Tag Archive for: Weaknesses

Assessing and Addressing Your Organization’s Cyber Defense Weaknesses — Redmondmag.com

/in


Hacking the Hacker: Assessing and Addressing Your Organization’s Cyber Defense Weaknesses

Date: Thursday, October 06 at 11am PT / 2pm ET

Cybercriminals are out there, watching and waiting for the perfect opportunity. They are gathering information about your organization and users, devising the perfect plan to infiltrate your defenses.

But with a strategic approach to cyber defense you can hack the hacker before they strike! In this session, we’ll share insights into their strategies and their motivations. You’ll learn how to use that understanding, along with simple strategies to make your organization a hard target.

Join Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4, for this new webinar as he exposes the mind of a hacker to help you see your cyber risks from the outside in.

In this session you’ll learn:

  • How hackers collect “private” details about your organization and your users
  • The most common root causes that lead to damaging cyber attacks
  • Common mistakes made when designing cyber defenses and how to fix them
  • Data-driven strategies for mitigating your biggest weaknesses
  • Why a strong human firewall is your best, last line of defense

Get the details you need to know now to outsmart cybercriminals before you become their next victim.

Register now!

About the presenter:

Roger A. Grimes, Data-Driven Defense Evangelist at KnowBe4

Roger Grimes is a 30-year computer security consultant, instructor, holder of dozens of computer certifications and an award-winning author of 13 books and over 1,000 magazine articles on computer security. He now serves as the Data-Driven Defense Evangelist for KnowBe4. He has worked at some of the world’s largest computer security companies, including Foundstone, McAfee and Microsoft. Grimes holds a bachelor’s degree from Old Dominion University. He was the weekly security columnist for InfoWorld and CSO magazines from 2005-2019.

Date: 10/06/2022

Time: 11:00am PT


Source…

US Internet Agency discovers weaknesses in voting machines

/in


(MENAFN) According to a national cyber watchdog, electronic voting machines used in at least 16 states have security issues that hackers may exploit, rising additional doubts about the software following claims of rampant fraud and manipulation in the 2020 presidential election.

The Associated Press got a study from the United States Cybersecurity and Infrastructure Agency (CISA) on Tuesday that revealed nine severe flaws in Dominion Voting Systems equipment, indicating they might be vulnerable to hacking if not rectified.

The agency’s executive director, Brandon Wales, informed the Associated Press that CISA had no proof that the security weaknesses had ever been utilized to sway election outcomes, “states’ standard election security procedures would detect exploitation of these vulnerabilities and in many cases would prevent attempts entirely.”

MENAFN02062022000045014146ID1104312186


Legal Disclaimer: MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.

Source…

Good guy hackers: St. Paul company uncovers companies’ cybersecurity weaknesses

/in


Their mission this night: uncover cyber and infrastructure security weaknesses at Intereum, an office furniture supply company. 

“We worked with this organization to do what we called penetration tests,” said Matt Quinn, Intereum’s vice president of integrated solutions. “They worked on trying to get through the perimeter, through the physical parts of the building … we also had them take some steps around cybersecurity, vulnerabilities.”

“Show you, yep, we were able to get through this door, we were able to bypass this censor,” Halbach said. “And at the end of the day we plugged into your network and took it over.” 

The idea is to beat cyberthieves at their own game before an actual ransomware attack or other threat. 

“Try to look at any available computers that they could get through,” Quinn explains. “Try to get on to our network, once they got into the building, as well as continue just to snoop around where our servers are, just to see if they could get access to our network.”

The team is made up of two parts: One company, RedTeam Security, zeros in on computer systems. Their partner, FoxPoint Security, accesses the building itself. 

“The more integration we have with our networks to our physical locations, the more ways there are to compromise it,” said Bryan Carver, a FoxPoint spokesperson. “If a building per se has a security network that locks the doors, or unlocks the doors, people, property, or operations could be held hostage.” 

“Because if you have the most secure computer network in all the world, but your door’s unlocked and anyone can walk in and steal your laptops, that’s a pretty big issue,” Halbach added. 

Within minutes, both teams are inside — although they’ve triggered an alarm system. 

They quickly locate Intereum’s servers. Equipped with USB drives loaded with a custom code to remotely control the company’s computers, RedTeam finds an unlocked laptop that allows them access. 

“We actually had an employee transition at the time, and that computer was left open and available that evening,” Quinn said. “And, of course, they got access to it, and that, of course, would be a…

Source…

Russian hack of US agencies exposed supply chain weaknesses – CBS17.com

/in


WASHINGTON (AP) — The elite Russian hackers who gained access to computer systems of federal agencies last year didn’t bother trying to break one by one into the networks of each department.

Instead, they got inside by sneaking malicious code into a software update pushed out to thousands of government agencies and private companies.

It wasn’t surprising that hackers were able to exploit vulnerabilities in what’s known as the supply chain to launch a massive intelligence gathering operation. U.S. officials and cybersecurity experts have sounded the alarm for years about a problem that has caused havoc, including billions of dollars in financial losses, but has defied easy solutions from the government and private sector.

“We’re going to have to wrap our arms around the supply-chain threat and find the solution, not only for us here in America as the leading economy in the world, but for the planet,” William Evanina, who resigned last week as the U.S. government’s chief counterintelligence official, said in an interview. “We’re going to have to find a way to make sure that we in the future can have a zero-risk posture, and trust our suppliers.”

In general terms, a supply chain refers to the network of people and companies involved in the development of a particular product, not dissimilar to a home construction project that relies on a contractor and a web of subcontractors. The sheer number of steps in that process, from design to manufacture to distribution, and the different entities involved give a hacker looking to infiltrate businesses, agencies and infrastructure numerous points of entry.

This can mean no single company or executive bears sole responsibility for protecting an entire industry supply chain. And even if most vendors in the chain are secure, a single point of vulnerability can be all that foreign government hackers need. In practical terms, homeowners who construct a fortress-like mansion can nonetheless find themselves victimized by an alarm system that was compromised before it was installed.

The most recent case targeting federal agencies involved Russian government hackers who are believed to have sneaked malicious code…

Source…