many

now browsing by tag

 
 

#cybersecurity | #hackerspace | But Their Emails: Many 2020 Campaigns Still Risk Phishing Attacks

Source: National Cyber Security – Produced By Gregory Evans

Phishing is still a vector to attack presidential campaigns. Many 2020 candidate organizations still aren’t using best practice by implementing a proper DMARC policy.

It seems they’ve not learned from the hack on Hillary’s campaign. In 2016, John Podesta got tricked by a crude phish—and it easily could happen again.

Things are better now, but there’s still acres of room for improvement. In today’s SB Blogwatch, we dig their DNS records.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: a decade in three minutes.


Can You Spell DMARC?

What’s the craic, Zack? Mister Whittaker reports—“Only a few 2020 US presidential candidates are using a basic email security feature”:

 DMARC, an email security protocol that verifies the authenticity of a sender’s email and rejects spoofed emails … could prevent a similar attack that hobbled the Democrats during the 2016 election. … Only Elizabeth Warren … Joe Biden, Kamala Harris, Michael Bloomberg, Amy Klobuchar, Cory Booker, Tulsi Gabbard and Steve Bullock have … improved their email security.

The remaining candidates, including … Donald Trump, are not rejecting spoofed emails. … That, experts say, puts their campaigns at risk from foreign influence campaigns and cyberattacks.

In the run-up to the 2016 presidential election, Russian hackers sent an email to Hillary Clinton campaign manager John Podesta, posing as a Google security warning. [It] tricked Podesta into … allowing hackers to steal tens of thousands of private emails.

Or perhaps you prefer a different topical angle? G’day, David Braue—“You may be targeting Black Friday bargains, but cybercriminals are targeting you”:

 Security firms are warning shoppers to be careful online as cybercriminals increase their activity in the runup to [the] retail season. … Shoppers need to be particularly wary of online scams and malware propagated through emails spoofing legitimate retailers.

Despite efforts by the Australian Signals Directorate to promote the use of next-generation DMARC email anti-fraud tools … research suggests that just 45 percent of Australia’s biggest online retailers have actually begun implementing DMARC – and just 10 percent have adopted the strictest level of security.

Returning to this hemisphere, Agari’s Armen Najarian claims, “2020 Presidential Candidates Remain Vulnerable”:

 The kinds of email attacks that helped derail Hillary Clinton’s candidacy in 2016 are only getting more sophisticated. [But some] campaigns are not taking the threat as seriously as they should.

Meanwhile, we’re seeing new trends in how cybercriminals execute … advanced threats, which are liable to throw an entire candidacy off-course. After all, it only requires one campaign employee or volunteer to click on one link in a malicious email.

It’s likely only a matter of time before the unthinkable happens once again. … The Mueller Report … squarely pointed to spear phishing as the primary attack vector for Russian hackers seeking to gain access.

Unfortunately, candidates must not only be concerned about email directed to them and their campaign staff. … Imagine the damage that can be done by emails that appear to come from the legitimate domain of the candidate, but actually come from a malicious criminal who uses that domain to spread false information to potential … donors, voters, and the media.

This is entirely possible, and likely even probable, unless candidates take the steps they need to protect against it by implementing DMARC with a p=reject policy.

DMARC: HOWTO? Chad Calease obliges—“A Definitive Guide”:

 This is the time of year we’re all too aware how much phishing really sucks. … While technology isn’t able to catch all of it 100% of the time, DMARC is one of these important layers of defense that helps to dramatically minimize the amount of phishing emails that get through to our inboxes.

DMARC stands for Domain-based Message Authentication, Reporting & Conformance. [It] is a set of 3 DNS records that work together to ensure email is sent only from authorized … mail servers, thereby helping block fraudulent messages.

DMARC sets a clear policy for what to do if a message hasn’t been sent from an authorized source. … DMARC helps prevent criminals from spoofing the “header from” or “reply-to” address: … First it checks that the DKIM … digital signature is a match. Then it checks the SPF record to ensure the message came from an authorized server. If both DKIM and SPF pass these checks, DMARC delivers the message.

But if one or more of these tests fails, DMARC behaves according to a policy we set:

‘none’ [which] doesn’t impose any actions …
‘quarantine’ [which] Flags messages … to be directed to the recipients’ spam or junk folders …
‘reject’ [which] outright refuses messages that fail … (this is the end goal of a good DMARC configuration).

