Tag Archive for: Questions

AIIMS Server: Hacking of AIIMS server raises serious questions about cyber security in country: Congress

/in


The Congress on Tuesday hit out at the Modi government over the hacking of the AIIMS server and said it raises “serious questions” about cyber security in the country. AICC general secretary, organisation, K C Venugopal asked about Prime Minister Narendra Modi‘s promise of a new cyber security policy which he announced two years ago.

“It has been a week since the server of AIIMS was hacked. It raises serious questions about the cyber security of the country. In 2020, PM Modi had announced that the country will soon have a new cyber security policy. It’s been two years and we’re still waiting,” Venugopal said on Twitter.

Services at the All India Institute of Medical Sciences (AIIMS), Delhi remained affected on the seventh consecutive day, official sources said.

It is feared that data of around 3-4 crore patients could have been compromised due to the breach detected on November 23.
Patient care services in emergency, outpatient, inpatient and laboratory wings are being managed manually as the server remained down, the sources said.

The Delhi Police, however, issued a statement, saying “no ransom demand as being quoted by certain sections of the media has been brought to notice by AIIMS authorities”.

The India Computer Emergency Response Team (CERT-IN), Delhi Police and representatives of the Ministry of Home Affairs are investigating the ransomware attack.

A case of extortion and cyber terrorism was registered by the Intelligence Fusion and Strategic Operations (IFSO) unit of the Delhi Police on November 25.

The official sources said internet services are blocked on computers at the hospital on the recommendations of the investigating agencies.

The AIIMS server has stored data of several VIPs, including former prime ministers, ministers, bureaucrats and judges.

Source…

6 Questions to Ask Before You Hire a Managed Security Services Provider

/in


Gartner forecasts that information security spending will reach $187 billion in 2023, an increase of 11.1% from 2022. In tandem with this spending, the analyst firm also

predicts that by 2025, a single centralized cybersecurity function will not be agile enough to meet the needs of a digital organization.

It comes as no surprise, then, that organizations are looking to managed security services providers (MSSP) to either augment in-house security teams or provide risk-management services.

“Many organizations don’t have the resources to build out a security operations center (SOC),” says Scott Barlow, vice president of global MSP and cloud alliances at Sophos. “Meanwhile, security is moving at a rapid rate, and it’s tough to do it yourself. With internal IT staff focused on internal needs, companies really need to think about 24-7 security and threat hunting across their network. That’s why we see a lot of co-managed IT and outsourcing tickets going to MSSPs these days.”

An MSSP may be the answer, but businesses should take the time to do their homework before signing on. Here are six essential questions to ask when seeking assistance.

1 – What types of certifications do your staff have?

“There are a lot of certifications out there,” Barlow says. “From CompTIA to (ISC)2, there are many ways security professionals stay up to date on skills and the latest threats. But it is essential that they are up to date on certifications because the industry is constantly evolving.”

It’s important to start by understanding your staff’s full suite of certifications, then determine what’s needed to fill any gaps, Barlow says.

2 – How do you secure on premise and public cloud assets?

Many organizations have assets in the public cloud in addition to on-prem. It is important to determine how your MSSP can secure both. “Public cloud does not mean Microsoft 365,” Barlow says. “It means that if you have workloads in Azure or Google Cloud Platform (GCP), can they confidently assure you that they can secure those assets and data? Ask how.”

3 – Can you support all my needs?

Identifying your internal IT and security needs is paramount. For…

Source…

Password Recovery Questions Are Easy to Hack

/in


Lucky for you, we turned to the experts for tips on fixing them.

Password Reminder Questions Are Insanely Easy To Hack

iStock/mihailomilovanovic

When a hacker claimed to have breached Mitt Romney’s personal email account in 2012, he didn’t do it by infecting his computer with a data-leeching virus or by launching a brute-force password cracking attack—he did it with the word “Seamus.”

Seamus was the name of Romney’s dog, and apparently the answer to his password reminder question, “what is your favorite pet.”  Because Romney’s email address had been made public in a news story several days earlier, and the doggo-in-question was the subject of an unfortunate media scandal for having been strapped to the roof of the family car during a 1983 road trip, the alleged hacker had everything he needed to exploit a notoriously weak gateway to password security: the password recovery question.

While setting a password reminder question is a fine idea in theory (so many passwords, so little mental space!), it has probably encouraged you to make your password overly vulnerable. The simple truth is that in our age of social media over-sharing it is far too easy to suss out anyone’s answers to the question “where did you meet your spouse,” or “what is your mother’s maiden name.” If you have a public Facebook, Twitter, or Instagram account, you also have a dossier of clues for would-be hackers to peruse at will. Many security industry professionals wish the password reminder question would be outright abolished from account setup, but until that day comes, what can you do to work with the system and keep yourself secure?

For one thing, pick a harder question. A Microsoft and Carnegie Mellon study found that the safest password reminder question may be “What’s your father’s middle name,” as it’s easy to remember, hard to guess, and unlikely to be public knowledge on the Internet. (Other safe-ish questions were, “What was your first phone number?,” “Who was your favorite teacher,” and “Who is your favorite singer?”)

Some experts recommend answering the question with a non-sequitur (What is your mom’s maiden name? Platypus). But even a random, one-word answer is vulnerable to a…

Source…

Questions linger regarding NCDIT hack

/in


RALEIGH, N.C. (WNCN) — A lot of questions remain following the shutdown of many state computer systems last week. 

The state’s Department of Information Technology admits it encountered what they call a “cyberthreat” last week and has been working to get all systems back online. 

However, there are a lot of answers that remain elusive as to exactly what happened and how large the impact was. 

CBS 17 has pieced together information about the hack. 

We depend on our computer systems at home and at work and it’s common knowledge in the cyber security world that hackers are always trying to get into our personal as well as work systems. 

It’s an everyday occurrence and the state Department Of Information Technology says every week, “billions of intrusion attempts” are made to the state network. 

Last week, the agency admitted they encountered a threat which required them to protect state systems and data prompting what they called “system maintenance.”   

That knocked scores of state computers in many agencies offline. NCDIT did not reveal how many agencies were affected.

However, the NC Department of Health and Human Services was one of the agencies affected because it posted a notice on its website saying systems that were affected by the outage are now back online.   

The proactive action by NCDIT required password resets for many employees of state agencies, council of state offices and some local governments. 

NCDIT says due to the large number of accounts, they are taking time to get reset all passwords. 

They said teams worked through the weekend to restore things. But CBS 17 saw tweets on the NCDIT twitter page from Monday and Tuesday indicating that some state employees were still not online and were frustrated.  

Tweets of frustrated customers. (Steve Sbraccia/CBS 17)

NCDMV says impacts to its services were “minimal” and that no driver’s license offices or license plate agencies were closed as a…

Source…