now browsing by tag
Tinder, Hinge see spike in users during coronavirus, lockdowns | #tinder | #pof | romancescams | #scams
Match Group’s second quarter 2020 earnings report shows more people using online dating apps since COVID-19 hit. Match Group owns popular online dating apps including Tinder, OKCupid, Match, and Plenty […] View full post on National Cyber Security
#sextrafficking | North Texas Group Looks To Combat Increase In Sex Trafficking During Pandemic – CBS Dallas / Fort Worth | #tinder | #pof | #match | romancescams | #scams
_________________________ (CBSDFW.COM) – The pandemic has brought so many industries to an abrupt halt, but one that hasn’t slowed is sex trafficking. One local nonprofit working to combat it says […] View full post on National Cyber Security
Children’s Mobile Library provided books to children during COVID-19 shutdown | Decaturish | #covid19 | #kids | #childern | #parenting | #parenting | #kids
Decatur, GA — A community-based mobile library service that provided books for children during lockdown has come to an end this month. Georgia Hill, a garden designer and mother in […] View full post on National Cyber Security
Photo: File Photo / Hearst Connecticut Media
In response to the coronavirus and its impact on local communities, municipal leaders are making changes to their town hall schedules. Some remain open with signs on the door asking residents to consider their own health before entering; others are closed.
City Hall and its offices remain open, with a warning sign posted on the front entrance asking people to consider their health and the health of others before entering.
Residents can find information on all boards and commissions online at www.torringtonct.org/
The Sullivan Senior Center is closed, and all park and recreation activities are canceled or postponed. An Easter Egg Hunt, set for April 4, is “on hold.” Check the website for details.
The Torrington Historial Society also announced this week that it is closed. Residents can visit www.torringtonhistoricalsociety.org/ or call 860-482-8260.
Town Hall remains open with regular hours, including the town clerk, first selectman, assessor, finance office and tax collector. Residents are being asked to put off non-urgent business at Town Hall, or call ahead before they visit, at 860-567-7561.
Probate Judge Diane Blick said Friday that probate court operations in the Litchfield town hall and Canaan are continuing, but no passport applications will be processed until further notice. Anyone with questions can call the court in Litchfield at 860-567-8065 or in North Canaan at 860-824-7012.
The Litchfield Community Center, Oliver Wolcott Library, Litchfield Historical Society, public schools and the Forman School are closed. The recycling center is closed until March 21, and park and recreation programs are suspended.
“We are taking a proactive approach in dealing with this COVID-19 event and setting up our Community Emergency Response Volunteer Team in case we need to deploy,” said First Selectman Denise Raap in a statement. “I urge residents to check on their elderly neighbors via phone calls, social media messaging or email. In the meantime, we urge you to continue social distancing, to follow the guidance of CDC guidelines (www.cdc.gov) the CT State Dept of Public Health (portal.ct.gov/coronavirus) and will continue to work with Torrington Area Health.”
According to the town website, the Morris town hall, senior center and the library are closed until further notice.
New Hartford First Selectman Dan Jerram said this week that Town Hall and the public works department are open. The town garage is open to employees only. Residents are being asked to call Town Hall if they need help.
“If you have business that can be conducted by phone, email or snail mail … we prefer that method for now,” Jerram said, adding that residents can still come to town hall if necessary, but to keep their visits brief.
Jerram reminded residents that the senior center is closed “to protect our ‘at risk’ senior population,” he said, adding that all exercise classes and social programs are canceled until further notice. The senior van will be used to transport resident seniors to scheduled medical appointments only. All other social trips are canceled.
Jerram also said that board or commission meetings that are not required to meet to conduct business required by state statute are canceled until further notice, including the Commission on Aging, Conservation Commission, Economic Development Commission, Historic District Commission, Recreation Commission and the Open Space Preservation Commission. Boards required to meet, including the Board of Assessment Appeals, Board of Education, Board of Finance, Inland Wetland Commission, Planning & Zoning Commission, Water Pollution Control Authority (WPCA) and Zoning Board of Appeals, will be assessed case-by-case.
For more information, visit www.newhartfordct.gov/ or call 860-379-3389.
