both Windows and Mac, providing powerful productivity tools that allow users to work anywhere. This combined with the offline capabilities of OneDrive for Business helps employees to easily work offline on documents. 

Seamless Transition to the Cloud
On-premises versions of Exchange and SharePoint have been the enterprise’s de-facto email and collaboration platform for decades, and employees who have been using it will be familiar with its cloud-based counterpart’s solutions. When using the desktop office applications or their web-based counterparts, users will be able to work the same way they always did,.

Support for Scalability
Office 365 comes with in-built integration with Azure and a centralized Admin Center with powerful management and compliance tools. It can thus effortlessly scale as your organization grows. Office 365 for business and enterprise options also have a spectrum of pricing options and provisions such as mixing licenses, suitable for a growing organization.

Picking the One That Fits

As with any org-wide platform, for it to be successfully adopted, what matters most is picking the solution that fits best in the organization, as opposed to picking the solution with maximum perceived features. 

  • Start with a detailed analysis of your current landscape — software stack, data requirements, business workflows and goals, nature of workforce (remote/co-located, mobile/desktop users), etc. 
  • Then understand the reasons why your organization is migrating. This will help you accurately gauge the ROI that the SaaS platform will bring to your organization by. 
  • Map the business benefits you expect with the features in the SaaS platform that will accelerate/deliver them. 
  • Reality-check their feasibility with the detailed analysis of your organization.

This will also help with planning the type of migration (phased rollout, email only, etc.), drawing accurate timelines and prioritizing the various phases of the migration. 

Don’t Forget to Secure your Move to the Cloud

After you select the SaaS platform that’s right for your organization and move to it, don’t forget to secure it. SaaS data requires protection too. The best-in-class platforms cannot protect you from data loss at your end due to human/malicious errors, sync errors or malware.

Secure your migration with Spanning’s top-rated backup solutions for both Office 365 and G Suite.

See Why SaaS Needs Protection

Source link

The post #cybersecurity | #hackerspace |<p> G Suite Vs Office 365: How do you Pick the Right One? <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Third party minimum cyber compliance for My Health Record skipped: Audit Office

Source: National Cyber Security – Produced By Gregory Evans Less than 2 percent of My Health Record trial users opted out The Department of Health and Australian Digital Health Agency (ADHA) agree that around 500,000 Australians will opt out of having a My Health Record. Read more: The Australian National Audit Office (ANAO) has […] View full post on

A #Hacking Group Is #Already #Exploiting the #Office #Equation Editor #Bug

Source: National Cyber Security – Produced By Gregory Evans

A week after details about a severe Microsoft Office vulnerability came to light, at least one criminal group is now using it to infect users.

The group is not your regular spam botnet, but a top cyber-criminal operation known to security researchers as Cobalt, a hacking outfit that has targeted banks, ATM networks, and financial institutions for the past two years.

CVE-2017-11882 used by Cobalt hacking group

According to Reversing Labs, a UK-based cyber-security firm, the Cobalt group is now spreading RTF documents to high-value targets that are laced with exploits that take advantage of CVE-2017-11882.

This is a vulnerability in the Office Equation Editor component that allows an attacker to execute code on victims’ computers without user interaction.

You don’t need a grizzled veteran of the infosec community to tell you that a vulnerability with such results would be incredibly valuable for any cyber-criminal organization.

Besides the damage this vulnerability can do, Cobalt’s quick adoption of CVE-2017-11882 was most likely aided by the availability of four proof of concept (PoC) exploits that have been published online in the past week [1, 2, 3, 4].

According to Reversing Labs, the Cobalt is currently sending emails laced with a booby-trapped RTF file that would utilize a CVE-2017-11882 exploit to download and run additional malicious files. The infection chain would go through multiple steps, but in the end, it would download and load a malicious DLL file that has yet to be analyzed in more depth.

Proofpoint Matthew Mesa also saw the same emails, but saw a slightly different exploitation chain.

