now browsing by tag


#nationalcybersecuritymonth | DCC UK second-gen smart meter network passes three million mark

Source: National Cyber Security – Produced By Gregory Evans Smart DCC, the licence-holder building and managing the secure national infrastructure that underpins the roll-out of smart meters across the UK, has passed a milestone in its network capability, with the three millionth second-generation smart meter (SMETS2) attached to its smart network. The Capita subsidiary was […] View full post on

#cyberfraud | #cybercriminals | Wyomingites lose $4.5 million as cyber crime nearly doubles in 2018

Source: National Cyber Security – Produced By Gregory Evans


CASPER, Wyo. — Wyomingites lost $4,517,128 in various cyber crimes in 2018.

That is according to Federal Bureau of Investigation data shared by the Wyoming Department of Education on Monday, Oct. 21.

“Losses due to security breaches and scams for Wyoming’s
citizens, businesses, and organizations nearly doubled between 2017
and 2018, according to the FBI’s Internet Crimes Complaint Database
reports,” WDE Chief of Operations Trent Carroll said in a memo.

Article continues below…

Carroll adds that there are 172 unfilled cybersecurity job positions across the state.

“Cybertrained technology professionals are needed to help in every business, hospital, school, nonprofit, and municipality in the state,” he adds. “Education of our students for these high-paying jobs, and teaching them to be safe in an increasingly connected world, is more important than ever.”

The United States Department of Education will award a “Presidential Cybersecurity Education Award” in spring 2020 to highlight the need for such education.

“Two educators, one elementary and one secondary, will be awarded in the spring of 2020,” Carroll adds. “The award criteria includes instilling their students with the skills, knowledge and passion for cybersecurity and related topics and subjects.”

Educators can be nominated for the award until Jan. 31, 2020.

“Anyone may nominate an educator and self-nominations are also permitted,” says Carroll.

More information about the award is available here. Nominations can be sent to

Source link

The post #cyberfraud | #cybercriminals | Wyomingites lose $4.5 million as cyber crime nearly doubles in 2018 appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Extreme poverty afflicts many of the 10-12 million Roma in Europe

Source: National Cyber Security – Produced By Gregory Evans

Photo by Arcoudis Chrisoula

The heaviest burden of poverty is usually borne by Roma children as the most fragile members of the community. Roma children living in extreme poverty are often caught in a cycle of transgenerational poverty.

According to a recent survey carried in eleven EU member states by the EU Fundamental Rights Agency (FRA)1 :

  • more than 90 % of Roma children are at risk of poverty;
  • 41 % of Roma children live in a household where at least one person in the household went to bed hungry at least once in a month;
  • 80 % of the Roma families and their children live with an income below the respective national at risk-of-poverty threshold;
  • 50% of Roma children face nutritional risk, have underlying malnutrition and exhibit stunting and inadequate child growth.

These figures, unacceptable as they are, do not relay the deep human cost of poverty, which restricts access to the most fundamental of needs. rights. Poverty is an urgent human rights concern. For those living in extreme poverty, many human rights are out of reach. It robs individuals of their dignity and increases vulnerability to hunger, malnutrition, physical and mental illnesses, human rights abuses and exclusion.

Racism, humiliation and exclusion are drivers of poverty, as well as consequences of it. Discrimination, whether based on gender, ethnicity, sexuality or other grounds can lead to exclusion and restricts pathways out of poverty. Poverty is more than just a human rights violation.

Roma children living in extreme poverty are often subjected to a life of family alienation, abuse, child labour, illiteracy, long term unemployment and homelessness. They often live in isolation and are invisible to state policies for poverty relief. Child poverty is a violation of human dignity!

The Council of Europe combats poverty in various ways. For example, the European Convention on Human Rights guarantees civil and political human rights, and it is complemented by the European Social Charter (ESC), adopted in 1961 and revised in 1996, which guarantees social and economic human rights. According to Article 30, “Everyone has the right to protection against poverty and social exclusion”.

Furthermore, the Directorate for European Cooperation and Strategy and Council of Europe Development Bank (CEB) fund initiatives to provide training for Roma to facilitate their access to labour markets. Access to decent work opportunities for all is the most effective way to increase participation, lift people out of poverty, reduce inequality and drive economic growth. The Council of Europe’s Roma and Traveller Team in co-operation with the Croatian Government Office for Human Rights and Rights of National Minorities have organsed an expert seminar on the transition of Roma young people from education to employment and working life.


