now browsing by tag
#cybersecurity | #hackerspace | Just 12% of ICS Security Pros Very Sure of Orgs’ Ability to Respond to Digital Attacks
Malicious actors are increasingly launching digital attacks against industrial organizations. Many of these campaigns have been successful, particularly those that have targeted energy utilities and manufacturing plants. In late spring 2019, for instance, aircraft parts manufacturer ASCO temporarily suspended operations worldwide after falling victim to a ransomware attack. It was about a month later when […]… Read More
The post Just 12% of ICS Security Pros Very Sure of Orgs’ Ability to Respond to Digital Attacks appeared first on The State of Security.
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/ics-security/ics-security-respond-digital-attacks/
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans October was National Cybersecurity Awareness Month, and as it wrapped up for the 16th year, it’s never been more important. Cybercrime has reached epidemic levels, The University of Maryland found that an attack occurs every 39 seconds on average, affecting one in three Americans every year, and […] View full post on AmIHackerProof.com
A parody movie review show has, surprisingly enough, spawned an elaborate fictional universe spanning almost a decade. Now it’s making the jump to feature film, and there’s no sign of it losing steam.
The story of Mister America, the new mockumentary about a long-shot campaign for local office out on video on demand Friday, is a complicated one. It begins in 2011 when comedians Tim Heidecker and Gregg Turkington launched the spoof podcast On Cinema, episodes of which center around discussions of classic movies. But the amateur critics, fictional characters who share Heidecker and Turkington’s real names, supply the opposite of insightful commentary, generically declaring “it’s a classic!” before quickly wrapping up.
The gag continued as the podcast became a web series called On Cinema at the Cinema, a shabby Siskel and Ebert-type show with Tim and Gregg reviewing new releases. Once again, there’s no expertise to be found. Observations from the fumbling hosts are always either uproariously wrong or worthlessly broad, and nearly every film gets a glowing review. Both projects hilariously poke at the fact that the internet has fostered a culture of amateur creators oblivious to the uselessness of their creation and amateur commentators clueless about the very topics they’re commenting on.
But beyond being a spoof of pointless online content, On Cinema is also an examination of two pathetic, borderline psychopathic characters. Tim, an egotistical blowhard, and Gregg, a pretentious film “expert” who knows little about film, make each other miserable yet have nothing in their lives but this lousy show, meaning their constant on-screen fights and meltdowns always resolve with a return to set the following episode. The longer they continue coming back and failing to improve themselves or On Cinema, the bleaker, and funnier, it gets.
As On Cinema progresses, references to both characters’ dreary off-screen lives develop a deep mythology, and running jokes build a language for fans to use online while maintaining the charade that the show isn’t fiction. Heidecker and Turkington also further storylines with in-character tweets, essentially creating a year-round alternate reality game. Getting into the series requires patience, seeing as episodes don’t have obvious setups and punchlines. But once you start appreciating the dry humor of the hosts’ passive aggression and believably dumb remarks, there’s nothing quite like it.
Over the years, On Cinema has only grown more ambitious with numerous spin-offs, including Decker, a spy series Tim ineptly directs and stars in that subtly advances the larger story in a way that’s legitimately inventive. One edition of On Cinema, for instance, features Tim interviewing Gregg in front of a green screen for reasons that aren’t clear until Tim later that month uses the footage to insert Gregg into an episode of Decker without his permission, prompting yet another gut-busting squabble in a gag that takes weeks to show its true form. The wildest spin-off of all, though, came in 2017 when Tim faced murder charges in On Cinema‘s ninth season, the latest in a nutty sequence of soap opera level plot turns, and Adult Swim actually streamed a five-hour, surprisingly realistic trial.
This helped launch Mister America, the new mockumentary which follows Tim as he runs for district attorney to exact vengeance upon the prosector who charged him. Shot in a mind-boggling three days, it’s quite small in scale, and like On Cinema itself, it’s not so much about traditional setups and punchlines as it is about stewing in delusion and subtle stupidity; scenes often consist of little more than Tim dictating a nonsensical press release between burps or bloviating about Martin Luther King Jr. While unlikely to have much wide appeal, for On Cinema devotees, it’s a riot.
