Posts

Accenture Federal Services Lands $112M CISA Task Order For FCEB Cybersecurity Support; Aaron Faulkner Quoted

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


Accenture Federal Services Lands $112M CISA Task Order For FCEB Cybersecurity Support; Aaron Faulkner Quoted

Aaron Faulkner Accenture Federal Services

Accenture Federal Services (AFS) announced on Friday that the company secured a potential, five-year $112 million prime task order by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to protect the Federal Civilian Executive Branch (FCEB) systems against cyberattacks.

The contract requires AFS to provide advanced cyber services for CISA to help FCEB agencies mitigate the effects of cyberattacks that include ransomware, botnets and malware campaigns while increasing real-time visibility into cyber threats.

“Now, more than ever, it is crucial for our nation to move from a ‘detect and respond’ to a ‘predict and prevent’ model for dealing with cyberattacks. Our solution delivers a whole-of-government view of the threats we face as a nation. Accenture Federal Services is excited to build upon our track record of delivering highly complex cyber solutions at scale,” commented Aaron Faulkner, AFS managing director and cybersecurity Practice Lead

Cloudflare, as a team member on the CISA Task Order, will partner with AFS to strengthen federal government systems by blocking phishing and malware attacks before they occur and containing breaches that occur on devices, such as laptops and cell phones.

“Cyberattacks are becoming much more sophisticated. As a result of several recent newsworthy breaches, we are all now much more aware of the impact cyber threats can have on our daily lives. We’re proud to partner with AFS in helping to build a more secure and resilient infrastructure for our nation,” stated Matthew Prince, Cloudflare co-founder & CEO. 

Source…

Report: Active Directory Certificate Services a big security blindspot on enterprise networks


As the core of Windows enterprise networks, Active Directory, the service that handles user and computer authentication and authorization, has been well studied and probed by security researchers for decades. Its public key infrastructure (PKI) component, however, has not received the same level of scrutiny and, according to a team of researchers, deployments are rife with serious configuration mistakes that can lead to account and domain-level privilege escalation and compromise.

“AD CS [Active Directory Certificate Services] is Microsoft’s PKI implementation that provides everything from encrypting file systems, to digital signatures, to user authentication (a large focus of our research), and more,” researchers Will Schroeder and Lee Christensen from security firm SpecterOps said in a new report. “While AD CS is not installed by default for Active Directory environments, from our experience in enterprise environments it is widely deployed, and the security ramifications of misconfigured certificate service instances are enormous.”

How AD CS works

AD CS is used to set up a private enterprise certificate authority (CA), which is then used to issue certificates that tie a user or machine identity or account to a public-private key pair, allowing that key pair to be used for different operations, such as file encryption, signing files or documents and authentication. AD CS administrators define certificate templates that serve as blueprints to how certificates are issued, to whom, for what operations, for how long and what cryptographic settings they have.

In other words, like in HTTPS, a certificate that is signed by the CA is proof that the AD infrastructure will trust a particular public-private key pair. So, to obtain a certificate from AD CS, an authenticated user or computer, generate a key pair and send the public key along with various desired settings to the CA as part of a certificate signing request (CSR). The CSR will indicate the user identity in the form of a domain account in the subject field, the template to be used to generate the certificate, and the type of actions for which the certificate is desired, which is defined in a field…

Source…

Amid cyber risks, no data storage on cloud services; action if leakage: DoT to staff

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


With incidents of cyber attacks on government’s official email ids and websites on the rise, the Department of Telecommunications (DoT) has issued fresh instructions to its employees asking them not to store any official and classified information on private cloud services such as Google Drive, Dropbox, iCloud, and others.

If any such information is stored on these private cloud services, the employee storing such data may be liable for penal action in case of a data breach, the DoT said in a communication to all its staff.

Further, any kind of classified work must be “strictly be carried out only in a standalone computer which is not connected to internet”, the DoT said.

Employees have also been asked to avoid, when on officials tours, any mobile or internet-based service that requires their location, “unless it is necessary for discharge of office duties”.

These instructions are a part of the DoT’s instructions on best information security practices. Last year in July, the telecom department had written to all web portals and websites within its ambit to conduct a security audit and submit a compliance certificate as soon as possible.

The Telecom Ministry had then also written to all other ministries and departments requesting them to migrate their websites and web-portals to the ‘gov.in’ domain by August 31, 2020 if they had not done so already.

A similar letter was sent by DoTto all web portals and websites yielded no results. In that letter, dated October 7, the DoT had said that a security audit was necessary for the “robustness of information systems and associated networks”.

The letter was sent after the DoT was alerted that “data exfiltration” was taking place from one of the web portals of the ministry that did not have a valid cyber-security audit. Data exfiltration occurs when a malware or a virus gains unauthorised access to any computer connected to a network.

Source…

Best Bill Negotiation Services of 2021

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


Select’s editorial team works independently to review financial products and write articles we think our readers will find useful. We may receive a commission when you click on links for products from our affiliate partners.

If you feel like your monthly bills are always increasing, you’re not alone. In some major cities across the U.S., energy bills are expected to spike as much as 10% due to fluctuating fossil fuel prices and climate change. And year over year, it’s not unusual to see your bills creep up thanks to expiring promotions, taxes, fees, add-ons, etc.

Of course, you can always contact your service providers directly when you want to negotiate down fees and subscription charges. But with our busy lives, not everyone has the time to spend hours on the phone with no guarantee they will score a better rate. Increasingly, there are businesses popping up that offer bill negotiation services, either through an app or a website, that lets consumers hire experts to do the work for them.

For a fee (usually a percentage of your total savings), trained professionals who are up-to-date on the latest rates for various companies will negotiate for you with the goal of saving you a nice chunk of change on your monthly bills. After all, these businesses only make money when you save.

Typically, these services can negotiate your phone, internet and cable bills. However, some companies also include medical bill negotiation along with home security and other subscriptions. Usually, all you need to do is upload the monthly bills you want negotiated, and let the experts take it away. Sometimes, you’ll need to give them authorization to do the negotiating.

Select reviewed roughly a dozen bill negotiation companies, looking at fees, types of bills negotiated, Better Business Bureau and consumer reviews and ratings, as well security features. (Read our methodology for more information on how we choose the best bill negotiation services.) Here are our top picks:

Select’s picks for the top bill negotiation services

Bill negotiation services FAQs

Best overall

Billcutterz

On Billcutterz’ secure site

  • Cost

    Charges 50% on whatever savings you earn (can pay monthly or receive 10% discount for paying in full…

Source…