“We are going to post signs at Town Hall requesting that anyone with symptoms or who has returned from travel outside the U.S. in the previous 14 days not come into the building and that everyone use .
Purell (which we will have available) before engaging with Town Hall staff,” wrote First Selectman Don Stein, in a town website message.
The Board of Finance meeting, scheduled for March 17, will be moved to the Community Room. Stein said he is maintaining the spring budget hearing/meeting schedule, with a budget hearing on April 7 ,and town meeting May 5. These dates are subject to change.
The Barkhamsted Senior Center is closed for the next two weeks. A decision to remain closed or reopen the week of March 29 is pending.
The Highway Garage Community Room is closed for non-town functions until further notice.
Residents can always call Town Hall, 860-379-8285, email email@example.com, or visit www.barkhamsted.us/
Goshen First Selectman Robert Valentine sent a letter to residents Monday, outlining the town’s plans to keep the coronavirus in check.
Those who need building or land use permits or have business with the town clerk should visit the online application portal at www.goshenct.gov
“If you have documents that need to be filed, we ask that they be sent to the Town Clerk via FedEx UPS or USPS. For those needing hunting and fishing licenses please use the DEEP web site to purchase them,” Valentine said.
Board and commission meetings are moving to “electronic means” in the near future, Valentine said, either online or by a conference call, and all residents and members will be notified. “We’ll make sure that those interested in attending meetings are allowed to attend electronically and have the ability to see documents being discussed by boards and commissions,” he said.
The town hall is open for business, and residents are asked to limit their visits by going online or calling 860-491-2308 ext. 221 or administrative a ssistant Virginia Perry at ext. 228.
The Goshen Library is closed, and all recreation activities are canceled through March.
Town hall is closed to the public starting Tuesday, March 17. “Staff will be on hand to assist you in any way we can,” officials said. Call 860-868-7881 for assistance.
Land records can be found at https://www.searchiqs.com/ctwar/Login.aspx. Forms and applications are available on individual department pages. Anyone in need of assistance can call 860-868-7881.
Winsted is following a similar protocol, keeping town hall and the public works department open, and asking residents to limit their visits unless it’s urgent. Residents are asked to call ahead to make an appointment at 860-379-2713 or visit www.townofwinchester.org/
Board and commission meetings have been postponed. “All visitors are expected to maintain a “social distance” and may be asked to cleanse their hands. If you are sick, please stay home,” officials said in a statement online.
Recreation activities are canceled, and the senior center is also closed. The Senior Van is available to senior citizens for doctor appointments by calling 860-379-4252.
Refuse disposal center open
Regional Refuse Disposal District One, 31 New Hartford Road, Barkhamsted, which serves Barkhamsted, New Hartford and Winsted, is open and can be reached at 860-379-1972.
Residents are welcome to drop off trash and recyclables. Employees cannot help unload cars because they have been instructed to stay three feet away from others. “You will need to remove (trash) from your vehicle yourself and dispose of it properly. This includes televisions, air conditioners, appliances, garbage, etc.,” according to a statement.
RRDD1 also asked residents who have tested positive for coronavirus to put used paper products (tissues, paper towels) in a plastic bag and to place it in the facility’s trash compactor.
View full post on National Cyber Security
#cybersecurity | hacker | Election integrity preserved in fictitious city of Adversaria during Operation Blackout tabletop exercise
On a sunny day last week during RSA 2020, a group of
journalists huddled in a vault in the San Francisco Mint, plotting to wreak
havoc and sow doubt on Election Day in the fictitious city of Adversaria.
Despite taking over traffic cameras, the governor’s Facebook account, the mayor’s Twitter account, plotting cyberattacks, developing deepfakes and crafting social media-base disinformation campaigns the Red Team: Kill Organized Systems (K-OS) hacktivist group’s efforts were successfully spurned by a team of competent do-gooders on the Blue Team: Adversaria Task Force, who were also gathered in a vault in the mint.
It was all part of a tabletop exercise organized by
Cybereason, a mini version of the three-hour event the company typically runs in
cities around the world to alert law enforcement, government officials and
first responders – who typically populate the Blue Team – to the many ways
hackers can disrupt elections and prepare them to respond at whatever attacks
might come their way.
