each

now browsing by tag

 
 

How COVID-19 case rates will affect each Minnesota school district’s reopening plan | #coronavirus | #kids. | #children | #parenting | #parenting | #kids

Minnesota’s guidelines for how public schools can operate during the upcoming school year, which were announced Thursday, can be summed up in two words: it’s complicated. The ultimate decision about […] View full post on National Cyber Security

#infosec | Microsoft Detects 77,000 Web Shells Each Month

Source: National Cyber Security – Produced By Gregory Evans

Microsoft has warned that inadequate security on web applications and internet-facing servers is allowing hackers to use web shells in their tens of thousands each month to launch attacks.

Web shells are pieces of malicious code typically implanted onto web servers to execute commands, steal data and help hackers launch additional raids on the victim organization, such as watering hole attacks.

Microsoft claimed in a new blog this week that thanks to poor IT security hygiene, the use of these tools is rocketing: the tech giant detects around 77,000 each month on an average of 46,000 machines.

“Aside from exploiting vulnerabilities in web applications or web servers, attackers take advantage of other weaknesses in internet-facing servers. These include the lack of the latest security updates, anti-virus tools, network protection, proper security configuration and informed security monitoring,” it continued.

“Interestingly, we observed that attacks usually occur on weekends or during off-hours, when attacks are likely not immediately spotted and responded to.”

Multi-layered protection is needed to mitigate the threat of web shells, beginning with gaining visibility into internet-facing servers by monitoring web application directories for web script file writes, the firm advised.

Regular audits of web server logs, prompt patching, intrusion prevention to stop C&C communications, limiting privileged accounts and closing non-standard ports can also help, said Microsoft.

Ilia Kolochenko, founder & CEO of web security company ImmuniWeb, explained that web shells have existed for over a decade and are often automated by hackers, but finding them should not be difficult.

“Usually, once a web shell is uploaded, it is fairly simple to root the server by exploiting unpatched vulnerabilities or its insecure configuration,” he added.

“Detection of web shells is a fairly routine operation, moreover, such attacks are usually attributable to junior hackers unskilled or careless enough to upload a web shell without obfuscation and proper removal after backdooring the server.”

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | Microsoft Detects 77,000 Web Shells Each Month appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | US Could Appoint a Cybersecurity Leader for Each State

Source: National Cyber Security – Produced By Gregory Evans

The USA is considering legislation that would protect local governments by requiring the appointment of a cybersecurity leader for each state.

Backers of the Cybersecurity State Coordinator Act of 2020 say the proposed law will improve intelligence sharing between state and federal governments and speed up incident response times in the event of a cyber-attack.

Under the legislation, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency would be tasked with appointing an employee of the agency in each state to serve as cybersecurity state coordinator. 

Money to create these positions would come from the federal government, which would be required to ring-fence the necessary funding. 

The role of each state coordinator would be multifaceted, combining elements of training, advisory work, and program development.

Each leader would serve as a principal federal cybersecurity risk advisor, coordinating efforts to prepare for, respond to, and remediate cyber-attacks. Another core responsibility would be to raise awareness of the financial, technical, and operational resources available to nonfederal entities from the federal government.

Coordinators would be expected to support training, exercises, and planning for continuity of operations to expedite as swift a recovery as possible from cybersecurity incidents. Furthermore, they would be called on to assist nonfederal entities in developing and coordinating vulnerability disclosure programs consistent with federal and information security industry standards.

“State, local, Tribal, and territorial entities face a growing threat from advanced persistent threat actors, hostile nation states, criminal groups, and other malicious cyber actors,” reads the bill. “There is an urgent need for greater engagement and expertise from the Federal Government to help these entities build their resilience and defenses.”

The bill, which has attracted bi-partisan support, was introduced by Senators Maggie Hassan and Gary Peters and is co-sponsored by senators John Cornyn of Texas and Rob Portman of Ohio.

