Security News
With only hours until the deadline for the directive, issued on Friday, to be executed, what is at stake is a "Vulnerability [that] poses an unacceptable risk to the Federal Civilian Executive Branch and requires an immediate and emergency action," according to the Cybersecurity and Infrastructure Security Agency. Microsoft released a patch for the vulnerability as part of its August 11, 2020 Patch Tuesday security updates.
The Department of Homeland Security on Friday issued an Emergency Directive that requires federal agencies to install fixes for a Netlogon elevation of privilege vulnerability for which Microsoft released patches in August 2020. In its Emergency Directive 20-04, the DHS's Cybersecurity and Infrastructure Security Agency warns all federal agencies that applying Microsoft's patches is the only available mitigation for this critical vulnerability, aside from removing affected domain controllers from the environment.
That's just one of the vulnerabilities that the agencies are seeing being exploited this year by what they say are sophisticated foreign cyber actors. All that for 2020, and we still haven't even gotten to the meat of the report: the 10 most exploited vulnerabilities for the years 2016 through 2019.
An alert the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency published this week reiterates previously issued recommendations on how organizations should properly secure Microsoft Office 365 deployments. In May last year, the agency issued an alert to highlight some of the common security oversights by Office 365 customers, and also included a series of recommendations on how organizations could improve their security posture.
Heads up, Microsoft Office 365 users: It's time to take some important steps in securing your account. The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency has released some recommendations to help secure the online productivity service.
The Department of Homeland Security is urging companies that use Pulse Secure VPNs to change their passwords for Active Directory accounts, after several cyberattacks targeted companies who had previously patched a related flaw in the VPN. DHS warns that the Pulse Secure VPN patches may have come too late. "CISA strongly urges organizations that have not yet done so to upgrade their Pulse Secure VPN to the corresponding patches for CVE-2019-11510," according to CISA's alert.
The DHS is partnering with BlueRISC Inc to develop Cloud-based Root-of-Trust technology to keep agency email separate and secure on corporate-owned, personally enabled devices, even when the user operates personal email from the same device. "The EPRIVO Enterprise 2.0 email system ensures the confidentiality of email in transit, in cloud storage at an email service provider, and when stored on the mobile device, providing both physical and cryptographically based protections," said Kris Carver, BlueRISC Technical Director.
With people worldwide forced to work from home due to the coronavirus epidemic, NIST and DHS published a series of recommendations on how to ensure that virtual meetings and connections to enterprise networks are protected from prying eyes. The security of virtual meetings might often be an afterthought, but basic precautions can ensure that they don't lead to data breaches or other security incidents, says Jeff Greene, director of the National Cybersecurity Center of Excellence at the National Institute of Standards and Technology.
A former acting inspector general of U.S. Department of Homeland Security and another government official have been indicted for allegedly stealing DHS proprietary software and databases and then attempting to resell the technology back to the government, according to the Justice Department. In their indictment, federal prosecutors allege that between October 2014 and April 2017, Edwards, Venkata and other unnamed co-conspirators began attempting to steal proprietary software used by the DHS Office of Inspector General as well as a database that contained the personally identifiable information of DHS and U.S. Postal Service employees.
In interviews at RSA 2020, former Department of Homeland Security Secretary Michael Chertoff and Andy Purdy, CSO for Huawei USA, offer different points of view on 5G security. With the U.S. late to the 5G race, Chertoff says that America needs to work more closely with its allies and telecom equipment makers in Europe and Asia to make next-generation technology that competes with equipment from China's Huawei more price competitive as well as improve security.