Tag Archive for: Grants

Rural towns fear being left out of cybersecurity grants | KCUR 89.3

/in


The federal government set aside $1 billion to help cities and counties improve their cybersecurity, but rural communities worry they will be left out and end up more susceptible to attacks like ransomware.

The funding comes from the congressional infrastructure law, with $250 million dollars specifically targeted at rural areas. The funds are distributed to states over the next four years and will begin going out later this year.

But rural community leaders say they lack the resources and expertise to come up with a comprehensive cybersecurity plan and to pursue the grants.

“It’s just me and two other people who work for me,” said Scott Avery, the city administrator in Houston, Missouri, population 2,500. “Getting and administering any grant is a lot of work.”

In 2021, more than 150 cities, counties and school districts fell victim to cyberattacks, according to cybersecurity company Emsisoft.

That led to disruptions in services ranging from delayed renewal of driver’s licenses to residents not being able to pay their tax bills. The attacks shut down systems for weeks in some cases and took months to get back to normal.

The need for security upgrades may be more pressing in rural areas than in urban areas.

Last fall, Missouri State Auditor Nicole Galloway released a report highlighting security flaws in several small, rural cities, counties and courthouses.

Galloway cited specific cases of network passwords going unchanged for years, simple passwords routinely shared with outside users and former employees accessing government computers.

BJ Tanksley, Missouri’s director of broadband development, said the regional and state agencies like his need to help.

“When we think about this kind of program, you can tap into statewide networks of people who do this, like the libraries and the other types of associations that have footprints all over the state,” he said.

Tanksley said the knowledge is out there, but regional and state agencies will have to make it a priority to help rural communities protect their digital assets. But they can only do so much.

“I don’t know that we are going to connect them with cybersecurity systems,” he…

Source…

Razer to fix Windows installer that grants admin powers if you plug in a mouse • The Register

/in


In brief Razer is working on an updated installer after it was discovered you can gain admin privileges on Windows by plugging in one of the gaming gear maker’s mice or keyboards.

In fact, inserting any USB device that declares itself a Razer mouse or keyboard will lead to an exploitable situation.

As documented late last week by a Twitter user called j0nh4t, if you plug into a Windows 10 or 11 machine a device identified as a Razer mouse or keyboard, Microsoft’s OS will automatically download and run Razer’s installer for the manufacturer’s Synapse software, which can be used to configure the peripheral.

During the installation process, which runs at the System level, you can spawn a Powershell terminal from an Explorer window that runs with these high-level privileges. Thus, you can gain local admin access on a machine, if you can login in somehow and plug in a gadget – useful for penetration testing, at least. It is also possible to tell the installer to use a user-controlled folder to store an executable that is run on every boot, which can be hijacked by a rogue user.

The bug finder said they had no luck in getting Razer’s attention when trying to report these flaws, and after they put a zero-day exploit for the Powershell hole on Twitter, the manufacturer got in touch and offered a vulnerability bounty. A new version of the installer to address these problems is being prepared for release, we’re told. We wonder how many Windows installers have these same weaknesses.

A spokesperson for Razer told us today: “We were made aware of a situation in which our software, in a very specific use case, provides a user with broader access to their machine during the installation process.

“We have investigated the issue, are currently making changes to the installation application to limit this use case, and will release an updated…

Source…

Opening this image file grants hackers access to your Android phone – ZDNet

/in

Opening this image file grants hackers access to your Android phone  ZDNet

Be careful if you are sent an image from a suspicious source.

“android security news” – read more

Internet security, encrypted messaging and privacy projects win Facebook grants

/in

  1. Internet security, encrypted messaging and privacy projects win Facebook grants  ZDNet

  2. Facebook awards $ 800000 to ten projects securing the internet  Neowin
  3. Facebook hands out £626k in security research grants  bit-tech.net

    4. Full coverage

internet security news – read more