Tag Archive for: Act’

Ukraine’s Largest Phone Operator Hacked in “Act of War”

/in


Kyivstar, Ukraine’s leading mobile network operator, is experiencing a significant shutdown allegedly due to a cyber-attack.

The company, owned by Amsterdam-based Veon, warned on December 12 that it had suffered a “powerful” cyber-attack that caused a technical failure, rendering internet access and mobile communications temporarily unavailable for its customers.

Although Kyivstar did not make directly attribute the attack initially, its director general later told Agence France Presse (AFP) that the firm considered the attack to be linked with the war against Russia.

In a Facebook post, Kyivstar said it was investigating the issue with law enforcement agencies, had reported it to Ukrainian state services, and was “working to eliminate the consequences and restore communications as soon as possible.”

“The most important thing is that, as of now, the personal data of subscribers has not been compromised. Our team will definitely compensate those subscribers who had no connection or could not use our services,” the firm added on social media.

“Yes, our enemies are cunning. But we are ready to face any challenges, overcome them and continue working for Ukrainians.”

Ukraine’s government confirmed to AFP that it started investigating the incident and that Russia was “suspected” of being behind it.

Both Cloudflare, a content delivery network (CDN) provider, and Netblocks, an internet monitoring firm, noticed disruptions on the Kyivstar internet network on December 12.

Additionally, Ukrainian payment system Monobank reported being targeted by a distributed denial-of-service (DDoS) attack just a few hours after Kyivstar’s social media post.

At the time of writing, there is no evidence that these two events are related.

Source…

Definition of Computer Security Act

/in


The first step in improving the security and privacy of information contained in federal computer systems. Signed January 8, 1988 by President Reagan, the Act:

Establishes a central authority for developing guidelines for protecting unclassified, but sensitive information stored in government computers.

Requires each agency to formulate a computer security plan, tailored to its own circumstances and based on the guidelines.

Mandates that each agency provide training for its computer employees on the threats and vulnerabilities of its computer systems.

Ensures that the National Security Agency and other defense-related government agencies not control computer security standards in civilian agencies of government. See information security.

Source…

Ethical hackers urged to respond to Computer Misuse Act reform proposals

/in


Ethical hackers, security researchers and consultants, and the community at large are being urged to step up and make their voices heard as the government explores a series of proposed changes to the Computer Misuse Act (CMA) of 1990.

The long-awaited consultation, which has been running since February, is seeking views on a number of legislative changes, including giving new powers to law enforcement agencies and closing existing loopholes that make it easier for malicious actors to get away with misusing purloined data.

However, when the consultation was launched, campaigners who want to see the law reformed to better protect cyber security professionals from prosecution under outdated sections of the 33-year-old CMA were left disappointed because rather than lay out concrete proposals for the community to consider, the government merely said more work was needed on this point.

Among other things, Westminster wants to consider questions such as how to safeguard the UK’s ability to act against cyber criminals if legal defences for hacking are implemented; how to ensure any defences do not provide cover for offensive actions; and what levels of training, standards and certifications need to be in place for security professionals.

Nevertheless, Casey Ellis, founder and CEO of crowdsourced security platform Bugcrowd, is calling on the community to have its say on the basis that interested parties need to contribute to ensure the government is as well-informed as possible.

“It’s still important that as many as possible individuals and organisations have their say on this,” he said. “The UK needs a revised act that not only better defines the difference between the activities of malicious attackers who have no intent to obey the law in the first place, and those who hack in good faith, discovering and disclosing vulnerabilities so they can be addressed before they are exploited.

Bugcrowd, which is contributing to the consultation through the Cybersecurity Policy Working Group (CPWG) and the Hacker Policy Coalition, said that the most significant way in which community members could help would be to comment on the potential of a statutory legal defence for hacking if…

Source…

Feds to Microsoft: Clean up your security act — or else

/in


The US government, worried about the continuing growth of cybercrime, ransomware, and countries including Russia, Iran, and North Korea hacking into government and private networks, is in the middle of drastically changing its cybersecurity strategy. No longer will it rely largely on prodding businesses and tech companies to voluntarily take basic security measures such as patching vulnerable systems to keep them updated.

Instead, it now wants to establish baseline security requirements for businesses and tech companies and to fine those that don’t comply.

It’s not just companies that use the systems who might eventually need to abide by the regulations. Companies that make and sell them, such as Microsoft, Apple, and others could be held accountable as well. Early indications are that the feds already have Microsoft in their crosshairs — they’ve warned the company that, at the moment, it doesn’t appear to be up to the task.

First, let’s delve into the government’s emerging strategy.

The new National Cybersecurity Strategy

In early March, the Biden Administration released a new National Cybersecurity Strategy; it puts more responsibility on private industry and tech firms to follow best security practices such as patching systems to fight newly found vulnerabilities and using multifactor authentication whenever possible.

US regulators have long recommended that tech companies do this. The difference now, according to the New York Times, is that “the new National Cybersecurity Strategy concludes that such good-faith efforts are helpful but insufficient in a world of constant attempts by sophisticated hackers, often backed by Russia, China, Iran or North Korea, to get into critical government and private networks. Instead, companies must be required to meet minimum cybersecurity standards.”

Source…