now browsing by tag


#infosec | Fake Exec Tricks New York City Medical Center into Sharing Patient Info

Source: National Cyber Security – Produced By Gregory Evans

An employee at a New York City medical center was tricked into giving out patient information by a threat actor purporting to be one of the facility’s executives. 

The data was shared by an individual at community-based non-profit the VillageCare Rehabilitation and Nursing Center (VCRN) who had received what they believed to be a genuine email from a senior member of staff. 

VCRN were notified on or about Monday, December 30, that a cruel deception had taken place.

In a Notice of Data Privacy Incident statement published on VCRN’s website, the company stated: “The unauthorized actor requested certain information related to VCRN patients. Believing the request to be legitimate, the employee provided the information.”

Information obtained by the threat actor included first and last names, dates of birth, and medical insurance information, including provider name and ID number for 674 patients. 

VCRN said: “Once it became apparent that the email received by the employee was not a legitimate request, we immediately launched an investigation with the assistance of third-party forensic specialists to determine the full scope of this event.”

The medical center said that they weren’t aware of any personal patient information having been misused as a result of this event.

Becoming a victim of a phishing scam has led VCRN to review its cybersecurity practices.

The center said: “We take this incident and security of personal information in our care seriously. We moved quickly to investigate and respond to this incident, assess the security of relevant VCRN systems, and notify potentially affected individuals. This response included reviewing and enhancing our existing policies and procedures.”

VCRN has taken steps to notify all the patients who have potentially been impacted by the cyber-attack. A toll-free dedicated assistance phone line has been established for patients who wish to discuss any concerns they may have as a result of the incident. 

The data breach has been reported to law enforcement and to the relevant regulatory authorities. 

VCRN advised patients “to remain vigilant against incidents of identity theft and fraud and to review account statements, credit reports, and explanation of benefits forms for suspicious activity and report any suspicious activity immediately to your insurance company, health care provider, or financial institution.”  


#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity

Source link

The post #infosec | Fake Exec Tricks New York City Medical Center into Sharing Patient Info appeared first on National Cyber Security.

View full post on National Cyber Security

#school | #ransomware | Cyberattack on Morial Convention Center has little immediate effect on events there, but problems may grow | Business News

Source: National Cyber Security – Produced By Gregory Evans The Ernest N. Morial Convention Center, one of the cornerstones of New Orleans’ multibillion-dollar tourism economy, is the latest victim in a string of cyberattacks against city and state computer systems that have had serious consequences for government officials and the public. New Orleanians were left […] View full post on

Fishtech Group Preps North Arkansas Cyber Defense Center

Source: National Cyber Security – Produced By Gregory Evans

Cybersecurity services provider Fishtech Group, which has a Top 200 MSSP arm, has announced plans to open a 10,000-square-foot Cyber Defense Center (CDC) in Rogers, Arkansas.

Fishtech’s Arkansas CDC will complement the company’s CDC in Martin City, Missouri. It will initially house 20 employees and expand to host up to 100 onsite staff, the company stated.

Also, the new CDC will be run by Fishtech CISO Kerry Kilker, a former Walmart executive who joined the company earlier this year. It is expected to open in the second quarter of next year.

Fishtech’s Arkansas CDC will bring cybersecurity training, technology and resources to Northwest Arkansas, the company said. In doing so, the CDC will help organizations bridge the cybersecurity resource and talent gap.

Approximately 58 percent of enterprises have unfilled cybersecurity positions, according to the 2019 “State of Cybersecurity” survey from information security organization ISACA. Furthermore, 62 percent of survey respondents said they have to wait three to six months to fill open cybersecurity positions.

Fishtech Joins the OneLogin Accelerate Partner Program

In addition to announcing plans to open a new CDC, Fishtech in April joined the OneLogin Accelerate identity and access management (IAM) partner program. Fishtech has incorporated the OneLogin unified access management (UAM) platform into its offerings and added IAM solutions to its portfolio.

Fishtech provides data-driven cybersecurity solutions designed to help organizations identify security gaps and comply with industry mandates, the company indicated. It also partners with other cybersecurity companies to deliver on-premises and cloud security solutions.


