November 29, 2023 The Federal Communications Commission announced Wednesday that the Enforcement Bureau and TracFone Wireless, a Verizon Subsidiary, have reached a $23.5 million settlement for TracFones violation of broadband subsidy program rules.

After TracFone was acquired by Verizon, the company self-reported instances in which it violated the FCCs regulatory rules for the Lifeline and Emergency Broadband Benefit programs, according to the agency

During an investigation into TracFone, the agency found that the company reported improperly claiming support for customers jointly-enrolled in subsidy programs and improperly using inbound text messages to make claims for customers who had not been using those services for at least 30 days, according to a press release.

According to the FCC, TracFone also conceded that some of their field enrollment representatives used false tax documents to enroll customers in the lifeline and EEB programs.

Whether attributable to fraud or lax internal controls, or both, we will vigorously pursue allegations of misconduct that harms critical FCC programs designed to help those most in need of communications-related services, said Enforcement Bureau Chief Loyaan A. Egal.

As part of the settlement, TracFone has entered into an improvement plan agreement with the Enforcement Bureau.

The FCCs Wireline Competition Bureau announced in an order Wednesday that it has granted rip and replace extensions to Montana providers Triangle Telephone Cooperative Association Inc. and Triangle Communication System Inc.

The rip and replace program requires service providers to remove and replace any equipment they use that was manufactured by Huawei Technologies Company or ZTE Corporation that were installed prior to June 30, 2020, because of security concerns.

Triangle Telephone filed for an extension on October 18 and on November 10th, requesting an extension to replace the equipment by Map 29, 2024 as opposed to their original deadline of November 29 of this year.

Triangle Communications filed their request for extension on October 18 and November 16 of this year requesting for additional time up until July 13, 2024, as opposed to January 13, 2024.

Both petitioners cited supply chain disruptions and delayed equipment delivery as factors preventing them from replacing existing equipment alongside poor weather conditions and a decreasing number of employees.

Both providers were granted the extensions they had requested.

Additional funding from Congress has been requested by president Joe Biden to finance the rip and replace program, as a report published by the Federal Communications Commission in July of 2022 noted that the programs initial $1.9 billion would not be enough to support providers.

In October of this year the FCCs Wireline Bureau issued extensions to two other providers who cited that they were unable to completely replace the equipment due to lack of funding.

Kansas Gov. Laura Kelly on Wednesday announced that the state had awarded $5 million to help fund the construction of the first carrier-neutral internet exchange point at Wichita State University.

The construction of this carrier-neutral internet exchange point will allow for the operation of cloud services and streaming content networks to operate more efficiently alongside local and regional internet networks, explained a press release.

The endeavor will be undertaken by Connected Nation, a Kentucky non-profit, and Hunter Newby, founder of Newby Ventures investment firm, working with them to build and operate the internet exchange facility.

Tom Ferree, CEO of Connected Nation, said that the exchange point will support Wichita State and the economy well by improving the entire regional broadband landscape preparing Wichita, and Kansas more broadly, for the future evolution of the Internet and all that it will enable.

More here:
FCC Fines TracFone, Rip and Replace Extensions, Kansas State ... - BroadbandBreakfast.com

At its core, cyber threat exposure management (CTEM) is the culmination of traditional vulnerability management, threat intelligence, and attack surface management. In the past, organizations focused on identifying and patching software vulnerabilities, often with a reactive approach. CTEM is focused on proactively identifying all types of high-risk exposure that could leave your organization at risk, and empowering teams to proactively remediate them.

Today, the scope of cybersecurity threats has expanded enormously, extending beyond the traditional IT infrastructure to include cloud, operational technology, Internet of Things (IoT) devices, and even business processes.

At the same time, the threat landscape is undergoing rapid and disjunctive shifts. New threats such as stealer logs and triple extortion ransomware continue to proliferate leaving many security teams in a mode of constant reactivity.

CTEM aims to bridge the gap between these teams and enable cybersecurity teams to build a threat driven approach to cyber exposure management.

Cyber exposure refers to the quantifiable measure of an organizations attack surface the sum total of vulnerabilities that a threat actor can exploit in its:

This exposure encompasses not only known vulnerabilities but also previously undiscovered ones that may exist in the organizations complex IT infrastructure. The greater an organizations cyber exposure, the more likely it is to suffer a potentially catastrophic cyber attack.

