help

now browsing by tag

 
 

Penn sophomores launch Tinder-like app to help students make friends remotely | #tinder | #pof | romancescams | #scams

Berri was co-founded by top row (from left to right): Justin Ma and James Tseng. Middle row (from left to right): Angelina Pan and Patrick Liu. Bottom row (from left […] View full post on National Cyber Security

Celebrity uses her Instagram following to help teachers stock their classrooms with school supplies | #teacher | #children | #kids | #parenting | #parenting | #kids

Celebrity uses her Instagram following to help teachers stock their classrooms with school supplies | #teacher | #children | #kids | Parent Security Online ✕ Parent […] View full post on National Cyber Security

Bucks County COVID-19 Recovery Fund Awards Grants To Help Navigate Remote Learning | #covid19 | #kids | #childern | #parenting | #parenting | #kids

A student partaking in remote learning in spring. File photo. The Bucks County COVID-19 Recovery Fund has distributed funds to assist school-aged kids experiencing homelessness navigate remote learning. The United […] View full post on National Cyber Security

#sextrafficking | New research may help identify sex trafficking networks | #tinder | #pof | #match | romancescams | #scams

_________________________ Credit: CC0 Public Domain According to a 2018 United Nations report, more than 25,000 individuals are officially reported to be victims of trafficking each year. The true number is […] View full post on National Cyber Security

Iron Age hillfort found in Chiltern Hills with help of ‘citizen scientists’ | #facebookdating | #tinder | #pof | romancescams | #scams

Image copyrightBeacons of the Past Image caption“Citizen Scientists” helped identify a hidden iron age hillfort in the southern Chiltern Hills, which cover Buckinghamshire and Oxfordshire An Iron Age hillfort hidden […] View full post on National Cyber Security

How COVID-19 is blocking the vision to help kids become better readers | #covid19 | #kids | #childern | #parenting | #parenting | #kids

If you happen to have the resources to pay for eye exams for your children, count your lucky stars. A lot of parents don’t. “It’s a big problem,” said Ken […] View full post on National Cyber Security

#nationalcybersecuritymonth | The Web’s Bot Containment Unit Needs Your Help — Krebs on Security

Source: National Cyber Security – Produced By Gregory Evans

Anyone who’s seen the 1984 hit movie Ghostbusters likely recalls the pivotal scene where a government bureaucrat orders the shutdown of the ghost containment unit, effectively unleashing a pent-up phantom menace on New York City. Now, something similar is in danger of happening in cyberspace: Shadowserver.org, an all-volunteer nonprofit organization that works to help Internet service providers (ISPs) identify and quarantine malware infections and botnets, has lost its longtime primary source of funding.

Image: Ghostbusters.

Shadowserver provides free daily live feeds of information about systems that are either infected with bot malware or are in danger of being infected to more than 4,600 ISPs and to 107 national computer emergency response teams (CERTs) in 136 countries. In addition, it has aided the FBI and other nations’ federal law enforcement officials in “sinkholing” domain names used to control the operations of far-flung malware empires.

In computer security lexicon, a sinkhole is basically a way of redirecting malicious Internet traffic so that it can be captured and analyzed by experts and/or law enforcement officials. Typically, a sinkhole is set up in tandem with some kind of legal action designed to wrest control over key resources powering a malware network.

Some of these interventions involving ShadowServer have been documented here, including the Avalanche spam botnet takedown, the Rustock botnet takeover, the Gameover malware botnet seizure, and the Nitol botnet sneak attack. Last week, Shadowserver was instrumental in helping Microsoft kneecap the Necurs malware network, one of the world’s largest spam and malware botnets.

https://krebsonsecurity.com/

Image: Shadowserver.org

Sinkholing allows researchers to assume control over a malware network’s domains, while redirecting any traffic flowing to those systems to a server the researchers control. As long as good guys control the sinkholed domains, none of the infected computers can receive instructions about how to harm themselves or others online.

And Shadowserver has time and again been the trusted partner when national law enforcement agencies needed someone to manage the technical side of things while people with guns and badges seized hard drives at the affected ISPs and hosting providers.

