A war by any other name…
US and UK issue rare joint guidance in response to Russian GRU brute force campaign
CISOs should leverage this guidance to help get the resources they need to make these and other cyberattacks too costly for nation-state threat actors and criminals.
The United States and the United Kingdom cyber and law enforcement entities (NSA, FBI, CISA and NCSC) have joined forces to protect enterprises in their respective nations and the globe, with the July 1 issuance of defensive guidance regarding Russian the intelligence service’s targeting and attack methodologies. While bilateral sharing of information between the US and UK intelligence services occurs daily, the public sharing of their joint perspective and guidance is especially noteworthy and should be taken on board by every CISO, regardless of company size.
The report, Russian GRU Global Brute Force Campaign, notes since at least mid-2019 through early 2021, the Russian GRU’s (military intelligence) Unit 26165 has used a “Kubernetes cluster to conduct widespread, distributed, and anonymized brute force access attempts against hundreds of government and private sector targets worldwide.” The cybersecurity world has previously identified the efforts of Unit 26165 with the monikers Fancy Bear, APT28, and Strontium.
… The report detailed how the targeting efforts of Unit 26165, while global, have focused primarily on the United States and Europe and included the energy, logistics, academia, research, media, legal, defense, and government sectors. They also targeted political parties, organizations, and consultants.
Apparently it is hard to find people willing to work for the government?
https://therecord.media/dhs-adds-hundreds-of-new-cyber-professionals-to-its-ranks/
DHS adds hundreds of new cyber professionals to its ranks
The US Department of Homeland Security on Thursday announced that it is onboarding nearly 300 cybersecurity professionals and has extended job offers to 500 others in what it refers to as “the most successful cybersecurity hiring initiative in DHS history.”
… The announcement is significant, but is also a sign of things to come:
DHS has more than 2,000 cybersecurity vacancies across various agencies.
Security tool.
https://www.bespacific.com/google-releases-new-open-source-security-software-program-scorecards/
Google releases new open-source security software program: Scorecards
ZDNet – “Some naive people may still think they’re not using open-source software. They’re wrong. Everyone does. According to the Synopsys Cybersecurity Research Center (CyRC) 2021 “Open Source Security and Risk Analysis” (OSSRA) report, 95% of all commercial programs contain open-source software. By CyRC’s count, the vast majority of that code contains outdated or insecure code. But how can you tell which libraries and other components are safe without doing a deep code dive? Google and the Open Source Security Foundation (OSSF) have a quick and easy answer: The OpenSSF Security Scorecards. These Scorecards are based on a set of automated pass/fail checks to provide a quick review of many open-source software projects. The Scorecards project is an automated security tool that produces a “risk score” for open-source programs…”
Another book I’ll have to read when it becomes available…
A thought-provoking reflection on how AI will change conflict
Algorithms may make proficient soldiers but poor generals
I, Warbot. By Kenneth Payne. Oxford University Press; 336 pages; $29.95. Hurst; £20
The un’s Panel of Experts on Libya rarely grabs the headlines. But its valedictory report in March caused a furore. It noted that in a battle around Tripoli last year, Libya’s government had “hunted down and remotely engaged” the enemy with drones—and not just any drones. The Kargu-2 was programmed to attack “without requiring data connectivity between the operator and the munition”. The implication was that it could pick its own targets.
Was this information ever secure?
Intuit to Share Payroll Data from 1.4M Small Businesses With Equifax
Financial services giant Intuit this week informed 1.4 million small businesses using its QuickBooks Online Payroll and Intuit Online Payroll products that their payroll information will be shared with big-three consumer credit bureau Equifax starting later this year unless customers opt out by the end of this month.
Intuit says the change is tied to an “exciting” and “free” new service that will let millions of small business employees get easy access to employment and income verification services when they wish to apply for a loan or line of credit.
Unlikely to fly here? Do we have a hierarchy of rights and laws?
Dutch Supreme Court rules Ziggo does not have to hand over details of ‘illegal downloaders’
DutchNews.nl reports:
Internet company Ziggo does not have to hand over the details of people who ‘illegally downloaded’ a film, according to a Supreme Court ruling.
Distributor Dutch Filmworks (DFW) had taken the matter to the Netherlands’ highest court after appeal court judges confirmed in 2019 that client privacy trumps alleged piracy.
Read more at DutchNews.nl.
Can we connect this directly to Predator drones to take them out?
https://www.cnn.com/2021/07/01/tech/facebook-extremist-notification/
Facebook tests prompts that ask users if they're worried a friend is 'becoming an extremist'
Some Facebook users in the United States are being served a prompt that asks if they are worried that someone they know might be becoming an extremist. Others are being notified that they may have been exposed to extremist content.
“We want to get them so bad we’re willing to define new sins they have probably already committed.”
Federal Trade Commission expands antitrust powers in Chair Lina Khan’s first open proceeding
In an open meeting on Thursday, the Federal Trade Commission passed a pair of pivotal measures expanding its power to regulate anti-competitive business practices, setting the stage for a more aggressive enforcement approach from the embattled agency.
… The meeting paved the way for an aggressive antitrust approach from the agency, with three separate measures expanding the commission’s power to prosecute anti-competitive business practices.
… “A clear majority of the Supreme Court has expressed their intention to revive the non-delegation doctrine, which holds that only Congress may make laws,” said the pro-business think tank TechFreedom in a statement in advance of the vote. “The FTC might well wind up as the first test case for that long-dormant doctrine if it departs from the clear principles developed by the courts under antitrust law.”
Something to fiddle with in your spare time.
https://www.makeuseof.com/tag/learn-interior-design-8-free-online-courses/
The Best Free Online Interior Design Courses You Can Take
No comments:
Post a Comment