The Indian cyber security agency has issued a warning against "Royal ransomware" virus that attacks critical sectors such as communications, health care, education and even individuals and seeks pay-off in Bitcoins for not leaking personal data in the public domain.

TheIndian Computer Emergency Response Team or CERT-In has stated in a latest advisory that this Internet spread ransomware sneaks in through phishing emails, malicious downloads, abusing RDP (remote desktop protocol) and other forms of social engineering. This ransomware, cyber experts told PTI, was first detected in January 2022 and it got active sometime around September last year even as the U.S. authorities issued advisories against its spread.

Royal ransomware is targeting multiple crucial infrastructure sectors, including manufacturing, communications, health care, education, etc. or individuals. The ransomware encrypts the files on a victim's system and attackers ask for ransom payment in bitcoin," the advisory said.

"Attackers also threaten to leak the data in public domain if denied payment," the advisory said. The CERT-In is the federal technology arm to combat cyber attacks and guard the cyber space against phishing and hacking assaults and similar online attacks.

The advisory said the "threat actors have followed many tactics to mislead victims into installing the remote access software as a part of call back phishing, where they pretend to be various service providers."

The ransomware infects "using a specific approach to encrypt files depending on the size of the content." "It will divide the content into two segments i.e. encrypted and unencrypted. The malware may choose a small amount of data from a large file to encrypt so as to increase the chances of avoiding caution or detection. It adds 532 bytes at the end of encrypted file for writing randomly generated encrypted key, file size of encrypted file and encryption percentages parametre," the CERT-In said.

The lethality of this virus can be gauged from the fact that before starting encryption of the data it attacks, the ransomware checks the state of targeted files and deletes shadow copies to prevent recovery through service.

After intruding into network, the malware tries to make persistence and lateral movement in the network. Even after getting access of domain controller, the ransomware disables anti-virus protocols. Moreover, the ransomware exfiltrates a large amount of data before encryption, the advisory said.

It has been observed, it said, that 'Royal ransomware' does not share information such as the ransom amount, any instructions, etc. on a note like other ransomware, instead it connects with the victim directly via a .onion URL route (darkweb browser).

The agency has suggested some counter-measures and Internet hygiene protocols to guard from this ransomware attack and others like it. Maintain offline backup of data, and regularly maintain backup and restoration as this practice will ensure the organisation will not be severely interrupted and have irretrievable data.

It is also recommended to have all backup data encrypted, immutable (i.e., cannot be altered or deleted) covering the entire organisations data infrastructure, it said.

The users should enable protected files in the Windows Operating System to prevent unauthorised changes to critical files and they should disable remote desktop connections, employ least-privileged accounts and limit users who can log in using remote desktop part from setting an account lockout policy.

A number of other best practices have been suggested by the agency, including basic ones such as having an updated anti-virus in the computer systems and not clicking on unsolicited emails from unknown links.

Continue reading here:
CERT-In issues cyber alert against 'Royal' ransomware that attacks health, education sectors - The Hindu

TORONTO, May 5, 2023 /CNW/ - TD Bank Group ("TD" or "the Bank") (TSX: TD) (NYSE: TD) today confirmed it entered into an amended Insured Deposit Account (IDA) Agreement with The Charles Schwab Corporation ("Schwab"). TD and Schwab amended the IDA to reflect the current market and interest rate environment. In comparison to the existing agreement, the revised agreement extends the term by three years to July 1, 2034, and provides for lower deposit balances in its first six years, for higher balances in the latter years. Specifically, until September 2025, the aggregate amount of fixed rate obligations will serve as the floor. Thereafter, the floor will be set at US$60 billion up from US$50 billion in the existing agreement.

This robust agreement provides TD with greater certainty around future deposit balances while providing Schwab additional flexibility and strengthening TD's partnership with Schwab.

"We are pleased to further extend our agreement with Schwab," said Bharat Masrani, Group President and CEO, TD Bank Group. "Our relationship with Schwab, one of the leading investment services firms in the U.S., delivers strategic and financial value to TD and our shareholders."

About TD

The Toronto-Dominion Bank and its subsidiaries are collectively known as TD Bank Group ("TD"). TD is the fifth largest bank in North America by assets and serves over 27 million customers in four key businesses operating in a number of locations in financial centres around the globe: Canadian Personal and Commercial Banking, including TD Canada Trust and TD Auto Finance Canada; U.S. Retail, including TD Bank, America's Most Convenient Bank, TD Auto Finance U.S., TD Wealth (U.S.), and an investment in The Charles Schwab Corporation; Wealth Management and Insurance, including TD Wealth (Canada), TD Direct Investing, and TD Insurance; and Wholesale Banking, including TD Securities. TD also ranks among the world's leading online financial services firms, with more than 15 million active online and mobile customers. TD had $1.9 trillion in assets on January 31, 2023. The Toronto-Dominion Bank trades under the symbol "TD" on the Toronto and New York Stock Exchanges.

