SolarWinds, Microsoft Hacks Prompt Focus on Zero-Trust Security | #microsoft | #hacking | #cybersecurity


Welcome to a new week. U.S. officials are pushing for a proactive approach to cybersecurity following the recent attacks at

Microsoft

and

SolarWinds.

One of the ideas under that approach is a so-called zero-trust security model that assumes hackers are already inside, WSJ Pro’s James Rundle reports.

Other news: Ireland is a juicy target; passworld-management software compromised; Emotet botnet uninstalling itself; improperly decommissioned computers can help hackers.

Zero Trust Security

Trust no one: In the wake of the massive breach of computer systems of multiple government agencies discovered in December, current and former officials say the U.S. must adopt a cybersecurity approach that assumes hackers are already inside a network’s defenses.

So-called zero-trust models, which set up internal defenses that constantly verify whether a device, user or program should be able to do what it is asking to, should be more widely adopted by the public and private sectors. That’s according to aid John Sherman, the acting chief information officer for the Defense Department, who spoke a virtual event last week.

Analysis by federal investigators of the recent SolarWinds Corp. and Microsoft Corp. breaches shows the hackers were often able to gain broad systems access and through networks unfettered to set up back doors and administrator accounts.

Read the full story.

More Cyber and Privacy News

Data bait: John Demers, assistant U.S. attorney general for national security, said that Ireland is a juicy target for hackers. The country whose business laws have lured large companies in tech, pharmaceuticals and other sectors to set up outposts there is also an attractive target for online criminals looking for valuable data, Mr. Demers said at at cybersecurity and financial crimes conference in Dublin last week. (InfoSecurity Magazine)

Goodbye, Emotet. The so-called Emotet malware botnet on Sunday began uninstalling itself from infected devices world-wide through code pushed by law enforcement authorities in Germany. (BleepingComputer)

Password manager at risk: Australia’s Click Studios SA confirmed recent software updates for its Passwordstate password-manager product were compromised. Click Studios told corporate and consumer customers who downloaded an update between April 20 and April 22 they might have unwittingly allowed malicious software onto their networks. The malware can harvest system data and deploy malicious code. Customers should reset passwords and other credentials in Passwordstate databases, the company said. (TechCrunch)

The cost of password resets: Companies often force employees or customers to reset passwords after a data breach but the costs of doing so can add up in additional calls to support lines and other administrative burdens. (The Hacker News)

Garbage out, hacker in: Improperly disposing of computers and devices can expose businesses to cybersecurity risk. Data often isn’t wiped completely from old machines, leaving hackers valuable clues about how to break into corporate and government networks. (NextGov)

Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8



Original Source link

Leave a Reply

Your email address will not be published.

seventy three − = seventy