now browsing by tag


#deepweb | My sensible son, 17, died after taking painkiller Tramadol on a night out

Source: National Cyber Security – Produced By Gregory Evans

A MUM has revealed her heartache over her teenage son’s death – after taking prescription drugs a friend bought on the dark web.

William Horley, 17, from Herne Bay, Kent, had an accidental overdose on painkiller Tramadol, which he took on a night out in July last year.


William Horley, 17, died after an accidental overdose on Tramadol painkiller Credit: Prime Features Agency

His mum Kim Webster, 48, told how her son was a sensible lad who didn’t normally do drugs – and knew his future career in the army had a zero tolerance policy.

The project manager said: “Will wasn’t a drug addict. This was an awful accident, a teenager out having fun his friends, making a momentary bad decision and paying the ultimate price.

“Such a terrible waste of a promising young life. Tramadol is a prescription drug and as a naive young person, my son would have assumed that made it safe.

“But of course it isn’t. Any drug is dangerous if it’s not prescribed and not taken in the correct dosage.”

The teen was due to join the Army in three months' time


The teen was due to join the Army in three months’ timeCredit: Prime Features Agency

Kim has another son Jack, 22, and twin stepdaughters Hannah and Zoe, 24, through her husband Rob, 53, a builder.

She added: “Will was 6ft 6ins tall, a handsome, sports-mad lad who’d achieved his long term ambition and been accepted into the Royal Artillery.

“He was due to join the army just three months after he passed away. In the meantime, he had a job waiting tables in a restaurant.

“Will was a sensible boy and we had talked about drugs. He always told me ‘Mum, I’m not stupid. I’m going into the army which has a zero tolerance drugs policy’.

“There was one occasion when I caught him smoking a joint and gave him a real rollicking – but what teenager hasn’t done that?

“I had no fears about my son getting involved with drugs, because I believed he’d never put his future in jeopardy.”

Will wasn’t a drug addict. This was an awful accident, a teenager out having fun his friends, making a momentary bad decision and paying the ultimate price

Tracy Webster48

On the day Will died, July 23, he went to the beach in Whitstable with some friends for some beers – after a 12-hour shift working at the seaside town’s Oyster Festival.

Kim said: “I didn’t think anything of it. My last words to him were ‘have a good time and don’t be too late, the key’s under the mat’.

“I went to bed as usual. At 5am the next day, I woke with an uneasy feeling.

“I went into Will’s bedroom and he wasn’t there. That wasn’t typical for him, so I woke my family.

“They thought he’d probably crashed at a friend’s house but I had a nagging feeling something must be wrong.”

Will's mum Tracy says he didn't do drugs because he knew they could jeopardise his future career in the army


Will’s mum Tracy says he didn’t do drugs because he knew they could jeopardise his future career in the armyCredit: Prime Features Agency

Will wasn’t answering his phone, and neither were any of his mates, so his mum set off to look for him in her car.

Kim said: “A couple of hours later, I phoned the restaurant where he worked.

“The manager told me he hadn’t turned up for his shift, but there was a call from a friend who also worked there, reporting them both sick.

Tramadol is a prescription drug and as a naive young person, my son would have assumed that made it safe – but of course it isn’t

Katie Webster48

“I asked the manager to ring that friend and tell Will to contact me. 

“Shortly afterwards, the manager called back and said Will was on his way to hospital.

“Hearing that, I thought perhaps he’d drunk too much. I had no inkling it might be anything to do with drugs.”

Will pictured with mum Tracy,  stepsisters Hannah and Zoe, now 24, brother Jack, 22, and dad Rob


Will pictured with mum Tracy, stepsisters Hannah and Zoe, now 24, brother Jack, 22, and dad RobCredit: Prime Features Agency

But by the time Kim arrived at Margate’s Queen Elizabeth the Queen Mother Hospital, she was told Will had already died.

The heartbroken mum was left to identify her son’s body.

An autopsy revealed that Will was killed by an overdose of the prescription drug Tramadol, which one of his friends is thought to have bought on the dark web.

I tell teenagers how, as a mother, I had to identify my son’s body, break the news he was dead, and decide whether his body should be buried or cremated

Tracy Webster48

Kim said: “Will died because he did something that was out of character for him, when he took a prescription drug to get high.