In a testament to how sprawling On Cinema has become, Mister America pulls from jokes that originated not only in the web series but on Decker, the murder trial, and even the comedians’ social media, where the election storyline unfolded last year. Naturally, it’s hard to imagine key scenes registering with newcomers. But when, for instance, Gregg speaks about Sully in an interview, it gets a huge laugh from those who realize the subtext: he’s only doing so to get in a petty dig at Tim as part of an argument they’ve had, primarily on Twitter, dating back years. When Tim watches Mister America and hears everything Gregg said, not to mention sees everything else he instructed the fictional director not to include, he’ll surely freak out on On Cinema, which is currently in the middle of a new season. This kind of slow burn multimedia storytelling is the series at its very best.
Mister America isn’t any sort of a masterpiece, to be sure; it’s limited by its tiny budget and isn’t as effective of a political satire as it could have been, especially seeing as a final monologue attempting to make a broader point feels at odds with the way the story actually played out. But it’s still consistently funny, and as a small piece of the larger project, it delivers.
This is in contrast to Between Two Ferns: The Movie, another spin-off of a web series about a terrible talk show. With that film, it was clear there had been little thought previously paid to the world the sketch occupies or who its central character is outside of the show, and so the struggle to turn it into a 90-minute feature was palpable. That Mister America, in contrast, feels like a natural evolution of everything that’s been cooking since 2011 is a testament to Heidecker and Turkington’s brilliant creation. It sounds strange to say about a silly spoof, but On Cinema has become a genuinely rich comedic world, and even after all this time, its creators are still finding new ways to expand it.
Want more essential commentary and analysis like this delivered straight to your inbox? Sign up for The Week’s “Today’s best articles” newsletter here.
The post #deepweb | <p> A fake movie review show just spawned one of the year’s best comedies <p> appeared first on National Cyber Security.
View full post on National Cyber Security
Source: National Cyber Security News
After it was reported last month that online dating app Tinder had a security flaw, which allows strangers to see users’ photos and matches, security firm, Appsecure has now uncovered a new flaw which is potentially more damaging.
Infiltrators who exploit the vulnerability will be able to get access to users’ account with the help of their login phone number. The issue has, however, been fixed after Tinder was alerted by Appsecure.
Appsecure says, the hackers could have taken advantage of two vulnerabilities to attack accounts, with one being Tinder’s own API and the other in Facebook’s Account Kit system which Tinder uses to manage the logins.
In a statement sent to The Verge, a Tinder spokesperson said, “Security is a top priority at Tinder. However, we do not discuss any specific security measures or strategies, so as not to tip off malicious hackers.”
The vulnerability exposed the access tokens of the users. If a hacker is able to obtain a user’s valid access token then he/she can easily take over a user account.
“We quickly addressed this issue and we’re grateful to the researcher who brought it to our attention,” The Verge quoted a Facebook representative as saying.
View full post on National Cyber Security Ventures
At this time of unparalleled cyber danger, it has been found that only half of companies in the UK believe they are equipped with adequate cybersecurity skills. The root of this shocking lack of confidence may be in another finding that just 51 per cent of IT workers in the UK said that cybersecurity has […] View full post on AmIHackerProof.com | Can You Be Hacked?
The view from the 128-foot M/VGrand Floridian in the center of the Fort Lauderdale International Boat Show overlooked hundreds of yachts rigged with intricate electronics. For this month’s Triton From the Bridge lunch we gathered 11 captains to learn how they handle these yachts’ potential cybersecurity risks.
Large yachts, like other businesses, try to stay ahead of hacks, spams, viruses, intrusions or otherwise compromised electronics. Yacht captains respond to these threats in the same way they handle a yacht fire, accident or flooding: They focus on prevention and implement solutions when there is a problem.
Each of the captains tries to stay educated, but most have had a cybersecurity incident related to the yacht.
“My experience has been with vendors and contractors being hacked,” a captain said. “Someone duplicating the invoice and following up for payment. They are very slick. It will even have the picture of the vendor and the full thread of all previous correspondence.”
