Tag Archive for: plan

CISA publishes plan for remote monitoring tools after nation-state, ransomware exploitation


A collaboration between the U.S.’s cybersecurity defense agency and private companies published its first plan to address security issues with remote monitoring and management (RMM) tools on Wednesday.

RMM software is typically used by the IT departments of most large organizations around the world as a way to get remote access to a computer to help with software installations or other services needed by employees.

In recent years hackers have increasingly exploited these tools – particularly in government networks – as an easy way to circumvent security systems and establish longstanding access to victim networks. In January, for example, the U.S. Cybersecurity and Infrastructure Agency (CISA) and the National Security Agency said at least two federal civilian agencies were exploited by cybercriminals as part of a refund scam campaign perpetrated through the use of RMM software.

In an announcement Wednesday, CISA said it worked with industry partners as part of the Joint Cyber Defense Collaborative (JCDC) to create a “clear roadmap to advance security and resilience of the RMM ecosystem.”

Eric Goldstein, CISA executive assistant director for cybersecurity, said the organization worked with other U.S. agencies as well as RMM companies to develop a plan focusing on four main tasks: vulnerability information sharing, industry coordination, end-user education and advisory amplification.

“The collaboration established to develop this plan has already achieved several accomplishments for RMM stakeholders and ecosystem,” Goldstein said in a statement. “As the JCDC leads the execution of this plan, we are confident that this public-private collaboration in the RMM ecosystem will further reduce risk to our nation’s critical infrastructure.”

RMM software allows hackers to establish local user access without the need for higher administrative privileges, “effectively bypassing common software controls and risk management assumptions,” CISA and the NSA said in their January announcement.

The agencies warned that threat actors could sell access to an exploited victim to government-backed hacking groups – noting that both cybercriminals and nation-states use RMM…

Source…

Budget wins (and losses) — Vallance’s plan — Donelan’s TikTok twist – POLITICO


— The good, the bad and the indifferent – it’s budget fallout time.

What does the future of tech regulation look like? Sir Patrick Vallance has some answers. 

— The row over the U.K.’s position on TikTok takes an unexpected turn.

Good morning, we hope you survived budget day and are coping with the train/teachers/tube/lecturers/doctors/civil servants/BBC journalists (have we missed any?) strikes. 

Send your news, views and tips to the team: Annabelle Dickson, Mark Scott and me on email. You can also follow us on Twitter @TomSBristow @NewsAnnabelle @markscott82.

FIRST, THE NEWS: A budget that love-bombed tech was promised, and Chancellor Jeremy Hunt delivered, sort of. There was cash for computingregulatory promises on AI and finance … and some hefty tax and investment announcements too.

Right-hand woman: Science and Technology Secretary Michelle Donelan was sitting next to Hunt looking pleased as punch on the front bench. But as the dust settles on the government’s self-styled pro-innovation budget, the all-important detail and reaction is a mixed bag. 

Exascale is coming: The most eye-catching sum of money was the £900 million announced for a so-called “exascale” computer — for the uninitiated, that is a machine several times more powerful than the U.K.’s top supercomputer. The other big headline figure was the £2.5 billion towards a 10-year quantum computing program (more on that further down the email.) 

Prized AI: Hunt also gave the go-ahead to plans to launch an artificial intelligence sandbox — a mechanism to allow companies to test for a limited time before entering the market. That would allow innovators to “trial new, faster approaches to help innovators get cutting edge products to market.” (More on that, and other recommendations made by Chief Scientific Adviser Sir Patrick Vallance further down the email.) There will also be a prize worth £1 million a year which will be awarded to “the person or team that does the most groundbreaking AI research.”

Put your foot down: There was also another £100 million for the Innovation Accelerators programme which is focusing on three clusters:…

Source…

AIIMS cyber attack puts digital health ID plan under scanner


NEW DELHI : The ransomware attack on the All India Institute of Medical Sciences (AIIMS), Delhi has brought the government’s Ayushman Bharat Digital Mission (ABDM) under the scanner, with the country’s premier teaching hospital promoting the use of Ayushman Bharat Health Account (ABHA) ID for out-patients registration of new and follow-up cases.

The Indian Computer Emergency Response Team (CERT-In) is conducting assessment and testing of ABDM services and other networks at the medical institute.

AIIMS on 23 November said it had come under a cyber attack and that an FIR had been filed with the Delhi Police.

On Friday Dr Bharati Pravin Pawar, union minister of state for health told the Lok Sabha the national nodal agency for responding to cyber security incidents, CERT-In, has empaneled information security auditing organizations for auditing. This includes “vulnerability assessment and penetration testing of the computer systems, networks and applications involving public service delivery including ABDM.”

“Immediate measures were taken by AIIMS, Delhi to enhance the security like endpoint hardening, string firewall policies and network segmentation to secure all the data of the institute.”

Pawar added that five physical servers of AIIMS, New Delhi, which hosted the e-hospital app of NIC, were affected.

“No specific amount of ransom was demanded by the hackers though a message was discovered on the server suggesting that it was a cyber-attack. All the data for e-Hospital has been retrieved from a backup server which was unaffected and restored on new servers,” she said.

Catch all the Business News, Market News,

Source…

Get 6 Months of Amazon Prime When You Buy an O2 Phone Plan


Source…