1Roma survey – Data in focus, Poverty and employment: the situation of Roma in 11 EU Member States, EU Fundamental Rights Agency, 2014

Source link

The post #deepweb | <p> Extreme poverty afflicts many of the 10-12 million Roma in Europe <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#computersecurity | 187 million emails sent every 60 seconds SeniorNet boss tells Timaru

Source: National Cyber Security – Produced By Gregory Evans

About 15 members of SeniorNet South Canterbury attended a presentation on the digital future delivered by SeniorNet Federation executive officer Grant Sidaway.

Bejon Haswell/ Stuff

About 15 members of SeniorNet South Canterbury attended a presentation on the digital future delivered by SeniorNet Federation executive officer Grant Sidaway.

Technology is wasted on youth, SeniorNet Federation’s executive officer told Timaru members at a digital future presentation.

Grant Sidaway delivered a presentation to 15 members at Ara Institute last week and a collective gasp rung out as he showed a mind boggling pie graph of what occurred online over 60 seconds, on average, around the world.

This information showed 187 million emails were sent, $862,823 spent, 3.7 million google searches and 18 million texts sent in an average minute.

SeniorNet Federation executive officer Grant Sidaway holds a piece of fibre optic cable which is used to connect New Zealand to the world digitally.

Bejon Haswell/ Stuff

SeniorNet Federation executive officer Grant Sidaway holds a piece of fibre optic cable which is used to connect New Zealand to the world digitally.

While the information opened SeniorNet tutor Bill Small’s eyes to how fast technology was moving, for Graeme Holwell, who is in his 80s, there was too much change and he found it hard to adjust.

He used a computer for communication with friends and family only.

SeniorNet Federation executive officer Grant Sidaway shared his knowledge of technology with Timaru SeniorNet members at Ara Institute on Thursday.

Bejon Haswell/ Stuff

SeniorNet Federation executive officer Grant Sidaway shared his knowledge of technology with Timaru SeniorNet members at Ara Institute on Thursday.

“I’m not saying it’s (technology) not an advantage but gee,” he told Stuff.

Sidaway said technology became more useful as people got older and it saved money.  A smart speaker at a cost of between $60-$100 used with wifi, saved a user having to get into a computer, as it was voice activated.

“How useful is that if you have arthritis? . . It is an example of how technology has shifted.”

SeniorNet Federation executive officer Grant Sidaway talks to Timaru members about the digital future on Thursday.

Bejon Haswell/ Stuff

SeniorNet Federation executive officer Grant Sidaway talks to Timaru members about the digital future on Thursday.

The device, with a hub, could be used to automate a home, making curtains shut or heaters turn on at the sound of a voice.

He said 30 years ago people had to be “geeks” to understand a computer whereas now they were much simpler and available to anyone.

SeniorNet has between 12,000 and 15,000 members throughout the country. The Timaru branch based in the Confucius Institute Resource Centre at Ara Institute runs workshops on different aspects of technology and online safety.

The fears many older people had of being online Sidaway allayed because for the majority of people who followed proper protocols it was a really safe environment.

SeniorNet worked alongside Cyber Security New Zealand and taught members about password protection and how to spot a scam.   

Building confidence and skills in older users, so they could teach each other were some of the aims of SeniorNet. Young people often were not patient teaching parents or grandparents, Sidaway said.

 “OIder people are afraid they’ll make a fool of themselves in the eye of young people.”

He told the group that technology reduces social isolation and offered independence to those not so mobile, through networking, online shopping and banking. It was estimated that an average user in a big city could save $1000 a year by not having to drive and pay to park to carry out their errands.

SeniorNet South Canterbury chair Dick Dodds said he found the presentation interesting especially about what technology was available.

Cyber Smart Week, from October 14-18, aims to raise awareness of cyber security and help people understand how to keep safe online.

Source link

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity

The post #computersecurity | 187 million emails sent every 60 seconds SeniorNet boss tells Timaru appeared first on National Cyber Security.

View full post on National Cyber Security

#Hacker Steals $13.5 Million From #Bancor #Cryptocurrency #Exchange

In a statement published hours ago, Israeli-based cryptocurrency exchange Bancor fessed up to a security incident following which a hacker made off with roughly $13.5 million worth of cryptocurrency.

The hack took place yesterday, July 9, at 00:00 UTC, according to Bancor, after an unknown intruder(s) gained access to one of the company’s wallets.

This was a big deal because Bancor doesn’t run as a classic exchange platform, but uses a complex mechanism based on smart contracts running on the Ethereum platform to move funds at a quicker pace than classic exchange platforms.

The compromised wallet also granted the attacker access to updating the smart contracts responsible for converting user funds.

Bancor says the hacker used this access to withdraw 24,984 Ether (ETH) coins (~$12.5 million) from Bancor smart contracts and sent the Ether to his own private wallet.