Cyber exposure aims to address this widened threat landscape by providing a live view of the entire attack surface, including both digital and physical assets. It uses data to develop risk-based insights and visualizes cyber risk in the same manner that CFOs visualize financial risk. This enables an organization to make strategic decisions based on the potential business impact.

Understanding and managing cyber exposure is crucial in todays hyper-connected world. It serves as the foundation for a proactive and risk-based approach to cybersecurity, ensuring organizations stay ahead of threats rather than merely responding to them. The next step in managing cyber exposure is implementing effective detection strategies.

As cyber threats grow more complex and numerous, detection strategies must evolve to match the pace. Implementing a robust, proactive approach to detecting cyber exposure is integral to a successful cybersecurity strategy.

Here are some critical pillars of cyber exposure detection in the context of the modern threat landscape:

The first step to managing cyber exposure is obtaining complete visibility of your entire IT ecosystem. This means identifying and cataloging all physical and digital assets, including:

Its essential to continuously monitor these assets to spot any changes or vulnerabilities that might increase your cyber exposure.

After mapping out your digital landscape, the next step is assessing the vulnerabilities within your network and systems. This process includes identifying known vulnerabilities using databases like the Common Vulnerabilities and Exposures (CVE) system and conducting penetration testing to discover unknown vulnerabilities.

Its crucial to remember that new vulnerabilities can emerge at any time, necessitating a routine and ongoing assessment process.

Cyber threat intelligence is a critical tool in the fight against cyber exposure. By keeping abreast of the latest threat trends, attacker tactics, and emerging vulnerabilities, organizations can stay one step ahead of potential attacks.

Using a cyber threat intelligence platform can aid in automating this process, providing real-time alerts and in-depth analysis of the current threat landscape.

Identifying vulnerabilities is only part of the process; understanding the potential impact of these vulnerabilities is equally important. By performing a risk analysis, organizations can prioritize their remediation efforts based on the potential business impact of a vulnerability being exploited. This approach ensures that resources are allocated effectively, addressing the most critical threats first.

Detection strategies must be complemented by a robust incident response plan. When organizations detect a threat, they need to respond quickly to mitigate the damage.

This requires having a pre-established incident response plan that includes:

Incorporating these pillars into your cyber exposure detection strategy can significantly enhance your cybersecurity posture. However, while detection is vital, its only half of the equation. The other half lies in prevention strategies.

While detection is a critical component of managing cyber exposure, prevention is equally paramount. By implementing strategic preventive measures, organizations can significantly reduce their cyber exposure and mitigate potential risks.

Here are some best practices to consider:

One of the simplest ways to reduce cyber exposure is to regularly update and patch:

Many cyber attacks exploit known vulnerabilities in outdated software. Therefore, adhering to a regular patching schedule is essential.

Ensure all your systems and applications are configured securely. Default configurations can often leave organizations exposed to threats. By hardening these configurations based on industry best practices or guidelines like those provided by the Center for Internet Security (CIS), you can significantly reduce your attack surface.

Human error remains one of the largest contributors to cyber exposure. Regular training and awareness programs can equip your employees with the knowledge to identify and avoid common threats like phishing attacks, thereby reducing the chance of a successful cyber attack.

Implement a least privilege access control policy, which ensures that employees have only the access they need to perform their job. This minimizes the risk of internal threats and limits the potential damage in case of a breach.

Use advanced threat protection tools that leverage artificial intelligence and machine learning to proactively detect and prevent threats. These technologies can spot unusual patterns or behaviors that traditional tools might miss, helping to prevent attacks before they occur.

While the focus here is on prevention, having a well-established incident response plan is still vital. It can help minimize the damage in the event of a security incident and ensure a swift return to normal operations.

Foster a culture of cybersecurity within your organization. This goes beyond mere training; it means integrating cybersecurity into your organizational ethos and everyday practices.

Preventing cyber exposure is an ongoing, dynamic process that requires continuous attention and refinement. By proactively implementing these best practices, organizations can protect themselves against evolving cyber threats and significantly decrease their cyber exposure. The ultimate goal is to establish a resilient security posture that enables your business to thrive in the digital age.

