Tag: leader | Page 3

Open-source Leader Advocates Strong FCC Enforcement of Routing Security

April 11, 2022/in Internet Security

The Federal Communications Commission should consider imposing comprehensive tests and fines—after fair warning and guidance—to ensure internet service providers are taking minimal steps to protect the global internet routing system from malicious hackers, according to comments a leader in the open-source security community submitted to the agency.

“Voluntary compliance has failed to ensure compliance with even basic measures; companies have negligently allowed hijacking for decades, even when well-known and practical countermeasures exist,” wrote David Wheeler, director of open source supply-chain security for the Linux Foundation. “The FCC should establish a testing regime to ensure that Internet routing, if depended on by others, strongly resists hijacks using currently practical measures such as [Resource Public Key Infrastructure]”

Comments were due Monday in response to an inquiry the FCC made on the issue in the wake of the Russia-Ukraine conflict. The commission is concerned about hackers’—particularly powerful nation-state actors’—ability to manipulate the Border Gateway Protocol to redirect internet traffic by pretending to offer a more efficient network path. Resource Public Key Infrastructure, or RPKI, refers to a system of certificates and cryptographic attestation for stakeholders to validate the origin and authorize the route internet traffic should take.

In response to the FCC asking about the extent to which network operators have implemented available security measures, Wheeler pointed to a test established by the content distribution network Cloudflare. The test is a simple red-team exercise that advertises a route known to be spurious. Cloudflare committed to implementing RPKI in the fall of 2018.

“Those US organizations who fail should be notified, provided guidance on how to fix the problem, & given a grace period … to (re)gain compliance,” Wheeler said. “After the grace period there need to be incentives for failing US organizations to change to implement at least minimal efforts … These incentives should include grants if the organization is a not-for-profit, publishing a list of non-compliant entities, and then…

Source…

Tech Q&A: When a Chromebook no longer receives security updates – The Union Leader

September 26, 2021/in Mobile Security

Tech Q&A: When a Chromebook no longer receives security updates The Union Leader

Source…

Indra hacking group blamed for attack on Iranian railway system that trolled country’s supreme leader • Graham Cluley

August 16, 2021/in Computer Security

Indra hacking group blamed for attack on Iranian railway system that trolled country's supreme leader

On 9 July, Iran’s railroad system came under attack from hackers.

The attackers posted messages on station departure boards warning of “long delay[s] because of cyberattack”, and suggesting inconvenienced passengers call “64411” for more information.

64411 is reportedly the telephone number of the office of Ayatollah Ali Khamenei, Iran’s supreme leader.

A phone number–64411–was displayed on boards of train stations today in #Iran amid the reported cyberattack on the rail system. It directed commuters there to call for more information. It matched the number to #Iran‘s Supreme Leader’s Office that is displayed on his website. pic.twitter.com/IQQ85I6QhJ

— Iran International English (@IranIntl_En) July 9, 2021

The following day, Iran’s transport ministry said that its computer systems and website had suffered “widespread disruption…probably due to a cyberattack.”

An analysis by experts at Sentinel One pointed the finger of blame towards MeteorExpress (also known as Meteor), a previously unseen type of wiper malware that wiped computer file systems and locked out users.

Inevitably, Iran wasn’t terribly pleased about having its systems attacked by the hackers, and there have been reports that a subsequent drone attack by Iran against an Israeli-operated oil tanker, which resulted in the death of two crew members, might have been launched in a tit-for-tat response to the cyber attack.

However, an investigation by security researchers at Check Point has concluded that the attack was the work of a hacking gang called Indra that works against the Tehran regime, rather than an attack sponsored by a nation state such as Israel.

Sign up to our newsletter
Security news, advice, and tips.

Was it Israel? Was it Indra? Was it Indra working under the orders of Israel?

It’s hard to be certain.

But whoever was responsible for the attack on Iran’s train system which trolled the country’s supreme leader should probably consider that it’s no laughing matter, and that things could very quickly and seriously escalate.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.

…

Source…

Threat Intelligence Pioneer Joins Cybersecurity Leader onShore Security

July 29, 2021/in Internet Security

Craig Brozefsky returns to onShore Security

CHICAGO – July 29, 2021 – (Newswire.com)

onShore Security, one of the nation’s top Managed Detection and Response (MDR) providers today proudly announced the addition of threat intelligence powerhouse Craig Brozefsky to its growing roster of top talent leading the way in today’s increasingly complex and high-stakes cybersecurity landscape. Brozefsky joins onShore Security’s team as Senior Engineer and brings experience from his previous work on THREATBrain, a malware behavioral analysis engine. This industry-leading work led Brozefsky to a position as Director of Engineering at ThreatGRID and the company’s subsequent acquisition by Cisco. At Cisco, Brozefsky was the principal engineer, working to integrate THREATGRID’s threat intelligence capabilities across the company’s portfolio. He then went on to build and lead the team that developed the Cisco Threat Intelligence Model as an intelligence and security platform for enterprises.

Brozefsky worked for onShore Security in the ’90s, and his return is part of a larger project for the company. Last month, onShore Security announced its expanding utilization of Elastic technology, which is being further integrated into the company’s operation. In his new role. Brozefsky will be aiding onShore in updating and refining its Elastic store and improving automation and event correlation.

Steven Kent, Chief Technology Officer of onShore Security notes, “We are excited to bring Craig back to onShore; his experience & acute awareness of the security landscape will help us continue to extend industry-leading security offerings for our clients and create an even stronger development environment for our security features. Craig shares our goals of ensuring the most secure data handling experience for our customers, and we are looking forward to growing together.”

Brozefsky explains his background and future with onShore saying, “I started my career in security at onShore; as one of the first internet security and networking service companies in the region, it was a pioneer then, and it continues to be today. My professional path took me into software engineering,…

Source…

Tag Archive for: leader