help

now browsing by tag

 
 

#nationalcybersecuritymonth | The Web’s Bot Containment Unit Needs Your Help — Krebs on Security

Source: National Cyber Security – Produced By Gregory Evans

Anyone who’s seen the 1984 hit movie Ghostbusters likely recalls the pivotal scene where a government bureaucrat orders the shutdown of the ghost containment unit, effectively unleashing a pent-up phantom menace on New York City. Now, something similar is in danger of happening in cyberspace: Shadowserver.org, an all-volunteer nonprofit organization that works to help Internet service providers (ISPs) identify and quarantine malware infections and botnets, has lost its longtime primary source of funding.

Image: Ghostbusters.

Shadowserver provides free daily live feeds of information about systems that are either infected with bot malware or are in danger of being infected to more than 4,600 ISPs and to 107 national computer emergency response teams (CERTs) in 136 countries. In addition, it has aided the FBI and other nations’ federal law enforcement officials in “sinkholing” domain names used to control the operations of far-flung malware empires.

In computer security lexicon, a sinkhole is basically a way of redirecting malicious Internet traffic so that it can be captured and analyzed by experts and/or law enforcement officials. Typically, a sinkhole is set up in tandem with some kind of legal action designed to wrest control over key resources powering a malware network.

Some of these interventions involving ShadowServer have been documented here, including the Avalanche spam botnet takedown, the Rustock botnet takeover, the Gameover malware botnet seizure, and the Nitol botnet sneak attack. Last week, Shadowserver was instrumental in helping Microsoft kneecap the Necurs malware network, one of the world’s largest spam and malware botnets.

https://krebsonsecurity.com/

Image: Shadowserver.org

Sinkholing allows researchers to assume control over a malware network’s domains, while redirecting any traffic flowing to those systems to a server the researchers control. As long as good guys control the sinkholed domains, none of the infected computers can receive instructions about how to harm themselves or others online.

And Shadowserver has time and again been the trusted partner when national law enforcement agencies needed someone to manage the technical side of things while people with guns and badges seized hard drives at the affected ISPs and hosting providers.

But very recently, Shadowserver got the news that the company which has primarily funded its operations for more than 15 years, networking giant Cisco Systems Inc., opted to stop providing that support.

Cisco declined to respond to questions about why it withdrew funding. But it did say the company was exploring the idea of supporting the organization as part of a broader support effort by others in the technology industry going forward.

“Cisco supports the evolution of Shadowserver to an industry alliance enabling many organizations to contribute and grow the capabilities of this important organization,” the company said in a written statement. “Cisco is proud of its long history as a Shadowserver supporter and will explore future involvement as the alliance takes shape.”

To make matters worse, Shadowserver has been told it needs to migrate its data center to a new location by May 15, a chore the organization reckons will cost somewhere in the neighborhood of $400,000.

“Millions of malware infected victims all over the world, who are currently being sinkholed and protected from cybercriminal control ​by Shadowserver, may lose that critical protection – just at the time when governments and businesses are being forced to unexpectedly stretch their corporate security perimeters and allow staff to work from home on their own, potentially unmanaged devices, and the risk of another major Windows worm has increased,” Shadowserver wrote in a blog post published today about their financial plight.

The Shadowserver Foundation currently serves 107 National computer emergency response teams (CERTs) in 136 countries, more than 4,600 vetted network owners and over 90% of the Internet, primarily by giving them free daily network reports.

“These reports notify our constituents ​about millions of misconfigured, compromised, infected or abusable devices for remediation every day,” Shadowserver explained.

The group is exploring several options for self-funding, but Shadowserver Director Richard Perlotto says the organization will likely depend on a tiered “alliance” funding model, where multiple entities provide financial support.

“Many national CERTs have been getting our data for free for years, but most of these organizations have no money and we never charged them because Cisco paid the bill,” Perlotto said. “The problem for Shadowserver is we don’t blog about our accomplishments very frequently and we operate pretty quietly. But now that we need to do funding it’s a different story.”

Perlotto said while Shadowserver’s data is extremely valuable, the organization took a stance long ago that it would never sell victim data.

