Category Archives: Internet Security
U.S. officials scramble to stop major Internet firms from ditching FISA obligations – The Washington Post
U.S. government officials were scrambling Friday night to prevent what they fear could be a significant loss of access to critical national security information, after two major U.S. communications providers said they would stop complying with orders under a controversial surveillance law that is set to expire at midnight, according to five people familiar with the matter.
One communications provider informed the National Security Agency that it would stop complying on Monday with orders under Section 702 of the Foreign Intelligence Surveillance Act, which enables U.S. intelligence agencies to gather without a warrant the digital communications of foreigners overseas including when they text or email people inside the United States.
Another provider suggested that it would cease complying at midnight Friday unless the law is reauthorized, according to the people familiar with the matter, who spoke on the condition of anonymity to discuss sensitive negotiations.
The companies decisions, which were conveyed privately and have not previously been reported, have alarmed national security officials, who strongly disagree with their position and argue that the law requires the providers to continue complying with the governments surveillance orders even after the statute expires. Thats because a federal court this month granted the government a one-year extension to continue intelligence collection.
Section 702 requires the government to seek approval from the Foreign Intelligence Surveillance Court for the categories of intelligence it wants to collect. The court has issued certifications for collection involving international terrorism, weapons of mass destruction and foreign governments and related entities. Those certifications are good for one year and were renewed this month at the governments request.
U.S. officials have long argued that the law is a vital means of collecting the electronic communications on foreign government adversaries and terrorist groups. But its renewal has become an unusually divisive flash point, aligning conservative Republicans and liberal Democrats who are wary of granting the government broad surveillance authorities without new restrictions.
The people familiar with the efforts to keep the companies in compliance declined to name them, but they said their loss would deal a significant blow to U.S. intelligence collection.
Its super concerning, said one U.S. official of the potential loss of intelligence. You cant just flip a switch and turn it back on again.
U.S. officials began to hear Friday afternoon that the providers were planning to stop compliance unless Section 702 was reauthorized.
Senators are attempting to come to an eleventh-hour agreement on amendments on the legislation Friday night to quickly reauthorize the measure and avoid any lapse. Last week, the House renewed Section 702, but only for two years and only after privacy hawks failed to pass an amendment that would have required U.S. intelligence agencies to obtain a warrant to review Americans communications collected under the program. That bid failed in a dramatic 212-212 tie vote.
The House approval came despite former president Donald Trumps entreaty on social media to KILL the bill.
First passed in 2008 and reauthorized several times since then, the law enables the NSA to collect without a warrant from U.S. tech companies and communications providers the online traffic of non-Americans located overseas for foreign intelligence purposes. Communications to or from foreign targets deemed relevant to FBI national security investigations about 3 percent of the targets, according to the government are shared with the bureau. But the law is controversial because some of those communications may involve exchanges with Americans, which the FBI may view without a warrant.
The House bill represents the biggest expansion of surveillance in 15 years since Section 702 was originally created, and a shameful Congress would be expanding surveillance at a time when reforms are needed, said Jake Laperruque, deputy director of the Center for Democracy and Technologys Security and Surveillance Project.
U.S. security officials, for their part, for years have extolled the benefits of the law, with White House officials saying that the intelligence collected accounts for more than 60 percent of the presidents daily briefing. FBI Director Christopher A. Wray recently disclosed that it helped the bureau discover that Chinese hackers had breached the network of a U.S. transportation hub, and that it had helped thwart a terrorist plot last year in the United States involving a potential attack on a critical infrastructure site.
Failure to reauthorize 702 or gutting it with some kind of new warrant requirement would be dangerous and put American lives at risk, Wray told Congress this month.
Cyber attack takes Frontier Communications systems offline, affecting millions of broadband customers – ITPro
US telecom provider Frontier Communications was forced to shut down a number of its internal systems after detecting an unauthorized third party in its IT environment, shuttering internet access for millions.
Frontier Communications said it first detected the unauthorized access on 14 April 2024, before reporting the incident to the SEC on 15 April. The company said it had taken its systems down as part of its incident response protocols in an effort to contain the breach.
Frontier reported it believes it has contained the incident, with its core IT environment already restored, adding that it has also begun efforts to restore normal business operations, but this process is still ongoing.
