Tag: aims | SpinSafe

Red Cross aims to make civilian wartime hacking more humanitarian

October 5, 2023/in Internet Security

The role of civilian hackers during warfare continues to expand, and now at least one group is trying to set up some rules of engagement.

But whether the proposal from the International Committee of the Red Cross announced Wednesday will gain any traction and make these attempts more humane is anyone’s guess.

Civilian hackers have participated for a long time in various wartime conflicts, as documented by this article today in the Washington Post. For example, hackers targeted Western pro-Syrian supporters back in 2013, and Greek hackers in 2020 targeted numerous Azerbaijani government websites in support of Armenia.

Back in 2010, Richard Clarke in his book “Cyber War: The Next Threat to National Security and What to Do About It,” only envisioned the scenario where state-sponsored cyberattacks occurred. That seems almost quaint by today’s actions that have expanded into civilian participation.

Another analysis in Lawfare by Kubo Macak, a legal adviser to the Red Cross, cited government-run cyber operations that date back decades. He cites repurposing civilian smartphone apps for military use, such as reporting on enemy troop movements for weapons targeting.

What’s different today is that the Russian/Ukraine war has erased numerous boundaries between civilians and the military. This happened through attacks by both governments on civilian targets and by both governments recruiting civilian hackers to participate in various cyber offensive operations. One analysis written back in 2022 found that despite the initial foray of Russian cyberattacks, they have had minimal impact on Ukraine.

A good illustration of this blurred line is how essential Starlink’s internet access has been for the Ukrainian government’s military operations – a civilian technology that has direct military application.

“The digitalization of societies has fundamentally shifted the role of civilian involvement in conflicts in both quality and quantity,” Macak says. Civilians now have a “direct contribution to the operations on the digital battlefield as support to kinetic operations.”

In their paper, the Red Cross advisers Tilman Rodenhäuser and Mauro Vignati point out it…

Source…

Cybersecurity labeling for smart devices aims to help people choose those less vulnerable to hacking

July 27, 2023/in Internet Security

WASHINGTON — The Biden administration and major consumer technology players on Tuesday launched an effort to put a nationwide cybersecurity certification and labeling program in place to help consumers choose smart devices that are less vulnerable to hacking.

Officials likened the new U.S. Cyber Trust Mark initiative — to be overseen by the Federal Communications Commission, with industry participation voluntary — to the Energy Star program, which rates appliances’ energy efficiency.

“It will allow Americans to confidently identify which internet- and Bluetooth-connected devices are cybersecure,” deputy national security adviser Anne Neuberger told reporters in a pre-announcement briefing.

Amazon, Best Buy, Google, LG Electronics USA, Logitech and Samsung are among industry participants.

Devices including baby monitors, home security cameras, fitness trackers, TVs, refrigerators and smart climate control systems that meet the U.S. government’s cybersecurity requirements will bear the “Cyber Trust” label, a shield logo, as early as next year, officials said.

FCC Chairwoman Jessica Rosenworcel said the mark will give consumers “peace of mind” and benefit manufacturers, whose products would need to adhere to criteria set by the National Institute of Standards and Technology to qualify.

The FCC was launching a rule-making process to set the standards and seek public comment. Besides carrying logos, participating devices would have QR codes that could be scanned for updated security information.

In a statement, the Consumer Technology Association said consumers could expect to see certification-ready products at the industry’s annual January show, CES 2024, once the FCC adopts final rules. A senior Biden administration official said it was expected that products that qualify for the logo would undergo an annual re-certification.

The director of technology policy at Consumer Reports, Justin Brookman, welcomed the White House proposal but cautioned in a statement that “a long road remains” to its effective adoption.

“Our hope is that this label will ignite a healthy sense of competition in the marketplace, compelling manufacturers to safeguard both the security and…

Source…

How A Mobile Network Aims To Transform The Security Market

October 29, 2022/in Mobile Security

• EE partners with leading home security experts, Verisure, and leading cyber safety expert, Norton, … [+] as part of new plans to open up the market for UK consumers • EE Smart Home Security powered by Verisure launches today, and combines EE’s best in class mobile connectivity back-up, with the latest home security tech, 24/7 professional monitoring as well as outstanding customer service in an accessible and affordable solution • EE Cyber Security Powered by Norton™ – launching in November 2022 – will help customers protect their devices, social media accounts and digital identities through one service • EE’s entry into the smart security sector will see it review new cutting-edge product innovations to provide consumers with the latest smart home security solutions • Security partnerships are the first of a new wave of agreements that will allow EE customers to buy exciting services beyond connectivity as part of their monthly bill Pictured: EE customers make the most of the new partnership with Verisure to install new security devices For more information please contact Harry Allen at The Academy on [email protected] or 07854 213215

EE

Time was, a mobile phone network would promise good coverage for calls and texts and that was that. Things have changed, and the latest announcement from EE, the biggest mobile network in the U.K., shows how. The company has just revealed partnerships with Norton and Verisure.

EE Smart Home Security is a 24/7 monitored home alarm package, installed by Verisure security engineers and monitored 24 hours a day by Verisure’s Alarm Receiving Center, which allows customers to speak to the Alarm Center at any time through an SOS feature. This is different from self-monitored set-ups and the company claims a target response time of 60 seconds.

There are two bundles. One is aimed at flats and apartments, which costs $29 (£25) a month and the other for houses, which is $35 (£30) a month. Each has a one-off upfront fee of $58 (£50). The main difference is that the house package has extra shock sensors designed to detect intruders before they enter the home. Additionally, house package subscribers can upgrade with…

Source…

Asigra Aims to Better Secure Backup and Recovery

September 13, 2022/in Computer Security

Asigra today added a content disarm and reconstruction (CDR) capability to its Tigris data protection platform to identify malware that might be hidden in files an organization is depending on to thwart ransomware attacks.

Asigra CEO Eric Simmons said CDR enables scanning of all files prior to encryption and delivery to the backup repository as well as scanning those files during recovery.

Ransomware attackers today routinely embed malware in files for weeks before launching their attack. As a result, IT organizations often discover the supposedly pristine files they were depending on to thwart an attack have also been compromised. The bi-directional CDR capability makes it possible to ensure that backup files are pristine before being re-introduced into a production environment, said Simmons.

Ransomware attackers are increasingly embedding malicious code deep within content files that are often nested and zipped to avoid detection. The Asigra CDR capability deconstructs files into their smallest components to determine if malicious code, macros, links or executables have been embedded. After filtering and quarantining any found malware, CDR rebuilds the original file.

CDR complements existing security tools such as zero-day exploit protection, deep multifactor authentication (MFA), variable repository naming to non-standard names to prevent recognition and encryption/deletion, soft-delete enablement and FIPS 140-2 certified encryption. The overall goal is to thwart cybercriminals that are trying to weaponize files in a way that can render backup and recovery software useless, noted Simmons.

Data protection, of course, plays a crucial role in thwarting ransomware attacks. The issue is that far too many organizations fail to test their recovery capabilities. In addition to malware being embedded in files, it’s also not uncommon for IT teams to discover the files they have backed up have been corrupted. In the event of a ransomware attack, the organization often finds itself having to choose between a major disruption and caving into the demands of cybercriminals that may not even provide the keys to decrypt data after their ransom demands are met.

Cybersecurity professionals are…

Source…

Tag Archive for: aims