DHS & US-CERT Recommended to Disable Java in Web Browsers

DHS & US-CERT Recommended to Disable Java in Web Browsers Unless It's Absolutely Necessary

The running time is proving to be the worst period for Java, as it has been walking under serious security issues. Yet again security researchers have pointed out a zero-day security vulnerability in the Java program that hackers are exploiting. The exploit takes advantage of a vulnerability left open in Java 7 Update 10, released in October last year. It works by getting Java users to visit a website with malicious code that takes advantage of a security gap to take control of users' computers. Thus how Java is being used by cyber criminals to infect computers with malware. Oracle, hasn't specified the number of users who have downloaded Java 7 Update 10. However, Java runs on more than 850 million computers and other devices. When Oracle released Update 10, so it is predictable that more than 850 million devices run by Java is under threat. The exploit was first discovered by French researcher Kafeine, who claimed to have found it running on a site registering hundreds of thousands of page views daily. From that site, immediately that vulnerability and a large number of effected devices has been spotted in the wild. In Java 7 Update 10 the creator of Java, Oracle added several security control and fixed older bugs and promised more security enhancement, but its very unfortunate that Oracle failed to keep their promise. What ever after this newly discovered 0-day hole spotted wildly, Oracle Security Alert CVE-2013-0422 states that Java 7 Update 11 addresses this (CVE-2013-0422) and an equally severe, but distinct vulnerability (CVE-2012-3174). Immunity has indicated that only the reflection vulnerability has been fixed and that the JMX MBean vulnerability remains. Java 7u11 sets the default Java security settings to "High" so that users will be prompted before running unsigned or self-signed Java applets. It "strongly recommends" that Java SE 7 users upgrade immediately to avoid all kind of security hazards. 

After seeing all the drama, many of you have failed to keep trust in Java, and you all will be relieved when you will gone through the security advisory of CERT (Computer Emergency Response Team) where they have clearly instructed to disable Java in your popular web-browser. In their official release CERT said "Unless it is absolutely necessary to run Java in web browsers, disable it as described below, even after updating to 7u11. This will help mitigate other Java vulnerabilities that may be discovered in the future."

You will see similar advice in the advisory posted on the official DHS US-CERT website where DHS also suggested to disable Java until and unless it is that much necessary. "To defend against this and future Java vulnerabilities, consider disabling Java in web browsers until adequate updates are available. As with any software, unnecessary features should be disabled or removed as appropriate for your environment." - said U.S. CERT in their advisory. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">DHS & US-CERT Recommended to Disable Java in Web Browsers"https://www.voiceofgreyhat.com/2013/01/DHS-US-CERT-Recommended-to-Disable-Java.html?m=0</a>

DHS & Public Safety Canada Started Joint Cybersecurity Action Plan

DHS & Public Safety Canada Started Joint Cybersecurity Action Plan

A joint venture Cyber Security plan has been announced by US Department of Homeland Security and Canada. According to the official website of Public Safety Canada - PS Canada along with the Department of Homeland Security (DHS) are pursuing a coordinated approach to enhance the resiliency of our cyber infrastructure. The Cybersecurity Action Plan (the Action Plan) between PS and DHS seeks to enhance the cybersecurity of our nations through increased integration of PS' and DHS' respective national cybersecurity activities and improved collaboration with the private sector. This Action Plan represents just one of many important efforts between Canada and the United States to deepen our already strong bilateral cybersecurity cooperation.

As the Internet knows no borders, all countries have a responsibility to prevent, respond to, and recover from cyber disruptions and to make cyberspace safer for all citizens across the globe. Due to a shared physical border, Canada and the United States have an additional mutual interest in partnering to protect our shared infrastructure. This Action Plan aims to articulate a shared approach to fulfill PS' and DHS' vision of working together to defend and protect our use of cyberspace and to strengthen the resiliency of our nations. These efforts, combined, advance the objectives articulated by President Obama and Prime Minister Harper in the February 2011 declaration, Beyond the Border: A Vision for Perimeter Security and Economic Competitiveness.

