now browsing by tag


New York is #quietly working to #prevent a major #cyber attack that could bring down the #financial #system

Source: National Cyber Security News

Five months before the 9/11 attacks, US Secretary of Defense Donald Rumsfeld sent a memo to one of his advisers with an ominous message.

“Cyberwar,” read the subject line.

“Please take a look at this article,” Rumsfeld wrote, “and tell me what you think I ought to do about it. Thanks.”

Attached was a 38-page paper, published seven months prior, analyzing the consequences of society’s increasing dependence on the internet.

It was April 30, 2001. Optimistic investors and frenzied tech entrepreneurs were still on a high from the dot-com boom. The World Wide Web was spreading fast.

Once America’s enemies got around to fully embracing the internet, the report predicted, it would be weaponized and turned against the homeland.

The internet would be to modern warfare what the airplane was to strategic bombers during World War I.

The paper’s three authors — two PhD graduates and the founder of a cyber defense research center — imagined the damage a hostile foreign power could inflict on the US. They warned of enemies infecting computers with malicious code, and launching mass denial of service attacks that could bring down networks critical to the functioning of the American economy.

Read More….


View full post on National Cyber Security Ventures

2,000 #computers were #shut down due to #SamSam virus #attack to #Colorado Department of #Transportation

Source: National Cyber Security News

On Wednesday morning the workday in Colorado Department of Transportation (CDOT) was disturbed. The institution went back to good old days when computers were not existing due to SamSam ransomware virus attack.

On February 22, the file-encrypting virus hit CDOT’s computers, encrypted files and demanded to pay the ransom in Bitcoins. More than 2,000 computers were shut down to stop and investigate the attack.

According to the CDOT spokeswoman, the version of SamSam ransomware hit only Windows OS computers even though they were secured by McAfee antivirus. However, CDOT and security software providers are working on virus elimination.

Fortunately, Colorado Department of Transportation has all data backed up. Therefore, they are not going to pay the ransom and crooks attempts to blackmail the institution did not succeed.

Meanwhile, employees are forbidden from accessing the Internet until the problem is solved. Ransomware did not affect any critical services, such as cameras, alerts on traffics or variable message boards.

Authors of SamSam ransomware already received money from victims in 2018
SamSam ransomware is known for a while. Numerous versions of malware hit hospitals and other institutions last year. Colorado Department of Transportation is not the first organization that was in the target eye of the ransomware creators this year too.

Read More….


View full post on National Cyber Security Ventures

Gaps in #software slowing down #security #professionals

Source: National Cyber Security – Produced By Gregory Evans

Gaps in software systems are slowing down security teams who are estimated to spend 10 hours a week dealing with the inefficiencies.

More a third of IT decision-makers estimated that their security staff spent at least three hours daily on tasks that otherwise could have been handled by better software, revealed a study commissioned by LogRhythm. Conducted by Widmeyer, the study polled 751 respondents from Asia-Pacific, the US, and UK.

The majority believed a security administrator, on average, spent up to 10 hours a week dealing with the lack of software capabilities.

And yet, in Asia-Pacific, 56 percent of IT decision-makers said they depended on software to help them prioritise cybersecurity threats.

This reliance would be increasingly important since 88 percent across the global sample regarded insider threats as a growing concern in their ability to safeguard the organisation.

“The proliferation and innovation of business-enabling technology, combined with the speed of today’s advanced hackers to adopt and adapt to the latest technology, is making it increasingly difficult–if not impossible–for security teams to evolve their rapid threat detection and response capabilities as quickly as their adversaries,” said James Carder, LogRhythm Labs’ chief information security officer and vice president.

The security vendor touts the merits of artificial intelligence (AI) in dealing with this evolving landscape. It noted, however, that less than half of the survey respondents currently used AI to fight cyberthreats.

According to Gartner, AI would help businesses regain 6.2 billion hours in employee productivity by 2021, generating US$2.9 trillion in business value.

The research firm’s research vice president Mike Rollings said: “AI can take on repetitive and mundane tasks, freeing up humans for other activities, but the symbiosis of humans with AI will be more nuanced and will require reinvestment and reinvention instead of simply automating existing practices.

