Before

now browsing by tag

 
 

Singapore #passes new #Cybersecurity Bill: Here’s what you #need to #know before it comes into #force

Source: National Cyber Security News

The Singapore Parliament passed the much discussed Cybersecurity Bill (the Bill) on 5 February 2018 and it is anticipated that the new law will come into force soon.  The new law creates a regulatory framework for the monitoring and reporting of cybersecurity threats to essential services in Singapore through the appointment of the Commissioner of Cybersecurity.  It also creates a licensing regime that will require certain data security service providers in Singapore to be registered.

We set out below four key points that you should know about this new Bill.

1. Creation of a cybersecurity regulator

The Bill provides for the appointment of a Cybersecurity Commissioner (the “Commissioner”) as a regulator for the sector.

The Bill confers on the Commissioner significant powers to respond to, and prevent, cybersecurity incidents affecting Singapore. These powers include the powers of investigation such as the power to examine persons, require the production of evidence and to seize evidence. In addition, where satisfied that a cybersecurity threat meets a certain specified severity threshold, the Commissioner may require a person to carry out remedial measures or to cease certain activities.  These powers apply to all computer or computer systems in Singapore and are not limited to only Critical Information Infrastructure (CII) which is described in further detail below.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Unthinkable! #Hackers Loot #Charity’s Funds #Right Before #Christmas Season

Source: National Cyber Security – Produced By Gregory Evans

Hackers have done the unthinkable by making off with a charity’s funds right before the start of the 2017 Christmas season.

The Utah Association for Intellectual Disabilities (UAID) first noticed something was wrong when it had not received any new email applications for help since 22 October. Typically, the charity gets numerous applications in preparation for the Christmas season. It’s when UAID buys and distributes gifts for between 1,200 and 1,400 adults who are intellectually disabled, who often don’t have family, and who live in assisted living facilities.

Suspicious of the lack of activity, UAID decided to look into the matter. Laura Henderson, who serves as vice president of the charity, says she realized the full extent of the hack shortly thereafter. As she told Good4Utah:

“As we investigating the email issue, I opened the bank statements and started seeing things that just weren’t right.”

According to their bank records, unauthorized individuals had used multiple apps and services to transfer or steal $5,000 from the charity. They also took over its PayPal account, opened new accounts, and seized control of its website and email. Even when Henderson and her staff attempted to reset the passwords for those compromised services, the hackers regained control in no time.

UAID co-founder Katherine Scott can’t believe someone would take from a charity that provides for individuals who mostly don’t receive anything else at Christmas. In her mind, the worst part is the seizure of the charity’s email. Without access, she can’t determine who needs assistance this year:

“That’s one of the things that’s making us real sad this year is we don’t know who needs help.”

It’s unclear how the hackers first struck UAID or what security measures the charity had in place at the time of attack.

Overall, charities can do more to ensure the resilience of their services. A 2016 survey of non-profit organizations conducted by US accounting firm CohnReznick found that nearly half of respondents had not performed a security risk assessment in the past year. Two-thirds also said they had no plans to increase their spending on digital security.

Ken Montenegro, IT director at advocacy group Asian Americans Advancing Justice, tells Financial Times that’s not a good thing:

“That puts us in a precarious position because we’re not used to spending on something like a patch management tool that keeps our software up to date.”

Organizations of all sizes need to protect themselves against digital attackers by patching their systems. To learn how Tripwire’s solution can help safeguard your organization’s financial accounts and critical services, please click here.

In the meantime, UAID is asking for donations of money and clothes so that it can still serve people this holiday season. Anyone wishing to donate should call its main telephone number: 385-887-4145.

The post Unthinkable! #Hackers Loot #Charity’s Funds #Right Before #Christmas Season appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Kremlin Tried To #Hack At Least 4,700 #Email Accounts Before The #Election

Source: National Cyber Security – Produced By Gregory Evans

Kremlin Tried To #Hack At Least 4,700 #Email Accounts Before The #Election

An extensive, Russian-backed hacking operation targeted the email accounts of thousands of perceived Kremlin adversaries in 2015 and 2016, an Associated Press investigation has learned.

