Mediaboss Marketing

The British sheep sector will be heavily showcased as part of the Coronation celebrations, with the King being a strong advocate for lamb and mutton.

King Charles' support for British sheep farmers and his passion for lamb and mutton are well documented.

Thousands of finely crafted woollen military uniforms will feature in the celebrations, and lamb will be a feature ingredient on the official Coronation menu.

In 2004, the King, alongside the sheep sector, launched the Mutton Renaissance campaign, which promoted the eating of quality mutton.

The campaign brought farmers, abattoirs, chefs and retailers together and set minimum standards for Renaissance mutton ensuring its eating quality and traceability.

It is also reported that the King regularly requests sustainably produced sheep meat be served in his royal residences.

And it is lamb, used in a recipe from celebrity chef Ken Hom, that is to be enjoyed as part of the Coronation menu.

The National Sheep Association (NSA) said it "comes as no surprise" to see the sector feature heavily in the Coronation celebrations.

The body said the sustainable farming methods used to rear sheep in the UK were "in tune with the Kings environmental values".

"It has produced sheep breeds that are adapted to their local conditions and so maintain and enhance that environment for us all to enjoy," the NSA said.

"This celebration of sustainability, agricultural heritage and culture are also key elements of the British Heritage Sheep project, run by NSA."

Bob Kennard, from the project said King Charles support for British lamb and mutton had shared a positive message on behalf of the farming community.

"His Majesty has also championed small local abattoirs, which have been in long-term decline, yet are essential to the short supply chains which enable farmers to tell the story of their meat," he said.

"His awareness of rural issues such as this will be highly appreciated by the communities living in these areas

King Charles is also a Patron of the Campaign for Wool. As highlighted by this campaign, wool will be a feature of many parts of the Coronation.

Read the original:
Sheep sector in spotlight as part of King Charles' Coronation - FarmingUK

LAS VEGAS (KLAS) Cyberattacks on companies and people are at an all-time high. At the moment, there are just not enough cybersecurity professionals in the country to help protect the world wide web.

Right now, there are three quarter million open positions in cyber security we a have a huge challenge in this country, UNLV Computer Science professor, Yohwan Kim said.

Kim helps run the GenCyber Camp at UNLV, a National Security Agency and National Science Foundation-funded cybersecurity camp for CCSD high school students.

My big wish with this industry is to just bring about innovation in the world, Leonard Guerrero said.

Guerreros dreams are out of this world. Guerrero is a junior at Clark County Adult Education. He said hes constantly studying cybersecurity. The GenCyber camp has helped him take his aspirations and talents to new heights.

Its a great, fun, intuitive program to network and communicate with other students who are passionate about the same things, Guerrero said.

He joined 60 students from all over the county on Saturday at the UNLV College of Engineering for the summer session of the GenCyber Camp.

Kim has been running the program with UNLV computer science professor, Juyeon Jo, since it started five years ago and told 8 News Now that the country needs young minds like Guerreros.

We do need to defend our system we need to protect our assets and we dont have that many experts to protect ourselves, Jo said.

Thats where UNLV comes in. The hope is that students from the GenCyber camp will return to UNLV to study computer science and cybersecurity. Some of the campers already have. A few are now teacher assistants in this summers program.

After this camp, they realize how this field is interesting and that its good and they choose the computer science major and then become a cyber security expert, Jo said. Were excited to see them growing and showing those who are also interested.

CCSD high school participants learn from cybersecurity experts about topics such as cybercrimes and protection, encryption techniques, and more through hands-on activities.

We want to give them impress on the cybersecurity, its not just technical stuff butits fun more like its fun. So, they can choose the cybersecurity career, Kim said.

The no-cost program is offered each year across three seasons to about 60 students all passionate about the same thing: cybersecurity.

When youre in contact with other children that are like doing the same thing it kind of just boosts your passion, Guerrero said.

The theme for 2023 is helping the community. Students assess small businesses systems and offer better solutions.

When youre in contact with other children that are like doing the same thing it kind of just boost your passion, Jo said.

