Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label NSA. Show all posts
protection protect personal data
advice online privacy Cyber Security cybersecurity best practices cybersecurity tips phishing prevention NSA protection protect personal data

NSA’s Common-Sense Phishing and Cybersecurity Tips to Protect Your Personal Data Online

 

Websites frequently conceal the extent to which they share our personal data, employing tactics to obscure their practices and prevent consumers from making fully informed decisions about their privacy. This lack of transparency has prompted governmental responses, such as the European Union's GDPR and California's CCPA, which require websites to seek permission before tracking user activity.

Despite these regulations, many users remain unaware of how their data is shared and manipulated. A recent study delves into the strategies employed by websites to hide the extent of data sharing and the reasons behind such obfuscation.

The research, focusing on online privacy regulations in Canada, reveals that websites often employ deception to mislead users and increase the difficulty of monitoring their activities. Notably, websites dealing with sensitive information, like medical or banking sites, tend to be more transparent about data sharing due to market constraints and heightened privacy sensitivity.

During the COVID-19 pandemic, as online activity surged, instances of privacy abuses also increased. The study shows that popular websites are more likely to obscure their data-sharing practices, potentially to maximize profits by exploiting uninformed consumers.

Third-party data collection by websites is pervasive, with numerous tracking mechanisms used for advertising and other purposes. This extensive surveillance raises concerns about privacy infringement and the commodification of personal data. Dark patterns and lack of transparency further exacerbate the issue, making it difficult for users to understand and control how their information is shared.

Efforts to protect consumer privacy, such as GDPR and CCPA, have limitations, as websites continue to manipulate and profit from user data despite opt-in and opt-out regulations. Consumer responses, including the use of VPNs and behavioral obfuscation, offer some protection, but the underlying information asymmetry remains a significant challenge.
Read more »
Technology
Cloud Protection Cloud Servicing CSI Data Safety and Protection NSA Technology

CSI/NSA Joint Best Practices for Cloud Security

 

The NSA and CISA have released a set of five cybersecurity bulletins to help make cloud environments safer. These bulletins share important tips for keeping cloud systems secure, which are used a lot by businesses. 

Cloud services are popular because they let companies use servers, storage, and apps without having to worry about managing all the complicated tech stuff themselves. This has made life easier for businesses big and small, allowing them to focus on what they do best while relying on the reliability and flexibility of cloud platforms. 

What is cool is that many companies now offer both regular software you install on your own computers and cloud versions that they manage for you. This means businesses have choices and do not have to deal with all the headaches of managing software themselves. 

The partnership between NSA and CISA shows how important it is to keep cloud systems safe, especially now that more and more businesses are using them for remote work and digital upgrades. These bulletins give organizations practical advice on how to stay safe from online threats and keep their data secure. 

By sharing these joint tips, NSA and CISA want to make sure that businesses have the right tools and knowledge to protect themselves against cyber attacks as they use cloud services. It is like giving them a guidebook to navigate the sometimes tricky world of cybersecurity. 

CSI/NSA Joint Best Practices for Cloud Security 

1. Use Secure Cloud Identity and Access Management Practices 

To keep your cloud systems safe, it's crucial to manage who can access them and how they do it. Follow these tips: 

Enable Multi-Factor Authentication (MFA): Make it harder for unauthorized users to get in by requiring more than just a password. 

Securely Store Credentials: Keep your login information safe and away from prying eyes. Partition Privileges: Limit what each person can do in the cloud to minimize the risk of someone doing something they shouldn't. 

2. Use Secure Cloud Key Management Practices

When it comes to managing encryption keys in the cloud, it's important to do it right.  Here's how: 

Understand Shared Security Responsibilities: Know who is responsible for what when it comes to keeping encryption keys safe. 

Configure Key Management Solutions (KMS) Securely: Set up your encryption key systems in a way that is safe and secure. 

3. Implement Network Segmentation and Encryption in Cloud Environments 

To protect your data as it moves around in the cloud, follow these steps: 

Encrypt Data in Transit: Keep your data safe as it travels between different parts of the cloud. 