“It was a naive teenager’s one-off lapse of judgement, but it cost my boy his life.”

Will would have turned 18 that November. In January, an inquest recorded a verdict of Tramadol overdose with pneumonia.

During the hearing, Will’s friend said he had known him to occasionally smoke weed, but this was the first time he was known to have taken Tramadol.

Tracy now speaks to teenagers about the dangers of prescription drug abuse


Tracy now speaks to teenagers about the dangers of prescription drug abuse

A Kent Police investigation into where the drug came from is ongoing.

One person has been arrested but nobody has been charged with any offence.

In February 2019, Kim asked Will’s school if she could speak to other pupils about the dangers of taking prescription drugs.

Tramadol: the facts

Tramadol is a strong painkiller used to treat moderate to severe pain – i.e. after an operation or serious injury.

It’s only legally available on prescription, to those aged 12 or older.

Like other opiod drugs, overdosing on Tramadol can kill and the drug can be addictive.

In June 2014, Tramadol was upgraded to a Class C substance and placed in Schedule III to the Misuse of Drugs Regulations – in a bid to reduce prescriptions.

It’s estimated one in six teens have taken prescription meds to get high.

Statistics show the vast majority of teenagers who abuse prescription medications obtain them from home and family members.

Addiction Helper advises parents to talk to kids about the dangers of prescription drug abuse, and keep pills in a locked cabinet.

Kim said: “I felt the need to warn other young people, that this could happen to any one of them.

“These drugs are so easy for teenagers to obtain. They don’t have to go out and locate a drug dealer.

“They can find substances to abuse in the family medicine cabinet.

“Or they can order them over the internet from the privacy of their bedroom, then the postman will bring them right to their front door.”

Will was a promising young lad with his whole life ahead of him


Will was a promising young lad with his whole life ahead of himCredit: Prime Features Agency

Kim now gives regular talks about the dangers of prescription drugs in schools and colleges across the country.

She said: “Young people think drugs like Tramadol and Xanax are safe because doctors can prescribe them. There are even adverts for prescription drugs popping up on Snapchat, so the temptation’s constant.

“But drugs on the dark web are often mixed with other chemicals, so nobody can be entirely sure what they’re taking.

“I urge young people to think about their family and what would happen to the people they love, if things go wrong.

“I tell them how, as a mother, I had to identify my son’s body, break the news he was dead to his brother, father and grandparents, and decide whether his body should be buried or cremated.

“No mum should ever have to do those things for their child. What I have to tell these teenagers is the truth and it’s very powerful.”

His family have set up a boxing charity in his memory


His family have set up a boxing charity in his memory

Kim now works with Kent-based rehabilitation unit Kenward Trust – – to raise awareness of the dangers of buying prescription drugs.

She said: “It isn’t easy for me to go out and tell a roomful of strangers about how I lost my son.

“I’m still grieving for him – sometimes it feels as if my heart is being squeezed in my chest, to the point that I can’t catch my breath.

“But I need to get his message out there. Will had his life before him and was about to start living the dreams he’d held since a little boy.

“He didn’t want this to happen to him and wouldn’t want it to happen to others.”

The family have also launched a charity, the Will Horley Foundation, to fund boxing for children in need.

Source link

The post #deepweb | <p> My sensible son, 17, died after taking painkiller Tramadol on a night out <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | HackerOne awards $20,000 bug bounty after leaking session cookie to hacker

Source: National Cyber Security – Produced By Gregory Evans

Account takeover issue flagged through bug bounty platform’s own bug bounty program

Bug bounty platform HackerOne this week paid out a $20,000 bounty after a researcher was able to access other users’ vulnerability reports.

Haxta4ok00, a HackerOne community member who apparently has a track record of discovering vulnerabilities in the bug bounty platform, was engaged in a conversation with one of HackerOne’s security analysts.

In one message, the analyst copied a cURL command from a browser console and sent it to the hacker.

The analyst accidentally included a valid session cookie that gave the ability to read the data that they had access to. This included report titles, a certain amount of metadata, and some report contents.

HackerOne paid out a $20,000 bounty after leaking a session cookie to hacker

“Less than five per cent of HackerOne programs were impacted, and within two hours of receiving the vulnerability report, the risk was eliminated and additional preventative measures were deployed shortly after,” a HackerOne spokesperson tells The Daily Swig.