“Rather than have a machine replicating the steps that a human performs to reach a particular judgment, the entire decision process can be refactored to use the relative strengths and weaknesses of both machine and human to maximise value generation and redistribute decision making to increase agility,” Rollings said.

The post Gaps in #software slowing down #security #professionals appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

ATO #outages have slowed down #cyber security policy #upgrades

Source: National Cyber Security – Produced By Gregory Evans

ATO #outages have slowed down #cyber security policy #upgrades

There are concerns the Australian Taxation Office (ATO) has more work to do on cyber security standards, with Commissioner of Taxation Chis Jordan telling Senate estimates last night sustained outages at the tax office may have slowed down plans for security policies.

On Wednesday a joint committee report into cybersecurity compliance in government departments highlighted the committee “is most concerned that the audit found that the ATO and [Department of Immigration and Border Protection] are still not compliant with the mandatory ‘Top Four’ mitigation strategies”.

The mitigation strategies, which are the top four of eight “essential” tools recommended by the Australian Signals Directorate for warding off cyber security threats, include restricting administrative privileges, using latest operating systems, patching systems and application whitelisting.

The ATO told the committee it would take until November to become compliant with the practices, but in a Senate estimates hearing on Wednesday evening Commissioner of Taxation Chris Jordan told the room there was a reason for the delay in the plan for cyber security: the sustained system outages that hit the office from December last year.

Jordan told Labor Senator Jenny McCallister the December outage “slowed down” progress on cyber security compliance.

The tax office has undertaken a comprehensive review of systems stability after system knockouts started playing havoc with clients after an initial major outage on December 11, 2016.

PricewaterhouseCoopers was engaged to conduct an external audit of ATO systems, which identified 14 key areas for improvement to ensure systems stability at the tax office for the long term. However, the focus of this was on how the ATO’s various portal systems interacted, rather than on cyber security priorities.

The accounting sector has previously told SmartCompany cyber security planning is not the only thing to be slowed down by the December outage. Finance professionals were expecting overhauls to a range of tax office portal systems in the near future, but the Institute of Public Accountants says these have been put on hold.

“Priority one, two and three is just maintaining a stable system. All of the system upgrades and moving to better platforms are all on hold,” the IPA’s general manager of technical policy Tony Greco told SmartCompany in June.

“The existing systems aren’t perfect, and we’re having to wait longer for new ones.”

According to the joint committee report, if Commonwealth entities were to all comply with the four most important strategies for cybersecurity, 85% of targeted cyber attacks could be prevented.

Overall, the committee noted that evidence provided about cyber security policies at government departments “from both submitters and witnesses [suggest] that compliance with the Top Four mitigation strategies is a minimum standard and does not necessarily equate to cyber resilience”.

In 2013, the government mandated the top four strategies for fighting cyber attacks and put a timeline in place to have all departments on board by June of 2014.

SmartCompany contacted the ATO for comment but did not receive a response prior to publication.

The post ATO #outages have slowed down #cyber security policy #upgrades appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Scammers are #conning homebuyers out of their down #payment

Source: National Cyber Security – Produced By Gregory Evans

Scammers are #conning homebuyers out of their down #payment
  • Scammers are going after homebuyers’ down payments in a growing version of “email access compromise.”
  • Because it’s the consumer authorizing the wire transfer, the usual protections don’t apply.
  • Experts say don’t trust emailed closing instructions. Call a number you know to be correct to confirm.


It’s a number Shannyn Allan knows by heart. That’s how much money she painstakingly saved for a 20 percent down payment and closing costs on her dream home — one with a claw-foot tub and enough room to run her fundraising group for dog rescues.

It was “the only house in San Antonio in our price range,” she said.

And it’s how much money the first-time homebuyer nearly lost this spring to an increasingly common scam.

“It was a nightmare every single day,” Allan said of the three-week ordeal. “I almost lost the house.”

Variations of so-called email access scams have become a $5.3 billion problem affecting businesses and consumers in all sectors, the FBI warned in a May public service announcement.

