News & Information       http://info.owt.com

Security

06/12/2021   Security Focus Vulnerabilities
On Second Thought...
06/12/2021   Security Focus Vulnerabilities
Re: BugTraq Shutdown
06/12/2021   Security Focus Vulnerabilities
Re: [SECURITY] [DSA 4628-1] php7.0 security update
06/12/2021   Security Focus Vulnerabilities
BugTraq Shutdown
06/12/2021   SecurityFocus News
Enterprise Intrusion Analysis, Part One
06/12/2021   SecurityFocus News
Responding to a Brute Force SSH Attack
06/12/2021   SecurityFocus News
Data Recovery on Linux and <i>ext3</i>

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
06/12/2021   SecurityFocus News
WiMax: Just Another Security Challenge?
06/12/2021   SecurityFocus News
Time to Squish SQL Injection
06/12/2021   SecurityFocus News
Lazy Workers May Be Deemed Hackers

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
06/12/2021   SecurityFocus News
The Scale of Security
06/12/2021   SecurityFocus News
Hacker-Tool Law Still Does Little
06/11/2021   Department of Homeland Security

Biden Administration Reaffirms Commitment to Serious Policy Solutions for Border Management

WASHINGTON – Today, the Department of Homeland Security (DHS) released the agency’s plan for funds the previous administration was planning to use for construction of a border wall at the Southwest border of the United States. The plan fulfills a requirement of President Biden’s Proclamation ending the diversion of funds for border wall, and outlines steps DHS will take to end wall expansion to the extent permitted by law and address life, safety, and environmental concerns.  

The prior administration planned to spend over $15 billion on wall construction, and diverted over $10 billion of those funds from military projects and other sources. The Department of Defense is terminating all border wall projects using the diverted funds, and returning the remaining, unobligated funds to their original sources.

Congress provided DHS with some funding for border barrier projects, which the agency is legally required to use consistent with their appropriated purpose. In doing so, DHS will prioritize the remaining border barrier funds to address and remediate urgent life, safety, and environmental issues resulting from the previous administration’s border wall construction.

For instance, DHS has started repair projects to:

  • Close Breaches in the Rio Grande Valley Levee System. Low-lying regions in Hidalgo County, Texas face threats of serious flooding after the previous administration excavated the Rio Grande Valley’s flood barrier system to make way for the border wall. DHS has authorized work to close the breaches in the levee system.
     
  • Remediate Soil Erosion in San Diego. Improper compaction of soil and construction materials along a wall segment constructed under the previous administration are causing dangerous erosion in San Diego. DHS has authorized necessary backfill projects to ensure the safety of nearby border communities.

DHS will also prioritize using the remaining funds consistent with their appropriated purposes for necessary clean-up of construction sites previously funded by the Department of Defense, including drainage, erosion control, site remediation, and material disposal. Appropriated funds may also be used for mitigating some environmental damage caused by border wall construction.

For those projects that are not urgently needed to avert immediate physical dangers, DHS will first engage in a comprehensive review that includes detailed environmental impact analysis and remediation and robust and substantive engagement with relevant stakeholders, including border community residents, their elected representatives, tribal communities, and environmental and other interested non-governmental organizations and advocates.  

The administration also continues to call on Congress to cancel funds it previously appropriated for border barrier projects so that these resources can instead be used for modern, effective border measures to improve safety and security.

Keywords: Border Wall
Topics:
06/11/2021   Sophos Security
Don't panic - this isn't another Heartbleed. But it's a fascinating reminder of why doing things the easy way isn't always the best way.
06/11/2021   Department of Homeland Security

LOS ANGELES – Yesterday, Secretary of Homeland Security Alejandro N. Mayorkas and Mayor of Los Angeles Eric Garcetti visited the Los Angeles Cyber Lab and received a briefing on its operational capabilities. The Cyber Lab is a prime example of how a public-private partnership can shore up our cyber defenses across every level of government as called for by President Biden.