The effort, broadly referred to as “Iron Twilight” by security researchers, sought to compromise 4,700 Gmail accounts worldwide, belonging to everyone from high-profile U.S. politicians ― including Hillary Clinton, John Podesta and Colin Powell, who were all hacked ― to academics, journalists, political activists and military personnel.

Who they targeted

According to information provided by Secureworks, the cybersecurity firm whose data underpins much of the AP report, there’s a clear link between the targeted email accounts and Russia’s targets in the real world.

A spokesperson for the prime minister of Ukraine, for instance ― where Russian forces are currently engaged in a military conflict ― was targeted nine times, Secureworks said.

Other targeted individuals identified by the AP include former Secretary of State John Kerry, former NATO Supreme Commander U.S. Air Force Gen. Philip Breedlove, and Serhiy Leshchenko, a Ukranian politician who helped reveal alleged financial crimes of Paul Manafort, who was indicted Monday.

Experts on Ukrainian and Russian subject matters, as well as aerospace researchers and engineers were also among those targeted.

Military spouses and family members also constituted a surprisingly large portion of those targeted, which Secureworks speculates may be an attempt to learn about broader military issues in the U.S., or to gain information about the target’s spouse.

Of the military and government personnel who were targeted, the vast majority are either in the U.S. or a member of NATO:

Given the specific range of targets, experts said the hacks almost undoubtedly originated from within the Kremlin.

“It’s simply hard to see how any other country would be particularly interested in their activities,” Michael Kofman, a Russian military affairs expert at the Woodrow Wilson International Center who had his email targeted, told the AP.

“If you’re not Russia,” he said, “hacking these people is a colossal waste of time.”

Secureworks told HuffPost other, non-Gmail email providers were also targeted in the effort, though they don’t have data on the particulars of the campaign. While the firm only has data spanning March 2015 through May 2016, there’s no reason to believe Russia has ceased its hacking operations.

“This type of operation supports an ongoing intelligence objective,” Rafe Pilling, a senior security researcher with Secureworks’ Counter Threat Unit team said. “The activity is still underway via similar methods and likely will continue while the hackers behind this activity continue to be successful.”

“The targeting we saw (of 4,700 Gmail accounts) was just a fragment of a larger campaign from Iron Twilight.”

How they did it

Data provided by Secureworks shows Russian-linked groups operating under the names APT28, Sofacy, Sednit, Fancy Bear, and Pawn Storm sent emails to targets that mimicked authentic login pages from Google Accounts.

Instead of being directed to the real Google Accounts page, however, the emails directed recipients to a highly-convincing fake page, which then recorded the user’s login and password information:

Russian hackers disguised the website address of the fake page via Bitly, a link-shortening and web analytics service, which is ultimately what tipped Secureworks off to the hacking campaign.

By working backward from a compromised login page, Secureworks was able to decipher the publicly-accessible Bitly account associated with it. That account served as a window into all of the group’s other activity, which, the AP found out, was used 95 percent of the time Monday-Friday, during Moscow’s regular business hours.

Bitly representatives told HuffPost they took quick action once they learned of the activity, noting the operation itself involved little in the way of conventional “hacking” ― all the login information was unwittingly supplied by the targets themselves.

“The links and accounts related to this situation were blocked as soon as we were informed,” Bitly CTO Rob Platzer explained in email. “This isn’t really an exploit of Bitly, but it’s an unfortunate exploit of internet users through social engineering.”

“It serves as a reminder that even the savviest, most skeptical users can be vulnerable to opening unsolicited emails. It can’t always be helped, but we advise everyone to be extra cautious about emails and links related to passwords and other sensitive information, and to employ safety measures such as unique passwords and two-factor authentication.”

What to do if you think you’ve been hacked

Unless your information has been published online, there’s a decent chance you wouldn’t know you’ve been hacked.

“If a target was compromised,” said Pilling, “it’s entirely feasible that the compromise could go undetected for an extended period of time.”

Given the wide range of those targeted and Russia’s continued hacking efforts, Secureworks recommends those who suspect they could be a target ― and use Gmail or any other web mail service ― to regularly change their passwords.

Other commonsense steps, like enabling “two-factor” or “two-step” authentication on your email account, can also go a long way, Pilling said.

He also recommended readers check to see what applications and devices they’ve authorized to access their account, information that’s often found under “settings.”

