Category: Uncategorized

Official website of the Cybersecurity and Infrastructure Security Agency
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
The Cybersecurity Education and Training Assistance Program (CETAP) was formed to improve the cybersecurity workforce and cyber literacy by providing cybersecurity education to every K-12 student in the country. Through a cooperative agreement, CETAP funds an awardee to equip teachers with cybersecurity educational curricula, professional development opportunities and classroom technology.
Cyber.org – Funded by CISA’s CETAP grant, this non-profit organization develops and deploys a nationally focused, K-12 cybersecurity education and training model for teachers. Through various educational tools, Cyber.org enables teachers to provide students with a cybersecurity educational foundation across all 50 states. To learn more about the available resources and upcoming Cyber.org events, please visit Cyber.org or email info@cyber.org for more information.
Project REACH – Project Realizing Equitable Access to Cybersecurity in High School (REACH) is a feeder program that connects K-12 schools to Historically Black Colleges and Universities’ (HBCU) cybersecurity and computer science programs to close the diversity gap in cybersecurity. Cyber.org facilitates the relationship between high school classrooms and their local HBCU through cybersecurity activities, classroom support, campus visits and more. To find out more about Project REACH, including information on joining the K-12 team, becoming an Outreach Provider and joining as an HBCU, visit Cyber.org/projectreach.
Project Access – Project Access aims to support the programming options of local and state agencies by offering cyber education opportunities for blind and visually impaired students through immersive experiences that are fully compatible with assistive technology such as screen readers or magnification software. This helps give blind and visually impaired students the confidence and knowledge necessary to pursue higher education and technology careers. To find out more about all that Project Access has to offer, contact Jon Ownby, Cyber Education Specialist, at Jon.ownby@cyber.org.
CISA.gov
An official website of the Cybersecurity and Infrastructure Security Agency

source

Hi, what are you looking for?
When the admin console is accessible via the Internet, it’s only a matter of time before data is breached.
By
Published
A significant data breach has impacted the healthcare giant Community Health Systems (CHS). This is to the extent that up to one million people have been impacted. The data breach has been identified as arising from file-transfer software called GoAnywhere MFT, developed by Fortra.
“As a result of the security breach experienced by Fortra, protected health information and personal information of certain patients of the company’s affiliates were exposed by Fortra’s attacker,” according to a spokesperson from Community Health Systems.
Looking into the matter for Digital Journal is , Almog Apirion, CEO and Co-Founder of Cyolo.
For Apirion  this issue represents another cyber-swipe against the healthcare and medical communities. This sector represents a continual target for those seeking to capture personal data.
As Apirion  explains: “Healthcare organizations are unfortunately no stranger to cyberattacks and data breaches. Institutions like Community Health Systems (CHS) are an attractive target for threat actors due to their troves of personal information and their reliance on third parties both for cybersecurity and other aspects of their work.”
In terms of the mode of attack, Apirion describes: “The reality is that when hackers exploit vulnerabilities in third-party security tools, the lives and privacy of patients are put at risk. Interoperability is vital for successful healthcare delivery, so a Managed File Transfer (MFT) is a needed solution.”
MFT is a technology platform that allows organizations to reliably exchange electronic data between systems and people in a secure way that goes someway to meeting business compliance needs.
There are inherent weaknesses, as identified by Apirion: “When the admin console is accessible via the Internet, it’s only a matter of time before data is breached. Any connection to a sensitive data source must be properly managed and secured.”
There are measures that healthcare institutions could and should adopt. Apirion defines these as: “Zero-Trust Access strategies should be employed to support the needed connections, especially between care delivery partners. This is especially useful when critical applications, like MFT, need to be connected to the Internet.”
In outlining the benefits of these types of approaches, Apirion surmises: “Having the ability to restrict access and keep the application hidden will go a long way to preventing this type of breach in the future.”
Dr. Tim Sandle is Digital Journal’s Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.
Baidu’s ‘Ernie Bot’ was unveiled at a press event in Beijing – Copyright AFP/File Jade GAOChinese search engine company Baidu’s shares fell as much…
Bread and potatoes: a man buys food at a cut-price Red Cross shop – Copyright AFP/File Daniel ROLANDViken KANTARCIIt’s not yet 6 am and…
The EU has already committed to invest hundreds of billions of euros in green tech including solar panels – Copyright AFP/File Kazuhiro NOGIRobin MILLARDThe…
Global action against TikTok, owned by Chinese firm ByteDance, kicked off in earnest in India in 2020 – Copyright AFP Fabrice COFFRINIJules BONNARDTikTok’s breakneck…
COPYRIGHT © 1998 – 2023 DIGITAL JOURNAL INC. Sitemaps: XML / News . Digital Journal is not responsible for the content of external sites. Read more about our external linking.