Frontier serves customers in 25 US states, with 3 million broadband subscribers and a fiber optic network consisting of 5.2 million locations, as threat actors continue to target critical national infrastructure organizations to maximize the impact of their attacks.
Frontier says the third party, which it believes was likely a cyber crime group, was able to gain access to personally identifiable information (PII), among other information.
The telecom provider was unable to provide any further information on the specific types of sensitive information accessed by the attackers, or whether the PII pertained to customers or employees.
Some customers took to social media to voice their concern after being without internet for three days since Frontier took its systems down, reporting they cannot access technical support through Frontiers app, website chat, or their phone line.
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Frontier announced it was experiencing technical issues with its internal support systems and provided a phone number for those who require assistance.
This incident comes hot on the heels of a series of high-profile cyber incident affecting telecom companies.
A huge cache of AT&T customer data was published on the dark web on 30 March 2024, with the personal data of 73 million current and former customers being exposed.
In February 2024, Australian telecom company Tangerine disclosed a breach that exposed the personal data of 232,000 customers, after an eternal contractors compromised credentials were used to access a customer database.
As a result, internet providers are increasingly being classified alongside the healthcare, water, and energy sectors as critical national infrastructure (CNI), due to the number of critical services that rely on an internet connection.
In its 2023 annual review UKs National Cyber Security Centre included internet providers as part of the critical national infrastructure, defined as organizations which if compromised could cause large scale loss of life, a serious impact on the economy, and have other grave social consequences for the community.
The annual review also notes the cyber threats facing organizations today have changed, with a rise of state-aligned groups launching attacks against critical national infrastructure in rival states.
As such, telecommunications firms should be taking extra precautions to mitigate the potential threats of nation-state affiliated threat actors deploying sophisticated attacks to cripple essential services across the region.
See the rest here:
Cyber attack takes Frontier Communications systems offline, affecting millions of broadband customers - ITPro
Researchers create ‘quantum drums’ to store qubits one step closer to groundbreaking internet speed and security – Tom’s Hardware
A device called a quantum drum may serve as "a crucial piece in the very foundation for the Internet of the future with quantum speed and quantum security", says Mads Bjerregaard Kristensen, postdoc from the Niels Bohr Institute in a new research piece. The original research paper has an official briefing available for free on Phys.org, and can be found published in full in the Physical Review Letters journal for a subscription fee.
One key issue with quantum computing and sending quantum data ("qubits") over long distances is the difficulty of maintaining data in a fragile quantum state where losing data or "decohering" becomes a much higher risk. Using a quantum drum at steps along the chain can prevent this data decoherence from occurring, enabling longer and even potentially global communication distances.
The current record for sending qubits over a long distance is held by China and Russia, and is about 3,800 km with only encryption keys sent as quantum data. The standard wired qubit transmission range is roughly 1000 kilometers before loss of photons ruins the data. Quantum drums could potentially address this limitation.
How does a 'quantum drum' work? In a similar manner to how existing digital bits can be converted into just about anything (sound, video, etc.), qubits can be converted as well. However, qubits require a level of precision literally imperceivable to the human eye, so converting qubits without data loss is quite difficult. The quantum drum seems like a potential answer. Its ceramic glass-esque membrane was shown to be capable of maintaining quantum states as it vibrates with stored quantum information.
Another important purpose served by these quantum drums is security. Were we to start transferring information between quantum computers over the standard Internet, it would inherit the same insecurities as our existing standards. That's because it would need to be converted to standard bits and bytes, which could become essentially free to decode in the not-so-distant quantum future.
By finding a quantum storage medium that doesn't lose any data and allows information to be transferred over much longer distances, the vision of a worthwhile "Quantum Internet" begins to manifest as a real possibility, and not simply the optimism of quantum computing researchers.
Quantum computing research continues to be a major area of interest, often with highly technical discussions and details on the technology. A research paper on quantum drums and their potential of course doesn't mean that this technique will prove to be commercially viable. Still, every little step forward creates new opportunities for our seemingly inevitable quantum-powered future.
Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.
Read this article:
Researchers create 'quantum drums' to store qubits one step closer to groundbreaking internet speed and security - Tom's Hardware
Sullivan County uses NYSSOC to combat cybersecurity threats – Spectrum News
Cybersecurity threats are a worldwide issue.