“All customers impacted were notified the same day.”

However, it took HackerOne two hours to read the report, thanks to lower staffing levels over the weekend.

The $20,000 cookie

Haxta4ok00 reported the vulnerability, which was treated as ‘critical’, on November 24. The bounty was awarded three days later.

“The team looked into the amount of sensitive information that could have been accessed by the account and took that under advisement when deciding on the bounty amount,” HackerOne explains in its incident report.

“This led to the decision to treat the submission as a critical vulnerability and award a $20,000 bounty.”

HackerOne says it’s carried out an audit, and that this is the first time that session cookies have been leaked.

It’s also released an update that limits HackerOne employees and HackerOne security analyst sessions to the IP address that they started the session with – a move that should prevent similar incidents in future.

Read more of the latest bug bounty news from The Daily Swig

“We’re also planning to roll out a number of smaller changes, such as warning the user when a comment seems to contain sensitive information and clarification in our policy about what to do when someone gains access to other people their account,” explains HackerOne co-founder Jobert Abma.

Craig Young, senior security researcher at Tripwire, was one of those to be informed that their reports had been disclosed.

“While I commend HackerOne for their response, this incident is yet another reminder of a distinct risk organizations take by using managed vulnerability reporting services like Bugcrowd or HackerOne,” he says.

“The consolidation of valuable data by such vendors creates a hugely attractive attack target for intelligence agencies – or even criminal actors – to fill their arsenal.”

Though perhaps better known for facilitating bug bounty payouts on behalf of other organizations, HackerOne is no stranger to the vulnerability disclosure process.

Since going live in November 2013, the organization has awarded more than $330,000 in bounties through its own bug bounty program.

READ MORE Bug Bounty Radar // November 2019

Source link

The post #hacking | HackerOne awards $20,000 bug bounty after leaking session cookie to hacker appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | Fears of Russian interference hit U.K. election as Reddit bans accounts after U.S. trade talks leak

Source: National Cyber Security – Produced By Gregory Evans

LONDON — Fears of Russian interference reared their head in the U.K. election this weekend after social media platform Reddit said it believed confidential British government documents were posted to the site as “part of a campaign that has been reported as originating from Russia.”

Reddit launched an investigation after opposition Labour Party leader Jeremy Corbyn brandished the leaked documents at a press conference last month.

The 451-page dossier appeared to reveal rounds of trade negotiations with the U.S. for a post-Brexit trade deal included mention of the country’s beloved National Health Service. Labour claimed they proved Prime Minister Boris Johnson would put the NHS “up for sale” to secure a deal with President Donald Trump.

The British government has not denied the authenticity of the documents. NBC News has not verified their authenticity.

Johnson, whose ruling Conservative Party leads in the polls entering the final week, has denied Corbyn’s claims about what they show.

A British government spokesperson told NBC News Sunday that “online platforms should take responsibility for content posted on them, and we welcome the action Reddit have taken.”

“The U.K. government was already looking into the matter, with support from the National Cyber Security Centre,” the spokesperson said.

Let our news meet your inbox. The news and stories that matters, delivered weekday mornings.

“We do not comment on leaks, and it would be inappropriate to comment.”

Reddit said late Friday that its investigation into the posts related to the leak revealed “a pattern of coordination” by suspect accounts that were similar to a Russian campaign called “Secondary Infektion” discovered on Facebook earlier this year.

The site also said it had banned 61 accounts suspected of violating policies against vote manipulation related to the original post, which was published in October.

Corbyn has not revealed how his party obtained the documents but defended the decision to use them.

Asked about Reddit’s conclusions at a campaign stop Saturday, Corbyn said the news was an “advanced stage of rather belated conspiracy theories.”

“When we released the documents, at no stage did the prime minister or anybody deny that those documents were real, deny the arguments that we put forward. And if there has been no discussion with the USA about access to our health markets, if all that is wrong, how come after a week they still haven’t said that?” he added.

He also criticized the government for failing to release a Parliamentary intelligence committee report on Russian interference in British politics before the election campaign began.

Thursday’s vote was called in an effort to break the deadlock that has left the future of the country’s relationship with the European Union uncertain.