Portman said: “This bipartisan bill, which creates a cybersecurity state coordinator position, would help bolster state and local governments’ cybersecurity by facilitating their relationship with the federal government to ensure they know what preventative resources are available to them as well as who to turn to if an attack occurs.”

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | US Could Appoint a Cybersecurity Leader for Each State appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Airbnb Will Now Verify Each Listing After Vice Uncovered A Scam

Source: National Cyber Security – Produced By Gregory Evans

Airbnb is having one hell of a week. A few days after the company announced a ban on party houses following a tragic shooting on Halloween that left five people dead, the short-term rental platform continues the damage control tour, this time in response to a nationwide scam involving fake listings. Now the company will seek to reauthenticate all seven million listings on Airbnb to ensure they are accurately advertised and meet the company’s standards, the most significant redesign since the brand first started in 2008.

Allie Conti, in a report published by Vice, experienced first-hand an extensive and quite complicated Airbnb scam that left her, and others using the platform, out of a significant amount of money and forced to relocate to expensive hotels on short notice.

Here’s the long and short of it: Minutes before Conti was set to check-in to an apartment she rented on the platform she received a call from the host alerting her that sudden plumbing issues made it so that staying at the listing would be impossible. Luckily, the host had another listing she could stay at that was bigger and wouldn’t cost her anything extra. Unfortunately, the house ended up being a flophouse with a hole punched wall, eerily arranged furniture, and a few other gritty elements that prompted Conti to check-in to a nearby hotel. But because she’d agreed to the change of venue and stayed for a night, she was only able to recoup just $399 of the $1,221.20 she spent.

After Conti returned home, she went over the events surrounding her loss and started to see the red flags surrounding the situation. With some digging, she uncovered a deep web of deception that involves fake companies, fake names, stock photos, and intimidation — the whole thing is a fascinating and disturbing read. In response to the controversies, Airbnb CEO and co-founder Brian Chesky wrote in a company email sent out on November 6th, “Starting now, verification of all seven million listings on Airbnb will commence… We believe that trust on the Internet begins with verifying the accuracy of the information on Internet platforms, and we believe that this is an important step for our industry.”

It’s a process Chesky hopes the company can get done by December 15th, 2020, and he laid out a four-part plan that begins with re-verification and includes a new guest guarantee that provides a full refund for any listing that doesn’t meet accuracy standards, a 24/7 rapid response team that can address any listing at any time, and stricter standards for “high-risk” listings that can lead to unauthorized partying.

In the company email, Chesky also said “Today, we are making the most significant steps in designing trust on our platform since our original design in 2008.” With 12 years under its belt, Airbnb was well overdue for an overhaul as the platform is no stranger to scams — there’s even a website dedicated to Airbnb scams and horror stories. Scary as the prospect of being caught up in a scam is, these sweeping changes to Airbnb’s platform are only a good thing for all potential travelers.

Source link
——————————————————————————————————

The post #deepweb | <p> Airbnb Will Now Verify Each Listing After Vice Uncovered A Scam <p> appeared first on National Cyber Security.

View full post on National Cyber Security

The #shocking #trend of people #breaking into each others’ #social media #accounts

Source: National Cyber Security – Produced By Gregory Evans

The #shocking #trend of people #breaking into each others’ #social media #accounts

Spouses hack each others’ Facebook messages, parents track their offspring’s cellphone movements and lovers crack lovers’ private messages.

To most of us, EFF leader Julius Malema’s recent claim that his e-mail account was attacked by government backed hackers left a bit of a Spy vs Spy taste in the mouth.

Particularly after SA Communist Party bigwig Solly Mapaila made the same claim two days later.

But I don’t think it is so farfetched that politicians’ confidential correspondence can be targeted by cyber attackers. Just ask Hillary Clinton.

The shocking trend, however, is that ordinary citizens are breaking into each others’ social media accounts left, right and centre.