In this case, the vendor called the captain to say he had been hacked. Fortunately, the payment was not sent.
“It never got to that point, but it was headed that way,” the captain said. “I could have paid a rather large invoice to a source that was mimicking as someone else.”
Individual comments are not attributed to encourage candid discussion; attending captains are identified in the accompanying photograph.
Most of the group had experience with emails from a friend or contact that had been hacked. And there were other common themes.
“We were locked out of our computers in Mexico; someone had tried to log in too many times,” a captain said.
Several yacht credit card numbers had been stolen. One was charged $27,000 and another was hit for $5,000 at Target. One captain switched credit cards after frequent small unauthorized purchases.
Most anyone connected to a computer is exposed to cybersecurity problems. Captains are aware of global incidents, as well as issues that may be tailored to yachts, and implement policies to try to prevent them on board.
“We are proactive,” a captain said. “We try not to log into any open source marina Wi-Fi; that’s usually where the trouble comes into play. The crew are required to use the boat system. And I cut down on opening of attachments and things that are recognizable as problems.”
Another captain protects yacht business by connecting via hardwire instead of wireless or bluetooth, and he requires crew to use their own laptops for personal emails. Several captains protect the owners by separating their access from the yacht business and crew.
“The owner has his own network,” a captain said. “It is important to separate bands and sites to monitor and set controls for everyone. I can block and set timers on the crew.”
By isolating each IP address, which identifies specific users, this captain can monitor and protect crew bandwidth use, and he can block specific internet sites such as social media. When crew use is too high, this captain has gone to extremes to make a point.
“Sometimes I’ll walk to the rack and turn it off,” he said.
“Crew should be careful with their social media anyway,” another captain said. “Most crew agencies check Facebook and those sites.”
Another captain uses different emails and changes passwords on a regular basis.
Several captains said well-defined crew confidentiality agreements address privacy issues in regard to electronics.
“But it can be contentious,” a captain said. “Crew live and work on board. It is hard to shut everything down.”
Confidentiality agreements vary by yacht, but one common clause is that no pictures of crew on board or pictures of the yacht are allowed for the public, a captain said.
“As captains, we have to define clearly what the owner wants,” he said.
Charter guests present a challenge. Celebrity guests are common on some yachts, and several captains had stories of fans and paparazzi waiting at the dock.
“If it’s a charter, you have to figure out how to handle the guests because they do not have a nondisclosure,” a captain said.
“You can watch TMZ [celebrity news] and see the boats, so I don’t know how you can control that,” another captain said. “They can check online and see who’s on board.”
One yacht owner said to a captain, “If Google can find my name, it doesn’t matter – there’s nothing you can do.”
There are other systems on board that link yachts to the cloud of information. Automatic Identification System (AIS) is required on many yachts to display vessel location through a satellite system. This can include ship name, course and speed, classification, call sign and registration number.
The captains agreed that AIS is vital to navigation, but is typically turned off when not underway. But the system is popular with yacht owners who follow their yacht’s locations through a public website that shares AIS information.
“The boss calls when he’s using it,” a captain said. “I can see you are using a lot of fuel, can you throttle back?”
Another owner was watching the yacht online and called when he saw it had not moved for several hours.
Basically captains don’t have a choice because the system is helpful and often mandated. But there are a few precautions available.
“AIS yachts are allowed to turn it off in dangerous situations,” a captain said.
“There is a stealth mode where the yacht does not broadcast,” another captain explained.
And there is a delay with Marine Traffic, the online private version of AIS. A captain said yachts can pay for premium services to increase security on the program.
Several captains were familiar with a 2013 experiment in which a yacht was taken off course by GPS spoofing.
“I read about that,” a captain said. “There can be transmitters that confuse the signal to navigation.”
Spoofing and loss of power or electronic contact are a couple of reasons why several captains have the crew plot a course on a paper chart.
“I had a crew say, ‘The electronic navigation is down, how are we going to get into port?’” a captain said. “They had no idea.”
“If something looks wrong, they should check,” the first captain said. “It’s important to teach them how to use the charts.”
Many yacht electronic systems are complex and not under crew expertise; that is why two of the yachts have remote information technology companies.