“Recent times have seen election tampering by special interest groups and foreign powers in the United States, Europe and Asia. With looming 2020 elections across the world the goal of Operation Blackout California was to examine and advance the organizational responsiveness of government entities to a hacking group’s attempts to undermine democratic institutions and systems of governance in the republic,” said Cybereason CSO Sam Curry, who led the Operation Blackout exercise. “Most election hacking discussions and exercises focus on the mechanics and minutiae of hacking election equipment or contaminating and violating the integrity of voter rolls. Cybereason’s exercise instead focused on everything else in the electoral system.”
The teams took five-minute turns, in which they were allowed
two actions and a development. Actions for the Red Team included gaining access
to city cameras, taking over social media accounts and news broadcasts while
development is a capability the team wants developed out during the course of the
exercise, such as the creation of a bot network to disseminate and amplify
disinformation. On the Blue Team, actions included assigning police officers to
a task; perhaps, deploying them to polling stations. The team’s development
might be spinning out a capability such as gaining assistance from a federal agency.
While the Red Team in the RSA exercise successfully created a troll network as well as disrupted traffic signals, made a plausible threat of a terrorist attack. Effectively used social media and developed deep fake videos showing voting machine malfunctions, the Blue Team countered along the way, shutting down construction sites, deploying police officers to polling stations and reclaiming social media. In the end, the White Team adjudicating the exercise, determined that the Blue Team won the day, thwarting the Red Team’s malicious efforts.
“Overall, the red team of hackers hijacked a news station and took control of other social media channels in the city, but the blue team of law enforcement officials was able to restore order. A press release was issued by the mayor and police chief dispelling fake news and disinformation,” said Curry. “While the red team did create some chaos, however, it wasn’t lasting damage and the blue team successfully defended the elections.”
View full post on National Cyber Security
Industrial control systems taken to pieces in ‘drama-filled’ live hacking event
The inaugural edition of Pwn2Own Miami closed its doors on Thursday (January 23), with organizers from Trend Micro’s Zero Day Initiative (ZDI) heralding the industrial control systems live hacking event a success.
Taking place as part of the S4 industrial security conference, Pwn2Own Miami took a similar format to ZDI’s established hacking contests in Vancouver and Tokyo, but with a specific focus on industrial control systems (ICS) instead of PCs or mobile devices.
Over the course of the three-day event, more than $250,000 in prizes were handed out, as hackers demonstrated a string of exploits that made short shrift of many leading ICS platforms that are used to run organizations within the manufacturing, heavy industry, and critical infrastructure sectors.
Among the highlights of Pwn2Own Miami, Steven Seeley and Chris Anastasio successfully demonstrated a denial-of-service (DoS) exploit against the Triangle Microworks SCADA Data Gateway.
The hackers went on to achieve remote code execution in both Inductive Automation’s Ignition platform and the Rockwell Automation Studio 5000 design software.
Pwn2Own Miami is the world’s first ICS-focused live hacking event
Operating under the ‘Incite Team’ banner, the pair netted a total of $50,000 and were crowned ‘Masters of Pwn’.
Discussing the reaction to the debut Pwn2Own Miami, Brian Gorenc, director of vulnerability research and head of Trend Micro’s ZDI program, told The Daily Swig: “It has definitely been a successful debut in the ICS world.
“We had tons of interest in the contest as the event approached, and it all played out on the contest floor. We have had over 10 successful entries, several partial wins, and a couple of failures. [It was a] very drama-filled event.”
He added: “Some of the most interesting entries involve the researchers chaining numerous vulnerabilities together to gain code execution. One of the teams chained five vulnerabilities together to gain code execution on an HMI target. Quite impressive!”
Looking ahead, Gorenc said ZDI would be looking to make more of an impact on the ICS space.
“[We] plan to continue to bring our unique brand of researcher engagement to this community,” he said.
“Vulnerabilities submitted in these targets will continue to be purchased through the ZDI program throughout the year. We hope the increased exposure with the ICS community will result in more submissions outside of Pwn2Own Miami.”
The team may have to wait a little while to advance their plans in the ICS sector, however, as preparations are already underway for the flagship Pwn2Own live hacking event, scheduled to take place in Canada in March.