New York state is working to combat this with its New York State Security Operations Center (NYSSOC).
Sullivan County is the first county to start utilizing the NYSSOC.
It allows the state to monitor for cyber threats with a goals of preventing them and improving responses to incidents.
The county, as well as the state, as well as the nation, are under attack constantly from foreign adversaries just looking to wreak havoc on the infrastructure and environment that we work in and with. So, it's important for us to know what's happening quickly, to be able to respond quickly, and to mitigate those risks as quickly as possible, said Commissioner of Information Technology Services and CIO for Sullivan County Lorne Green.
The NYSSOC facility is based in Brooklyn and is dedicated to detecting and responding to real-time threats 24/7.
Anything that they see that, you know, red flags, anything, even some minor occurrences that go through, they will alert us. And then, we can take action on those to either let them know that this is a low priority, high priority, medium, and then, whatever that comes through as, we can take action, said Deputy CIO for Sullivan County Dan Smith.
OfficialssaidSullivan County went live with NYSSOCin late March. It wasselected due to relationships with New York State Homeland Security and the States Center for Internet Security.
Officialscollected log data from security appliances and servers to feed to NYSSOCto get the project rolling.
They then parch that data and put it into their recording solution for analysis and further determination as to whether or not there are any incidents that need to be addressed, Green said.
One ofthemajor aspects of thiseffortis ensuring threats are being tracked even when local information technology services staff members are not there.
I can sleep a whole lot better at night, Green said.
Having the tools in place to make it easier for us to function and to allow people to do their jobs without as much worry, you know, of just regular things coming in and possibly taking us down, it's just it's very reassuring mindfully, Smith said.
Expertssaid the publicshould feel more confidenttheir information is beingprotected because of these changes.
We are attempting to stay on top of the cyber threats that exist and that we are taking appropriate action to mitigate when those occur to protect their data, Green said.
According to Green, Tompkins County will be the next to launch this, and 45 counties have shown interest in subscribing to NYSSOC.
View post:
Sullivan County uses NYSSOC to combat cybersecurity threats - Spectrum News
Wi-Fi Hacking Happens. Here Are 10 Expert-Recommended Tips to Prevent It – CNET
You'll get faster speeds using an Ethernet connection, but there's no denying the convenience of Wi-Fi. The technology makes it possible to connect numerous devices around your home, from laptops and phones to security cameras and streaming sticks, but it's not without its flaws. Aside from a little speed loss, the main concern with Wi-Fi is that it also makes it easier for others -- perhaps unwanted users and devices -- to connect to your network.
Consider the information on your Wi-Fi-connected devices and how accessible that information might be if someone gained access to your Wi-Fi network: credit cardnumbers, bank records, login credentials, live camera feeds.
A secure home network will help reduce the risk of getting hacked and having someone access your sensitive information. Not only that, it will keep away unwanted or unauthorized users and devices that would slow down your connection or freeload on the internet service you pay for.
It's fairly simple to create and maintain a secure home Wi-Fi network. Below, you'll find 10 tips for securing your network. Some are more effective than others at keeping hackers and freeloaders at bay, but all are useful in their own way.
Keep in mind that nothing can guarantee absolute security from hacking attempts, but these tips will make it harder for anyone to compromise your network and data. (For more Wi-Fi tips, check outhow to tell if your internet provider is throttling your Wi-Fiand ourtips on how to speed up your Wi-Fi connection).
Here are the basics for protecting your home Wi-Fi network. Keep reading for more information on each below.
1. Place your router in a central location.
2. Create a strong Wi-Fi password and change it often.
3. Change the default router login credentials.
4. Turn on firewall and Wi-Fi encryption.
5. Create a guest network.
6. Use a VPN.
7. Keep your router and devices up to date.
8. Disable remote router access.
9. Verify connected devices.
10. Upgrade to a WPA3 router.
Strong network security starts with a smart setup. If possible, place your router at the center of your home. Routers send wireless signals in all directions, so strategically placing your router in a central location will help keep your connection to the confines of your home. As a bonus, it will likely also make for the best connection quality.