“We have an IT guy in Indiana who controls the boat,” one captain said. He said the technician recommended that the yacht’s satellite service run through the United States instead of other countries so he could better monitor service.
So much of the technology frequently changes, it’s difficult to keep current. A captain recommends people ask for help.
“When techs are on board servicing your sat system, make sure to have the security checked,” this captain said.
Many yachts have monitoring systems and most have camera security systems. Many captains receive messages when the bilge runs or an alarm sounds. One captain logs in and monitors the systems remotely. Another captain recommended that all systems be evaluated by a trusted technology company to confirm systems cannot be compromised.
We asked what the future holds for cybersecurity risks in yachting.
“There’s nothing different in yachting than in other industries,” a captain said.
So, like anyone in business or using personal electronics, the captains seek good technical advice and try to stay alert to what could happen.
“I’ve heard of many different things that can happen, and it doesn’t take long,” a captain said. “I think it’s going to be a concern from here moving forward. All our information is out there anyway.”
“I think in the future there could be a meltdown,” another captain said. “Maybe everyone is hacked all at once.”
“We were in the Bahamas with no communication for two days; the cell towers were down,” another captain said. “We could use our old sat phone but we really could see the limitations.”
“The government can shut down the satellite system, but we have other nations’ satellites to use,” a third captain said.
“Or we can use our Stargazer app,” another captain said with a laugh as he held his phone to the sky.
“Yes, maybe sometime in the future, whether weather- or terror-related, we will have to function without,” a captain said. “But for now, it’s a tool.”
It is a reason to know celestial navigation, and one captain noted yachts still need their compasses.
“If it turns out our power is completely out and everything is down, we can’t make it to shore anyway,” a captain said. “Everything runs on power now.”
“We’ve been careful,” another captain said. “But lucky is probably the real word.”
View full post on National Cyber Security Ventures
Part of the problem in managing cybersecurity challenges revolves around the fact that security isn’t seen as a critical business problem by senior executives and board members alike.
The recent 2017 global survey on the changing attitudes towards cybersecurity in business by Fortinet reveals that cybersecurity does not rank amongst the high focus areas for board members of organisations.
Surveying over 1,800 IT decision makers, Fortinet found that almost half of respondents believe that security is still not a top priority discussion for the board. At the same time, they also strongly contend that cybersecurity should become a top management priority, with 77% of respondents indicating that the board needs to put IT security under greater scrutiny, says Paul Williams, Country Manager for Southern Africa at Fortinet.
“One would assume there would have been a substantial uptick in interest by boards as a result of some of the most recent security attacks—and the dire implications they had on the targeted businesses,” says Williams. “However, even though boards do react when security attacks occur, their actions are generally reactive rather than prescriptive. Specifically, boards appear more involved in post-breach management than prevention.”
For example, the survey reveals that 77% of boards demand to know what happened after a security event occurs, and 67% review or increase security budgets. Security leaders obviously still have much work to do in up-levelling security to the board level.
Williams says findings from the survey corroborates the statement that no organisation is immune from the threat of breaches, ransomware attacks, or operational disruptions. Companies of all sizes and shapes as well as all industry segments are targets as 85% of respondents indicated that they suffered a security breach in the past two years, with almost half reporting a malware or ransomware attack.
There are a number of factors driving boards, executives, and IT decision makers to make cybersecurity a top priority in 2018.
According to Williams the more significant ones are:
Security Breaches and Global Attacks. The vast majority of organisations have experienced some type of security breach or attack in the past two years. 49% of survey respondents said their organisations increased their focus on security following a global attack such as WannaCry. Increased publicity and attention, along with implications on brand reputation and business operations makes these board-level issues rather than IT operational undertakings.
Attack Surface. The adoption of the cloud, emergence of IoT, and growth in big data expands both the circumference of the attack surface as well as its complexity. 74% of survey respondents indicate cloud security is a growing priority for their organisations. Half say their organisations plan cloud security investments over the next 12 months. IoT is just as big a factor when it comes to the ever-expanding attack surface. The number of connected IoT devices is predicted to balloon to more than 8.4 billion by yearend according to Gartner. Of these, 3.1 billion belong to businesses. As many IoT devices are difficult to protect, experts concurrently predict that more than 25% of all security attacks will target IoT devices by 2020.