“As cyber threats continue to evolve, we must adapt to ensure the resilience of our nation’s institutions and critical infrastructure,” said Secretary Mayorkas. “The federal government cannot do this alone. DHS is committed to strengthening its partnerships with state, local, tribal, and territorial governments and private sector entities across the country. The LA Cyber Lab is a tremendous example of how public-private partnerships can make us all safer.”

“Cybersecurity threats are becoming more dangerous in cities across America, and thanks to Secretary Mayorkas and the Department of Homeland Security’s partnership, Los Angeles has created a national model for protecting infrastructure and supporting private business,” said Mayor Eric Garcetti. “It was a privilege to host the Secretary at our Integrated Security Operations Center today and show him how L.A. is leading the way on this critical issue, and I look forward to continuing our work together.”

Established by the Mayor’s Office in 2017, the LA Cyber Lab’s mission is to bring together public and private sector organizations to better protect communities against malicious cyber actors. In 2018, DHS’s Cybersecurity and Infrastructure Security Agency (CISA) awarded the LA Cyber Lab a $3 million grant to provide training on cyber hygiene best practices and increase cybersecurity awareness across the greater LA business community and local government organizations. The LA Cyber Lab works with community stakeholders to increase economic prosperity, including through partnerships with academia that provide technical skills training for those seeking careers in cybersecurity.

Through CISA and the U.S. Secret Service (USSS), DHS works closely with public and private sector organizations of all sizes to manage cyber risk. Since 2014, CISA and USSS have provided cybersecurity support to the City of LA and its 44 departments, which serve more than four million residents, including through cyber threat information sharing, skills training, cybersecurity assessments, network defense services, comprehensive full-day cyber exercises, and other resources.

Secretary Mayorkas and Mayor Garcetti Visit LA Cyber Lab
Secretary Mayorkas and Mayor Garcetti Visit LA Cyber Lab (DHS Photo by Official DHS Photo by Zachary Hupp/Released)View Original

Secretary Mayorkas Visits LA Cyber Lab

Secretary Mayorkas Visits LA Cyber Lab (DHS Photo by Official DHS Photo by Zachary Hupp/Released)

View Original

 

Keywords: Cyber, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Public-Private Partnership, Secretary Alejandro Mayorkas, U.S. Secret Service
Topics:
06/11/2021   InfoWorld Security

In the latest Agents of Transformation report, Agents of Transformation 2021: The Rise of Full-Stack Observability, 77% of global technicians report experiencing a higher level of complexity as a result of accelerated cloud computing initiatives during the pandemic. A further 78% cited the need to manage the legacy and cloud technology patchwork as a further source of technology spread and complexity. (Note: The sponsor of this article sells an AIops/observability tool.)

To read this article in full, please click here

06/10/2021   Sophos Security
Latest episode - listen now!
06/10/2021   Sophos Security
Patch early. Patch often. Patch now!
06/09/2021   Sophos Security
But Bitcoins are anonymous! However could they get refunded?
06/08/2021   Department of Homeland Security

WASHINGTON – The Interagency Task Force on the Reunification of Families (Task Force) submitted to President Biden its Initial Progress Report, which details ongoing efforts to identify and reunite children who were unjustly separated from their parents at the United States-Mexico border under the prior Administration.

“The Department of Homeland Security is committed to the relentless pursuit of reunifying families who were cruelly separated by the previous Administration,” said Secretary of Homeland Security Alejandro N. Mayorkas, who serves as the Chair of the Task Force. “When we reunified the first seven families last month, I said that this was just the beginning. In the coming weeks, we will reunify 29 more families. In close coordination with non-governmental organizations, legal, and interagency partners, the Task Force will continue this critical work.”