“If there are any apps or devices they don’t recognize, they should disable or delete the access right away,” he said.

And finally, don’t open attachments or click links in an email unless you’re sure the email was actually ― and intentionally ― sent to you by the sender.

The post Kremlin Tried To #Hack At Least 4,700 #Email Accounts Before The #Election appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

It’s Crucial To Talk To Kids About Bullying Before They Head Off To Camp

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ It’s almost time for summer camp for kids around the tri-state area. As you pack and plan for the perfect summer, there’s a conversation you may want to have about bullying. …

The post It’s Crucial To Talk To Kids About Bullying Before They Head Off To Camp appeared first on Become007.com.

View full post on Become007.com

Managing surprises before they happen is key to effective cybersecurity

Source: National Cyber Security – Produced By Gregory Evans

Managing surprises before they happen is key to effective cybersecurity

The WannaCry attack, the biggest ransomware attack in history, is not over. Companies in at least 150 countries have been impacted, leaving organizations around the world wondering if they might be affected by subsequent waves. It’s critical to keep in mind that effective mitigation of ransomware (and similar) attacks is…

The post Managing surprises before they happen is key to effective cybersecurity appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

White House reportedly racing to crack down on Russian hackers before Trump takes office

Source: National Cyber Security – Produced By Gregory Evans

White House reportedly racing to crack down on Russian hackers before Trump takes office

The White House is reportedly racing against time in efforts to implement measures to penalise Russia for allegedly interfering in the US presidential elections. The Obama administration is said to be looking to punish those involved in the election hacking

The post White House reportedly racing to crack down on Russian hackers before Trump takes office appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Millionaire US businessman faces life in jail after admitting strangling his British girlfriend in a hotel room before hanging a ‘do not disturb sign’ on the door after the couple met on a Muslim dating site

A millionaire New York businessman has admitted strangling his British girlfriend to death in a hotel room before hanging a ‘do not disturb sign’ on the door after they met on a Muslim dating site. Property tycoon Sammy Almahri, 45, dramatically changed his plea on the second day of his trial at Cardiff Crown Court this morning and admitted murdering 28-year-old Nadine Aburas. He had earlier admitted unlawfully killing her, but had denied murder. He now faces life in prison. Read More….

The post Millionaire US businessman faces life in jail after admitting strangling his British girlfriend in a hotel room before hanging a ‘do not disturb sign’ on the door after the couple met on a Muslim dating site appeared first on Dating Scams 101.

View full post on Dating Scams 101

Can banks do biometric security? We’d trust them before the government

privacy_eye

Source: National Cyber Security – Produced By Gregory Evans

Can banks do biometric security? We’d trust them before the government

Brits have more faith in their banks than government agencies to roll out authentication technologies based on biometrics, according to a new survey from Visa.
Consumers are nearly twice as likely to trust banks to store and keep their biometric

The post Can banks do biometric security? We’d trust them before the government appeared first on National Cyber Security.

View full post on National Cyber Security

3 Last-Minute Things I Need To Teach My Kid Before He Leaves For College

2016-08-15-1471282150-7579252-image.png

We are packing to take our 18-year-old son off to college at the end of this week. A small pile of “Don’t forget to pack!” items accumulating by the back door serves as a startling reminder that I have less than a week to tie up a few loose parenting ends before I send him out into the wide blue yonder we refer to as The Real World..

1. After We Pay Your Tuition, You Will Have More Money Than We Do

I’m so glad we had the “money talk” today.

Read More

The post 3 Last-Minute Things I Need To Teach My Kid Before He Leaves For College appeared first on Parent Security Online.

View full post on Parent Security Online

Cerber ransomware decryption tool was available for 1 day before hackers rendered it useless

cerber-ransomware-decryption-tool-was-available-1-day-before-hackers-rendered-it-useless

Source: National Cyber Security – Produced By Gregory Evans

Cerber ransomware decryption tool was available for 1 day before hackers rendered it useless

Cerber ransomware decryption tool, recently made available by cybersecurity firm Check Point for current and potential victims, was available for just a day before the authors of the ransomware hit back, fixing a flaw and essentially rendering the decryption tool

The post Cerber ransomware decryption tool was available for 1 day before hackers rendered it useless appeared first on National Cyber Security.

View full post on National Cyber Security