Retour aux nouvelles

18 août 2024 | International, C4ISR, Sécurité

Attackers Exploit Public .env Files to Breach Cloud Accounts in Extortion Campaign

Massive extortion campaign exploits exposed .env files, compromising cloud and social media credentials. AWS environments used for large-scale scannin

https://thehackernews.com/2024/08/attackers-exploit-public-env-files-to.html

Sur le même sujet

  • New cybersecurity standards for contractors could be finalized this week

    29 janvier 2020 | International, C4ISR, Sécurité

    New cybersecurity standards for contractors could be finalized this week

    The first version of the new cybersecurity requirements the Pentagon wants military contractors to follow could be finalized as soon as Jan. 31. Katie Arrington, chief information security officer for the Office of the Under Secretary of Defense for Acquisition and the point person for the Cybersecurity Maturity Model Certification (CMMC), told an audience Jan. 28 that she will have the requirements by the end of the month. The CMMC is a tiered cybersecurity framework that grades companies on a scale of one to five. A score of one designates basic hygiene and a five represents advanced hygiene. Arrington said Jan. 28 that the lowest level will become the default for Department of Defense contracts and will include basic tasks such as changing passwords. Speaking at an event hosted by the law firm Holland and Knight, Arrington said the new standards won't be in effect overnight. The auditors and assessors who will grade companies need training and new contracts will be slowly phased in. “The likelihood that any awards will be made until 2021 [of the certification] is, I would say, highly unlikely,” she said. She noted that companies are not required to have CMMC certification until the time of award. “You have a full year to get yourselves set, to get yourself in position.” According to one slide in her presentation, all new contracts will have the requirements in fiscal year 2026. Arrington expects 1,500 companies to be certified by the end of 2021. The requirements are expected to be free of jargon and overly technical language that can often make military documents befuddling. “I asked if it could be created on an eighth grade reading level. Why? Because I'm not smart and I owned a small business and I fell prey to this,” she said. “I needed it to be in something that anybody could adapt to. We hear companies all the time say my nephew is doing my cybersecurity. I need your nephew to read what I need him to do.” Arrington promised that the requirement would not become a simple checklist, because if it does “I've failed. We failed.” Moreover, she suggested the framework be reevaluated at least once each year because cyber threats will continue to evolve. https://www.fifthdomain.com/dod/2020/01/28/new-cybersecurity-standards-for-contractors-could-be-finalized-this-week/

  • Threat Prevention & Detection in SaaS Environments - 101

    16 juillet 2024 | International, C4ISR, Sécurité

    Threat Prevention & Detection in SaaS Environments - 101

    Learn about the growing identity-based threats in SaaS applications and how to mitigate them with ITDR and robust identity security measures

  • GenDyn contracted for parts for future submarine construction

    20 juin 2018 | International, Naval

    GenDyn contracted for parts for future submarine construction

    James LaPorta June 19 (UPI) -- The Department of Defense has awarded a contract to General Dynamics Electric Boat for work on the next nine Virginia-class attack submarines. The contract award from Naval Sea Systems Command, announced Monday, is worth $225 million under the terms of cost-plus-fixed-fee contract, which is a modification to a previous Pentagon award, the Defense Department said. The deal will see General Dynamics provide economic ordering quantity material -- parts ordered ahead of time -- for the next nine Virginia-class, nuclear-powered fast attack submarines, for work in fiscal 2019 through 2023. The nine vessels are part of the Block V generation of the Virginia class. The first four have been ordered by the U.S. Navy already, with General Dynamics set to construct SSN-802 and SSN-803 and Huntington Ingalls Industries tapped for SSN-804 and SSN-805. Work on the contract will occur in various locations throughout the United States and is expected to be complete in January 2019. The total cumulative value of the contract will be obligated to General Dynamics at time of award -- the obligated funds will be allocated from Navy fiscal 2018 shipbuilding and conversion accounts and will not expire at the end of the current fiscal year, said the Pentagon press release. https://www.upi.com/Defense-News/2018/06/19/GenDyn-contracted-for-parts-for-future-submarine-construction/8941529412778/

Toutes les nouvelles