But very recently, Shadowserver got the news that the company which has primarily funded its operations for more than 15 years, networking giant Cisco Systems Inc., opted to stop providing that support.

Cisco declined to respond to questions about why it withdrew funding. But it did say the company was exploring the idea of supporting the organization as part of a broader support effort by others in the technology industry going forward.

“Cisco supports the evolution of Shadowserver to an industry alliance enabling many organizations to contribute and grow the capabilities of this important organization,” the company said in a written statement. “Cisco is proud of its long history as a Shadowserver supporter and will explore future involvement as the alliance takes shape.”

To make matters worse, Shadowserver has been told it needs to migrate its data center to a new location by May 15, a chore the organization reckons will cost somewhere in the neighborhood of $400,000.

“Millions of malware infected victims all over the world, who are currently being sinkholed and protected from cybercriminal control ​by Shadowserver, may lose that critical protection – just at the time when governments and businesses are being forced to unexpectedly stretch their corporate security perimeters and allow staff to work from home on their own, potentially unmanaged devices, and the risk of another major Windows worm has increased,” Shadowserver wrote in a blog post published today about their financial plight.

The Shadowserver Foundation currently serves 107 National computer emergency response teams (CERTs) in 136 countries, more than 4,600 vetted network owners and over 90% of the Internet, primarily by giving them free daily network reports.

“These reports notify our constituents ​about millions of misconfigured, compromised, infected or abusable devices for remediation every day,” Shadowserver explained.

The group is exploring several options for self-funding, but Shadowserver Director Richard Perlotto says the organization will likely depend on a tiered “alliance” funding model, where multiple entities provide financial support.

“Many national CERTs have been getting our data for free for years, but most of these organizations have no money and we never charged them because Cisco paid the bill,” Perlotto said. “The problem for Shadowserver is we don’t blog about our accomplishments very frequently and we operate pretty quietly. But now that we need to do funding it’s a different story.”

Perlotto said while Shadowserver’s data is extremely valuable, the organization took a stance long ago that it would never sell victim data.

“This does not mean that we are anti-commercial sector activities – we definitely believe that there are huge opportunities for innovation, for product development, and to sell cyber security services,” he said. “Shadowserver does not seek to compete with commercial vendors, or disrupt their business models. But we do fundamentally believe that no-one should have to pay to find out that they have been a victim of cybercrime.”

Most immediately, Shadowserver needs to raise approximately $400,000 by the end of this month to manage the migration of its 1,300+ servers out of Cisco’s California data center into a new facility.

Anyone interested in supporting that migration effort can do so directly here; Shadowserver’s contact page is here.

Update 10:46 a.m., ET: Added comment from Cisco.



Tags: Cisco Systems, Richard Perlotto, Shadowserver Foundation

Source link

The post #nationalcybersecuritymonth | The Web’s Bot Containment Unit Needs Your Help — Krebs on Security appeared first on National Cyber Security.

View full post on National Cyber Security

Working from Home? These Tips Can Help You Adapt

Source: National Cyber Security – Produced By Gregory Evans

COVID-19 means many people are doing their jobs from outside the confines of the office. That may not be as easy as it sounds.

So, you’re working from home …

For a while.

You’ve probably worked remotely before, and you’re thinking, “I’ve got this!”

Odds are, you’re mistaken. You don’t have this. That’s OK; this is an opportunity to learn new skills.

You can think of working from home much like someone moving into an entirely new environment. Your patterns of work might be optimized for working in an office, and they might not quite fit at home. You can think of this post as moving you from accommodating yourself to including yourself — reducing the friction that misspends your energy just to exist.

Now it’s time to adapt. You need to adapt, your workday needs to adapt, and your environment needs to be adapted. So what can you do? Below is some advice — take it in the spirit of unsolicited advice on self-improvement. Some of these things will work for you; some of them won’t. Many of these ideas work for me or people near me; they might or might not work for you. Give them a try, and be willing to learn and adapt.