For example, if you have internet in an apartment where neighbors are immediately to the left and right of you, placing your router next to a shared wall could send a strong, and tempting, signal their way. Even if you aren't in an apartment, a good router can cast signals next door or across the street. Placing your router in a central location will help reduce how far those signals travel outside your home.
This should go without saying, but I'm still going to cover it to emphasize its importance. Creating a unique password for your Wi-Fi network is essential to maintaining a secure connection. Avoid easily guessed passwords or phrases, such as someone's name, birthdays, phone numbers or other common information. While simple Wi-Fi passwords make them easy to remember, they also make it easy for others to figure them out. (Here's how to access your router settings to update your Wi-Fi password.)
Be sure to change your password every six months or so or whenever you think your network security may have been compromised.
Along the same lines of password-protecting your Wi-Fi network, you'll also want to keep anyone from being able to directly access your router settings.
To do so, go ahead and change your router's admin name and password. You can log in to your router settings by typing its IP address into the URL bar, but most routers and providers have an app that lets you access the same settings and information.
Your router login credentials are separate from your Wi-Fi network name and password. If you aren't sure what the default is, you should be able to find it on the bottom of the router. Or, if it's been changed from the default somewhere along the way, here's how to access your router settings to update the username and password.
Most routers have a firewall to prevent outside hacking and Wi-Fi encryption to keep anyone from eavesdropping on the data sent back and forth between your router and connected devices. Both are typically active by default, but you'll want to check to ensure they're on.
Now that you know how to log in to your router settings, check to make sure the firewall and Wi-Fi encryption are enabled. If they're off for whatever reason, turn them on. Your network security will thank you.
Before sharing access to your main home network, consider creating a separate guest network for visitors. I'm not suggesting your guests will attempt anything nefarious with your main Wi-Fi connection, but their devices or anything they download while connected to your network could be infected with malware or viruses that target your network without them knowing it.
A guest network is also ideal for your IoT devices, such as Wi-Fi cameras, thermostats and smart speakers -- devices that may not hold a lot of sensitive information and are perhaps more easily hackable than a smarter device such as a computer or phone.
There are a few reasons to use a good VPN, and network security is one of them. A virtual private network hides your IP address and Wi-Fi activity, including browsing data.
VPNs are probably more useful when connected to a public network, but they can still add a level of security and privacy to your home network. Some VPNs are better than others, but like anything, you often get what you pay for. Free VPN services are available, but paying a little extra (just a few bucks per month) will deliver a much better, more secure service.
While software updates can be annoying, they have a purpose, and it often includes security updates. When companies become aware of potential or exposed security vulnerabilities, they release updates and patches to minimize or eliminate the risk. You want to download those.
Keeping your router and connected devices current with the latest updates will help ensure you have the best protection against known malware and hacking attempts. Set your router to automatically update in the admin settings, if possible, and periodically check to make sure your router is up to date.
Remote router access allows anyone not directly connected to your Wi-Fi network to access the router settings. Unless you need to access your router while away from home (to check or change the configuration of a child's connected device, for example), there should be no reason to have remote access enabled.
You can disable remote access under the router's admin settings. Unlike other security measures, disabled remote router access may not be the default.
Frequently inspect the devices connected to your network and verify that you know what they are. If anything on there looks suspicious, disconnect it and change your Wi-Fi password. After changing your password, you'll have to reconnect all your previously connected devices, but any users or devices that are not authorized to use your network will get the boot.
Some devices, especially obscure IoT ones, may have odd default names of random numbers and letters you don't immediately recognize. If you encounter something like that when auditing your connected devices, disconnect them. Later on, when you can't start your robot vacuum cleaner from your phone, you'll know that's what it was.
WPA3 is the latest security protocol for routers. All new routers should be equipped with WPA3, so if you buy a new router, you should have nothing to worry about. However, many people rent their routers directly from the provider, which may not include the most up-to-date equipment.
If your router was made before 2018, you might have a WPA2 device, which lacks the same security protocols as newer WPA3 devices. A quick search of your device's model should tell you when it came out and any specific features, such as whether it has WPA2 or WPA3. If you've got a router with WPA2, call your provider and negotiate for a better, more recent router.
Again, even with the most recent and effective methods of protecting your home network, security will never be 100% certain. As long as there is the internet, hackers and cybercriminals will find ways to exploit it. But with the tips above, you can better keep your network secure from anyone trying to use your connection or access your data.