The Task Force has also announced in its report the anticipated 29 additional families to be reunified in the United States in the coming weeks. More reunifications are to follow, as nearly 50 requests have been filed with U.S. Citizenship and Immigration Services (USCIS). Thirty-seven of these requests have already been reviewed and granted humanitarian parole. Once they enter the United States, these individuals will be allowed to remain for an initial 36-month period with the opportunity to apply for work authorization. This includes individuals from the families who were reunited in May as well as the 29 families that will reunite in the weeks ahead.

“For too long, families have been separated under the inhumane policies set in place under the previous Administration,” said Task Force Executive Director Michelle Brané. “In the coming weeks, twenty-nine families who were separated under the previous Administration will be reunified, in addition to the seven families previously reunited in May. We will provide support and services for these families to begin rebuilding their lives.”

In close coordination with NGOs, the Task Force has identified 3,913 children who were separated from their families at the U.S.-Mexico Border between July 1, 2017 and January 20, 2021, based on the “Zero-Tolerance” policy. Through the support of NGOs, 1,779 children were reunified with their parents in the United States under past court orders. Over the last 30 days, through the Task Force and NGO coordination, 7 additional children were reunited with their parents, bringing the total number of reunified children to 1,786. There are 2,127 children for whom the Task Force does not have a confirmed record of reunification. Additional reunifications are in process and the Task Force expects that the pace will increase as procedures fall into place.

The Department of Homeland Security leads the President’s Interagency Task Force on the Reunification of Families and is joined by the Department of State, Department of Health and Human Services, and the Department of Justice.

Keywords: Family Reunification, Secretary Alejandro Mayorkas
Topics: Secretary of Homeland Security
06/07/2021   Sophos Security
Looking for contract programming work? You might be surprised at what's on offer out there.
06/07/2021   InfoWorld Security

Native fuzzing for the Google-created Go language is ready for beta testing, the Go project announced. The goal behind the new automated testing capability is to help Go developers improve code quality and ensure that systems built with Go are secure and resilient. 

In a bulletin published June 3, Go project developers described fuzzing as a type of automated testing that continuously manipulates inputs to a program to find issues such as panics or bugs that might otherwise go undetected. These semi-random data mutations can discover edge-case bugs that unit tests can miss. Because fuzzing provides more code coverage than traditional testing, it is particularly valuable in finding vulnerabilities and security exploits.

To read this article in full, please click here

06/05/2021   Department of Homeland Security

WASHINGTON – On Friday, June 4, 2021, Secretary of Homeland Security Alejandro N. Mayorkas spoke with Mexican Secretary of Foreign Relations Marcelo Ebrard. They discussed modernization of technology and infrastructure to facilitate lawful trade and travel, COVID-19 related travel restrictions, and enhancing lawful pathways for immigration among other issues. Secretaries Mayorkas and Ebrard agreed to continue their close cooperation and partnership to manage northbound irregular migration flows and address southbound weapons flows to Mexico from the United States.

 

###

Keywords: International Activity, Secretary Alejandro Mayorkas
Topics: International Engagement
06/04/2021   Sophos Security
Passwords - don't just pay them lip service.
06/04/2021   InfoWorld Security

As I move from project to project, I’ve seen the latest trend is to leverage operational tools, such as AIops and security operations platforms to automate most of what it takes to proactively operate a cloud, hybrid cloud, or multicloud deployment. This means automating everything from routine management and monitoring to shutting down and starting servers to work around problems, and all the while machine learning on the job (that’s the AI in AIops).

Nobody is ready to retrain their ops staff yet, but it’s clear that advances in root-cause diagnostics and self-healing processes, business continuity and disaster recovery, and other services that make up the daily life of a cloudops engineer can be automated to be more reliable than humans. We’re now dealing with tools that can learn, that improve as they experience operations, that can perhaps work better than a human, eventually.

To read this article in full, please click here

06/03/2021   Department of Homeland Security

WASHINGTON – Secretary of Homeland Security Alejandro N. Mayorkas today announced new efforts to support the Transportation Security Administration (TSA) screening officer workforce, including expanding collective bargaining at the national level and ensuring that TSA’s standards and processes adhere to the principles applied by the Merit Systems Protection Board.  Secretary Mayorkas also expressed the Department’s commitment to improving pay for the TSA workforce.   

“TSA employees are outstanding public servants who work on the frontlines, including throughout the pandemic, to keep the traveling American public safe,” said Secretary Mayorkas.  “They deserve the empowerment of collective bargaining and a compensation structure that recognizes and rewards them for their contributions to our safety and security.”

Secretary Mayorkas ordered these administrative actions to build upon the meaningful improvements made by TSA leadership to support the Transportation Security Officer (TSO) workforce.  TSA will expand the collective bargaining rights of TSOs consistent with the policy expressed in President Biden’s Executive Order 14025, Worker Organizing and Empowerment.  The expanded scope of bargaining will be similar to bargaining that occurs at other federal agencies while preserving TSA’s ability to meet its critical security mission.  After implementing these changes, TSA will work with the American Federation of Government Employees, which represents TSA’s non-supervisory TSO workforce, to reach a new collective bargaining agreement.   

Today’s announcement also recognized that appropriately compensating TSA employees, including TSOs and Coordination Center Officers, is required to improve the morale and retention of these essential employees.  Secretary Mayorkas directed TSA to prepare a plan that is consistent with providing fair compensation.  

Today’s announcement is an important first step to more closely align the TSA screening personnel system to that of other Federal agencies.  TSA will also continue to evaluate personnel policies, including appeal procedures, for potential changes to better support the workforce.  

Keywords: Secretary Alejandro Mayorkas, Transportation Security Administration (TSA)
Topics: Secretary of Homeland Security
06/03/2021   Sophos Security
Latest episode - listen now!
06/02/2021   Sophos Security
If your password gets stolen as part of a data breach, you'll probably be told. But what if your password gets pwned some other way?
05/28/2021   Department of Homeland Security

The FY 2022 Budget will strengthen border; restore our immigration system; support efforts to detect, deter, and recover from malicious cyber attacks; and combat climate change

The Biden-Harris Administration today submitted to Congress the President’s Budget for fiscal year 2022. As the Administration continues to make progress defeating the pandemic and getting our economy back on track, the Budget makes historic investments that will help the country build back better and lay the foundation for shared growth and prosperity for decades to come.

“The President’s proposed Budget will invest in our broad mission set, including preventing terrorism; keeping our borders secure; repairing our broken immigration system; improving cybersecurity; safeguarding critical infrastructure; and strengthening national preparedness and resilience,” said Secretary Alejandro N. Mayorkas. “The Budget will provide DHS with the resources we need to keep our country safe, strong, and prosperous.”

The Budget includes the two historic plans the President has already put forward — the American Jobs Plan and the American Families Plan – and reinvests in education, research, public health, and other foundations of our country’s strength. At the Department of Homeland Security, the Budget:

  • Invests in Effective and Modern Border Management. The Budget provides over $1 billion for border infrastructure including modernization of land ports of entry and investments in modern border security technology and assets – and migrant care. These investments would facilitate more robust and effective security screening to guard against human smuggling, the movement of illicit drugs and weapons, the entry of undocumented migrants, and the import of unlawful goods, as well as provide for migrant care and the more efficient processing of legal trade, travel, and commerce through the Nation’s Land Ports of Entry. The Budget includes no additional funding for border wall construction and proposes the cancellation of prior-year balances that are unobligated at the time Congress takes action on the FY 2022 Budget.
  • Improves Federal Cybersecurity across Government. The Budget provides $2.1 billion, a $110 million increase from the 2021 enacted level, for the Cybersecurity and Infrastructure Security Agency (CISA), which builds on the $650 million provided for CISA in the American Rescue Plan Act of 2021. This funding would allow CISA to enhance its cybersecurity tools, hire highly qualified experts, and obtain support services to protect and defend Federal information technology systems. The Budget also provides $20 million for a new Cyber Response and Recovery Fund.
  • Responds to Domestic Terrorism. The Budget provides a total of $131 million to support diverse, innovative, and community-driven methods to prevent domestic terrorism while respecting civil rights and civil liberties. This funding supports critical research on the root causes of radicalization and enhanced community outreach. The Budget includes $20 million for grants to build local capacity to prevent targeted violence and all forms of terrorism, in addition to a minimum of $77 million available under the Federal Emergency Management Agency (FEMA) Homeland Security Grant Program. These investments complement those that the Budget includes for the Department of Justice.
  • Confronts Climate Change and Other Disasters. The Budget expands DHS’s work with State and local communities to prepare for and mitigate the impacts of climate change. It invests an additional $540 million above the 2021 enacted level to incorporate climate impacts into pre-disaster planning and resilience efforts. This funding level also supports a resilient infrastructure community grant program, which prioritizes climate resilience projects for vulnerable and historically underserved communities. In addition, the Budget continues investments in the disaster workforce to ensure sufficient personnel are trained and available for deployment to help communities respond to and recover from future disasters.

 

For more information on the President’s FY 2022 Budget, please visit: https://www.whitehouse.gov/omb/budget/.

 

Keywords: Budget, Secretary Alejandro Mayorkas
Topics: Secretary of Homeland Security
05/28/2021   Department of Homeland Security

INDIANAPOLIS – The Department of Homeland Security (DHS) is working closely with state, local, tribal, and territorial (SLTT) law enforcement agencies to help ensure the safety and security of employees, drivers, crew, and fans during the Indianapolis 500 (Indy 500).

“The Department of Homeland Security is proud to join our law enforcement partners at every level of government to secure the Indy 500,” said Secretary Alejandro N. Mayorkas. “The public also has a role to play. By maintaining awareness, we can all contribute to a safe and secure event. Remember: if you see something, say something.”

The Indy 500 is categorized as Special Event Assessment Rating (SEAR) 2. SEAR 2 events are significant events with national importance which may require national-level federal support.

  • As the principal federal official for domestic incident management, Secretary of Homeland Security Alejandro N. Mayorkas appoints a Federal Coordination Team for all Sear 1 and select Sear 2 events. For the Indy 500, Secretary Mayorkas has appointed U.S. Secret Service Assistant Special Agent in Charge Andrew Campion as the Federal Coordinator.
  • DHS is continuing our partnership with the Indy 500 with the “If You See Something, Say Something®" Campaign. Fans and visitors in the area will see “If You See Something, Say Something®” messages, digital displays, cards, and posters near entrances, exits, and throughout the event. The materials will also be displayed in staff areas. During the event, DHS will share the “If You See Something, Say Something®” campaign messaging and encourage the reporting of suspicious activity to the proper authorities.
  • U.S. Customs and Border Protection (CBP) is providing aviation support and response capabilities from the Great Lakes Air and Marine Branch as well as tactical communications support.
  • Cybersecurity and Infrastructure Security Agency (CISA) is conducting venue, infrastructure, and cybersecurity assessments, and is providing the Deputy Federal Coordinator for the event.
  • Federal Emergency Management Agency (FEMA) is providing a Mobile Emergency Response Support communications capability.
  • U.S. Immigration and Customs Enforcement (ICE) is providing additional support to local law enforcement and security.
  • Office of Operations Coordination (OPS), responsible for leading the Department’s coordination and support efforts for special events, is deploying a support cell to the event and providing field reporting to the National Operations Center.
  • U.S. Secret Service (USSS) is supporting counter-unmanned aircraft system interdiction teams and providing the Federal Coordinator and Assistant Deputy Federal Coordinator for the event.  
  • Transportation Security Administration (TSA) is deploying canine support units and Visible Intermodal Prevention and Response (VIPR) teams. These specialized VIPR teams enhance the security of any mode of transportation at any location within the United States and its territories.