“With just eight weeks between contests, the team will be hard at work to ensure the flagship contest is successful,” Gorenc said. “We look forward to seeing what research is demonstrated.”
Check out the ZDI blog for a full list of the exploits that were showcased during Pwn2Own Miami.
READ MORE Project Zero relaxes 90-day vulnerability disclosure deadline to boost patch adoption
View full post on National Cyber Security
Build cybersecurity due diligence processes into your M&A strategy to protect your organization against security risks
A merger or acquisition can introduce security risks, sometimes years after the transaction is finalized. In the case of Marriott International’s acquisition of Starwood Hotels & Resorts, it took two years for Marriott to discover that there had been unauthorized access to Starwood’s guest reservation database, with breaches occurring since 2014. The security breach exposed the personal information of 383 million customers and has cost Marriott $72 million to date, with additional costs expected.
During an M&A, ensuring that proper security procedures are in place often gets overlooked, as was the case in the Starwood acquisition. Adding cybersecurity risk assessment as part of your M&A due diligence is critical to protect your organization. Here are some steps to consider.
Leadership Support for Due Diligence During M&A
Support in the form of an organization-wide policy from senior management is critical when developing a cybersecurity due diligence program. Once the policy is approved, ensure that appropriate resources and budget are available for the program.
During the M&A process, leadership must emphasize to both organizations the importance of cybersecurity due diligence, making it clear this step must be completed before the close of the transaction.
Data mapping can help you identify data handling processes and controls that may need to be strengthened and/or opportunities to anonymize or delete sensitive data. Interviews and/or questionnaires can help you quickly identify how and where the target company processes, transmits and/or stores sensitive data (e.g. PII, credit card numbers, health information) and how that data is protected and regulated, depending on the industry. It’s important to understand how sensitive data comes in to the target company, moves throughout the company, and whether or not data is sent to third parties.
Cybersecurity Practices Questionnaire
Require the target company to complete a short questionnaire (ideally 50 questions or less) detailing their cybersecurity best practices. The Center for Internet Security’s Critical Security Controls (CIS CSC) is a good example. The questionnaire is a quick and effective way to discover how mature the target company’s cybersecurity practices are and whether there are major risks such as stored sensitive data not being encrypted. The questionnaire also gives you the chance to identify areas where you might need to follow up or dig more deeply.
Focus on critical cybersecurity controls such as encryption of stored sensitive data, system patching, privilege management and logging. Ask whether the target company has experienced any recent security breaches, if the company’s cybersecurity program is based on a best practices framework (e.g., CIS CSC, NIST, CSF) and to identify all third parties such as MSSPs that provide cybersecurity services.
If the target company has had a recent third-party assessment of their cybersecurity practices (e.g., SSAE18, PCI DSS), request the full assessment report and review it thoroughly. Such assessments are performed by third-party experts and their reports are full of useful information.
Develop a risk-scoring tool to quantify the target company’s level of cybersecurity risk (high, medium, low), per the results of their data mapping and cybersecurity questionnaire. A typical approach is to assign scores (1, 2, 3) to specific questionnaire responses and data mapping findings, then combine all the individual scores into an overall cybersecurity risk score.
Base the tool on the factors that are most important and relevant to your organization, such as how much sensitive data is stored at the target company, whether the company has had a recent security breach or whether it sends sensitive data to third parties, for example. The tool is an easy to use and effective way to communicate to your senior management the cybersecurity risk of the target company.
There’s an inherent risk with any M&A transaction and creating a merger and acquisition cybersecurity due diligence program requires time and effort. But in the long run, it’s a great way to reduce your cybersecurity risk, helping to minimize the chance of post-transaction security breaches.
The post #cybersecurity | #hackerspace |<p> Managing Risk During an M&A <p> appeared first on National Cyber Security.
View full post on National Cyber Security
Shopping online for your holiday gifts is incredibly convenient. Why stand in long lines at the mall, when you can find everything you need for your friends and family in your pajamas? The National Retail Federation reports that 59 percent of consumers shop online for the holidays. But you can also open yourself up to identity theft, scams and hacking.