But the future of Britain’s health care has emerged as a powerful rejoinder to the notion of a purely ‘Brexit election.’

Asked about the source of the leak this weekend, Johnson said: “I do think we need to get to the bottom of that.”

Culture minister Nicky Morgan claimed the leak raises concerns of Russian influence on British democracy and said the government is taking steps and “watching for what might be going on.”

“From what was being put on that (Reddit) website, those who seem to know about these things say that it seems to have all the hallmarks of some form of interference,” Morgan told the BBC. “And if that is the case, that obviously is extremely serious.”

But if Russia was behind the leak, its aim may not have been to help any particular side in the election, Lisa-Maria Neudert, a researcher at Oxford University’s Project on Computational Propaganda, told Reuters.

“We know from the Russian playbook that often it is not for or against anything,” she said.

“It’s about sowing confusion, and destroying the field of political trust.”

Michele Neubert contributed.

Source link

The post #nationalcybersecuritymonth | Fears of Russian interference hit U.K. election as Reddit bans accounts after U.S. trade talks leak appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Going After the Good Guys: The Government’s Ransomware Identity Crisis

Source: National Cyber Security – Produced By Gregory Evans

Why fixing that ransomware attack might get you indicted

Note: We’re pleased to publish this article from attorney Ryan Blanch, sharing
an expert perspective on some of the legal issues in the cybersecurity

When it
comes to ransomware, malware, and hackers, the government is finding it
difficult to keep pace with the quickly evolving landscape of cybercrime. And
sometimes, the government seems to be going after the good guys instead of the
bad guys, as evidenced by the recent CoalFire debacle in which Iowa arrested
and charged the same cybersecurity professionals it had contracted to try to
breach the state’s security systems.

As a criminal
defense attorney, I’ve been involved in myriad cybercrime cases. There were the
DDoS attacks on the Church of Scientology, and then the infamous Blackshades
malware allegedly used to spy on Miss Teen USA. We defended a sports gambling software company
accused of conspiring with the mob abroad, which went to trial and was ultimately dismissed.
Later, we handled a cryptocurrency hacking case, an online currency arbitrage
platform; and, more recently, the allegedly illegal deployment of scores of
Bitcoin ATM machines around high crime neighborhoods – to name a few.

In most
cases, it’s at least apparent why prosecutors are focusing on our client. But
in other cases, prosecutors are barking up the wrong tree—they’re going after
the targets they can find instead of looking for the actual bad guys. After all,
career hackers can be nearly impossible to track down and apprehend. In the
sports gambling case I handled, my client reported that the New York district
attorney’s office wanted to strongarm him into hacking into his clients’
systems to turn over personal data on gamblers and their bookmakers who may be
involved in illegal gambling.

Another area
where prosecutors seem to be struggling to find and prosecute the right parties
is with ransomware attacks. If you should fall victim to a ransomware attack,
be very careful how you navigate your crisis. And that goes double for those
who try to help you. The government may be looking to indict you both. And the penalties are steep.

Let’s hash it out.

How Ransomware Attacks Work: From Attack to Prosecution

brings companies to their knees in an instant as it encrypts user data and
files irretrievably. In some cases, the only way to resume business as usual is
to pay the ransom outright and most of them only take crypto.

Phase 1: The Attack

You show up
to work to find a message like this one filling all 100+ displays of your
company’s employee workstations. Your CTO and IT administrator are in a panic. Your
entire company has been locked out of its servers, computers and files. The company
stands to lose hundreds of thousands of dollars each week that this persists. There
is a countdown clock on the monitor, and IT cannot find any way to access the
system. All you can think is, ‘What would Kiefer Sutherland do?’ 

Phase 2: The Fallout

It’s day two
and the losses have already exceeded $40K. Clients are taking flight as they
fear the worst. Employees are asking whether they should come to work, and the IT
department is pulling its collective hair out.  You wonder what you have them around for if
they can’t fix your computer-related problems. Arnie, Head of IT (for now), has
resorted to Googling (from his personal cell phone) “ransomware help” to look
for outside companies that might be able to lend a hand. 

The 5 bitcoin
demanded hasn’t yet increased, but it might as well have because the volatile
bitcoin market has already added $5,753 to the price (some companies are
starting to keep an emergency bitcoin account to offset the risk of price

reminds you that you have business insurance that may cover this sort of thing.
You call your insurer. They do in fact cover ransomware attacks and have a list
of “approved providers” aka cybersecurity firms who can help.

Phase 3: The White Knight Arrives

It looks as
though all that panic-driven Googling may have paid off. Arnie has already
found a cyber security firm and is on the line with them. As luck would have
it, this firm is also on your insurance company’s “approved provider” list.  The firm thinks they may be able to resolve
the problem remotely. But when asked, they admit that no one can actually decrypt
the files.  More pointedly, if you were
to marshall the combined forces of Homeland Security, the NSA, M.I.T., Kaspersky
Labs and Elliot Gunton to the singular purpose of retrieving the electronic
files of your trading house and photos of your mini labradoodle wearing a tutu,
they would all wind up with zilch. That’s how hard it is to unencrypt what’s
been properly encrypted.

So how can
this cybersecurity firm help?

Pay the
ransom, of course.

So then, what
good are they? Well, for starters, they have a bitcoin wallet on the ready. You
don’t. Secondly, they actually know how to deploy a decryption key. You don’t
(and neither does Arnie).

Turns out
most ransomware, eh hem, artists don’t restore your files for you when you pay
the ransom. They merely send you a key. Technical support doesn’t exist. It’s
do it yourself. And you wouldn’t want your attackers fixing it for you even if
they offered.

Here is why
it makes sense to hire the cyber security firm rather than pay the ransom
yourself in a nutshell:

  1. They can pay immediately.
  2. They may be able to get the attackers
    to lower the ransom. Probably not enough to decrease your cost but enough to
    offset the cost of the firm’s fee.
  3. You shouldn’t be dealing with your attackers.
    They may expand the problem to other systems if you let the wrong information
  4. Once you get the key, if you don’t
    deploy it correctly you could corrupt your files forever. Some of these keys
    require several steps to deploy them. And you need to make sure you back up
    your files first, etc.
  5. After you get your files back you
    need to close the proverbial back door. Your attackers could come back if you
    don’t. The honor of your extortionist ends with the promise to send you the
    key. It does not include a promise to never return.
  6. The best firms will issue and update a
    white paper to make sure that you continue to follow best practices to avoid
    subsequent attacks.
  7. An honest firm will tell you if the
    strain of your ransomware variant is actually undecryptable. Some variants are old,
    and the decryption key has already been disseminated publicly. If your firm has
    the key, they may just deploy it for you at little or no cost.
Ransomware screen

Phase 4:  The White Knight Gets Indicted

All good? Not so fast. Now the cyber security firm’s principals and employees are contacted by the FBI’s Cyber Division. The U.S. Attorney’s Office wants to talk about a turn-in date and because they know this is a real company with generally law-abiding individuals, they wanted to call and invite them in to “self-surrender” so they can forgo the unpleasantness that comes with a 3AM home arrest warrant execution.  

Looks like
your company’s savior is going to need to hire a great criminal defense

Why? Turns
out the government doesn’t look kindly on paying ransoms. The reasons
themselves are not objectionable:

  •  The money could go straight to terrorist
    organizations and other criminal cartels
  •  The money is difficult to trace when
    transferred through bitcoin.

But the
government also knows that juries don’t like to convict victims for paying
their extortionist. It’s like arresting the mother of a kidnapped child for
paying the kidnappers their ransom to get her baby back.

It would never fly.

How The Government Views Paying Computer Ransoms

computer files, lost business revenue and even stolen intimate photos are less
sympathetic reasons to sponsor a crime cartel than say, getting a real live
child back. But, just the same, the DOJ doesn’t like to lose. And prosecuting
victims is a losing strategy. So, for now, victims can (probably) pay ransoms
back directly (as ill-advised as that is) to their attackers.

But if you
hire an intermediary, that’s where the government is testing a prosecutorial
theory. The theory is if they can prosecute the cyber firms who pay the ransoms
then they can get a pelt for what they view as an ugly business. Hey, somebody
has to pay. Cybercrime is the new bank robbery and it’s turning into an
epidemic. The government’s so-called ransomware “experts” are in the stone
ages. But prosecuting cyber security firms makes it look like they are doing
something about this epidemic (spoiler alert: they aren’t).

enough, the FBI has made multiple statements encouraging or allowing companies
to pay off ransomware attacks:

  • Joseph
    Bonavolonta, Assistant Special Agent of the FBI’s Cyber and Counterintelligence
    Program, said that in most cases, because the FBI can’t
    help these companies recover files, their agents often end up recommending them
    to pay the ransom to get their data back.
  • An
    official statement from the FBI said they don’t “advocate” paying
    ransoms, but that the “FBI understands that when businesses are faced with an
    inability to function, executives will evaluate all options to protect their
    shareholders, employees, and customers.”

They haven’t yet publicly announced a policy of indicting companies for paying ransoms or started issuing mass indictments. But they are hovering around the periphery, looking for instances where they think they might be able to dirty-up the white knight cyber security firm to make them a public example of the perils of paying ransoms as a business model.

What if they succeed? What does that accomplish? It doesn’t stop the ransomware attacks. It doesn’t stop the victims from paying those ransoms directly. But it takes out a middle man would-be protector, leaving the victim to their own devices.

Making the Good Guys Prosecutable: Dirtying up the White Knight

If juries
don’t like to convict victims, how would they feel about their heroes? As a
matter of public policy, do we want to criminally prosecute the saviors of
those who have otherwise irretrievably lost their businesses?  

The answer
is it depends. We should not criminalize the only people that offer any
protection whatsoever to the victims of ransomware. They also provide a
mechanism for insurance companies to insure the losses of such an attack. The
government is putting this in jeopardy (more on this to come). In order to make
a white knight prosecutable, the government needs to shift our view of them. The
prosecution will want the jury’s perception of the white knight to be that of
an opportunistic broker of shattered dreams. Instead of saving their victims
from further attack, they provide a surcharge to further exploit them. As
ridiculous as this sounds, this is what in fact is being kicked around at DOJ
offices everywhere.

The Insurance Companies as Co-Conspirators?

So, if the
cybersecurity firm is recommended and, in some instances, paid for by the
victim’s insurance company, doesn’t that make said insurance company an
accomplice in the conspiracy to pay ransoms to possible crime cartels?  After all, the insurance company knows exactly
how the cyber security firm addresses the problem – by paying ransoms. So, will
the government start prosecuting Allstate for providing ransomware protection
to its insureds?


But, by
taking the cyber security firm out of the equation, it would force the
insurance company to pay the ransom to the insureds or even worse, pay it
directly to their attackers. Knowing that would result in potential
prosecution, they would have to stop insuring businesses and individuals from
ransom attacks all together, compounding the victim’s losses exponentially.

No Good Deed Goes Unpunished

So if the
reasons listed above are all valid reasons why you SHOULD hire a cyber security
firm in a ransomware attack and if billion dollar insurance companies are
recommending that their insureds hire these companies (knowing full well that
those companies will pay the ransoms), then how in the world can the government
look to criminally charge these very same companies for doing what it has
failed to do – rescue victims of

For now, the government is limiting its
prosecutorial powers to low hanging fruit; looking at smaller cyber security outfits
that they believe make easy targets to test-flex their muscles.  They have yet to rope in the insurance companies
who refer them business. And their internal (and informal) policy of the moment
seems to militate against charging ransomware victims who pay ransoms

But it’s
‘victim beware’ when it comes to paying ransoms. You don’t know where the money
is going—and the U.S Treasury’s Office of Foreign Assets Control (OFAC)
maintains a nearly incomprehensible and ever changing
list of thousands of countries, individuals and entities to whom it’s a crime
to send funds.

The takeaway: If you fall victim to ransomware, hire a cyber security
firm to handle it.  If you are such a
firm, proceed with caution and consult with legal counsel about best practices.

*** This is a Security Bloggers Network syndicated blog from Hashed Out by The SSL Store™ authored by Ryan Blanch. Read the original post at:

Source link

The post #cybersecurity | #hackerspace |<p> Going After the Good Guys: The Government’s Ransomware Identity Crisis <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | UK minister says concerned about election interference after…

Source: National Cyber Security – Produced By Gregory Evans * UK-U.S. trade documents were leaked last month * Reddit believes Russian campaign behind the leak * UK fears attempt to influence the Dec. 12 election * British spies investigating the matter By Michael Holden LONDON, Dec 7 (Reuters) – The leak of classified UK-U.S. trade […] View full post on

#nationalcybersecuritymonth | Pollies to face phishing tests after Parliament breach – Strategy – Security

Source: National Cyber Security – Produced By Gregory Evans Parliamentarians and their staff will be subject to phishing email simulations in the wake of the state-sponsored cyber attack against Parliament House earlier this year. The Department of Parliamentary Services will conduct the simulations as part of a new program to test the cyber security awareness […] View full post on

#cybersecurity | #infosec | Customers complain after alarms go offline, as security firm hit by ransomware attack – HOTforSecurity

Source: National Cyber Security – Produced By Gregory Evans

Earlier this week Spanish security firm Prosegur shut down its network after its systems were hit by a ransomware infection.

The first reports that the company – which employs 170,000 staff worldwide, and operates a fleet of 10,000 armoured security vehicles transporting cash between banks, ATMs, and retailers – had suffered a serious security breach emerged in the early hours of Wednesday 27 November.

By the afternoon the company had reportedly sent employees home, and confirmed via its Twitter account that the disruption had been caused by the Ryuk ransomware, and that it had taken its network offline as a “preventative measure” while it worked on restoring affected systems.

For a while visitors to the Prosegur website were greeted by an upbeat message explaining that its online presence would be restored soon.

The Ryuk ransomware was blamed for almost single-handedly increasing cryptocurrency payments made to cybercriminals by almost 90% in the first quarter of 2019.

Although Prosegur has not released any technical details of how it came to be infected by the Ryuk ransomware, it is not unusual for attacks to be launched against targeted organisations via malicious emails.

Recent victims of the Ryuk ransomware have included three hospitals in Alabama, which were forced to turn away non-critical patients and ambulances.

Earlier this month, security reporter Brian Krebs revealed that 110 nursing homes in the United States were unable to access health records due to a Ryuk ransomware attack.

To its credit, Prosegur used its social media presence to keep customers updated about the security incident, and its progress in recovering from the attack.

Security researcher Kevin Beaumont noted, however, that Prosegur’s customers were less than happy that the system outage had impacted their own alarm systems which were failing to connect with Prosegur’s monitoring systems.

Prosegur’s website is now back online. Lets hope that Prosegur is able to fully recover the rest of its systems safely and securely, and share more technical information with the community about what occurred so others might be better defended in future.

Source link

The post #cybersecurity | #infosec | Customers complain after alarms go offline, as security firm hit by ransomware attack – HOTforSecurity appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | 30 years after the Convention on the Rights of the Child was signed, the IACHR calls on States to renew their commitment to children – World

Source: National Cyber Security – Produced By Gregory Evans

Washington, D.C. – On November 20, when the Convention on the Rights of the Child celebrates its 30th anniversary, the IACHR recalls that children still face enormous barriers to the enjoyment of their rights. In this regard, the Commission calls on the OAS member states to renew their commitment to children and adolescents through the implementation of effective national protection systems.

Thirty years ago, the international community came together to take a crucial step in the protection of children around the world, by negotiating and approving a broad regulatory framework that meant a paradigm shift in the matter. It is from the Convention that the States consolidated the recognition of children as holders of their own rights, universally guaranteed, and not as mere objects of protection. Today, the Convention on the Rights of the Child is the human rights treaty with the highest number of ratifications, as it has 196 States Parties, which underlines the universality of its scope.

Although the Commission recognizes the progress achieved during the three decades since the Convention came into force, it also expresses its concern about the deep gap between the rights established therein and the reality in which millions of children live in the region. According to UNICEF, in Latin America alone, 72 million children aged 0 to 14 still live in poverty, 1 in 5 have their physical growth affected by the lack of access to adequate nutrition and 12 million do not attend to school. In addition, almost 25,000 adolescents between 10 and 19 years old are victims of homicide each year in the region and half of those under 15 years of age are subjected to corporal punishment at home.

This scenario requires that the States renew and strengthen their commitment to protect children from any type of violation of their rights. In this regard, the Commission reiterates the need for States to implement national systems that effectively execute special and reinforced public protection policies aimed at guaranteeing the integral development of children, as well as allowing them to live a dignified life and free from all forms of violence.

“The protection of the rights of children requires a joint effort of all social actors, not only at this time of celebration of the 30th anniversary of the Convention, but permanently, with the States occupying a central place in guaranteeing these rights”, said Commissioner Esmeralda Arosemena de Troitiño, President of the IACHR and Rapporteur on the Rights of the Child. “This renewed commitment, which must continue through the years, needs to hear the voice of children who have the right and are increasingly interested in participating in the decisions that affect them”, she added.

The Commission notes that the United States of America is the only country that has not ratified the text of the Convention. In this regard, the IACHR takes this opportunity to urge the State to adopt measures to ratify the treaty for the benefit of more than 70 million children living in the United States.

A principal, autonomous body of the Organization of American States (OAS), the IACHR derives its mandate from the OAS Charter and the American Convention on Human Rights. The Inter-American Commission has a mandate to promote respect for and to defend human rights in the region and acts as a consultative body to the OAS in this area. The Commission is composed of seven independent members who are elected in an individual capacity by the OAS General Assembly and who do not represent their countries of origin or residence.

Source link

The post #deepweb | <p> 30 years after the Convention on the Rights of the Child was signed, the IACHR calls on States to renew their commitment to children – World <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Airbnb Will Now Verify Each Listing After Vice Uncovered A Scam

Source: National Cyber Security – Produced By Gregory Evans

Airbnb is having one hell of a week. A few days after the company announced a ban on party houses following a tragic shooting on Halloween that left five people dead, the short-term rental platform continues the damage control tour, this time in response to a nationwide scam involving fake listings. Now the company will seek to reauthenticate all seven million listings on Airbnb to ensure they are accurately advertised and meet the company’s standards, the most significant redesign since the brand first started in 2008.

Allie Conti, in a report published by Vice, experienced first-hand an extensive and quite complicated Airbnb scam that left her, and others using the platform, out of a significant amount of money and forced to relocate to expensive hotels on short notice.

Here’s the long and short of it: Minutes before Conti was set to check-in to an apartment she rented on the platform she received a call from the host alerting her that sudden plumbing issues made it so that staying at the listing would be impossible. Luckily, the host had another listing she could stay at that was bigger and wouldn’t cost her anything extra. Unfortunately, the house ended up being a flophouse with a hole punched wall, eerily arranged furniture, and a few other gritty elements that prompted Conti to check-in to a nearby hotel. But because she’d agreed to the change of venue and stayed for a night, she was only able to recoup just $399 of the $1,221.20 she spent.

After Conti returned home, she went over the events surrounding her loss and started to see the red flags surrounding the situation. With some digging, she uncovered a deep web of deception that involves fake companies, fake names, stock photos, and intimidation — the whole thing is a fascinating and disturbing read. In response to the controversies, Airbnb CEO and co-founder Brian Chesky wrote in a company email sent out on November 6th, “Starting now, verification of all seven million listings on Airbnb will commence… We believe that trust on the Internet begins with verifying the accuracy of the information on Internet platforms, and we believe that this is an important step for our industry.”

It’s a process Chesky hopes the company can get done by December 15th, 2020, and he laid out a four-part plan that begins with re-verification and includes a new guest guarantee that provides a full refund for any listing that doesn’t meet accuracy standards, a 24/7 rapid response team that can address any listing at any time, and stricter standards for “high-risk” listings that can lead to unauthorized partying.

In the company email, Chesky also said “Today, we are making the most significant steps in designing trust on our platform since our original design in 2008.” With 12 years under its belt, Airbnb was well overdue for an overhaul as the platform is no stranger to scams — there’s even a website dedicated to Airbnb scams and horror stories. Scary as the prospect of being caught up in a scam is, these sweeping changes to Airbnb’s platform are only a good thing for all potential travelers.

Source link

The post #deepweb | <p> Airbnb Will Now Verify Each Listing After Vice Uncovered A Scam <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#school | #ransomware | Las Cruces Public Schools computers still offline a week after hacking attack

Source: National Cyber Security – Produced By Gregory Evans Education LAS CRUCES, New Mexico — The computer network for the Las Cruces Public Schools remained offline a week after a ransomware attack by hackers forced the shutdown of the entire system. After originally trying to get existing servers for dozens of schools back online late […] View full post on