Trump Said to Favor Leaving a Few Hundred Troops in Eastern Syria

WASHINGTON — President Donald Trump is leaning in favor of a new Pentagon plan to keep a small contingent of U.S. troops in eastern Syria, perhaps numbering about 200, to combat the Islamic State group and block the advance of Syrian government and Russian forces into the region’s coveted oil fields, a senior administration official said Sunday.

Air alert: 8 dangerous drone incidents

Civilian UAVs are used increasingly frequently for photo and video shooting, cargo delivery, search-and-rescue operations, and other purposes. In the interests of safety — of both the drones and their surroundings — some countries have already introduced rules and restrictions on their use. Alas, not all UAV owners know or follow them. And, like any electronic devices, drones can sometimes get out of hand. What are the potential consequences? Here are some examples.

Kaspersky Antidrone: What it’s for and how it works

Today, hundreds of civil drone models are available for sale — from fairly simple toys to impressive aircraft built to carry substantial weight. Most of them are used for entertainment or aerial video. But, as is the case with almost all technologies, sooner or later someone puts them to malicious use. That creates demand for systems to get rid of unwelcome aerial presence. Demand, in turn, breeds supply, and our enthusiasts have developed a solution called Kaspersky Antidrone.

Does Your Security Awareness Program Put People First?

It is well-known that people are the most important element of cybersecurity, yet many security awareness training programs fail to deliver the expected results. Why do employees fall into the same traps over and over, despite the regular training that companies put their users through?

Avast fights off cyber-espionage attempt, Abiss | Avast

Global software companies are increasingly being targeted for disruptive attacks, cyber-espionage and even nation-state level sabotage, as evidenced by the many reports of data breaches and supply chain attacks over the last few years. At Avast, we constantly work hard to stay ahead of the bad guys and to fight off attacks on our users. It is therefore not so surprising that we ourselves could be a target.

Managing and Responding to Advanced Cyber Risks in the Oil and Gas Industry

To protect the integrity and safety of their business-critical assets, cybersecurity must be a top priority for the oil and gas industry. Although they operate some of the nation’s most critical systems, securing these complex infrastructures can be a huge challenge.In recent years, the oil and gas industry has undergone a complete digital overhaul. Historically, industrial control systems were completely detached from their traditional IT infrastructure. However, due to rapid digitisation and the growth of mobile technology, almost every machine is now connected to the internet. Although this advancement enables engineers to remotely maintain machines and analyse production data, it also exposes industrial machinery to network vulnerabilities.While this digital evolution has greatly improved operational efficiency through analytics, big data and the ability to automate sensitive tasks, it also introduces a whole host of cyber-risks that need to be mitigated. Firms are often faced with a dangerous patchwork of old and new technology. Unfortunately, because these legacy systems were built in a previous technological era, they are simply not designed to be resilient against cyber-threats.The convoluted process of refining oil involves many different industrial control systems and machines. This means there are multiple gateways for hackers to exploit to gain access to their internal network. A successful security breach could bring an oil and gas firm to a complete halt. Last year, Petrofac was hit by a cyber-attack which resulted in the complete shutdown of their servers and critical systems. Because they are completely dependent on digital technology, disrupting these services could result in financial loss, reputational damage and the loss of critical data.Like in most industries, the most common cause of a breach is human error. Malicious attacks can easily spread by clicking on a phishing link or inserting a rogue memory stick into a corporate device. A recent study into the sector by EY found that ‘78% consider a careless member of staff as the most likely source of an attack’.Nonetheless, as the oil and gas industry are dependent on these digital technologies to conduct business, they must ensure they are fully protected by robust security controls. If they fail to do so, the consequences of a cyber-breach could be catastrophic. If a bad actor was able to take control of an industrial system, it could easily develop into a national security risk.How can the oil and gas industry mitigate these threats?It is important to remain vigilant and stay one step ahead of cyber criminals. All firms need to have advanced controls in place which allow them to effectively protect, detect, respond and recover from cyber-attacks.Tripwire and the NIS directiveThe NIS directive was enforced in the UK in May 2018 and is supported by the National Cyber Security Centre. The NIS regulation provides the legal footing to ensure that UK firms can effectively manage and contain cybersecurity breaches, have a cybersecurity incident response team (CSIRT) and a national NIS competent authority.By using Tripwire, oil and gas firms can greatly reduce the time it takes to achieve NIS compliance. Tripwire’s built-in templates can be used to automate tasks which will help firms to:Identify, assess, understand and prioritise security risks which threaten the security of their business-critical systems and internal network.Have an approach to risk assessment which focuses on the possibility of disruption to your essential services. This will help to understand how a cyber-attack may occur and what the associated risks are for your technology ecosystem.Create dynamic and detailed security risk assessments which are constantly updated to reflect new threats and network changes.Validate the effectiveness of security controls to ensure networks and information systems remain cyber resilient.Record dependencies on supporting infrastructure (e.g. power, cooling etc.).Understand the importance of crucial data which is essential for the delivery of service. This includes where it is stored and transmitted as well as how data loss, intrusion or modification would impact business operations.For more information on the NIS Directive please head to the NCSC website: https://www.ncsc.gov.uk/collection/caf/nis-introductionIf you would like to find out more about securing industrial control systems within the oil and gas industry, Tripwire and Equilibrium Security are hosting a webinar on the 12th of November. Please register your interest here: https://tripwire.me/2VWhX5gAbout the author:

Teenagers Are Easily Bypassing Apple’s Parental Controls

“Kids are outsmarting an army of engineers from Cupertino, California,” reports the Washington Post: And Apple, which introduced “Screen Time” a year ago in response to pressure to address phone overuse by kids, has been slow to make fixes to its software that would close these loopholes. It’s causing some parents to raise questions about Apple’s commitment to safeguarding children from harmful content and smartphone addiction.

When Screen Time blocks an app from working, it becomes grayed out, and clicking on it does nothing unless parents approve a request for more time. Or, at least, it’s supposed to work that way. On Reddit and YouTube, kids are sharing tips and tricks that allow them to circumvent Screen Time. They download special software that can exploit Apple security flaws, disabling Screen Time or cracking their parents’ passwords. They search for bugs that make it easy to keep using their phones, unbeknown to parents, such as changing the time to trick the system or using iMessage to watch YouTube videos.

To Mitigate Insider Threats, Time is of The Essence

Insider threats pose myriad challenges to an organization but are often deprioritized in favor of preventing external threats from compromising company assets. It’s a situation further exacerbated by the fact that a good percentage of what actually falls under the category of insider threat is caused by outsiders pulling the strings—leveraging valid, compromised credentials and systems.

Mick Mulvaney seeks Trump damage control over impeachment and more

escalating domestic and foreign policy scandals, ranging from impeachment proceedings in Washington to the US troop withdrawal in northern Syria.” data-reactid=”16″>Senior Trump administration officials were on Sunday scrambling to defend the president from escalating domestic and foreign policy scandals, ranging from impeachment proceedings in Washington to the US troop withdrawal in northern Syria.

10 things you need to know today: October 20, 2019

1.

The Washington Post, The New York Times]” data-reactid=”12″>President Trump announced Saturday night that he is no longer planning to host the 2020 Group of Seven summit at the Trump National Doral Miami resort near Miami, Florida. In a series of tweets Trump explained that his decision was the result of the backlash he received, a fair amount of which was centered around accusations of self-dealing corruption. Trump did not give up the plan lightly, however. In the tweetstorm, he blamed the media and the Democratic party for their “Crazed and Irrational Hostility” and maintained he thought he was “doing something very good for our Country” and was not seeking any profit. The president also said the White House will begin searching for another host site immediately, and Camp David, a presidential retreat in Maryland, is under consideration. [The Washington Post, The New York Times]