Here are a few ways to keep your information safe.
1. Only shop on websites that have a reputation for being trustworthy with your financial information, like Amazon or Target.com. Moreover, it helps to track your credit score to ensure that you haven’t been hacked. Forty-five percent (45%) of people use a credit monitoring tool so that they have access to tools and resources they need to improve or protect their credit, according to the 2017 Capital One Credit Protection Survey.
2. Check the url of the website. Never put your credit card information online unless there is a padlock icon, and the url starts with “https”. This is called a secure sockets layer or SSL. “Use different passwords for different websites whenever possible, specifically ensuring your banking password is different for other merchants,” says Sarah Strauss, head of fraud and managing vice president, U.S. Card at Capital One
3. Track your credit report on a regular basis so you’ll know when something goes wrong. Thirty-six percent (36%) of people could be doing more to protect their credit, according to the same survey. “You can regularly monitor your credit with a free tool like CreditWise,” says Strauss. “Also, sign up for purchase notifications from your credit card company or bank so you know when your card is used.”
4. Avoid simple passwords. Have at least eight characters that include both upper and lowercase letters, numbers and symbols. Never use your date of birth, name, or any other personal information that a hacker can guess. “If your information is compromised, a fraudster can use that information to open new accounts, access existing accounts, and/or use stolen credit card numbers to make fraudulent purchases,” says Strauss. “One of the biggest risks to your credit score is if a fraudster opens an account in your name, and then defaults on the loan.”
In the worst case scenario, you still have the power to save your credit score. If you see that someone has stolen your identity, you can call one of the three major credit bureaus — Experian, Equifax or TransUnion — and do a credit freeze. This means that you cannot open any new cards under your own name. But the thief can’t, either.
“While your liability for credit card fraud is limited, the process to clean up the fraudulent information on your credit bureau can be time consuming,” says Strauss. “In a world where our information is increasingly digital, the best strategy for consumers is to be vigilant and regularly monitor your credit report and bank accounts to catch fraud quickly.”
View full post on National Cyber Security Ventures
It’s time to take advantage of all those holiday specials and spend all your hard-earned bitcoin — er, I mean money — buying gifts for friends, family and, of course, yourself. Many retailers, large and small, online and brick-and-mortar, run holiday promotions as early as September. Gone are the days of waiting until Black Friday or Cyber Monday to take advantage of sales and specials.
The bad guys will be shopping, too — just not for the same items you are. Instead, they will be shopping for your wallet.
It’s true that some cyber Grinches ramp up their malicious activities during the holiday season, perhaps in the form of holiday-specific spam, spear phishing or compromised sites. While increased vigilance is encouraged during this time, there are a number of cybersecurity tips and best practices consumers and retailers should follow throughout the year to help mitigate threats. Having the right controls and awareness in place before the holidays can go a long way during the busy shopping season.
For Retailers: Vigilance Encouraged Throughout the Year
Black Friday and Cyber Monday are heavy shopping days and are likely to remain so for the foreseeable future. However, IBM X-Force research conducted over the past few years revealed that there was no significant uptick in network attacks targeting X-Force-monitored retailers during the traditional holiday shopping period in late November. In fact, last year, the volume of attacks for those two days fell below the daily attack average for retailers.
However, now that the shopping extravaganza lasts for two or more months, it’s possible that this four-day window is too short of a time period to identify notable network attack trends.
So far in 2017, network attacks targeting retail networks were highest in Q2, with June being the most-targeted month. Attacks dropped notably beginning in August and have been steadily declining, with the volume of attacks monitored for October below the monthly average for the year.
Time to celebrate? Not necessarily. In 2016, we observed a notable surge in the volume of attacks targeting retailers in mid to late December. Additionally, malware compromises occurring earlier in the year that have gone undetected can wreak havoc once the busy season commences. In December 2016, a security researcher discovered that nearly 7,000 online stores running Magento shopping cart software were infected with data-stealing skimmer malware capable of logging credit cards and passwords and making them available to attackers as image files for exfiltration.
Furthermore, bad actors do not have to steal anything to wreak havoc on the retail industry. A distributed denial-of-service (DDoS) attack is enough to cost the sector millions. In fact, the average cost of DDoS attack for organizations across all industries rose to over $2.5 million in 2016.