In an age of escalating cyber threats, it is not enough to merely react to incidents. Organizations need to take a proactive stance to manage their cyber exposure effectively, and one of the key ways to do this is through leveraging cyber threat intelligence.

Cyber threat intelligence refers to the collection and analysis of information about potential or current attacks threatening an organization. By using this intelligence, organizations can better understand the risks and implications of cyber threats, allowing them to make informed decisions about their security strategy.

Heres how cyber threat intelligence can be harnessed for effective cyber exposure management:

With detailed threat intelligence, your security team can proactively hunt for threats before they materialize into attacks. This involves searching for indications of malicious activities or anomalies within your networks that could signal a cyber threat.

Early detection of these potential threats can help organizations remediate them swiftly, reducing their cyber exposure.

All threats are not created equal. Threat intelligence allows your organization to understand the potential impact and likelihood of different threats. With this understanding, you can prioritize your security efforts towards the most significant risks, ensuring efficient use of resources.

By providing an in-depth understanding of the threat landscape, cyber threat intelligence can guide strategic security decision making. It helps you identify trends, understand the tactics, techniques, and procedures (TTPs) of threat actors, and make predictions about future threats.

This empowers your organization to stay one step ahead of cybercriminals and make strategic investments in your cybersecurity infrastructure.

In the event of a security incident, cyber threat intelligence can provide valuable context, helping your incident response team understand the nature of the attack, the possible motivation of the attackers, and the potential implications. This leads to a faster and more effective response, minimizing damage and downtime.

At a broader level, cyber threat intelligence feeds into your organizations overall risk management strategy. It aids in assessing your cyber risk, aligning your cybersecurity strategy with your business objectives, and demonstrating due diligence for compliance purposes.

In essence, cyber threat intelligence offers the foresight needed to anticipate and mitigate cyber threats. As such, it is a powerful tool in the arsenal of any organization seeking to manage its cyber exposure effectively. By integrating cyber threat intelligence into your cybersecurity strategy, your organization can navigate the digital landscape confidently, securing its future in an increasingly connected world.

Understanding and effectively managing cyber exposure is paramount for every organization. At the core of these strategies lies the powerful role of cyber threat intelligence, providing crucial insights and enabling proactive responses to the ever-evolving threat landscape.

Flare automates continuous monitoring for the clear & dark web and illicit Telegram channels for external threats.

Sign up for a free trial to try it yourself.

The post Cyber Threat Exposure: Detection & Prevention Guide appeared first on Flare | Cyber Threat Intel | Digital Risk Protection.

*** This is a Security Bloggers Network syndicated blog from Flare | Cyber Threat Intel | Digital Risk Protection authored by Flare. Read the original post at: https://flare.io/learn/resources/blog/cyber-threat-exposure/

Read this article:
Cyber Threat Exposure: Detection & Prevention Guide - Security Boulevard

BROWNSVILLE, Texas A 34-year-old resident of Ciudad Victoria, Tamaulipas, Mexico, has been sentenced for possessing child pornography found on his cell phone as he tried to enter the country, announced U.S. Attorney Alamdar S. Hamdani.

Juan Jesus Banda-Olivo pleaded guilty Jan. 25.

U.S. District Judge Rolando Olvera has now ordered Banda-Olivo

to serve 97 months in federal prison. Garza was further ordered to pay $3,000 in restitution to a known victim and will serve eight years on supervised release following completion of his prison term. During that time, he will have to comply with numerous requirements designed to restrict his access to children and the internet. He will also be ordered to register as a sex offender.

On Aug. 15, 2022, Banda-Olivo attempted to make entry into the United States through the Veterans Port of Entry. Authorities believed he was in the country illegally and sent him to secondary inspection.

There, law enforcement conducted a consensual search of Banda-Olivos cell phone and discovered multiple photographs and videos of child pornography. The investigation revealed Banda-Olivo possessed 1,223 unique images and videos of child pornography on his cell phone and his cloud storage account. Some of the images included images of the sexual abuse of toddlers and prepubescent minors. The images found on the seized cell phone were submitted to the National Center for Missing and Exploited Children for victim identification.