Your Workspace
Maybe you’ve been getting by with sitting on the couch or on the floor in the corner of your bedroom. Those might be all the choices you have, but you should consider some changes:

  • Use an external monitor. One of the biggest productivity gains comes from useful screen real estate, so finding a way to get more is incredibly helpful to you. Paired with an external keyboard and mouse, you’re also on your way to better ergonomics.
  • Use a desk and a chair. Sitting on a couch for a long period is probably not healthy in a lot of ways. Can you fit in a sit/stand desk? Maybe you do need a different ergonomic choice, but make it deliberately.
  • If you can dedicate a workspace, that’s ideal. If you can’t, consider a space that you can set up at the start of the workday, then tear it back down in the evening — so you have clearly delineated boundaries of when you’re “in the office” instead of just chilling.
  • Even if you can’t dedicate a workspace, make a conscious effort to not take a meal (be it lunch, dinner, etc.) from where you are working. If you have a dedicated workspace, leave it and go to your kitchen, another room, or, if possible, outside for your meal. This should be time to mentally recharge as much as physically recharge. If you don’t have a dedicated space, still take the time to close your laptop and do something that is not work. Your brain (and your similarly stressed co-workers) will thank you.
  • Do you have a headset with a microphone to take meetings with? Gaming headsets can be an affordable and high-quality solution, or possibly Bluetooth earbuds. Anything is an improvement over just using your laptop’s speakers. But also think about how your ears might feel after multiple hours using a device you’re not familiar with. Maybe change between earbuds and a headset … or even just take a long break from videoconferencing.   
  • Wired Ethernet makes an enormous difference for videoconferencing — and for many of our other tools. Even if the cable has to get unplugged when you roll up your desk at the end of the day, this can be worth the trouble.

Your Family
There’s a good chance you’re sharing your space with other people — a partner, some children, maybe roommates. Their needs will matter, too, and it’s better for you to plan ahead with your schedules so that no one is disappointed.

  • Do you have to homeschool small children? What does your plan look like for that, and how are you trading it off with your partner?
  • Do you need to add daily household meetings to identify any issues?

Your Commute
You might be really excited about not having to waste time getting to the office because you can just hit work running. But take a moment to think about what you also do during your commute. Are you thinking about your schedule for the day? Working on a hard problem? Thinking about your kids? That’s valuable mental time, which you should consider how to keep in your day so that you can gracefully transition between parts of your life.

  • Can you go for a walk around the block (or further)?
  • Can you set aside quiet time at the start and end of your day, before you dive into email?
  • Make sure you take time for lunch. This might make a good time to check in with your colleagues in your co-working space or take quiet time for yourself. You might want to think about planning for those lunches to make sure you’re making healthy choices rather than just grabbing whatever is available.
  • Make a hard break. “Bye, kids, I’m headed to work!” can be a really powerful boundary to set.

Your Meetings
Meeting culture is very location-centric, especially when that location is your headquarters. Some of that is a product of enterprise tools (many video solutions makes it hard to see more than a few participants at once, and the slight added latency over the Internet interacts with the human desire to jump in as the next speaker), some is a product of our organizations (meetings where 80% of the attendees are physically in one place), and some is a product of habit (sitting in a circle, which then excludes the video participants). This is an opportunity to work on more-inclusive meeting structures.

  • Consider nonverbal cues for meeting participants to use to call for attention. If everyone is visible, that can be a raised hand; if that’s not the case, then a chat backchannel can help.
  • Work more on pauses between speakers. There is rarely a need to jump in instantly, and that’s often seen as a behavior that is exclusionary anyway, so this is a good opportunity to evaluate it. Past three people, a moderator helps enormously — perhaps defaulting to whomever called the meeting or wrote the agenda.
  • Consider working off a shared document with an agenda and notes so that some information flows can be faster-than-verbal. This might rely on everyone having more screen real estate.
  • Think about the lighting. You should be able to clearly see your face, which generally means lights and windows should be in front of you, not behind you. It’s always possible to learn from one call and revise or improve for the next one.
  • Thirty-minute blocks are not fundamental to the universe. You can meet for 5 minutes or 15 — and jumping from chat to a video call for 5 minutes can unlock great work for you or your colleagues.
  • As a last resort, disabling video can improve audio distortions, jitter, and latency in meetings.

Your Physical Wellness
When working from home, it can be really easy to fall into a rut with no physical activity. Perhaps you roll out of bed, grab a quick bite, and hop on a call. For a day, that’s only a little bad, but that’s a bad long-term pattern. Schedule your exercise time.

  • Maybe take that long walk at the start of your day or after lunch.
  • If you’re fortunate enough to have a treadmill or stationary cycle in your house, maybe you take a walking meeting with a colleague.
  • Look at how you can keep your body from stiffening from a lack of movement or poor ergonomics. Take stretch breaks. Take a 20-second break every 20 minutes and look out at something at least 20 feet away to prevent eyestrain. Consider how to incorporate physical wellness into your everyday routine.

(Story continues on next page.)

Andy Ellis is Akamai’s chief security officer and his mission is “making the Internet suck less.” Governing security, compliance, and safety for the planetary-scale cloud platform since 2000, he has designed many of its security products. Andy has also guided Akamai’s IT … View Full Bio

Previous

1 of 2

Next

More Insights

Source link

The post Working from Home? These Tips Can Help You Adapt appeared first on National Cyber Security.

View full post on National Cyber Security

#comptia | #ransomware | With cybercriminals on the attack, states help cities punch back

Source: National Cyber Security – Produced By Gregory Evans

When the computers of the city of Lodi, Calif., got hit by a ransomware attack last April, the strike disabled phone lines, forced police officers to write reports by hand and prevented workers from sending out utility bills.

City officials refused to pay the ransom of 75 bitcoins — about $400,000 — and instead turned to their cyber insurance company, which sent in a legal team and security experts to investigate and help return the system to normal.

“It took a lot of our energy and ended up consuming a great deal of time,” recalled City Manager Steve Schwabauer. “We ultimately filed a claim of about $250,000, and it’s not fully closed yet.”

State legislators later gave Lodi, a city of about 67,000, a half-million-dollar grant to upgrade cybersecurity.

As cybercriminals increase their attacks against local governments — hundreds of municipalities and county agencies were hit in the last two years — some states are helping cities and counties better protect themselves. States have offered election cybersecurity, responses to ransomware attacks that take computer systems hostage, training and other programs, according to a recent report by the National Governors Assn. and the National Assn. of State Chief Information Officers.

“It’s the right thing to do,” said Meredith Ward, the latter group’s policy and research director. “Cybersecurity is a team sport. States and local government and the private sector all have a role to play.”
But while 65% of states report that they provide some cybersecurity services to local governments, the scope varies widely. And other states aren’t doing anything to help, saying they don’t have jurisdiction over local governments or they lack money to spare.

“It’s very hard for most local governments,” said Alan Shark, executive director of the Public Technology Institute, a Washington, D.C.-based nonprofit that provides training and other support to local government information technology executives. “They lack the resources to adequately protect themselves. Yesterday’s fixes don’t work today. The cybercriminals are encouraged.”

But Shark said more states are starting to assist local governments in restoring their systems.

The states committed to collaboration are on the right track, the report by the governors’ and IT chiefs’ groups found.

Among them:

  • Illinois created a program that helps local election officials improve their cybersecurity readiness and conduct risk assessments. It hired IT specialists to help local election offices beef up their security.
  • Iowa is using a federal grant to offer counties cybersecurity vulnerability scanning and to pay for hardware and anti-malware tools. It also is piloting cyber projects with schools, cities and hospitals.
  • North Carolina developed a partnership with the state’s National Guard and emergency management division to help local governments, school systems and community colleges recover data compromised during a cyberattack and provide training to help prevent future incidents.
  • Pennsylvania partnered with the county commissioners’ statewide association to provide security awareness training and phishing exercises for all 150,000 county and state employees and contractors. Phishing victims unwittingly click on emailed links designed to get personal information, such as passwords.