The bureau’s notice called out real estate transactions as a trending forum for the scam, targeting “all participants … including buyers, sellers, agents, and lawyers.” In particular, complaints to the FBI from victimized title companies jumped 480 percent in 2016.

“They’re tough numbers to digest because we do think they’re underreported,” said James Barnacle, chief of the FBI’s money laundering unit.

In some of the largest real estate cases, he said, losses have been “in the low millions.” But even smaller losses are significant.

“They’re people’s life savings,” Barnacle said.

Tactics for the scam vary, but thieves’ aim is the same: Compromise the computer or email account of a person or business involved in real estate to monitor upcoming transactions. That gives them an opportunity to impersonate that party and try to intercept funds.

“Scammers and hackers want to target you when you’re either scared out of your mind or extremely happy,” said Ryan O’Leary, vice president of the Threat Research Center at WhiteHat Security. “Real estate is the perfect one-two combo, and there’s a lot of money at stake.”

Elements of real estate transactions are becoming increasingly digital, giving would-be thieves plenty of opportunities, he said. Nor does it hurt that a home purchase is one of the few instances where a request to wire money won’t set off alarm bells for the consumer.

In Allan’s case, the thieves interceded just hours before the closing.

“They waited and they watched, like a damn gator in the water,” she said.

She was on her way to the bank when she got an email that appeared to be from her title company, with a change of wire transfer instructions. Suspicious, Allan reached out to her real estate agent — who, she says, simply apologized for the hassle.

Allan wired the money at 9:34 a.m. Central time.

By a lucky coincidence, the real title company reached out to Allan shortly after, to give her the final closing instructions and confirm the money would be wired.

“They were like, ‘You wired the money? Who did you wire it to?’” she said.

How to avoid real estate wire fraud

An educated homebuyer is the first line of defense, said Jessica Edgerton, associate counsel for the National Association of Realtors. No matter what security precautions other parties, such as your title company or real estate agent, have in place, ultimately you’re the one wiring the money.

“This is happening all the time,” she said. “Attempts are happening on a daily basis.

“Don’t dismiss this as an interesting news story and distance yourself thinking this is something that won’t happen to you,” Edgerton said.

Here’s how to avoid falling victim to this kind of scam:

1) Verify everything

When you’re buying a house, you expect to hear from your real estate agent, attorney and other parties in the transaction. So you’re naturally less suspicious of emails that appear to be from those people — which thieves take advantage of, said the FBI’s Barnacle.

Don’t assume any emailed instructions or account details are legit.

“You have to call, and you have to confirm,” Barnacle said. “Having some kind of redundancy and some kind of check in place is the number one way of avoiding being hit by these frauds.”

But don’t call the phone number in the email, he said. That may redirect you to the would-be thieves. Instead, call a number you know to be correct for say, that title agency or mortgage broker, based on a web search or previous interactions.

2) Be suspicious of changes

Last-minute changes to closing procedures are a red flag — especially requests that you change the payment method or send money to a different bank or account, said Doug Johnson, senior vice president and senior advisor of risk management policy for the American Bankers Association. Real estate closings are a “standard process,” he said, and it would be unusual for those details to change.

Again, verify any changes by calling the other parties involved.

“Trust your instincts on this kind of stuff,” Johnson said. “We tend to know when something smells a little fishy.”

3) Secure your emails

Given the risk of compromise, don’t send sensitive data such as bank account details or your Social Security number over email, Edgerton said. Use a secure file-transfer service to send documents required for that home purchase, or a secure client-access portal that the business (be it your title company, mortgage broker, etc.) has set up.

Be suspicious of communications that don’t follow whatever protocol has been set up — for example, a request that you email details that you’ve previously securely submitted via a portal.

4) Use good cybersecurity hygiene

This scam begins with thieves gaining access to the computer or email account of someone involved in the real estate transaction, said O’Leary — make sure that someone isn’t you.

Keep your antivirus software and operating system up to date, use unique, complex passwords and enable protections such as two-factor authentication where available. Don’t click on any suspicious links in emails, he said.

5) Pick a secure payment method

Ask about your options for paying the down payment and closing costs, said Allan, who blogs about personal finance at and now, after her experience, at You may be able to bring a paper certified check or cashier’s check to the closing or an agent’s office ahead of time, avoiding the possibility the funds end up in a fraudster’s hands.


If you fall prey to one of these scams, you’ll need to act immediately. The odds of recovering that stolen money aren’t in your favor.

Money sent via a wire transfer is quickly moved electronically from your bank to the recipient bank, and then into the payee’s account. You typically have only a tiny window for the banks to halt a transfer, or freeze the account before fast-moving thieves withdraw the funds. Once the money is out of that account, it’s gone.

Even if you spot and report the fraud within 24 hours, you might not get your money back, said Barnacle.

“I don’t want to set false expectations for consumers,” he said. “The chance of recovery here is slim.”

Because the consumer is the one to authorize the wire transfer, protections covering unauthorized financial transactions don’t apply. The banks will work with you, but you may bear some or all of the liability for lost funds, depending on the details and extent of the crime, said Johnson.

Allan’s almost immediate notice of the fraud was instrumental in recovering of her money because the bank was able to freeze the thief’s account. In the end, she lost just $430 — including $70 in wire transfer fees. She’s quick to point out she was extremely lucky.

“I feel like a magical unicorn, because this doesn’t happen,” she said.

Here’s how to take action if you fall prey to a scam:

Alert the banks. “Immediately call your bank or financial institution,” Johnson said. “They may still be able to call back the wire.” Alert the bank on the receiving end of the wire transfer, too. They can often work with your bank to halt the transfer or freeze the recipient’s account.

Call in law enforcement. File a local police report detailing what happened. Call your local FBI office and file a complaint with the FBI’s Internet Crime Complaint Center, too. “At the FBI level, we have briefed all of our 56 field offices and all of our resident agencies, and they are equipped to rapidly respond,” Barnacle said.

The post Scammers are #conning homebuyers out of their down #payment appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Scammers Stealing Down Payments By Hacking Real Estate Agents’ Email Accounts

Source: National Cyber Security – Produced By Gregory Evans

Buying a home is the biggest purchase most Americans will make during their lifetime. But now hackers have figured out how to steal the down payment, leaving the buyer without a new home and often wiping out their life savings. “The timing was impeccable, actually,” said Kristina Soloviena, a real…

The post Scammers Stealing Down Payments By Hacking Real Estate Agents’ Email Accounts appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Bug took Apple’s Developer website down amid hacking fears

Source: National Cyber Security – Produced By Gregory Evans

After several developers reported a possible security breach in Apple’s Developer website as their account addresses showed an address in Russia, Apple has said the problem originated owing to a bug in its account management application. According to a MacRumours report on Thursday, several developers reported that all of their…

The post Bug took Apple’s Developer website down amid hacking fears appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures


Source: National Cyber Security – Produced By Gregory Evans

SINCE TWO SECURITY researchers showed they could hijack a moving Jeep on a highway three years ago, both automakers and the cybersecurity industry have accepted that connected cars are as vulnerable to hacking as anything else linked to the internet. But one new car-hacking trick illustrates that while awareness helps,…

The post A DEEP FLAW IN YOUR CAR LETS HACKERS SHUT DOWN SAFETY FEATURES appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers looking to shut down factories for pay

Source: National Cyber Security – Produced By Gregory Evans

The malware entered the North Carolina transmission-manufacturing plant’s computer network by the way of email in August 2016, just as the criminals wanted, spreading like a virus and threatening to lock up the production line until the company paid a ransom. AW North Carolina stood to lose $270,000 in revenue,…

The post Hackers looking to shut down factories for pay appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Arrests in Spokane Public Schools are down, but racial disparities persist

To Purchase This Product/Services, Go To The Store Link Above Or Go To Spokane Public Schools has reduced the number of student arrests by 85 percent, with 99 students arrested in the 2016-17 school year compared to 806 students the year before, according to district data. But one thing…

The post Arrests in Spokane Public Schools are down, but racial disparities persist appeared first on

View full post on