help
now browsing by tag
#nationalcybersecuritymonth | IRS Publishes Guidance to Help Taxpayers Fight Identity Theft
Source: National Cyber Security – Produced By Gregory Evans
Security Summit partners including the Internal Revenue Service (IRS), the US tax industry, and several state tax agencies published security guidance and updated content to highlight identity theft precautions to be taken during the incoming holiday shopping season.
Individual and business taxpayers, as well as tax professionals, are advised to boost their security defenses against potential identity theft attempts that will soon surface during the holidays.
“While people are shopping online, identity thieves are trying to shoplift their sensitive information. As the holiday season and tax season approach, everyone should remember to take basic steps to protect themselves,” IRS Commissioner Chuck Rettig said.
“The Security Summit has made progress in fighting back against tax-related identity theft, but we need people to watch out for common scams that can put their financial and tax data at risk.”
Identity theft safeguards and protection measures
The US tax collection agency provides businesses with an updated ‘Security Awareness For Taxpayers’ PDF document during this month’s National Tax Security Awareness Week, ready to share with employees, clients, and customers
The Security Summit members also recommend taking the following measures to protect personal and financial information online:
• Use security software for computers and mobile phones – and keep it updated.
• Protect personal information; don’t hand it out to just anyone.
• Use strong and unique passwords for all accounts.
• Use two-factor authentication whenever possible.
• Shop only secure websites; Look for the “https” in web addresses; avoid shopping on unsecured and public WiFi in places like shopping malls.
• Routinely back up files on computers and mobile phones.
As part of the Tax Security Awareness Week, the IRS will also provide basic steps for easily recognizing email and phone scams, detecting identity theft attempts, and creating strong passwords for online accounts.
Videos with Easy Steps to Protect Your Computer and Phone and on how to Avoid Phishing Emails are also provided by the IRS and its Summit partners with additional information for taxpayers on how to augment their security.
Security plans and malware warnings
In July, the IRS issued a joint news release with the Security Summit partners to remind professional tax preparers of their obligation to have a data security plan in place with appropriate safeguards to protect sensitive taxpayer information from data theft attacks.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) also provides a Safeguarding Your Data Security Tip issued through the National Cyber Awareness System.
One month later, an IRS warning alerted taxpayers and tax professionals of an active IRS impersonation scam campaign that used spam emails to deliver malicious payloads.
The security guidance the IRS will share during the National Tax Security Awareness Week is designed to help both taxpayers and tax pros to defend against attacks such as those that are targeting the tax season with realistic phishing emails bundling malicious attachments.
Attackers are also known to use phone scams as observed in 2016 when they posed as IRS representants and asked their targets to extinguish outstanding debts of thousands of dollars via gift card payments.
The post #nationalcybersecuritymonth | IRS Publishes Guidance to Help Taxpayers Fight Identity Theft appeared first on National Cyber Security.
View full post on National Cyber Security
#cybersecurity | #hackerspace | Fortress Information Security Strives to Help Protect Critical Infrastructure
Source: National Cyber Security – Produced By Gregory Evans
The agencies and businesses that make up the backbone of our critical infrastructure have a larger bullseye on their backs than an average company. When it comes to the electric utility providers that manage the power grid, the exposure to risk is exacerbated by the fact that much of the equipment, software, and services come from a limited set of vendors. Fortress Information Security just launched the Asset to Vendor (A2V) Network to mitigate these risks and improve the security posture of the power grid.
The Federal Energy Regulatory Commission (FERC) recognizes the unique threats posed to the power grid and understands that it’s crucial to address these challenges and protect the critical infrastructure. FERC has issued requirements for standardized risk assessments and mandated that electric utility providers prioritize supply chain vendors based on their relative risk. The problem is that many of the 3,000 or so electric providers are small, regional companies that don’t have the budget or resources to do this effectively on their own.
The A2V Network was launched as a joint venture between Fortress and AEP (American Electric Power) to address this challenge and help all electric utility companies collaborate to comply with the FERC regulations and improve protection of the critical infrastructure more efficiently and effectively. Organizations that join the A2V Network will be able to purchase completed vendor assessments for significantly less than it would cost them to conduct a redundant assessment of their own, and participating companies can also contribute completed assessments to build out the A2V Network library.
Reluctance to Share
I had an opportunity to chat with Alex Santos, CEO of Fortress, about the A2V Network and some of the challenges it addresses. He described the supply chain like streets in a community. Just as each person is responsible of their own home and property, but share the roads and pay taxes to share the burden and ensure the roads are taken care of, each company is responsible for itself, but they share risk exposure from the supply chain and it makes sense to collaborate and share the burden to mitigate the risk and secure the critical infrastructure.
