HTCS Blogs
now browsing by category
#cybersecurity | #hackerspace | Single Sign-On Solutions for Education
Source: National Cyber Security – Produced By Gregory Evans
By Megan Anderson Posted December 14, 2019
The IT staff at educational institutions see the need for implementing cutting-edge technologies, but work on a razor-thin budget. Paradoxically, that often means that the identity and access management (IAM) infrastructure at schools and universities exists somewhere between innovative and outdated.
For instance, educational institutions would ideally be able to grant their users — both students and staff — one identity per person. This identity would work campus-wide, as well as for any third-party solutions the institution requires.
However, most single sign-on (SSO) solutions are outside the budget. As such, IT admins of educational institutions usually settle on less-than-ideal arrangements to compensate. The options for schools might seem limited, but let’s evaluate the solutions.
Single Sign-On Compromises
When it comes to identity and access management (IAM), many educational institutions are stuck in one of three less-than-desirable scenarios:
- Relying completely on a legacy system such as Microsoft® Active Directory® (AD) or OpenLDAP
- Relying on G SuiteTM or Office 365TM as their sole identity provider (IdP)
- Effectively going unmanaged — users simply log in to each IT resource separately
Unfortunately, each of these approaches comes with its own challenges.
The Cost of Active Directory and OpenLDAP
Both AD and OpenLDAP require dedicated servers on-prem, which need to be maintained. Any IT admin responsible for these servers knows how pricey they can be. Plus, in order to run AD, you need to renew the Windows® license. Additionally, if you haven’t upgraded your AD server since 2008, you’re going to need to buy a new one.
Moreover, AD does not extend its identities to non-Windows cloud applications. This forces users to have multiple credentials that need to be managed separately, leading to inefficiencies in workflow for both the end user and the IT department. Also, if staff are able to bring in their own devices, there’s no guarantee they will all be Windows machines, meaning that those with Mac® or Linux® machines will require many workarounds to manage.
This is especially important to note as Mac machines (Read more…)
The post #cybersecurity | #hackerspace |<p> Single Sign-On Solutions for Education <p> appeared first on National Cyber Security.
View full post on National Cyber Security
#cybersecurity | #hackerspace | Pensacola Hit with Ransomware Attack | Avast
Source: National Cyber Security – Produced By Gregory Evans
The city of Pensacola, Fla. is recovering from a ransomware attack by the Maze group, which shut down the city the day after a shooting at its Naval Air Station. Maze, which has launched other recent U.S. ransomware attacks, told Bleeping Computer the attack was not related to the shooting, which is being investigated by the FBI as possible terrorism. “We did not know about this,” Bleeping Computer reportedMaze as saying. “It is just coincidence.”
The Florida panhandle city reported Thursday that it has recovered email and landline phone connections. Emergency services were not affected by the attack, which sought a $1 million ransom, Maze told Bleeping Computer.
On Monday Maze operators claimed responsibility for an attack against the wire and cable company Southwire, based in Carrollton, Ga., about 300 miles north of Pensacola. Last month Maze hit security staffing firm Allied Universal with another ransomware attack. “There is a wave of ransomware attacks targeting companies and institutions all over the world,” Avast Security Evangelist Luis Corrons said. “These attacks are so disruptive that many victims opt to pay the ransom, making this type of attack really profitable, and therefore the number of victims is growing every day.”
This week’s stat
Most people say they will get online for work over the holiday break – one-third say they will several times a day. Learn how to stay safe while working remotely.
Influencer gets 14 years for armed domain robbery scheme
The U.S. Department of Justice issued a press release announcing that Rossi Lorathio Adams II, a 27-year-old social media influencer in Iowa who goes by the online name “Polo,” has been sentenced to 14 years in federal prison for plotting an armed home invasion to coerce the owner of doitforstate.com to transfer the domain name. Adams recruited his homeless cousin Sherman Hopkins, Jr. to perpetrate the home invasion. The victim wrestled the gun from Hopkins hands, shot him, and called the police. Hopkins survived the shooting and was sentenced to 20 years in prison.
DoJ arrests 3 for BitClub Ponzi scheme
The U.S. Department of Justice has arrested three men for allegedly running a cryptocurrency Ponzi scheme that defrauded investors of $722 million. The men ran a company called BitClub Network, a membership-based organization that allowed users to buy shares of various crypto-mining pools. The DoJ says those pools never existed. Emails between the three BitClub owners revealed that they called their clients “idiots” and “sheep.” All three face charges that could result in prison time as well as fines up to $250,000. Read more on ZDNet.
This week’s quote
“Our business involves families’ babies, and our goal is for the food, experience, and cybersecurity to be healthy in every way.” – Melissa Blake, winner the Avast Sharks Startup Challenge for her company, Sweet Pea Spoons
Over 460,000 Turkish payment cards for sale on dark web
Researchers have spotted a mass batch of stolen credit card and bank card details from Turkey’s top ten banks. Sellers were offloading the card details at costs ranging from $1-$3 per card. The card records are known as “fullz,” which means they contain all pertinent info a user would need to make online payments with them, from name and street address to the CVV number. Read more on Bleeping Computer.
North Korea uses cybercrime-as-a-service
The notorious state-backed Lazarus Group in North Korea has deployed a new malware package created by the equally notorious TrickBot malware developers, Dark Reading reported. The revelation is part of a growing trend noted by cybersecurity experts, wherein national governments are more frequently using the services of common malware developers, even getting access to already infected systems that they can then compromise further. Researchers observed the Lazarus Group using the newly developed Anchor, a TrickBot-associated malware that specializes in stealth and data theft.
This week’s ‘must-read’ on The Avast Blog
Ever wonder about the three little numbers on your credit card – and who you shoiuld and shouldn’t disclose them to? Learn all about the card verification value (CVV).
750,000 applications for duplicate birth certificates exposed
A U.K. information security company discovered an unprotected Amazon Web Services bucket online filled with over 750,000 applications for duplicate U.S. birth certificates. The data belonged to a company which has not yet been named, but the information at risk included its customers’ contact information, past addresses, family names, and reasons for requesting the duplicate certificates. The oldest of the applications date back to 2017. Read more on TechCrunch.
Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN. Get advertisers off your back and disguise your online identity for greater privacy with Avast AntiTrack.
The post #cybersecurity | #hackerspace |<p> Pensacola Hit with Ransomware Attack | Avast <p> appeared first on National Cyber Security.
View full post on National Cyber Security
#cybersecurity | #hackerspace | Litany of Bad Behavior At Bezos’ RING
Source: National Cyber Security – Produced By Gregory Evans Based on outrage as to the marketing tactics of Amazon’s RING unit (and the serious flaws discovered weekly with this hardware home security solution), I predict signifant lawfare targeting the company, for both it’s privacy related SNAFUs (and the product line’s deep security flaws) as well […] View full post on AmIHackerProof.com
#school | #ransomware | Latest Louisiana news, sports, business and entertainment at 1:20 a.m. CST
Source: National Cyber Security – Produced By Gregory Evans
METAIRIE, La. (AP) — Authorities in Louisiana say a woman has been arrested for pretending to be an attorney and stealing $2 million from a client with special needs. Kristina Galjour was arrested Thursday and charged with bank fraud, computer fraud, theft valued over $25,000, exploitation of the infirm and illegally practicing law without a license. The 57-year-old victim has a developmental disability and inherited a trust fund after his parents died. Jefferson Parish Sheriff’s Capt. Jason Rivarde says Galijour coerced the man into thinking she was an attorney and over a three-year period she emptied his $2 million trust fund. The investigation is ongoing. It’s unclear whether Galijour has an attorney.
The post #school | #ransomware | Latest Louisiana news, sports, business and entertainment at 1:20 a.m. CST appeared first on National Cyber Security.
View full post on National Cyber Security
#cybersecurity | #hackerspace | Bitglass SASE wins Global 2000 enterprise
Source: National Cyber Security – Produced By Gregory Evans This Global 2000 company had racks of the latest boxes from the leading next-gen firewall vendor for its corporate locations. As the enterprise moved applications to the cloud, the firewall vendor recommended more boxes at the perimeter. Plus the fancy firewall-as-a-service for mobile users on the […] View full post on AmIHackerProof.com
#hacking | Gopinath Munde memorial to claim 110 trees
Source: National Cyber Security – Produced By Gregory Evans
Aurangabad: More than 100 trees may face the axe for a proposed memorial to BJP stalwart Gopinath Munde here in Maharashtra, the latest in a series of controversial projects requiring hacking of trees.
The government’s public works department (PWD) has sought permission from the local civic body for felling 110 trees for construction of late Munde’s memorial in Aurangabad in central Maharashtra, an official said on Friday.
Soon after coming to power last month, the Shiv Sena- led government stayed construction of a Metro carshed in Mumbai’s Aarey Colony, a green belt where over 2,000 trees have already been cut for the project.
Then reports emerged that some 1,000 trees need to be felled for a proposed memorial to Shiv Sena founder Bal Thackeray here. This memorial has been planned at Priyadarshini Garden in the Cidco area of the city.
Early this week, Sena leader and former Aurangabad MP Chandrakant Khaire said Chief Minister and party chief Uddhav Thackeray had given “oral orders” against felling of trees for the proposed memorial of his father.
Munde’s memorial has been planned on Jalna Road on a piece of land belonging to the state government’s milk scheme department. “We have received a letter from the public works department in which they have asked for permission to cut down 110 trees.
They have mentioned the place where memorial of Gopinath Munde is planned,” said Garden Superintendent Vijay Patil adding, “We will forward the application to the tree committee of the Aurangabad Municipal Corporation.”
The post #hacking | Gopinath Munde memorial to claim 110 trees appeared first on National Cyber Security.
View full post on National Cyber Security
#deepweb | Lime Scooter Accounts Are Being Sold on the Dark Web
Source: National Cyber Security – Produced By Gregory Evans
On the dark web, there are plenty of people looking for a free ride. Or at least a very cheap one. A vendor on a dark web marketplace is advertising what they say are accounts for the scooter service Lime.
“This account is used free to locate rental scooters (with a random life),” a listing on a dark web market reads, referring to finding scooters that may be available to use. The vendor says they have accounts for both the European Union and the U.S.
“The accounts sold here are functional and verified. They are unique for sale. Once sold, the accounts are automatically deleted from my database,” the advert continues. The listing offers one account for €13.
Lime, like a wealth of other companies entering this space, lets users quickly rent scooters across major cities. Motherboard recently reported how Los Angeles wants scooter companies like Lime, Bird, and Uber’s JUMP to provide real-time location data of the scooters for city planning purposes, although activists have privacy concerns around the sharing of this data.
Armed with one of these accounts, it seems a customer wouldn’t need to pay Lime for using its scooters. The vendor has some conditions over using the accounts.
A section of the dark web listing offering Lime accounts. Image: Motherboard
“Do not change anything on the account (email/password etc),” they write. “Do not share the account (s).”
A Lime spokesperson said in a statement, “While this is not caused by any Lime security vulnerability, this illegal and dangerous behavior is absolutely against Lime policy and will not be tolerated on the Lime platform. We strongly remind our users that sharing account access information with any third party is against our user agreement and can expose them to significant cybersecurity risk.”
Lime added that it will be migrating iPhone users to Apple ID login in the future, and that the company does not allow people to use any password that has already appeared in HaveIBeenPwned’s leaked password list. The HaveIBeenPwned database, maintained by security researcher Troy Hunt, contains email addresses, usernames, and plaintext and hashed passwords from data breaches.
Motherboard previously discovered Uber accounts for sale on the dark web in 2015. Hackers were able to access these by using previously compromised passwords from other services.
Subscribe to our cybersecurity podcast, CYBER.
This article originally appeared on VICE US.
Source link
——————————————————————————————————
The post #deepweb | <p> Lime Scooter Accounts Are Being Sold on the Dark Web <p> appeared first on National Cyber Security.
View full post on National Cyber Security
#cybersecurity | hacker | Maze ransomware possibly behind Southwire attack
Source: National Cyber Security – Produced By Gregory Evans Wire and cable manufacturer Southwire is in the recovery phase from a ransomware attack that struck on December 9 knocking a large portion of the company offline. Published reports state Maze ransomware was the weapon of choice and that the attackers demanded an 850 bitcoin, about […] View full post on AmIHackerProof.com
#cybersecurity | #hackerspace | Over 750,000 Applications for US Birth Certificates Left Exposed Online
Source: National Cyber Security – Produced By Gregory Evans
Quick question, were you born in the United States? Have you recently applied for a new copy of your birth certificate? Well, you could be one of the unfortunate people whose birth certificate application was left exposed online.
It has been reported that more than 750,000 applications for copies of U.S. birth certificates have been left exposed without any access control in a misconfigured cloud server within an Amazon Web Services (AWS) storage bucket.
*** This is a Security Bloggers Network syndicated blog from comforte Insights authored by Thomas Stoesser. Read the original post at: https://insights.comforte.com/over-750000-applications-for-us-birth-certificates-left-exposed-online
The post #cybersecurity | #hackerspace |<p> Over 750,000 Applications for US Birth Certificates Left Exposed Online <p> appeared first on National Cyber Security.
View full post on National Cyber Security
Facebook will target ads based on your Oculus VR data – Naked Security
Source: National Cyber Security – Produced By Gregory Evans Exploring District 06 in Boneworks with your Oculus virtual reality (VR) rig? WATCH OUT!!!!! It’s jam-packed with traps, obstacles, Nullmen zombies who’ll attack you on sight, and now, thanks to the zuckerborgians, you’re going to be stalked: followed right out of the virtual experience and into […] View full post on AmIHackerProof.com
D5 Creation