Caution Regarding Forward-Looking Statements

From time to time, the Bank (as defined in this document) makes written and/or oral forward-looking statements, including in this document, in other filings with Canadian regulators or the United States (U.S.) Securities and Exchange Commission (SEC), and in other communications. In addition, representatives of the Bank may make forward-looking statements orally to analysts, investors, the media and others. All such statements are made pursuant to the "safe harbour" provisions of, and are intended to be forward-looking statements under, applicable Canadian and U.S. securities legislation, including the U.S. Private Securities Litigation Reform Act of 1995. Forward-looking statements include, but are not limited to, statements made in this document, the Management's Discussion and Analysis ("2022 MD&A") in the Bank's 2022 Annual Report under the heading "Economic Summary and Outlook", under the headings "Key Priorities for 2023" and "Operating Environment and Outlook" for the Canadian Personal and Commercial Banking, U.S. Retail, Wealth Management and Insurance, and Wholesale Banking segments, and under the heading "2022 Accomplishments and Focus for 2023" for the Corporate segment, and in other statements regarding the Bank's objectives and priorities for 2023 and beyond and strategies to achieve them, the regulatory environment in which the Bank operates, and the Bank's anticipated financial performance. Forward-looking statements are typically identified by words such as "will", "would", "should", "believe", "expect", "anticipate", "intend", "estimate", "plan", "goal", "target", "may", and "could". By their very nature, these forward-looking statements require the Bank to make assumptions and are subject to inherent risks and uncertainties, general and specific. Especially in light of the uncertainty related to the physical, financial, economic, political, and regulatory environments, such risks and uncertainties many of which are beyond the Bank's control and the effects of which can be difficult to predict may cause actual results to differ materially from the expectations expressed in the forward-looking statements. Risk factors that could cause, individually or in the aggregate, such differences include: strategic, credit, market (including equity, commodity, foreign exchange, interest rate, and credit spreads), operational (including technology, cyber security, and infrastructure), model, insurance, liquidity, capital adequacy, legal, regulatory compliance and conduct, reputational, environmental and social, and other risks. Examples of such risk factors include general business and economic conditions in the regions in which the Bank operates; geopolitical risk; inflation, rising rates and recession; the economic, financial, and other impacts of pandemics, including the COVID-19 pandemic; the ability of the Bank to execute on long-term strategies and shorter-term key strategic priorities, including the successful completion and integration of acquisitions and dispositions, business retention plans, and strategic plans; technology and cyber security risk (including cyber-attacks, data security breaches or technology failures) on the Bank's information technology, internet, network access or other voice or data communications systems or services; model risk; fraud activity; the failure of third parties to comply with their obligations to the Bank or its affiliates, including relating to the care and control of information, and other risks arising from the Bank's use of third-party service providers; the impact of new and changes to, or application of, current laws and regulations, including without limitation tax laws, capital guidelines and liquidity regulatory guidance; regulatory oversight and compliance risk; increased competition from incumbents and new entrants (including Fintechs and big technology competitors); shifts in consumer attitudes and disruptive technology; exposure related to significant litigation and regulatory matters; ability of the Bank to attract, develop, and retain key talent; changes to the Bank's credit ratings; changes in foreign exchange rates, interest rates, credit spreads and equity prices; increased funding costs and market volatility due to market illiquidity and competition for funding; Interbank Offered Rate (IBOR) transition risk; critical accounting estimates and changes to accounting standards, policies, and methods used by the Bank; existing and potential international debt crises; environmental and social risk (including climate change); and the occurrence of natural and unnatural catastrophic events and claims resulting from such events. The Bank cautions that the preceding list is not exhaustive of all possible risk factors and other factors could also adversely affect the Bank's results. For more detailed information, please refer to the "Risk Factors and Management" section of the 2022 MD&A, as may be updated in subsequently filed quarterly reports to shareholders and news releases (as applicable) related to any events or transactions discussed under the heading "Significant Acquisitions" or "Significant and Subsequent Events, and Pending Acquisitions" in the relevant MD&A, which applicable releases may be found on http://www.td.com. All such factors, as well as other uncertainties and potential events, and the inherent uncertainty of forward-looking statements, should be considered carefully when making decisions with respect to the Bank. The Bank cautions readers not to place undue reliance on the Bank's forward-looking statements. Material economic assumptions underlying the forward-looking statements contained in this document are set out in the 2022 MD&A under the heading "Economic Summary and Outlook", under the headings "Key Priorities for 2023" and "Operating Environment and Outlook" for the Canadian Personal and Commercial Banking, U.S. Retail, Wealth Management and Insurance, and Wholesale Banking segments, and under the heading "2022 Accomplishments and Focus for 2023" for the Corporate segment, each as may be updated in subsequently filed quarterly reports to shareholders. Any forward-looking statements contained in this document represent the views of management only as of the date hereof and are presented for the purpose of assisting the Bank's shareholders and analysts in understanding the Bank's financial position, objectives and priorities and anticipated financial performance as at and for the periods ended on the dates presented, and may not be appropriate for other purposes. The Bank does not undertake to update any forward-looking statements, whether written or oral, that may be made from time to time by or on its behalf, except as required under applicable securities legislation.