I asked Santos for his thoughts on why businesses in general—not just electric power providers—seem so reluctant to engage in this sort of sharing and collaborative effort. The two main issues, according to Santos are that some information is very proprietary, and some information is not very good. Companies want to maintain the privacy of intellectual property and sensitive information. In some cases, there is a competitive advantage associated and sharing it is just bad for business. In other instances, organizations are reluctant to engage in sharing information because what they receive is not useful. If the information is not properly vetted and curated to ensure it is correct and relevant, it creates more problems than it solves.
Santos explained that the A2V Network strives to address both of those challenges. The A2V Network takes information about supply chain risk assessments and provides a platform to easily share it while anonymizing it and protecting the privacy of proprietary data. Part of what the A2V Network also does is to validate the information and make it actionable.
Gaining Momentum
Santos was especially grateful for having AEP as a partner for the launch of the A2V Network. He noted that even though there are 3,000 electric utility providers, only about 150 of those are large enough to be regulated by the North American Electric Reliability Corporation (NERC)—and that the top 15 largest deliver power for 75% of consumers. That leaves nearly 2,900 companies that must comply with the FERC regulation but lack the resources to do it effectively on their own.
He said that having AEP on board is huge because any new movement or initiative requires a first big company to get the ball rolling. AEP showed leadership in taking that initiative and having a company with the size and prestige of AEP involved creates a snowball effect that will entice other electric utility providers to jump on board.
The more companies get involved, the more momentum the A2V Network will have and the greater value it will provide to every participating organization. That, in turn, will attract more companies. It becomes a self-feeding cycle of momentum that will ultimately lead to a more secure critical infrastructure.
The post #cybersecurity | #hackerspace |<p> Fortress Information Security Strives to Help Protect Critical Infrastructure <p> appeared first on National Cyber Security.
View full post on National Cyber Security
Cybersecurity #policymaking is #out of #focus. Bureaucracy #hackers can #help.
Source: National Cyber Security News
The cybersecurity industry is in desperate need of more “bureaucracy hackers” — individuals within federal and state governments who are authorities on the intricacies of policy creation and the nature of today’s rapidly-evolving technology and threat landscapes.
To understand why, look no further than Georgia State Bill 315: Introduced in the Georgia state senate earlier this month, the bill has the entire cybersecurity community shaking its head in disbelief. In short, the bill is modeled after the highly-controversial Computer Fraud and Abuse Act, which makes accessing a network or computer without authorization illegal – even if there is no theft or damage. While many parts of the U.S. government are advancing cybersecurity by adopting industry’s best practices, such as allowing security researchers to identify and disclose vulnerabilities that make us all safer, Georgia is closing the door to these folks.
Sen. Mark Warner’s IOT Improvement Act is another clear example: Drafted and supported by a bipartisan group of senators, the bill aims to protect increasingly “connected” citizens and their homes by introducing a baseline security standard for all internet-connected devices.
In principle, this is exactly the type of legislative action we want to see from lawmakers.
View full post on National Cyber Security Ventures
5 #Reasons Why a #Credit Freeze Isn’t Enough to Help Protect #Against #Identity Theft
Source: National Cyber Security News
When a data breach happens, it’d be great if you could simply prevent identity theft with a credit freeze. The truth is, nothing can prevent identity theft, although there are things you can do to help protect against it.
Still, with identity thieves taking aim at everything from tax refunds to bank accounts, it’s worth asking the question: “Is a credit freeze a good idea?
It can be. But it may not be enough. Here’s why.
When your personal information is exposed in a data breach, you could face a greater chance of becoming a victim of identity theft. More of your information could be out there. And if it is, it might be for sale on the dark web for criminals to acquire.
Consider this statistic: You are 11 times more likely to be a victim of identity fraud if you are notified of a breach. That’s according to the 2017 Identity Theft Study by Javelin Strategy & Research.
No one wants their personal information stolen in a data breach. But if it happens to you, you’ll probably want to do whatever you can to help protect yourself against identity theft.
Read More….
View full post on National Cyber Security Ventures
Cyber Security #breakfasts to help #businesses deal with #security #threats
Source: National Cyber Security – Produced By Gregory Evans
Cyber security is to come under the spotlight as police demonstrate a live hack to encourage businesses to protect themselves.
The safety of the online world is a hot topic with threats from hackers, criminals, activists, terrorists and even disgruntled employees who target vulnerable firms.
