The DHS's Transportation Security Administration (TSA) has unveiled a new security directive forcing owners and operators of important pipelines to put more stringent cybersecurity protections in place. This is the organization's second security directive and it applies to all TSA-designated critical pipelines that transport hazardous liquids and natural gas. The move comes two months after cyber attackers were able to cripple Colonial Pipeline for about a week, leaving millions along the East Coast of the US scrambling for gas. Colonial had repeatedly postponed a cybersecurity review by the TSA before they were attacked by a ransomware group in May. They ended up paying close to $5 million to the DarkSide ransomware group in order to decrypt their systems. Secretary of Homeland Security Alejandro Mayorkas said the latest security directive would help DHS ensure that "the pipeline sector takes the steps necessary to safeguard their operations from rising cyber threats … [Read more...] about DHS releases new mandatory cybersecurity rules for pipelines after Colonial ransomware attack
Cybersecurity
Cybersecurity company warns of American Rescue Plan Act scams as first IRS child tax credit payments released
Cybercriminals are taking advantage of the latest round of IRS payments being sent out to families across the US by launching dozens of credential harvesting sites masquerading as American Rescue Plan Act signup sites, according to a new report from DomainTools . Last week, the IRS began sending out the first round of child tax credit payments that were part of the larger American Rescue Plan Act passed earlier this year. The payments will be sent automatically by the IRS and require no sign-up. But cybercriminals have created a maze of associated websites all aiming to trick people into entering their personal information by pretending to be associated with the child tax credit payments, DomainTools' Chad Anderson explained. Anderson said that by analyzing historical WHOIS information and OSINT techniques, the cybersecurity company was able to tie this specific credential harvesting scam to GoldenWaves Innovations, a web development firm based in Nigeria. ZDNet called and … [Read more...] about Cybersecurity company warns of American Rescue Plan Act scams as first IRS child tax credit payments released
DHS releases new cybersecurity guidelines for pipelines after Colonial attack
The Department of Homeland Security's Transportation Security Administration released new cybersecurity guidelines for pipeline owners and operators following the ransomware attack on the Colonial Pipeline that left thousands of people in the US scrambling for gas for about a week. Colonial has faced backlash in recent weeks for how they responded to the attack and for admitting they paid the attackers almost $5 million for tools to restore their systems. The tools they got in return did not help, and the federal government had to step in to help the company get back online as gas prices on the East Coast spiked. The new DHS directive, which was first reported by The Washington Post earlier this week, forces pipeline owners to report any cybersecurity incidents to the Cybersecurity and Infrastructure Security Agency and requires all pipelines to have a Cybersecurity Coordinator who can be on call 24/7. All pipeline operators will also have to send CISA and TSA a report … [Read more...] about DHS releases new cybersecurity guidelines for pipelines after Colonial attack
Biden administration wants to massively boost cybersecurity spending following attacks
The White House has shared details on how it wants to spend billions of dollars on strengthening its cybersecurity initiatives in the wake of the recent Colonial Pipeline ransomware attack. The major US fuel pipeline was knocked offline, reportedly by the DarkSide ransomware group, leading to a brief fuel crisis in some parts of the country. The event was the third major US cyberattack in recent months, following the SolarWinds supply chain and the Microsoft Exchange email server attacks, and led to US President Joe Biden signing an executive order that listed various measures to prevent possible future cyber catastrophes. These are the best endpoint protection tools Check our list of the best firewall apps and services Here's our choice of the best malware removal software on the market In a statement , the Biden administration now looks to further capitalize on the move by highlighting the supposed cybersecurity elements … [Read more...] about Biden administration wants to massively boost cybersecurity spending following attacks
Cybersecurity: The number of files exposed on misconfigured servers, storage and cloud services has risen to 2.3 billion
How focusing on data security can help your business Watch Now Over 2.3 billion files -- including sensitive data like payroll information, credit card details, medical data and patents for intellectual property -- are exposed publicly online, putting both people and organisations at risk of data theft, cybercrime, espionage and other malicious activities. Analysis by researchers at cybersecurity company Digital Shadows found the highly sensitive information stored alongside other data in publicly exposed or misconfigured online storage and cloud services, including SMB file shares, rsync servers, and Amazon S3 buckets. The 2.3 billion figure marks a 750 million increase in data exposure compared with Digital Shadows' Photon research team's previous analysis of the issue early last year which found 1.5 billion files exposed . This represents a 50 percent increase in files which are at risk of being exploited because of poorly configured storage. The Too … [Read more...] about Cybersecurity: The number of files exposed on misconfigured servers, storage and cloud services has risen to 2.3 billion