Regulatory Compliance. New government and industry regulations are also increasing the importance of security. 34% of respondents indicated that these regulations heighten the awareness of security at the board level. Passage of the General Data Protection Regulation in the EU, which goes into effect in 2018, is one such example.
“These trends are forcing cybersecurity to be seen as a strategic issue, within an organisation’s broader risk management strategy, rather than a simple IT investment. To succeed in their digital transformation efforts, IT security leaders must rethink their cybersecurity approach with a view to extending visibility across the attack surface, shortening the window between time to detection and mitigation, delivering robust performance, and automating security intelligence and management.”
The post Cybersecurity should be a #strategic issue, not just an #IT #investment appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
One fresh banker Trojan has been detected and found employing techniques resembling ones that the Carbanak employed. The Trojan has been targeting financial institutions mostly in Russia.
According to security researchers from Kaspersky Lab, the new Trojan called “Silence” is used for acquiring continuous access of certain online banking network even as it makes video recordings of computer operations by bank employees, identifies the software they use and the operational activities of the bank. Once equipped with all this knowledge, the attackers controlling the malware apply that knowledge for grabbing cash out of the banks’ customer accounts. Scmagazine.com posted this, November 1, 2017.
The researchers state that the controllers of ‘Silence’ possibly are a Russian-speaking group that has targeted no less than ten financial institutions with some inside Malaysia and Armenia although the majority is inside Russia. This is unlike Russian cyber-criminals who usually spare attacking domestic targets.
Like Carbanak, first victims of Silence are duped with spoofed electronic mails that enable the hackers to gain entry inside the network. The hackers then hang around for as long as it needs them to get all the information for striking attack and stealing huge amounts of funds.
The spoofed e-mails are highly personalized to craft them as spear-phishing e-mails. Kaspersky researchers point out that the hackers had previously attacked to infect banking infrastructure so they could dispatch the malicious messages via the ids belonging to genuine bank employees thus making the e-mails appear inconspicuous while trapping the victims.
The Carbanak gang too was the discovery of Kaspersky Lab back during 2015. According to a particular report then, the infamous hackers managed filching a maximum of $1 billion from over a hundred banks globally.
The post Hackers #Attack Global #Banks with Just Found ‘Silence’ #Banking #Trojan appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
A new Ethereum phishing campaign, targeting users of the online Ethereum wallet website Myethereumwallet.com, has been uncovered. The scam saw hackers make away with over $15,000 (£11,308) in just two hours.
According to security researcher Wesley Neelen, who identified the campaign when he received a phishing email from the cybercriminals, the scam involved hackers sending out phishing emails purporting to be from the Myetherwallet.com website. The email was designed to trick victims into clicking on malicious links that would redirect them to a fake version of the website. The victims would then be prompted into divulging their account passwords, which the hackers would later use to transfer out all the coins in the victims’ wallet.
Although the fake Myetherwallet.com site was designed to look similar to the legitimate site, keen observers would likely notice that the fake site contained a small comma beneath the “t” in the site’s address. According to Neelen, the cybercriminals used a Unicode trick that allowed them to register domains that looked like Latin characters. This ploy in turn, allowed the hackers to create fake sites that can convincingly look like legitimate sites to unsuspecting users.
According to Neelen, some people have unfortunately already fallen victim to the scam. Neelen and his colleague Rik van Duijn, discovered a log file that contained a list of all the wallets stolen by the hackers. The security experts determined that the cybercriminals had stolen a total of $15,875.65 in Ethereum and had then proceeded to transfer the stolen coins to three different wallets operated by the hackers.
Ethereum’s growing popularity has made it an attractive target for cybercriminals. So far, there have been around four incidents involving hackers stealing millions of dollars worth of ether from various wallets. Oddly, in one such Ethereum heist, a hacker who stole nearly $7m of Ethereum from CoinDash later returned around $3m in stolen funds, sparking further mystery about the heist.
View full post on National Cyber Security Ventures