source

Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.
Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.
By signing up you agree to allow POLITICO to collect your user information and use it to better recommend content to you, send you email newsletters or updates from POLITICO, and share insights based on aggregated user information. You further agree to our privacy policy and terms of service. You can unsubscribe at any time and can contact us here. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Loading
You will now start receiving email updates
You are already subscribed
Something went wrong
By signing up you agree to allow POLITICO to collect your user information and use it to better recommend content to you, send you email newsletters or updates from POLITICO, and share insights based on aggregated user information. You further agree to our privacy policy and terms of service. You can unsubscribe at any time and can contact us here. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
By JOHN SAKELLARIADIS 
03/06/2023 10:00 AM EST
With help from Maggie Miller

— New House members on the Homeland Security, Oversight and Armed Services Committees are hoping to shore up the nation against cyber threats.
HAPPY MONDAY, and welcome to Morning Cybersecurity! Since I’m not a big fan of zombie shows, I was expecting my appetite for the “Last of Us” would fade rather quickly.
But my love for the show just won’t die. Ha!
Got tips, feedback or other commentary? Send them my way at [email protected]. You can also follow @POLITICOPro and @MorningCybersec on Twitter. Full team contact info is below.

Acting national cyber director Kemba Walden speaks at the Internet Education Foundation’s State of the Net Conference. Conference begins at 9 a.m. Walden speaks at 4:20 p.m.

NEW CYBER LAWMAKERS ASSEMBLE — Freshman members of several key House committees are aiming to point a renewed focus at cyber threats facing the nation into the 118th Congress, Maggie writes in a new story out (for Pros!) today.
Among the more than 80 new members of the House and Senate are some who have past experience in the cybersecurity space, and have been placed on key subcommittees as a result. They laid out some of their priorities in interviews with POLITICO, including securing elections ahead of the 2024 presidential race, shoring up the security of critical utilities against cyber threats from nations including Russia and China, and improving oversight of federal agencies key to the cyber mission.
— On the home front: The House Homeland Security Committee is chock full of new members with a background in cyber. These include Rep. Laurel Lee (R-Fla.), the former Florida secretary of state, who says cybersecurity was the “No. 1” issue that took up her time in that role, specifically in regards to securing elections.
“One of our key responsibilities is ensuring the public understands the threat we face from cyber actors and what our elected officials are doing to keep their voting experience kept secure,” Lee, a new member of the committee’s Subcommittee on Cybersecurity and Infrastructure Protection, said in an interview.
Rep. Mike Ezell (R-Miss.) — another of the new Republican lawmakers on the House Homeland Security Committee’s cyber subcommittee — says his main priority is “ensuring our critical infrastructure has the necessary protection to respond to cyberattacks from foreign adversaries,” and ensuring CISA is adequately resourced.
— On the other side: Freshman Democrats on the House Homeland Security Committee are also keen to focus on cyber threats. Rep. Seth Magaziner (D-R.I.) is a member of the cyber subcommittee and the ranking member of the House Homeland Security Committee’s Subcommittee on Counterterrorism, Law Enforcement, and Intelligence, succeeding former Rep. Jim Langevin.
“This is a committee that my predecessor from my district served on for many years, and he was a real leader on cybersecurity,” Magaziner said of Langevin. “I certainly feel a responsibility to follow in his footsteps in that regard.”
Another freshman member new to House Homeland is Rep. Glenn Ivey (D-Md.), who says he hopes the committee is able to focus on cybersecurity priorities like oversight of CISA, threats from Russia and China, and securing elections alongside the border and immigration priorities the Republican committee leadership will pursue.
Ivey advocated for the idea of pursuing annual internal cybersecurity assessments from agencies like CISA, the Office of Management and Budget, the Office of the National Cyber Director and the Government Accountability Office in order to measure “whether additional cybersecurity measures are appropriate and needed.”
— On other committees: In another part of the House, new Rep. Jared Moskowitz (D-Fla.) is looking to take action to secure federal networks against cyber threats as part of his role on the House Oversight and Accountability Committee’s newly reestablished cyber subcommittee.
Rep. Chris Deluzio (D-Pa.), the only freshman Democrat on the House Armed Services Committee’s cyber subcommittee, is the former policy director at the University of Pittsburgh’s Pitt Cyber. He is planning to bring his experience in that position, such as protecting critical infrastructure from cyber threats, to his new role.
“Our adversaries are already investing heavily in cyber as a key element of the next field of battle,” Deluzio said, stressing the need to secure privately owned critical infrastructure. “If we don’t, we risk leaving too many Americans vulnerable, online and otherwise, and would leave our military ill-prepared to confront threats from our foes in a future conflict.”

We’re spilling the tea (and drinking tons of it in our newsroom) in U.K. politics with our latest newsletter, London Playbook PM. Get to know all the movers and shakers in Westminster and never miss a beat of British politics with a free subscription. Don’t miss out, we’ve got some exciting moves coming. Sign up today.
Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

BUSY WEEK OF CYBER HEARINGS — Between the Senate and House renditions of the annual global threat briefing and three further cyber-adjacent hearings, 1s and 0s are set to come up early and often on the Hill this week.
Double-dip with the intel chiefs — On Wednesday and Thursday, the country’s five top intelligence officials will appear before the Senate and House intelligence panels to discuss the biggest security threats to the U.S.
The hearings will follow the now-imminent release of an ODNI-authored report on the same topic, known as the Annual Threat Assessment, which includes joint intelligence community findings on everything from cybersecurity to weapons proliferation.
To help make sense of the document, lawmakers in both chambers will receive testimony from FBI Director Chris Wray, CIA Director Bill Burns, Director of National Intelligence Avril Haines, Defense Intelligence Agency Director Lt. Gen. Scott D. Berrier and dual-hatted NSA-Cyber Command Gen. Paul Nakasone.
Nakasone, D.C.’s most sought after man — In addition to two hearings before the intelligence panel, Gen. Paul Nakasone will appear Tuesday at a Senate Armed Services committee hearing to check in on the vim and vigor of the U.S. Special Operations Command and U.S. Cyber Command.
Expect Nakasone to field questions about the training, quality and retention of the country’s keyboard warriors — a constant bugaboo for the Command, which faces stiff competition for talent with the private sector and can only rent its personnel short-term from the services.
Two more for the road — On Thursday, the House Homeland Security Committee will host a hearing (yes, another) on the threats that the Chinese Communist Party poses to the homeland, where TikTok, IP theft and online influence are sure to surface.
Finally, the House Armed Services Committee’s cyber subcommittee will bring in the Pentagon’s chief information and chief digital and artificial intelligence officers to talk about AI, IT and how to protect Defense Department networks.

WINDS OF REFORM — This afternoon, a board member on an influential executive branch advisory panel is set to outline possible fixes to Section 702 of the Foreign Intelligence Surveillance Act, yet another sign that the White House faces an uphill battle in its effort to secure a reform-free renewal of the controversial electronic surveillance program.
Why that matters — When he speaks at today’s State of the Net Conference, Travis LeBlanc will become the first of five board members on the Privacy and Civil Liberties Oversight board to make public his views on Section 702, which is set to sunset at year’s end.
The P-What? — The independent, bipartisan board acts as a privacy and civil liberties watchdog for the executive branch.
Later this spring, the full board will release a review of Section 702, its first since 2014, that is expected to shape the debate around the necessity for and nature of possible reforms.
Hint of what LeBlanc is eyeing? — At a PCLOB public forum on 702 last month, LeBlanc asked whether Congress should obtain a FISA order or warrant before conducting searches on Americans.
Since then, so-called “backdoor searches” — in which FBI officials query 702 data for information on Americans that is collected “incidentally” through foreign surveillance — has drawn growing attention among skeptics of the program.
Agree to disagree — Last week, DNI Director Haines and Attorney General Merrick Garland sent a letter to Congressional leadership arguing that 702 should be renewed as is.
The same morning, Assistant Attorney General Matt Olsen contended that many of the perceived privacy abuses of the program — the queries involving Americans — actually stem from FBI cybercrime investigations, where the bureau is seeking assistance for possible victims. “Without Section 702,” he said, “we simply don’t have a means to collect that information, certainly not at the speed of a cyberattack.”
Not enough — Thus far, those pleas are falling on deaf ears, with Congressional Republicans quickly pooh poohing the idea of a clean reauthorization, as POLITICO reported last week.
One stumbling block for the administration? Still smarting from the Carter Page investigation, Congressional Republicans are adamant about reforming other sections of FISA, too.
While the FISA statutes relevant to the Page case are not set to expire this year, the GOP looks keen to leverage the 702 sunset to secure changes elsewhere in the statute.

DOWNLOAD THE POLITICO MOBILE APP: Stay up to speed with the newly updated POLITICO mobile app, featuring timely political news, insights and analysis from the best journalists in the business. The sleek and navigable design offers a convenient way to access POLITICO’s scoops and groundbreaking reporting. Don’t miss out on the app you can rely on for the news you need, reimagined. DOWNLOAD FOR iOS– DOWNLOAD FOR ANDROID.
CISA appears to be taking a page out of cyber meme king Rob Joyce:

Twitter
— FBI searches for Americans’ data in 702 databases said to drop following compliance fixes. (New York Times)
— EPA’s new cybersecurity mandates worry industry and cyber experts. (CyberScoop)
— Ukraine has fended off a “year of wipers” from Russia. (The Record)
— A state-led effort to combat voter fraud is running into a major obstacle: election conspiracy theories. (AP News)
— Meet the investigator tackling Greece’s spy scandal. (POLITICO)
Chat soon.
Stay in touch with the whole team: Maggie Miller ([email protected]); John Sakellariadis ([email protected]); and Heidi Vogt ([email protected]).
~~~~~

© 2023 POLITICO LLC

source

Mandiant is now part of Google Cloud. Learn More.
Explore our multi-vendor XDR platform, delivering Mandiant products and integrating with a range of leading security operations technology.
Explore the platformarrow_forward
Solve your toughest cyber security challenges with combinations of products and services.
Mitigate threats, reduce risk, and get back to business with the help of leading experts.
Learn morearrow_forward
View all services (47)arrow_forward
Mandiant specializes in cyber threat intelligence, offering products, services, and more to support our mission to defend against cyber crime.
Get the latest insights from cyber security experts at the frontlines of threat intelligence and incident response
M-Trends 2022 reportarrow_forward
mWISEarrow_forward
Learn more about us and our mission to help organizations defend against cyber crime.
Learn morearrow_forward
Start for Free
 
Cyber capabilities are an increasingly important tool of statecraft with today’s operations increasingly reflecting the strategic and geopolitical ambitions of government sponsors. This makes it essential to connect network defenders and policymakers. 
The Munich Cyber Security Conference (MCSC), therefore, provides a welcome exchange to discuss nascent challenges facing the cyber security community. Both Mandiant Intelligence VP Sandra Joyce, and Google Cloud CISO Phil Venables spoke at this year’s event. 
This blog post outlines key takeaways from MCSC 2023 and how Mandiant, now a part of Google Cloud, is playing a leading role in addressing burgeoning cyber policy issues. 
Cyber operations stemming from Russia’s invasion were an inevitable focus at MCSC 23. This was for good reason: Mandiant observed more destructive cyberattacks in Ukraine during the first four months of 2022 than in the previous eight years.
One of the main challenges since the invasion began has been defending against such a wide spectrum of Russian campaigns. Even more significant than the variety of cyber operations, however, has been the way they have fused together. 
This is reflected in Google’s and Mandiant’s jointly published Fog of War report, which explores how the Ukraine conflict has transformed the cyber threat landscape. The report outlines several ways in which the lines are blurring in cyber conflict. For example:
Network defenders are now facing multifaceted threats in the face of increased coordination across cyber espionage, destructive operations, information operations, hacktivism, and cybercrime. 
We must address these challenges by doubling down on our own collaboration within the security community. We are doing this at Google already. As the Fog of War report highlights, while Google’s Threat Analysis Group (TAG) is actively protecting Google users impacted by the conflict, Mandiant is delivering incident response services in Ukraine, and Google Trust and Safety teams are taking decisive action to demonetize and block outlets of Russian information operations.
Check out Phil’s blog post for more on what business leaders can learn from our Fog of War report.
The importance of responsible players was a common theme during MCSC 23. Several government speakers called on industry to play an active role in response to today’s challenges throughout the conference. Google and Mandiant remain committed to being responsible players.
For instance, Google Cloud services operate a shared-fate model for risk management in conjunction with our customers. We believe that it’s our responsibility to be active partners as our customers deploy securely on our platform, not delineators of where our responsibility ends. We’re committed to building security into all of our platforms and products by default in an effort to address the root causes of cyber insecurity globally.
Mandiant has long had deep insight into adversary activity that will be further complemented by Google’s own insights. Responsibility for us means building a collective view of the threat landscape across Google, but doing so in a way that protects privacy and sensitive data. As Google Cloud CEO, Thomas Kurian, outlined when Google completed the acquisition of Mandiant, our joint vision is to democratize security operations with access to the best threat intelligence. Google Cloud and Mandiant, therefore, intend to play an active role in equipping the security community with useful insight into the threats that really matter. 
Within Europe, the conversations around cyber security and regulation are often discussed in tandem. This year’s MCSC was no exception, given the dynamic regulatory environment within Europe. The Network and Information Security Directive 2.0 (NIS2) is now adopted in the EU, while the Cyber Resilience Act (CRA) has recently been published. 
Google Cloud is committed to ensuring that our platform and security tools support the highest standard of compliance. We’ve spent more than a decade developing mature processes for risk governance, incident reporting, and vulnerability management to support our compliance journey. 
NIS2 means a comprehensive incident response plan and clear reporting are now more important than ever. Mandiant intends to play an active role in remediating incidents and equipping organizations with a clear understanding of their vulnerabilities and the roadmap to building secure networks through our incident response, advisory, and intelligence services. 
Meanwhile, the CRA focus on bolstering supply chain security makes it increasingly important to use threat intelligence to focus on the supply chain threats that really matter. The Russian-backed SolarWinds supply chain compromise has instigated a wide conversation around supply chain security among security leaders in recent years. However, there is a broader context that also requires urgent attention.
For instance, our intelligence reporting shows almost 40% of software supply chain compromise in the same year as the SolarWinds compromise involved developer tools and open source libraries. Since then, China has been highly active in conducting software supply chain attacks while Mandiant has observed a sharp uptick in financially-motivated supply chain compromise incidents. 
All of this highlights the important role of threat intelligence in responding to supply chain threats and the CRA. Supply chain threat intelligence can be utilized by regulators themselves to identify prominent threats and design well-informed policy. Network defenders can also leverage supply chain threat intelligence to build a clear protection plan that focuses on key threats. 
Google and Mandiant welcome the opportunity to work with European cyber security regulation to think through these issues.  There also remain clear opportunities to build on the baseline provided by regulation through a more proactive approach. Ultimately, Mandiant conducts a significant number of incident response engagements every week with organizations that are technically compliant, yet remain highly vulnerable to today’s threats.
MCSC 2023 outlined a variety of challenges across the cyber policy and network defense community. However, we should always remember that the security community possesses the agency and capability to tackle these head on. By scaling our security functions through a combination of threat intelligence and automation, we can remove toil and focus on the threats that matter most. This vision underpins a variety of initiatives across Google’s security teams. 
Building a deeper understanding of the threat landscape across Google through a responsible, careful, and considered approach will be devastating for today’s cyber adversaries. When network defenders are up against well-resourced government backed attackers, the situation can easily feel hopeless. However, threat intelligence can empower security functions. Better visibility into threats leads to faster and deeper actionable insight. This allowed defenders to quickly react to nascent threats and thereby impose greater costs on threat actors. 
Rather than a lofty ambition, building a resilient and proactive security posture should be embraced as eminently achievable.






Link to RSS feed
Mandiant experts are ready to answer your questions.

© Copyright 2023 Mandiant. All rights reserved.

source

The Global Defense Cyber Security Market size is expected to reach $33.7 billion by 2028, rising at a market growth of 7.3% CAGR during the forecast period  Yahoo Finance
source

A Fairfield company that provides paternity and other DNA testing has agreed to pay a $200,000 fine for a 2021 data breach.
The breach compromised the personal information of more than 45,000 consumers in Ohio and Pennsylvania, according to a news release from Ohio Attorney General Dave Yost.
The two states negotiated the agreement with DNA Diagnostics Center, which also agreed to institute a new cybersecurity program that meets industry standards.
Yost said DNA Diagnostics hired a third party to conduct data-breach monitoring. But after the contractor detected a breach in May 2021, Yost said, DNA Diagnostics employees overlooked repeated email notifications from the contractor for nearly four months.
During those months, attackers installed malware on the company’s network and extracted data, according to Yost. He said the stolen data wasn’t DNA Diagnostics’ customer data, but data it had purchased from another company in order to expand its business portfolio.
Yost said the breach exposed the Social Security numbers and other personal data of roughly 33,000 Ohioans and 12,500 Pennsylvanians.
 “Negligence is not an excuse for letting consumer data get stolen,” Yost said.

source

MARCH 3, 2023 — The White House Office of the National Cybersecurity Director (ONCD) has partnered with UTSA to accelerate workforce initiatives prioritized by the office. As part of this effort, UTSA recently hosted the Academia Involvement in Community Cybersecurity Conference at the university’s new San Pedro I building in downtown San Antonio.
The goal of the conference was to help institutions of higher education (IHE) and school districts understand how they can impact the nation’s cybersecurity posture and workforce. More than 200 members of government, academia and industries attended the conference.
“Creating the future that we seek — one in which Americans are enriched, empowered and enlivened by connectivity instead of burdened by it — will require contributions by key stakeholders across the public and private sectors. With this in mind, I’m delighted to see that UTSA is hosting an event on the role that academic institutions can play impacting cybersecurity posture and workforce needs,” said Seeyew Mo, assistant national cyber director for ONCD Training and Education.
Conference attendees examined how academia can have a significant impact in their communities and learned how to create a culture of cybersecurity throughout their community. This included all sectors: government, industry, critical infrastructure, academia, non-profit organizations and citizens of all ages. 
The UTSA Center for Infrastructure Assurance and Security (CIAS), which co-hosted the conference, takes a grassroots-level approach to cybersecurity programs that can advance community and organizational cybersecurity capabilities and collaboration.
“The CIAS has been advocating for whole-community cybersecurity programs for 20 years,” said Gregory White, the center’s director. “We’ve seen first-hand how academic institutions, whether at the high school or collegiate level, are key components to effective cybersecurity programs. Schools are pivotal in developing both a pipeline for cybersecurity professionals and establishing cyber hygiene for students and their families.”
The cybersecurity talent gap continues to be a topic of discussion nationwide. According to cyberseek.org, the United States currently has a workforce shortage of 755,743 cybersecurity professionals.
During the conference, IHEs and school districts from across the nation discussed workforce and cybersecurity initiatives that have positively impacted their communities and shared insights into resources available to academia.
“These collaborations are key to filling cybersecurity jobs and building an economy of resilience from the bottom up and the middle out. I hope that the event motivates leaders from across academia, industry and the public sector to further support or to become cybersecurity champions in their communities,” said Mo.
“We hope the ideas presented will spread across the nation through the NSA/DHS Centers of Academic Excellence network and that new ideas will be spawned,” added White. “Ultimately, this will increase community cybersecurity, which will improve overall security nationwide.”
In addition to Mo and White, conference speakers included DHS/CISA Assistant Director for Stakeholder Engagement Alaina Clark, DHS/CISA Texas State Cybersecurity Coordinator Ernesto Ballesteros, Women in Cybersecurity Executive Director Lynn Dohm, Ron and Cyndi Gula from the Gula Tech Foundation, and the Lead for Academic Engagement for the National Initiative for Cybersecurity Education at the National Institute of Standards and Technology Davina Pruitt-Mentle, among others.
The conference, which was co-hosted by the CIAS and the UTSA Cyber Center for Security and Analytics, is also supported by the university’s National Cybersecurity Collaboration Center.
UTSA has long been recognized as a leader in cybersecurity. It is one of just a few universities in the nation—and the only Hispanic Serving Institution—to hold three National Center of Excellence designations from the National Security Agency and U.S. Department of Homeland Security. It is also home to the only School of Data Science in the state of Texas.
— Julina Macy
UTSA Today is produced by University Communications and Marketing, the official news source of The University of Texas at San Antonio. Send your feedback to news@utsa.edu. Keep up-to-date on UTSA news by visiting UTSA Today. Connect with UTSA online at Facebook, Twitter, Youtube and Instagram.
The Buena Vista Theater welcomes Chris Walker as part of the Jazz on the Water by Land & By Sea 2023 Concert Series on Saturday, March 18, 2023 for performances at 7:00 and at 9:30 PM. The Buena Vista Theater Box office is offering free tickets while quantities last. To request tickets contact Jerod Jerry by email at jerod.jerry@utsa.edu no later than 5pm on 3/16.”
Prisca Dorcas Mojica Rodríguez was born in Managua, Nicaragua but calls Nashville, Tennessee home. She is a feminist, theologian, storyteller, and advocate.
This workshop will explain what a citation manager is and how it can help you organize your citations, insert citations as you write your paper, and generate your bibliography.
This workshop will explain what a citation manager is and how it can help you organize your citations, insert citations as you write your paper, and generate your bibliography.
Zaena Zamora executive director of Frontera Fund, Anna Rupani of Fund Texas Choice, and Kamyon Conner of Texas Equal Access Fund will be on a panel for reproductive justice.
Citation managers such as Zotero can help you store and organize the citations you find during your research. Zotero can also generate bibliographies in various styles, insert in-text citations and allow you to share sources with collaborators.
Learn to use the simple but powerful features of EndNote, a citation management tool. In this hands-on workshop, participants will learn to setup an EndNote library, save references and PDFs, and automatically create and edit a bibliography.
Submit an Event
Spotlight
The University of Texas at San Antonio is dedicated to the advancement of knowledge through research and discovery, teaching and learning, community engagement and public service. As an institution of access and excellence, UTSA embraces multicultural traditions and serves as a center for intellectual and creative resources as well as a catalyst for socioeconomic development and the commercialization of intellectual property – for Texas, the nation and the world.
To be a premier public research university, providing access to educational excellence and preparing citizen leaders for the global environment.
We encourage an environment of dialogue and discovery, where integrity, excellence, inclusiveness, respect, collaboration and innovation are fostered.
UTSA is a proud Hispanic Serving Institution (HSI) as designated by the U.S. Department of Education.
The University of Texas at San Antonio, a Hispanic Serving Institution situated in a global city that has been a crossroads of peoples and cultures for centuries, values diversity and inclusion in all aspects of university life. As an institution expressly founded to advance the education of Mexican Americans and other underserved communities, our university is committed to ending generations of discrimination and inequity. UTSA, a premier public research university, fosters academic excellence through a community of dialogue, discovery and innovation that embraces the uniqueness of each voice.

source

Bio image courtesy of Edgar / Background image courtesy of KrulUA / iStock / Getty Images Plus
James Edgar’s wide range of experience protecting public- and private-sector organizations from cybersecurity threats has helped him hone his ability to see the whole picture when it comes to cybersecurity.
Edgar came up through the ranks in network engineering, earning his first information security officer role at the Georgia Department of Corrections after working as a consultant for the agency. “At the time, the state of Georgia was looking to form a new organization called the Georgia Technology Authority, pulling the technology areas of all different agencies within the state.” With that initiative, the state developed cybersecurity standards and established the information security officer position. At the Georgia Department of Corrections, the second-largest agency in the state, Edgar helped integrate the technology functions of each Georgia agency under the Georgia Technology Authority umbrella while securing the data of the state’s 34 correctional facilities.
After securing the Department of Corrections’ networks for a number of years, Edgar stepped into a new role at ChoicePoint, now owned by LexisNexis, to help build out their cybersecurity function as the company dealt with a breakdown in business practices and an FTC audit. “It was a great opportunity to step into an environment and a program that was obviously under a lot of scrutiny, but getting a lot of support from executives.” There, Edgar played an integral role in maturing the organization’s cybersecurity function, overseeing encryption practices and expanding the corporate cybersecurity policy.
Edgar then moved to Cox Communications, where he grew into senior management roles, leading their security architecture program and third-party risk management efforts. From there, he moved to Elavon, a payment processer and subsidiary of U.S. Bank, where he led their security architecture and assurance teams and helped to mature the financial organization’s cybersecurity program. As he rose through the cybersecurity ranks, Edgar developed programs that matured alongside his career.
Now, Edgar holds the role of Senior Vice President, Chief Information Security Officer (CISO) at FLEETCOR, a corporate services and business payment firm. As the organization’s second-ever CISO, Edgar leads the company’s Global Information Security team, which covers North America, South America, the U.K. and Europe, with some connections in the APAC region.
The Global Information Security team covers a number of cybersecurity goals within the organization and with its external partners. One team within Global Information Security focuses on incident response, security operations and vulnerability identification and remediation. The security engineering & consulting team ensures that FLEETCOR and its clients have the proper controls in place to support growth and update existing solutions. “They’re kind of the frontline to ensure that as we develop, grow and build up frameworks around our program, they are being applied properly and we have the right controls, tools and processes in place.” Another team works on IT governance, compliance and risk efforts, covering over 20 audits and assessments that the organization undergoes each year to ensure a competitive and compliant cybersecurity posture.
FLEETCOR has BISOs throughout its regions as well, who help to infuse the company’s cybersecurity practices with location-specific intelligence. “As organizations get bigger and they get spread out, it’s very difficult to manage everything from a central location. When everything is funneled through one area, it helps to have engagement with the lines of business (LOBs),” says Edgar. “That’s why these business information security officers are so critical to success. They ensure that local CIOs are engaged with our cybersecurity program, that we’re meeting compliance requirements, and that risk is being addressed within those LOBs.”
Growth has been a common theme throughout Edgar’s career, and FLEETCOR is no exception. “We’ve quadrupled the Global Information Security team since I started here. With a truly global team, we’ve been able to bring in a lot more maturity to the program.” A business-critical aspect of FLEETCOR’s cybersecurity team is ensuring the security of the company’s mergers and acquisitions (M&As). FLEETCOR has acquired over 100 companies in the last decade, and Edgar’s team works to reduce risk and ensure compliance as those organizations merge. Edgar foregrounds compliance to ensure security during these business transitions. “Of course, every acquisition is unique, but there are fundamentals that you want to follow. From a security standpoint, it helps to start with a compliance framework. From there, because a lot of these companies are private, smaller businesses that didn’t grow up in the world of SOX regulations, you go in and help them understand what it means to be part of FLEETCOR.”
Training newly acquired companies on how to deal with that cybersecurity “culture shock,” as Edgar calls it, is one of the most critical aspects of securing a business during and after M&As. By taking the time to explain the cybersecurity programs implemented in their environment after an M&A, large companies can help small businesses understand the need for cyber compliance, says Edgar. “It may not happen overnight,” he says, but emphasizing and expanding policies, security standards and compliance can help provide a framework for acquired businesses to bolster their cybersecurity programs. “It really comes down to instilling a culture. We need to make sure that security is everybody’s job. Everyone’s a part of that process, and it only takes one person to click on the wrong link.”
That security culture conversation extends from M&As to internal boardrooms as well. Edgar says he’s seen a shift in the way cybersecurity & compliance are talked about in the C-suite. “Businesses realize the importance of engaging security,” he says. “Security is really about enabling the business and helping them understand that if we want to be more competitive, security is a big part of that. At the end of the day, compliance doesn’t equal security, but if you do security right, you’ll be compliant.”
Edgar says that throughout all of the industries in which he’s worked, protecting data comes down to building a security-minded culture within the organization. Whether it’s impressing upon a corrections officer the importance of avoiding suspicious websites or training executives not to click phishing links, cybersecurity starts with everyone building security awareness across the organization. “Cybersecurity really is a team sport. As I’ve gone through my career and moved up the ladder, it becomes more and more important.”

You must have JavaScript enabled to enjoy a limited number of articles over the next 30 days.
Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company. Interested in participating in our Sponsored Content section? Contact your local rep.
ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe. 
Employees don’t feel prepared to navigate an increasingly dangerous world, and they expect their employers to not only care about their personal safety, but to actively keep them safe. 
 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 
Copyright ©2023. All Rights Reserved BNP Media.
Design, CMS, Hosting & Web Development :: ePublishing

source

Cyber security is vital as it protects people and devices from falling prey to cyber-attacks.
Download The Economic Times News App to get Daily Market Updates & Live Business News.
More
Read Complete Print Edition

source

In a span of 13 months, cyber scamsters allegedly swindled people out of over Rs 335 crore even as the Haryana Police’s cyber cell is now scrambling to identify the conmen and put them behind bars. The cell’s priority is also to put on hold the fraudulent transactions and recover the swindled money from the possession of the accused.
From January 1, 2022, to December 31, 2022, the cyber cell received over 66,784 complaints in which the complainants alleged that they were duped of Rs 301,48,30,788 (approx Rs 301 crore). Taking cognisance of the complaints, the cyber cell has so far managed to put the transactions on hold or recover Rs 46,91,10,031 (approx Rs 47 crore).
Out of these over 66,784 complaints, 33,532 complaints are pending and under process, while 31,087 have been disposed of.
Also, 2,165 criminal cases have been registered and more than 1,065 people have so far been arrested in these criminal cases.
In January 2023, another Rs 34.80 crore has allegedly been swindled by cyber scamsters, out of which the cyber cell has been able to recover over Rs 2.78 crore. In this month, 166 criminal cases were registered of which 61 accused have so far been arrested.
Haryana Chief Minister Manohar Lal Khattar on February 8 reviewed the law and order situation in the state and expressed concern about growing cyber crimes.
“Cyber crime has become a threat not only to individuals but also to the government sector, thus endangering national security,” Khattar had said while chairing the law and order review meeting that was attended by state’s home minister Anil Vij and top police officers of the state.
Haryana Police department is being technologically strengthened to meet the ongoing challenges posed by cyber crimes. The state police is opening new cyber police stations and will also be launching a special awareness drive across the state telling people about the safety tips and precautions that are required to be taken to avert cyber frauds.
Officials told The Indian Express that in the last 13 months, over 1.81 lakh calls have been received on the cybercrime helpline number 1930. Till February 4 this year, the cyber cell had got over 22,444 bank accounts of suspected cyber criminals blocked and are initiating further action. Over 30,029 mobile phone numbers that were allegedly being used to commit cybercrimes have been uploaded on the “Cyber Safe” Portal for blocking, while a technical opinion is being sought from the central agencies/experts through CyCord Portal in 236 cases.
The cyber cell has also analysed that the cyber criminals are using “Rainbow Table Attacks” for hacking passwords.
“Rainbow table attack is a password hacking method that involves using rainbow hash tables. Whenever a password is stored on a system, it’s encrypted using a ‘hash’. In order to bypass this, hackers maintain directories that record passwords and their corresponding hashes, often built from previous hacks. Rainbow tables make password cracking much faster than earlier methods, such as brute-force attacks and dictionary attacks. Rainbow tables store a pre-compiled list of all possible plain text versions of encrypted passwords based on a hash algorithm,” an officer said.
Explaining the modus operandi, a senior official said, “As password databases are often poorly secured, criminals are able to gain access to leaked hashes in order to carry out rainbow table attacks. The process is simplified as a search-and-compare operation, as all of the values in a rainbow table are already computed. In rainbow table attacks, the exact password doesn’t need to be known. Authentication is possible as long as the hash matches. Such attacks are specific to given password hash and password types. The sheer volume of possible combinations means rainbow tables can be enormous, often hundreds of gigabytes in size. Rainbow table attacks are possible on various kinds of passwords such as 8&9-character new technology LAN Manager passwords; and cyber criminals steal password hashes and decrypt the passwords of every user from a web application/network which is using outdated password hashing techniques.”
Steve Smith on standby for captaining; Cameron Green fit to be back- Report


Varinder BhatiaVarinder is Deputy Resident Editor, The Indian Express, Chandigarh. Wi… read more

source