OK, so why aren’t all the candidates on board? Here’s lostphilosopher:

 I see this as a reflection of the candidates ability to find and listen to experts. I don’t expect a candidate to understand how to do tech “right” – I’m in the industry and still get half of it wrong! However, when you’re running a multi million dollar campaign you can afford to bring in experts to set this stuff up and audit your practices.

I assume these candidates are already doing this and that if they are still not following some basic best practices it’s because they are actively ignoring the experts. … That’s what worries me: If they can’t find or listen to these people now, what makes me think they’ll be able to in office?

And this Anonymous commentator agrees:

 Think about this for a second! If the … candidates don’t care enough about their own email traffic, why would anyone vote for them to secure this nation? If your own private info is easily up for grabs, what do you honestly think national security would be like under any of them?

But gl4ss spots an oint in the flyment:

 If you rely on DMARC … and just trust it blindly then you know what? You’re gonna get ****ed by someone on whthouse.org.co.uk.acva.com.

Sure the email is sent from that domain, but so what? The domain isn’t right.

It was ever thus. Ryan Dunbar—@ryandunbar2—looks back:

 In 1980 we knew internet email was not secure.
2003 get email SPF
2007 get email DKIM
2012 get DMARC
2019 get ARC, BIMI
2025 get QUIC, yet email will still not be secure.
2050 get internet3
Why does it look like the ones running the internet don’t want a secure internet?

Meanwhile, El Duderino knows who to blame:

 This is Al Gore’s fault because he invented the internet.

And Finally:

10 Years; 100 songs; 3 minutes

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites… so you don’t have to. Hate mail may be directed to @RiCHi or sbbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE.

Image source: Tia Dufour (public domain)

Source link

The post #cybersecurity | #hackerspace |<p> But Their Emails: Many 2020 Campaigns Still Risk Phishing Attacks <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Extreme poverty afflicts many of the 10-12 million Roma in Europe

Source: National Cyber Security – Produced By Gregory Evans

Photo by Arcoudis Chrisoula

The heaviest burden of poverty is usually borne by Roma children as the most fragile members of the community. Roma children living in extreme poverty are often caught in a cycle of transgenerational poverty.

According to a recent survey carried in eleven EU member states by the EU Fundamental Rights Agency (FRA)1 :

  • more than 90 % of Roma children are at risk of poverty;
  • 41 % of Roma children live in a household where at least one person in the household went to bed hungry at least once in a month;
  • 80 % of the Roma families and their children live with an income below the respective national at risk-of-poverty threshold;
  • 50% of Roma children face nutritional risk, have underlying malnutrition and exhibit stunting and inadequate child growth.

These figures, unacceptable as they are, do not relay the deep human cost of poverty, which restricts access to the most fundamental of needs. rights. Poverty is an urgent human rights concern. For those living in extreme poverty, many human rights are out of reach. It robs individuals of their dignity and increases vulnerability to hunger, malnutrition, physical and mental illnesses, human rights abuses and exclusion.

Racism, humiliation and exclusion are drivers of poverty, as well as consequences of it. Discrimination, whether based on gender, ethnicity, sexuality or other grounds can lead to exclusion and restricts pathways out of poverty. Poverty is more than just a human rights violation.

Roma children living in extreme poverty are often subjected to a life of family alienation, abuse, child labour, illiteracy, long term unemployment and homelessness. They often live in isolation and are invisible to state policies for poverty relief. Child poverty is a violation of human dignity!

The Council of Europe combats poverty in various ways. For example, the European Convention on Human Rights guarantees civil and political human rights, and it is complemented by the European Social Charter (ESC), adopted in 1961 and revised in 1996, which guarantees social and economic human rights. According to Article 30, “Everyone has the right to protection against poverty and social exclusion”.

Furthermore, the Directorate for European Cooperation and Strategy and Council of Europe Development Bank (CEB) fund initiatives to provide training for Roma to facilitate their access to labour markets. Access to decent work opportunities for all is the most effective way to increase participation, lift people out of poverty, reduce inequality and drive economic growth. The Council of Europe’s Roma and Traveller Team in co-operation with the Croatian Government Office for Human Rights and Rights of National Minorities have organsed an expert seminar on the transition of Roma young people from education to employment and working life.

 

1Roma survey – Data in focus, Poverty and employment: the situation of Roma in 11 EU Member States, EU Fundamental Rights Agency, 2014

Source link
——————————————————————————————————

The post #deepweb | <p> Extreme poverty afflicts many of the 10-12 million Roma in Europe <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Many #employees know #little about #cybersecurity #threats

Companies are surrounded by cybersecurity threats, but many are not making it a priority to educate employees about them, a survey says.

Nearly half (46%) of entry-level employees don’t know whether their company has a cybersecurity policy, according to research firm Clutch.

The survey demonstrated a lack of awareness that can put companies at risk for IT security breaches. Nearly two-thirds of employees (63%) said they don’t know whether the quantity of IT security threats their companies face will increase or decrease over the next year. Additionally, among entry-level employees, 87% said they don’t know how the number of threats will shift in the next year.

The survey also found that employees are less likely to recognize IT services as the primary area of security vulnerability at their company. Instead, they cited theft of company property as the primary threat to company security, ahead of unauthorized information and email phishing scams.

The findings are a bit ironic, because “most cyberbreaches are caused by employees, inadvertently,” Robert Anderson, co-chair of the cybersecurity and data privacy group at Lindabury, McCormick, Estabrook & Cooper, P.C., told FierceCEO.

“There is a tendency for businesses to not put the emphasis on employees, but they are the greatest vulnerability,” Anderson said.

Read More….

advertisement:

The post Many #employees know #little about #cybersecurity #threats appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Too many cybersecurity jobs, too few hackers

Source: National Cyber Security – Produced By Gregory Evans

As with many tech sectors, cybersecurity has been facing an increasingly large worker shortage over the past decade. But unlike most other talent shortages, this one is set to have a material impact on consumer safety. That’s not just idle speculation, says Candace Worley, vice president and chief technical strategist…

The post Too many cybersecurity jobs, too few hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

During Cybersecurity Awareness Month, Experts Say Too Many Remain Unaware of Threats

Source: National Cyber Security – Produced By Gregory Evans

After an onslaught of hacking, breaches and malware this year, and the resultant waves of publicity, National Cybersecurity Awareness Month should be a bit anticlimactic. But for some people, the message never gets old. One of the organizations most aware of cyberthreats and most active in countering them is CIS,…

The post During Cybersecurity Awareness Month, Experts Say Too Many Remain Unaware of Threats appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Many merchant systems still lack basic security

download-59

Source: National Cyber Security – Produced By Gregory Evans

Many merchant systems still lack basic security

What could a Point of Sale (POS) security breach cost your business? Factoring in the cost of an investigation, legal fees, potential fines and lawsuits, damage to a reputation, and a likely decrease in customer loyalty, your business could be

The post Many merchant systems still lack basic security appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Many State Report Cards Leave Parents in the Dark About School Achievement – Inside School Research – Education Week

With jargon, “meaningless” tables and missing data, state report cards can be difficult for parents to use, a new report shows.

View full post on Education Week: Bullying







#pso #htcs #b4inc

Read More

The post Many State Report Cards Leave Parents in the Dark About School Achievement – Inside School Research – Education Week appeared first on Parent Security Online.

View full post on Parent Security Online

Many Parents Who Think They Have Food Allergies Actually Don’t

When kids have food allergies, the children’s parents may think they have food allergies too, but this is often not the case, a new study found.

The study, which involved only parents of kids with food allergies, showed that many parents who reported also having food allergies didn’t actually have any. In fact, when the researchers conducted allergy tests on parents who thought they had these allergies, more than 70 percent of these parents tested negative.

The study calls into question the reliability of people’s self-reports of allergies, the researchers said. The findings are also surprising, given that parents whose children have food allergies might be expected to have more knowledge than people in general about what counts as a food allergy, the researchers said.

Read More

The post Many Parents Who Think They Have Food Allergies Actually Don’t appeared first on Parent Security Online.

View full post on Parent Security Online

15 Years After 9/11 Attacks, Classroom Approaches to Topic Take Many Forms – Curriculum Matters – Education Week

Fifteen years after the attacks on September 11, most K-12 students have no personal memories of the event.

View full post on Education Week: Bullying







#pso #htcs #b4inc

Read More

The post 15 Years After 9/11 Attacks, Classroom Approaches to Topic Take Many Forms – Curriculum Matters – Education Week appeared first on Parent Security Online.

View full post on Parent Security Online

Identifying Minorities in Spec. Ed.: Defining ‘Too Many’ – Education Week

More than 300 educators, researchers, and advocates respond to a proposed federal rule on how to define whether minorities are disproportionately identified for special education services.

View full post on Education Week: Bullying







#pso #htcs #b4inc

Read More

The post Identifying Minorities in Spec. Ed.: Defining ‘Too Many’ – Education Week appeared first on Parent Security Online.

View full post on Parent Security Online