5 Burst results for "Director Nakasone"

"director nakasone" Discussed on The CyberWire

The CyberWire

06:46 min | 2 months ago

"director nakasone" Discussed on The CyberWire

"As the us. Government and industry continued to untangle the effects of salora gate bloomberg reports speculation that russian intelligence services may have been especially interested in what they could glean from tech and cybersecurity security firms over the course of the solar wind supply chain compromise insight into defenses and cyber tools would have been particularly valuable. They're valuable as recorded futures allen liska told bloomberg because quote if you can compromise security infrastructure you essentially have the keys to the kingdom and can run around undetected and we're dealing with an advanced adversary who's looking for this kind of access in quote for cybersecurity companies have reported attacks fireeye mind cast qualities and fidelis. The threat actor is being tracked for now as unc to four fifty two. It and cyber firms didn't however comprise the entire list of private-sector targets info security magazine notes that the sunburst vulnerability has been determined to affect a number of manufacturing companies kaspersky cert- found that targeting broke down as follows thirty two point. Four percent of all victims were industrial organizations with manufacturing eighteen. Point one of all victims by far the most affected this was followed by utilities at three point. Two percent construction three percent and transportation and logistics just under three percent and oil and gas one point three percent computing says that while most of these targets may well have been collateral damage from a supply chain attack whose primary interest lay elsewhere and that are no particular signs of a secondary attack against them. Kaspersky researchers didn't rule out the possibility that such attacks might be staged in any case. The industrial concerns affected by the supply chain compromise. Our international the countries affected according to computing are in addition to the obvious united states. Benin canada chile djibouti indonesia. Iran malaysia mexico the netherlands the philippines portugal russia saudi arabia taiwan and uganda the global spread is reminiscent of what was observed in an earlier supply. Chain campaign knock pecchia. The probable primary target was ukraine. But the malware was felt around the world so laura gate has provoked congressional interest an earlier incident a twenty fifteen breach of juniper networks servers in which the attackers made small changes to code for the dual dr bg encryption algorithm nist had promulgated the nsa developed algorithm as a standard for encryption in two thousand six bloomberg law reports that two senators and eight representatives have signed a letter asking nsa director nakasone to explain whether an essay years before general nakasone's watch at effectively back doored the encryption in ways that enabled a hostile intelligence service to compromise. The software supply chain the cyberspace. Alarium commission has produced a transition book for the new administration. They recommend three steps for immediate action. I established the office of the national. Cyber director. second develop promulgate a national cyber strategy and third improve the coherence and act of existing government cybersecurity efforts and further strengthen partnerships with the private sector. The document also outlines several priorities for the administration to take under advisement uk research innovation known by its acronym ukraine and arm of her majesty's government. That concerns itself with investing in british science and research has disclosed that its presently coping with ransomware incident. Ukraine is being tight lipped about the incident which it says it's referred to the national crime agency. The national cyber security center and information commissioner's office. But it's known to have affected too services. The uk research offices information service portal for subscribers was hit as was an extra net ukraine councils us for peer review proposals. Both services have been suspended. Ukraine is funded by the department for business energy and industrial strategy with the budget of more than six billion pounds. According to bleeping computer the organization says it has no evidence the compromised data was stolen before being encrypted and hasn't detailed what the nature of that data was. The incident remains under investigation and finally. It's been a rough start to the week for smart people over in the uk. British mensa fee national branch of the organization that describes itself as the high q. Society has said that there has been a of events which appear to be designed to discredit mensa's systems. Representative of the group told the financial times as a result. We have handed details of these events to the information commissioner's office with a view to pursuing a criminal investigation. How did they get in apparently says forbes. They had one of the society directors credentials. The society's webpage has been shut down with a charmingly retro drawing of a thundercloud overtopping. What may be a bow house office building alongside the legend site under maintenance. The british men site website is currently undergoing maintenance. We apologize for any inconvenience. The whole thing looks circa nineteen ninety eight. We'd say not. Quite a guy with a shovel and a tagline under construction. But you get the picture. British men says former technology officer. Eugene hopkinson resigned last week in an apparent protest of the groups allegedly lax security practices in particular mr hopkinson objected to the group's failure to salt and hash members passwords and that had held a great deal of sensitive data about its eighteen thousand members including email addresses passwords home addresses instant messaging conversations and it goes without saying paycard details. Oh ended also holds. The i q scores of not only members but wait for it failed applicants as well. So whether you're in the top two percent with say a one hundred seventy.