ANAO: Auditing not driving improvements in Commonwealth cybersecurity adherence
The Australian National Audit Office (ANAO) has said it considered continued transparency through reporting to Parliament where cybersecurity risk is concerned to be a positive, but it remained concerned that this may not be enough to drive improvement. In documentation [PDF] prepared for the Joint Committee of Public Accounts and Audit (JCPAA), ANAO said it was clear that auditing and reporting alone has not driven improvement in compliance with the government's cybersecurity policy. "Non-corporate Commonwealth entities have not been held to account for not meeting the mandatory cybersecurity requirements under PSPF Policy 10," it wrote, in reference to the Protective Security Policy Framework (PSPF) Policy 10, which is centred on safeguarding information from cyber threats. "The current framework to support responsible ministers in holding entities accountable within government is not sufficient to drive improvements in the implementation of mandatory requirements." The … [Read more...] about ANAO: Auditing not driving improvements in Commonwealth cybersecurity adherence
White House says critical infrastructure firms must shape up on cybersecurity
Energy providers and other critical infrastructure companies in the US must do more to improve their cyber defenses as additional regulations could be just around the corner according to the White House . US President Joe Biden has also signed a national security memorandum dedicated to improving cybersecurity for critical infrastructure control systems and the US government provided further details on the importance of doing so in a press release , saying: We've put together a list of the best endpoint protection software Keep your devices virus free with the best malware removal software Also check out our roundup of the best firewall “The cybersecurity threats posed to the systems that control and operate the critical infrastructure on which we all depend are among the most significant and growing issues confronting our Nation. The degradation, destruction, or malfunction of systems that control this infrastructure could cause significant harm to the … [Read more...] about White House says critical infrastructure firms must shape up on cybersecurity
One third of cybersecurity workers have faced harassment at work or online – this initiative aims to stamp it out
Cybersecurity has a harassment problem. This initiative aims to stop it Watch Now Around a third of cybersecurity professionals have personal experience of facing harassment and abuse either online or in person – and a new initiative is aiming to provide support to victims while also encouraging action to help stop bullying and abuse across the industry. Set up with the aim of taking stand against all forms of harassment in the cybersecurity industry, Respect In Security is encouraging organisations to formally pledge their commitment to creating a workplace and professional community free from harassment and fear. Research by Sapio Research on behalf of Respect In Security found 32 percent of 302 cybersecurity professionals surveyed have experienced harassment online via email, LinkedIn, Twitter or other social media platforms, while 35 percent have experienced it in person at industry events, the office or work socials. "As an industry we spend a lot of time … [Read more...] about One third of cybersecurity workers have faced harassment at work or online – this initiative aims to stamp it out
Biden orders CISA and NIST to develop cybersecurity performance goals for critical infrastructure
President Joe Biden signed a memorandum on Wednesday addressing cybersecurity for critical infrastructure, ordering CISA and NIST to create benchmarks for organizations managing critical infrastructure. The move builds on, and formalizes, an effort started in April around securing industrial control systems, which are now facing a barrage of attacks from both cybercriminals and state-backed entities. In a press briefing , a senior administration official explained that federal cybersecurity regulation in the US is sectoral, noting that the country has "a patchwork of sector-specific statutes that have been adopted piecemeal, typically in response to discrete security threats in particular sectors that gained public attention." The official added that there is no strategic, coordinated requirement for the cybersecurity of critical infrastructure. "To the extent, as I noted, there are mandatory cybersecurity requirements. They're either sector specific -- finance and … [Read more...] about Biden orders CISA and NIST to develop cybersecurity performance goals for critical infrastructure
NSO says it’s thanks to Pegasus that millions around the world sleep well at night
Amidst the raging controversy over its surveillance software Pegasus , Israeli cybersecurity company NSO Group has defended itself by saying that millions of people around the world sleep well at night and walk in the streets safely due to such technologies available with intelligence and law enforcement agencies. The company also stated that it does not operate the technology nor does it have access to the data collected by its clients. The alleged use of the Pegasus software to spy on journalists, human rights defenders, politicians and others in a number of countries, including India, has triggered concerns over issues relating to privacy. Politicians, rights activists and journalists were among those targeted with phone spyware sold to various governments by the Israeli firm, according to an international media consortium. “Millions of people around the world are sleeping well at night, and safely walking in the streets, thanks to Pegasus and similar … [Read more...] about NSO says it’s thanks to Pegasus that millions around the world sleep well at night