Banda-Olivo has been and will remain in custody pending transfer to a U.S. Bureau of Prisons facility to be determined in the near future.

Homeland Security Investigations conducted the investigation.

Assistant U.S. Attorney Ana C. Cano prosecuted the case, which was brought as part of Project Safe Childhood (PSC), a nationwide initiative the Department of Justice (DOJ) launched in May 2006 to combat the growing epidemic of child sexual exploitation and abuse. U.S. Attorneys' Offices and the Criminal Division's Child Exploitation and Obscenity Section leads PSC, which marshals federal, state and local resources to locate, apprehend and prosecute individuals who sexually exploit children and identifies and rescues victims. For more information about PSC, please visit DOJs PSC page. For more information about internet safety education, please visit the resources link on that page.

See the original post here:
Southern District of Texas | Mexican national sentenced for ... - Department of Justice

After companies move to the cloud, many are under the impression that their cloud hosting providers are solely responsible for security, a misconception that can lead to data breaches and other security issues.

While the responsibility for securing cloud infrastructure falls to cloud services providers, it's up to customers to configure the cloud and secure their applications and sensitive corporate data.

Thats where cloud security posture management (CSPM) tools can help. These tools continuously and automatically check for misconfigurations that can result in data leaks and data breaches. CSPM tools manage cloud security risks on an ongoing basis and ensure compliance in the cloud so enterprises can continuously make any necessary changes.

"CSPM solutions use best practices and compliance (PCI, SOC2, etc.) templates to identify drifts and insecure configurations in cloud infrastructure (AWS, Azure, Google Cloud Platform) in the compute, storage, and network areas," says Andras Cser, vice president and principal analyst at Forrester Research. "CSPM tools can alert and optionally remediate the insecure configurations.

CSPM tools look at workloads to see whats happening and they provide context, so organizations know which of the vulnerabilities or issues is most important, says Charlie Winckless, senior director analyst at Gartner. These tools enable companies to prioritize which risks are real, which risks are important, and which risks they may be able to delay fixing a little bit, he says.

Organizations evaluating various CSPM tools should ensure that they cover all the cloud platforms theyre using, says Winckless.

"You want to be able to normalize the configuration risks across the major cloud platforms," he says. "Most organizations that are purchasing these tools will probably be multicloud. Theyll be using at least two clouds, maybe more, since the cloud providers themselves do offer some of this functionality built into their platforms."

Philip Bues, cloud security research manager at IDC, says the new reality for most organizations is a hybrid multicloud environment, "so you want something thats going to be able to give you really deep visibility throughout all the environments and workloads that you have. And that's what the CSPM solution should be able to provide you."

Other features organizations should look for in CSPM tools include:

Comprehensive threat detection: Because threats in multicloud environments are complex, these tools must gather threat intelligence from a number of sources to give companies clear views of their risks.

Integrated data security: Keeping data safe in the cloud requires a multipronged defense that gives companies deep visibility into the state of their data. This includes enabling organizations to monitor how each storage bucket is configured across all their storage services to ensure their data isnt inadvertently exposed to unauthorized applications or users.

Automated alert remediation: Organizations must ensure that the CSPM tools they select can automate routine security monitoring, audits, and remediations across their cloud environments. This allows security teams to prioritize and remediate the risks that can potentially cause the most damage.

CSPM tools offer a number of benefits that help companies boost security, minimize their risk exposure in cloud environments, and reduce costs. These benefits include:

There are some pitfalls that companies need to be aware of when it comes to CSPM tools, including:

Not understanding the requirements of CSPM tools: This is one of the biggest mistakes that organizations can make when theyre shifting workloads to the cloud because things that werent connected before are now interconnected, says Bues. The best way to implement CSPM tools is to ensure teams receive the proper training and proper awareness for how this solution is supposed to work within the environment. "You dont want to have the security team with little or no cloud experience or developers with limited security experience trying to manage this new CSPM solution," he says. "You should have the developers and the security team working together because everyone has different needs."

Not opting for a multicloud CSPM tool: Another mistake companies make is selecting tools that offer a one-size-fits-all approach offered by public cloud vendors that dont offer a unified view across all their cloud environments. Organizations should opt for CSPM tools that provide multicloud monitoring and protection.

Thinking theyre too small/not mature enough: A company that assumes its too small or not mature enough to consider security will always put the business at risk as it typically only thinks about security after an issue or breach occurs. However, companies of all sizes should ensure they protect their assets across teams by implementing CSPM tools.

There are numerous CSPM tools on the market, so to help you begin your research, we've highlighted the following products based on discussions with analysts and independent research.

Aqua Security Real-Time CSPM: Connects organizations cloud accounts so they can identify all their cloud resources running in Amazon Web Services (AWS), Alibaba Cloud, Google Cloud Platform (GCP), Microsoft Intune, and Oracle Cloud. Provides a comprehensive view of organizations' real-time cloud security risks, identifying the most critical problems so they can focus on fixing high-priority issues. Uses agentless workload scanning to scan workloads and assess companies basic risk postures. Detects cloud risks and catches threats that evade agentless detection, including fileless malware, memory-based attacks, and unknown exploit attempts, such as zero days. Provides context-based insights and recommends remediation actions. Prioritizes the most important security issues. Connects issues detected in the cloud back to development.

Check Point CloudGuard for Cloud Security Posture Management: Automates security, compliance, and governance across multicloud environments and services. Detects misconfigurations, visualizes and assesses companies security postures, and enforces compliance frameworks and security best practices. Companies can manage the security and compliance of their public cloud environments across Azure, AWS, GCP, Alibaba Cloud, and Kubernetes. CloudGuards network and asset visualization enables companies to detect any compromised workloads, vulnerabilities, misconfigurations, or open ports in real-time. Offers threat intelligence support as a free add-on to CSPM customers. This feature offers insights into account activity through threat research and machine learning.

CrowdStrike Falcon Cloud Security: Provides threat detection, prevention, and remediation and enforces compliance and security posture and compliance across AWS, Azure, and GCP. Provides CSPM features for hybrid and multicloud environments. Enables companies to continuously monitor the compliance posture of all their cloud resources from a single console and dashboard for numerous regulations, including the Payment Card Industry Data Security Standard (PCI-DSS), National Institute of Standards and Technology (NIST), SOC2, and more. Lets companies compare cloud application configurations to organizational and industry benchmarks so they can detect violations and remediate them in real time to ensure their applications are always available.

Palo Alto Networks Prisma Cloud: Safeguards resources across multicloud and hybrid environments. Its features work on AWS, Azure, Alibaba Cloud, Oracle Cloud, and GCP public cloud environments. Provides users with total visibility into their cloud environments, automated responses, and continuous threat detection. Analyzes, normalizes disparate data sources to offer enterprises clarity into risk management. Provides historical and real-time visibility across assets and configurations. Offers companies step-by-step remediation instructions for compliance violations and misconfigurations. Collects audit event logs allowing security administrations to see configuration changes and identify when they occurred.

Tenable Cloud Security: Provides a complete inventory of assets across Azure, GCP, and AWS. Automatically detects and maps organizations cloud environments, including workloads, infrastructures, data, and identities. Enables companies to view infrastructure thats configured incorrectly, as well as associated risks, vulnerabilities, excessive permissions, and network configurations that can expose corporate resources. Allows organizations to automatically remediate misconfigurations, risky privileges, and policy violations. Companies can audit multicloud environments against industry standards, including AWS Well-Architected framework, NIST, PCI-DSS, SOC2, and Center for Internet Security benchmarks for Kubernetes and more. Companies can create their own custom checks.

Here is the original post:
How to choose the best cloud security posture management tools - CSO Online

The recent announcement of a new, independent cloud for Europe by Amazon Web Services (AWS) has underlined the growing divergence between the positions of Paris and Berlin regarding digital sovereignty in the cloud sector.

The move by AWS last week came as part of an overall trend whereby American hyperscalers a term used to describe cloud service providers with massive operations seek to address the concerns of EU countries looking to keep their data within Europes borders.

Past examples include leading market players like Microsoft, which announced its Microsoft Cloud for Sovereignty offer in July 2022, and Oracle, which launched its EU Sovereign Cloud offer last June.

