Tag: Enhance | Page 4

CACI partners with Yubico to enhance trusted mobile platforms

December 11, 2021/in Mobile Security

CACI announced that it has entered into a partnership with Yubico through a memorandum of understanding that establishes Yubico as the exclusive provider of multi-factor authentication (MFA) solutions in support of CACI’s trusted mobile platforms.

CACI Yubico

Yubico will provide YubiKey 5 FIPS Series products for enhanced security and authentication protocols for CACI’s software-defined key loading devices that enable more capable, secure, and resilient communications for U.S. government missions.

Yubico’s YubiKey 5 FIPS Series are multi-protocol security keys that eliminate account takeovers from phishing attacks with strong two-factor, multi-factor and passwordless authentication. These security keys support applications and services using a range of protocols such as OTP, FIDO U2F and FIDO2/WebAuthn and a Personal Identity Verification-compatible (PIV) Smart Card.

The YubiKey 5 FIPS series is NSA-approved for the Department of Defense (DoD) to provide the highest level of user authentication and supports the ability to remove the tool following authentication in accordance with National Institute of Standards and Technology (NIST) usability guidelines for multi-factor cryptographic devices.

“The U.S. military and government agencies have a critical need for more secure, modern communications technology to help counter current and future threats,” said Todd Probert, President of National Security and Innovative Solutions at CACI. “CACI and our partners are bringing this state-of-the-art multi-factor authentication tool, combined with the most-advanced mobile hand-held device for trusted mobile platforms to the market. This capability is streamlined, proven and tested, and ready to deliver today in support of national security missions.”

“With data breaches continuing to rise, it has become increasingly critical for companies and government agencies to embrace a move toward modern, phishing-resistant, multi-factor authentication,” said Stina Ehrensvärd, CEO and co-founder, Yubico. “In the past several months, we’ve seen the US government release its Draft Zero Trust Strategy, as well as a number of other actions, including a cybersecurity executive order,…

Source…

BCBS Calls on Banking Sector to Enhance Cyber Defences

September 20, 2021/in Internet Security

Remote work arrangements and digital financial services have “enlarged banks’ attack surfaces”, creating opportunities for malicious actors, the BCBS said.

The BCBS (Basel Committee on Banking Supervision) is calling for increased efforts to strengthen banks’ cyber security and improve their resilience to cyber threats.

In a newsletter, the BCBS said cyber threats and incidents – such as ransomware attacks – pose risks to the safety and soundness of individual banks, as well as the stability of the financial system.

Amid the pandemic, remote work arrangements and the increased use of digital financial services have “enlarged banks’ attack surfaces”, creating opportunities for increasingly sophisticated malicious actors, the newsletter said.

“Targeted attacks on banks’ third-party service providers, including third-party software banks commonly use and intragroup entities, are also a stark reminder that cyber security measures should take into account operational dependencies on such providers.”

The newsletter highlights two BCBS documents that can help bolster bank resilience to cyber incidents, including those arising from outsourcing arrangements. These are the Principles for the Sound Management of Operational Risk (PSMOR) and the Principles for Operational Resilience (POR).

The BCBS urges banking authorities to encourage financial institutions to adopt tools, effective practices and frameworks for cyber risk management that are aligned with widely accepted industry standards.

These include the National Institute of Standards and Technology (NIST) Cybersecurity Framework, International Organization for Standardization (ISO) 2700x, and the Center for Internet Security Critical Security Controls.

“Adopting such approaches will allow banks to better identify, assess, manage and mitigate their exposures to cyber risks, including those arising from third-party service providers,” the BCBS said. “The Committee believes that in the current environment banks must continually strive to improve their resilience to cyber security threats and incidents.”

The BCBS said it will monitor and assess efforts by banks to safeguard the…

Source…

Google funds Linux project to fix vulnerabilities and enhance security

June 19, 2021/in Computer Security

Source: Computerworld

Google, the search engine company and the Android-maker, has recently announced to be backing a project by Linux to make the Operating System harder to hack by fixing its vulnerabilities and enhancing its security. Google mentioned in a report on Thursday that it is funding a project to increase the security of Linux by re-writing the core parts “Kernel” of the Linux Operating System in Rust programming language which is basically a modernization effort to make it harder for the hackers to attack Linux-based devices.

Linux has been around for quite a while, and the Operating System is written on C Programming language which was developed back in 1972, and now with the modern advancements of the 21st century where the hackers have got all the skills and tools required for major hacking, anything written in C programming language can easily be entered into. We can say that time has outgrown Linux’s security, and now, Google will fund the project to modernise Linux and increase its overall security.

Making changes in the Kernel of Linux by replacing the written software with Rust programming language will mark a significant cultural shift in the open-source software project which is a substantial foundation to Google’s Android Operating System and Chrome OS along with other resources on the internet, as mentioned in a report by CNET.

Rust is a programming language developed by Mozilla, the developer of Firefox. The programming language is now run independently by Rust Foundation and it is known to be the most popular programming language for over five years. Rust makes it safer for software developers to write in memory as it continuously checks for hiding malicious problems or viruses in and around the memory area. According to a survey, Rust is considered to be the best alternative to decades-old C and C++ programming languages.

Linux and Google have pitched in Miguel Ojeda, whose written parts of the software used in the Large Hadron Collider particle accelerator, for writing the software for Linux in Rust programming language. As sources suggest, Google is funding the contract and the project which is being extended through the Internet Security…

Source…

Cyber agency CERT-In asks Indian FB users to enhance account privacy

April 20, 2021/in Computer Security

Country’s cyber security agency CERT-In has advised Facebook users to strengthen their account privacy settings after a recent global ‘data scraping’ incident in the social media platform was detected that affected about 61 lakh Indians.

“As the Facebook platform evolves and grows, parts of your account could be public. Data could also be collected and shared in ways you don’t know about,” the Indian Computer Emergency Response Team or CERT-In said in a public advisory issued on Monday.

It is the federal technology arm to combat cyber attacks and guard the Indian cyber space against phishing and hacking assaults and similar online attacks.

“It has been reported that globally there has been a large scale leakage of Facebook profile information. The exposed information includes email addresses, profile ID, full name, job occupation, phone numbers and birth date.

“According to Facebook, the scraped information does not include financial information, health information or passwords, however information from more than 450 million unique Facebook profiles globally, including approximately 61 lakh Indian individuals, has been made publicly available in multiple cyber criminal forums for free,” the advisory said while explaining the breach.

A cyber security expert had spoken about this online leak earlier this month, which was acknowledged by the company, stating that “this is old data that was previously reported on in 2019. We found and fixed this issue in August 2019”.

The CERT-In said that Facebook has claimed that this ‘data scraping’ happened by using the “contact importer” feature of the platform, which allows users to find other users by using their phone numbers.

“Facebook stated that this feature was changed in September 2019, following the discovery that threat actors were abusing the feature.

“However, while Facebook modified the feature in 2019 to thwart this kind of abuse, the phone numbers of 450 million global users had already been harvested by malicious actors, along with other identifying information on users,” it said.

Dejargonising the term ‘data scraping’, the advisory said it…

Source…

Tag Archive for: Enhance