Retailers are encouraged to monitor their networks with increased vigilance during this holiday season. Vulnerable point-of-sale (POS) systems, compromised websites, and targeted spam and phishing campaigns can be costly.
To help keep your security posture strong over this holiday shopping season and all year long, review and implement the recommendations outlined in the IBM report, “Security Trends in the Retail Industry.”
For Consumers: What Cybersecurity Tips Are Missing From Your Repertoire?
Many online consumers have improved their security awareness as media coverage and education opportunities have increased. However, below are a few cybersecurity tips that many consumers likely haven’t thought of.
Assess Convenience Versus Risk
Our digital interactions leave data trails. Finding the right balance between personalization and privacy is the consumer’s responsibility, not just the retailer’s. Many sites have the option to save your card data for future use. While this feature offers convenience to the consumer, the stored data can be stolen via SQL injection attacks or other database compromises — after all, there are billions of leaked records due to misconfigured servers. Always look for the green lock icon in the browser address bar to ensure a secure connection to websites.
Be Wary of Unsuspicious Emails
Criminals have gotten really good at devising phishing lures that are extremely difficult to recognize as fraudulent. Receive an attachment from someone that appears to be in your contact list? Call them to confirm. Order something online? Before clicking the “track package” link in the confirmation email, ensure that it is actually an item you purchased from the correct vendor.
Use Passphrases and Multifactor Authentication
Exercise strong password hygiene by choosing to use a long, easy-to-remember passphrase, such as “ipreferpassphrasesoverpasswords,” instead of complex passwords containing a combination of letters, numbers and special characters. Unfortunately, this is not always an option since many websites now require a password that contains this combination. Use different passphrases for each site. If this seems too daunting, use a password manager. Rather than managing dozens of passphrases on your own, you’ll just have to remember the one key to your digital vault.
Always opt for multifactor authentication when available, and figure out which option is the most secure when choosing a real-time short message service (SMS) text message, an email message or an automated phone call.
Get Creative With Security Questions
When setting up new accounts, opt for security and password reset questions that aren’t public to make it harder for fraudsters to get their hands on your information. For example, don’t use your mother’s maiden name, which could be easily found online. Even answers to opinion-based questions, such as favorite movie, food, etc., can be found on social media. For increased security, lie about your answers or use passphrases as the answers.
By now, you have most likely heard of skimmers being placed on the card readers at gas stations and bank ATMs. A skimmer is a hidden device placed inside the mouth of a payment card reader that is designed to copy your card data for criminals to user later. But what about in-store POS systems? Be on the lookout for suspicious-looking card swiping terminals that could be skimmers, or cash register attendants who seem to swipe your card on two different readers. Maintain this vigilance not only during the holiday season, but all the time, especially if you travel to other countries.
Know Your Card Security Features
Banks and credit card companies have implemented some great security features, such as being able to set limits on the number of times the card can be used within an hour or on the amount that can be spent on one purchase. However, if you’re unaware of these limits for your personal accounts or your phone number is not up to date in your bank profile, you may end up with a declined card.
Cover Your Card
Is the person in line behind you taking a selfie, or is he or she taking a picture of your card as you make a purchase? By obtaining the credit card number, name, expiration date and the card security code or card verification value on the back, an attacker may be able to use the information to make online purchases.
Keep Your Guard Up Year-Round
The holiday season is a great time to take stock of the past year while relaxing and spending time with loved ones, but it’s no time to let your guard down, especially given the increasing sophistication of cybercriminal tactics targeting holiday shoppers and sellers alike. We encourage retailers and consumers to follow best practices not only this holiday season, but also all year long to help mitigate attacks and compromise.
View full post on National Cyber Security Ventures
After an onslaught of hacking, breaches and malware this year, and the resultant waves of publicity, National Cybersecurity Awareness Month should be a bit anticlimactic. But for some people, the message never gets old. One of the organizations most aware of cyberthreats and most active in countering them is CIS,…
The post During Cybersecurity Awareness Month, Experts Say Too Many Remain Unaware of Threats appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures