Tag: Assess | Page 2

Government agencies, private companies secure networks, begin to assess damage from massive hack

December 14, 2020/in Internet Security

WASHINGTON — U.S. government agencies and private companies rushed Monday to secure their computer networks following the disclosure of a sophisticated and long-running cyber-espionage intrusion that experts said almost certainly was carried out by a foreign state.

It was not yet clear who was responsible for the intrusion, though it was reportedly conducted by Russia, and the extent of the damage is not yet known. The potential threat was significant enough that the Department of Homeland Security’s cybersecurity unit directed all federal agencies to remove compromised network management software and thousands of companies were expected to do the same.

What was striking about the operation was its potential scope as well as the manner in which the perpetrators managed to pierce cyber defenses and gain access to email and internal files at the Treasury and Commerce departments and potentially elsewhere. It was stark evidence of the vulnerability of even supposedly secure government networks, even after well-known previous attacks.

“It’s a reminder that offense is easier than defense and we still have a lot of work to do,” said Suzanne Spaulding, a former U.S. cybersecurity official who is now a senior adviser to the Center for Strategic and International Studies.

The campaign came to light when a prominent cybersecurity firm, FireEye, learned it had been breached. FireEye
FEYE,
-1.16%
would not say who it suspected, though many experts quickly suspected Russia given the level of skill involved, and alerted that foreign governments and major corporations were also compromised.

U.S. authorities acknowledged that federal agencies were part of the breach on Sunday, providing few details. The Cybersecurity and Infrastructure Security Agency, known as CISA, said in an unusual directive that the widely used network software SolarWinds had been compromised and should be removed from any system using it.

The national cybersecurity agencies of Britain and Ireland issued similar alerts.

SolarWinds
SWI,
-16.69%
is used by hundreds of thousands of organizations around the world, including most Fortune 500 companies and multiple…

Source…

Take this short survey to assess your organization’s threat intelligence maturity

September 25, 2018/in Computer Security

Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support!

Recorded Future believes that every security team can benefit from threat intelligence. That’s why it has launched its new Threat Intelligence Grader — so you can quickly assess your organization’s threat intelligence maturity and get best practices for improving it.

Recorded Future delivers the only complete threat intelligence solution powered by patented machine learning to lower risk. It empowers organizations to reveal unknown threats before they impact business, and enables teams to respond to alerts 10 times faster.

To supercharge the efforts of security teams, Recorded Future’s technology automatically collects and analyzes intelligence from technical, open web, and dark web sources and aggregates customer-proprietary data. Recorded Future delivers more context than threat feeds, updates in real time so intelligence stays relevant, and centralizes information ready for human analysis, collaboration, and integration with security technologies.

91 percent of the Fortune 100 use Recorded Future.

Try out Recorded Future’s Threat Intelligence Grader for yourself now!

If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Graham Cluley

3 reasons companies fail to assess the scope of a data breach

August 13, 2018/in Internet Security

3 reasons companies fail to assess the scope of a data breach CSO Online

Full coverage

data breach – read more

DARPA: Monitoring heat, electromagnetic and sound outputs could assess safety of IoT devices

October 24, 2015/in Mobile Security

DARPA is looking for a platform that can tell whether Internet of Things devices have been hijacked based on fluctuations in the heat, electromagnetic waves and sound they put out as well as the power they use.

The agency wants technology that can decipher these analog waves and reveal what IoT devices are up to in their digital realms, according to a DARPA announcement seeking research proposals under the name “Leveraging the Analog Domain for Security (LADS)”.

The LADS program would separate security monitoring from the device itself so if it is compromised, the monitoring platform can’t be affected.

To read this article in full or to leave a comment, please click here

Network World Tim Greene

Tag Archive for: Assess