technology-news.space - All about the world of technology!

  • Artificial Intelligence
  • Data Management & Statistics
  • Information Technology
  • Internet of Things
  • Networking
  • Robotics
  • Network
    • *** .SPACE NETWORK ***
      • art-news
      • eco-news
      • economic-news
      • family-news
      • job-news
      • motor-news
      • myhome-news
      • politic-news
      • realestate-news
      • scientific-news
      • show-news
      • technology-news
      • traveller-news
      • wellness-news
    • *** .CLOUD NETWORK ***
      • sportlife
      • calciolife
    • *** VENTIDI NETWORK ***
      • ventidinews
      • ventidisocieta
      • ventidispettacolo
      • ventidisport
      • ventidicronaca
      • ventidieconomia
      • ventidipolitica
    • *** MIX NETWORK ***
      • womenworld
      • sportlife
      • foodingnews
      • sportingnews
      • notiziealvino
Search
Login

technology-news.space - All about the world of technology!

Menu
Search

HOTTEST

  • The US Senate approved new cybersecurity legislation that will force critical infrastructure organizations to report cyberattacks to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours and ransomware payments within 24 hours. 

    Ukraine Crisis

    The Strengthening American Cybersecurity Act passed by unanimous consent on Tuesday after being introduced on February 8 by Senators Rob Portman and Gary Peters, ranking member and chairman of the Senate Homeland Security and Governmental Affairs Committee. The act combines pieces of the Cyber Incident Reporting Act, the Federal Information Security Modernization Act of 2021, and the Federal Secure Cloud Improvement and Jobs Act — all of which were authored by Peters and Portman and advanced out of committee before floundering. The 200-page act includes several measures designed to modernize the federal government’s cybersecurity posture, and both Peters and Portman said the legislation was “urgently needed” in light of US support for Ukraine, which was invaded by Russia last week. 

    I’m concerned that, as our nation rightly continues to support #Ukraine during Russia’s illegal, unjustifiable assault, the US will face increased cyber & ransomware attacks from Russia. The federal govt must quickly coordinate its response to any potential attacks.— Rob Portman (@senrobportman) March 2, 2022

    “As our nation continues to support Ukraine, we must ready ourselves for retaliatory cyber-attacks from the Russian government… This landmark legislation, which has now passed the Senate, is a significant step forward to ensuring the United States can fight back against cybercriminals and foreign adversaries who launch these persistent attacks,” Peters said. “Our landmark, bipartisan bill will ensure CISA is the lead government agency responsible for helping critical infrastructure operators and civilian federal agencies respond to and recover from major network breaches and mitigate operational impacts from hacks. I will continue urging my colleagues in the House to pass this urgently needed legislation to improve public and private cybersecurity as new vulnerabilities are discovered, and ensure that the federal government can safety and securely utilize cloud-based technology to save taxpayer dollars.”The act also authorizes the Federal Risk and Authorization Management Program (FedRAMP) for five years to ensure federal agencies can “quickly and securely adopt cloud-based technologies that improve government operations and efficiency.” The act attempts to streamline federal government cybersecurity laws to improve coordination between federal agencies and requires all civilian agencies to report all cyberattacks to CISA.

    The legislation updates the threshold for agencies to report cyber incidents to Congress and gives CISA more authority to ensure it is the lead federal agency in charge of responding to cybersecurity incidents on federal civilian networks. It now heads to the House for a vote before it makes its way to President Joe Biden’s desk. Peters and Portman said they have been working with chair of the House Oversight Committee Carolyn Maloney as well as Republican and Democratic lawmakers in the House to get the bill approved. Maloney told ZDNet that the act contains the Federal Information Security Modernization Act, a provision she called one of her “top legislative priorities.””The Committee on Oversight and Reform kicked off 2022 with a bipartisan hearing and markup to examine how best to approach FISMA modernization, and we look forward to incorporating those crucial lessons learned as this effort moves through the legislative process,” Maloney said. “FISMA reform will determine our federal cybersecurity posture for years to come, and it is essential that the final bill seizes every opportunity to defend our federal networks from the onslaught of attacks they face daily.”In his own statement, Portman also touted the ways the act will update FISMA and provide “the accountability necessary to resolve longstanding weaknesses in federal cybersecurity by clarifying roles and responsibilities and requiring the government to quickly inform the American people if their information is compromised.”

    ZDNet Recommends

    The best network-attached storage devices

    If cloud-based servers don’t meet all of your storage needs, consider a NAS solution. We selected a handful of devices that passed our reliability torture tests and offer superior usability and feature sets.

    Read More

    Both Senators noted that the bill would have applied to the 2021 ransomware attacks on Colonial Pipeline and global meat processor JBS. But the two said the legislation would “help ensure critical infrastructure entities such as banks, electric grids, water networks, and transportation systems are able to quickly recover and provide essential services to the American people in the event of network breaches.” CyberSaint co-founder Padriac O’Reilly works directly with critical infrastructure across financial services, utilities, and the government to measure cyber risk.O’Reilly explained that the current cybersecurity landscape has worn down the long-standing recalcitrance of certain critical infrastructure sectors with respect to the 72-hour reporting window for incidents. “There are two sections very deep in the legislation that stand out to me. They talk about a budget-based risk analysis for improving cybersecurity and metrics-based approach to cyber in general. This is precisely what is needed and it has been known for some time in the industry,” O’Reilly said. “Section 115 covers automation reporting. This is very timely as automation has been advancing in the private sector and it is key with respect to risk management going forward. I was really impressed to see this in the bill. The government has been trying for years to advance this cause across all agencies and departments. Section 119 really gets at the holy grail in risk management, which is the ability to view cybersecurity risks in a prioritized way with respect to budget.” More

  • The Australian House of Representatives Standing Committee on Social Policy and Legal Affairs has recommended the Digital Transformation Agency (DTA) be tasked with creating standards that could be used to implement age verification for pornographic content in Australia, and extend its Digital Identify solution as a verification exchange. In its list of recommendations, the committee […] More

  • As cloud rises to encompass to more corporate applications, data and processes, there’s potential for end-users to outsource their security to providers as well. 

    The need to take control of security and not turn ultimate responsibility over to cloud providers is taking hold among many enterprises, an industry survey suggests. The Cloud Security Alliance, which released its survey of 241 industry experts, identified an “Egregious 11” cloud security issues.  The survey’s authors point out that many of this year’s most pressing issues put the onus of security on end user companies, versus relying on service providers. “We noticed a drop in ranking of traditional cloud security issues under the responsibility of cloud service providers. Concerns such as denial of service, shared technology vulnerabilities, and CSP data loss and system vulnerabilities — which all featured in the previous ‘Treacherous 12’ —  were now rated so low they have been excluded in this report. These omissions suggest that traditional security issues under the responsibility of the CSP seem to be less of a concern. Instead, we’re seeing more of a need to address security issues that are situated higher up the technology stack that are the result of senior management decisions.”  This aligns with another recent survey from Forbes Insights and VMware, which finds that proactive companies are resisting the temptation to turn security over to their cloud providers — only 31% of leaders report turning over many security measures to cloud providers. (I helped design and author the survey report.) Still, 94% are employing cloud services for some aspects of security.   The latest CSA report highlights this year’s leading concerns:  1. Data breaches. “Data is becoming the main target of cyber attacks,”.the report’s authors point out. “Defining the business value of data and the impact of its loss is essential important for organizations that own or process data.” In addition, “protecting data is evolving into a question of who has access to it,” they add. “Encryption techniques can help protect data, but negatively impacts system performance while making applications less user-friendly.”  2. Misconfiguration and inadequate change control. “Cloud-based resources are highly complex and dynamic, making them challenging to configure. Traditional controls and change management approaches are not effective in the cloud.” The authors state “companies should embrace automation and employ technologies that scan continuously for misconfigured resources and remediate problems in real time.” 3. Lack of cloud security architecture and strategy. “Ensure security architecture aligns with business goals and objectives. Develop and implement a security architecture framework.” 4. Insufficient identity, credential, access and key management. “Secure accounts, inclusive to two-factor authentication and limited use of root accounts. Practice the strictest identity and access controls for cloud users and identities.” 5. Account hijacking. This is a threat that must be taken seriously. “Defense-in-depth and IAM controls are key in mitigating account hijacking.” 6. Insider threat. “Taking measures to minimize insider negligence can help mitigate the consequences of insider threats. Provide training to your security teams to properly install, configure, and monitor your computer systems, networks, mobile devices, and backup devices.” The CSA authors also urge “regular employee training awareness. Provide training to your regular employees to inform them how to handle security risks, such as phishing and protecting corporate data they carry outside the company on laptops and mobile devices.” 7. Insecure interfaces and APIs. “Practice good API hygiene. Good practice includes diligent oversight of items such as inventory, testing, auditing, and abnormal activity protections.” Also, “consider using standard and open API frameworks (e.g., Open Cloud Computing Interface (OCCI) and Cloud Infrastructure Management Interface (CIMI)).” 8. Weak control plane. “The cloud customer should perform due diligence and determine if the cloud service they intend to use possesses an adequate control plane.”9. Metastructure and applistructure failures. “Cloud service providers must offer visibility and expose mitigations to counteract the cloud’s inherent lack of transparency for tenants. All CSPs should conduct penetration testing and provide findings to customers.” 10. Limited cloud usage visibility. “Mitigating risks starts with the development of a complete cloud visibility effort from the top down. Mandate companywide training on accepted cloud usage policies and enforcement thereof.  All non-approved cloud services must be reviewed and approved by the cloud security architect or third-party risk management.” 11. Abuse and nefarious use of cloud services. “Enterprises should monitor their employees in the cloud, as traditional mechanisms are unable to mitigate the risks posed by cloud service usage.” More

  • Kevin Beaumont, the UK cybersecurity expert who named the wormable Windows BlueKeep bug, is joining Microsoft Threat Protection.  Beaumont, a widely quoted security expert who’s run large security operations centers, has offered insights from the trenches into new attacks via his popular DoublePulsar blog and Twitter for the past few years, covering issues including WannaCry, […] More

  • Insider threats cost organizations approximately $15.4 million every year, with negligence a common reason for security incidents, new research suggests. 

    Enterprise players today are facing cybersecurity challenges from every angle. Weak endpoint security, unsecured cloud systems, vulnerabilities — whether unpatched or zero-days — the introduction of unregulated internet of things (IoT) devices to corporate networks and remote work systems can all become conduits for a cyberattack to take place. When it comes to the human element of security, a lack of training or cybersecurity awareness, mistakes, or deliberate, malicious actions also needs to be acknowledged in managing threat detection and response.  According to Proofpoint’s 2022 Cost of Insider Threats Global Report, published on Tuesday, insider threats now cost organizations $15.4 million annually, an increase of 34% in comparison to 2020 estimates.  The report, conducted by the Ponemon Institute, includes survey responses from over 1,000 IT professionals worldwide, all of which have experienced a recent cybersecurity incident due to an insider threat. Over the past two years, insider threats have increased “dramatically,” the report says, with 56% of insider-related incidents caused by a negligent employee. In total, 26% of incidents were linked to criminal inside activities, whereas 18% of threats were caused by the theft of employee credentials, potentially made possible through failures to manage personal device security or weak password use.  Staff or contractor negligence has cost the organizations included in the research roughly $6.6 million; criminal activity — which could include insider damage, data theft, or the deliberate deployment of malware — accounted for $4.1 million, and attacks made possible by credential theft cost $4.6 million. 

    When a cybersecurity incident was detected, it took impacted organizations an average of 85 days to resolve the situation — an increase from 77 days in Proofpoint’s previous report. Only 12% of reported incidents were contained within 30 days.  The average cost to contain an insider-related cybersecurity incident was reported as $184,548, but this amount can be far higher depending on the size of the firm impacted. Annually, US companies spent $17.53 million to resolve insider incidents, whereas European organizations spent roughly $15.44 million. “Months of sustained remote and hybrid working leading up to “The Great Resignation” has resulted in an increased risk around insider threat incidents, as people leave organizations and take data with them,” commented Ryan Kalember, executive VP of cybersecurity strategy at Proofpoint. “In addition, organizational insiders, including employees, contractors, and third-party vendors, are an attractive attack vector for cybercriminals due to their far-reaching access to critical systems, data, and infrastructure.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Internet of Things

  • Samsung Spotlights Next-generation IoT Innovations for Retailers at National Retail Federation’s BIG Show 2017

    Read More

  • That’s Fantasy! The World’s First Stone Shines And Leads You to The Right Way

    Read More

  • LG Pushes Smart Home Appliances To Another Dimension With ‘Deep Learning’ Technology

    Read More

  • The Port of Hamburg Embarks on IoT: Air Quality Measurement with Sensors

    Read More

Artificial Intelligence

  • in Artificial Intelligence

    Contact-aware robot design

    19 July 2021, 04:00

  • in Artificial Intelligence

    MIT Schwarzman College of Computing awards named professorships to two faculty members

    16 July 2021, 15:45

  • in Artificial Intelligence

    Getting dressed with help from robots

    14 July 2021, 19:15

  • in Artificial Intelligence

    Software to accelerate R&D

    13 July 2021, 04:00

  • in Artificial Intelligence

    Sertac Karaman named director of the Laboratory for Information and Decision Systems

    12 July 2021, 16:00

  • in Artificial Intelligence

    The tenured engineers of 2021

    9 July 2021, 20:00

  • in Artificial Intelligence

    US Air Force pilots get an artificial intelligence assist with scheduling aircrews

    8 July 2021, 18:45

  • in Artificial Intelligence

    Infrared cameras and artificial intelligence provide insight into boiling

    7 July 2021, 20:15

  • in Artificial Intelligence

    Designing exploratory robots that collect data for marine scientists

    7 July 2021, 04:00

Robotics

  • in Robotics

    Watch a robot excavator controlled like a videogame

    14 September 2022, 21:16

  • in Robotics

    Uber is eating up the market for autonomous delivery

    9 September 2022, 21:12

  • in Robotics

    Robots have rushed in to fill jobs people don't want. What happens if recession hits?

    9 September 2022, 14:16

  • in Robotics

    Drone company gets unlimited commercial approval from FAA

    31 August 2022, 21:18

  • in Robotics

    This car insurance monitors your driving and sets your premium accordingly

    30 August 2022, 20:39

  • in Robotics

    A pair of cute, trash-loving drones are cleaning up the Great Lakes

    30 August 2022, 16:43

  • in Robotics

    Check out Lincoln's eye-popping take on the self-driving car

    24 August 2022, 12:15

  • in Robotics

    Urbanization driving demand for construction robots

    23 August 2022, 11:00

  • in Robotics

    Urbanization is driving new demand for construction robots

    23 August 2022, 11:00

Networking

  • The 5 best hotspots of 2023

  • Are you a heavy phone hotspot user? Get this mobile hotspot router instead

  • The best home security systems of 2023

  • UWB: What it is and why you really need an iPhone to use it

  • Singapore firms need open, integrated tools in hybrid work

  • What is UWB and why is iPhone a better choice if you want to make use of it?

  • UDP vs TCP: What's the difference?

Data Management & Statistics

  • When should data scientists try a new technique?

  • Putting clear bounds on uncertainty

  • Research, education, and connection in the face of war

  • Gaining real-world industry experience through Break Through Tech AI at MIT

  • Q&A: A fresh look at data science

  • Unpacking the “black box” to build better AI models

  • Simulating discrimination in virtual reality

ABOUT

The QUATIO - web agency di Torino - is currently composed of 28 thematic-vertical online portals, which average about 2.300.000 pages per month per portal, each with an average visit time of 3:12 minutes and with about 2100 total news per day available for our readers of politics, economy, sports, gossip, entertainment, real estate, wellness, technology, ecology, society and much more themes ...

technology-news.space is one of the portals of the network of:

Quatio di CAPASSO ROMANO - Web Agency di Torino
SEDE LEGALE: CORSO PESCHIERA, 211 - 10141 - ( TORINO )
P.IVA IT07957871218 - REA TO-1268614

ALL RIGHTS RESERVED © 2015 - 2020 | Developed by: Quatio

ITALIAN LANGUAGE

calciolife.cloud | notiziealvino.it | sportingnews.it | sportlife.cloud | ventidicronaca.it | ventidieconomia.it | ventidinews.it | ventidipolitica.it | ventidisocieta.it | ventidispettacolo.it | ventidisport.it

ENGLISH LANGUAGE

art-news.space | eco-news.space | economic-news.space | family-news.space | job-news.space | motor-news.space | myhome-news.space | politic-news.space | realestate-news.space | scientific-news.space | show-news.space | sportlife.news | technology-news.space | traveller-news.space | wellness-news.space | womenworld.eu | foodingnews.it

This portal is not a newspaper as it is updated without periodicity. It cannot be considered an editorial product pursuant to law n. 62 of 7.03.2001. The author of the portal is not responsible for the content of comments to posts, the content of the linked sites. Some texts or images included in this portal are taken from the internet and, therefore, considered to be in the public domain; if their publication is violated, the copyright will be promptly communicated via e-mail. They will be immediately removed.

  • Home
  • Network
  • Terms and Conditions
  • Privacy Policy
  • Cookies
  • Contact
Back to Top
Close
  • Artificial Intelligence
  • Data Management & Statistics
  • Information Technology
  • Internet of Things
  • Networking
  • Robotics
  • Network
    • *** .SPACE NETWORK ***
      • art-news
      • eco-news
      • economic-news
      • family-news
      • job-news
      • motor-news
      • myhome-news
      • politic-news
      • realestate-news
      • scientific-news
      • show-news
      • technology-news
      • traveller-news
      • wellness-news
    • *** .CLOUD NETWORK ***
      • sportlife
      • calciolife
    • *** VENTIDI NETWORK ***
      • ventidinews
      • ventidisocieta
      • ventidispettacolo
      • ventidisport
      • ventidicronaca
      • ventidieconomia
      • ventidipolitica
    • *** MIX NETWORK ***
      • womenworld
      • sportlife
      • foodingnews
      • sportingnews
      • notiziealvino