Additional information about how the Department supports state, local, tribal, and territorial partners for special events can be found here.  

Keywords: If You See Something Say Something, Law Enforcement Partnership, Secretary Alejandro Mayorkas
Topics: Law Enforcement Partnerships, Secretary of Homeland Security
05/28/2021   Department of Homeland Security

CBP will detain imports of seafood from Dalian Ocean Fishing Co., Ltd. due to forced labor indications

WASHINGTON — Today, Secretary of Homeland Security Alejandro N. Mayorkas announced that U.S. Customs and Border Protection (CBP) issued a Withhold Release Order against Dalian Ocean Fishing Co., Ltd. based on information that reasonably indicates the use of forced labor in the entity’s fishing operations.

“Companies that exploit their workers have no place doing business in the United States,” said Secretary Mayorkas. “Products made from forced labor not only exploit workers, but hurt American businesses and expose consumers to unethical purchases. This Withhold Release Order will ensure we continue to protect the human rights of those working in the distant water fishing industry, while also upholding safeguarding our national and economic security.”

CBP identified all 11 of the International Labour Organization’s indicators of forced labor during its investigation including physical violence, withholding of wages, and abusive working and living conditions. Effective immediately, the new Withhold Release Order instructs CBP personnel at all U.S. ports of entry to begin detaining tuna, swordfish, and other seafood harvested by vessels owned or operated by the Dalian Ocean Fishing Co., Ltd. This is the first Withhold Release Order CBP has issued against an entire fleet of fishing vessels.

“This Withhold Release Order will help protect vulnerable workers while leveling the playing field for U.S. fisherman and seafood producers,” said CBP Senior Official Performing the Duties of the Commissioner Troy Miller. “CBP is a global leader in the forced labor enforcement and we will continue to protect American consumers and businesses from goods made by modern slavery.”

Federal statute 19 U.S.C. 1307 prohibits the importation of merchandise produced, wholly or in part, by convict labor, forced labor, and/or indentured labor, including forced or indentured child labor. CBP detains shipments of goods suspected of being imported in violation of this statute. Importers of detained shipments have the opportunity to export their shipments or demonstrate that the merchandise was not produced with forced labor.

The International Labour Organization estimates that 25 million workers suffer under conditions of forced labor worldwide. Some foreign companies exploit forced labor in order to sell goods below market value, hurting law-abiding businesses, threatening American jobs, and leading consumers to making unethical purchases.

The Department of Homeland Security, through its Blue Campaign, continues to educate the public, law enforcement, and other industry partners to recognize and report the indicators of human trafficking. The announcement of the Withhold Release Order reiterates CBP’s commitment to combat forced labor.

The distant water fishing industry is at high risk of forced labor as foreign companies often coerce vulnerable migrant workers to perform hazardous labor for little or no pay aboard distant water fishing vessels that may spend months at sea without making port calls.

Forced labor in the distant water fishing industry is often linked to other fisheries abuses. Illegal, unreported, and unregulated fishing threatens the livelihoods of law-abiding American seafood producers and damages ocean ecosystems.

CBP issued earlier Withhold Release Orders on individual distant water fishing vessels, such as the Lien Yi Hsing No. 12, the Da Wang, and the Yu Long No. 2. All Withhold Release Orders are publicly available and listed by country on CBP.gov.

Any person or organization that has reason to believe merchandise produced with the use of forced labor is being, or likely to be, imported into the United States can report detailed allegations by contacting CBP through the e-Allegations Online Trade Violation Reporting System or by calling 1-800-BE-ALERT.

Keywords: Customs and Border Protection (CBP), Secretary Alejandro Mayorkas
Topics: Secretary of Homeland Security
05/28/2021   Department of Homeland Security

WASHINGTON – Today, Secretary of Homeland Security Alejandro N. Mayorkas and Attorney General Merrick B. Garland announced a new Dedicated Docket process to more expeditiously and fairly make decisions in immigration cases of families who arrive between ports of entry at the Southwest Border.  This new process should significantly decrease the amount of time it takes for migrants to have their cases adjudicated while still providing fair hearings for families seeking asylum at the border.

