city

now browsing by tag

 
 

Jafary sues city for inadequate officer training, civil rights violations | Crime | #College. | #Students | #parenting | #parenting | #kids

We recognize you are attempting to access this website from a country belonging to the European Economic Area (EEA) including the EU whichenforces the General Data Protection Regulation (GDPR) and […] View full post on National Cyber Security

#childsafety | City newsletter: Mask mandate in effect | #parenting | #parenting | #kids

By Insider Staff – Sep 11, 2020 | The Ward 9 polling place location has been moved for the Concord community center. Everett Arena The city manager’s office sent out […] View full post on National Cyber Security

Feds indict former Shreveport city employee in $400K fraud | #employeefraud | #recruitment | #corporatesecurity | #businesssecurity | #

SHREVEPORT, La. (AP) — A federal grand jury in Louisiana has accused a former city worker and a second man of using city credit cards more than 3,800 times over […] View full post on National Cyber Security

#cybersecurity | hacker | Election integrity preserved in fictitious city of Adversaria during Operation Blackout tabletop exercise

Source: National Cyber Security – Produced By Gregory Evans

On a sunny day last week during RSA 2020, a group of
journalists huddled in a vault in the San Francisco Mint, plotting to wreak
havoc and sow doubt on Election Day in the fictitious city of Adversaria.

Despite taking over traffic cameras, the governor’s Facebook account, the mayor’s Twitter account, plotting cyberattacks, developing deepfakes and crafting social media-base disinformation campaigns the Red Team: Kill Organized Systems (K-OS) hacktivist group’s efforts were successfully spurned by a team of competent do-gooders on the Blue Team: Adversaria Task Force, who were also gathered in a vault in the mint.

It was all part of a tabletop exercise organized by
Cybereason, a mini version of the three-hour event the company typically runs in
cities around the world to alert law enforcement, government officials and
first responders – who typically populate the Blue Team – to the many ways
hackers can disrupt elections and prepare them to respond at whatever attacks
might come their way.

“Recent times have seen election tampering by special interest groups and foreign powers in the United States, Europe and Asia. With looming 2020 elections across the world the goal of Operation Blackout California was to examine and advance the organizational responsiveness of government entities to a hacking group’s attempts to undermine democratic institutions and systems of governance in the republic,” said Cybereason CSO Sam Curry, who led the Operation Blackout exercise. “Most election hacking discussions and exercises focus on the mechanics and minutiae of hacking election equipment or contaminating and violating the integrity of voter rolls. Cybereason’s exercise instead focused on everything else in the electoral system.”

The teams took five-minute turns, in which they were allowed
two actions and a development. Actions for the Red Team included gaining access
to city cameras, taking over social media accounts and news broadcasts while
development is a capability the team wants developed out during the course of the
exercise, such as the creation of a bot network to disseminate and amplify
disinformation. On the Blue Team, actions included assigning police officers to
a task; perhaps, deploying them to polling stations. The team’s development
might be spinning out a capability such as gaining assistance from a federal agency.

While the Red Team in the RSA exercise successfully created a troll network as well as disrupted traffic signals, made a plausible threat of a terrorist attack. Effectively used social media and developed deep fake videos showing voting machine malfunctions, the Blue Team countered along the way, shutting down construction sites, deploying police officers to polling stations and reclaiming social media. In the end, the White Team adjudicating the exercise, determined that the Blue Team won the day, thwarting the Red Team’s malicious efforts.

“Overall, the red team of hackers hijacked a news station and took control of other social media channels in the city, but the blue team of law enforcement officials was able to restore order. A press release was issued by the mayor and police chief dispelling fake news and disinformation,” said Curry. “While the red team did create some chaos, however, it wasn’t lasting damage and the blue team successfully defended the elections.”

Original Source link

The post #cybersecurity | hacker | Election integrity preserved in fictitious city of Adversaria during Operation Blackout tabletop exercise appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Opinion: Three Spurs players who were far from their best against Man City – Spurs Web

Source: National Cyber Security – Produced By Gregory Evans Tottenham Hotspur recorded a famous 2-0 win over Man City this afternoon in the Premier League, leapfrogging up to fifth in the table. Goals from Steven Bergwijn and Heung-min Son sealed a delightful win and clean sheet for the Lilywhites against the current champions. However, a […] View full post on AmIHackerProof.com

#infosec | Fake Exec Tricks New York City Medical Center into Sharing Patient Info

Source: National Cyber Security – Produced By Gregory Evans

An employee at a New York City medical center was tricked into giving out patient information by a threat actor purporting to be one of the facility’s executives. 

