UK NHS to share data causing data privacy concerns among patients

NHS UK has made a public announcement yesterday that it is going to share the data of its patients with third parties that are involved in AI-based research and development programs that benefit the field of Medicine. However, the patients have the option of opting out of this latest update, provided they fill in a form a submit it to their GP Clinic before June 23rd, 2021, respectively.

 

Thus, going forward, NHS will be sharing the information of its 55 million patients in England who often visit their general practitioner clinic for treatments. The objective of information sharing is to allow academics and commercial 3rd party businesses to use that data in the research and planning of new drugs and future innovation of Medicines.

 

Sources say that the initiative was taken after the House of Commons Science and Technology Committee had a tough time in beating the COVID 19 Pandemic with the apt medication/vaccination due to lack of historical patient data share and access.

 

While on one hand, the data advocates are crying out that the information shared could lead to privacy concerns among patients, Matt Hancock, the Health Secretary of the UK assured that the information sharing will be done scientifically as patient data will be transcribed into digital numbers that can only be understood by computing machines processing huge data sets.

 

But what if the database is targeted by hackers like the one witnessed in May 2017 when UK NHS was targeted by a WannaCry Ransomware spreading gang.

 

Cybersecurity Analysts state that the decision taken by NHS to use patient records for academic research has a valid standpoint. However, unless it is done under strict surveillance, none of the benefits could reach the populace.

 

Note- In the year 2013, NHS was involved in a similar data-sharing program called ‘Care Data’ where all the patient data belonging to the Govt backed healthcare services provide was being stored in a central repository. However, the procedure was abandoned in 2016 due to privacy concerns.

The post UK NHS to share data causing data privacy concerns among patients appeared first on Cybersecurity Insiders.

June 01, 2021 at 09:51AM

Read More

Ransomware Cyber Attack on Canada Post leaks data of 950,000 Customers

A Cyber Attack on one of the technology suppliers to Canada Post has reportedly resulted in the leak of information of more than 950,000 customers. And sources say that the primary postal operator of Canada is taking all Cybersecurity measures to prevent such incidents in the future. And out of an abundance of caution has also informed 44 of its customers about the data breach to prevent any identity frauds in the future.

 

Cybersecurity Insiders has learned that the impacted company was Commport Communication that provides shipping manifests and other digital data interchange-related software.

 

Unconfirmed sources say that the firm was hit by a ransomware attack where hackers infiltrated the database, stole a portion of data, and then encrypted the database until a ransom is paid.

 

Information such as names and addresses of the receiver and sender of the items were accessed by hackers.

 

Canada Post issued a media update on this note to confirm the cyber-attack and added that data related to customers who used the services between July 2016 to March 2019 could have been exposed in the incident.

 

Prima Facie has determined that there is no evidence that customer contact and payment info made to the Canada Post were accessed by the hackers and that’s indeed good news.

 

Note- In November last year, Innovapost, a business subsidiary of Canada Post was also hit by ransomware. But forensic evidence later revealed that the hackers only managed to infiltrate the database and never had access or could siphon the data.

The post Ransomware Cyber Attack on Canada Post leaks data of 950,000 Customers appeared first on Cybersecurity Insiders.

June 01, 2021 at 09:49AM

Read More

Humach Expresses Concern on New Compliance Vulnerabilities for Remote Contact Centers

PLANO, Texas–(BUSINESS WIRE)–As COVID-19 forced businesses to adapt to the new paradigm of remote work at a breakneck pace, expedited telecommuting transitions exposed new vulnerabilities in contact center compliance, security and privacy, and interoperability.

Despite the sudden acceleration of the remote contact center model, Humach, a leading business process and technology outsourcer, has operated fully compliant remote contact centers for over a decade.

Humach CEO, Tim Houlne says, “Compliance should have already been an ongoing business-as-usual practice, but it’s been a blind spot for some organizations during the pandemic. Due to the speed and scale at which remote transitions had to be completed, we saw companies shift focus from security and compliance to other critical areas.”

As a result, current cybersecurity statistics reveal a dramatic increase in hacked and breached organizational data since the pandemic began – which Houlne calls, “unacceptable”. There have been no security incidents occur at Humach to date as they have operated remote contact centers with certifications for PCI DSS compliance, HIPAA, and a wide variety of other privacy and security standards for the last 15+ years.

Humach is encouraging businesses to refocus on security and increase their scope to include recent technology and operational changes that may have introduced new vulnerabilities. They’ve created helpful resources like a Contact Center Continuity Checklist, Beginner’s Guide to Compliance, and are offering free consultations for remote support models.

Houlne went on to say, “The pandemic and this new normal caught businesses by surprise, but it is not a justification to accept substandard security and compliance in place. Businesses can’t afford to deprioritize remote security and compliance during disruption – pandemic or otherwise. There is no grace period for cyberattacks.”