The post Fishtech Group Preps North Arkansas Cyber Defense Center appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #infosec | Major data center provider hit by ransomware attack, claims report

Source: National Cyber Security – Produced By Gregory Evans CyrusOne, a major provider of enterprise data center services, is reported to have suffered a ransomware attack. The Dallas-headquartered company, which operates more than 30 data centers across the United States, China, London, and Singapore, is reported by ZDnet to have had some of its systems […] View full post on

#nationalcybersecuritymonth | How healthcare organizations can keep security front and center

Source: National Cyber Security – Produced By Gregory Evans

As National Cybersecurity Month came to an end on October 31, it should be stated that security and cybersecurity need care and attention all year long. To effectively protect data in an organization’s trust, security demands constant vigilance and an evolving approach to recognize the shifting nature of threats.

For organizations in healthcare, HIPAA sets the baseline from which to construct a solid security platform.

The first step in that process is a risk analysis. The risk analysis is designed to provide a comprehensive overview of where all data reside, the risks to the data, the likelihood of an event occurring, and then to assign a threat level to every element. A detailed explanation of what goes into a risk analysis has been covered before, so please read the earlier post for a refresher.

young engeneer business man with thin modern aluminium laptop in network server room

WWW.SHOCK.CO.BA/.shock –

Finding resources to help an organization conduct the risk analysis are always welcome. The Office for the National Coordinator of Health IT came out with an initial version of a self-conducted risk analysis a number of years ago at this point. Timing with the end of Cybersecurity Month, updates have been made to the tool to further increase usability.

While the tool is a good start, use must be serious and cannot take issues too lightly. It could be tempting to overstate the protective capabilities of an organization or the likelihood of threats. Reviewing a report that does not fully consider all threats or vulnerabilities should result in a funny gut feeling. The reason for that feeling is the unfortunate reality that no system can ever be fully secure these days.

On top of the risk analysis and taking steps to implement effective security measures, there should also be time for reflection on what improvements can be pursued to aid the security posture of organizations. Do sufficient resources, whether monetary or personnel, exist to adequately implement security measures? From that perspective, there are opportunities to pursue new goals and support.

The Do No Harm 2.0 report authored by Robert Lord or Protenus and Dillon Roseen for New America focuses on culture, technology, and workforce concepts to propose an assortment of means to drive the security ball forward (full disclosure, I was honored by Robert Lord to provide feedback throughout the drafting process). Suggestions range from instilling a culture focused on security to government support of education and training on cybersecurity to revising regulations to encourage funding of and collaboration around cybersecurity. The report attempts to establish certain ideals to work towards. While the ideals may not be fulfilled, driving a discussion is an important part of the process as discussion can lead to necessary attention and action.

As initially suggested, security should not receive attention solely in one month of the year. While it is good to have the focus on security at this time and for new reports, tools, and other materials to be published, the need for continued focus also cannot be overlooked. Optimistically, the efforts established annually during cybersecurity month can provide new bursts of energy around year-round activities. When security does not need special focus because it is an ongoing, constant part of daily operations, then some measure of success can be appreciated. Even at that point, there will be no time to rest.

Source link

The post #nationalcybersecuritymonth | How healthcare organizations can keep security front and center appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | SPC Named Center of Excellence in Cyber Defense Education

Source: National Cyber Security – Produced By Gregory Evans

St. Petersburg College was recognized this month by The National Security Agency and the Department of Homeland Security.

  • SPC named Center of Excellence in cybersecurity education
  • Designated through academic year 2024
  • Allows school to further expand program
  • More Pinellas County stories

The school was named a National Center of Excellence in Cyber Defense Education. The recognition comes as October is Cybersecurity Awareness Month. 

Dr. James Stewart, Dean of the College of Computers and Information Technology at SPC, says the designation is an honor and will help the school expand its cybersecurity program. 

“We want to make sure that we’re number one, our students are number one, and that’s our goal,” said Stewart.

The students at SPC enrolled in the cybersecurity program to get hands-on experience, including learning how to block hackers.

“It’s really interesting to see how they kind of circumvent the common protections we have in place,” said student Lionel Plaisance. “When you’re working in cybersecurity, you have to have a really good idea not just about how one thing works but about how all the pieces come together.”

The dean says the designation will be on students’ diplomas. He also says this recognition will help them expand the program, including adding new classes focused on threat analysis. 

Source link

The post #nationalcybersecuritymonth | SPC Named Center of Excellence in Cyber Defense Education appeared first on National Cyber Security.

View full post on National Cyber Security

China #unveils its first #civil-military #cybersecurity innovation #center

Source: National Cyber Security – Produced By Gregory Evans

China on Tuesday unveiled the nation’s first cybersecurity innovation center developed under the national strategy of civil-military integration, amid Beijing’s call to step up its national cyber defenses.

The freshly-established center has set the ambitious goal of setting up a cutting-edge cybersecurity defense system for the military to help win future cyber wars.

It was set up under the instruction of the Central Commission for Integrated Military and Civilian Development and related military bodies, which will also supervise and manage the center during its operation by one of China’s leading cybersecurity companies, 360 Enterprise Security Group.

According to Wu Yunkun, president of the security group, the center will focus on building cyber defense systems for military-related internet services and a threat intelligence sharing mechanism for military users in the first stage.

It will work to encourage more small- and medium-sized companies to cooperate on technology R&D projects in order to guarantee the supply of cyber defense services that can meet practical combat requirements, Wu introduced.

Specifically, the center wants to set up a special fund for cybersecurity innovation investment and teams of researchers that are supported by local governments, the military, and enterprises. It is also mulling to conduct a pilot study on cyber militia construction and to set up a mechanism to offer cyber emergency response services and advanced persistent threat (APT) analysis and monitoring services to the military and local government bodies.

China has long attached significance to cybersecurity, and the eminent influence of cybersecurity in the military domain in particular has been increasingly valued by the central government.

In a strategy paper released by Cyberspace Administration of China (CAC) last December, China vowed to develop a cyber defense compatible with its international status as a major cyber power – a national goal with a development timeline by 2035.

Three months later, an international strategy document published by the Chinese foreign ministry and CAC made clear that national defense in cyberspace is one crucial part of Chinese military modernization, following the same military strategy of active defense.

“Countries like the US and Israel that are taking the lead in cyberspace development have demonstrated how cybersecurity companies can help support a nation’s national defense needs in the virtual world. In turn, the development of cyber defense can help give a boost to the whole industry,” Qi Xiangdong, Chairman of the 360 Enterprise Security Group, noted at the ceremony.

The post China #unveils its first #civil-military #cybersecurity innovation #center appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Governor #Deal announces $35 #million for #cybersecurity center #expansion

Source: National Cyber Security – Produced By Gregory Evans

 Cyber Training and Innovation was already a big project, but it just got bigger, by 35 million dollars to be exact. Today Governor Nathan Deal annouced a second building which is set to begin its construction immediately.

Augusta University Brooks Keel calls it a pretty sweet deal not only for the students and state but the entire country.

The first building won’t be finished until July 2018. This new second one won’t be done until a year from now, Dec. 2018.

Keel says, “it will allow us to just really explode innovation. “

Innovation that he believes can start a boom for business. 
Not just for business in the downtown area near the building but throughout the entire city.

“Its being able to take this piece of training to provide for the workforce and turn that into a giant magnet to bring in business to augusta.” 
He told News 12, that’s going to bring more jobs and attention to Augusta.

It’s this kind of attention that Augusta University cyber students like Bryce Floyd are waiting for. Floyd is a junior who says he’s excited to get to spend at least one semester in the new second building before he graduates.

“Well i’m excited they’re investing that much into my field, and my major and i’m really happy that they’re thinking about the future.”

According to his school president Keel, it’s a future where studying cyber will transform easily into a career. 
Keel said the new building is a part of a ‘concept’ where students would have class on one side of the hallway. Then after class, they could simply walk over to the other side of the hall for their internship.

New halls, new classrooms, more equipment and advanced labs are all a part of the reason why Floyd believes it made sense to add an extra building. 
He believes Augusta earned it.

“This is definitely, in America, probably one of the leading areas for cyber security. “

What was only an idea a year ago– now is a steel structure with a new promise for an even bigger design.

“When Governor Nathan Deal first announced the 50 million dollar facility, then turned it into a 60 million dollar facility, there were two parts to it, innovation and training,” said Dr. Brooks Keel.

You could say Training is being built.

That’s the focus of the first building.

Innovation is the second 35 million dollar, 165,000 square foot building announced today.

It’s going to start being built immediately and will open its doors in a year.

Augusta University President Dr. Brooks Keel says moving quickly is everything in this industry.

“When you’re talking about lightning speed I can’t think of a technology that’s quicker than cyber, and beyond that cybersecurity. You have to be not just on the cutting edge but the bleeding edge to be on top of the growth with cyber,” he said.

That’s exactly what Governor Deal wants, he says these projects will help make Georgia the leader in the nation for cyber, setting Augusta and Augusta University ahead as well. While the project grows, the schools reach grows also.

“I’ve been saying for a while that’s just phase one, here’s phase two, and there’s more to come on that parcel of land there,” he said.

So the now more than 90 million dollars in cyber investments in downtown Augusta is paving the way for a brighter future from city, to the state, to the whole nation.

 Governor Deal announced $35 million in funding to expand Augusta’s Hull McKnight Georgia Cyber Innovation and Training Center.

According to a release from the Governor’s Communications Office, Deal said, “Given Georgia’s growing status as a technology and innovation hub, this additional investment will further cement our reputation as the ‘Silicon Valley of the South.’ When complete, the center will house a cyber range, the Georgia Bureau of Investigation’s new cyber crime unit and an incubator for startup cybersecurity companies.”

Construction of the new facility will begin immediately. The 165,000 square foot space will serve as a training facility for information security professionals employed by state and local governments. 
The space will also allow tech companies to establish fellowships, internships, and co-op programs for students and employees.

The Georgia Technology Authority (GTA) will oversee the construction and the operation of the cybersecurity center facilities. The GTA is partnered with the U.S. Army Center of Excellence at Fort Gordon, the Georgia, National Guard, Georgia Bureau of Investigation, and the City of Augusta to name a few. The GTA is also partnered with schools, colleges, and private corporations.

The first phase of the Cyber Center is scheduled to open in July. The Second is scheduled to be completed December 2018.

The post Governor #Deal announces $35 #million for #cybersecurity center #expansion appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cloud-Focused Cybersecurity Center at UTSA Aims $5M at Unfilled Jobs

Source: National Cyber Security – Produced By Gregory Evans

Cloud-Focused Cybersecurity Center at UTSA Aims $5M at Unfilled Jobs

Encryption, access control, intrusion and fraud detection—the fundamentals of cybersecurity remain largely the same regardless of the type of computing infrastructure an organization uses.

But the way IT professionals might apply those security methods to an analog computer versus computing on the cloud vary, for a pretty simple reason: people use different systems different ways. That’s according to Ravi Sandhu, the executive director at the Institute for Cyber Security and a professor of computer science at University of Texas at San Antonio. Sandhu is the principal investigator of a group of researchers that are set to receive as much as $5 million from the National Science Foundation to study cybersecurity for cloud computing, and to train students in the area.

“There is a foundation that is common to cybersecurity across all domains, but its application requires a lot of creativity, innovation, and adaptation,” Sandhu said in a phone interview. “The difficulty is in the system—putting everything together in a large system and accounting for mistakes, especially from human users.”

To explore the subject further, Sandhu and professors from four other departments at UTSA are creating a research center called the Center for Security and Privacy Enhanced Cloud Computing. The group was awarded $2 million from the NSF in July to get started and may receive as much as $3 million more ($1 million per year through 2020) to continue it.

The researchers hope the additional cloud cybersecurity training will make students more attractive to tech companies with positions to fill. UTSA announced this week that Rackspace, the San Antonio-based cloud computing company, and Austin, TX-based cybersecurity company NSS Labs have both agreed to recruit interns and part-time employees from the new center.

“We’re excited UTSA has recognized this critical need for talent and invested in the Center for Security and Privacy Enhanced Cloud Computing to help educate and train students as San Antonio becomes a hub for industry-leading cybersecurity experts,” Dave Neuman, Rackspace’s chief information security officer, said in a press release. Rackspace, which was acquired by private equity in 2016, has added more customers who use cloud services such as Amazon Web Services and Microsoft Azure in recent years.

The grant was awarded in part to help address a perceived shortage in the cybersecurity workforce, according to the NSF. Sandhu expects there will be 1.5 million unfilled cybersecurity jobs in 2020. The new center will also work to recruit high school students from the San Antonio area to study cybersecurity at UTSA.

The post Cloud-Focused Cybersecurity Center at UTSA Aims $5M at Unfilled Jobs appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers target Schuyler Co. 911 center, system temporarily disrupted

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans SCHUYLER COUNTY, NY (WENY) — Roughly two weeks ago, Schuyler County officials say hackers were able to gain access to the communications system for the whole county. The mode of access is now being investigated on a state and federal level. “The New York State Cyber […] View full post on | Can You Be Hacked?