Security News
That's just one of the vulnerabilities that the agencies are seeing being exploited this year by what they say are sophisticated foreign cyber actors. All that for 2020, and we still haven't even gotten to the meat of the report: the 10 most exploited vulnerabilities for the years 2016 through 2019.
An alert the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency published this week reiterates previously issued recommendations on how organizations should properly secure Microsoft Office 365 deployments. In May last year, the agency issued an alert to highlight some of the common security oversights by Office 365 customers, and also included a series of recommendations on how organizations could improve their security posture.
Heads up, Microsoft Office 365 users: It's time to take some important steps in securing your account. The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency has released some recommendations to help secure the online productivity service.
The Department of Homeland Security is urging companies that use Pulse Secure VPNs to change their passwords for Active Directory accounts, after several cyberattacks targeted companies who had previously patched a related flaw in the VPN. DHS warns that the Pulse Secure VPN patches may have come too late. "CISA strongly urges organizations that have not yet done so to upgrade their Pulse Secure VPN to the corresponding patches for CVE-2019-11510," according to CISA's alert.
The DHS is partnering with BlueRISC Inc to develop Cloud-based Root-of-Trust technology to keep agency email separate and secure on corporate-owned, personally enabled devices, even when the user operates personal email from the same device. "The EPRIVO Enterprise 2.0 email system ensures the confidentiality of email in transit, in cloud storage at an email service provider, and when stored on the mobile device, providing both physical and cryptographically based protections," said Kris Carver, BlueRISC Technical Director.
With people worldwide forced to work from home due to the coronavirus epidemic, NIST and DHS published a series of recommendations on how to ensure that virtual meetings and connections to enterprise networks are protected from prying eyes. The security of virtual meetings might often be an afterthought, but basic precautions can ensure that they don't lead to data breaches or other security incidents, says Jeff Greene, director of the National Cybersecurity Center of Excellence at the National Institute of Standards and Technology.
A former acting inspector general of U.S. Department of Homeland Security and another government official have been indicted for allegedly stealing DHS proprietary software and databases and then attempting to resell the technology back to the government, according to the Justice Department. In their indictment, federal prosecutors allege that between October 2014 and April 2017, Edwards, Venkata and other unnamed co-conspirators began attempting to steal proprietary software used by the DHS Office of Inspector General as well as a database that contained the personally identifiable information of DHS and U.S. Postal Service employees.
In interviews at RSA 2020, former Department of Homeland Security Secretary Michael Chertoff and Andy Purdy, CSO for Huawei USA, offer different points of view on 5G security. With the U.S. late to the 5G race, Chertoff says that America needs to work more closely with its allies and telecom equipment makers in Europe and Asia to make next-generation technology that competes with equipment from China's Huawei more price competitive as well as improve security.
In interviews at RSA 2020, former Department of Homeland Security Secretary Michael Chertoff and Andy Purdy, CSO for Huawei USA, offer different points of view on 5G security. With the U.S. late to the 5G race, Chertoff says that America needs to work more closely with its allies and telecom equipment makers in Europe and Asia to make next-generation technology that competes with equipment from China's Huawei more price competitive as well as improve security.
The U.S. Department of Homeland Security has issued warnings about the possibility of cyberattacks launched by Iran in response to the United States killing Qassem Soleimani, a top Iranian military commander. While many - including U.S. officials - have criticized the decision to kill the leader of the Iranian Revolutionary Guards' Quds Force unit, Washington justified its actions by claiming that Soleimani had been planning an imminent attack on U.S. interests in the Middle East.