The data was shared by an individual at community-based non-profit the VillageCare Rehabilitation and Nursing Center (VCRN) who had received what they believed to be a genuine email from a senior member of staff. 

VCRN were notified on or about Monday, December 30, that a cruel deception had taken place.

In a Notice of Data Privacy Incident statement published on VCRN’s website, the company stated: “The unauthorized actor requested certain information related to VCRN patients. Believing the request to be legitimate, the employee provided the information.”

Information obtained by the threat actor included first and last names, dates of birth, and medical insurance information, including provider name and ID number for 674 patients. 

VCRN said: “Once it became apparent that the email received by the employee was not a legitimate request, we immediately launched an investigation with the assistance of third-party forensic specialists to determine the full scope of this event.”

The medical center said that they weren’t aware of any personal patient information having been misused as a result of this event.

Becoming a victim of a phishing scam has led VCRN to review its cybersecurity practices.

The center said: “We take this incident and security of personal information in our care seriously. We moved quickly to investigate and respond to this incident, assess the security of relevant VCRN systems, and notify potentially affected individuals. This response included reviewing and enhancing our existing policies and procedures.”

VCRN has taken steps to notify all the patients who have potentially been impacted by the cyber-attack. A toll-free dedicated assistance phone line has been established for patients who wish to discuss any concerns they may have as a result of the incident. 

The data breach has been reported to law enforcement and to the relevant regulatory authorities. 

VCRN advised patients “to remain vigilant against incidents of identity theft and fraud and to review account statements, credit reports, and explanation of benefits forms for suspicious activity and report any suspicious activity immediately to your insurance company, health care provider, or financial institution.”  

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | Fake Exec Tricks New York City Medical Center into Sharing Patient Info appeared first on National Cyber Security.

View full post on National Cyber Security

#comptia | #ransomware | Spike in Texas cyberattacks against municipalities has City of SA in constant defense mode

Source: National Cyber Security – Produced By Gregory Evans

SAN ANTONIO – Six months ago, cybercriminals attacked local government agencies in 23 Texas cities. The statewide attack brought the Lone Star State to the front and center of the discussion about cybercrime.

“Municipalities are always a target because we have very complex systems, broad responsibilities. Here in San Antonio, we have more than 40 departments and city services, almost 13,000 employees,” said City of San Antonio IT Director and Chief Information Officer Craig Hopkins.

Ransomware attacks in 23 Texas cities have officials taking preventive measures

Hopkins said he consistently prioritizes cybersecurity for those reasons and instead of training employees once a year, he sends out information once a month.

“Up to 95% of the incidents we have are usually driven by human error,” he said.

Hopkins teaches city employees about the main types of cyberattacks. He said “phishing” is the most common.

“Phishing basically says, ‘I want you to click on a link, and I want you to give up some information that you may not normally give. I can take over one account, and then I can impersonate you inside of your organization and move horizontally,’” Hopkins said.

He then explained a concept called “whaling.”

“Think of that as a big fish. People of a certain title, city manager, the chief financial officer — targeting them because if you can impersonate them, you can create influence over other people, so financial scams tend to come out,” Hopkins said.

Hopkins also warned about physical security, which can include people looking over your shoulder at confidential information, people calling your phone pretending to be someone else or people piggybacking into facilities where employees use an access card.

He said he could not go into specific technicalities of the city’s protective system, but he said all businesses should be taking preventive measures, especially agencies or companies with outdated systems.

Copyright 2020 by KSAT – All rights reserved.

Source link

The post #comptia | #ransomware | Spike in Texas cyberattacks against municipalities has City of SA in constant defense mode appeared first on National Cyber Security.

View full post on National Cyber Security

New Orleans Mayor: Ransomware Attack Cost City $7 Million

Source: National Cyber Security – Produced By Gregory Evans

The City of New Orleans ransomware attack has caused at least $7 million in financial damage & this figure is expected to grow, Mayor Latoya Cantrell says.

The City of New Orleans ransomware attack has caused at least $7 million in financial damage to date, Mayor Latoya Cantrell told WVUE. In addition, Cantrell said she expects the ransomware attack’s financial impact to continue to grow — despite the fact that the city has recovered $3 million via a cyber insurance policy that was purchased before the incident.

Meanwhile, the City of New Orleans still faces an IT backlog after the ransomware attack, Chief Administrative Officer Gilbert Montano told WVUE. Montano also indicated that it could take several months before the city rebuilds its network.

A Closer Look at the New Orleans Ransomware Attack

The City of New Orleans ransomware attack took place December 13. Cybercriminals shut down City of New Orleans government systems, and more than 4,000 New Orleans government computers were affected by the cyberattack.

New Orleans officials have taken steps to improve the city’s security posture after the ransomware attack. The City of New Orleans plans to increase its cyber insurance coverage to $10 million this year, and a forensic investigation into the ransomware attack is ongoing.

How Can Organizations Address Ransomware Attacks?

Ransomware attacks affect municipalities, schools and businesses of all sizes. However, there are many things that any organization can do to combat ransomware attacks, such as:

  • Perform regular IT security audits and penetration testing.
  • Deploy endpoint protection solutions across IT environments.
  • Develop and implement a cybersecurity training program to teach employees about ransomware and other cyber threats.

MSSP Alert Recommendations

The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks.

To get ahead of the ransomware threat, MSSP Alert and ChannelE2E have recommended that readers:

  1. Sign up immediately for U.S. Department of Homeland Security Alerts, which are issued by the Cybersecurity and Infrastructure Security Agency. Some of the alerts specifically mention MSPs, CSPs, telcos and other types of service providers.
  2. Study the NIST Cybersecurity Framework to understand how to mitigate risk within your own business before moving on to mitigate risk across your customer base.
  3. Explore cybersecurity awareness training for your business and your end-customers to drive down cyberattack hit rates.
  4. Connect the dots between your cybersecurity and data protection vendors. Understand how their offerings can be integrated and aligned to (A) prevent attacks, (B) mitigate attacks and (C) recover data if an attack circumvents your cyber defenses.
  5. Continue to attend channel-related conferences, but extend to attend major cybersecurity events — particularly RSA Conference, Black Hat and Amazon AWS re:Inforce. (PS: Also, keep your eyes open for PerchyCon 2020 in January.)


Return Home

Source

The post New Orleans Mayor: Ransomware Attack Cost City $7 Million appeared first on National Cyber Security.

View full post on National Cyber Security

#city | #ransomware | Don’t Pay the Ransom in a Cyberattack: FBI

Source: National Cyber Security – Produced By Gregory Evans

FLORIDA — As the FBI continues investigating the latest municipal cyberattack of Pensacola, the question for many officials is whether to pay or not to pay the ransom?

  • Pensacola dealing with cyberattack
  • 2019 bad year for cyberattacks in Florida
  • FBI and Cyber Florida experts say don’t pay ransom

FBI policy says no, but in the last year Florida attacks have netted millions in ransom.

The international statistics are even more alarming.

In 2019, reported payments made by six Florida municipal governments to hackers have totaled almost $3 million.

Most of these payments are covered by cyber insurance.

For example, Lake City officials said they paid $10,000 in deductible of an estimated $480,000 ransom insurance payment.

One city, Stuart, got off without paying the ransom because they had backed up their servers.

Over the summer, the Conference of U.S. Mayors passed a resolution to not pay ransomware.

They stated it “encourages continued attacks.”

Examples of other major cyberattacks the lesson learned is you end up paying anyways.

The City of Atlanta reportedly paid out $17 million while reportedly Baltimore paid $18 million.

Usually the cost to a city involves two categories.

There’s the cost of recovery and the cost of downtime of servers which studies show are 5 to 10 times the cost of ransom, according to a 2019 Coveware report.

 Cyber Florida, USF’s online security institute told Spectrum Bay News 9 there’s a reason not to pay, which is in line with FBI policy.

Cyber Florida officials said there’s no guarantee cities will recover completely after a cyberattack.

The Coveware report also found 2019’s cyberattacks have become more complex.

At the start of the year, downtime lasted about a week.

After the midyear, it’s up to a week and half.

Source link

The post #city | #ransomware | Don’t Pay the Ransom in a Cyberattack: FBI appeared first on National Cyber Security.

View full post on National Cyber Security

#city | #ransomware | How governments can streamline the adoption of smart city technologies — GCN

Source: National Cyber Security – Produced By Gregory Evans

INDUSTRY INSIGHT

How governments can streamline the adoption of smart city technologies

Spending on smart cities worldwide will reach over $34 billion in 2020 as cities adopt more connected technologies. From smart traffic lights that monitor traffic flow to smart grids that can make energy usage more efficient, such technologies can certainly improve the quality of life for citizens. Yet a staggering one-third of internet-of-things projects fail at the proof-of-concept (PoC) stage due to cost, security and scalability challenges. Cities must change and improve their approach to finding, testing and deploying smart technology innovations to effectively roll out such systems.

Here are three ways a dedicated PoC platform can help streamline, secure and scale the evaluation of new technologies.

1. It enables easier IoT integration and interoperability

When implementing smart city technologies, governments must consider how different technologies such as cameras and sensors will operate together in an interconnected ecosystem. The interoperability of systems is one of the most important components of a smart city. In a traditional PoC, each new technology would have to be tested individually against the existing system, but a PoC platform can automate much of the process and test all the technologies simultaneously.

A PoC platform can use artificial intelligence to replicate a virtual environment in the cloud. From there, the platform can simulate the same network behavior, including fluctuations in activity, latency and bandwidth from the original environment, to create the best possible testing ground for PoC evaluation. This PoC process allows CIOs and technology leaders to assess the interoperability and performance of the smart technology alongside the city’s existing ecosystem.

A centralized PoC platform running multiple evaluation processes can automatically compile results and data into a comprehensive KPI report, saving more time and effort. This makes it simple for governments to compare results to business and technical requirements, determine whether further testing is required and easily identify which solution can seamlessly integrate with existing systems.

2. It mitigates the risk of using sensitive data

The biggest risk of the traditional PoC process is the use of sensitive data. The sheer volume IoT devices, which will increase to almost 20 billion by 2020, means any cyberattack or data leak could have devastating consequences for a city and its citizens, as evidenced this year by the spate of ransomware attacks across the country. The lack of established standards and policies makes it even more risky for cities working with new vendors and products on interoperability. Granting a vendor access to private data and a city’s IT environment is a major security risk, but is necessary for PoC platforms to simulate an environment. Fortunately, there are tools that can safeguard information and secure the evaluation process from any malicious vendors.

By anonymizing or mimicking a small sample of data, a PoC platform can generate millions of records similar to the ones provided, giving the PoC environment a realistic set of data and without compromising security or privacy. This can effectively mitigate the dangers of data breaches since the generated information will be worthless while the sensitive data is anonymized and cannot be used.

3. It enables open innovation for large-scale projects

The pace of technological advancements means that cities will need to be constantly on the lookout for new innovations — whether it’s implementing visualization tools in Columbus, Ohio, or assessing 5G-powered drones in Raleigh and Cary, N.C. However, it’s important to ensure that any smart technology assessment has clear goals from the outset, as technology deployments risk failing due to the high cost of scaling, unclear ROI and the inability to justify the business case for the investment. A dedicated PoC platform can remedy these challenges by enabling governments to fast-track multitude vendor assessments at once, giving them more time to think strategically about how the solutions support broader business goals.

For example, a city’s evaluation of smart grid technology in a traditional PoC process could take a team months to complete. An additional few months would be required to ensure the technology securely integrates with its IT environment and develop a rollout strategy ahead of implementation. A PoC platform slashes evaluation time, saving precious resources and costs.

As urban environments transform into  connected systems, solving the inefficiencies of PoCs has become a necessity. Reinventing the PoC process with tools targeting the key components of integration and interoperability, security and scalability is a logical and essential step for governments to consider. With new technologies being introduced at a rapid pace, cities across the country are under intense pressure to keep up and can no longer afford to spend time on lengthy PoCs. 

About the Author



Toby Olshanetsky is CEO and co-founder of prooV.

Source link

The post #city | #ransomware | How governments can streamline the adoption of smart city technologies — GCN appeared first on National Cyber Security.

View full post on National Cyber Security