Segment Your Cloud Services: Keep different parts of your cloud separate from each other to stop them from talking when they should not. 

4. Secure Data in the Cloud 

When storing data in the cloud, make sure it stays safe with these practices: 

Encrypt Data at Rest: Keep your data safe even when it is sitting around doing nothing. 

Control Access to Data: Only let the right people get to your data,and keep everyone else out. 

Backup and Recovery Plans: Have a plan in place to get your data back if something goes wrong. 

5. Mitigate Risks from Managed Service Providers in Cloud Environments 

When working with outside companies to manage your cloud, take these steps to stay safe: 

Secure Corporate Accounts Used by MSPs: Make sure the accounts used by managed service providers are as secure as your own. 

Audit MSP Activities: Keep an eye on what the managed service providers are doing in your cloud to catch any suspicious activity. 

Negotiate Agreements Carefully: When working with MSPs, make sure your agreements include provisions for keeping your data safe. 

By following these joint best practices from CSI and NSA, you can better protect your cloud systems and keep your data safe from cyber threats.
Read more »
NSA
Cyber Security Cyberattacks CyberCrime data security FBI NSA

NSA Confession: Unlawful Surveillance on Americans Exposed

 


Despite attempts to conceal details of arrangements between United States spy agencies and private companies that track the location of Americans using their cell phones, United States officials fought to conceal the details. Normally, law enforcement and intelligence agencies require a warrant to obtain data from US phones. 

Still, they usually pay companies for that data instead, effectively circumventing the courts to obtain the data. Ron Wyden, a Democratic Senator from Oregon, claims that the US National Security Agency has confirmed that it has bought the internet browsing records of American users without a warrant. 

During the past three years, Congressman Wyden has worked tirelessly to expose the NSA's practices, including buying location data from smartphones without the need for a warrant. It was Wyden's “warrantless purchases” that included information about websites and apps used by users. 

As a result, US government agencies often acquire sensitive information about Americans from commercial marketplaces without the necessity of getting court warrants. The NSA director, Paul Nakasone, wrote to Wyden in a letter that stated that they were only purchasing Netflow data and information from electronic devices that are used in both domestic and international environments. 

It was mostly Internet communications data that was collected, but American communications content was not included in the data. In their claim that the National Security Agency is using commercially available Netflow data to conduct cybersecurity and foreign intelligence activities, to defend US military networks against foreign hackers, and to minimize the collection of U.S. personal information through technical filters, they claim that they are using commercially available Netflow data. 

There is a recent order from the Federal Trade Commission that prohibits data brokers from selling individuals' geolocation data without consumers' consent first, which the senator says the NSA violates. According to him, it is critical that the Office of the Director of National Intelligence ask intelligence agencies to conduct a broader audit of the types of data that they collect and whether the databases they use contain information that violates the FTC order. 

As a result of this most recent disclosure, it has become increasingly apparent how essential it is to improve the accountability and transparency of the intelligence community. Public disclosure should be made of the scope of data collection initiatives, the measures taken to protect against misuse, and the legal justifications for these actions. 

The absence of clear monitoring and judicial review contributes to increased public mistrust and concerns about possible abuse of power. As a key force in influencing clarification from the NSA and passing legislation designed to limit the NSA's appetite for data collection, Congress must play a key role in pressing for clarification. 

To control an intelligence agency that appears more and more concerned about mass surveillance rather than targeted investigation, it is critical to strengthen privacy rights, create independent judicial scrutiny, and develop robust oversight procedures. 

A large amount of information has been obtained by the National Security Agency (NSA) from American citizens in the past. Several reports have surfaced that have revealed similar actions taken by the FBI and other intelligence organizations that are comparable to those taken by the FBI. 

The expansion of the market for personal information gives rise to more general concerns surrounding the possible emergence of a dark sector in which people's privacy may be exploited and commodified for the benefit of the government, thus creating a society in which privacy is exploited and commodified. 

