now browsing by tag


#cybersecurity | hacker | Ring camera hacks show the need for better IoT security

Source: National Cyber Security – Produced By Gregory Evans

Ring camera doorbells gained fame for catching porch pirates steal packages but after several high-profile cases where hackers gained control of them they are being held up by the cybersecurity industry as a prime example why companies and homeowners need to take IoT security seriously.

The Ring
cases revolve around malicious actors hijacking these devices and using them to
communicate with people inside the home. In an incident in Mississippi a
malicious actor used an internal Ring camera to talk to a young girl using racial
slurs and back in October another hacker gained control of a Nest camera and
threatened to kidnap a baby.

It is believed in each case the malicious actors took advantage of the device’s poor security to gain access. In the case of the Ring camera, which his owned by Amazon, the company recommended to those buying or who already have a Ring to not reuse old passwords and to implement MFA to make it more difficult to hack.

Keeping home
devices up to date with secure logins and having the latest security patches is
now a must for anyone who has installed this or any type of IoT said Avast Vice
President Leena Elias.

people now need to be able to assess the security of new tech devices that
could be used against them,” We need to use a wide variety of security measures
to ensure that devices connected to our home networks are secure,” she said,
adding to not forget about the home’s router which is frequently shipped with a
standard admin login that needs to be changed.

One of the reasons consumers don’t update is that they are simply unaware of the need and the benefits of doing so. Another factor is difficulty. Gaining access to the admin functions is not always a simple matter for the average person.

studies in the financial industry have found consumers are willing to embrace
more engagement around fraud prevention if it means their information is
secured (think: multi-factor authentication.) However, if consumers aren’t
aware of the benefits associated with taking more control, they leave
themselves vulnerable to malicious attacks. Sherif Samy, senior vice president,
North America for Entersekt.

Original Source link

The post #cybersecurity | hacker | Ring camera hacks show the need for better IoT security appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | ATO gets $151m for better storage, security – Strategy – Software

Source: National Cyber Security – Produced By Gregory Evans

The federal government has handed the Australian Taxation Office almost $151 million to improve data storage and security system resilience.

The new funding, revealed in the 2019-20 mid-year economic and fiscal outlook (MYEFO) today, comes after the agency secured $70 million to move out of its data centre in the April budget.

The funding will be provided over three years from 2019-20, though just how much will be spent on each has not been laid out.

The Department of Finance will use $0.5 million of the total funding to perform assurance reviews on the project.

MYEFO documents also reveal a further $31.2 million for the Department of Home Affairs to improve the country’s visa and citizenship processing ICT system over the next three years.

The funding will be used enhance the systems “online service delivery and data management capabilities”, ahead of the department’s decision on an external provider for the new billion-dollar visa processing platform.

Last month, the department revealed that at least $80 million had been spent on the design and procurement of the platform, which is slightly more than it was provided in the 2018 MYEFO for the work.

“The measure will improve the Department of Home Affairs’ ability to verify the identity of individuals arriving in Australia,” MYEFO documents states.

“The measure will also allow continued engagement with the market for a strategic technology solution to ensure Australia’s visa systems remain competitive, relevant and safeguard national security.”

The government has also made good on its election pledge to invest in cyber security, with MYEFO documents revealing that $152.7 million to be spent on a range of projects over the next four years.

It follows an undisclosed amount of funding in the April budget to address cyber security concerns against some of the country’s most critical systems.

The government’s cyber security resilience and workforce package will be used to create “additional specialist cyber security positions … to monitor and respond to cyber security threats”.

The positions will be created in the Australian Signals Directorate and the Department of Defence.

The funding will also be used to offer cyber security scholarships and training opportunities, as well as provide assistance to small businesses, older Australians and families on how to conduct online activities securely.

It will also be used to secure voter information, though no detail was provided on how this would be done.

Other funded measures include:

  • $12 million in 2019-20 for the Civil Aviation Safety Authority to regulate commercial drone technologies in Australia.
  • $3 million over two years for the Department of Employment, Skills, Small and Family Business to “undertake additional design work, stakeholder engagement and use research to further inform the development of the VET Student Loans IT System”.
  • $2.1 million over two years to continue the Commonwealth’s contribution to the national coronial information system.
  • $1.8 million over two years for the Australian Road Safety Foundation to pilot a digital road safety passport that informs Year 9 school students about road safety.

