AOL DESKTOP GOLD Customer care Phone Number tech Number wih toll fr.ee TRWE – Minnesota Twins Talk – Twins Daily
AOL DESKTOP GOLD Customer care Phone Number tech Number wih toll fr.ee TRWE – Minnesota Twins Talk Twins Daily
Tag Archive for: talk
Can the SolarWinds incident spur more action, less talk about supply chain security?
The rising call to protect agency technology supply chains isn’t new. Back in 2012, the Senate Armed Services Committee released an eye-opening report on counterfeit electronic products in the Defense Department.
The Pentagon has been aware of counterfeit and supply chain problems dating back decades, but saw a huge upswing in these parts infiltrating its national security systems starting in 2005.
The recent SolarWinds cyber breach brought to light not only how complicated this challenge is but the need to stop staring at the problem and take real action.
Over the last few years, agencies have done a lot of thinking and planning with the development of the Cybersecurity Maturity Model Certification (CMMC) standards and the creation of the Federal Acquisition Security Council (FASC) to name a few, but real change has been hard to come by.
Jon Boyens, the deputy chief of Computer Security Division at the National Institute of Science and Technology, said a 2018 report by the Ponemon Institute found 66% of companies do not have a comprehensive third-party inventory. The 2019 Ponemon report found the average cost of a supply chain attack was $7.5 million and more than 50% of all respondents reported a breach in the two years.
“Even now, when we talk about supply chain risk management, it’s kind of a level set. It means different things to different people. Some people still do not get the relevance of it or they look at different aspects very adversarial,” Boyens said at a recent supply chain event sponsored by FCW.
This is why many believe the SolarWinds supply chain breach finally will get the government and industry to act more decisively and quickly.
Rep. John Katko (R-N.Y.), the ranking member of the Homeland Security Committee, explained this desire to take real actions and not just stare at the problem in a Jan. 19 letter to the Cybersecurity and Infrastructure Security Agency in the Homeland Security Department.
“I remain concerned that the Federal Acquisition Security Council is not making rapid enough progress to operationalize its ability to leverage its authorities from the SECURE…
Mysterious Bugs Were Used to Hack iPhones and Android Phones and No One Will Talk About It
Image: Cathryn Virginia/VICE
Google’s elite teams of bug and malware hunters found and disclosed a flurry of high impact vulnerabilities in Chrome, Android, Windows, and iOS last week. The internet giant also said that these various vulnerabilities were all “actively exploited in the wild.” In other words, hackers were using these bugs to actually hack people, which is concerning.
What’s more, all these vulnerabilities are in some way related to each other, Motherboard has learned. That potentially means the same hackers were using them. According to the disclosure reports, some bugs were in font libraries, and others were used to escape the sandbox in Chrome, and others were used to take control of the whole system, suggesting some of these bugs were part of a chain of vulnerabilities used to exploit victim’s devices.
So far, very little information has come out about who may have been using the exploits and who they were targeting. Often, bugs in modern software are found and are ethically disclosed by security researchers, which means that they are fixed before they are widely exploited to hack people. In this case, however, we know that the bugs were being used for hacking operations.
Last year, Google found a series of zero-days—vulnerabilities that at the time of discovery are unknown to the software maker—that spies were using to target the Uighur community. China has conducted a widespread, systemic campaign of physical and technical oppression and surveillance against the Muslim minority.
“This feels like spy shit.”
Unfortunately, this time we don’t know any details because Google—the only company that has the whole story behind these bugs—has not said much at all about how it found the bugs, who was using them, and whom they were being used against. Notably, an update pushed to iOS 12 (which is two years old) patched the issue on phones dating back to the iPhone 5s and iPhone 6. Often, when updates are pushed to such old devices it means the bug is particularly bad, but, again, we do not know the specifics at this time.
“The fact that they updated iPhone 6 users means it was bad,” said a cybersecurity expert who asked not to be named because he wasn’t allowed…
Google, Microsoft talk up security after Zoom firestorm – Computerworld
Google, Microsoft talk up security after Zoom firestorm Computerworld
“computer security news” – read more