“It’s about working outside your comfort zone and forging relationships,” said Erik Avakian, Pennsylvania’s chief information security officer. “We think this is really the path forward for all states. It’s something they should be looking at.”
Cybersecurity remains a serious issue for state governments, as sophisticated hackers and cybercriminals are constantly scanning computer networks looking for vulnerabilities. Those networks contain information such as Social Security numbers, birth certificates, bank account details and credit card numbers of millions of individuals and businesses.

But it’s especially hard for local governments. Just last month, for example, a small school district near Austin, Texas, with 9,600 students, disclosed that it had lost $2 million in a phishing email scam.

Local governments saw a spike in cyberattacks in 2019, and experts say it doesn’t look like they’re going to abate any time soon.

In the last 24 months, at least 370 cyber incidents affecting local governments and public safety agencies were publicly reported in 47 states, according to Aubrey Larson, a marketing manager at SecuLore Solutions, a Maryland-based cybersecurity company. That’s a 150% hike over the previous two-year period, she said.

In fact, the majority of publicized ransomware attacks in the United States last year targeted local governments, according to the report by the governors’ and state IT officers’ associations.

Ransomware hijacks government computer systems and holds them hostage until their victims pay a ransom or restore the system on their own.

In October, the FBI issued a public service announcement, saying state and local governments “have been particularly visible targets for ransomware attacks.” Those attacks can be devastating.

Democratic New Orleans Mayor LaToya Cantrell declared a state of emergency in December after a ransomware attack hobbled the city. Officials had to shut down more than 4,000 computers and close municipal courthouses. The attack has cost the city at least $7 million.

Nearly two dozen Texas cities were targeted in a ransomware attack in August that led Republican Gov. Greg Abbott to order a “Level 2 Escalated Response,” which is just one level below the emergency management division’s highest alert. The state led the response and helped the cities restore their systems.

And Baltimore was hit by a ransomware attack in May that crippled thousands of computers and left workers unable to access online accounts and payment systems for weeks. City officials transferred $6 million from a parks and recreation fund to pay for cyber protections. In total, restorations and repairs cost $18 million.

Preventing and responding to attacks can be complicated when efforts involve jurisdictions that generally operate independently of one another.

“Some cyber incidents are truly becoming emergencies. [State and local IT officials] shouldn’t be exchanging business cards at that point,” said Maggie Brunner, cybersecurity program director for the national governors’ group. “They should be doing it ahead of time. We’d love to see state CIOs know every single local IT director.”

In Pennsylvania, IT security chief Avakian said his agency held quarterly meetings with county IT officials to build relationships and find out about their cybersecurity needs. “The fact that we’ve cracked this nut across jurisdictional boundaries is significant,” Avakian said.

Because of the collaboration, he said, the state was able to buy licenses for the phishing training exercise in bulk. The larger number of users lowered the cost per unit and saved the state and its 67 counties a considerable amount of money. He wouldn’t say how much.

“Now that we’ve done this, more people want to come onboard — school districts, cities,” Avakian said. “It’s kind of taken off.”

Michael Sage, chief information officer for the County Commissioners Assn. of Pennsylvania, called the cyber training and relationship the counties have developed with the commonwealth “a fantastic effort.”

“It has bolstered awareness and helped the counties understand where the threats are coming from, so they can stay vigilant,” Sage said. “The more we can collaborate and share, the better off we’re going to be.”

Bergal writes for stateline.org

Source link

The post #comptia | #ransomware | With cybercriminals on the attack, states help cities punch back appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Tips to help you outsmart scammers in 2020

Source: National Cyber Security – Produced By Gregory Evans GREEN BAY, Wis. (WBAY) – A new year, a new push to protect your privacy. Consumer First Alert wants to help you outsmart scammers in 2020. The Better Business Bureau of Wisconsin has released its list of New Year’s Resolutions for a Consumer-Savvy 2020. Here’s the […] View full post on AmIHackerProof.com