Cloud Hosting

SAN JOSE, Calif., April 05, 2023 (GLOBE NEWSWIRE) -- Noname Security, the leading provider of complete and proactive API security, today announced Noname Public Sectors Hardened Virtual Appliance making the API security platform available to the U.S. Federal Government, highly regulated industry customers, and FedRAMP-authorized vendors. The appliance is the first of its kind in the comprehensive API security space and is designed to deliver a drop-in, secure, and scalable system for discovering, monitoring, and protecting mission-critical APIs and data.

Governments and highly regulated industries have unique security needs. Having worked closely with many Federal agencies during my career, I know how impactful it will be to provide this level of security and insight into APIs and provide options that make it easy to meet government standards, said Dean Phillips, Executive Director of Public Sector Programs at Noname Security. The government and regulated industries are not immune from cyber criminals, they are targeted as much if not more than most organizations. Were excited to arm them with the tools they need to protect their assets.

Federal agencies can use the Noname API Security Platform to protect their APIs in real-time and detect vulnerabilities before they are exploited. Noname Securitys Hardened Virtual Appliance makes the API security platform available completely offline with no reliance on internet connectivity, perfect for isolated and controlled environments. It is a finely tuned package of advanced software and premium support built and secured to Federal Government specifications, enabling customers to comply with the most rigorous standards, including Federal Information Processing Standards (FIPS)1 and Defense Information Systems Agency (DISA) Secure Technical Implementation Guides (STIGs)2. Noname collaborated with a FedRAMP 3PAO, The MindPoint Group, on the development of the Noname Hardened Virtual Appliance.

Noname Securitys Hardened Virtual Appliance enables access to a powerful, complete, and easy-to-use API security platform that helps:

Noname Public Sector LLC has made it easier to deploy, configure and manage the platform via the new Noshell() interface. The shell offers innovative features such as the ability to perform on-demand STIG audits of the internal system itself, while aiming to reduce the overall attack surface of the system.

To learn more about Noname Securitys hardened platform, please contact publicsector@nonamesecurity.com.

Supporting Resources

About Noname Security & Noname Public Sector LLCNoname Public Sector LLC empowers the worlds most critical organizations to protect their most important data. With decades of military and civilian public sector experience, Noname Public Sector combines a deep understanding of government agency requirements with leading expertise on their unique API security considerations. Government agencies using Nonames complete, proactive API security solutions can securely harness their data to serve the public and stay ahead of adversaries. Noname Public Sector LLC is privately-held and based in Herndon, VA.

Noname Security is the leading provider of complete, proactive API Security. Noname works with 20% of the Fortune 500 and covers the entire API security scope Discovery, Posture Management, Runtime Security, and API Security Testing. Noname Security is privately held, remote-first with headquarters in Silicon Valley, California, and offices in Tel Aviv and Amsterdam.

Media ContactStephanie SchlegelOffleash for Nonamenoname@offleashpr.com

1 FIPS 140-2, titled Security Requirements for Cryptographic Modules, is a U.S. government computer security standard used to accredit cryptographic modules. Compliance with the standard is required for equipment used in federal facilities and has become a common stipulation in other public and private IT deployments.

2 Security Technical Implementation Guides (STIGs) are configuration standards developed by the Defense Information Systems Agency (DISA). They are designed to make device hardware and software as secure as possible, safeguarding the Department of Defense (DoD) IT network and systems.

Compliance with STIGs is a requirement for DoD agencies, or any organization that is a part of the DoD information networks (DoDIN). This includes defense contractors that connect to the DoD network or system.

STIGs are also aligned with the Centre for Internet Security (CIS) benchmarks - Level 3.

Read more from the original source:
Noname Security Announces the Industry's First - GlobeNewswire

Security News Dylan Martin April 04, 2023, 09:00 AM EDT

As part of CRNs 2023 Internet of Things 50 list, heres a look at the tools and vendors leading the way in IoT security.

The need for better IoT security capabilities is greater than ever before, and that isnt expected to change any time soon.

This ongoing necessity to monitor and protect against threats to a wide range of connected devices was recently underlined by the U.S. Government Accountability Office, which said in December that the countrys 16 critical infrastructure sectors face increasing cybersecurity threats.

Its not just individual agencies that see the problem. In early March, the Biden administration called for a greater focus on developing secure IoT devices as part of its new National Cybersecurity Strategy, building on previous legislation and other government efforts addressing the issue.

Too often they have been deployed with inadequate default settings, can be difficult or impossible to patch or upgrade, or come equipped with advancedand sometimes unnecessarycapabilities that enable malicious cyber activities on critical physical and digital systems, the White House said in its strategy outline. Recent IoT vulnerabilities have shown just how easily bad actors can exploit these devices to construct botnets and conduct surveillance.

As part of CRNs 2023 Internet of Things 50 list, heres a look at the tools and vendors leading the way in IoT security.

Dylan Martin is a senior editor at CRN covering the semiconductor, PC, mobile device, and IoT beats. He has distinguished his coverage of the semiconductor industry thanks to insightful interviews with CEOs and top executives; scoops and exclusives about product, strategy and personnel changes; and analyses that dig into the why behind the news. He can be reached at dmartin@thechannelcompany.com.

Read more here:
The 10 Coolest IoT Security Companies: The 2023 Internet Of ... - CRN

Do you know how many devices are connected to your home network? You dont? This is precisely why its time for a network audit.

The rite of spring cleaning is clearly good for your home and your mind and well-being, but trust me, your home network and all the devices connected to it could use it, too.

Yesterday, we looked at a few simple ways to breathe new life into your computers, smartphones and tablets. But as wireless connectivity in particular makes it easy to lose track of all the devices connected to your home network, lets now pick up where we left off and see how you can get an overview of all the devices connected to your network and how to deep-clean it to help keep your personal information safe and secure.

In addition, the tradition of spring cleaning is also a great opportunity to ensure you have complete backups of all your (important) files should a data disaster strike. With this in mind, well look at why you should check your backups and ensure you use a solid backup routine all year round.

Security software such as ESET Internet Security or ESET Smart Security Premium lets you easily see and review a list of all devices connected to your home network. If, however, you dont use such reputable multi-layered security software (big mistake!), you need to audit your network-connected devices using other methods. These include dedicated network scanning tools, but lets face it, its easier simply to log into your routers browser-based control panel.

To do this, enter your routers IP address into your web browsers URL bar (most commonly, the default IP address for routers is 192.168.0.1 or 192.168.1.1) and enter your administrator name and password. If, heaven forbid, you have never set up any and use the default and easy-to-guess login credentials (more on this in a minute), look at the back of the router, check the devices documentation or search for the credentials online.

Once youre logged in, look for Connected Devices, Attached Devices or similar to see a list of all computers, smartphones, tablets, streaming sticks, kettles, webcams, gaming consoles, network storage devices, digital assistants or other gizmos connected to your network.

If you spot your old devices that you no longer use or you dont recognize some devices, boot them out of your network.

While youre at it, make sure you use a strong and unique password for your admin account and your wireless connectivity, ideally together with an SSID (i.e., the name of your wireless network) that doesnt identify you and your network.

Also, turn on a strong encryption standard, ideally the WPA2 protocol or, even better, the newer WPA3 as long as your router supports it. Disable all sorts of features you dont need or that pose a risk, such as Wi-Fi Protected Setup (WPS) or Universal Plug and Play (UPnP). For a deeper dive into how to secure your router, head over to this article.

Usually, most users will keep all devices on a single network. However, this involves the risk that attackers can use vulnerabilities in your smart kettle or other devices to gain access not only to the device, but also to the data or cameras and microphones stored in the network.

The remedy here is a strict separation of the devices. A good, inexpensive and easy-to-implement option is to use a guest Wi-Fi. Devices that only require an internet connection for correct operation can be treated as guests and assigned to the corresponding, second network. Should one of the devices be taken over or compromised by cybercriminals, your private data and images remain safe.

Also check whether all devices and especially the router are supplied with the latest updates. Vulnerabilities in the firmware are repeatedly exploited by cybercriminals.

Nothing is as valuable as a secure home. This also applies to the digital side of the home. Why use the most secure doors and windows if criminals from all over the world can still access your camera or private data?

Speaking of which, if any private information doesnt really need to be accessible from your network, why not move it offline?

Backups, i.e. the regular storage of files, photos, videos, etc. on external storage media, can be done quite inexpensively, whether via cloud storage offers from Google Drive, Microsoft One Drive, Apple iCloud, Dropbox or via your own network-attached storage (NAS) devices .

NAS and cloud storage have the advantage over USB sticks and DVDs that the data is stored almost fail-safe. If your thumb drives or DVDs are stolen or suffer physical damage, the data on it is lost. If a disk in the NAS fails, the contents are often mirrored on a second drive (RAID) check whether your NAS has a RAID functionality.

Meanwhile, data stored in the cloud is mirrored multiple times and is only lost in an extremely unlikely event. Also, in most cases, the data can be conveniently accessed from anywhere in the world and from outside of your home network.

But thats exactly where the problem lies for security- and privacy-conscious people: the data is outside of your network, and as a user you have to trust your service provider for the protection and confidentiality of your data. If using cloud storage, take things into your own hands and encrypt the data before uploading it to the cloud.

Local backup options include all visible media, such as USB sticks, USB hard drives, CD/DVD, NAS devices, etc. These are easy to control and hide if necessary, but they also have disadvantages. Except for the NAS, we have no or hardly any (automatic) redundancies, such as RAID functionalities, i.e. fail-safety.

Also, you should be wary of having the backup media constantly connected to the computer or smartphone (via the network). Ransomware that attacks your system may also try to compromise your connected storage media as well.

To counter that, create a ritual: After you have finished your work (creating/editing photos, writing texts, etc.), connect the storage medium to the computer or smartphone and back up the new data. Then disconnect the backup medium again.

If the storage contents are updates of already existing files, replace them in the target medium. Also, force yourself to back up only relevant content. This will not only save you storage space, but also saves time when cleaning up and sifting through at a later time.

Storage options in the cloud may be free of charge, virtually fail-safe and, thanks to cross-platform apps, can be accessed from just about anywhere. However, the stored content is also outside your control. If criminals gain access to the storage servers anywhere in the world, your data could be on display in the worst case scenario. Since you are only backing up important, privately valuable data, this may be a big problem.

With this in mind, deactivate any automatic backups of your smartphone pictures or documents. Control the upload to cloud storage services beyond that. Be deliberate when it comes to creating backups in the cloud. This includes making sure that the corresponding data is reliably encrypted so that only you and people and apps authorized by you can read it.

A classic hard disk failure is painful if there is no corresponding backup. However, if ransomware attacks your machine(s), the damage is considerably limited if the valuable images and documents are backed up and can be restored without paying a ransom.

Read the original here:
Why you should spring clean your home network and audit your ... - We Live Security

For months, governments across the world have rattled their cyber sabres, threatening to cut TikTok off at the knees.

The reach and influence of the popular app, harnessed by everyone from porn stars to politicians, is undeniable, with more than 1 billion monthly users when measured in 2021.

But yesterday, the Albanese government finally swung its own sword, announcing thatpublic servants would soon be banned from having the popular app on their work-issued devices, over fears it could be a secret Chinese tool.

The move made Australia the last nation in the Five Eyes intelligence network which includes the United States, Canada, United Kingdom and New Zealand to forbid officials from using the app, over concerns that it could be used by the Chinese Communist Party (CCP) for political interference.

But while TikTok will soon be wiped from the public service's phones, it raises three key questions for everyday Australian who use TikTok on the train or in front of the TV:

It depends on who you ask.

There's no doubt that TikTok has become a powerful platform which is being used to directly reach new and younger audiences, who have long been untethered to traditional broadcasting because of age, interest or, more likely, both.

The ban has, predictably, infuriated TikTok which is owned by ByteDance, a multi-billion dollar Chinese internet giant, that fiercely denies it poses any risk to national security.

TikTok's Australian boss, Lee Hunter, said there was no evidence the app was a security risk to Australians.

"We're extremely disappointed with this decision. In our view, this is driven by politics and not by fact," Mr Hunter said.

But Fergus Ryan, a China analyst at the Australian Strategic Policy Institute, said that's not true.

"We've known for years now that TikTok user data is accessible in China, and because of the suite of national security laws that are in place in China, it means that there's effectively no barrier between user data and the Chinese party state," he said.

Mr Ryan said that type of data was incredibly valuable to a foreign government.

He said the greater risk facing Australians was political interference because of the "enormous leverage" that China's government has over ByteDance, due to Beijing's national security laws.

"It would be trivially easy for ByteDance, having been compelled to by the CCP, to either promote or demote certain political messages, and the effect that has is to distort the political discussions that Australians are having on that app," he said.

The Australian ban follows months of pressure on the Chinese-owned app which has faced bruising congressional hearings with angry American politicians, and been the target of a scathing submission to Australia's select committee on foreign interference.

Alastair MacGibbon, the chief strategy officer at cybersecurity firm CyberCX, said Chinese national security laws were a key concern for politicians with a ban in the forefront of their minds.

Mr MacGibbon is a former national cybersecurity adviser, the former head of the Australian Cyber Security Centre, and was the nation's first eSafety Commissioner.

"The laws in China compel organisations to do what they say," he said

"Now, if you're a Chinese company, why wouldn't you do that? It's literally a matter of whether you keep your freedom and your company so of course, they will comply.

Mr MacGibbon said TikTok had a poor track record.

"If you're a contractor doing work for the government then your device might be targeted for the purposes of finding out about that work," Mr MacGibbon said.

"It might be that you're a journalist and TikTok is upset at the articles that you're writing, and actually uses that data to track you and find out who your sources are.

"All of those things are real and happen and we have to wake up as a country and ask ourselves not whether a normal government would do this, the question is whether or not the Beijing government would do this.

"The answer, sadly, is yes."

Influencers rejoice, probably not.

"I doubt it. I don't see the Australian government banning TikTok in Australia," Mr MacGibbon said.

"I can see why you would makea decision about Huawei sitting inside 5G networks because ultimately that was down to the ability for essentially China to turn off our telephone systems.

"There's a big difference between that and an app on the telephone."

But Mr MacGibbon said there needed to be a greater conversation about the use of critical technologies in Australia.

"If we're ripping cameras out of Parliament House and we're banning politicians from being able to use TikTok, then we need to start asking why we're allowing these technologies much more broadly in the economy," he said.

View original post here:
TikTok is to be banned from government devices over security fears. How big is the threat and could it soon be banned for everyone? - ABC News

In this image from video provided by the Dossier Center, a London-based investigative group funded by Russian opposition figure Mikhail Khodorkovsky, Gleb Karakulov speaks during an interview in Turkey in December 2022. Karakulov, who was responsible for setting up secure communications for Russian President Vladimir Putin, said moral opposition to Russias invasion of Ukraine and his fear of dying there drove him to speak out, despite the risks to himself and his family. He said he hoped to inspire other Russians to speak out also. Our President has become a war criminal, he said. It is time to end this war and stop being silent. (Dossier Center via AP)

By ERIKA KINETZ (Associated Press)

LONDON (AP) On Oct. 14, a Russian engineer named Gleb Karakulov boarded a flight from Kazakhstan to Turkey with his wife and daughter. He switched off his phone to shut out the crescendo of urgent, enraged messages, said goodbye to his life in Russia and tried to calm his fast-beating heart.

But this was no ordinary Russian defector. Karakulov was an officer in President Vladimir Putins secretive elite personal security service one of the few Russians to flee and go public who have rank, as well as knowledge of intimate details of Putins life and potentially classified information.

Karakulov, who was responsible for secure communications, said moral opposition to Russias invasion of Ukraine and his fear of dying there drove him to speak out, despite the risks to himself and his family.

Our president has become a war criminal, he said. Its time to end this war and stop being silent.

Karakulovs account generally conforms with others that paint the Russian president as a once charismatic but increasingly isolated leader, who doesnt use a cellphone or the internet and insists on access to Russian state television wherever he goes.

He also offered new details about how Putins paranoia appears to have deepened since his decision to invade Ukraine in February 2022. Putin now prefers to avoid airplanes and travel on a special armored train, he said, and he ordered a bunker at the Russian Embassy in Kazakhstan outfitted with a secure communications line in October the first time Karakulov had ever fielded such a request.

A defection like Karakulovs has a very great level of interest, said an official with a security background from a NATO country, who spoke on condition of anonymity to discuss sensitive political matters.

That would be seen as a very serious blow to the president himself because he is extremely keen on his security, and his security is compromised, he said.

The Kremlin did not respond to requests for comment. Neither did Karakulovs father or brother.

As an engineer in a field unit of the presidential communications department of the Federal Protective Service, or FSO, Karakulov was responsible for setting up secure communications for the Russian president and prime minister wherever they went. While he was not a confidant of Putins, Karakulov spent years in his service, observing him from unusually close quarters from 2009 through late 2022.

Karakulov, his wife and his child have gone underground, and it was impossible to speak with them directly due to security constraints.

The Dossier Center, a London-based investigative group funded by Russian opposition figure Mikhail Khodorkovsky, interviewed Karakulov multiple times and shared video and transcripts of more than six hours of those interviews with The Associated Press, as well as the Danish Broadcasting Corporation DR, Swedish Television SVT, and the Norwegian Broadcasting Corporation NRK.

The Dossier Center confirmed the authenticity of Karakulovs passport and FSO work identity card, and cross-checked details of his biography against Russian government records, leaked personal data and social media postings, all of which the AP reviewed.

The AP also independently confirmed Karakulovs identity with three sources in the U.S. and Europe and corroborated his personal details, including passport numbers, date and place of birth, two registered addresses, and the names and ages of family members. The AP was unable to verify all details of his defection.

The AP also confirmed that Karakulov is listed as a wanted man in the Russian Interior Ministrys public database of criminal suspects. The ministry initiated a criminal investigation against Karakulov on Oct. 26 for desertion during a time of military mobilization, according to documents obtained by the Dossier Center and seen by the AP.

The FSO is one of the most secretive branches of Russias security services.

Even when they quit, they never talk, but they know a lot of details of the private life of the president and the prime minister, said Katya Hakim, a senior researcher at the Dossier Center.

Karakulov moved as part of an advance team, often with enough specialized communications equipment to fill a KAMAZ truck. He said he has taken more than 180 trips with the Russian president, and contrary to widespread speculation, Putin appears to be in better shape than most people his age. Putin has only canceled a few trips due to illness, he said.

Unlike the prime minister, Putin does not require secure internet access on his trips, Karakulov said.

I have never seen him with a mobile phone, he said. All the information he receives is only from people close to him. That is, he lives in a kind of information vacuum.

Karakulovs work brought him to luxury hotels for summits, beach resorts in Cuba, yachts and aboard a special armored train outfitted for the Russian president.

Putins train looks like any other, painted gray with a red stripe to blend in with other railway carriages in Russia. Putin didnt like the fact that airplanes can be tracked, preferring the stealth of a nondescript train car, Karakulov said.

I understand that hes simply afraid, he said.

Putin began to use the train regularly in the run-up to the February 2022 invasion of Ukraine, Karakulov said. Even last year, Putin continued to insist on strict anti-COVID-19 measures, and FSO employees took shifts in two-week quarantine so there would always be a pool of people cleared to travel with Putin on the train, he said.

Putin has set up identical offices in multiple locations, with matching details down to the desk and wall hangings, and official reports sometimes say hes one place when he is actually in another, according to Karakulov and prior reporting by a Russian media outlet.

When Putin was in Sochi, security officials would deliberately pretend he was leaving, bringing in a plane and sending off a motorcade, when he was in fact staying, Karakulov said.

I think that this is an attempt to confuse, first, intelligence, and second, so that there are no assassination attempts, he said.

Karakulovs defection was a surprising turn for a family steeped in patriotic military tradition. Karakulovs father is a former military man, and his brother is a local government official.

Karakulov said he couldnt tell his parents about his disillusionment, because their minds had been molded by years of watching Russian state television. So he never told them he was leaving.

But he denies that he is unpatriotic and urged others to break their silence to stop the war.

Patriotism is when you love your country, he said. In this case, our homeland needs to be saved because something crazy and terrible is happening.

___

Associated Press reporters Jamey Keaten in Geneva, Aamer Madhani in Washington and Joanna Kozlowska in London contributed to this report.

Read more from the original source:
Antiwar officer from Putins elite security team defects - Boston Herald