comparemela.com

Latest Breaking News On - Updating cyber laws - Page 4 : comparemela.com

Lesson From SolarWinds Attack: It s Time to Beef Up IAM

(Source: Mike via Flickr) The SolarWinds supply chain attack should prompt federal agencies and others to rethink how they approach security issues - especially identity and access management, according to a breakdown of the attack presented this week by the National Institute of Standards and Technology and the U.S. Cybersecurity and Infrastructure Security Agency. At NIST s Information Security and Privacy Advisory Board meeting, Jay Gazlay, a technical strategist with CISA who has been examining the attack since it was first disclosed in December 2020, presented an analysis of what the agency has learned about the attack to date. That included a detailed timeline of how the hackers implanted a backdoor in a software update for SolarWind s Orion network monitoring platform. The update with the backdoor was eventually installed by about 18,000 of the company s customers.

United statesSolarwind orionAttackscott fergusonBryan ormeJay gazlayOwner in exchangeMicrosoft officeAmazon web servicesNational checklist program repositoryExchange commissionNational institute of standardsInfrastructure security agencyLive oak bank tackles cloud securitySimple storage serviceRisk managementAccess management

Microsoft Patches Four Zero-Day Flaws in Exchange

Get Permission Microsoft issued emergency software patches on Tuesday for four zero-day vulnerabilities in its Exchange email server, one of the most widely used pieces of enterprise infrastructure. The company says it believes the flaws have been exploited by a China-based group it calls Hafnium, which is seeking to gain persistent access to email systems. Microsoft typically issues patches for Windows and other products on the second Tuesday of every month, but it makes exceptions for security vulnerabilities that are deemed particularly dangerous. Although Microsoft describes the attacks as limited and targeted, there are already indications that many other hacking groups are mounting attacks hoping to catch slow-patching organizations off guard. The flaws appear to have been exploited since at least early January.

United statesAccountsjeremy kirkTom burtOabvirtualdirectory exchangepowershellFireeye mandiantCharles caramakalCustomer security trust at microsoftDay flaws in exchangeLateral movementExchange serverService packMicrosoft patches four zero day flawsExchangeattackers used flawsDownload full contentsPatches four zero day flawsCustomer security

Microsoft Patches Four Zero-Day Flaws in Exchange

Microsoft Patches Four Zero-Day Flaws in Exchange
bankinfosecurity.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from bankinfosecurity.com Daily Mail and Mail on Sunday newspapers.

United statesAccountsjeremy kirkTom burtOabvirtualdirectory exchangepowershellFireeye mandiantCharles caramakalCustomer security trust at microsoftDay flaws in exchangeLateral movementExchange serverService packMicrosoft patches four zero day flawsExchangeattackers used flawsDownload full contentsPatches four zero day flawsCustomer security

House SolarWinds Hearing Focuses on Updating Cyber Laws

A pair of U.S. House committees held their first public hearings into the SolarWinds attack, with lawmakers and witnesses offering support for expanding federal

Solarwind orionCarolyn maloneySolarwinds orionJohn katkoAttackscott fergusonJames comerBennieg thompsonKevin mandiaJim langevinBrad smithKevin thompsonCyber lawslawmakersSenate solarwinds hearingHomeland security committeeSenate intelligence committeeNational defense authorization

vimarsana © 2020. All Rights Reserved.