New recommendations were released by the NSA and CISA to help cloud service providers, mobile network operators and core network equipment vendors ensure that 5G networks are secure against threat actors planning attacks that would deny access or compromise data, BleepingComputer reports.
The guidance aims to minimize 5G networks’ vulnerabilities in case a 5G cloud system has already been breached, by preventing lateral movements by attackers. This can be done by implementing secure identity and access management protocols, ensuring that 5G cloud software is updated and protected from known vulnerabilities, ensuring that the 5G cloud networking is configured securely, keeping isolated network functions from communicating, watching out for signs of adversarial lateral movement and implementing analytics designed to detect adversarial presence.
Three more parts of the security guidance are forthcoming, each of which focuses on securely isolating network resources; protecting data that are in-use, at rest or in transit; and ensuring 5G infrastructure integrity, respectively.
Ahead of its imminent approval, the Biden administration's proposed executive order mandating U.S. cloud infrastructure-as-a-service providers to strengthen the verification of their users' identities has received industry opposition due to the increased financial and logistical burdens that would arise from such a rule, according to The Record, a news site by cybersecurity firm Recorded Future.
U.S. independent record label Empire Distribution, which has worked with Kendrick Lamar, Snoop Dogg, and 50 Cent, had its sensitive data exposed as a result of an environment file misconfiguration, Cybernews reports.
A look back at the Heartbleed bug and measuring its’ legacy, impact and how some view one of cybersecurity’s biggest headaches as an important learning moment.