Cobalt has jumped on Microsoft bugs before

As for the Cobalt group, they have a history of jumping on Microsoft bugs as soon as they’re disclosed and weaponizing them for their campaigns. The same thing happened with CVE-2017-8759, a remote code execution vulnerability that affected the .NET Framework, patched by Microsoft in the September 2017 Patch Tuesday.

Security firms first started documenting the Cobalt group in 2016, when it was spotted hitting ATMs and financial institutions across Europe. The group then spread to targets in the Americas, and later also targeted Russian banks, using the ex-Soviet space as a testing ground for new attacks, before it moved to more wealthy targets elsewhere.

The group’s most well-known malware family is Cobalt Strike, named after an eponymous commercial penetration testing software because it uses some of its components.

Patch now, before vulnerability is exploited en masse

As we’ve seen in the past, it doesn’t take too long for a vulnerability to trickle down from professional cyber-criminal groups to spam botnet herders once public PoCs are available.

Users should apply Windows updates KB2553204, KB3162047, KB4011276, and KB4011262, included in the November 2017 Patch Tuesday, to guard against CVE-2017-11882 exploitation.


The post A #Hacking Group Is #Already #Exploiting the #Office #Equation Editor #Bug appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers #target Office as #Microsoft warns of new #vulnerability being #exploited by Russia-linked #hackers

Source: National Cyber Security – Produced By Gregory Evans

Cyber crooks are taking advantage of a recently discovered vulnerability in Microsoft Office to hide malicious code in Word documents, the software giant has warned.

Furthermore, the flaws are being taken advantage of by a Russia-linked hacking group called APT28, who are expoiting a vulnerability in the Dynamic Data Exchange (DDE) component of Office.

According to the researchers, the hackers have been exploiting the flaw for around a month.

This is responsible for transporting data and messages between applications. The exploit affects Outlook email accounts, Word documents and Excel spreadsheets.

The hackers, also known collectively as Fancy Bear and linked with the Russian government, have benefited from the protocol because it doesn’t warn users to enable macros. However, pop-ups asking users to update files may sometimes appear.

Security firm McAfee claimed that the hacking group has been taking advantage of the recent New York terror attack to propagate its malicious code, inserting malware into a document talking about the incident.

“McAfee Advanced Threat Research analysts identified a malicious Word document that appears to leverage the Microsoft Office Dynamic Data Exchange (DDE) technique that has been previously reported by Advanced Threat Research,” it claimed.

“This document likely marks the first observed use of this technique by APT28. The use of DDE with PowerShell allows an attacker to execute arbitrary code on a victim’s system, regardless whether macros are enabled.

“APT28, also known as Fancy Bear, has recently focused on using different themes. In this case it capitalised on the recent terrorist attack in New York City.

“The document itself is blank. Once opened, the document contacts a control server to drop the first stage of the malware, Seduploader, onto a victim’s system.”

Microsoft has since released a specialist advisory detailing the vulnerability and how it affects users. It is now working on a patch, but the Advisory effectively serves notice to other hacking groups of a glaring flaw in Office that others will now seek to exploit.

“In an email attack scenario, an attacker could leverage the DDE protocol by sending a specially crafted file to the user and then convincing the user to open the file, typically by way of an enticement in an email,” it said.

“The attacker would have to convince the user to disable Protected Mode and click through one or more additional prompts. As email attachments are a primary method an attacker could use to spread malware, Microsoft strongly recommends that customers exercise caution when opening suspicious file attachments.

“Microsoft strongly encourages all users of Microsoft Office to review the security-related feature control keys and to enable them. Setting the registry keys described in the following sections disables automatic update of data from linked fields.”

The post Hackers #target Office as #Microsoft warns of new #vulnerability being #exploited by Russia-linked #hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How can smart and connected devices improve office security?

Source: National Cyber Security – Produced By Gregory Evans

Smart technology has the potential to add a much needed additional layer of security to our offices. Over the last 10 years, technology in offices has been constantly evolving. Office staff no longer rely on fax machines and slow, low quality printers; a huge number of employees now work from…

The post How can smart and connected devices improve office security? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity: is the office coffee machine watching you?

Source: National Cyber Security – Produced By Gregory Evans

Cybersecurity: is the office coffee machine watching you?