Eugene hopkinson Two percent Four percent three percent uganda Iran Kaspersky eighteen thousand members portugal malaysia last week indonesia chile more than six billion pounds eight representatives one hundred seventy mexico taiwan russia two senators
"director nakasone" Discussed on The CyberWire

The CyberWire

04:24 min | 1 year ago

"director nakasone" Discussed on The CyberWire

"Is going to have a mobile phone. They're going to walk into the factory with the mobile phone. And unless they're dumping them off at the door and Verde gating caging place. They're walking in there with electronic device. That is a potential attack point. So they're going to have to find ways to start extending it and I think it will become a business or an enterprise Piece almost like a benefit. Like Kinda like insurance you know. We're we're giving you insurance to help you with your health. We're giving you dental insurance and vision insurance and we're going to give you digital security. We're GONNA SOMETHING. There'll be a way of form of doing that. We see that companies like Z. Scaler that that do the always on. Tak- with wherever you go but I think it will go beyond that it'll get to a point where there's a balance is different profile because everybody has different identities. Everybody's got a work Dandy. They've got personal entity probably have two or three personally entities. I think we're going to start seeing these enterprises in an effort to protect themselves. Extend the protection to their individuals at all times. That's bill harm from secure off. Criminals continue to use corona virus stories as fish bait in a tax on businesses. The Wall Street Journal writes citing research by proof point sometimes the approach is straightforward fishing as it is in cases of a bogus email purporting to originate with the World Health Organization. At other times it can involve business email compromise as in cases that show phony invoices for large purchases of face masks from medical supply companies. It's an international problem for observed in Japan. According to Reuters even Russian President Putin is taking note and blaming foreign rumor mongers and similar assorted no good knicks. Russia's Internet Authority Russ comments or has been blocking bogus stories on E. Kentucky and facebook the Super Tuesday primaries in the US went off without hacking or evidence of effective disinformation and Bloomberg reports that NSA Director Nakasone told Congress yesterday that superior preparation on the defenders part made the difference. He compared this week smooth defensive performance to what he saw in two thousand eighteen. The two thousand eighteen midterm elections didn't go off badly but in comparison to this week's operation the twenty eighteen security measures were general. Nakasone said like a pickup game out. In the Golden State Los Angeles County did stumble badly with its new voting machines. Long delays induced by malfunctioning machines produced. What the Los Angeles Times called in ugly debut for the county's new three hundred million dollar voting system and quote voters are reported to have been standing around the polling places for two hours or more while poll workers tried to get the machines running or else get back ballot into the voters hands other election. Authorities who have adopted similar devices are reviewing their plans. The problems in and around the city of angels were it should be noted the result of technical and organisational mishaps mistakes not the work of hackers or other meddlers executives from Nokia and Ericsson the European hardware manufacturers the US government has suggested would be attractive and more secure alternatives to China's waterway expressed their support this week for US laws. That would push the Chinese manufacturer out of Five G. Infrastructure The Washington Post reports while way executives also attended the hearings on their own but weren't invited to testify while always preferred solution. They say is transparency on everyone's part and the company's executives believe that a fair reading of everything they've done for security would set. Everyone's mind at ease and speaking of Alway- Reuters reports that yesterday in attorney for the company entered a plea of not guilty to racketeering charges at an arraignment in a US District Court in Brooklyn New York. The company also said they might have to ask for delays in the proceedings as the corona viruses. Making it difficult for their legal staff to travel the racketeering charges are directly related to the company's alleged theft of intellectual property from US firms..