Internet privacy goes beyond simply opposing the NSA's practices of buying data to fight back against the practices of selling data. The call for accountability, transparency, and respect for the individual rights of citizens has been accompanied by a comprehensive approach that takes the data-driven surveillance apparatus as a whole into consideration. As soon as users achieve a balance between the benefits of freedom and the risks of national security, they will be well-positioned to successfully navigate the hazy seas of national security.
Read more »
User Priavcy
AI Chatbot AI Tool CIA CISA & FBI Cyber Security NSA Open Source Software Spies US-China USA officials User Priavcy

CIA's AI Chatbot: A New Tool for Intelligence Gathering

The Central Intelligence Agency (CIA) is building its own AI chatbot, similar to ChatGPT. The program, which is still under development, is designed to help US spies more easily sift through ever-growing troves of information.

The chatbot will be trained on publicly available data, including news articles, social media posts, and government documents. It will then be able to answer questions from analysts, providing them with summaries of information and sources to support its claims.

According to Randy Nixon, the director of the CIA's Open Source Enterprise division, the chatbot will be a 'powerful tool' for intelligence gathering. "It will allow us to quickly and easily identify patterns and trends in the data that we collect," he said. "This will help us to better understand the world around us and to identify potential threats."

The CIA's AI chatbot is part of a broader trend of intelligence agencies using AI to improve their operations. Other agencies, such as the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI), are also developing AI tools to help them with tasks such as data analysis and threat detection.

The use of AI by intelligence agencies raises several concerns, including the potential for bias and abuse. However, proponents of AI argue that it can help agencies to be more efficient and effective in their work.

"AI is a powerful tool that can be used for good or for bad," said James Lewis, a senior fellow at the Center for Strategic and International Studies. "It's important for intelligence agencies to use AI responsibly and to be transparent about how they are using it."

Here are some specific ways that the CIA's AI chatbot could be used:

  • To identify and verify information: The chatbot could be used to scan through large amounts of data to identify potential threats or intelligence leads. It could also be used to verify the accuracy of information that is already known.
  • To generate insights from data: The chatbot could be used to identify patterns and trends in data that may not be apparent to human analysts. This could help analysts to better understand the world around them and to identify potential threats.
  • To automate tasks: The chatbot could be used to automate tasks such as data collection, analysis, and reporting. This could free up analysts to focus on more complex and strategic work.

The CIA's AI chatbot is still in its early stages of development, but it has the potential to revolutionize the way that intelligence agencies operate. If successful, the chatbot could help agencies to be more efficient, effective, and responsive to emerging threats.

However, it is important to note that the use of AI by intelligence agencies also raises several concerns. For example, there is a risk that AI systems could be biased or inaccurate. Additionally, there is a concern that AI could be used to violate people's privacy or to develop autonomous weapons systems.

It is important for intelligence agencies to be transparent about how they are using AI and to take steps to mitigate the risks associated with its use. The CIA has said that its AI chatbot will follow US privacy laws and that it will not be used to develop autonomous weapons systems.

The CIA's AI chatbot is a remarkable advancement that might have a substantial effect on how intelligence services conduct their business. To make sure that intelligence services are using AI properly and ethically, it is crucial to closely monitor its use.

Read more »
NSA
Cyber Attacks CyberCrime Network Security NSA

How to Avoid Cyberattacks on Your Home Network

 


As remote working can offer employees several benefits, it also poses the possibility of creating the additional threat of cyber-attacks in the future because employees work outside of their company's internal network.  

There is also the possibility that if hackers compromise the computers of remote employees by stealing their corporate credentials or if they are infected with malware, it becomes a costly threat to the organization's network security.   

There are many cybersecurity risks that organizations face if they cannot identify and protect their remote workers from cyberattacks such as data breaches, phishing campaigns, ransomware attacks, and business email compromises (BECs).  

