Author: Admin

The move to cloud is not slowing down – spending by Federal civilian agencies on cloud computing could reach $8.3 billion in Fiscal Year (FY) 2025. But despite years of guidance (from Cloud First to Cloud Smart) on how agencies should tackle that journey, cloud adoption remains an unfulfilled priority for the government. In fact, the 17th Federal IT Acquisition Reform Act (FITARA) scorecard included a new cloud scoring category – which subsequently caused agency scores to decline. This…

Manish Limaye Pillar #1: Data platform  The data platform pillar comprises tools, frameworks and processing and hosting technologies that enable an organization to process large volumes of data, both in batch and streaming modes. Organizations must decide on their hosting provider, whether it be an on-prem setup, cloud solutions like AWS, GCP, Azure or specialized data platform providers such as Snowflake and Databricks. They must also select the data processing frameworks — such as Spark,…

Global law enforcement agencies have seized 27 popular platforms used to launch Distributed Denial-of-Service (DDoS) attacks to take websites offline. Three administrators have been arrested in France and Germany and over 300 users were identified for planned operational activities. The operation, known as PowerOFF, sought to disrupt cybercriminals’ attempts to disrupt the festive season with such attacks. Europol noted that this is a peak period for DDoS attacks. The platforms that have been disrupted are…

Web browsers and email clients are used to interact with external and internal assets. Both applications can be used as a point of entry within an organization. Users of these applications can be manipulated using social engineering attacks. A successful social engineering attack needs to convince users to interact with malicious content. A successful attack could give an attacker an entry point within an organization. CIS Control 9 provides several safeguards to ensure the safety of external…

The US government has sanctioned a Chinese cybersecurity company and one of its employees for their involvement in the large-scale compromise of firewalls in April 2020. The hacked firewalls were exploited to install malware and deploy ransomware worldwide. Victims included US critical infrastructure firms and could have resulted in serious injury or loss of life. The Department of the Treasury’s Office of Foreign Assets Control (OFAC) indicted Sichuan Silence Information Technology Company, Limited (Sichuan Silence) and…