Source link

The post #nationalcybersecuritymonth | ATO gets $151m for better storage, security – Strategy – Software appeared first on National Cyber Security.

View full post on National Cyber Security

#school | #ransomware | Ransomware Attacks on U.S. Have Reached “Crisis” Proportions, Governments “Must Do Better”

Source: National Cyber Security – Produced By Gregory Evans

An unprecedented number of ransomware attacks deployed against government, healthcare and school targets in the U.S., and new attacks that not only lock up but also steal sensitive data, have prompted cybersecurity firm Emsisoft to declare a “crisis.”

An recent attack in Pensacola that “may have resulted in a municipal government’s data falling into the hands of cybercrimals” has also prompted Emsisoft to issue its 2019 “State of Ransomware in the US” report early and hopefully induce an immediate response by governments:

“We believe this development elevates the ransomware threat to crisis level and that governments must act immediately to improve their security and mitigate risks. If they do not, it is likely that similar incidents will also result in the extremely sensitive information which governments hold being stolen and leaked.”

The report describes an, “unprecedented and unrelenting barrage of ransomware attacks that impacted at least 948 government agencies, educational establishments and healthcare providers at a potential cost in excess of $7.5 billion.”

Affected organizations include:

  • 103 federal, state and municipal governments and agencies.
  • 759 healthcare providers.
  • 86 universities, colleges and school districts, with operations at up to 1,224 individual schools potentially affected.

In a ransomware attack, hackers typically deploy malicious software via infected links embedded in “phishing” emails.

Sometimes these emails are spammed out randomly. In other cases, an employee working at a targeted organization is carefully profiled and sent a customized email designed to trick that individual into clicking an infected link.

In the case of one cryptocurrency exchange, hackers determined that someone working there was an extreme fan of a particular type of dog.

The hackers created fake digital materials claiming that a dog show featuring this breed would shortly be held in the employee’s region. The employee opened the email, clicked on a link it contained, and infected the entire exchange’s computer systems. The exchange was later robbed of cryptocurrencies.

In most cases, an organization’s systems are rendered unusable by ransomware and a ransom of cryptocurrencies is demanded in exchange for restoring systems or data.

In May, twenty-one civic agencies in Baltimore were disabled by a ransomware attack.

When Boston legal aid offices were disabled by Russian “Ryuk” ransomware earlier this year, trials had to be postponed, including a trial involving a child victim.

According to Emsisoft, the attacks it has lately witnessed, “put people’s health, safety and lives at risk”:

  • Emergency patients had to be redirected to other hospitals.
  • Medical records were inaccessible and, in some cases, permanently lost.
  • Surgical procedures were canceled, tests were postponed and admissions halted.
  • 911 services were interrupted.
  • Dispatch centres had to rely on printed maps and paper logs to keep track of emergency responders in the field.
  • Police were locked out of background check systems and unable to access details about criminal histories or active warrants.
  • Surveillance systems went offline.
  • Badge scanners and building access systems ceased to work.
  • Jail doors could not be remotely opened.
  • Schools could not access data about students’ medications or allergies.

Emsisoft further claims that the escalated success of ransomeware attacks in 2019 resulted from “a perfect storm…(involving) existing security weaknesses and the development of increasingly sophisticated attack mechanisms specifically designed to exploit those weaknesses.”

Fabian Wosar, CTO of Emsisoft, has issued a sober warning:

“The fact that there were no confirmed ransomware-related deaths in 2019 is simply due to good luck, and that luck may not continue into 2020. Governments and the health and education sectors must do better.”

Source link

The post #school | #ransomware | Ransomware Attacks on U.S. Have Reached “Crisis” Proportions, Governments “Must Do Better” appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Facebook ‘Secret Sister Gift Exchange’ Is Illegal Scam, Better Business Bureau Warns

Source: National Cyber Security – Produced By Gregory Evans

A Facebook post that resurfaces around the holiday season has been declared as an illegal scam, according to the Better Business Bureau.

The post discusses the “Secret Sister Gift Exchange,” where participants are instructed to send one gift in order to receive up to 36 gifts in return. However, it’s easy to see that the math just doesn’t add up.

“These gift exchanges, while they look like innocent fun, are really pyramid schemes – and are considered illegal,” the BBB warns.