It is those closest to people who break into their personal accounts and spy on their correspondence.

Spouses hack each others’ Facebook messages, parents track their offspring’s cellphone movements and lovers crack lovers’ private messages behind their naked backs.

The worst of all is that you don’t have to be a Russian hacker or cyber geek to breach somebody’s social media. People don’t need coding skills.

If you have the skills to use Twitter, you can hack Twitter. What about WhatsApp’s encoded message technology? Even a rookie hacker can choose from a variety of techniques to break into the messaging service account.

The most popular seems to be software which allows a hacker in after just a few minutes with the target’s phone, such as Copy9 and a host of others.

Or he doesn’t even have to touch your phone – sniffer software allows him to hack your WhatsApp account from a distance if you’re on the same WiFi network. And Facebook? The classical techniques are rather unrefined, because it locks the user out of his or her account, which means the hacking attempt will be noticed.

More stealthily, though, are software or hardware keyloggers, which records every keystroke the user makes on a computer including passwords.

Or the hacker can use software such as FaceGeek or Spyzie or Hyper Cracker. And Twitter? Software such as Twitterhacker is abundant.

Of course it is completely illegal to hack someone’s social media account under the Electronic Communications Act. You can even go to jail for it.

Perhaps our modern world needs more than laws.

The post The #shocking #trend of people #breaking into each others’ #social media #accounts appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

State-sponsored hackers turn on each other

Source: National Cyber Security – Produced By Gregory Evans

Researchers have revealed that nation-state hacking groups are not only dedicated to striking targets issued to them, but also to fighting each other. On Wednesday, Kaspersky Labs researchers presented their findings at the Virus Bulletin conference in Woburn, MA, claiming that sophisticated threat actors are proactively targeting other groups in…

The post State-sponsored hackers turn on each other appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybercrime is costing each business a whopping $11.7M a year, report says

Source: National Cyber Security – Produced By Gregory Evans

The cost of cybercrime has risen 62% over the past five years, costing each organization some $11.7 million per year, according to a joint report from Accenture and the Ponemon Institute report released Tuesday. The Cost of Cyber Crime Study, announced in a joint press release, was built on the survey…

The post Cybercrime is costing each business a whopping $11.7M a year, report says appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

NATO Says Hackers Attack the Alliance 500 Times Each Month

Source: National Cyber Security – Produced By Gregory Evans

NATO Says Hackers Attack the Alliance 500 Times Each Month

NATO has become a target for more hackers worldwide, a spokesperson for the military alliance said this week, revealing that an average of 500 attacks are recorded every month. The organization recorded an increase of approximately 60 percent in the …

The post NATO Says Hackers Attack the Alliance 500 Times Each Month appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Drama on the Underground Hacking Scene as Black Hats Hack Each Other

drama-on-the-underground-hacking-scene-as-black-hats-hack-each-other-508910-2

Source: National Cyber Security – Produced By Gregory Evans

Drama on the Underground Hacking Scene as Black Hats Hack Each Other

The black hat hacker known as Peace, or Peace_of_Mind, has breached and defaced one of its rival’s websites over the weekend following several incidents that can be categorized as “hacker drama.”
Both hackers are quite notorious on underground hacking forums,

The post Drama on the Underground Hacking Scene as Black Hats Hack Each Other appeared first on National Cyber Security.

View full post on National Cyber Security

When Hackers Hack Each Other—A Staged Affair in the French Underground?

feature_deepweb

Source: National Cyber Security – Produced By Gregory Evans

When Hackers Hack Each Other—A Staged Affair in the French Underground?

This past July, we published a blog post on a new illegal gambling system known as “French Dark Bets (FDB).” FDB is run and hosted by one of the biggest French underground marketplace, the French Dark Net (FDN). This betting

The post When Hackers Hack Each Other—A Staged Affair in the French Underground? appeared first on National Cyber Security.

View full post on National Cyber Security