SOURCE TD Bank Group

Read more:
TD Announces Revised and Extended Long-term IDA Agreement ... - TD Stories

Despite the challenges facing virtually every IT Operations team, compliance initiatives are no longer reserved for the unlucky few its a fundamental requirement for all of IT. But how can teams solve their most pressing security frustrations? It starts with continuous compliance, says Claire McDyre, product manager at Puppet by Perforce.

Security is a national concern, with the White House recently announcing its investments in a resilient future and dismantling threat actorsOpens a new window . This strategy aims to defend critical infrastructure, extend the scope, and share liability by expanding the use of minimum cybersecurity requirements in critical sectors to ensure national security and public safety and harmonizing regulations to reduce the burden of compliance. Further, organizations can reduce the cost of compliance by adhering to best practices within their everyday IT procedures, systems, and tools.

Companies are now expected to meet regulatory and internal best-practice standards, resulting in IT operations (ITOps) teams being pressed to work increasingly efficiently across heterogeneous technologies, all while remaining mindful of cost containment and limited availability of skilled resources. Risk management programs, formalized processes designed to keep organizations safe across a capricious threat landscape, are driving many of these requirements.

Failure to comply with a regulated mandate can result in millions of dollars in fines. For example, severe violations of the European Unions (EU) general data protection regulation (GDPR) can lead to penalties of up to 20 million eurosOpens a new window , or up to 4% of the total global turnover of the preceding fiscal year, whichever is higher! But how can teams solve their most pressing security frustrations? It starts with a proactive and preventative approach with continuous compliance.

For enterprise organizations, compliance extends beyond a single audit. The IT infrastructure landscape is constantly evolving, bringing to light two important aspects the audit process and the resulting enforcement of the policy. These two components are time intensive and ultimately highlight the importance of a robust audit framework. Continuous compliance is the process of automating those practices to ensure technology is constantly audit-ready and continuously protected from threats.

According to a 2023 State of DevOps surveyOpens a new window , self-service platform teams are actively seeking better methodologies for maintaining infrastructure security and compliance. In fact, over 40% said they intend to automate their platforms governance, compliance, and information security policies over the next 12 months.

See More: Using Data to Boost Developer Happiness

Compliance is a tactical declaration that all stated rules and requirements are satisfied, and it requires proactively mitigating the risks that have already been identified. Each risk requires its own process with audit readiness, and being constantly prepared ideally, well before an auditmeans problems can be addressed before they have negative consequences. It also streamlines the formal audit process, which now takes on the role of validating the appropriateness and completion of ongoing compliance activities.

Audits are incredibly burdensome, partly due to the proliferation of devices and users as companies grow. Audits are perceived as formal exercises performed only when mandated by regulatory mandates. Complicating things further, security benchmarks upon which audits are based continuously evolve to keep pace with new risks, updated standards, and new technologies.

Being continuously compliant means consistently complying with various requirements outlined by common industry standards. Ongoing activities should include secure configuration management, as well as access control, vulnerability management, and malware defenses. Many opportunities exist to simplify these requirements through automation, greatly easing the audit burden as a result.

The center for internet security (CIS) benchmarks are a great resource for secure configuration management that many organizations have adopted as the industry standard for system measurement. The benchmarks are prescriptive guidelines on how to securely configure the variety of technologies being managed. Another Security configuration standardpopular with U.S. government agencies is the defense information security agencys (DISA) security technical implementation guides (STIGs).

Organizations are often required to comply with more than one regulation. Fortunately, all of them carry a common expectation of good security hygiene and adopting and implementing CIS benchmarks as the foundation establishes crosswalks for demonstrating compliance to them all. That foundational step will contribute greatly towards the overall requirements of any regulation.

After a comprehensive audit, organizations will know how configurations need to be altered initially to become compliant. But what about ongoing enforcement? And what happens when the standards being enforced are updated?

The manual evaluation and enforcement of secure configurations is time-consuming and complex, and fraught with the potential of human error, leading many ITOps to reject involvement until the security team has identified a risk. However, being proactive doesnt have to burden forward-thinking ITOps teams, even when security standards change.

Automation can facilitate compliance with minimal imposition on an ITOps teams valuable time and resources. Focus can then shift to projects with greater business value. Being prepared for an audit at a moments notice brings peace of mind, as does having instant insight into the state of compliance throughout the entire estate, inclusive of on-premise, cloud, and hybrid environments. Autonomous scans quickly identify areas of non-compliance, and failures are remediated consistently and without intervention. The desired state is enforced automatically by declaring policy as code, utilizing expert-built content and tailored modules. Embedded CIS scanning ensures compliance is always evaluated against the most up-to-date security standards, accommodating the latest risks and new technologies.

Whether its one person managing dozens of servers or a team managing thousands of servers, its critical to have control and clear visibility to ensure compliance with regulatory frameworks and internal security policies. Remember, achieving initial compliance is just one aspect of security.

Continuous compliance enforcement is the best solution for managing secure configurations. Ask your ITOps team about the time spent preparing for their last audit and addressing all the discovered shortfalls chances are, it was frantic and stressful. By adopting continuous compliance for secure system configurations as a foundational step, organizations will be positioned to successfully navigate their current and future security or compliance mandates.

What steps have you taken toward continuous compliance? How has it benefited you? Share with us on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window .

Image Source: Shutterstock

Read the original:
Why Continuous Compliance Is a Necessity - Spiceworks News and Insights

Modified May 03, 2023 15:12 GMT

Apple's Rapid Security Response updates are a much-needed feature every other digital device should have. In a world where cyber attacks are becoming increasingly prevalent, the importance of a swift and effective security response cannot be understated. Recognizing this, Apple recently released their first-ever Rapid Security Response update for the iPhone (iOS 16.4.1(a)), iPad, and Mac devices.

This new feature is designed to provide users quick and effective security fixes for any discovered vulnerabilities. This article will discuss these updates, how to use them, and some known benefits and issues with the Rapid Security Response.

Here is everything you need to know about Rapid Security Responses to keep your digital resources safe and sound:

So, what exactly are Rapid Security Response updates, and how do they work? These updates are minor, targeted patches designed to address specific security vulnerabilities. They are meant to be deployed quickly and easily without requiring a full system update. Users can receive critical security fixes without waiting for the next major software release.

For added security, check out this guide on how to set up passkeys on your Apple device.

To use Rapid Security Response updates, users must ensure their device runs the latest iOS, iPadOS, or macOS version. Once a security patch is released, it will be automatically downloaded and installed on the device. Users don't need to take any additional steps to receive the patch.

These upcoming updates will allow Apple to respond to security threats promptly. In the past, it could take several weeks or even months for security vulnerabilities to be addressed in a significant software update.

This left users vulnerable to potential attacks during that time. With these security updates, however, Apple can quickly address these vulnerabilities and provide users with the necessary protection.

Despite this significant benefit, there are some potential issues to be aware of. One concern is that these patches could cause compatibility issues with third-party apps or devices. This is because the patches are designed to address specific security vulnerabilities that may not be compatible with all software and hardware configurations.

Another issue is that this update may not address all security vulnerabilities. While Apple is working to address the most critical threats, some vulnerabilities may not be covered by these patches. In these cases, users must still rely on significant software updates to address the issue.

These updates are not a replacement for good security practices. While these patches can help mitigate security risks, users should still take steps to protect their devices and data. This includes using strong passwords, avoiding suspicious websites and downloads, enabling two-factor authentication, and using iCloud-based services carefully.

These security updates are a welcome addition to Apple's security toolkit. They provide users with an additional layer of protection against potential threats and help to ensure that devices stay up-to-date with the latest security patches. While there may be some potential issues to be aware of, the benefits of these updates far outweigh the risks.

If you are unsure whether your device is receiving Rapid Security Response updates, you can check the settings menu for available updates. Keep your device up to date with the latest software releases and adhere to best practices for internet security. This may help keep your data and devices safe from potential threats.

For more such informative content, follow Sportskeeda/GamingTech.

Note: We may receive a small commission from the links included in the article.

Original post:
Apple releases first-ever Rapid Security Response updates for iPhone, iPad, and Mac; how to use, issues, and more explained - Sportskeeda