What worries me the most is that the German Federal Office for Information Security (BSI) has endorsed the AWS European Sovereign Cloud, French centrist MP Philippe Latombe told Euractiv, explaining he fears that the Germans start exerting pressure against Frances highest cloud security certification, called SecNumCloud.

AWS was in fact the first cloud service provider to receive the BSIs C5 testate,a German cloud security certification, based on the same international standard as SecNumCloud.

BSIs Director General Claudia Plattner said in a statement that she was very pleased to constructively accompany the local development of an AWS cloud, which will also contribute to European sovereignty in terms of security.

According to Arnaud David, Director of European Affairs at AWS, the company has put in place technical building blocks, including safeguards, controls and security features that allow customers to enforce access restrictions so that nobody, including from AWS, can access customer data.

He further explained that AWS cannot access customer data unless the access is given by its customers and that AWS provides its customers with encryption tools. Moreover, only EU-resident AWS employees located in the EU will control operations of the AWS European sovereign cloud.

A comprehensive bill aiming to secure and regulate the internet in France aims to strictly respect the new digital European regulations and, when it comes to cloud regulation, will go even further.

For MP Latombe, AWS cloud cannot be sovereign because it is subject to the US FISA and Cloud Act, legislations mandating US companies, US citizens or foreign subsidiaries on US soil to cooperate with the US security agencies.

According to AWSs David, if AWS is requested to send data to US administrations under the FISA, Amazon will challenge every request it deems inappropriate, especially if it is contrary to local law, like the EUs General Data Protection Regulation (GDPR) in the EU.

Of course, every company affirms it would not disclose sensitive information, at least until they are caught in the crossfire of conflicting jurisdictions.

We are a global company subject to laws in every country where we operate, including US law, David said, adding that this was also the case for EU companies with subsidiaries in the US.

Latombe disagrees, arguing that European cloud providers with operations in the United States are subject to US laws only through their US-based subsidiaries, which is not the case with AWS, a US-based company that must comply with US agencies globally.

Jean-Sbastien Mariez, founding partner of the French tech law firm Momentum Avocats, noted that since the Cloud Act, the location of data is irrelevant in the applicability of US laws.

Moreover, while Amazon advertises that only EU-resident AWS employees located in the EU will access data, a 2022 memo by the Dutch National Cyber Security Center states that this does not necessarily mean protection from FISA and Cloud Act laws.

Traditionally, Paris could count on Berlins support to push digital sovereignty principles that favour their national champions over foreign providers. In contrast, smaller member states prefer to buy the best available technology regardless of its provenance.

But a Franco-German divergence on the concept of the sovereign cloud has been long in the making. Different understandings of what digital sovereignty meant for cloud infrastructure are what made the Gaia-X European digital sovereignty project lose its political momentum.

Tensions came to a head with the European Cloud Services scheme (EUCS), a cybersecurity certification scheme where France, via its Commissioner Thierry Breton, tried to replicate the sovereignty requirements of SecNumCloud at the EU level.

This attempt faced significant resistance from more liberal countries, led by the Netherlands. With the liberal Free Democratic Party occupying critical ministries in the current coalition government in Berlin, France not only did not receive support from Germany but was at times more or less openly criticised.

In this context, Latombe fears that Germans are taking a pro-US and anti-French position and, therefore, would be exchanging their industrial dependency on Russian gas for a dependency on American digital companies.

That is why he considers that giving the C5 certification to the AWS European Sovereign cloud was a nook in [the French certification] SecNumCloud since the French ANSSI and German BSI authorities have a mutual recognition agreement for security certificates, albeit only for the first security level at the moment.

A BSI spokesperson told Euractiv there was no specific connection between the AWS announcement and the currently discussed EUCS. Meanwhile, the German Digital Ministry said to Euractiv that it was committed to ensuring that the [German] economy can access secure and powerful cloud structures to the extent required.

The French ANSSI and the Digital Ministry declined Euractivs requests for comment.Latombe advertised on Monday (30 October) that he sent a written question to French Digital Minister Jean-Nol Barrot on the matter.

[Edited by Luca Bertuzzi/Nathalie Weatherald]

Read the original here:
France and Germany increasingly drift apart on digital sovereignty of ... - EURACTIV