“This does not mean that we are anti-commercial sector activities – we definitely believe that there are huge opportunities for innovation, for product development, and to sell cyber security services,” he said. “Shadowserver does not seek to compete with commercial vendors, or disrupt their business models. But we do fundamentally believe that no-one should have to pay to find out that they have been a victim of cybercrime.”

Most immediately, Shadowserver needs to raise approximately $400,000 by the end of this month to manage the migration of its 1,300+ servers out of Cisco’s California data center into a new facility.

Anyone interested in supporting that migration effort can do so directly here; Shadowserver’s contact page is here.

Update 10:46 a.m., ET: Added comment from Cisco.



Tags: Cisco Systems, Richard Perlotto, Shadowserver Foundation

Source link

The post #nationalcybersecuritymonth | The Web’s Bot Containment Unit Needs Your Help — Krebs on Security appeared first on National Cyber Security.

View full post on National Cyber Security

Working from Home? These Tips Can Help You Adapt

Source: National Cyber Security – Produced By Gregory Evans

COVID-19 means many people are doing their jobs from outside the confines of the office. That may not be as easy as it sounds.

So, you’re working from home …

For a while.

You’ve probably worked remotely before, and you’re thinking, “I’ve got this!”

Odds are, you’re mistaken. You don’t have this. That’s OK; this is an opportunity to learn new skills.

You can think of working from home much like someone moving into an entirely new environment. Your patterns of work might be optimized for working in an office, and they might not quite fit at home. You can think of this post as moving you from accommodating yourself to including yourself — reducing the friction that misspends your energy just to exist.

Now it’s time to adapt. You need to adapt, your workday needs to adapt, and your environment needs to be adapted. So what can you do? Below is some advice — take it in the spirit of unsolicited advice on self-improvement. Some of these things will work for you; some of them won’t. Many of these ideas work for me or people near me; they might or might not work for you. Give them a try, and be willing to learn and adapt.

Your Workspace
Maybe you’ve been getting by with sitting on the couch or on the floor in the corner of your bedroom. Those might be all the choices you have, but you should consider some changes:

  • Use an external monitor. One of the biggest productivity gains comes from useful screen real estate, so finding a way to get more is incredibly helpful to you. Paired with an external keyboard and mouse, you’re also on your way to better ergonomics.
  • Use a desk and a chair. Sitting on a couch for a long period is probably not healthy in a lot of ways. Can you fit in a sit/stand desk? Maybe you do need a different ergonomic choice, but make it deliberately.
  • If you can dedicate a workspace, that’s ideal. If you can’t, consider a space that you can set up at the start of the workday, then tear it back down in the evening — so you have clearly delineated boundaries of when you’re “in the office” instead of just chilling.
  • Even if you can’t dedicate a workspace, make a conscious effort to not take a meal (be it lunch, dinner, etc.) from where you are working. If you have a dedicated workspace, leave it and go to your kitchen, another room, or, if possible, outside for your meal. This should be time to mentally recharge as much as physically recharge. If you don’t have a dedicated space, still take the time to close your laptop and do something that is not work. Your brain (and your similarly stressed co-workers) will thank you.
  • Do you have a headset with a microphone to take meetings with? Gaming headsets can be an affordable and high-quality solution, or possibly Bluetooth earbuds. Anything is an improvement over just using your laptop’s speakers. But also think about how your ears might feel after multiple hours using a device you’re not familiar with. Maybe change between earbuds and a headset … or even just take a long break from videoconferencing.   
  • Wired Ethernet makes an enormous difference for videoconferencing — and for many of our other tools. Even if the cable has to get unplugged when you roll up your desk at the end of the day, this can be worth the trouble.

Your Family
There’s a good chance you’re sharing your space with other people — a partner, some children, maybe roommates. Their needs will matter, too, and it’s better for you to plan ahead with your schedules so that no one is disappointed.

  • Do you have to homeschool small children? What does your plan look like for that, and how are you trading it off with your partner?
  • Do you need to add daily household meetings to identify any issues?

Your Commute
You might be really excited about not having to waste time getting to the office because you can just hit work running. But take a moment to think about what you also do during your commute. Are you thinking about your schedule for the day? Working on a hard problem? Thinking about your kids? That’s valuable mental time, which you should consider how to keep in your day so that you can gracefully transition between parts of your life.