Similarly, he also withdrew 229,356,645 Pundi X (NPXS) coins, worth another $1 million.

Security feature prevents theft of another $10 million

The hacker also withdrew 3,200,000 Bancor tokens (BNT) (worth around $10 million), which Bancor had issued last year as part of its ICO that raised over $150 million, but Bancor says a security feature in Bancor tokens allowed it to freeze the funds and prevent the hacker from cashing it out at other exchanges.

“It is not possible to freeze the ETH and any other stolen tokens,” Bancor says. “However, we are working together with dozens of cryptocurrency exchanges to trace the stolen funds and make it more difficult for their thief to liquidate them.”

Bancor said the hacker didn’t compromise any user wallets. The theft appears to have affected only Bancor’s reserves, which the company held to facilitate the cryptocurrency exchange process.

Bancor did not reveal how the hack took place but promised more updates in the following days via its website and its Twitter account. Bancor’s platform is currently down and undergoing maintenance work.

Last year, a security researcher criticized the Bancor platform for using smart contracts that contained several security flaws.

Below is Bancor’s initial statement regarding yesterday’s security breach.



The post #Hacker Steals $13.5 Million From #Bancor #Cryptocurrency #Exchange appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

A #Basic Z-Wave #Hack #Exposes Up To 100 #Million Smart #Home #Devices

So-called “smart” locks and alarms are proliferating across people’s homes, even though hackers have shown various weaknesses in their designs that contradict their claims to being secure.

Now benevolent hackers in the U.K. have shown just how quick and easy it is to pop open a door with an attack on one of those keyless connected locks. And, what’s more, the five-year-old flaw lies in software that’s been shipped to more than 100 million devices that are supposed to make the home smarter and more secure. Doorbells, bulbs and house alarms are amongst the myriad products from 2,400 different vendors shipping products with the flawed code. Tens of millions of smart home devices are now vulnerable to hacks that could lead to break-ins or a digital haunting, the researchers warned.

For their exploits, the researchers – Ken Munro and Andrew Tierney from Pen Test Partners – focused on the Conexis L1 Smart Door Lock, the $360 flagship product of British company Yale. As relayed to Forbes ahead of the researchers’ report, Munro and Tierney found a vulnerability in an underlying standard used by the device to handle communications between the lock and the paired device that controls the system. The flaw meant the communications could be intercepted and manipulated to make it easy for someone in the local area to steal keys and unlock the door.

The problematic standard was the Z-Wave S2. It provides a way for smart home equipment to communicate wirelessly and is an update from an old protocol, Z-Wave S0, that was vulnerable to exploits that could quickly grab those crucial keys. Indeed, they were “trivial” to decrypt, according to Pen Test Partners’ research.

Z-Wave S2 is more secure than S0. It comes with a method for sharing keys known as the Diffie-Helmann exchange; it’s a highly-regarded, tested method for ensuring that the devices shifting keys between one another are legitimate and trusted. But whilst the Yale device, purchased by Munro and Tierney just a couple of weeks ago and kept up to date, used that S2 protocol, the researchers found it was possible to quickly downgrade the device to the older, much less secure key-sharing mechanism.

During the period when a user paired their controller (such as a smartphone or smart home hub) with the device, Munro and Tierney could ensure the less-secure S0 method was used. From there, they could crack the keys and get permanent access to the Yale lock and therefore whatever building it was protecting, all without the real user’s knowledge. They believe they could carry out their attack, dubbed Z-Shave, from up to 100 meters away.

“It’s not difficult to exploit,” Munro said. “Software Defined Radio tools and a free software Z-Wave controller are all that’s needed.” In 2016, hackers created a free program designed to exploit Z-Wave devices called EZ-Wave.

Yale owner ASSA ABLOY said it understood the Z-Wave Alliance was conducting an investigation into the matter and was in close contact. ASSA ABLOY will also be conducting its own investigation, a spokesperson said, adding that it was “constantly updating and reviewing products in line with the latest technologies, standards and threats.”

No updates?

Munro told Forbes it should be possible to update many Z-Wave-based devices with a wireless update of both the app and the device. “However, it’s an issue with the Z-Wave standard, so would require a massive change by the Alliance, then an update pushed to all devices that support S2, which would likely stop them working with S0 controllers. And there are hardly any S2 controllers on the market. None in the U.K.,” he added.

Silicon Labs (SiLabs), the $4.5 billion market cap firm that owns the Z-Wave tech, admitted “a known device pairing vulnerability” existed. But it didn’t specify any upcoming updates and downplayed the severity of the attack, adding “there have been no known real-world exploits to report.”