This Action Plan outlines three goals for improved engagement, collaboration, and information sharing at the operational and strategic levels, with the private sector, and in public awareness activities, for activities conducted by PS and DHS. The Action Plan establishes lines of communication and areas for collaborative work critical to enhancing the cybersecurity preparedness of both nations. The Action Plan's goals and objectives are to be conducted in accordance with the June 2012 Statement of Privacy Principles by the United States and Canada. This Action Plan is intended to remain a living document to be reviewed on a regular basis and updated as needed to support new requirements that align to the Plan's key goals and objectives. It intends to support and inform current and future efforts to advance the goals of Beyond the Border, which ultimately seeks to enhance broad bilateral cooperation on cybersecurity efforts across both governments.

Goals and Objectives:-

1. Enhanced Cyber Incident Management Collaboration between National Cybersecurity Operations Centers

PS' Canadian Cyber Incident Response Centre intends to work jointly with DHS' United States Computer Emergency Readiness Team and Industrial Control Systems Cyber Emergency Response Team towards the following objectives:

• 1.1 Increase real-time collaboration between analysts by improving existing channels for remote communication and arranging in-person visits;
• 1.2 Enhance information sharing at all classification levels and collaborate on training opportunities, while promoting inter-agency coordination, as appropriate, as well as the proper protections for information, as outlined in the Statement of Privacy Principles;
• 1.3 Coordinate on cybersecurity incident response management, relating to defense, mitigation, and remediation activities and products, including with other public and private entities consistent with each country's laws and policies;
• 1.4 Align and standardize cyber incident management processes and escalation procedures; and
• 1.5 Enhance technical and operational information sharing in the area of industrial control systems security.

2. Joint Engagement and Information Sharing with the Private Sector on Cybersecurity

Due to the shared nature of critical infrastructure between Canada and the United States, PS and DHS intend to collaborate on cybersecurity-focused private-sector engagement for cybersecurity activities for which they are responsible through the following objectives:

• 2.1 Share engagement approaches for private sector;
• 2.2 Exchange and collaborate on the development of briefing materials for the private sector;
• 2.3 Jointly conduct private sector briefings;
• 2.4 Review approaches and align processes for private sector engagement through requests for technical assistance and non-disclosure agreements; and
• 2.5 Standardize protocols for sharing information.

3. Continued Cooperation on Ongoing Cybersecurity Public Awareness Efforts

Cybersecurity is a shared responsibility and everyone, including our citizens, has a role to play. With increased media attention devoted to cybersecurity incidents and with the continuing growth of electronic commerce and social media, it is imperative that citizens receive clear and trustworthy information on how to manage cyber threats to themselves and their families. Ensuring that government's cybersecurity awareness messages are consistent across our border helps to deliver that information effectively and consistently. PS Communications, the DHS Office of Public Affairs, and the National Protection and Program Directorate's Office of Cybersecurity and Communications (CS&C) intend to continue to work together as they:

• 3.1 Collaborate on public awareness campaigns (websites, social media activities, education material, etc.);
• 3.2 Collaborate on Cybersecurity Awareness Month (October); and
• 3.3 Share and coordinate messaging on issues of common interest.

Governance of the Joint Action Plan:-

Senior officials within PS and CS&C intend to review and provide additional guidance in order to update this Action Plan on a quarterly basis. This Action Plan is intended to be a part of broader inter-governmental coordination across government agencies in both the United States and Canada.

To Download The Full Cybersecurity Action Plan Between Public Safety Canada and the Department of Homeland Security Click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">DHS & Public Safety Canada Started Joint Cybersecurity Action Plan"https://www.voiceofgreyhat.com/2012/10/DHS-PSCanada-Started-Joint-Cybersecurity-Plan.html?m=0</a>

Cyber Security Summit Hosted By Department of Homeland Security (DHS)

Cyber Security Summit Hosted By Department of Homeland Security (DHS) 

As part of the national Stop.Think.Connect campaign against cyber threats to computers in the private and public sector, the city of Mesa and the Department of Homeland Security are hosting a cyber security summit at the Mesa Arts Center on Wednesday, Sept. 26. The mayor of Mesa said on Wednesday that interest in the summit is growing, and that there also will be numerous representatives of government from throughout the state and a member of the Secret Service attending the event.  Kelvin Coleman, U.S. Department of Homeland Security director of state, local, tribal and territorial cyber engagement, will be the keynote speaker. Mesa Mayor Scott Smith and District 3 councilman and Mesa Public Safety Committee chair Dennis Kavanaugh also will offer comments and help to facilitate questions during the event. “We use computers every day,” Smith said. “We don’t know how important computers are until they’re breached.”

-:Agenda & Other Details:- 

Date: September 26, 2012

Venue:- Mesa Contemporary Arts - Brown Sculpture Courtyard

1 E. Main Street
Mesa, AZ  85201 

7:30 a.m. Registration & Continental Breakfast sponsored by Siemens

8:30 a.m. Welcome and Opening Remarks

• Mayor Scott Smith
• Councilmember Dennis Kavanaugh

9:00 a.m. Keynote Address

• Mr. Kelvin Coleman, Director, State, Local, Tribal and Territorial Cybersecurity Engagement Program DHS National Cyber Security Division

9:30 a.m. Convenience vs. Security Expert Panel

Current Threats in an increasingly Networked World Panelist Bios

John Meza (Moderator), Assistant Chief, Mesa Police Department

James Choplin, Special Agent, Electronic Crimes Task Force, U.S. Secret Service

Dr. Dee H. Andrews, Ph.D. Senior Research Psychologist, Army Research Institute for the Behavioral and Social Sciences

Kristy Westphal, Director of Security Operation, T-Systems North America

Lonnie Benavides, Red Team Lead, The Boeing Company

Ilene Klein, City of Phoenix Office of Information Security and Privacy

Bill Kalaf, Executive Director - Intelligence-Led Policing, Mesa Police Department

 

During this session, the panel will outline and discuss many of the current threats affecting businesses, local government, users, such as social engineering, security of mobile devices and many of the trending applications on smart phones and PCs.

   

10:30 a.m. Networking Break

   

10:45 a.m. Closing Remarks

• Mayor Scott Smith

11:15 a.m. Adjournment

   

11:30 a.m. Post CyberSecurity Summit Break Out Session:  Methods for training supervisors to detect behavioral indicators of insider threat

Dr. Dee H. Andrews 

Senior Research Psychologist , U.S. Army Research Institute for the Behavioral and Social Sciences 

During this session, participants will get an overview of methods in training supervisors to spot and mitigate the cyber insider threat.  Statistics reveal that approximately 40% of the cyber incidents are caused by insiders.  

If you want to register for the U.S. Department of Homeland Security Cyber Security Summit then click Here. For additional information about Stop.Think.Connect. click Here

-Source (mesaaz.gov)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Cyber Security Summit Hosted By Department of Homeland Security (DHS)"https://www.voiceofgreyhat.com/2012/09/Cyber-Security-Summit-Hosted-By-DHS.html?m=0</a>

DHS Issues Malware Warning Impersonating FBI & US Cyber Command

DHS Issues Malware Warning Impersonating FBI & US Cyber Command

If you think that only innocent computer users are just the only target of cyber criminals, then you are absolutely wrong. Recently United States Computer Emergency Readiness Team, widely known as US-CERT; which is a part of Depertment of Homeland Security's (DHS) National Cyber Security Division has issued an emergency alert wile announcing a new effort by cyber criminals to spread Malware that impersonates Federal law enforcement (FBI) and other government agencies. The malware is a malicious software that installs itself on a users computer without a users permission or knowledge, “displays a screen claiming that a Federal Government agency has identified the user’s computer as being associated with one of more crimes,” reports the US-CERT alert. Explaining further, the malware then instructs the victim “to pay a fine to regain the use of the computer, usually through prepaid money card services.” The appearance of the message displayed on a users screen is intended to seem like a legitimate and official looking warning from the FBI or US Cyber Command. In turn, the impersonation effort by the cyber criminals seeks to leverage this to scare victims into paying the so-called fine immediately.

“Affected users should not follow the payment instructions,” US-CERT recommends, adding, “Users may also choose to file a complaint with the FBI’s Internet Crime Complaint Center.” 

In their release US-CERT states:-

“US-CERT is aware of multiple malware campaigns impersonating multiple U.S. government agencies, including the United States Cyber Command (USCYBERCOM) and the Federal Bureau of Investigation (FBI). Once installed on a system, the malware displays a screen claiming that a Federal Government agency has identified the user's computer as being associated with one or more crimes. The user is told to pay a fine to regain the use of the computer, usually through prepaid money card services.”

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">DHS Issues Malware Warning Impersonating FBI & US Cyber Command"https://www.voiceofgreyhat.com/2012/08/DHS-Issues-Malware-Warning-Impersonating-FBI.html?m=0</a>