Tag

Zero Trust

All articles tagged with #zero trust

cybersecurity2 years ago•1 min saved

CISA mandates security for Internet-exposed network devices in federal agencies.

CISA has issued a binding operational directive (BOD) ordering federal civilian agencies to secure misconfigured or Internet-exposed networking equipment within 14 days of discovery. The directive applies to networked devices with Internet-exposed management interfaces, such as routers, firewalls, proxies, and load balancers. Federal agencies have 14 days to either restrict access to the networking equipment's interface to the internal network or implement Zero Trust measures to enforce access control to the interface via a policy enforcement point separate from the interface itself. CISA will conduct scans to identify devices and interfaces falling within the directive's scope and provide technical expertise to help agencies secure devices.

via BleepingComputer|

#cisa #cybersecurity #federal-agencies

technology2 years ago•2 min saved

Protecting Your Car from High-Tech Thieves

Thieves have found a new way to bypass electronic security on modern cars by using a method called CAN injection, which relies on physical access to a car's CAN bus. By tapping into the data wires that run through a car, a thief can inject malicious commands into the network, allowing them to wake up the car's computer controllers, falsify the presence of the car key, and drive off. This attack requires a thief to partially disassemble the target car, but it entirely bypasses the car's key, unlike relay attacks that simply extend the key's radio range. Automakers can implement a "zero trust" approach to stop these kinds of attacks, but it would require a new commitment to security.

via Jalopnik|

#auto-theft #can-injection #car-security