How to have fun negotiating with a ransomware gang

Read Time:21 Second

Can negotiating your firm’s ransomware payment actually be fun? Well, if it’s a game rather than the real thing then yes! The inventive bods at the Financial Times have created an imaginative ransomware negotiation simulator which lets you imagine you’re in the hot seat at a hacked company, trying to stop cybercriminals from releasing sensitive … Continue reading “How to have fun negotiating with a ransomware gang”

Read More

Smashing Security podcast #290: Uber, Rockstar, and crystal balls

Read Time:32 Second

Researchers reveal how your eyeglasses could be leaking secrets when you’re on video conferencing calls, we take a look at the recent data breaches involving Uber and Grand Theft Auto 6, and we cast an eye at what threats may be around the corner…

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Register’s Iain Thomson.

Plus – don’t miss our featured interview with Sal Aurigemma, the faculty director of the Master of Science in Cyber Security program at the University of Tulsa.

Read More

$1 Billion State and Local Cybersecurity Grant Program Now Open for Applicants

Read Time:2 Minute, 53 Second

As threats continue to evolve, state and local governments benefit from federal grant funding to bolster their cybersecurity posture.

When a state, local, tribal and territorial (SLTT) government falls victim to a cyberattack, it impacts its digital networks and infrastructure. It also puts sensitive databases, personal identifiable information (PII) and constituents’ trust at risk. As the attack surface expands and attacks become more sophisticated, local governments are falling prey to threat actors.

The State and Local Cybersecurity Grant Program (SLGCP) is formally open, making $185 million in federal grant funding available for SLTT governments. It is the first installment of a four-year, $1 billion program created as a part of the Infrastructure Investment and Jobs Act (IIJA). Funding provided through this program enables SLTT governments to implement cybersecurity solutions that address the growing threats and risks to their information systems.

Specifics on the application process

Now that the application period is open, in order to receive funding, eligible agencies (defined as states or territories) must:

Submit an initial application through the portal at www.grants.gov.
Submit a final application through the Non-Disaster (ND) Grants System by November 15, 2022.
Establish a Cybersecurity Planning Committee.
Submit a Cybersecurity Plan that meets the 16 requirements defined in IIJA and in the Notice of Funding Opportunity (NOFO) and addresses the needs of local governments, including vulnerability management, prioritization and critical infrastructure protection.

More information about the application process and requirements can be found in the Department of Homeland Security Notice of Funding Opportunity (under the “Related Documents” tab) and on the Cybersecurity and Infrastructure Security’s SLCGP website. The 16 requirements for the Cybersecurity Plan are found on pages 68-70 of the NOFO under the “Required Elements” section of Appendix C.

How Tenable can help meet Cybersecurity Plan requirements

Tenable is uniquely positioned to help SLTT governments meet SLGCP grant requirements, like vulnerability management, prioritization and protecting critical infrastructure. Specifically, Tenable’s capabilities can help meet 13 of the 16 Cybersecurity Plan requirements, including:

“Implement a process of continuous cybersecurity vulnerability assessments and threat mitigation practices prioritized by degree of risk to address cybersecurity risks and cybersecurity threats on information systems, applications, and user accounts owned or operated by, or on behalf of, the state or local governments within the state.”
“Implement an information technology and operational technology modernization cybersecurity review process that ensures alignment between information technology and operational technology cybersecurity objectives.”
“Manage, monitor, and track information systems, applications, and user accounts owned or operated by, or on behalf of, the state or local governments within the state, and the information technology deployed on those information systems, including legacy information systems and information technology that are no longer supported by the manufacturer of the systems or technology.”

To learn more about how Tenable helps address these requirements and more, review Meeting IIJA Grant Requirements with Tenable Technologies.

Our risk-based vulnerability management solutions help SLTT agencies bolster their cyber defenses and address common SLTT concerns, such as critical infrastructure protection, implementing a zero trust strategy, protecting against ransomware and securing Active Directory. SLTT governments can reduce risk and strengthen their defenses with the ability to see across their entire attack surface, predict which vulnerabilities attackers are most likely to exploit and act to remediate critical vulnerabilities.

Learn more:

Tenable State and Local Cybersecurity Program Website
Meeting IIJA Grant Requirements with Tenable Technologies
Cybersecurity and Infrastructure Security’s SLCGP
How State and Local Governments and Bolster Their Cyber Defenses

Read More

grafana-9.0.9-1.fc37

Read Time:13 Second

FEDORA-2022-2eb4418018

Packages in this update:

grafana-9.0.9-1.fc37

Update description:

update to 9.0.9 tagged upstream community sources, see CHANGELOG
resolve CVE-2022-35957 grafana: Escalation from admin to server admin when auth proxy is used (rhbz#2128565)

Read More

grafana-9.0.9-1.fc38

Read Time:21 Second

FEDORA-2022-8e5d214237

Packages in this update:

grafana-9.0.9-1.fc38

Update description:

Automatic update for grafana-9.0.9-1.fc38.

Changelog

* Wed Sep 21 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.9-1
– update to 9.0.9 tagged upstream community sources, see CHANGELOG
– resolve CVE-2022-35957 grafana: Escalation from admin to server admin when auth proxy is used (rhbz#2128565)

Read More