Troubled by something deeply unethical going on at work? Or maybe you’re plotting to leak sensitive information on the company that just sacked you? Either way, you best think twice before making your next move because an all-seeing artificial intelligence might just be analysing every email you send, every file you upload, every room you scan into – even your coffee routine.

The latest wave of cyber-defence technology employs machine learning to monitor use of the ever-expanding number of smart household objects connected to the Internet of Things – shutting down hackers before they’ve broken into corporate databases or whistleblowers before they’ve forwarded on information to the media.

One of the leading proponents is cyber-defence company Darktrace, founded in 2013 by former British intelligence officers in Cambridge and today featuring 370 employees in 23 offices globally. The company is targeting growth in the Asia-Pacific, where regional head Sanjay Aurora is promoting Darktrace’s Enterprise Immune System at the CeBIT Australia conference in Sydney on 23 May.

In an interview ahead of the conference, Aurora tells the Guardian that the Internet of Things, the interconnected everyday devices such as the smart fridge, offers more vulnerabilities to be hacked than ever before – but also more ways to scan for threats.

“In newspapers there is not a single day where we don’t read about an organisation being breached,” he says.

“At a time when even coffee machines have IP addresses, many people in security teams don’t so much as have visibility of the network.”

Where cybersecurity normally functions as a barrier to keep out previously-identified threats, Aurora says Darktrace technology behaves more like a human immune system.

“Once you understand the devices and people, once you notice subtle changes within the network, you establish a pattern of life, and whether it is lateral movement or unusual activity – maybe an employee using a device they don’t normally use, or a fingerprint scanner acting unusually – the immune system notices and takes action, detecting these things in network before they become a headline,” he says.

Darktrace’s package includes a 3D topographical real-time “threat visualizer”, which monitors everyday network activity, and the responsive Antigena system, which can decide for itself to slow systems down to give security personnel time to stop a potential breach, cut off network access to particular individuals, or mark specific emails for further investigation.

“Let’s say an employee is made redundant and becomes a potential information threat, the machine will intelligently determine what is the problem, assess the mathematical threat and then decide what action is to be taken,” Aurora says.

Darktrace claims its Enterprise Immune System has reported over 30,000 serious cyber incidents in over 2,000 deployments across the world, offering up examples such as an employee who was disgruntled about their company’s Brexit plans and was caught before they could leak the information. Another case was put forward by Darktrace co-founder Poppy Gustafsson at the TechCrunch Disrupt conference in London last year. Gustafsson cited the case of attackers sending a truck into the warehouse of a luxury goods manufacturer after uploading their fingerprints to the company’s system in order to bypass the biometric scanners.

“It’s one of the few attacks where a criminal has given their fingerprint ahead of time,” she said.

Darktrace is well on the way to establishing itself in Australia ahead of the CeBIT business tech conference, already boasting clients such as national telecommunications provider Telstra.

According to a Telstra spokesperson, the company “joined forces with Darktrace in 2016, adding it to a suite of complementary security technologies which are designed and utilised to protect customer and corporate information and the Telstra network. Darktrace, along with our other technologies, people and processes, strengthens Telstra’s internal security through its ability to detect anomalous activity and its ability to visualise all network activity, resulting in a reduced time to detect potential threats.”

The move has attracted concern from Communication Workers Union (CWU) national secretary Greg Rayner, who says the union was not consulted on the introduction of the technology.

“That’s disappointing and arguably a breach of Telstra’s obligations under the current enterprise agreement,” he says.

“They’re supposed to consult on changes that will have a significant effect on the workforce. Telstra employees have been subjected to increasingly intense electronic monitoring in recent years, including scrutiny and recording of their online activities at work. We are obviously concerned that this technology will allow further intrusions into employees’ day-to-day working lives.”

Telstra has history in regard to unions and whistleblowers – in 2008 former employee Jim Ziogas was fired after being connected to a leak to the media of internal plans to de-unionise the workforce.

Whistleblowers Australia vice-president, Brian Martin, doesn’t have a lot in common with Darktrace, but he does share a fondness for immune-system analogies. “Whistleblowers are antibodies for corruption in organisations,” he tells the Guardian. “If it were possible to prevent leaks (and that remains to be shown), this might only allow problems to fester until they become much worse. Think of what happened to Volkswagen, which lacked any whistleblowers or leakers and paid a much larger penalty than if its emissions fraud had been exposed years earlier.”

He says invading the privacy of workers has the potential to create resentment and undermine loyalty, and that a lack of independent monitoring means there are serious questions regarding the effectiveness of Darktrace’s Enterprise Immune System, particularly in regard to false positives and false negatives.

“The damage to morale done by falsely accusing an employee of planning to leak documents can be imagined,” he says.

“How about this option? Adapt the software to monitor the e-communications of top managers to see whether they are planning reprisals against whistleblowers. How do you think they would like that?”

Devised as it was by former MI5 and GCHQ agents, inspired by the challenges they were facing in counterintelligence, Darktrace technology is also an interesting proposition for governments, but the company is more coy about the countries that it counts as clients than the businesses it services.

For its part, a spokesperson for the Australian Signals Directorate (ASD) – the department of defence intelligence agency that bears the slogan “reveal their secrets, protect our own” – refused to confirm or deny use of Darktrace technology, telling the Guardian it does not “provide commentary on capability or use of commercial products”.

There are certainly plenty of rivals to Darktrace technology also promoting their cybersecurity platform’s integration of the latest machine learning capabilities, including CrowdStrike, Symantec and Cylance.

Then there are Darktrace’s true rivals – hackers themselves. Thomas LaRock, technical evangelist at IT company SolarWinds, warns that machine learning is a tool that can be used to attack just as easily as it can be used to defend.

If it is possible to use machine learning to build a model that helps them launch cyberattacks with greater efficiency, then that’s what you can expect to happen,” he says.

“Think of this as a spy game, where you have agents that go from one side to another. There is bound to be a person somewhere right now working on machine learning models to deter crime. One day they could be found to be working for the criminals, using machine learning models to help commit crime.”

Aurora defends the use of machine learning at Darktrace, arguing this is one game companies cannot afford to opt out of.

“If you look at the way the threat landscape is moving, it is just simply humanly impossible using conventional methods – the only way to react to these threats is AI and machine learning,” he says.

“We are proud to achieve on that front – pure, unsupervised machine learning, as employee behaviour changes. That is the secret sauce – continuously evolving and learning.”


The post Cybersecurity: is the office coffee machine watching you? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

District attorney’s office hires K-9 duo to help child abuse victims

The district attorney’s Bureau of Victim Services announced two unusual hires Monday to help support victims of child abuse and sexual assault.

New K-9 employees Skippy and Bert can be spotted walking around the downtown Hall of Justice with their handlers, Martha Carbajal and Ashley Meyers.

Skippy is a yellow Labrador retriever and Bert is a golden retriever and yellow lab mix.

Both are dubbed “facility dogs.” Unlike other K-9 teams trained to sniff out drugs, explosives and other dangers, facility dogs learn dozens of cues to help them work with victims of crime.

Scientific research shows that caressing an animal produces short-term decreases in blood pressure and heart rate and can also make people feel less lonely.

Read More

View full post on Parent Security Online

Microsoft Office

Source: National Cyber Security – Produced By Gregory Evans

Microsoft Office

Course Description: This course provides an overview of microcomputer applications including Microsoft Windows 8, Microsoft Office 2013, Microsoft Word 2013, Microsoft Excel 2013, and Microsoft PowerPoint 2013. No experience with a computer is assumed, and no mathematics beyond the high …

The post Microsoft Office appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

White House reportedly racing to crack down on Russian hackers before Trump takes office

Source: National Cyber Security – Produced By Gregory Evans

White House reportedly racing to crack down on Russian hackers before Trump takes office

The White House is reportedly racing against time in efforts to implement measures to penalise Russia for allegedly interfering in the US presidential elections. The Obama administration is said to be looking to punish those involved in the election hacking

The post White House reportedly racing to crack down on Russian hackers before Trump takes office appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures