now browsing by tag
Tri-C named in new lawsuit against Cleveland dance teacher accused of sexually abusing students | #teacher | #children | #kids | #parenting | #parenting | #kids
CLEVELAND — One day after a Cuyahoga County grand jury handed up a 74-count indictment against him, a second civil lawsuit has been filed against well-known Cleveland dance teacher, 54-year-old […] View full post on National Cyber Security
#sextrafficking | The Fight Against Human Trafficking: Finding Consensus in Polarized Times | #tinder | #pof | #match | romancescams | #scams
Ken Oliver, senior director of engagement and Right on Immigration, left, and Andrew Brown, Distinguished Senior Fellow of Child and Family Policy, right, with the Texas Public Policy Foundation. As […] View full post on National Cyber Security
Ministry warns against movie over ‘child abuse’ content | #childabuse | #children | #kids | #parenting | #parenting | #kids
ANKARA Turkey’s Family, Labor and Social Services Ministry has applied to Turkey’s television watchdog to carry out a thorough evaluation of the movie “Cuties,” which has been at the center […] View full post on National Cyber Security
#sextrafficking | Local moms marching against child sex trafficking | #tinder | #pof | #match | romancescams | #scams
_________________________ MEDFORD, Ore. – A nationwide outcry against child trafficking is being heard in the Rogue Valley. Several residents in Northern California and Southern Oregon are putting on events this […] View full post on National Cyber Security
#cybersecurity | #hackerspace | Signal Sciences Introduces Advanced Rate Limiting for Fast, Easy Protection Against Advanced Web Attacks
Signal Sciences is excited to announce the availability of new advanced rate limiting features that extend our customers’ ability to detect and stop abusive behavior at the application and API layer.
Over the past several weeks as part of our early access program, we piloted advanced rate limiting in real-world production environments and stopped major attacks for customers from major retailers with large-scale e-commerce operations, financial services firms with mission-critical applications to major online media companies that stream video content to hundreds of millions of users monthly.
The Value of Intelligent Rate Limiting to Protect Applications
The primary objective of rate limiting is to prevent apps, APIs and infrastructure from being exploited by abusive request traffic, much of it originating from automated bot operators. Stopping this traffic from reaching your app and API endpoints means availability, reliability and a satisfying customer experience.
Up to this point, customers have used the Advanced Rules capability of our next-gen WAF to monitor and block web request traffic that attempts to carry out application denial-of-service attacks, brute-force credential stuffing, content scraping or API misuse.
Advanced rate limiting from Signal Sciences stops abusive malicious and anomalous high volume web and API requests and reduces web server and API utilization while allowing legitimate traffic through to your applications and APIs.
With our new advanced rate limiting capability, Signal Sciences customers can leverage the ease of use, effective defense and precise blocking they’ve come to expect from our next-gen WAF and RASP solution. In addition to out-of-the-box protection, they also gain immediate insight and understanding of the traffic origins and can take granular custom actions by:
- Creating application-specific rules to prevent app and API abuse
- Defining custom conditions to block abusive requests
- Identifying and responding to a real-time list of IPs that have been rate limited
- Taking action on the identified source IP addresses with one click
How Signal Sciences Advanced Rate Limiting Works
Leveraging our award-winning app and API web protection technology, advanced rate limiting provides intelligent controls to reduce the number of requests directed at key web application functions such as credit card validation forms, forgot password fields, email subscription sign-ups, gift card balance checkers and more.
Our technical approach for this new capability was informed by the expertise our company has gained from protecting over a trillion web requests monthly. This experience shows us that web requests that result in application abuse can blend in with legitimate traffic. Signal Sciences advanced rate limiting is designed to identify such traffic and prevent individual IPs from causing app abuse.
Take the next step and effectively stop and manage abusive traffic
We invite you to learn about other common attack scenarios that customers use advanced rate limiting to thwart and how easy it makes stopping and managing the attack origin traffic: download the rate limiting data sheet or request a demo today.
The post Signal Sciences Introduces Advanced Rate Limiting for Fast, Easy Protection Against Advanced Web Attacks appeared first on Signal Sciences.
*** This is a Security Bloggers Network syndicated blog from Signal Sciences authored by Brendon Macaraeg. Read the original post at: https://www.signalsciences.com/blog/signal-sciences-introduces-advanced-rate-limiting-protection-against-advanced-web-attacks/
View full post on National Cyber Security
U.S. President Donald Trump is dispatching his point man on Huawei Technologies to Ottawa Monday to press the Trudeau government on barring the Chinese telecom giant from next-generation 5G wireless networks in Canada.
Robert Blair, White House special representative for international telecommunications, will be laying out U.S. national-security objections over Huawei’s 5G wireless gear in a meeting with Public Safety Minister Bill Blair and senior officials from the departments of Innovation, Foreign Affairs and Defence, Canadian and U.S. sources say. The Globe and Mail is keeping their names confidential because they are not authorized to publicly comment on the matter.
The U.S. source said that the special representative, who is deputy White House chief of staff as well, will also warn Canada that it could lose access to sensitive intelligence if Huawei is allowed to sell its 5G gear to Canadian wireless carriers.
This is the first high-level U.S. visit to Ottawa that is solely in support of the U.S. campaign to press allies to bar Huawei from Western telecommunications infrastructure
Washington had also planned to send deputy national-security adviser Matthew Pottinger and economic adviser Larry Kudlow, but they had to cancel to deal with the coronavirus crisis, according to the sources.
The Trump administration, U.S. national intelligence agencies and Congress have led a global campaign against Huawei, arguing that it poses a risk to Western national security. Other countries building 5G networks without Huawei for this reason include Australia, South Korea, India, Japan and Taiwan.
Canada is the only member of the Five Eyes intelligence-sharing alliance – the others are the U.S., Australia, New Zealand and Britain – which has yet to decide whether to bar Huawei from 5G.
Australia, which is more heavily dependent on Chinese trade, has joined the U.S. ban of Huawei, and New Zealand has rejected one wireless carrier’s proposal to use Huawei gear in a 5G network.
Britain angered Washington last month when it took a different course than other Five Eyes members. It rejected U.S. calls for a ban and instead limited Huawei to 35 per cent of the British telecommunications market, banned it from sensitive areas and promised regular testing of Huawei gear for any possible backdoors.
Canada has been conducting a cybersecurity review since last year but has given no indication when a decision will be forthcoming despite pleas from Canada’s telecom carriers for Ottawa to make an announcement. Even with the review under way, Telus announced last month that it would proceed to build its 5G network with Huawei gear.
The Globe has reported that the Canadian military and Canadian Security Intelligence Service want Huawei barred while the Communications Security Establishment, which handles cybersecurity, believes Huawei gear can be tested and monitored for possible backdoors.
The department of Innovation, Science and Industry is also involved in evaluating whether to allow Huawei into the country’s 5G networks.
Innovation Minister Navdeep Bains said last week – in an apparent reference to the U.S. campaign against Huawei – that Canada “won’t get bullied by any other jurisdiction” in its decision.
When the CBC’s Power & Politics asked Mr. Bains whether he was referring to the Trump administration, he said: “Maybe that was the wrong choice of words. …We won’t be influenced by other jurisdictions. We will make our own independent decision.”
Asked again if he felt that the United States was “bullying Canada”, Mr. Bains said “countries have raised their concerns.”
Separately, Foreign Affairs Minister François-Philippe Champagne has hired an adviser on Asia-Pacific matters who, in a paper published online last December, advised against Canada allowing itself to be drawn too deeply into a U.S.-China conflict.
“Given deepening U.S.-China antagonism, there is a danger that Canada is siphoned into a higher-level sharp conflict of hearts and minds against China, which would not serve Canadian interests,” University of Ottawa professor Pascale Massot wrote in a paper titled Global order, U.S.-China relations and Chinese behaviour: The ground is shifting, Canada must adjust.
“The current dominant narrative depicting China as a threat to the global order creates a hunkering down mentality and is not conducive to seeing the global order’s limitations and need for reform or to engaging system outsiders in a constructive way,” she wrote.
“A key question for Canadian foreign policy going forward will be how to carve room for manoeuvre given the triangular nature of the U.S.-China-Canada relationship.”
There is a bipartisan consensus in the U.S. Congress that Huawei should be banned. Republicans in both houses have even tabled legislation to ban intelligence sharing with allies that use Huawei 5G gear.
Last year, the Democratic vice-chair of the U.S. Senate intelligence committee, Mark Warner, urged Canada to set aside any ill feelings toward Mr. Trump and join the U.S. in blacklisting Huawei.
The post #nationalcybersecuritymonth | Trumps sends top adviser to warn against Huawei appeared first on National Cyber Security.
View full post on National Cyber Security
#nationalcybersecuritymonth | Facebook, Google and Twitter Rebel Against Pakistan’s Censorship Rules
Mr. Khan rose to power in Pakistan in 2018 partly because of his party’s strong presence on social media, a fact he acknowledges in his speeches. But now that he is in charge, he has shown little patience for online criticism.
Pakistan’s powerful military is also averse to debates on social media platforms, especially on Twitter, which is used by critics to question human rights violations and the military’s involvement in politics.
Over the past two years, Pakistani government requests for Facebook, Google and Twitter to remove content have increased sharply, according to transparency reports published by the companies. Pakistan disclosed in September that it had blocked more than 900,000 web pages for various reasons, including pornography, blasphemy and sentiments against the state and military.
Separately, regulators in Pakistan have proposed requiring online video sites to obtain licenses from the government.
There is a strong case to be made that the government is overstepping its authority with the new rules, said Muhammad Aftab Alam, executive director of the Institute for Research, Advocacy and Development, a Pakistani public policy group.
“This national coordinator is judge, jury, regulator and executioner as well,” he said.
At least two lawsuits challenging the rules have already been brought in Pakistani courts.
“The main objective of the impugned rules seems to be to control the social media through indirect control by the government and ruling party,” read the petition in one case, filed by Raja Ahsan Masood, who asked the court to declare them unconstitutional.
Vindu Goel reported from Mumbai, and Salman Masood from Islamabad, Pakistan. Zia ur-Rehman contributed reporting from Karachi, Pakistan, and Davey Alba from New York.
View full post on National Cyber Security
Cybersecurity is the set of practices, processes and systems for protecting Information Technologies (IT), which consists of computers, networks, software and stored information, from digital attack. Cybersecurity has become a preoccupation for the government, private sector, institutions and individuals. Billions are spent annually to defend governmental, corporate, and personal IT from cyber intrusion. Innovative companies have developed new ways of providing security.
A major aspect of cybersecurity is the protection of critical infrastructure. The Department of Homeland Security defines critical infrastructure as “the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety.” There are 16 critical infrastructure sectors, including energy, communications, food and agriculture, transportation, water and wastewater, nuclear power and materials, major manufacturing, and defense industries.
All these sectors are dependent on IT, not merely for communications or billing, but for the operation of major physical systems. Most of them employ IT-based supervisory control and data acquisition (SCADA) systems to monitor and operate a wide variety of hardware. For example, the energy sector is critically dependent on SCADA technology to manage the flow of power, direct the operation of production and storage facilities, and monitor the state of energy usage.
The threat to these large, complex systems, essential to not only the way we live but our very lives, is quite severe. The same IT and SCADA systems that allow for the efficient management and operation of critical infrastructure sectors also create enormous vulnerabilities that adversaries will seek out to exploit. The cyber threat to our energy sector, perhaps the most critical of all, has been growing for years. According to a report by the Idaho National Laboratory prepared for the Department of Energy: “Cybersecurity for energy delivery systems has emerged as one of the Nation’s most serious grid modernization and infrastructure protection issues.”
The dominant focus of infrastructure security is on protecting computers and networks from the introduction of malware. When it comes to critical infrastructure, hackers look for ways of entering the networks and then wend their way to the software programs that control operations. Often, the hackers will look for easy entry points, such as electronic billing systems or supply chain communications, from which they can then launch attacks against SCADA systems or other IT-based means of monitoring and directing operations within a sector.
It is becoming harder to protect entire networks from hacking. The explosive growth in the use of IT for personal and business purposes, and the move to a world where the so-called Internet of Things is ubiquitous, has resulted in a massive increase in potential entry points for hackers. Recently, it was discovered that IT-enabled baby monitors could be hacked. Moreover, hackers keep finding new network vulnerabilities and investing in ever-more sophisticated malware.
Protecting critical infrastructure is a never-ending problem. Operating systems must be constantly patched as vulnerabilities are uncovered. Computer systems and networks are routinely needing upgrades as new malware is developed. The expense of that is significant. Some experts have characterized IT security spending as a “black hole.” Any new approach that does not have to be constantly enhanced would significantly reduce future costs of cyber defense.
An alternative approach to establishing a high level of infrastructure security at an affordable cost is by focusing on operational technologies or OT. OT consists of hardware, such as valves, pumps, generators and SCADA-enabled machinery, all of which are critical to the operation of networks that deliver power, water, and oil and gas.
By focusing appropriate critical infrastructure protection on keeping OT secure, utility companies and others in critical infrastructure sectors can simplify their cybersecurity requirements and significantly reduce costs. The key is to focus on protecting IT-directed OT, rather than an entire network. This can be done by placing a device that only allows pre-defined, legitimate signals to be sent to the OT on a network. No non-specified commands could pass through a protective device. Even if a hacker could penetrate an electric utility’s network, no malware intended to cause OT malfunction could penetrate a device or machine.
Such a system, called Binary Armor, already exists. It could revolutionize the protection of OT. Essentially, it places an in-line barrier to cyber intrusion on a network in front of the OT device. The Binary Armor unit monitors all communications to a piece of OT. Only legitimate commands within the defined operating parameters of the OT can pass through. A command that would cause the OT to behave improperly, or self-destructively, could not pass, regardless of how cleverly the malware was written. This system also will prevent accidentally sending the wrong command to the OT, which is what happened in the Chernobyl disaster.
Because the system is “pre-loaded” with the legitimate commands and operating parameters for that OT, it will rarely need to be upgraded, unlike typical cybersecurity systems. Moreover, Binary Armor would allow utilities and other critical infrastructure sectors to use commercial networks, rather than proprietary ones, further reducing cybersecurity costs. Finally, it would radically increase the problem and costs for the hacker, primarily because a Binary Armor unit must be physically accessed to be reprogrammed.
Currently, a Binary Armor unit must be installed on a network. This is not difficult. The current Binary Armor unit is a 3x2x2 inch box with two Ethernet access ports and a power source. It weighs about six pounds. But in the future, the basic technologies could be embedded into OT, simplifying the cybersecurity challenge.
Strong action needs to be taken now by all critical infrastructure sectors, particularly for energy, to enhance their cybersecurity protections. Public utilities would be remiss in not testing Binary Armor to understand its applicability for their networks.
View full post on National Cyber Security
#cyberfraud | #cybercriminals | MAS reminds of vigilance against cyber threats taking advantage of coronavirus situation
Source: National Cyber Security – Produced By Gregory Evans SINGAPORE: The Monetary Authority of Singapore (MAS) reminded financial institutions to remain vigilant on the cybersecurity front amid cases of “cyber threat actors” taking advantage of the coronavirus situation to conduct email scams, phishing and ransomware attacks. In a media release on Sunday (Feb 9), MAS said […] View full post on AmIHackerProof.com