What I'm Reading 4/13/2020
HelpNet Security -
You have to consider cybersecurity at all points of a cloud migration -
The research found threats and security weaknesses in several key areas
of cloud-based computing, which can put credentials and company secrets
at risk. Criminals capitalizing on misconfigurations have targeted
companies with ransomware, cryptomining, e-skimming and data exfiltration.
Belmont Club -
Planning the Great Escape from House Arrest—and From Communist China -
As the northern hemisphere
begins to emerge from the worst of the pandemic, political punditry is
focusing on two issues: how to reopen the economy and how to decouple
from China. The two subjects are related because a large part of the
Western economy is joined at the hip with Beijing. To a substantial
degree, China produces what America consumes. Each country's holdings in
the other are enormous. They are bound by innumerable contracts, deals,
projects and cross-posted personnel that are not easily severed.
This
system of cross-dependency was consciously pursued to vaccinate the
world against a repetition of the two world wars. However, globalization
also significantly eroded the independence and freedom of action of
individual nations, though not each to the same degree. It permitted
asymmetries to arise between the more aggressive and secretive regimes
at the expense of those which, perhaps naively, adhered more closely to
the posted rules.
Computer World -
Amid the pandemic, MFA's shortcomings are clearer than ever -
That brings us to MFA. Multifactor authentication is supposed to be just
that, but it's typically deployed in the least secure manner — sending
straight numeric texts to a mobile device, a tactic that is well-known
to be susceptible to man-in-the-middle attacks. So, are there better
ways to deploy MFA, something that can be easily executed under today's
far-less-than-ideal conditions?
Security Boulevard -
STEPS FORWARD: How the Middle East led the U.S. to adopt smarter mobile security rules -
Interestingly, leadership for this push came from federal regulators
in, of all places, the Middle East. In May 2017, the Saudi Arabian
Monetary Authority (SAMA) implemented its Cyber Security Framework
mandating prescriptive measures, including a requirement to
containerize data in all computing formats. A few months later the
United Arab Emirates stood up its National Electronic Security Authority (NESA) which proceeded to do much the same thing.
Earlier this year, US regulators essentially followed the Middle East’s lead by rolling out sweeping new rules — referred to as Cybersecurity Maturity Model Certification
(CMMC) — which require use of data containerization along much the
same lines as Saudi Arabia and the UAE mandated some three years ago.
The implementation of CMMC represents a big change from past U.S.
federal data handling rules for contractors, for which compliance was
by-and-large voluntary.
CNN -
China's PLA Navy is controlling coronavirus and aircraft carrier's deployment proves it, report says -
No comments:
Post a Comment