Director Nakasone US Los Angeles County racketeering Los Angeles Times US District Court Reuters Alway- Reuters Washington Post US government President Putin World Health Organization knicks Russia facebook Japan Congress Nokia
"director nakasone" Discussed on The CyberWire

The CyberWire

02:08 min | 1 year ago

"director nakasone" Discussed on The CyberWire

"Buggy Open Source Code finding its way into larger projects a study of code snippets available in stack overflow confer arms that quality control is a small but real problem but apparently developers tend to think the propagation of such vulnerabilities is an acceptable cost when wants to against the benefits of fast coding and project completion and finally China is enjoying some public success suppressing expressions of C port for Hong Kong protesters in Western corporate circles apple has removed police tracking APP used by protesters courts reports and by in group of US senators and representatives thinks that the NBA has joined team Beijing Cyber Scoop says say director Nakasone yesterday accused China of weaponize information with respect to the Hong Kong protests and it certainly seems to be the case that the Chinese government is succeeding in getting some of its trading partners to carry water for them those who think information operations are necessarily subtle or deniable we'll find a clear counter example in the pressure currently being exerted in Beijing and now a word from our sponsor observe it the greatest threat to businesses today isn't the outsider trying to get in it's the people you trust the ones who already have the keys your employees contractors and privileged users sixty percent of online attacks are carried out by insiders the stop these insider threats you need to see what users are doing before an incident occurs observant enabled purity teams to detect risky user activity investigate incidents in minutes and effectively respond with observe it you know the whole story get your free trial L. at observant dot com slash cyber wire that's observe the letter is the letter t dot com forward slash cyber wire and we thank you observe for sponsoring our show.

China apple NBA Nakasone Hong Kong Chinese government Beijing US director sixty percent
"director nakasone" Discussed on The CyberWire