For more, check out how to find free Wi-Fi anywhere in the world and the ideal location for your router.
Link:
Wi-Fi Hacking Happens. Here Are 10 Expert-Recommended Tips to Prevent It - CNET
WatchGuard report reveals drastic surge in evasive malware – SecurityBrief New Zealand
The latest Internet Security Report from WatchGuard Technologies reveals a drastic growth in evasive malware, a resurgence of "living-off-the-land" attacks, escalating cyberattack commoditisation, and a continued decline in ransomware, amid potential thwarting attempts by international law enforcement targeting ransomware extortion groups.
WatchGuard Technologies, one of the global front-runners in cybersecurity, derived these findings from its unified analysis of top malware trends, as well as threats to network and endpoint security. Most prominently, the data underscores a considerable surge in evasive malware, contributing to a significant rise in total malware. It also highlights the security risk posed by threat actors who exploit on-premise email servers as primary targets.
Corey Nachreiner, Chief Security Officer at WatchGuard, commented, The latest research from the Threat Lab demonstrates that threat actors utilise diverse techniques while searching for vulnerabilities to exploit. This includes targeting older software and systems, stressing the urgency for organisations to adopt a defence-in-depth approach to counter such threats.
Nachreiner continued, Updating the systems and software that organisations depend on is a fundamental step in addressing these vulnerabilities. Furthermore, modern security platforms run by managed service providers can deliver the comprehensive, unified security that organisations require, enabling them to tackle the latest threats effectively."
The Q4 2023 Internet security report discovered that evasive, basic, and encrypted malware all saw a rise, causing an 80% increase in total malware compared to the previous quarter. TLS and zero-day malware instances also surged. Although both JS. Agent. USF and Trojan.GenericKD.67408266 entered the top five most widespread malware variants, both redirect users to malicious links and attempt to load DarkGate malware onto a victims computer.
Another significant finding is the resurgence of "living-off-the-land" techniques with script-based threats increasing by 77% from Q3. Exchange server attacks related to the ProxyLogon, ProxyShell, and ProxyNotShell exploits emerged as four of the top five most extensive network exploits, indicating the need to decrease the dependence on on-premises email servers for better security.
The ongoing trend of cyberattack commoditisation, especially towards "victim-as-a-service" offerings, saw Glupteba and GuLoader establish their presence as two of the most prolific variants during Q4. The former is particularly notorious due to its extensive global victim targeting and its multi-faceted malware-as-a-service (MaaS) capabilities.
In contrast, the report points to a 20% decrease in ransomware detections during the last three months of 2023. This decline suggests successful international law enforcement actions against ransomware extortion groups effectively disrupting their activities.
With data sourced from WatchGuard's active network and endpoint products, the report offers valuable insights into the latest cybersecurity threats and protection methods. This collaborative approach underscores WatchGuards commitment to a unified security platform and to its continuous efforts to combat the myriad of challenges in the ever-evolving threat landscape.
More here:
WatchGuard report reveals drastic surge in evasive malware - SecurityBrief New Zealand
Defending Our Schools: The State of Cybersecurity in K-12 – EdSurge
K-12 leaders tasked with preparing students for the future workforce are doing so amid ever-increasing cyber threats. The dynamic landscape of in-person, virtual and hybrid schooling has made schools vulnerable targets for cyber threat actors (CTAs). While many K-12 organizations struggle to obtain resources to strengthen cybersecurity, those that employ security best practices consistently report higher levels of cyber maturity.
Over the past 20 years, the Multi-State Information Sharing and Analysis Center (MS-ISAC) has been committed to its mission of fostering collaboration and information sharing across 16,000 U.S. State, Local, Tribal and Territorial (SLTT) government entities, with K-12 organizations representing the largest and fastest-growing segment. In pursuit of its mission, the Center for Internet Security, Inc. (CIS) and MS-ISAC collected data for the 20222023 school year through the Nationwide Cybersecurity Review (NCSR) and other first-hand sources, presenting findings in the CIS MS-ISAC Cybersecurity Assessment.
The rest is here:
Defending Our Schools: The State of Cybersecurity in K-12 - EdSurge
WatchGuard Report: 55% of Malware Attacks in Q4 2023 Were Encrypted, a 7% Rise from Q3 – The Fast Mode
WatchGuard Technologies on Wednesday announced the findings of its latest Internet Security Report, detailing the top malware trends and network and endpoint security threats analyzed by WatchGuard Threat Lab researchers. Key findings from the data show a dramatic surge in evasive malware that fueled a large increase of total malware, threat actors targeting on-premises email servers as prime targets to exploit, and ransomware detections continuing to decline, potentially as a result of law enforcements international takedown efforts of ransomware extortion groups.
Among the key findings, the latest Internet Security Report featuring data from Q4 2023 showed:
Consistent with WatchGuards Unified Security Platform approach and the WatchGuard Threat Labs previous quarterly research updates, the data analyzed in this quarterly report is based on anonymized, aggregated threat intelligence from active WatchGuard network and endpoint products whose owners have opted to share in direct support of WatchGuards research efforts.
For a more in-depth view of WatchGuards research, download the complete Q4 2023 Internet Security Report here: https://www.watchguard.com/wgrd-resource-center/security-report-q4-2023
Corey Nachreiner, chief security officer at WatchGuard
The Threat Labs latest research shows threat actors are employing various techniques as they look for vulnerabilities to target, including in older software and systems, which is why organizations must adopt a defense-in-depth approach to protect against such threats. Updating the systems and software on which organizations rely is a vital step toward addressing these vulnerabilities. Additionally, modern security platforms that are operated by managed service providers can deliver the comprehensive, unified security that organizations need and enable them to combat the latest threats.
See the rest here:
WatchGuard Report: 55% of Malware Attacks in Q4 2023 Were Encrypted, a 7% Rise from Q3 - The Fast Mode
Generative AI, cyber insurance fill out city CISO toolbelts – StateScoop
Local government cybersecurity officials said during an online event Tuesday that procurement, cybersecurity insurance and generative artificial intelligence are all tools they can use to combat ransomware.
Officials said they continue to be concerned with ransomware attacks, a longstanding threat to the public sector that rose 51% during the first eight months of 2023 compared to the same period a year earlier, according to the Center for Internet Security.
Unfortunately, Atlanta several years ago had a ransomware attack. So that is very fresh in their minds, Atlanta Chief Information Officer Alan Greenberg said during StateScoop and EdScoops Cybersecurity Modernization Summit. They are very incentivized to make sure they put in all of the proper protections.
Local agencies often have strict procurement rules to ensure government has the opportunity to spend tax dollars on the most effective and cost-efficient technologies. But those slow processes can become obstacles to rapid response.
This is a lessons learned make sure you understand your entitys emergency procurement process, said Brian Gardner, chief information security officer of Dallas, which last year suffered a ransomware attack that knocked offline the court system and Dallas Police Department website. When you have a [cyber] event, you dont want that to be a tripping point for yourself to slowing your ability to recover down.
Gardner urged security officers to familiarize themselves with state and local emergency contracting protocols so they can be ready for cyberattacks.
Kim Lagrue, New Orleans security chief, said shes an advocate for cybersecurity insurance, which can help offset costs from common cyber risks, including data breaches and ransomware.
Cybersecurity insurance gave us a blanket move forward, Lagrue said. But many areas, small municipalities, smaller organizations, struggle to afford cyber security insurance, as the premiums have escalated so high.
According to a 2022 survey by the nonprofit CompTIA , 92% of local governments have a governmentwide cybersecurity policy for employee behavior and operations. The report found that while cyber policies can help mitigate the cost of malicious attacks, they do not always provide municipalities enough coverage to offset the full cost of recovery.
Officials said that generative artificial intelligence is making ransomware attacks more sophisticated, but likewise gives governments a powerful tool to detect threats. Lagrue said its important to educate government employees on cybersecurity awareness and emerging technologies.
Were talking to people at the mayoral level and our CIO or city managers level and saying these are the things that our environment could face as technologies evolve and expect that ransomware or our security threats will advance, Lagrue said. We are giving them good use-cases for generative AI and just being hyper vigilant about what generative AI could bring to an organization.
Link:
Generative AI, cyber insurance fill out city CISO toolbelts - StateScoop