background preloader

Cyber

Facebook Twitter

OK, panic—newly evolved ransomware is bad news for everyone. Sloppy patching, insecure plugins made Panama Papers leak possible. Time and time again, data-breach headlines illustrate the cost of ignoring basic security.

Sloppy patching, insecure plugins made Panama Papers leak possible

Regularly updating software is Security 101, especially if the application in question is public-facing or accessible over the Internet. For content management systems such as WordPress, Drupal, and Joomla, you have to update the core. More important, you have to update the modules and plug-ins. Having the latest software is not going to mean much if the attackers can waltz through security holes in plugins and third-party modules. The CIS Critical Security Controls the International Standard for Defense - AuditScripts.com. FedRAMP.gov. Cracking down on poor cyber hygiene. Defense.

Cracking down on poor cyber hygiene

Cyber Campaign 2014. On-Demand Webinar – The Road to Cyber Resilience: Featuring Bruce Schneier and Larry Ponemon. Ashley Madison Grabs the Headlines - Business World Groans. Patch-crazy Aust Govt fought off EVERY hacker since 2013. Australian Signals Directorate deputy director Steve Day says hackers have failed to extract any sensitive information from Federal Government agencies for the last two years despite successfully breaching several networks.

Patch-crazy Aust Govt fought off EVERY hacker since 2013

Day chalks it up to agencies following the lauded "Top 4 security controls" developed by ASD bod Steve McLeod and colleagues. The "Top 4" are application whitelisting, patching applications regularly, patching operating systems regularly, and minimising admin privileges. Speaking in Sydney today Day says federal agencies have the security controls to thank for preventing the data theft. Reuters: Data breached from US federal government dates back to Cold War. Columbia-v-cottage. Insurer tells hospitals: You let hackers in, we're not bailing you out. When hackers swiped 32,500 patient records from Cottage Healthcare System, it was sued by its own customers for $4.1m – a bill that was settled by its insurers.

Insurer tells hospitals: You let hackers in, we're not bailing you out

Now the insurance company, Columbia Casualty Company, has claimed Cottage's computers were hopelessly insecure, and it wants its money back. Columbia claims the healthcare provider's IT security was so poor that attackers were able to access its network and sensitive customer data via an anonymous FTP account found via a Google search. Compliance Mindset Can Lead to Epic Security Fail.

ManageEngine OpManager, a powerful NMS for monitoring your network, physical & virtual (VMware/ HyperV) servers & other IT devices.

Compliance Mindset Can Lead to Epic Security Fail

Deploy and start monitoring in less than an hour. Trusted by over a million admins world-wide. Try it for free. The recent data breach at Premera Blue Cross -- in which the personal information of some 11 million customers was compromised -- raises questions about how effective government regulators are at ensuring that healthcare providers adequately protect their patients' data.

The NIST Cybersecurity Framework Revisited. In February 2014 the National Institute of Standards and Technology (NIST) issued a new set of cyber security guidelines designed to help critical infrastructure providers better protect themselves against attacks.

The NIST Cybersecurity Framework Revisited

The framework was the result of an executive order issued by President Barack Obama in 2013 to establish a set of voluntary cyber security standards for critical infrastructure companies. One year later, has the NIST Cybersecurity Framework had any measurable impact on improving cyber resilience or was it just smoke and mirrors as many opponents predicted at the time? The NIST Cybersecurity Framework was born out of the realization that cyber-attacks represent one of the most serious economic and national security threats our nation faces. The framework offers: • A set of activities to anticipate and defend against cyber-attacks (the “Core”) Ultimately, proper security measures and best practices are just one part of the solution. Sourcefire Real-time User Awareness (RUA) Sourcefire RUA® (Real-time User Awareness) enables customers for the first time to correlate threat, endpoint, and network intelligence with user identity information—equipping them to identify the source of policy breaches, attacks, or network vulnerabilities immediately.

Sourcefire Real-time User Awareness (RUA)

Much more than a stand-alone user identity product, RUA enhances the Sourcefire 3D® System by directly correlating individual user IDs with specific IP addresses, traffic, and events. RUA empowers administrators to mitigate risk, block users or user activity, and take action to protect others from disruption—tightening security without hindering business operations or employee productivity. These capabilities also will significantly improve customers' audit controls, enhance regulatory compliance, and enable remediation policies to be set based on user identity. RUA uses LDAP and Active Directory domains as its sources of data to build user intelligence. User Intelligence For Enterprise Threat Management (ETM) Untitled. The White House Office of the Press Secretary For Immediate Release February 13, 2015 As a nation, the United States has become highly digitally dependent.

untitled

Our economy, national security, educational systems, and social lives have all become deeply reliant on cyberspace. On February 13, the President is convening leaders from throughout the country who have a stake in bolstering cybersecurity – from industry, tech companies, and consumer and privacy advocates to law enforcement, educators, and students. UL: Mayhem that matters. Written by Jennifer Warnick Lead Writer.