Protectors of the world wide web, its something Guerrero told 8 News Now is what he and his GenCyber camp mates are working so hard for.

Having a world where you can be very protected, and you can just be safe. Its a crazy world out there, especially in the digitized world, Guerrero said.

You can still sign your child up for the Fall session and of course the 2024 sessions. Find out more about the GenCyber camp here.

Here is the original post:
UNLV teaching next generation of cybersecurity professionals with NSA-funded GenCyber Camp - KLAS - 8 News Now

SAN FRANCISCO Russian hackers are focused on using ransomware to attack supply chains both within Ukraine and in European countries being used to provide weapons and humanitarian aid in support of the Ukrainian war effort, a top National Security Agency official said Wednesday.

And as the war drags on, Russian hackers could be looking to attack logistics targets more broadly, including in the United States, said Rob Joyce, the NSAs director of cybersecurity. The NSA is seeing a significant amount of intelligence gathering into the Western countries, to include the U.S., in that logistics supply chain, Joyce said during a briefing at the RSA Conference.

There are no indications yet that any U.S. companies have been attacked with ransomware in connection with logistics related to Ukraine, he added, noting that how the United States would respond to such a scenario would be a policymaker question. If Russia broadened its attacks beyond Ukraine and its near abroad, that would represent a significant escalation in tactics and capabilities,Joyce said.

Military and humanitarian supplies especially lethal aid from the United States and European countries have played a pivotal role in Ukraines relatively successful effort to fend off the Russian invasion. The U.S. has provided Ukraine with nearly $30 billion in support along with a range of military equipment, including tanks and ammunition. The conflict in Ukraine marks the first time in the history of the European Union that the bloc has supplied lethal aid to another country.

Undermining that external support could provide a boost to the Russian war effort. I think theyre trying to figure out what is the way to disrupt the logistics internal to Ukraine, but especially all of the surge that the West has been able to bring forth, both lethal and the humanitarian goods flowing in, Joyce said.

Joyces warning on ransomware attacks on supply chains comes six months after the first publicly known instance of such an attack. In October, the Russian military intelligence hacking unit known as Sandworm targeted transportation and logistics companies within Ukraine and Poland with ransomware in October, according to Microsoft researchers.

That attack relied on a previously unidentified ransomware variant dubbed Prestige, and some observers perceived the decision to deploy ransomware against supply chains in Poland, a NATO member, as an escalation in Russias willingness to use its cyber capabilities to prosecute the war beyond Ukrainian borders.

More here:
NSA sees 'significant' Russian intel gathering on European, U.S. supply chain entities - CyberScoop

SAN FRANCISCO Artificial intelligence, particularly generative forms such as ChatGPT, was on the lips and minds of many cybersecurity professionals at the RSA Conference, including Rob Joyce, director of cybersecurity at the National Security Agency.

You cant walk around RSA without talking about AI [and] machine learning, Joyce said during a keynote about the state of cyberthreats, emerging risks and predictions for the year ahead.

Generative AI is a technological explosion, Joyce said. I wont say its delivered yet, but this truly is some game-changing technology thats emerging.

Cybersecurity professionals have concerns about AI and large language models fueling more dangerous and sophisticated attacks. That hasnt happened yet, but it could within a year, according to Joyce.

The NSA is tracking advancements for defenders and adversaries, and focusing on three areas as ChatGPT and other generative AI tools gain momentum. Here is what theyre watching.

How adversaries ultimately leverage generative AI and what they do with it remains a top, but not overwhelming concern.

I dont expect some magical technical capability that is AI generated that will exploit all the things, Joyce said.

Adversaries linked to nation states and criminal organizations are just starting to experiment with ChatGPT in their workflows, according to Joyce. Generative AI will eventually reduce the cycle and dwell time for attackers and its already enabling more effective phishing attacks.

AI will help threat actors rewrite code, changing the signature and attributes, to give it a unique look and feel that will impose challenges on defenders in the near term, Joyce said.

Buckle up, Joyce said. A year from now I think well have a bunch of examples of where its been weaponized, where its been used and where its succeeded.