Now the North East Cyber Crime Unit (NERSOU) has teamed up with local police forces to host ‘cyber breakfasts’ in a bid to urge businesses to protect themselves against the growing menace of cyber-crime.
Detective Sergeant Martin Wilson from NERSOU, said: “North East businesses are underprepared when it comes to cyber threats, with many having no contingency plans in place for a crisis.
“Whilst it is easy enough to recognise an insecure window or an unlocked door, it is not always as easy to spot that your computer system has been compromised.
“The purpose of these breakfasts is simple, we want to show businesses how they can be vulnerable to a cyber-attack by demonstrating a live hack with the help of Waterstons, an IT consultancy based in Durham.
“This may all sound like doom and gloom but it is not, we can give you the support to defend against these hacks and are offering a free vulnerability assessment service, which can give you an overview of your ICT weaknesses so you can fix them before cyber criminals find them.”
The free events will take place across the region in Durham City, Darlington and Barnard Castle and it will be a chance for businesses to speak to experts in cyber-crime and enable organisations in the North East to come together to share their experiences and learn from best practice.
“Cyber-crime has been on people’s radars for a while now but it is still an evolving global threat and attacks are incredibly disruptive. It is a growing part of the workload of policing in UK,” said DS Wilson whose team has recently expanded to deal with these type of crimes.
“We are a dedicated team of detectives here to protect businesses and members of the public,” he added.
The post Cyber Security #breakfasts to help #businesses deal with #security #threats appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Wall #Street Teams Up to Help Save #Client Data in #Cyber Attack
On Wall Street, backing up data now comes with a code name.
Nearly three dozen banks are leading a group called Sheltered Harbor that’s designed to protect consumers’ access to their data in the event a financial institution is hacked. Banks, credit unions and brokerages representing 400 million accounts — or 70 percent of U.S. retail accounts and 60 percent of U.S. brokerage accounts — have signed up to be part of the effort, which went live earlier this year.
Sheltered Harbor requires members to encrypt their customer account data and store it in a vault that is both survivable and accessible in case of a cybersecurity incident, according to the group’s website. If a breach does occur, the affected bank must retrieve and transmit its data to another financial institution, which can load it onto its core platform. That way customers of the hacked bank can still access their account information.
“The focus is on really trying to protect the consumers’ access to their assets,” Steve Silberstein, chief executive officer of Sheltered Harbor, said in a telephone interview. “We have to continue to make the system safer, and it continues to require some amount of sharing and some amount of cooperation to do that.”
For large global banks, it costs $50,000 to participate in Sheltered Harbor, which helps the firms coordinate responses to a cyber attack. For everyone else, fees are based on the amount of assets each one has and can range from $250 to $25,000, according to the group’s website.
The group was formed in November 2016 and its recent progress was reported Sunday by The Wall Street Journal.
Hamilton Series
Sheltered Harbor is a subsidiary of the Financial Services Information Sharing and Analysis Center — or FS-ISAC. Phil Venables, chief operational risk officer at Goldman Sachs Group Inc., and James Rosenthal, former chief operating officer at Morgan Stanley, are co-chairs of the project, according to a press release from FS-ISAC.
The group was formed after banks participated in an exercise in 2015 that was run by FS-ISAC and the U.S. Treasury Department called the Hamilton Series. The exercise exposed how data breaches could hurt consumer confidence in the financial system, even if the incident occurred at a regional or community bank.
Sheltered Harbor does not hold any of the bank account data. Instead, it has created the standards for joining the group and monitors banks’ adherence to those standards, said Silberstein, who was previously the chief technology officer at Sungard Data Systems Inc.
View full post on National Cyber Security Ventures
National #cybersecurity #strategy can help #Ireland cement its place as an #infosec #hub within #Europe
Source: National Cyber Security – Produced By Gregory Evans Something interesting has happened in the past year: the term ‘cybersecurity’ has finally entered the mainstream. Due to a period of global instability and numerous cyberattacks by actors eager to take advantage of the uncertainty wrought by Brexit and Trump, the issue of cybersecurity has never […]
View full post on AmIHackerProof.com | Can You Be Hacked?
Cybersecurity #Tips to Help #Retailers and #Consumers Stay #Secure During the #Holiday Season
Source: National Cyber Security – Produced By Gregory Evans
It’s time to take advantage of all those holiday specials and spend all your hard-earned bitcoin — er, I mean money — buying gifts for friends, family and, of course, yourself. Many retailers, large and small, online and brick-and-mortar, run holiday promotions as early as September. Gone are the days of waiting until Black Friday or Cyber Monday to take advantage of sales and specials.
The bad guys will be shopping, too — just not for the same items you are. Instead, they will be shopping for your wallet.
It’s true that some cyber Grinches ramp up their malicious activities during the holiday season, perhaps in the form of holiday-specific spam, spear phishing or compromised sites. While increased vigilance is encouraged during this time, there are a number of cybersecurity tips and best practices consumers and retailers should follow throughout the year to help mitigate threats. Having the right controls and awareness in place before the holidays can go a long way during the busy shopping season.
For Retailers: Vigilance Encouraged Throughout the Year
Black Friday and Cyber Monday are heavy shopping days and are likely to remain so for the foreseeable future. However, IBM X-Force research conducted over the past few years revealed that there was no significant uptick in network attacks targeting X-Force-monitored retailers during the traditional holiday shopping period in late November. In fact, last year, the volume of attacks for those two days fell below the daily attack average for retailers.
However, now that the shopping extravaganza lasts for two or more months, it’s possible that this four-day window is too short of a time period to identify notable network attack trends.
So far in 2017, network attacks targeting retail networks were highest in Q2, with June being the most-targeted month. Attacks dropped notably beginning in August and have been steadily declining, with the volume of attacks monitored for October below the monthly average for the year.
Time to celebrate? Not necessarily. In 2016, we observed a notable surge in the volume of attacks targeting retailers in mid to late December. Additionally, malware compromises occurring earlier in the year that have gone undetected can wreak havoc once the busy season commences. In December 2016, a security researcher discovered that nearly 7,000 online stores running Magento shopping cart software were infected with data-stealing skimmer malware capable of logging credit cards and passwords and making them available to attackers as image files for exfiltration.
Furthermore, bad actors do not have to steal anything to wreak havoc on the retail industry. A distributed denial-of-service (DDoS) attack is enough to cost the sector millions. In fact, the average cost of DDoS attack for organizations across all industries rose to over $2.5 million in 2016.
Retailers are encouraged to monitor their networks with increased vigilance during this holiday season. Vulnerable point-of-sale (POS) systems, compromised websites, and targeted spam and phishing campaigns can be costly.
To help keep your security posture strong over this holiday shopping season and all year long, review and implement the recommendations outlined in the IBM report, “Security Trends in the Retail Industry.”
For Consumers: What Cybersecurity Tips Are Missing From Your Repertoire?
Many online consumers have improved their security awareness as media coverage and education opportunities have increased. However, below are a few cybersecurity tips that many consumers likely haven’t thought of.
Assess Convenience Versus Risk
Our digital interactions leave data trails. Finding the right balance between personalization and privacy is the consumer’s responsibility, not just the retailer’s. Many sites have the option to save your card data for future use. While this feature offers convenience to the consumer, the stored data can be stolen via SQL injection attacks or other database compromises — after all, there are billions of leaked records due to misconfigured servers. Always look for the green lock icon in the browser address bar to ensure a secure connection to websites.
Be Wary of Unsuspicious Emails
Criminals have gotten really good at devising phishing lures that are extremely difficult to recognize as fraudulent. Receive an attachment from someone that appears to be in your contact list? Call them to confirm. Order something online? Before clicking the “track package” link in the confirmation email, ensure that it is actually an item you purchased from the correct vendor.
Use Passphrases and Multifactor Authentication
Exercise strong password hygiene by choosing to use a long, easy-to-remember passphrase, such as “ipreferpassphrasesoverpasswords,” instead of complex passwords containing a combination of letters, numbers and special characters. Unfortunately, this is not always an option since many websites now require a password that contains this combination. Use different passphrases for each site. If this seems too daunting, use a password manager. Rather than managing dozens of passphrases on your own, you’ll just have to remember the one key to your digital vault.
Always opt for multifactor authentication when available, and figure out which option is the most secure when choosing a real-time short message service (SMS) text message, an email message or an automated phone call.
Get Creative With Security Questions
When setting up new accounts, opt for security and password reset questions that aren’t public to make it harder for fraudsters to get their hands on your information. For example, don’t use your mother’s maiden name, which could be easily found online. Even answers to opinion-based questions, such as favorite movie, food, etc., can be found on social media. For increased security, lie about your answers or use passphrases as the answers.
Skimmers Abound
By now, you have most likely heard of skimmers being placed on the card readers at gas stations and bank ATMs. A skimmer is a hidden device placed inside the mouth of a payment card reader that is designed to copy your card data for criminals to user later. But what about in-store POS systems? Be on the lookout for suspicious-looking card swiping terminals that could be skimmers, or cash register attendants who seem to swipe your card on two different readers. Maintain this vigilance not only during the holiday season, but all the time, especially if you travel to other countries.