“Families arriving at the border who are placed in immigration proceedings should have their cases decided in an orderly, efficient, and fair manner,” said Secretary of Homeland Security Alejandro N. Mayorkas.  “Families who have recently arrived should not languish in a multi-year backlog; today’s announcement is an important step for both justice and border security.”

“The mission of the Department of Justice’s immigration courts is to decide the cases that come before them promptly and fairly,” said Attorney General Merrick B. Garland.  “This new program for certain newly arriving families will help achieve that critically important goal.”

Under this new process, certain recently arrived families may be placed on the Dedicated Docket.  Families may qualify if they are apprehended between ports of entry on or after Friday, May 28, 2021, placed in removal proceedings, and enrolled in Alternatives to Detention (ATD).  DHS, in partnership with the Department of Justice (DOJ) Executive Office for Immigration Review (EOIR), will make available information services to help families understand the immigration system and refer families to pro bono legal service providers for possible representation.

EOIR has identified immigration courts in 10 cities with established communities of legal services providers and available judges to handle the cases.  The designated cities are Denver, Detroit, El Paso, Los Angeles, Miami, Newark, New York City, San Diego, San Francisco, and Seattle.  

Under the Dedicated Docket, EOIR’s immigration judges will work generally to issue a decision within 300 days of the initial master calendar hearing, subject to the unique circumstances of each case including allowing time for families to seek representation where needed.  While the goal of this process is to decide cases expeditiously, fairness will not be compromised.

Keywords: Immigration and Customs Enforcement (ICE), Secretary Alejandro Mayorkas
Topics: Immigration and Customs Enforcement
05/28/2021   InfoWorld Security

A study by Ponemon and IBM indicates that misconfigured cloud servers cause 19% of data breaches. This is an expensive problem with an average cost of half a million dollars per breach. This figure does not consider the potential PR nightmare that could take down the company. 

Today the pandemic has us working at home, which makes us all more dependent on cloud computing. In addition to its other benefits, the cloud offers more modern security measures than on-premises platforms, so the Global 2000 made a quick push to public clouds. This rapid migration resulted in mistakes or oversights that have yet to be corrected, as conversion speed became more of a priority than caution.

To read this article in full, please click here

05/27/2021   Sophos Security
It's all over the news! The bug you can't fix! Fortunately, you don't need to. We explain why.
05/27/2021   Department of Homeland Security

Today, the Department of Homeland Security’s Transportation Security Administration (TSA) announced a Security Directive that will enable the Department to better identify, protect against, and respond to threats to critical companies in the pipeline sector.

“The cybersecurity landscape is constantly evolving and we must adapt to address new and emerging threats,” said Secretary of Homeland Security Alejandro N. Mayorkas.  “The recent ransomware attack on a major petroleum pipeline demonstrates that the cybersecurity of pipeline systems is critical to our homeland security. DHS will continue to work closely with our private sector partners to support their operations and increase the resilience of our nation’s critical infrastructure.”

The Security Directive will require critical pipeline owners and operators to report confirmed and potential cybersecurity incidents to the DHS Cybersecurity and Infrastructure Security Agency (CISA) and to designate a Cybersecurity Coordinator, to be available 24 hours a day, seven days a week.  It will also require critical pipeline owners and operators to review their current practices as well as to identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA and CISA within 30 days.

TSA is also considering follow-on mandatory measures that will further support the pipeline industry in enhancing its cybersecurity and that strengthen the public-private partnership so critical to the cybersecurity of our homeland.

Since 2001, TSA has worked closely with pipeline owners and operators as well as its partners across the federal government to enhance the physical security preparedness of U.S. hazardous liquid and natural gas pipeline systems. As the nation’s lead agency for protecting critical infrastructure against cybersecurity threats, CISA provides cybersecurity resources to mitigate potential risks, including through a dedicated hub that disseminates information to organizations, communities, and individuals about how to better protect against ransomware attacks. 

This new TSA Security Directive also highlights the critical role that CISA plays as the country’s national cyber defense center. Last December, Congress, through the National Defense Authorization Act, empowered CISA to execute its mission to secure federal civilian government networks and our nation’s critical infrastructure from physical and cyber threats.

Keywords: Critical Infrastructure, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Pipeline, Resilience, Secretary Alejandro Mayorkas, Surface Transportation Security, Transportation Security Administration (TSA)
Topics: Critical Infrastructure Security, Cybersecurity, Resilience, Secretary of Homeland Security
05/26/2021   Sophos Security
Latest episode - listen now. (And please leave us a review if you like what you hear!)
05/25/2021   InfoWorld Security

When I hear people say, “I’m a cross-cloud architect,” I wonder what the heck they mean.

I’m seeing an emerging pattern in the cloud computing space where enterprises are morphing from dealing with siloed public clouds a cloud at a time, to dealing with all clouds—including existing traditional systems—as strategic platforms. Or dealing with more holistic IT architecture that uses public clouds, which is a much more complex problem to solve.

Still, what does a “cross-cloud” architect do? I see three areas of primary focus:

To read this article in full, please click here

05/24/2021   InfoWorld Security

An SSH jump server is a proxy standing between clients and the rest of the SSH fleet. Jump hosts minimize threats by forcing all SSH traffic to go through a single hardened location and minimizing an individual node’s SSH endpoints to the outside world. (Read more: “How to set up an SSH jump server.”)

One way to configure a multi-hop setup is by storing a private key for the destination server on your jump server. Do not do this. A jump server is usually a multi-user environment, meaning any single party with elevated privileges could compromise any private key. A solution to this security threat is enabling agent forwarding. Given how common this method is, it may surprise you to learn this is not recommended. To understand why, let’s dig a bit deeper.

To read this article in full, please click here

05/21/2021   InfoWorld Security

I may be overstating a bit, but it seems like we can’t go a week without some breach or ransom attack hitting the news cycles. It’s even more frustrating when these incidents affect the lives of the rank and file, such as long gas lines—or no gas. 

Although it’s easy to play Monday-morning quarterback, the common pattern is that companies are using security technology that’s less than effective, and perhaps the security talent on the ground is the same. Just saying.

The uptick in attacks is changing some hearts and minds. Some of France’s most sensitive state and corporate data can now be stored in public clouds, specifically Google and Microsoft, if licensed to French companies, the government said recently. This is an about-face from the French government’s previous trust in only local systems. 

To read this article in full, please click here

05/17/2021   InfoWorld Security

It often makes business sense to code microservices, customized applications, innovative customer experiences, enterprise workflows, and proprietary databases. But there are also times when the business and technology teams should consider low-code and no-code platforms to accelerate development, provide out-of-the-box technical best practices, simplify devops, and support ongoing enhancements.

Low-code platforms come in several categories. Some focus on tools for rapidly developing web and mobile user interfaces and workflows. Many data visualization, data integration, and data prep tools are low code, and emerging low-code platforms support machine learning, Internet of Things (IoT), and IT automations.

To read this article in full, please click here

05/14/2021   InfoWorld Security

The cloud is typically a destination for systems needing to be modernized to take advantage of technologies such as AI, predictive analytics, or a hundred other cloud services. It’s typically cheaper, it can be allocated and changed in minutes, and the enterprises technology elites are spending most R&D dollars on the public cloud these days. Thus, your existing platforms are no longer getting the love.

Moving to the cloud is not a bad idea. However, the trouble comes when enterprises believe that digital enablement will somehow fix existing problems, such as a data mess, application issues, inadequate security, or frequent outages due to a lack of operational disciplines and tools.

To read this article in full, please click here