About Humach

Founded in 2015, with roots dating back to 1988, Humach is the leading agent and technology outsourcer behind a suite of cloud-based customer sales and support products that include Humach-at-Home, AI-powered Digital Agents, top-rated omnichannel platforms, and award-winning customer experience solutions. The company’s managed products and services are designed to augment existing contact center models using collaborative intelligence that leverages the strengths of both humans and machines. Humach simplifies and streamlines customer experiences for the world’s leading brands with agents and technology.

The post Humach Expresses Concern on New Compliance Vulnerabilities for Remote Contact Centers appeared first on Cybersecurity Insiders.

June 01, 2021 at 09:08AM

Read More

Microsoft asks all Asian Nations to collectively fight Cyber Threats

Microsoft is urging all APAC nations to collectively fight cyber threats in the region. And to support this objective, the Windows OS software maker has launched an Asia Pacific Public Sector Cyber Security Executive Council(CSEC) constituting 15 policymakers to help APAC nations in sharing threat intelligence, technology, and resources promptly.

 

Singapore, Korea, Malaysia, Indonesia, Brunei, and Thailand have expressed their pleasure in joining the Asia Pacific CSEC that aims to build a strong communication channel between nations for addressing cyber threats among participating countries.

 

The Satya Nadella led company’s perspective is to bring together policymakers from all sectors such as Technology, government, and state agencies and build a threat-sharing intelligence that enables the nations to be fully prepared for attacks on any range and sort.

 

Cybersecurity Insiders has learned that the council will be arranging a meeting on a quarterly to discuss any modalities while sharing information related to cyber threats. Such activities will see that there is a cut down in criminal activities that are rising exponentially with the proliferation of data from digital devices.

 

Redmond giant expects to strengthen the cybersecurity partnership with the help of the newly established Asia Pacific Public Sector Cyber Security Executive Council that will be further assisted by Asia Pacific Economic Cooperation, the Association of Southeast Asian Nations, and the Global Forum on Cyber Expertise.

 

Note- After the Exchange Server Hack, Microsoft is trying hard to serve its customers with the best products and services that are backed by utmost security. But the reality is that any technology when fallen into wrong hands can lead to disasters and so the crux is that it all depends on the brain that is using it….isn’t it?

 

The post Microsoft asks all Asian Nations to collectively fight Cyber Threats appeared first on Cybersecurity Insiders.

May 31, 2021 at 08:48PM

Read More

Suspected Ransomware attack shuts down JBS Meat Processing

Meat processing and distribution came to a standstill due to a cyber attack on the servers of JBS Beef and reports are in that the disruption could cause protein deficiency in countries like Australia, the United States, Canada, and some parts of Europe.

 

Unconfirmed sources reporting to Cybersecurity Insiders have reported that the attack was of ransomware variant and could take days for the meat processing company to find a resolution.

 

Australian Meat Industry Employees Union of Queensland have confirmed the news and added that the digital disruption could result in thousands of workers going pay less for days as they are brought to the facility on an hourly pay basis.

 

Over 6 of the big sites that process beef, pork, and chicken have witnessed a digital disruption making all the machines come to a standstill from the past few hours or so.

 

David Littleproud, the Minister for Agriculture, Australia confirmed that the government was aware of the cyber attack on JBS Products supply and will do all possible help to bring back the supply online.

 

Note 1- The impact is already visible on the operations of JBS Australia as the entire beef and lamb kills processing has been halted due to a halt in the machinery operations of box computer print tickets with barcodes. And if the machinery does not start by the afternoon of Monday, then the meat is on the verge of not meeting the international standards of production.

 

Note 2- JBS Foods are doing all their best in coming out of the situation as early as possible and are in talks with a third party Cybersecurity firm to up their defense-line against such cyber attacks in future.

 

The post Suspected Ransomware attack shuts down JBS Meat Processing appeared first on Cybersecurity Insiders.

May 31, 2021 at 10:31AM

Read More

Microsoft warns against the new Russian Cyber Attacks that targeted 150 US firms

A Russian Hacking group dubbed Nobelium has reportedly targeted more than 3000 Exchange Email server accounts from Microsoft operating across 150 US firms says a report released by Tom Burt, Corporate Vice President and Customer Security & Trust, Microsoft.

 

Microsoft report specifies that the threat actors are showing interest in only government agencies, think tanks, consultants, and NGOs working across North America and in some parts of Europe and have sidelined small and medium scale businesses for now.

While the majority of organizations victimized in the attack belong to the United States, some are also reportedly hailing from 16 countries says the report.

 

The good news is that the attacks were blocked by Windows Defender software and all of the targets were formally informed about the incident.

 

Nobelium is known to target government organizations by targeting Constant Contact accounts used for email marketing. Security experts say that they intend to steal intellectual property and use the device to infect other devices in the network.

 

We all know that the Constant Contact service is typically used in marketing campaigns. And the hacker/s from the Nobelium group are using the victimized machines to distribute phishing emails laced with malicious links that enable backdoors on the victimized machines.

 

Note 1- Early this year, a Chinese hacking group named Hafnium was reportedly involved in infiltrating thousands of Microsoft Exchange servers across the globe.

 

Note 2- In Nov last year, another Russian-funded hacking group was founded in the SolarWinds software hack that targeted most of the federal organizations across North America.