Know Your Card Security Features
Banks and credit card companies have implemented some great security features, such as being able to set limits on the number of times the card can be used within an hour or on the amount that can be spent on one purchase. However, if you’re unaware of these limits for your personal accounts or your phone number is not up to date in your bank profile, you may end up with a declined card.
Cover Your Card
Is the person in line behind you taking a selfie, or is he or she taking a picture of your card as you make a purchase? By obtaining the credit card number, name, expiration date and the card security code or card verification value on the back, an attacker may be able to use the information to make online purchases.
Keep Your Guard Up Year-Round
The holiday season is a great time to take stock of the past year while relaxing and spending time with loved ones, but it’s no time to let your guard down, especially given the increasing sophistication of cybercriminal tactics targeting holiday shoppers and sellers alike. We encourage retailers and consumers to follow best practices not only this holiday season, but also all year long to help mitigate attacks and compromise.
The post Cybersecurity #Tips to Help #Retailers and #Consumers Stay #Secure During the #Holiday Season appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Hackers to #Help Make #Voting #Machines Safe Again
Source: National Cyber Security – Produced By Gregory Evans
Following the recent declaration by the U.S. National Security Agency that Russian hackers tried to infiltrate the electronic voting machines used in the last U.S. presidential election, many people are calling for a lot of things especially for the electronic voting machines to be scrapped. Although the Russians did not succeed, more questions are still left on the table.
Bipartisan bill to secure voting machines
U.S. senators looking for answers have constituted a committee and is hoping to pass a bipartisan bill called the Securing America’s Voting Equipment (SAVE) Act. The bill will enlist help from the Department of Homeland Security to organize an event like the one held at the DEFCON hackers conference in July, themed the “Voting Machine Hacking Village.”
That DEFCON event exposed vulnerabilities in the electronic voting machines used in the last U.S. election. Hackers took less than two hours to break into the 25 voting machines that were brought to the DEFCON conference, and the first machine was penetrated in minutes. The results of the findings released at an event at the Atlantic Council in October was one of the key provocations for the US senators to introduce the SAVE bill.
Interestingly, some of the significant findings after the alleged Russian breach were centered on the use of foreign materials in the production of these voting machines. Hackers at the DEFCON event pointed to the possibility of having malware embedded into the hardware and software along the entire supply and distribution chain. It was also believed that hackers could have tampered with voters’ registration on the touch screen voting machines.
Hackers enlisted to hunt for vulnerabilities in voting machines
Called the “Cooperative Hack the Election Program”, the initiative mirrors the bug bounty programs previously ran by the U.S. Department of Defense (DoD) where friendly hackers were invited to hack the Pentagon, Army and Air Force. The program is set to swing into motion one year after the bill is in play.
The stated objective of the program is “to strengthen electoral systems from outside interference by encouraging entrants to work cooperatively with election system vendors to penetrate inactive voting and voter registration systems to discover vulnerabilities of, and develop defenses for, such systems.”
Just like past U.S. DoD programs, the “Hack the Election” competition will offer incentives for hackers to find security weakness in the election system. Hackers playing by the rules will also be waived from the Computer Fraud and Abuse Act (CFAA) and the Digital Millennium Copyright Act (DMCA).
Hackers to replicate past successes against voting machines
Looking at past results, we can expect excellent outcomes for the new program. The first of these bug bounties was the ‘Hack the Pentagon’ program where hackers found 138 vulnerabilities. This was quickly followed by the ‘Hack the Army’ program which yielded 118 vulnerabilities and ‘Hack the Air Force’ program with a bountiful harvest of 207 vulnerabilities.
While it is not clear if the hacking program is a one-off event, the bill does propose a requirement for integrity audits to be performed every four years on the voting machines starting from 2019. There is also the provision for grants to be given to help states enhance the security of their voting systems.
The post Hackers to #Help Make #Voting #Machines Safe Again appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Main #cybersecurity #management #challenge? People, but simple #tech can help
Source: National Cyber Security – Produced By Gregory Evans Alissa Johnson doesn’t hesitate when asked whether people or technology is the harder-to-crack cybersecurity management challenge. It’s people, the Xerox Corp. CISO told SearchCIO at Gartner Symposium/ITxpo in Orlando, Fla., earlier this month. “You can tell technology exactly what you want it to do, and it’s […]
View full post on AmIHackerProof.com | Can You Be Hacked?
D5 Creation