The gift exchange first became popular in 2015. Users were encouraged to invite others to participate in the exchange and were told that they would receive information on where to send the gifts.

Eventually, participants will be instructed to send an email or social media invitation to send a modest gift to a stranger along with their friends, family and contacts.

“The cycle continues and you’re left with buying and shipping gifts for unknown individuals, in hopes that the favor is reciprocated by receiving the promised number of gifts in return. Unfortunately, it doesn’t happen,” says the BBB.

In reality, the scam relies on recruitments to remain afloat. When people stop participating, the supply of gifts dwindles, letting down countless people who were expecting gifts.

But it doesn’t end there: the information you provide during the exchange can easily end up in the hands of cyber thieves.

“When signing up, the alleged campaign organizer is asking for personal information such as a mailing address or an email,” says the BBB. “With just a few pieces of information, cyber thieves could expose you to future scams or commit identity theft.”

The BBB recommends keeping the following tips in mind should you receive an invitation to participate in an online gift exchange with people you don’t know:

  • Ignore it. Pyramid schemes are illegal in the United States and Canada.
  • Report social media posts inviting users to participate in the gift exchange.
  • Avoid giving out personal identifying information to strangers.
  • Be aware of false claims. Even invitations that claim to be legal and endorsed by the government are false, as the government will never endorse illegal activity.

Click here to sign up for Daily Voice’s free daily emails and news alerts.

Source link

The post #cyberfraud | #cybercriminals | Facebook ‘Secret Sister Gift Exchange’ Is Illegal Scam, Better Business Bureau Warns appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | hacker | Application isolation and virtualization provide a false sense of cybersecurity – It’s time for a better solution

Source: National Cyber Security – Produced By Gregory Evans A recently discovered critical vulnerability presents yet another case study for the shortcomings of the isolation/virtual machine model for cybersecurity. The vulnerability, CVE-2019-14378, has a severity of 8.8, and was first published in the National Vulnerability Database on July 29th, 2019. The vulnerability affects QEMU, the […] View full post on

Cybersecurity #Awareness Doesn’t #Fuel Better #Preparation

New research from SolarWinds MSP has revealed that whilst awareness surrounding cyber-attacks is increasing it is not equating to better preparedness, with confusion about the risks posed and a lack of means to defend against them evident.

The 2017 Cyberattack Storm Aftermath study, commissioned with the Ponemon Institute, surveyed 200 senior-level execs in the US and US about emerging threats, specifically those propagated by the Vault 7 leaks and the WannaCry/NotPetya attacks fueled by the EternalBlue Shadow Brokers leak.

The results found that whilst the majority (69%) of respondents had a high awareness of both WannaCry and NotPetya threats, only 28% (WannaCry) and 29% (NotPetya) felt they would be able to prevent those attacks. What’s more, 44% of the respondents who were aware of the WannaCry patch failed to implement it, with that figure 55% for the NotPetya patch.

Speaking to Infosecurity Tim Brown, VP of security, said that the key to prevention is applying the appropriate patches, but too many businesses are failing to make that connection.

“That shows a lack of knowledge on what the action plan associated with a vulnerability should be,” he added. “People often don’t think of basic security hygiene as one of the most important things they need to do, but it really is – although it’s really not easy. Doing the basics well is not ‘sexy’ or ‘cool’, it’s a lot of hard work that needs to get done, but no technology is going to really save you from that hard work.”

Another significant finding from the report was that more than half of execs felt they did not have sufficient budget to prevent, detect and contain significant cybersecurity threats.

“Budget is always an issue, and basically your security budget always first goes towards meeting your regulatory requirements. How you move the needle towards more security is always a challenge. You have to be able to explain in more business terms the ‘what if’ scenarios.

To conclude Larry Ponemon, founder of the Ponemon Institute, said the lack of knowledge among senior-level security execs highlighted in the report is worrying.

“They know that attacks are on the increase, but many don’t know what they are and seem unable to effectively prevent them,” he added. “Better use needs to be made of the resources available, such as US CERT alerts, and the service providers that most businesses are using to outsource protection. Those providers also need to step up and provide education on where most attacks are coming from and how they can be prevented.”