The post Microsoft warns against the new Russian Cyber Attacks that targeted 150 US firms appeared first on Cybersecurity Insiders.

May 31, 2021 at 10:29AM

Read More

Six Key Characteristics of a Modern ZTNA Solutions

This post was originally published by  Jeff Birnbaum.

Even as organizations continue adoption of cloud technologies, the need for secure access to on-premises resources has not gone away. In fact, as many companies navigate a return to the office while simultaneously supporting a portion of the workforce now permanently remote, secure access becomes even more important. 

 

Zero Trust Network Access (ZTNA) has quickly become the gold standard for securing access to on-premises resources, overcoming limitations of traditional VPNs while enabling adoption of modern zero trust security. However, not all ZTNA solutions are built the same. Here are six key characteristics to keep in mind when evaluating ZTNA solutions.

1. Scalable Performance

We have discussed the importance of uptime and performance before, and the message bears repeating for ZTNA solutions. A solution tasked with connecting remote workers to necessary on-premises resources must be responsive and reliable or companies risk losing productivity gains from remote work. A dynamically scalable solution, such as one hosted in the public cloud, provides additional benefits as in-office work ebbs and flows. 

2. Robust Data Loss Prevention (DLP) 

DLP becomes a heightened concern with a remote workforce. In the modern work environment where employees expect to be able to access corporate resources on their own unmanaged personal devices, a ZTNA solution must support advanced DLP capabilities, such as advanced regex and exact data matching, to prevent the exposure of sensitive information through techniques like blocking, digital rights management (DRM), and encryption on download. 

3. Advanced Threat Protection (ATP)

The ease and prevalence in which malware can spread to other devices and users through downloads makes advanced threat protection (ATP) a must-have for ZTNA solutions. A solution using behavior-based techniques with advanced detection engines surpasses those using signature-based techniques and is capable of stopping never-before-seen zero-day threats.

4. BYOD Deployment Options

“Bring-your-own-device” (BYOD) policies are now commonplace in remote work environments. This means an effective ZTNA solution must be capable of serving BYOD users with agentless options while also offering agent-based options for managed devices.  

Read more here: https://www.bitglass.com/blog/

The post Six Key Characteristics of a Modern ZTNA Solutions appeared first on Cybersecurity Insiders.

May 29, 2021 at 09:02PM

Read More

What is data loss prevention?

This article was written by an independent guest author.
DLP security strategies, benefits explained
The threat landscape is a constantly evolving challenge for enterprise security professionals – the number of cyberattacks is continuing to rise, data exfiltration is now included in 70% of ransomware attacks, and insiders are responsible for 30% of all data breaches. As a result, enterprises are constantly looking for ways to reduce the risk of sensitive data being leaked outside the company. And with so many potential weak points, it’s necessary for organizations to put controls and solutions in place that not just monitor for inappropriate egress of corporate data, but also mitigate the risks as close to entirely as possible.
To do this, the most common solutions enterprises turn to is Data Loss Prevention. 
What is data loss prevention? 
In its broadest terms, Data Loss Prevention (DLP) is a set of tools and…

Posted by: Nick Cavalancia

Read full post

     

The post What is data loss prevention? appeared first on Cybersecurity Insiders.

May 29, 2021 at 09:09AM

Read More

Teaching kids internet safety tips for Zoom parties

This blog was written by an independent guest blogger.
Image Source: Pexels
The internet has changed over the years. Kids today are less interested in random chat rooms, and more inclined to connect with their friends via social media. Most recently, Zoom parties have become the norm for kids, especially due to the COVID-19 pandemic.
On paper, Zoom parties can be great ways for kids to stay connected. They can chat with their friends, and even meet people from different parts of the country – or the world! The big difference between Zoom parties and chatrooms of the past is that your child can see the people they’re talking to. While that might make things seem safer, there are still some precautions you, as a parent, should be taking.
Zoom isn’t necessarily 100% safe for kids who might not know the risks. Things like Zoombombing, where &ldquo…

Posted by: Devin Morrissey

Read full post

     

The post Teaching kids internet safety tips for Zoom parties appeared first on Cybersecurity Insiders.

May 28, 2021 at 09:09PM

Read More

Asymmetrical threats in Cybersecurity

Security and defense theory are inextricably entwined. Consider medieval castles. They were designed as a defensive mechanism that provided security to those within, most of whom were simply civilians hiding behind the walls for protection from invaders.  Within cybersecurity, multiple concepts from defense and war theory can be applied to better address the cyber risks facing organizations.  In fact, the term Bastion Host refers to a Bastion which has very militaristic connotations.  In previous posts, the concepts of security cycle theory, attacker motivations, and threat adaptation have been explored.  Another critical concept is that of asymmetric threats. 
The terms Asymmetrical Warfare or Asymmetrical Threats can be summarized simply as the asymmetry that exists between two adversaries and the tactics used by the weaker adversary to render the strengths of the stronger adversary moot. It is rare, though mathematically possible, to have parity between adversaries. …

Posted by: Chris Mark

Read full post

     

The post Asymmetrical threats in Cybersecurity appeared first on Cybersecurity Insiders.

May 28, 2021 at 09:09PM

Read More

QuoLab Technologies Recognized for its Commitment to Enhancing Security Operations

COLUMBIA, Md.–(BUSINESS WIRE)–QuoLab Technologies, provider of a data-centric security operations platform (SOP), today announced that it has been named an industry winner in multiple categories as part of the 2021 Cybersecurity Excellence Awards and the 2021 Cyber Defense Magazine Global Infosec Awards. These accolades come as a result of QuoLab’s continued dedication and work in threat intelligence, incident response and forensics.

In the Cybersecurity Excellence Awards, the company won gold for Incident Response and Forensics, and silver for Threat Detection, Intelligence and Response and Cyber Threat Intelligence. In the Cyber Defense Magazine Global Infosec Awards, the company was recognized as the Hot Company in Incident Response, Most Innovative in Forensics, and Next-Gen in Threat Intelligence.

As the need for information sharing capabilities becomes more apparent to both government and private organizations alike, QuoLab’s SOP empowers security professionals with a system that allows for seamless collaboration among incident response (IR) and forensics professionals. QuoLab’s SOP supports the acquisition and fusion of data sets in a flexible, yet targeted manner, allowing dynamic incidents to be viewed in scope, while the platform’s robust list of integrations allows for interactions between both baseline and specialized tools. These abilities provide professionals with a framework that creates an effective one stop shop for all of a security professional’s IR, TI and forensics needs.

“We are thrilled to be recognized by these award programs for our ongoing efforts to provide professionals with the tools they need to be successful in their incident response and forensics initiatives,” said Dan Young, CEO of QuoLab Technologies. “By bringing teams an increased focus on cooperation combined with scalable, distributed data handling and processing techniques, our platform is able to provide a decisive advantage in the constantly evolving security operations space. This recognition shows us that we are on the right path in bringing actionable intelligence to those who need it most.”

When integrated into an enterprise network, the QuoLab platform automates the management of TI feeds through an extensive library of dedicated connectors, with full support for MISP, STIX, OTX, yara, and many more open formats. Now with a new reporting functionality feature, users are able to generate meaningful, tailored reports that deliver actionable intelligence related to incidents, attacks, threat actors and more to customers and clients. The platform can also cut data and malware processing times by 50%, while increasing the speed by which internal and external threats are matched by 480%.

To learn more about QuoLab Technologies, please visit: https://quolab.com/.

About QuoLab Technologies

QuoLab Technologies empowers security professionals to analyze, investigate and respond to threats within an integrated ecosystem. The collaborative, data-centric platform merges deep analytics and intuitive workflows, enabling human operators to efficiently deliver on their mission. The company believes that increased focus on cooperation, combined with scalable, distributed data handling and processing techniques is the key to gaining a decisive advantage in the ever-evolving security operations space.

The post QuoLab Technologies Recognized for its Commitment to Enhancing Security Operations appeared first on Cybersecurity Insiders.

May 28, 2021 at 09:08PM

Read More

Texas unemployment website hit by identity fraud Cyber Attacks

After making millions by launching unemployment-related identity frauds in states like Florida, Massachusetts, North Carolina, Oklahoma, Rhode Island, Washington, Wyoming, and Hawaii, a hacker gang from Nigeria seems to have diverted their focus to Texas digitally invading the Workforce Commission Website.

Furthermore, the hacker’s group started the distribution of a 13-page reference guide in PDF form on WhatsApp where the cybercriminals are seen detailing how to commit fraud and claim job loss benefits from the unemployment websites if in case they lose jobs due to COVID 19 shutdown or slowdown.

Cybersecurity firm Agari discovered this online fraud and revealed it to the world stating that the cybercriminals were seen targeting unemployment exchanges across the world.

A report published by Agari states that Texas state lost more than $890 million to fraudulent claims in the year 2020 and if this continues, the loss might touch the billion mark within no time.

Going with the figures registered last year in other states, Florida stands tall in the losing stream as estimates are that cyber crooks managed to gain over $980 million from Florida in the name of fraudulent unemployment benefits. Followed by Washington with $940m and North Carolina with $910m worth of fraudulent claims.

Meanwhile, early this month, an assistant to Nigerian Governor was arrested by the US police in New York for committing million-dollar unemployment benefits fraud. The name of the culprit is Abidemi Rufai aka Sandy Tang and the 42-year-old was charged with 6 rounds of wire fraud where he was accused of stealing identities of more than 100 people from Washington to claim unemployment benefits worth $350,000 and then transferred to some online accounts of some money mules.

Washington State Employment Security Department was asked to file a complaint against the accused on Monday this week that could lead the law enforcement to make a wider investigation about the fraud that also involves some nationals from countries like Iran, Israel, Pakistan, and Bangladesh along with Africa.

More details are awaited!

The post Texas unemployment website hit by identity fraud Cyber Attacks appeared first on Cybersecurity Insiders.

May 28, 2021 at 08:43PM

Read More

MORE THAN LIKELY, OR LESS THAN PROBABLE: IS A TRULY QUANTITATIVE SECURITY ANALYSIS POSSIBLE?

This post was originally published by  (ISC)² Management.

The Language of Profit and Loss

Security professionals spend a lot of time honing their area of expertise. Your strength could be in packet analysis, or programming…maybe you are at your best in the realm of security engineering, or pentesting. Or, you may have the best technical skills, but when it comes to obtaining a budget for a project or a new security tool, you need to understand and explain the difference between likelihood, and probability.

Why is this important? This is important because the language of business is based on profits and loss, and that component is key to your progress. How can you describe the need for a new security initiative that makes the point to the people who will fund the venture?

The best way to advance your cause is through quantitative, or qualitative analysis. Specifically, how likely, or how probable an event will occur. As the CISSP Common Body of Knowledge (CBK) describes it, “Likelihood is relevant to qualitative analysis, and probability relates to quantitative.” Some dictionaries don’t make this fine distinction, treating likelihood and probability synonymously, however this is unwise when working in security.

What’s the Difference?

A simple way to remember the difference is that qualitative analysis deals with quality, and quantitative analysis deals with quantities.

Quality = Likelihood measurement

Quantity = Probability measurement

Many treat qualitative analysis as less reliable than quantitative because there are no hard numbers when using qualitative examinations.

When working in risk management, qualitative analysis is usually in order. This is commonly represented by a table showing a risk event against its likelihood and impact. For example, one method that was presented many years ago showed how a qualitative risk analysis was equal for erecting a building against earthquakes was equal for New York and San Francisco.

Read more here: https://blog.isc2.org/isc2_blog/

The post MORE THAN LIKELY, OR LESS THAN PROBABLE: IS A TRULY QUANTITATIVE SECURITY ANALYSIS POSSIBLE? appeared first on Cybersecurity Insiders.

May 28, 2021 at 06:12PM

Read More

HEALTHCARE PRIVACY–BIGGER THAN JUST HIPAA

This post was originally published by  (ISC)² Management.

Security Without Regulatory Muscle

As a security practitioner, you may have worked in an industry that was not affected by any regulatory authority. There was a time when security was not driven by governmental power. In many cases, this is why security did not exist in smaller organizations. The ideology that a company was “not an attractive target” to cybercrime was a cozy pillow upon which many C-Level executives rested their heads. Over the last twenty years, this has changed. In fact, not only has security been codified in law, but privacy has become an even stronger legal tool to stimulate security in most organizations.

In some of the early security and privacy regulations, there were exceptions based on the size of the company, as well as the earned revenue of the company. Most privacy regulations, however, do not offer those types of exemptions. Privacy exemptions are granted based more on the context of the data processing. For example, data processing for research, or national interests can be excluded from regulatory consideration, but only if other criteria are met, such as pseudonymization and data obfuscation.

Privacy in the Land of Healthcare

Privacy in the healthcare field has always been a primary concern. Before the days of electronic records, printed medical records were stored in locking file cabinets. When in active use, such as during a patient visit, medical records were kept confidential, even from the patient under care. This may seem implausible to many people living in the relatively new “freedom of information” era, but patients were generally not permitted to view their own medical records. It is no wonder there were serious concerns at the early stages of proposals to create electronic, freely sharable healthcare records.

The obvious advantage of electronic health records is the ease of accessibility for medical professionals to access the information when needed. Through the use of patient portals, a person is now able to view their own medical file, enabling better care for themselves. The clear disadvantage is anyone could gain access to records if they are not adequately protected. This emphasizes the need for qualified, trained healthcare security and privacy practitioners.

Read more here: blog.isc2.org/isc2_blog/

The post HEALTHCARE PRIVACY–BIGGER THAN JUST HIPAA appeared first on Cybersecurity Insiders.

May 28, 2021 at 05:41PM

Read More

Microsoft Chief Brad Smith wants AI to be controlled by 2024

Microsoft President Brad Smith has issued a warning against the use of Artificial Intelligence technology and said that if the tech remains uncontrolled, and then it can spell doom on mankind by 2024.

 

Explaining his viewpoint with an example in an interview with BBC, Smith said that AI is being used by technologists to make predictions and make calls just by analyzing content from huge datasets. 

 

For instance, the latest surveillance program of China came into the media limelight in 2020 where it was learned that the country was keeping a large section of people under the watchful eye of big brother to curtail crime using Artificial Intelligence. And that can change the world on a drastic note as the law is seen breaching the privacy of its citizen under the name of national security.

 

Note 1– China is trying its best to become a world leader in the field of artificial intelligence by 2030 as it has won more than 3000 AI patents than the US and was way ahead in 2019 i.e. the period before the Wuhan Virus aka Covid 19 crippled the entire world with the pandemic.

 

Note 2- In George Orwell’s book 1984, the government was able to see anything and everything its populace was speaking and indulging and this could soon be a reality by 2024.

 

Note 3- Is Smith against the use of AI- no not at all said the gentleman as he just wants the government to maintain control over the technology use and development before it is too late.

 

The post Microsoft Chief Brad Smith wants AI to be controlled by 2024 appeared first on Cybersecurity Insiders.

May 28, 2021 at 11:11AM

Read More

US Fuel companies should report cyberattacks to the government

US Homeland Security has passed out an order that all fuel generation and pipeline companies operating in the country should report cyberattacks to the government as soon as they are impacted.

The decision comes after Congress expressed its disappointment on Colonial Pipeline ransomware payment of $4.4m paid to DarkSide ransomware group that reportedly stole over 100GB of data after gaining control of the fuel supplier’s servers just for a time frame of two hours….now that’s interesting….isn’t it?

Replacing some of the old rules with the new ones, all pipeline companies should safeguard their IT infrastructure against cyber attacks such as the recently discovered ransomware and last year’s SolarWinds hack.

“Some nations driven by greed and the thirst to lead the entire world are indulging in some obnoxious digital activities by exploiting the vulnerabilities in the digital ecosystem. And this is not going to be tolerated anymore”, says Chris Kreb, the director of DHS who testified before Congress early this month on the issue of the Colonial Pipeline hack.

As companies never report ransomware attacks, the government is failing to guestimate the seriousness of the attack and this is bad said Krebs in an interview to Morning Edition.

Thus, going with the latest directive, fuel distributors need to report Cybersecurity incidents to Transportation Security Administration (TSA), instead of CISA- irrespective of their public or private status.

How well the TSA is equipped to deal with such incidents is yet to be clarified by the Department of Homeland Security. But the directive will be coming into effect from early next month and will help the government in formalizing policies and streamlining operational decisions on a progressive note.

Now, to those who fail to do so, they all are hereby informed that such disobedience will never be entertained and will be leading to penalties and shutdowns of operations under certain conditions.

The post US Fuel companies should report cyberattacks to the government appeared first on Cybersecurity Insiders.

May 28, 2021 at 11:10AM

Read More

Stories from the SOC -SSH brute force authentication attempt tactic

Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Threat Detection and Response customers.
Executive Summary
An SSH Brute Force attack is a form of cybersecurity attack in which an attacker uses trial and error to guess credentials to access a server. Unlike a lot of other tactics used by cybercriminals, brute force attacks aren’t reliant on existing vulnerabilities. Instead, cybercriminals rely on weak or guessable credentials. Brute Force attacks are fairly simple and have a high success rate, with several tools and programs available for attackers to use. Once an attacker correctly guesses valid credentials, they may be able to view, copy, or delete important files or execute malicious code.
The Managed Threat Detection and Response (MTDR) analyst team team received 96 alarms for Brute Force…

Posted by: Todd Luft

Read full post

     

The post Stories from the SOC -SSH brute force authentication attempt tactic appeared first on Cybersecurity Insiders.

May 28, 2021 at 09:09AM

Read More

Resecurity Named Winner of the Coveted Global InfoSec Awards During RSA Conference 2021

SAN FRANCISCO–(BUSINESS WIRE)–Resecurity is proud to announce they have won the following award(s) from Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine:

Cutting Edge in Digital Footprint Security

Next-Gen in Third-Party Risk Management (TPRM)

Cutting Edge in Threat Intelligence

“We’re thrilled to receive one of the most prestigious and coveted cybersecurity awards in the world from Cyber Defense Magazine. We knew the competition would be tough and with top judges who are leading infosec experts from around the globe, we couldn’t be more pleased,” said Gene Yoo, CEO of Resecurity.

“Resecurity embodies three major features we judges look for to become winners: understanding tomorrow’s threats, today, providing a cost-effective solution and innovating in unexpected ways that can help stop the next breach,” said Gary S. Miliefsky, Publisher of Cyber Defense Magazine.

Resecurity is thrilled to be a member on this coveted group of winners, located here: http://www.cyberdefenseawards.com/.

Please join Resecurity virtually at the RSA Conference 2021, https://www.rsaconference.com/usa, as we share our red carpet experience and proudly display our trophy online at our website, our blog, and our social media channels.

About Resecurity, Inc.

Resecurity (https://www.resecurity.com) is an American cybersecurity company with headquarters in Los Angeles, California. The company provides next-generation endpoint protection and intelligence-driven cybersecurity solutions to leading Fortune 500 corporations and governments worldwide.

About Cyber Defense Magazine

With over 5 Million monthly readers and growing, and thousands of pages of searchable online infosec content, Cyber Defense Magazine is the premier source of IT Security information for B2B and B2G with our sister magazine Cyber Security Magazine for B2C. We are managed and published by and for ethical, honest, passionate information security professionals. Our mission is to share cutting-edge knowledge, real-world stories and awards on the best ideas, products and services in the information technology industry. We deliver electronic magazines every month online for free, and special editions exclusively for the RSA Conferences. CDM is a proud member of the Cyber Defense Media Group. Learn more about us at https://www.cyberdefensemagazine.com and visit https://www.cyberdefensetv.com and https://www.cyberdefenseradio.com to see and hear some of the most informative interviews of many of these winning company executives. Join a webinar at https://www.cyberdefensewebinars.com and realize that infosec knowledge is power.

