Tag Archive for: asks

Government asks organisations to check server security

/in


A cybersecurity flaw in Java-based utility Log4j, used by many major tech companies, can give hackers access to computer systems.

The National Cyber Security Centre (NCSC) has issued a warning to all organisations that use web servers to respond to a new cybersecurity threat posed by what is being dubbed as Log4Shell.

The flaw stems from Apache Log4j, a Java-based logging utility used by most of the world’s major tech companies for their web infrastructure, including Microsoft, Apple, Amazon, Cisco, Tesla, Twitter and Baidu. It can potentially give a hacker unrestricted access to a company’s computer systems.

Log4Shell first received wide public attention after Minecraft, owned by Microsoft, published a statement to its 140m-strong active monthly users alerting them to the flaw. The company said any player of the game’s Java edition that doesn’t host their own server needs to take mitigating steps.

However, Minecraft is likely one of thousands of technology companies across the world that are susceptible to the Log4Shell flaw, and governments, including the US, are rushing to advise organisations with web servers to take immediate steps before hackers get them first.

“It is likely that malicious actors will shortly begin using this vulnerability to attack web servers. The NCSC advises that organisations assess their web servers for exposure to this risk. This should include services administrated and provided by third party service providers,” the NCSC wrote in a statement.

It clarified that Apache, the company that makes and runs Log4j, has published an update to the Log4Shell flaw which companies should make use of immediately. It also noted that any attempts to exploit the flaw can be detected by the NCSC.

“There is no evidence of any successful exploitation of this vulnerability in the State, or any effect on services or data, but the risk of eventual compromise will persist for any entity until the vulnerability is addressed,” it added.

Threat hunting a ‘high priority’

Andrii Bezverkhyi, founder and CEO of cybersecurity start-up SOC Prime, said that the problem with the Log4Shell flaw is that Log4J is used by “every…

Source…

Family of Security Guard Shot in Oakland Speaks Out, Asks Public for Help in Finding Suspect – NBC Bay Area

/in


The family of the private security guard who died after being shot while on assignment in Oakland last week spoke out Friday, asking the public’s help in seeking the person responsible.

“We’ve heard so far that there were people doing video with their cell phones .. and we’d like them,” said wife Virginia Nishita. “I beg you, please come forward.”

Kevin’s wife said she was stunned Kevin was shot in an attempted armed robbery of a news crew in downtown Oakland on Nov. 24 and died days later. But not surprised her husband put himself in jeopardy for the sake of others.

“That was his personality, to be that protector, to be that brave one,” she said. “He just wanted to protect people. Not just his family but others as well.”

Still the senseless nature of the crime has left the family heartbroken and demanding answers.

“We just need the closure. We don’t like this open, not knowing how someone we loved passed away. We just need to know and have peace,” and said Kevin’s daughter Maureen Campos.

Kevin was employed by Star Protection Agency California and working with a KRON4 reporter at the time of the shooting.

“He didn’t deserve this. He was retired,” said Kevin’s son Enrique Nishita. “He just looking to stay busy, we just wish he could come home.”

The family says it is still working on memorial services and they take some satisfaction in hearing Oakland is now taking action including a plan to hire more police officers.

“This is justice for Kevin. He was a security guard, and he was out there to protect the newscast … and we need justice for him,” said Virginia.

A reward of $32,500 is being offered to anyone with information that may lead to an arrest.

Kevin Nishita, a security guard protecting a news crew died days following a gunfire battle. Former coworkers and friends remember him and mourn his passing. Sergio Quintana reports.

Source…

UGC asks colleges to boost cybersecurity

/in


With online education becoming a new normal, India’s apex higher education regulator University Grants Commission (UGC) has asked colleges, institutions and universities to strengthen the cybersecurity mechanism and put in place a cybersecurity ecosystem.

This comes as India battles a surge in cybersecurity incidents post the pandemic as several services, including education, have shifted online.

Education is a key target for cyber frauds as it deals with a huge amount of data on demographic and professional records of students, staff and allied education sector. It is also a big user of online financial transactions, becoming an easy target for cybercriminals.

The education regulator has also asked higher educational institutions, numbering over 50,000, to be on the guard and report cybersecurity incidents.

UGC, in a letter to institutions, told them its effort is to draw their attention and action “to strengthen cybersecurity and to tackle the unforeseen challenges of cybercrime and develop an ecosystem for cyber security in HEIs (higher education institutions)”. Mint has seen a copy of the letter.

The education regulator said institutions must sensitize staff and students to the Indian Cyber Crime Coordination Centre and initiatives take by the home ministry to prevent cybercrimes.

The regulator’s directive may work as a template for the overall education sector at a time usage and integration of technology in education is going to increase and the education ministry itself is speaking about the value of technology in education to increase access and better use of resources.

Cybersecurity incidents have been rising of late. Barracuda Networks, a cybersecurity firm, found more than 1,000 spear-phishing attacks targeting educational institutions in India between July and September 2020, Mint reported in November. The lack of awareness, tight budgets and limited resources make institutions and schools easy targets for cyberattacks and “unfortunately, make attacks more effective”, Murali Urs, country manager, India, of Barracuda Networks, said at the time.

A government official,…

Source…

PJCIS asks for Australia’s ‘hacking’ Bill to gain judicial oversight and sunset clauses

/in


The Parliamentary Joint Committee on Intelligence and Security (PJCIS) has recommended the passage of the so-called “hacking” Bill that will afford three new computer warrants to two Australian law enforcement bodies, providing its 33 other recommendations are met.



a close up of a bottle: According to Peter Dutton, this badge has nothing to do with ACT Policing, even though it is on statements relating to a lack of metadata authorisation.

© (Image: ACT Policing)

According to Peter Dutton, this badge has nothing to do with ACT Policing, even though it is on statements relating to a lack of metadata authorisation.


The Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020, if passed, would hand the Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC) the new warrants for dealing with online crime.

Loading...

Load Error

The first of the warrants is a data disruption one, which according to the Bill’s explanatory memorandum, is intended to be used to prevent “continuation of criminal activity by participants, and be the safest and most expedient option where those participants are in unknown locations or acting under anonymous or false identities”.

The second is a network activity warrant that would allow the AFP and ACIC to collect intelligence from devices that are used, or likely to be used, by those subject to the warrant.

The last warrant is an account takeover warrant that would allow the agencies to take control of an account for the purposes of locking a person out of the account.

The Bill has been criticised for its “wide-ranging” and “coercive” powers by the Office of the Australian Information Commissioner (OAIC), human rights lawyers have asked the Bill be re-drafted, and the likes of Twitter have labelled parts of the proposed Bill as “antithetical to democratic law”.

After considering all the submissions made and testimonies provided on the Bill, the PJCIS in its report [PDF] has called for some tweaks, such as amending the Bill to provide additional requirements on the considerations of the issuing authority to ensure the offences are reasonably serious and proportionality is maintained.

“The effect of any changes should be to strengthen the issuing criteria and ensure the powers are being used for the most serious of offending,” it added.

The committee wants the issuing authority for…

Source…