The NSA has released cybersecurity tips to help remote workers protect themselves and their networks against cyberattacks and hackers. This is to prevent this from happening in the first place. The NSA has outlined these tips to help remote workers prevent this.  

NSA cybersecurity technical director Neal Ziring said in a world where telework is common cybercriminals can use their home network as a platform for stealing sensitive information and protecting their identities due to its use as part of the home network access point. Cybercrime risk is reduced by securing devices and networks and being online safely.  

As a result of the NSA's recommendations, there are several ways to ensure remote network and data security. The recommendations were based on those made by the agencies. 

Stay Up-to-Date With Modern Operating Systems, Apps, and Browsers   

It is one of the most effective methods of protecting your device from cyberattacks if you use the latest operating system. You should keep it updated with the latest security patches.  

As a rule of thumb, use the latest operating system version. Old versions of operating systems, which are no longer receiving updates, may eventually cease to receive updates across the board - this could result in no security patches if vulnerabilities are discovered after the cut-off, which could be exploited by attackers.  

Your screen usually prompts you for these updates. This prompt will prompt you to restart your computer. Therefore, you need to do that as soon as possible before the update is installed. 

In the same way, you should use the latest applications, software, and browsers. This is because they will offer you the latest security updates. This will make it more difficult for cybercriminals to exploit known vulnerabilities in software to attack you.  

Keep Your Router Secure and Up to Date  

Your internet service provider (ISP) provides you with a router to connect to the internet. Many people do not think about this device much, leaving it hidden in a corner after installation. 

But your router is a crucial part of your networking set-up, providing a gateway into and out of your home network -- something that can be exploited by cyber attackers if it is not secured properly.  

Keeping your router up-to-date with the latest security patches is like keeping every other internet-connected device updated with the latest security patches and you can set your router up to download and install them automatically as soon as they are available.  

A router should be replaced with a newer model if it reaches end-of-life and will not receive updates from the ISP if it is not supported long-term by the company.  

Set up a Wireless Network Segmentation System

It is a wise idea to separate your Wi-Fi connections so that there are separate Wi-Fi networks for your work and home devices so that you can better secure your work and home devices. 

A basic recommendation from the US National Security Agency (NSA) is that you should segment your wireless network into three main types, namely primary wireless, guest wireless, and IoT wireless. It is through this segmentation that you can prevent your less secure devices from directly communicating with your more secure devices.  

Use Password Managers to Protect Your Passwords

To guarantee the safety of your passwords, especially those you use to access corporate cloud environments, you need to secure them. To prevent attackers from guessing your passwords, you need uniqueness and complexity. 

The problem of remembering multiple passwords will always remain. However, using a password manager, this obstacle can be avoided by using a strong, unique password that will help you keep track of all passwords.  

Additionally, you should not store passwords on your device in plain text so they cannot be stolen or lost. If your device is lost or stolen, your accounts will be protected from unauthorized access.  

Accounts Should be Multi-Factor Authenticated 

Whenever possible, you should use multi-factor authentication (MFA), or two-factor authentication (2FA) to protect your accounts. 

To link your corporate account with your employer's, it is ideal if your employer provides you with an authenticatorMulti-factor authentication (MFA) can also improve your personal accounts' security. One of the most effective methods of protecting data is to use security keys based on applications or hardware. If that is not possible, SMS-based multifactor authentication can be an effective alternative. 

Secure Your Computer  

In the case of remote workers, you should make sure that you use a piece of software that protects your computer from viruses, which your employer probably provides you with. You can also install antivirus software on your personal computers to keep you and your family safe. You do not have to spend a lot of money on this software, so look for a free one online.   

To keep your computer safe, antivirus software alerts you when malicious attachments, websites, or other potential threats are detected. 

Public Wi-Fi Should be Used Cautiously  

Remote working has an advantage unlike anything else available right now. Working from anywhere is just one of the reasons people prefer coffee shops over home offices.  

While there is an internet connection on the device, do you know whether or not it is secure? A report by the National Security Agency shows that public hotspots are more likely to be targets of malicious software, so it is highly recommended to treat public Wi-Fi with extra caution, or if the situation can be avoided, avoid using it altogether. 

Unlike Wi-Fi hotspots, you are better off using a cellular network for Internet connection, such as mobile Wi-Fi or even devices with 4G or 5G capabilities, as an alternative Wi-Fi hotspot. The NSA recommends using a VPN provider to protect your connection when connected to public Wi-Fi. This is to avoid malicious activity and protect you from spying. 
Read more »
Software
Cyber Attacks Cyber Systems NSA Remote Code Execution RMM Software Software

Using Legitimate Remote Management Systems, Hackers Infiltrate Federal Agencies

 


Last summer, several Federal Civilian Executive Branch (FCEB) agencies were breached across several states of the US through a clever hacking operation that employed two off-the-shelf remote monitoring and management systems (RMMs). 

A joint advisory was released on Jan. 25, 2013, by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC). This joint advisory shed light on the attacks in detail. It also warned the cybersecurity community of the misuse of commercial RMM software. It also provided mitigation strategies as well as indicators of potential compromise. 

To monitor and manage client networks and endpoints remotely, IT service providers use Remote Monitoring and Management tools (RMMs). According to the US government, hackers can bypass typical software control policies on victim computers using the same software to evade authorization requirements. 

Hackers Used RMMs to Breach the Government's Security 

As part of its retrospective analysis of Einstein, a system CISA deploys across its FCEB agencies that detects intrusions, CISA conducted this scenario last October. There may have been more to the research than the researchers had expected. 

There was a phishing email sent to the government email address of an employee of FCEB in mid-June last year by hackers. The email provided a phone number that needed to be called in response to the email. They were instructed to visit the website www.myhelpcare.online when calling the number, it prompted them to visit a malicious website. 

By visiting this domain, an executable was downloaded, which was then used to connect to a second domain through Internet Protocol (IP), where two Remote Management Managers (RMMs) - AnyDesk and ScreenConnect (now ConnectWise Control) - got involved. In the case of the second domain, NoneDesk and ScreenConnect were not installed on the target computer. 

Compared to the number of standalone programs that were downloaded, a much higher proportion were downloaded as self-contained, portable executables which were configured to connect back to the servers of the threat actors, rather than downloadable as standalone files. 

Why is this significant? What are the implications of this? It is pertinent to note that the authoring organizations have explained that portable executables do not require administrator privileges, so they can be used in settings where a risk management control may be in place to audit or block the installation of an unapproved program on a network even if the program has not been approved by the corporate IT department. 

By taking advantage of the compromised software controls and admin privileges, the threat actors would have a chance to take advantage of other vulnerable machines within the local intranet or use the executable to establish long-term persistent access as a local user service. 

The June compromise, however, appears to have just been the tip of the iceberg when it comes to issues of the future. There was further analysis of the traffic between a different FCEB network, "my help is .cc," and a similar domain - "my help is cc," which three months later led to another FCEB network being observed and the authors recall that further analysis revealed related activity involving other FCEB networks as well. 

There is no doubt that the attackers were motivated financially, although they targeted government employees. Using RMM software, the attackers connected to targets' computers and enticed victims to log into their bank accounts to monitor their balances. The authors exploited their access to modify the summaries of the recipient's bank accounts through RMM software. The actors then instructed the recipient to 'refund' this excess amount to the scam operator by returning it to the bank account summary. This showed that the recipient had mistakenly refunded an excess amount of money.
Read more »
NSA
5G Network 5G Slicing CISA Cyber Security NSA

NSA, CISA Concerns Over Security Risks Against 5G Network Slicing


The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have recently released new guidelines regarding cybersecurity threats pertaining to 5G network slicing. 

The document illustrates how a network slice is “an end-to-end logical network that provides specific network capabilities and characteristics to fit a user’s needs.” 

While numerous network slices operate on a single physical network, the guidelines clarify that each network slice user is only authenticated for one specific network region, allowing for data and security isolation. 

“This type of architecture heavily relies on a Network-as-a-Service (NaaS) model, combining Infrastructure-as-a-Service with network and security services, which enhances the operational efficiency and resiliency of the 5G infrastructure […] Within a 5G architecture, the plan is to deliver the whole NaaS so that different customer segments can be efficiently supported,” reads the guideline.

According to the report, "network slicing enables operators to incorporate various network characteristics or components, possibly from different operators, to offer particular applications or services for 5G consumers. Although effective for delivering services, 5G network slicing throws a wide net of threats, including possible weak points in standards and regulations, the supply chain, and other areas."

"Although network slicing is not solely unique to 5G, it is a critical component because 5G specifications call for network slicing as a fundamental component and therefore require network operators to adopt security practices that can mitigate threats like those described in this paper, DoS, MitM attacks, and configuration attacks," the report states. 

Due to these cyber threats, the NSA and CISA have stated that maintaining and monitoring a network slice is essential for identifying and thwarting cyberattacks. 

“For more robust security, network operators should consider techniques, as referenced in this paper, such as zero trust, multi-layer security, cross-domain solutions, post-quantum cryptography, and isolation,” both agencies concluded. 

The NSA, along with CISA, has appointed members and experts from public and private sectors in order to address security concerns pertaining to 5G slicing. This resulting 5G network slicing cybersecurity report looks forward to its architecture, how it will aid in emerging technologies, such as autonomous vehicles, and guidelines on how to secure it.  

Read more »
User Privacy
Cyber Crime NCSC NSA Software Supply Chain Attack User Privacy

UK Issued New Cybersecurity Guidelines on Emerging Supply Chain Attacks

A surge in the number of instances has prompted cyber security experts to issue a fresh warning about the danger of supply chain hacks. Businesses have been advised by the UK's cybersecurity agency to take additional precautions against supply chain assaults. In response to what it claims to be a recent increase in supply chain threats, the National Cyber Security Center (NCSC) has produced fresh advice for enterprises.

Although the advice is applicable to businesses in all industries, it was released in collaboration with the Cross-Market Operational Resilience Group (CMORG), which promotes the enhancement of the operational resilience of the financial sector. The advice, which is intended to assist medium-sized and larger enterprises, evaluates the cyber risks of collaborating with suppliers and provides confirmation that mitigation techniques are in effect for vulnerabilities related to doing business with suppliers.

The 2020 hack on SolarWinds' software build system, the 2021 ransomware attack on Kaseya clients, and the 2017 NotPetya attack via a Ukraine accounting program are a few notable recent incidents. President Joe Biden of the United States issued an executive order to improve cybersecurity in response to SolarWinds.

In a document titled 'Defending the Pipeline' published by NCSC in February, the agency recommended businesses and programmers use continuous integration and delivery (CI/CD) to automate software development. The CEO of NCSC ranked ransomware as the top cyber danger in October of last year, while also warning that supply chain concerns will persist for years.

The new guidance is assisted medium and bigger enterprises in "evaluating the cyber risks of collaborating with suppliers and gaining assurance that mitigations are in place," according to NCSC in an announcement.

According to the UK government's report on security breaches in 2022, more than half of companies, big and small, contract out their IT and cybersecurity needs to outside companies. However,  s evaluated the dangers posed by immediate suppliers. These respondents claimed that the importance of cybersecurity in procurement was low.

According to Ian McCormack, NCSC deputy director for government cyber resilience, supply chain attacks represents a significant cyber danger to organizations and incidents can have a significant, ongoing effect on companies and customers.

The advice is broken down into five stages that address why businesses should care about supply chain cybersecurity, how to identify and protect one's private data when developing an approach, how to apply the approach to new suppliers, how to apply it to contracts with current suppliers, and continuous improvement.

The US intelligence agency, NSA, released its software supply chain recommendations last month with a focus on developers. New standards for the purchase of software were also released in the same month by the US Office of Management and Budget.
Read more »
Subscribe to: Posts (Atom)