For more information regarding this topic or to schedule an interview, please contact Jerika Thompson and ops@resecurity.com.

The post Resecurity Named Winner of the Coveted Global InfoSec Awards During RSA Conference 2021 appeared first on Cybersecurity Insiders.

May 28, 2021 at 09:08AM

Read More

What is a trusted advisor? …and why do I need one?

Organizations today, even those not related to “tech”, all have a need for cybersecurity. Regardless of your industry vertical, if you have email, a website, a phone system, or even just have people using computers, cybersecurity is needed at some level or another to protect your ability to do business.
Strategy first
What is your cybersecurity strategy? Every organization has unique needs, regulatory requirements, budgets, and priorities. Every organization needs to go through the process to understand each of these and create a roadmap for how they are going to protect themselves.
There are many varieties of security products/technologies out there. Understanding what your organization needs is a daunting task. And just buying the technology doesn't suddenly make your organization protected. It needs to be implemented and maintained, it needs to integrate with other technologies and processes, and it needs to address your organization's needs without itself…

Posted by: Paul Boulanger

Read full post

     

The post What is a trusted advisor?  …and why do I need one? appeared first on Cybersecurity Insiders.

May 27, 2021 at 09:10PM

Read More

Ways to setup Squid proxy server and helpful tips

This blog was written by an independent guest blogger.
A squid proxy server has two major functions. First, it is an intermediary proxy. Second, it provides cache services for popular network protocols including HTTP and FTP. The use of proxies and cache services makes up a better internet user experience.
Proxies provide added layers of security and cache services that make loading processes faster. Obviously, getting both services from a single provider is highly efficient.
What is a Squid proxy server?
Squid is a Unix-based proxy server that can do both caching and proxying. It can cache any web content to the user or requestor that is from a closer data storage point. It frequently caches large media files and web pages to reduce bandwidth congestion. Thus it decreases loading periods.
Squid supports several caching protocols, such as hypertext caching protocols (HTCP), internet cache protocol (ICP), cache array routing protocol …

Posted by: Daniel Martin

Read full post

     

The post Ways to setup Squid proxy server and helpful tips appeared first on Cybersecurity Insiders.

May 27, 2021 at 09:09PM

Read More

It’s Official: (ISC)² Security Congress is Back for the 11th Year in a Row!

Registration for the 11th annual (ISC)² Security Congress is now open! The renowned global three-day conference, focused on continuing education for cybersecurity professionals and information security specialists, will be hosted as a hybrid event for the first time in 2021. Engaging in-person sessions, discussions, and networking events will be held at the Hyatt Regency in Orlando, FL from October 18-20, and will also be accessible online.

(ISC)² members are eligible for a special discount of $300 off all pass types. Including an optional two days of pre-conference certification-focused education on October 16-17, (ISC)² members can earn as many as 40 continuing professional education (CPE) credits. Group discounts are also available for organizations who send five or more attendees together, and for the first time in the history of Security Congress, attendees who purchase an All Access Pass will be able to attend sessions both in person and online.

This year’s event is expected to bring together more than 4,000 professionals and will include more than 80 sessions and 100 speakers focused on topics from IoT, Security Automation and Industrial Control Systems to Cloud Security, Governance, Risk and Compliance, and Zero Trust. Professional development sessions will provide actionable insights into how to build security teams and implement the latest technologies into security policies and infrastructure. Special sessions for students, the next generation of cybersecurity professionals, and workshops focused on diversity and inclusion, will explore how to make the cybersecurity industry welcoming to everyone. (ISC)² will also recognize outstanding annual achievements in the cybersecurity field through its 2021 (ISC)² Global Achievement Awards.

Early Bird registration rates are available through July 30, 2021.

Register today!

Visit https://congress.isc2.org for more details.

The post It’s Official: (ISC)² Security Congress is Back for the 11th Year in a Row! appeared first on Cybersecurity Insiders.

May 27, 2021 at 09:09PM

Read More

Japan government servers hacked and data stolen

Fujitsu, an IT services firm from Japan was recently targeted by cybercriminals stealing sensitive data belonging to government offices says a report released by NHK- a Japan-based media resource.

 

Sources reporting to Cybersecurity Insiders say that the data belonging to the Ministry of Land, Infrastructure, Transport, Cabinet secretariat, and Tourism were accessed & siphoned by hackers.

 

Reports are in that critical air traffic data belonging to Narita Airport and those belonging to the Land and transport ministry was also accessed and stolen by hackers.

 

Over 76,000 email addresses belonging to employees and business partners and some confidential content from emails belonging to the Defense Ministry was also accessed by hackers says a source from Cabinet Secretariat’s Cybersecurity Centre.

 

Fujitsu offers software as a service feature through its ProjectWEB platform and more than 76% of government offices operating in Japan are said to be relying on the Information Technology services offered by the Tokyo-based Multinational technological firm.