On the fringes of generative AI advancement, Joyce and his colleagues at the NSA are cautiously tracking how adversaries might sow distrust or poison the well-intentioned operation of AI, rendering its benefits ineffective.

As people understand models are out there, theres going to be folks who look to manipulate them, Joyce said. How do we get trust and assurance in some of the things that were going to start counting on in generative AI and other models?

The NSA is also studying how defenders can use AI or machine learning to regain advantages.

Its showing real promise in being able to do rote things at scale scanning across massive amounts of logs, being able to pull patterns out to be able to correlate known CVEs and other things into your data streams, Joyce said.

Generative AI is especially impressive when used to add machine-like focus to troves of data and help defenders prioritize activities.

Thats the accelerant for defense, Joyce said. Its a huge amplification capability to make our defenders better, and I think youll see some of that emerge as well.

Follow this link:
3 areas of generative AI the NSA is watching in cybersecurity - Cybersecurity Dive

By now, most of the industry has realized were seeing a shift from the legacy perimeter-based security model to an identity-centric approach to cybersecurity. If defenders havent realized this, malicious actors certainly have, with 80% of web application attacks utilizing stolen credentials and 40% of breaches that dont involve insider threats and user error involving stolen credentials, according to sources such as the 2022 Verizon Data Breach Investigation Report.

Compromised credentials were involved in incidents such as the 2021 Colonial national gas pipeline breach, the 2021 Oldsmar Florida water treatment plant attack, and an attack on the South Staffordshire water treatment plant in the UK in 2022, illustrating that these incidents can and have spilled over from the digital realm to the physical, impacting critical infrastructure.

Luckily, were seeing a change in the industry to pivot to a zero-trust model of cybersecurity, underpinned by an emphasis on identity and data rather than the legacy castle-and-moat approach that preceded it and led to several decades of brittle defense and massive data breaches. This pivot includes guidance from leading organizations such as the National Security Agency (NSA), which in conjunction with the Cybersecurity and Infrastructure Security Agency (CISA) recently released a Recommended Best Practices for Administrations - Identity and Access Management (IAM) guide.

The guidance opens by discussing the current threat landscape along with an overview of threat mitigation techniques. The NSA points out that some of the most common techniques used by malicious actors include activities such as creating new accounts to maintain persistence, exploiting vulnerabilities to forge authentication assertions, exploiting existing users and their access, and exploiting insecure system defaults and configurations. The guides most salient sections are dedicated to identity governance, environmental hardening, identity federation and single sign-on (SSO), multifactor authentication (MFA), and auditing and monitoring, which we will discuss below.

Identity governance helps organizations centralize and orchestrate activities associated with both user- and non-person entities (NPE) such as service accounts to align with their organizational policies. These activities cover the entire lifecycle of an account or identity, such as when an individual joins, moves, or leaves an organization or a team, triggering activities associated with their credentials and associated permissions. That same concept applies to NPEs such as machine-based identities that need credentials and permissions to carry out activities within an architecture.

Determining who has access to what and the risks associated with that access and then dynamically managing the access appropriately is no easy task. Identity governance enables a centralized approach to ensure the broad application of organizational policies, as well as mitigating risks such as identity sprawl and permission creep, in which individuals accounts are properly managed but their associated permissions regularly extended beyond what they actually need for their jobs. When this occurs and those credentials are compromised or abused, it can wreak havoc on organizations.

Leveraging innovative and emerging technologies, organizations can enable this governance while also taking advantage of capabilities such as conditional-based access control and dynamic least-permissive access control rather than long-lived credentials and access. Implementing identity governance can help mitigate attacks such as phishing, insider threats, and malicious actors creating accounts to maintain persistence beyond their initially compromised account. The NSA guidance also recommends utilizing privileged access management (PAM) solutions for advanced capabilities such as just-in-time access control.

Identity governance utilizes hardware, software, and digital environments to enable its implementation, and this is where environmental hardening comes into play. The NSA guidance points out that environmental hardening activities such as patching, asset management, and networking segmentation, along with other security best practices are key to mitigating the potential for compromised credentials, as well as limiting the blast radius, should an incident occur.

It is well known that malicious actors regularly try to compromise IAM components, so ensuring the security of environments in which those components operate is a key consideration. This includes performing activities such as creating a comprehensive asset inventory, understanding the connectivity of the assets youve identified, and protecting assets appropriately based on how critical they are to a business. You dont apply the same level of resources and rigor to a publicly available, non-sensitive system as you do to your crown jewel systems, for example.

Knowing that credentials are a key target for malicious actors, utilizing techniques such as identity federation and single sign-on can mitigate the potential for identity sprawl, local accounts, and a lack of identity governance. This may involve extending SSO across internal systems and also externally to other systems and business partners.

SSO also brings the benefit of reducing the cognitive load and burden on users by allowing them to use a single set of credentials across systems in the enterprise, rather than needing to create and remember disparate credentials. Failing to implement identity federation and SSO inevitably leads to credential sprawl with disparate local credentials that generally arent maintained or governed and represent ripe targets for bad actors.

SSO is generally facilitated by protocols such as SAML or Open ID Connect (OIDC). These protocols help exchange authentication and authorization data between entities such as Identity Providers (IdP)s and service providers. It is key for organizations utilizing SSO to understand the protocols involved as well as how the service providers involved have secured the protocols and the services themselves. The guidance provides a logical depiction of an example authorization data flow.

Best practices for implementing identity federation and SSO include knowing what systems in the environment are integrated with SSO or utilizing local identities, understanding how your trusted partners may leverage local accounts, and utilizing configuration management solutions to support identifying, tracking, and reporting on local account usage in an environment while working to get more systems federated and integrated with SSO to cut down on local account usage and its associated risks.

By now, most CISOs should be familiar with MFA. But for those who arent, at a high level, MFA requires users to utilize multiple factors as part of their authentication activities. Think of a username and password plus an SMS text or code sent to an authentication app on your phone. As shown in the NSA guidance, these factors typically take the form of using something you have, know, or are (such as biometrics) as validation tools.

We know that malicious actors are after credentials to carry out their activities and the use of MFA significantly decreases the risk of compromised credentials, particularly high-assurance approaches such as phishing-resistant MFA.

MFA helps mitigate situations in which passwords have been exposed through external system compromises or by unauthorized users who convince victims to share their passwords. The use of strong MFA form factors ensures that the exposure of a username and password alone wont leave an account compromised. The NSA guidance ranks MFA types, from weakest to strongest as SMS or voice, app-based MFA, and phishing-resistant MFA such as PKI-based systems and fast-identity hardware tokens (FIDO).

It is often said that many organizations are already compromised they just dont know it yet. This is where activities such as identity access management auditing and monitoring come into play, with value beyond compliance purposes: it helps identify anomalous or malicious activity present in an environment.

IAM auditing can provide insight into how systems are being used or abused, detect problems earlier in their lifecycle, aid in gathering forensic evidence which may be needed later as well as ensure privileged users know their activities are being monitored.

To prepare to implement successful and effective IAM auditing and monitoring, organizations need to first understand what normal behavior is, be familiar with organizationally defined policies and processes, as well as identify users with access to critical assets so they know what users and activities are the most critical to audit and monitor.

Organizations also need to ensure they have sufficient tooling and analytical capabilities in place to make use of the collected data and telemetry, as well as ensuring they have tooling in place to gather and consolidate it, to begin with. Organizations will also want to ensure they are not collecting noise and irrelevant data that simply distract from signals that are of real concern and pose risks to the organization.

Organizations looking to implement NSA-recommended identity and access management (IAM) protocols, the agency provides an appendix in the guidance that provides a detailed checklist for each of the areas discussed throughout this article. This provides a quick punch list approach to allow organizations to tackle the most pressing and key activities when it comes to securing their IAM processes and systems.

See the original post:
Embracing zero-trust: a look at the NSAs recommended IAM best practices for administrators - CSO Online