The post Cybersecurity #Awareness Doesn’t #Fuel Better #Preparation appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

For better #cyber-security, focus on #behavior

Source: National Cyber Security – Produced By Gregory Evans

For better #cyber-security, focus on #behavior

William Mackey thinks the old-school approach to cyber-security — wait for a problem, then tweak the technology — needs to go the way of Windows ’98.

If Americans expect to protect sensitive information, the country needs to shift its perception from hardware to human behavior when it comes to security, he said.

Mackey, an assistant professor of criminology and criminal justice at Indiana State University, told the more than 100 students and staff members packed in Dede 1 of the Hulman Memorial Student Union at ISU on Wednesday that the country needs an approach that couples technology with the way people actually behave.

“We’ve gotten complacent, in fact, these data breaches are happening so often,” Mackey said. “The way that we’ve been fighting this so far has been through purely technological means.

“We’re fighting technology with technology. We try to figure out how much money we can dump into our IT systems, how much IT staff we can get and then we react.

“What we’re suggesting is a different way to look at cyber-security in general. A lot of the data breaches that have happened, happened specifically because of a human behavioral impetus. It started because of somebody, not necessarily a machine, that was an employee or had a user name and password. There’s always somebody behind the machine.”

Mackey’s presentation on cyber-security was part of a round-table discussion on the future of cyber-security and the impact criminology and sociology students can have in shaping that future.

“We don’t need people, necessarily, that have computer programming backgrounds, in fact most of the time I don’t think that’s a good idea,” Mackey said. “We need people with fresh perspectives on things and people who understand why people do things, how we motivate, how to train effectively. What better place to look for that than a criminology background.

“That’s what we focus on, right? Why did they do it, how did they do it and how do we prevent it. It’s what criminologists do already.”

“Seventy-two percent of all data breaches that have happened since 2005 have had a human behavioral component. That is to say, they would not have happened if that human behavioral action didn’t take place,” Mackey said. “We’re not focusing on this human behavioral aspect at all right now. It’s simply not the focus.”

Chetrice Mosely, cyber-security program director for Indiana’s Cybersecurity Council, echoed Mackey’s point, saying the over-sharing of information online is a personal issue, not a technological one.

“To the professor’s point, more than 70 percent of the problem is us,” Mosely said. “It’s not a technology issue, it’s not an IT division issue, it’s an employee issue, it’s a personal issue.

“We share way too much information online because either we think it’s already out there or we don’t care because we’re apathetic.”

The problem needs to be tackled in a human way, she said.

If hackers understand its easier to exploit people than it is technology, then security experts need to retrain the public, not just tweak the technology, she said.

The pair also touched on the great need for qualified people in the cybersecurity field.

More than 6 million jobs are expected discipline-wide in 2019, and forecasts say only about 3.5 million candidates will be ready. Mackey said the average starting salary of those breaking into cybersecurity is around $95,000.

But Mosely reiterated the professor’s earlier point that employers are looking for fresh eyes.

“What businesses are looking for is not people with an IT background, but people with critical thinking skills and who are problem solvers,” Mosely said. “They need the people who can communicate well and can quickly figure things out. If you can do that on day one, then they can teach you the IT stuff.”

The post For better #cyber-security, focus on #behavior appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Building better defences by establishing a deeper understanding of cyber security threats

Source: National Cyber Security – Produced By Gregory Evans

The SWIFT Institute has published three new working papers, each aiming to contribute towards the establishment of better cyber defences for the financial industry. The research papers focus on enabling financial institutions to get ahead and stay ahead of their cyber adversaries by providing a better understanding of the actors…

The post Building better defences by establishing a deeper understanding of cyber security threats appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

A Better Way to Teach Cybersecurity to Workers

Source: National Cyber Security – Produced By Gregory Evans

Companies are starting to take a new approach to getting employees to be more vigilant about cybersecurity. Instead of punishing employees when they make mistakes, they’re rewarding them when they do something good. The problem, security experts say, is that the usual security training is a big turnoff for employees….

The post A Better Way to Teach Cybersecurity to Workers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Good-looking individuals are treated better ……….

To Purchase This Product/Services, Go To The Store Link Above Or Go To Good-looking individuals are treated better than homely ones in virtually every social situation, from dating to trial by jury. Martha Beck The post Good-looking individuals are treated better ………. appeared first on Dating Scams 101. View…

The post Good-looking individuals are treated better ………. appeared first on

View full post on