  • Can you go for a walk around the block (or further)?
  • Can you set aside quiet time at the start and end of your day, before you dive into email?
  • Make sure you take time for lunch. This might make a good time to check in with your colleagues in your co-working space or take quiet time for yourself. You might want to think about planning for those lunches to make sure you’re making healthy choices rather than just grabbing whatever is available.
  • Make a hard break. “Bye, kids, I’m headed to work!” can be a really powerful boundary to set.

Your Meetings
Meeting culture is very location-centric, especially when that location is your headquarters. Some of that is a product of enterprise tools (many video solutions makes it hard to see more than a few participants at once, and the slight added latency over the Internet interacts with the human desire to jump in as the next speaker), some is a product of our organizations (meetings where 80% of the attendees are physically in one place), and some is a product of habit (sitting in a circle, which then excludes the video participants). This is an opportunity to work on more-inclusive meeting structures.

  • Consider nonverbal cues for meeting participants to use to call for attention. If everyone is visible, that can be a raised hand; if that’s not the case, then a chat backchannel can help.
  • Work more on pauses between speakers. There is rarely a need to jump in instantly, and that’s often seen as a behavior that is exclusionary anyway, so this is a good opportunity to evaluate it. Past three people, a moderator helps enormously — perhaps defaulting to whomever called the meeting or wrote the agenda.
  • Consider working off a shared document with an agenda and notes so that some information flows can be faster-than-verbal. This might rely on everyone having more screen real estate.
  • Think about the lighting. You should be able to clearly see your face, which generally means lights and windows should be in front of you, not behind you. It’s always possible to learn from one call and revise or improve for the next one.
  • Thirty-minute blocks are not fundamental to the universe. You can meet for 5 minutes or 15 — and jumping from chat to a video call for 5 minutes can unlock great work for you or your colleagues.
  • As a last resort, disabling video can improve audio distortions, jitter, and latency in meetings.

Your Physical Wellness
When working from home, it can be really easy to fall into a rut with no physical activity. Perhaps you roll out of bed, grab a quick bite, and hop on a call. For a day, that’s only a little bad, but that’s a bad long-term pattern. Schedule your exercise time.

  • Maybe take that long walk at the start of your day or after lunch.
  • If you’re fortunate enough to have a treadmill or stationary cycle in your house, maybe you take a walking meeting with a colleague.
  • Look at how you can keep your body from stiffening from a lack of movement or poor ergonomics. Take stretch breaks. Take a 20-second break every 20 minutes and look out at something at least 20 feet away to prevent eyestrain. Consider how to incorporate physical wellness into your everyday routine.

(Story continues on next page.)

Andy Ellis is Akamai’s chief security officer and his mission is “making the Internet suck less.” Governing security, compliance, and safety for the planetary-scale cloud platform since 2000, he has designed many of its security products. Andy has also guided Akamai’s IT … View Full Bio

Previous

1 of 2

Next

More Insights

Source link

The post Working from Home? These Tips Can Help You Adapt appeared first on National Cyber Security.

View full post on National Cyber Security

#comptia | #ransomware | With cybercriminals on the attack, states help cities punch back

Source: National Cyber Security – Produced By Gregory Evans

When the computers of the city of Lodi, Calif., got hit by a ransomware attack last April, the strike disabled phone lines, forced police officers to write reports by hand and prevented workers from sending out utility bills.

City officials refused to pay the ransom of 75 bitcoins — about $400,000 — and instead turned to their cyber insurance company, which sent in a legal team and security experts to investigate and help return the system to normal.

“It took a lot of our energy and ended up consuming a great deal of time,” recalled City Manager Steve Schwabauer. “We ultimately filed a claim of about $250,000, and it’s not fully closed yet.”

State legislators later gave Lodi, a city of about 67,000, a half-million-dollar grant to upgrade cybersecurity.

As cybercriminals increase their attacks against local governments — hundreds of municipalities and county agencies were hit in the last two years — some states are helping cities and counties better protect themselves. States have offered election cybersecurity, responses to ransomware attacks that take computer systems hostage, training and other programs, according to a recent report by the National Governors Assn. and the National Assn. of State Chief Information Officers.

“It’s the right thing to do,” said Meredith Ward, the latter group’s policy and research director. “Cybersecurity is a team sport. States and local government and the private sector all have a role to play.”
But while 65% of states report that they provide some cybersecurity services to local governments, the scope varies widely. And other states aren’t doing anything to help, saying they don’t have jurisdiction over local governments or they lack money to spare.

“It’s very hard for most local governments,” said Alan Shark, executive director of the Public Technology Institute, a Washington, D.C.-based nonprofit that provides training and other support to local government information technology executives. “They lack the resources to adequately protect themselves. Yesterday’s fixes don’t work today. The cybercriminals are encouraged.”

But Shark said more states are starting to assist local governments in restoring their systems.

The states committed to collaboration are on the right track, the report by the governors’ and IT chiefs’ groups found.

Among them:

  • Illinois created a program that helps local election officials improve their cybersecurity readiness and conduct risk assessments. It hired IT specialists to help local election offices beef up their security.
  • Iowa is using a federal grant to offer counties cybersecurity vulnerability scanning and to pay for hardware and anti-malware tools. It also is piloting cyber projects with schools, cities and hospitals.
  • North Carolina developed a partnership with the state’s National Guard and emergency management division to help local governments, school systems and community colleges recover data compromised during a cyberattack and provide training to help prevent future incidents.
  • Pennsylvania partnered with the county commissioners’ statewide association to provide security awareness training and phishing exercises for all 150,000 county and state employees and contractors. Phishing victims unwittingly click on emailed links designed to get personal information, such as passwords.

“It’s about working outside your comfort zone and forging relationships,” said Erik Avakian, Pennsylvania’s chief information security officer. “We think this is really the path forward for all states. It’s something they should be looking at.”
Cybersecurity remains a serious issue for state governments, as sophisticated hackers and cybercriminals are constantly scanning computer networks looking for vulnerabilities. Those networks contain information such as Social Security numbers, birth certificates, bank account details and credit card numbers of millions of individuals and businesses.

But it’s especially hard for local governments. Just last month, for example, a small school district near Austin, Texas, with 9,600 students, disclosed that it had lost $2 million in a phishing email scam.

Local governments saw a spike in cyberattacks in 2019, and experts say it doesn’t look like they’re going to abate any time soon.

In the last 24 months, at least 370 cyber incidents affecting local governments and public safety agencies were publicly reported in 47 states, according to Aubrey Larson, a marketing manager at SecuLore Solutions, a Maryland-based cybersecurity company. That’s a 150% hike over the previous two-year period, she said.

In fact, the majority of publicized ransomware attacks in the United States last year targeted local governments, according to the report by the governors’ and state IT officers’ associations.

Ransomware hijacks government computer systems and holds them hostage until their victims pay a ransom or restore the system on their own.

In October, the FBI issued a public service announcement, saying state and local governments “have been particularly visible targets for ransomware attacks.” Those attacks can be devastating.

Democratic New Orleans Mayor LaToya Cantrell declared a state of emergency in December after a ransomware attack hobbled the city. Officials had to shut down more than 4,000 computers and close municipal courthouses. The attack has cost the city at least $7 million.

Nearly two dozen Texas cities were targeted in a ransomware attack in August that led Republican Gov. Greg Abbott to order a “Level 2 Escalated Response,” which is just one level below the emergency management division’s highest alert. The state led the response and helped the cities restore their systems.

And Baltimore was hit by a ransomware attack in May that crippled thousands of computers and left workers unable to access online accounts and payment systems for weeks. City officials transferred $6 million from a parks and recreation fund to pay for cyber protections. In total, restorations and repairs cost $18 million.

Preventing and responding to attacks can be complicated when efforts involve jurisdictions that generally operate independently of one another.

“Some cyber incidents are truly becoming emergencies. [State and local IT officials] shouldn’t be exchanging business cards at that point,” said Maggie Brunner, cybersecurity program director for the national governors’ group. “They should be doing it ahead of time. We’d love to see state CIOs know every single local IT director.”

In Pennsylvania, IT security chief Avakian said his agency held quarterly meetings with county IT officials to build relationships and find out about their cybersecurity needs. “The fact that we’ve cracked this nut across jurisdictional boundaries is significant,” Avakian said.

Because of the collaboration, he said, the state was able to buy licenses for the phishing training exercise in bulk. The larger number of users lowered the cost per unit and saved the state and its 67 counties a considerable amount of money. He wouldn’t say how much.

“Now that we’ve done this, more people want to come onboard — school districts, cities,” Avakian said. “It’s kind of taken off.”

Michael Sage, chief information officer for the County Commissioners Assn. of Pennsylvania, called the cyber training and relationship the counties have developed with the commonwealth “a fantastic effort.”

“It has bolstered awareness and helped the counties understand where the threats are coming from, so they can stay vigilant,” Sage said. “The more we can collaborate and share, the better off we’re going to be.”

Bergal writes for stateline.org

Source link

The post #comptia | #ransomware | With cybercriminals on the attack, states help cities punch back appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Tips to help you outsmart scammers in 2020

Source: National Cyber Security – Produced By Gregory Evans GREEN BAY, Wis. (WBAY) – A new year, a new push to protect your privacy. Consumer First Alert wants to help you outsmart scammers in 2020. The Better Business Bureau of Wisconsin has released its list of New Year’s Resolutions for a Consumer-Savvy 2020. Here’s the […] View full post on AmIHackerProof.com

#cyberfraud | #cybercriminals | Business Bulletin: 10 New Year’s resolutions to help you avoid scams

Source: National Cyber Security – Produced By Gregory Evans

Q: What advice and resolutions may BBB offer to consumers in 2020?

A: As the New Year begins, it’s an important time to think about simple changes we can make to ensure that this New Year is better than the last. The Better Business Bureau offers 10 New Year’s resolutions to help you avoid scams, and prevent identity theft and be a smarter consumer in 2020.

Remember, being a savvy consumer is ultimately about staying one step ahead of scammers. The way to do that is to take your time and do your research before making a decision. The scammers are counting on you to be too busy to take these simple steps to protect yourself. By taking a few minutes to implement these tips, you can outsmart scammers and fraudsters.

 

BBB’s Top Ten New Year’s Resolutions for a Consumer-Savvy 2020:

1. Implement a credit freeze. A credit freeze is the best way to protect yourself from financial identity theft because it restricts access to your credit file, making it impossible for identity thieves to apply for a new line of credit in your name. Best of all, it’s now free to freeze and thaw your credit when required.

2. Use technology to block robocalls and other telemarketing calls. Nomorobo, a call blocking feature, can disconnect known telemarketers or scammers from your VoIP landline after one ring. It’s free for landlines; a nominal fee for cell phones. Go to www.nomorobo.com to begin. Also, make sure you register your phones with www.donotcall.gov.

3. Review your permissions and privacy settings on social media. If you’ve signed into an app or website using your social media credentials or taken a fun quiz on social media, you may have unwittingly given permission to third-party apps to access your personal information and contacts. On Facebook, go to “settings” and “apps and websites” to review.

4. Warn others and stop fraudsters by reporting scams to the BBB Scamtracker webpage. www.BBB.org/Scamtracker is a crowd-sourced website where you can report if you’ve been contacted by a scammer. Since reports are plotted on a map, you can also use Scamtracker to find out what’s happening in your area. Please report new scam activity that is not posted. In turn, Scamtracker reports help BBB educate the public with more in-depth reports. You may view these studies at www.bbb.org/scamstudies.

5. Check out businesses and charities first. Conduct research before you buy or donate to make sure you’re working with a reputable company or charity. Check out companies at bbb.org and a full report on charities at give.org. BBB accredited businesses and charities have been evaluated by BBB, and meet and promise to maintain standards.

6. Use secure payment methods. A scammer’s favorite way to steal your money is by asking you to pay with either a gift card or a money wire transfer, such as Money Gram or Western Union. Why? Because these payment methods are irreversible. Credit card payments are more secure and recommended. If fraud is suspected, the charge can be disputed. If you receive a request from someone claiming to be from the IRS, Social Security or a debt collector, it is a scam. If anyone request that you pay with a gift card or a money wire transfer; it is a red flag of caution.

7. Use a unique and complex password for every online account. Consider a pass phrase, which is simply a long password made up of from a collection of multiple words, making them both easier to type and remember. Poor, easy-to-guess passwords are one of the most common ways cyber attackers can hack into your online accounts. If it’s too difficult to remember multiple passwords, consider a password manager. Then, you’ll only have to remember one unique and complex password instead of many.

8. Enable multi-factor authentication whenever it is available. Multi-factor authentication is when you are granted access to an online account only after you have successfully provided two or more pieces of evidence, such as your password and a unique code generated by your smartphone, emailed or texted to you. With multi-factor authentication, if hackers do steal your user name and password, they still can’t access your account.

9. Monitor your existing financial accounts. Gone are the days when you waited for your credit card statement to come in the mail for you to review. Sign up for online access so you can review your financial accounts periodically. Also, take advantage of free text message alerts to notify you of activity, remind you when payments are due, etc.

10. File your taxes early. One common fraud during tax season is identity theft. Scammers use stolen identity to file taxes and redirect refunds. Protect yourself and file early when possible. Visit bbb.org to find accredited tax preparers in your area.

Jim Winsett of the BBB.

Jim Winsett is president of the Better Business Bureau in Chattanooga

Source link

The post #cyberfraud | #cybercriminals | Business Bulletin: 10 New Year’s resolutions to help you avoid scams appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Gaining an accredited training can help one to become successful in your occupation.

Source: National Cyber Security – Produced By Gregory Evans

BestEssaySeller.co.uk can be your private composition helper. Whenever you need to purchase article, you seek out a seasoned and creative essay writing support. So it’s very important to understand just how to compose a successful article. Powerful, creative and uncomplicated academic article creating. This is definitely the most crucial scenario to understand since the anxiety about plagiarism is the thing that retains pupils from using custom essay writing solutions. You’ll never must change to several other article writing support. Once you locate the right writing service, affordablepapers you’re place. See our own website to read completely free background article trial.

That is main to roche??s discussion concerning the goals of the founding fathers.

On the 1 hands, an excellent essay author will not work on no price. Keeping supreme quality essays isn’t simple when you actually need to utilize a lot of British – talking authors with qualifications. With PerfectWritings, you may always apply the most professional writer. With an inexpensive composition firm along with a affordable essay author, you’re going to drop your final chance to procure a terrific grade. As the estimations are outstanding for beginners to utilize and obtain a concept of our costs, they’re maybe not the last price to purchase an academic article. Pupils seeming to obtain an essay document may be drawn in by the flashy, affordable costs of businesses but you ought to be rather cautious with this. Your charge for writing article will be contingent on many factors, including desperation, document span, educational degree along with quality amount. As each writing job differs, it merely seems organic the composition writing charge would be diverse additionally. Thus, it is possible to get an academic essay at an extremely nice price tag.

Alternatively, give attention to the future and your affection for many winners in general.

If you need to get all these features for a wieldy essay creating cost, then the BestEssaySeller can be your ideal choice. This price for when you wish to buy an essay on the internet is always competitive and constantly reveals the quantity of function that should be completed. So order essay composing, you hold an extraordinary chance to acquire more for the money. Utilize the table below to think of the edges and negatives of selecting a affordable essay writing firm. By personalized, however, we don’t merely indicate a piece of writing that does not have any plagiarism. You are going to scarcely avert the hazards of obtaining plagiarized paper if your preference is always to work with the cheap composition papers mill. At the similar period, you should exercise extreme caution as you’re searching for the ideal essay documents supplier.

It means he/she prefers you, whenever your pet nudges you ! it could be food or even to head out.

Purchase research paper, essay, example, or some other category of project you’ll need from a web-based service. The order procedure to buy an article is easy. If you determine to purchase essay papers on the internet, you must expect your directions will probably be adopted. You must know the low price of your own paper will not protect you from the perils of obtaining plagiarized document. These providers may study, compose and estimate all the essential elements of your paper to help you generate a well- recorded study article that’s in agreement with the degree this course you’re taking. Pupils might buy custom essay perform from us realizing they are receiving the very best quality. Read out the function which you have created loudly. You need exercise in an effort to boost your writing skills.

The post Gaining an accredited training can help one to become successful in your occupation. appeared first on Phoenix TS.

*** This is a Security Bloggers Network syndicated blog from Blog – Phoenix TS authored by Ashley Wheeler. Read the original post at: https://phoenixts.com/blog/gaining-an-accredited-training-can-help-one-to/

Source link

The post #cybersecurity | #hackerspace |<p> Gaining an accredited training can help one to become successful in your occupation. <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | Online tools help consumers protect against Magecart

Source: National Cyber Security – Produced By Gregory Evans Trustwave researchers outline free card skimmer detection techniques Online shoppers and merchants can detect whether websites are infected by Magecart with easy to use techniques provided from researchers at Trustwave. In a blog post published yesterday (December 19), security researcher Michael Yuen outlined how to determine […] View full post on AmIHackerProof.com

#nationalcybersecuritymonth | IRS Publishes Guidance to Help Taxpayers Fight Identity Theft

Source: National Cyber Security – Produced By Gregory Evans

Security Summit partners including the Internal Revenue Service (IRS), the US tax industry, and several state tax agencies published security guidance and updated content to highlight identity theft precautions to be taken during the incoming holiday shopping season.

Individual and business taxpayers, as well as tax professionals, are advised to boost their security defenses against potential identity theft attempts that will soon surface during the holidays.

“While people are shopping online, identity thieves are trying to shoplift their sensitive information. As the holiday season and tax season approach, everyone should remember to take basic steps to protect themselves,” IRS Commissioner Chuck Rettig said. 

“The Security Summit has made progress in fighting back against tax-related identity theft, but we need people to watch out for common scams that can put their financial and tax data at risk.”

Identity theft safeguards and protection measures

The US tax collection agency provides businesses with an updated ‘Security Awareness For Taxpayers’ PDF document during this month’s National Tax Security Awareness Week, ready to share with employees, clients, and customers

The Security Summit members also recommend taking the following measures to protect personal and financial information online:

• Use security software for computers and mobile phones – and keep it updated.
• Protect personal information; don’t hand it out to just anyone.
• Use strong and unique passwords for all accounts.
• Use two-factor authentication whenever possible.
• Shop only secure websites; Look for the “https” in web addresses; avoid shopping on unsecured and public WiFi in places like shopping malls.
• Routinely back up files on computers and mobile phones.

As part of the Tax Security Awareness Week, the IRS will also provide basic steps for easily recognizing email and phone scams, detecting identity theft attempts, and creating strong passwords for online accounts.

Videos with Easy Steps to Protect Your Computer and Phone and on how to Avoid Phishing Emails are also provided by the IRS and its Summit partners with additional information for taxpayers on how to augment their security.

Security plans and malware warnings

In July, the IRS issued a joint news release with the Security Summit partners to remind professional tax preparers of their obligation to have a data security plan in place with appropriate safeguards to protect sensitive taxpayer information from data theft attacks.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) also provides a Safeguarding Your Data Security Tip issued through the National Cyber Awareness System.

One month later, an IRS warning alerted taxpayers and tax professionals of an active IRS impersonation scam campaign that used spam emails to deliver malicious payloads.

The security guidance the IRS will share during the National Tax Security Awareness Week is designed to help both taxpayers and tax pros to defend against attacks such as those that are targeting the tax season with realistic phishing emails bundling malicious attachments.

Attackers are also known to use phone scams as observed in 2016 when they posed as IRS representants and asked their targets to extinguish outstanding debts of thousands of dollars via gift card payments.

Source link

The post #nationalcybersecuritymonth | IRS Publishes Guidance to Help Taxpayers Fight Identity Theft appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Fortress Information Security Strives to Help Protect Critical Infrastructure

Source: National Cyber Security – Produced By Gregory Evans

The agencies and businesses that make up the backbone of our critical infrastructure have a larger bullseye on their backs than an average company. When it comes to the electric utility providers that manage the power grid, the exposure to risk is exacerbated by the fact that much of the equipment, software, and services come from a limited set of vendors. Fortress Information Security just launched the Asset to Vendor (A2V) Network to mitigate these risks and improve the security posture of the power grid.

The Federal Energy Regulatory Commission (FERC) recognizes the unique threats posed to the power grid and understands that it’s crucial to address these challenges and protect the critical infrastructure. FERC has issued requirements for standardized risk assessments and mandated that electric utility providers prioritize supply chain vendors based on their relative risk. The problem is that many of the 3,000 or so electric providers are small, regional companies that don’t have the budget or resources to do this effectively on their own.

The A2V Network was launched as a joint venture between Fortress and AEP (American Electric Power) to address this challenge and help all electric utility companies collaborate to comply with the FERC regulations and improve protection of the critical infrastructure more efficiently and effectively. Organizations that join the A2V Network will be able to purchase completed vendor assessments for significantly less than it would cost them to conduct a redundant assessment of their own, and participating companies can also contribute completed assessments to build out the A2V Network library.

Reluctance to Share

I had an opportunity to chat with Alex Santos, CEO of Fortress, about the A2V Network and some of the challenges it addresses. He described the supply chain like streets in a community. Just as each person is responsible of their own home and property, but share the roads and pay taxes to share the burden and ensure the roads are taken care of, each company is responsible for itself, but they share risk exposure from the supply chain and it makes sense to collaborate and share the burden to mitigate the risk and secure the critical infrastructure.

I asked Santos for his thoughts on why businesses in general—not just electric power providers—seem so reluctant to engage in this sort of sharing and collaborative effort. The two main issues, according to Santos are that some information is very proprietary, and some information is not very good. Companies want to maintain the privacy of intellectual property and sensitive information. In some cases, there is a competitive advantage associated and sharing it is just bad for business. In other instances, organizations are reluctant to engage in sharing information because what they receive is not useful. If the information is not properly vetted and curated to ensure it is correct and relevant, it creates more problems than it solves.

Santos explained that the A2V Network strives to address both of those challenges. The A2V Network takes information about supply chain risk assessments and provides a platform to easily share it while anonymizing it and protecting the privacy of proprietary data. Part of what the A2V Network also does is to validate the information and make it actionable.

Gaining Momentum

Santos was especially grateful for having AEP as a partner for the launch of the A2V Network. He noted that even though there are 3,000 electric utility providers, only about 150 of those are large enough to be regulated by the North American Electric Reliability Corporation (NERC)—and that the top 15 largest deliver power for 75% of consumers. That leaves nearly 2,900 companies that must comply with the FERC regulation but lack the resources to do it effectively on their own.

He said that having AEP on board is huge because any new movement or initiative requires a first big company to get the ball rolling. AEP showed leadership in taking that initiative and having a company with the size and prestige of AEP involved creates a snowball effect that will entice other electric utility providers to jump on board.

The more companies get involved, the more momentum the A2V Network will have and the greater value it will provide to every participating organization. That, in turn, will attract more companies. It becomes a self-feeding cycle of momentum that will ultimately lead to a more secure critical infrastructure.

Source link

The post #cybersecurity | #hackerspace |<p> Fortress Information Security Strives to Help Protect Critical Infrastructure <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Cybersecurity #policymaking is #out of #focus. Bureaucracy #hackers can #help.

Source: National Cyber Security News

The cybersecurity industry is in desperate need of more “bureaucracy hackers” — individuals within federal and state governments who are authorities on the intricacies of policy creation and the nature of today’s rapidly-evolving technology and threat landscapes.

To understand why, look no further than Georgia State Bill 315: Introduced in the Georgia state senate earlier this month, the bill has the entire cybersecurity community shaking its head in disbelief. In short, the bill is modeled after the highly-controversial Computer Fraud and Abuse Act, which makes accessing a network or computer without authorization illegal – even if there is no theft or damage. While many parts of the U.S. government are advancing cybersecurity by adopting industry’s best practices, such as allowing security researchers to identify and disclose vulnerabilities that make us all safer, Georgia is closing the door to these folks.

Sen. Mark Warner’s IOT Improvement Act is another clear example: Drafted and supported by a bipartisan group of senators, the bill aims to protect increasingly “connected” citizens and their homes by introducing a baseline security standard for all internet-connected devices.

In principle, this is exactly the type of legislative action we want to see from lawmakers.

Read More….

advertisement:

View full post on National Cyber Security Ventures