Tag Archive for: Examines

New Report Examines Pressing K-12 Cybersecurity Concerns

/in


A new report out Monday found K-12 organizations’ cyber postures slipping slightly over the prior year as they grapple with stubborn cybersecurity challenges and threats ranging from banking Trojans to ransomware.

Cybersecurity funding remains a top concern for the sector, but federal officials are turning attention to the issue and various organizations offer low-cost and free cyber tools.

On Nov. 13, the Federal Communications Commission (FCC) proposed a pilot program that would provide funding supporting cybersecurity and advanced firewall services at schools and libraries. Plus, K-12 Dive notes, state planning committees could use funds from the ongoing State and Local Cybersecurity Grant Program to help school districts in adopting cyber best practices.


Meanwhile, organizations like the Multi-State Information Sharing and Analysis Center (MS-ISAC) offer some free tools and resources, while the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerability list can be a helpful way to prioritize, advises the new Center for Internet Security (CIS) MS-ISAC K-12 Cybersecurity Report.

STRENGTHS AND WEAKNESSES

In 2022, 402 K-12 organizations participated in the Nationwide Cybersecurity Review (NCSR). They listed a familiar set of security concerns. Alongside funding shortcomings, those included cyber threats’ rising sophistication, insufficient availability of cyber professionals and lack of documented processes or cyber strategies.The NCSR scores organizations’ cyber maturity to help them assess strengths and gaps. In 2022, K-12 participants averaged a score of 3.25 out of a possible high score of 7. That’s a touch below 2021’s average score of 3.55 — although still “satisfactory,” the report said.

Improving means K-12 must shore up areas like supply chain risk management. Plus, more K-12 organizations should adopt protective measures like collecting audit logs, maintaining data classification schemes and defending against some malware by disabling the autoplay feature on removable media.

Those were also areas of weakness in 2021, but new issues emerged in 2022, too: lack of…

Source…

US House panel examines Arizona election review effects

/in


They called former Arizona Secretary of State Ken Bennett, who served as a go-between Senate Republicans and the contractors they hired to review the ballot count, election machines and computer software, to testify. Bennett said that while the recount showed that Biden actually picked up some votes, there remain unresolved issues involving voter registration, mail-in ballots and computer security.

Source…

CISA advisory examines LokiBot malware threat (Includes interview)

/in


The reason why this type of threat presents a cause of alarm is because LokiBot is one of today’s most dangerous and widespread malware strains. The malicious code has appeared as threat to industry and government since July 2020.

The malware works by infecting computers and then it porceeds to activate built-in capabilities that are dersigned to search for locally installed apps. Exploiting these, the malicious code then extracts credentials from their internal databases, giving the personal information to the groups who control the malware.

The malware is a form of information stealer code that functions to collect data from most widely used web browsers, File Transfer Protocol (FTP), email clients plus over a hundred software tools installed on the infected machine. The code was developed somewhere within Eastern Europe.

In addition, LokiBot functions as a backdoor risk, allowing hackers to run other pieces of malware on infected hosts, and potentially escalate attacks.

Looking at the issue for Digital Journal is Mark Bagley, VP of Product at AttackIQ.

Bagley explains the seriousness of the issue: “Cyberattacks have been evolving and growing at an alarming rate in the recent past, sparing no industry from disruption. The increase of LokiBot malware incidents shines a light on why organizations should take a proactive approach to testing and validating their security controls.”

In terms of the consequence of this and the deeper implications for businesses, Bagley: “Understanding common adversary tactics, techniques, and procedures, as outlined by the MITRE ATT&CK framework, allows organizations to protect what matters most to them, their ability to operate.”

He concludes by saying: “Doing this on an automated, ongoing basis is crucial to informing an organization’s defenders about the state of the security program, as well as supporting the goal of continuous improvement.”

Source…

iboss Examines the Effect of Mobile Users on Traditional Network Security Appliances – Yahoo Finance

/in

iboss Examines the Effect of Mobile Users on Traditional Network Security Appliances  Yahoo Finance

While a majority (79%) of this digital media will consist of video, a considerable volume will comprise of sensitive, private enterprise data that without the …

“mobile security news” – read more