The company referred Forbes to the first description of the S0 decryption attack, revealed way back in 2013 by SensePost, which determined the hack wasn’t “interesting” because it was limited to the timeframe of the pairing process. As a result, SiLabs said it didn’t see the S0 device pairing issue “as a serious threat in the real world” as “there is an extremely small window in which anyone could exploit the issue” during the pairing process, adding that a warning will come up if a downgrade attack happens. “S2 is the best-in-class standard for security in the smart home today, with no known vulnerabilities,” the spokesperson added, before pointing to a blog released by SiLabs Wednesday.

Munro said it would be possible to set up an automated attack that would make it more reliable. “It should be easy to set up an automated listener waiting for the pairing, then automatically grab the key,” he said.

The company said the problem existed because of a need to provide backwards compatibility, as a spokesperson explained: “The feature of S2 in question – device pairing – requires both devices have S2 to work at that level. But of course the adoption of this framework across the entire ecosystem doesn’t happen overnight. In the meantime, we do provide the end user with a warning from the controller or hub if an S0 device is on the network or if the network link has degraded to S0.”

Munro was flabbergasted at the vendor’s overall response. “After attempting responsible disclosure and getting little meaningful response, on full disclosure Z-Wave finally acknowledge that it’s been a known issue for the last few years. Internet of Things (IoT) devices are at their most vulnerable during initial set-up. S2 Security does little to solve that problem.”


The post A #Basic Z-Wave #Hack #Exposes Up To 100 #Million Smart #Home #Devices appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Russian #hackers could #instantly cut #off the #internet for #half a #million people

Russian hackers have infected more than half a million routers across 54 countries with sophisticated malware that contains a killswitch to instantly cut internet access to users, security researchers have revealed.

The VPNFilter malware also allows attackers to monitor the web activity of anyone using the routers, including the their passwords, potentially opening up the possibility of further hacks.

“Both the scale and capability of this operation are concerning,” William Largent, a researcher at the cybersecurity firm Talos, said in a blogpost describing the vulnerability.

“The destructive capability particularly concerns us. This shows that the actor is willing to burn users’ devices to cover up their tracks, going much further than simply removing traces of the malware.”

The malware has been attributed to a group of Russian hackers, who are variously known as Sofacy Group, Fancy Bear and Apt28. The group has been in operation since the mid-2000s and has previously been blamed for attacks ranging from the Ukrainian military to the 2017 French elections.

Security researchers tell The Independent that the discovery of the malware highlights a broader issue of how vulnerable internet-connected infrastructure is to cyber attacks.

“No longer can we afford to keep our critical infrastructure connected to, and therefore directly accessible to, the internet,” said Eric Trexler, vice president of global governments and critical infrastructure at cybersecurity firm Forcepoint.

“VPNFilter proves that time tested military techniques such as network segregation not only makes sense, but is required if we expect industrial services to remain resilient in the face of sophisticated and persistent attacks.”

Routers found to be vulnerable to the VPNFilter malware include Linksys, MikroTik, Netgear and TP-Link, all of which are often used in homes or small offices. The researchers say they have not yet completed their research but they are making it public now to draw attention to it.

“Defending against this threat is extremely difficult due to the nature of the affected devices,” Mr Largent said.

“The majority of them are connected directly to the internet, with no security devices or services between them and the potential attackers.”

The FBI responded to the revelations by granting court permission to seize a web domain believed to be in control of the Russian hackers.

“This operation is the first step in the disruption of a botnet that provides the Sofacy actors with an array of capabilities that could be used for a variety of malicious purposes, including intelligence gathering, theft of valuable information, destructive or disruptive attacks, and the misattribution of such activities,” Assistant Attorney General for National Security John Demers said in a statement on Wednesday.


FBI Special Agent Bob Johnson added: “Although there is still much to be learned about how this particular threat initially compromises infected routers and other devices, we encourage citizens and businesses to keep their network equipment updates and to change default passwords.

The post Russian #hackers could #instantly cut #off the #internet for #half a #million people appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Under Armour #admits 150 #million #MyFitnessPal #accounts were #hacked

Under Armour said on Thursday that data from some 150 million MyFitnessPal diet and fitness app accounts was compromised in February, in one of the biggest hacks in history, sending shares of the athletic apparel maker down 3 percent in after-hours trade.

The stolen data includes account user names, email addresses and scrambled passwords for the popular MyFitnessPal mobile app and website, Under Armour said in a statement. Social Security numbers, driver license numbers and payment card data were not compromised, it said.

It is the largest data breach this year and one of the top five to date, based on the number of records compromised, according to SecurityScorecard.

Larger hacks include 3 billion Yahoo accounts compromised in a 2013 incident and credentials for more than 412 million users of adult websites run by California-based FriendFinder Networks Inc in 2016, according to breach notification website

Under Armour said it is working with data security firms and law enforcement, but did not provide details on how the hackers got into its network or pulled out the data without getting caught in the act.

While the breach did not include financial data, large troves of stolen email addresses can be valuable to cyber criminals.

Email addresses retrieved in a 2014 attack that compromised data on some 83 million JPMorgan Chase customers was later used in pump-and-dump schemes to boost stock prices, according to U.S. federal indictments in the case in 2015.

Under Armor said in an alert on its website that it will require MyFitnessPal users to change their passwords, and it urged users to do so immediately.

“We continue to monitor for suspicious activity and to coordinate with law enforcement authorities,” the company said, adding that it was bolstering systems that detect and prevent unauthorized access to user information.

Under Armour said it started notifying users of the breach on Thursday, four days after it first learned of the incident.

Under Armour bought MyFitnessPal in 2015 for $475 million. It is part of the company’s connected fitness division, whose revenue last year accounted for 1.8 percent of Under Armour’s $5 billion in total sales.


The post Under Armour #admits 150 #million #MyFitnessPal #accounts were #hacked appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Private #Equity Giants Buy #Cybersecurity #Firm for $400 #Million

Source: National Cyber Security News

The trend of private equity firms snapping up cybersecurity businesses continues.

BlackRock and Pamplona Capital Management have jointly acquired PhishMe, a cybersecurity company based in Leesburg, Va., in a deal that valued the firm at $400 million.

Pamplona has purchased a two-thirds stake in the business, while BlackRock has bought the remainder, a person familiar with the terms of the deal told Fortune.

In addition to the change in ownership, PhishMe on Monday rebranded itself as “Cofense.” The new name derives from a combination of “collaborative” (or “collective”) and “defense.”

Rohyt Belani, CEO and cofounder of the company now called Cofense, said the executive team decided to sell the business to allow “early investors to cash out, and for employees and common stock holders to partake in the spoils.” The company was last privately valued at roughly $200 million after its most recent fundraising round in July 2016, according to Pitchbook, a database that tracks venture capital deals.

The cybersecurity industry benefited from a flurry of VC activity as big data breaches made headlines over the past few years. A recent pullback in funding, however, has left a glut of companies struggling to find new means of financing.

Read More….


View full post on National Cyber Security Ventures

Hackers #steal $64 #million from #cryptocurrency firm #NiceHash

A Slovenian cryptocurrency mining marketplace, NiceHash, said it lost about $64 million worth of bitcoin in a hack of its payment system, the latest incident to highlight risks that uneven oversight and security pose to booming digital currencies.

NiceHash matches people looking to sell processing time on computers in exchange for bitcoin.

There have been at least three dozen heists on exchanges that buy and sell digital currencies since 2011, including one that led to the 2014 collapse of Mt. Gox, once the world’s largest bitcoin market.

More than 980,000 bitcoins have been stolen from exchanges, which would be worth more than $15 billion at current exchange rates. Few have been recovered, leaving some investors without any compensation.

The hacks have not kept demand for digital currencies from soaring. Bitcoin’s value has climbed more than 15-fold so far this year, closing at a record $16,000 on the Luxembourg-based Bitstamp exchange on Thursday, ahead of this weekend’s launch of bitcoin futures by CBOE.

Security experts said they expect the cyber-crime spree to pick up as the rising valuations attract interest from cyber criminals looking for victims that lack experience defending against hacks.

“These exchanges are not in my opinion secure,” said Gartner security analyst Avivah Litan. “You don’t know what their security is like behind the scenes.”

NiceHash executive Andrej P. Škraba told Reuters that his firm was the victim of “a highly professional” heist that yielded about 4,700 bitcoin, worth around $64 million.

Sophisticated criminal groups are increasingly targeting the cryptocurrency industry, focusing on exchanges and other types of firms in the sector, said Noam Jolles, a senior intelligence specialist with Israeli cyber-security company Diskin Advanced Technologies.

“The most sophisticated groups are going into this area,” she said.

NiceHash, which advised users to change online passwords after it halted operations on Wednesday, has provided few other details about the attack on its payment system.

“We ask for patience and understanding while we investigate the causes and find the appropriate solutions for the future of the service,” it said on its website.

It was unclear whether customers faced any losses from the hack.

Slovenian police said they were looking into the hack, but declined to elaborate.

View full post on National Cyber Security Ventures