The CyberWire

10:08 min | 1 year ago

"director nakasone" Discussed on The CyberWire

"Unin journalists to and while we'll follow that proper circumspection their identities are being fairly widely reported journalists one is said to have been in a row two aspects of the case are attracting comment I it's being compared to the case of reality winner also prosecuted for leaking classified material to journalists second it's drawing observations about the use of honey traps along standing technique and espionage but perhaps characterization that's unfair in this incident involving I'm working journalists still may be missed Benetton had it right love is a battlefield Europos 2019 Internet Organi this crime threat assessment is out its conclusions are unsurprising but worth mentioning ransomware remains the biggest criminal problem and organized crime continues to fraud e-commerce and financial organizations while ransomware attacks have decreased in volume they've increased in targeting and sophistication leading to Greater chill losses this is largely due to the fact that attackers are increasingly targeting organizations rather than individuals in addition to ransomware the report highlights Diaz attacks with extortion as a motive as gangs become more audacious send sophisticated Europol wants to enhance its ability to investigate crimes being the dark web and crypto currencies US NSA Director Nakasone said yesterday that the first priority of NASA's new cybersecurity direct it will be to shore up the defenses of the defense industrial base with particular attention paid to secure the companies in the IB from intellectual property theft talk reports we hope to learn more about that mission today after we hear from cybersecurity director and Neuberger the Department of Homeland Security cybersecurity and infrastructure security agency is also interested in securing businesses and it's pursuing some expensive authorities to do so CISA is interested in obtaining power to issue subpoenas that would enable it to inspect networks and systems that may have been compromised or that may have been subjected to cyber attack the puzzle just revealed is already drawing Controversy Ping identity recently published research from their Cisco Advisory Council titled Securing Customer Identity Data Rob Wreck is chief information security officer at Ping identity. Interestingly enough I started off there was two different surveys that we we reference in the paper that give to really interesting data points number one they say that seventy three percent of consumers say that good experience is key you too to brand loyalty to stick with your experiences bad number two seventy percent of consumers so seventy-three versus seventy seventy percent say that they'd be more likely to be I from retailers when they assure them that the data is secure those two things till you gotta have a good experience and you WanNa make the secure initially you might ask you might expect that those things are going have really different outcomes right good experience versus security we don't necessarily think that that's going to be the case in all all all the time though so as we talked to these different companies and interestingly if you look at the paper we have four different companies that we tell a little bit of their story so Blue Cross Blue Shield Tennessee American Red Cross allegiant Air power school and what's interesting when they talk about customers it doesn't necessarily mean the same thing you know everyone I think when you think of online customers you're probably thinking about like a Taylor someone who sells knickknacks but for for a healthcare organization that's different for a volunteer American Red Cross it's it's going to be your volunteers or customers or maybe it's it's volunteers also the people who you're helping here at an airline people who are traveling power school it's it's teachers and students and these have really different use cases the thing that Kinda ties them all together for for us as what we realized during this process is the use cases are different but all of them are where the value you for your organization resides this is this is what your organization exists to do to serve these customers and we were so excited to see that this is away from the sea so that the oh can go from that back office support functionality to the frontlines of offering the highest value stuff it's kind of a strategy right to say well we're GONNA do authentication we're not gonna just do the the highest level of authentication for everything where we may do biometrics and make you give us a blood sample but we want to say you know if you're you know talk about medical right if someone requesting highly sensitive medical information we probably do need a high level of assurance that might include multi factor authentication but if what they're looking for he's like a listing of medical providers in their area we could probably have a lower level of requirement there right yeah I mean it's an interesting thing is I think about my own experience I think I I think in a way we're we're conditioned to have so many of these online interactions be in some way frustrating or come up short right to that when that doesn't happen when we have something happened seamlessly without any speed bumps you walk away with the feeling of delight like wow that was that worked at the fact that you just said that I love that you said that because this is a place where security teams who were so often the bad guy in the back corner have a chance now to actually go impact your business in a positive way right let's let's go into the imagine being the C so who walks into the CEO's office or or the CEO's office and says hey I got wait we can delight our customers and we can also make it more secure along the way that's a that's a really powerful conversation that can get us to see the table we might not otherwise have had and so what is the change here what's different in the way that you're recommending approaching these sort of security elements that you can L. It in that way well so so really what the change we actually have five steps to kind of starting your program here and it starts off like any other thing is really knowing your current state is or they don't know they are the ones who own it they discovered really security has to step in and say I want to understand the current state a step one and it might sound simple but it's not as easy is it sounds step two is really assigning ownership for that data I guarantee right now in an organization that has already gone through this maturation process there's different tools of data that are stored there owned by different groups whether that's marketing it your web development team maybe product those different groups different purposes for it and you really want to assign a central ownership to this data so you can actually apply some standards to it and actually do things in a consistent manner once you have that central ownership go to step three which is let's simplify right let's not have this data in twelve different places makes it a whole lot easier for bad guys to to get some it's accidentally not secured let's find central place to put it and whoever owns it there's not a right or wrong answer here marketing can own it product-development connote security or it on it but it should be at one place and they should understand what data they have their this is of course critical to complying with things like GDP are and see CPA as they're coming down the pipe uh-huh and then once you have a central owner you have a central place to store it and then you want to define your process for the future how do we avoid this issue where we're in order for the business to go fast they create brand new kind of one off solutions that are building a new tech debt so the process has to include all the right stakeholders don't forget what about the fact that sales wants to go fast marketing a new product development the CEO's going to have a stake in saying let's do a new fast thing let's create a process that enables the speed you want but that could be flexible within that central repository that you have so everything's there and everything's manageable right and then the last element now we have a process and then we say okay well how do we get smarter with as we're securing individuals out here smarter around the authentication we already talked about we're applying multi factor to those the risk transactions not to everything else and smarter to identifying what does risky behavior look like in our organization medical place it might look like someone submitting from and learning that you can put on top of that identify the high value fraud or high value inappropriate activity that you could see on that customer data that's wreck from Ping identity where discussing their Cisco Advisory Councils new research on securing customer identity some of the concerns about the supply chain centers on fears of the sort of attack Airbus and some of its subcontractors recently sustained but there are other concerns too about the software supply chain especially the prospect of.

director Department of Homeland Securit chief information security off US Benetton NASA Ping Cisco Advisory Council fraud extortion Nakasone Rob Wreck Europol Diaz NSA Neuberger theft seventy seventy percent seventy three percent two seventy percent
"director nakasone" Discussed on The CyberWire

The CyberWire

01:55 min | 1 year ago

"director nakasone" Discussed on The CyberWire

"A US defense intelligence agency analysts has been charged with leaking National Defense Information Europol uses its two thousand Nineteen Internet Organized Crime Threat Assessment an essay director Nakasone says the agency's Cybersecurity Directorate will I focus on protecting the defense industry it's time to take a moment to tell you about our sponsor recorded future haters and warnings but it's nearly impossible to collect them by eyeballing the Internet yourself no matter how many analysts you might have on staff and we're betting that however many you have you haven't got enough recorded future does the hard work for you by automatically collecting in organizing the entire web by densify new caters sign up for the cyber daily email to get the top trending technical.

National Defense Information E director Nakasone Cybersecurity Directorate US