 

A forensic investigation involving a team of experts has been launched by Fujitsu to determine the scope of the attack and its impact on business. And till then the services on the Fujitsu cloud services platform have been suspended.

 

Kato Katsunobu, the Chief Cabinet Secretary of Japan has confirmed the incident on Fujistu and assured that more details about the attack will be revealed after the official probe gets completed.

 

Note 1- In a ransomware attack, hackers first steal data and then encrypt the database until a ransom is paid. It is a kind of double extortion tactic where hackers sell the stolen data if the victim fails to pay a ransom in exchange for a decryption key.

 

Note 2- Fujitsu did not reveal any information about the variant of cyber attack.

The post Japan government servers hacked and data stolen appeared first on Cybersecurity Insiders.

May 27, 2021 at 08:49PM

Read More

Congress to review Federal Cyber Terrorism Risk Insurance Program

A team of experts from the cyber arm of Congress is busy studying the costs involved when the critical infrastructure is targeted by cyber attacks. The objective is to reassess the coverage provided by the Federal Cyber Terrorism Risk Insurance Program( TRIP) in the event of cyber-terrorist activities on the IT infrastructure hosted by public and private properties

In general, TRIP also known as TRIA shares some losses with the private insurance operators when a company covered under the cyber insurance coverage is targeted by certified acts of cyber terrorism.

TRIP aka TRIA has expired on December 30th,2020 and so the General Accountability Office (GAO) has written a letter to congress early this year to analyze the costs incurred when infrastructure is hit by cyber terrorism-related activities.

However, not all cases will be reimbursed under the act of TRIP as the incidents need to meet certain specific certification-related clauses for reimbursement.

Therefore, Congress has set up an experts committee in Feb this year to analyze the costs involved in the attacks taking place on US Critical Infrastructures such as the Solar Winds Hack and the Microsoft Exchange Server hack. At the same, the committee will also be responsible to evaluate the present insurance coverage policies offered to victims and how well they are helping the victims to recover losses.

In a few days, all the information will be consolidated and presented before a committee that will then look into the matter of restructuring the response related to cyber-attacks and cyber-terrorism.

All these days the treasury was assigned the task of certifying the cyber attacks as cyber terrorism only if the acts met criteria such as they were extremely violent or dangerous to human-like, property, and infrastructure leading to heavy losses in the United States.

Congress has now been assigned the task of revising the certification criteria on different parameters such as the losses incurred to computing devices operating outside the United States and like.

Meanwhile, GAO has been authorized to investigate other challenges arising due to the lack of historical data on losses and certain stipulations that fail to exactly define certain incidents that are eligible to be covered by an insurance policy.

The post Congress to review Federal Cyber Terrorism Risk Insurance Program appeared first on Cybersecurity Insiders.

May 27, 2021 at 10:42AM

Read More

Google to influence doctor decisions in the USA with AI-driven patient data

Google, the technology giant of America has tied up with over 70 hospital networks in America to develop a doctor decision influencing AI by analyzing more than 32 million patient records.

A healthcare-based algorithm has been in development since 2018 for which data related to over 32 million patients from different streams has been accessed, stored, and analyzed by the Alphabet Inc subsidiary.

The aim is to build a machine learning algorithm that assists doctors in making their decisions over patient’s health in a faster and more precise way.

Cybersecurity Insiders has learned that Google will be using the services provided by HCA Healthcare, a Nashville-based company that consolidates and stores patient information obtained from digital health records and medical equipment.

Technically speaking, a program that is being developed by HCA will from now on gain the assistance of Google’s Artificial Intelligence technology to help doctors offer the best treatment advice to their patients on a respective note.

Over 2000 care sites and 186 hospital networks are being operated by HCA and to utilize the massive loads of data generated from different streams, the company will be using the highly scalable AI cloud platform of Google to analyze over 32m records every year.

Google will be blocked from accessing patient identifiable information and so a breach of data privacy doesn’t arise says HCA.

HCA was using the same tech to treat severely infected COVID 19 patients from Nov 2020 to Jan 2021 and so is planning to implement the same on other treatment-related data sets.

The post Google to influence doctor decisions in the USA with AI-driven patient data appeared first on Cybersecurity Insiders.

May 27, 2021 at 10:40AM

Read More

Defending the client-side attack surface

It is strange to think that not that long ago the Internet was a very different place.  A place filled with static text content, marked up in HTML, and served up alongside a few included image files; mostly consumed by a small population of persons with specific interests. Today’s Internet consumer demands a vibrant and responsive user experience customized to their individual interests.  A localized cornucopia of options from around the globe, available on demand. While many advancements in platforms and networking have contributed to this evolution, the ability to execute script code in the browser is perhaps the most significant both in terms of user functionality and potential for security exposures.  
A “Client-Side Attack” occurs when a user (the client) downloads malicious code from the server, which is then interpreted and rendered by the client browser. The classic…

Posted by: Mike Klepper

Read full post

     

The post Defending the client-side attack surface appeared first on Cybersecurity Insiders.

May 27, 2021 at 09:09AM

Read More