UL: Mayhem that matters

Study: 82% of Organizations Expect a Cyberattack, Yet 35% Are Unable to Fill Open Security Jobs. Global Talent Pool Reflects Urgent Skills Shortage and Hiring Delays Rolling Meadows, IL, USA (14 April 2015)—According to a study by ISACA and RSA Conference, 82 percent of organizations expect to be attacked in 2015, but they are relying on a talent pool they view as largely unqualified and unable to handle complex threats or understand their business.

Study: 82% of Organizations Expect a Cyberattack, Yet 35% Are Unable to Fill Open Security Jobs

More than one in three (35 percent) are unable to fill open positions. These are the key findings of State of Cybersecurity: Implications for 2015, a study conducted by ISACA, a global leader in cybersecurity, and RSA Conference, organizers of prominent, global cybersecurity events. Based on a global survey of 649 cybersecurity and IT managers or practitioners, the study shows that 77 percent of those polled experienced an increase in attacks in 2014 and even more (82 percent) view it as likely or very likely that their enterprise will be attacked in 2015. Getting Started for Business. The resources below are available to businesses and aligned to the five Cybersecurity Framework Function Areas. Some resources and programs align to more than one Function Area. Adopt-the-nist.pdf. How Cyber Secure Are Your Physical Security Devices?

How Cyber Secure Are Your Physical Security Devices? Protecting the network with your sensitive business data By Vince RiccoMay 01, 2015 Are your physical security devices attached to the same network as your sensitive business data? S.1353 - 113th Congress (2013-2014): Cybersecurity Enhancement Act of 2014. Shown Here:Public Law (12/18/2014) (This measure has not been amended since it was passed by the Senate on December 11, 2014. The summary of that version is repeated here.) Getting Started for Business.

The-cybersecurity-framework-in-action-an-intel-use-case-brief.pdf. The Cybersecurity Framework in Action: An Intel Use Case. On 3 March 2015 I participated in a deep dive into some key policies and processes used by Intel (NASDAQ:INTC) to continue to reduce the business risk of cyber threats. This review was presented by Malcolm Harkins, Intel’s Chief Security and Privacy Officer. Malcolm was briefing how Intel corporation leveraged the NIST-coordinated Framework for Improving Critical Infrastructure Cybersecurity to create a more mission-focused cyber security effort across their corporation. Their approach is also helping establish a common language with suppliers to Intel, significantly extending the approach.

Intel’s use of the framework clearly got results. 2015 Solutions by Sector Webinar Series. Happy Birthday, NIST Cybersecurity Framework. In a webinar, Steven Chabinsky, Cyber Columnist for Security and General Counsel and Chief Risk Officer for CrowdStrike, discussed NIST’s cybersecurity framework and its future. NIST’s Framework-work is now law, he said, so it’s here to stay. The Cybersecurity Enhancement Act of 2014, passed into law on December 18, 2014, authorizes NIST to facilitate and support the development of voluntary, industry-led cyber standards and best practices for critical infrastructure – codifying elements of the successful process through which the NIST Cybersecurity Framework was developed. This Week in Google 298: Aaron's Arcade. Intrusion Detection System (IDS) Reviews. Intrusion Detection FAQ. Intrusion Detection FAQ: Getting Started.

The first thing to do is think about what benefits the organization expects from the investment it will have to make. One good starting place is to look at the impact of past intrusions. Intrusion Detection FAQ: What Do You Do After You Deploy the IDS? Intrusion Detection FAQ: What is a Host Intrusion Detection System? General. How It Works. OSSEC is composed of multiple pieces. The Great ISC West 2015 Roundup. LAS VEGAS—ISC West expected that the 2015 show would be the second biggest ever, and although no official attendance figure has been released yet, that certainly appeared to be the case. SIA News - 04/23/2015. Computer security has failed to protect us, the head of RSA Security said at the start of the RSA security conference.

CIOs Ignore the NIST Cybersecurity Framework at Their Own Peril - The CIO Report.