now browsing by tag
#sextrafficking | Post wrongly says Trump created ‘child protective force’ :: WRAL.com | #tinder | #pof | #match | romancescams | #scams
By Madison Czopek, PolitiFact reporter A social media post says that President Donald Trump is underappreciated for his actions to help missing children. “You people hate on Trump but he […] View full post on National Cyber Security
Match Group (MTCH) to Post Q2 Earnings: What’s in the Cards? – July 31, 2020 | #tinder | #pof | romancescams | #scams
Match Group, Inc. (MTCH – Free Report) is slated to report second-quarter 2020 results on Aug 4. Due to COVID-19 related uncertainties prevailing in the market, the company hasn’t provided […] View full post on National Cyber Security
#nationalcybersecuritymonth | Agencies Post Opportunities for Reskilling Academy Grads to Use Their New Cyber Skills
As the Trump administration works to reskill current federal employees to meet the workforce needs of the 21st century, lead agencies are now making sure there are jobs for those trainees to transition to—at least temporarily.
Wednesday, the Office of Management and Budget and Office of Personnel Management, in conjunction with the Federal Chief Information Officers Council, announced the first wave of “temporary detail opportunities.” Nine positions were posted to the Open Opportunities job board, where current federal employees can find temporary or part-time work with other agencies to improve their skills.
While the details are open to any qualified federal employee, the latest push is intended to create opportunities for graduates of the Cyber Reskilling Academy.
“We cannot overcome the shortage in the federal cybersecurity workforce overnight,” Federal CIO Suzette Kent said Wednesday in a statement. “By continuing to invest and support reskilling programs, coupled with hands-on opportunities to apply those skills, the federal government is positioning itself to strengthen our cybersecurity workforce capabilities.”
The Reskilling Academy launched in April 2019 with an initial cohort of 25 students, plucked from more than 2,000 applicants from across government with no prior cybersecurity or IT background. Those students went through 13 weeks of training and came out the other side with a set of basic cyber defense skills. However, due to the nature of the federal employment hierarchy—known as the General Schedule—those graduates were not able to immediately transition to cybersecurity jobs.
OMB recognized the job placement issue and began looking at ways to move the program forward, including first broaching the idea in October of using Open Opportunities.
“By serving as a governmentwide bulletin board for short-term assignments, details and training opportunities around the federal government, Open Opportunities will help agencies tap into the valuable talent and skills we already have and are developing within government,” said OPM Director Dale Cabaniss.
The postings that went live Wednesday do not give specific timeline for the details. However, back in October, OPM Principal Deputy Associate Director for Employee Services Veronica Villalobos told Nextgov the agency was looking at nine-month tours.
Three agencies—Homeland Security’s Cybersecurity and Infrastructure Security Agency, the Veterans Affairs Department and the Environmental Protection Agency—posted nine openings Wednesday to Open Opportunities, most with multiple positions available.
The posts contain a brief description of the office seeking assistance, a rundown of the tasks the employee will be asked to perform and a list of skills they should expect to leave with when the detail is done.
Most of the openings focus on policy and security assessments. For example, the VA opportunity is for a “junior IT specialist to prepare, deploy and transition DOD/VA electronic health records.” In this role, the detailee will work with the Office of Electronic Health Record Modernization to review documentation for the authority to operate—a certification verifying a baseline of cybersecurity for an application—and make edits and recommendations, as needed.
Similarly, CISA has two to five openings for GS-12 to GS-15 employees to serve as cyber policy and strategy planners. The position “[d]evelops policies and plans and/or advocates for changes in policy that support organizational cyberspace initiatives or required changes/enhancements,” per the posting, which cites the job description directly from the National Initiative for Cybersecurity Education, or NICE.
The administration is also looking to expand the Reskilling Academy outside of OMB. In the president’s 2021 budget proposal, OMB directed departments to include funding for a distributed reskilling effort run independently out of each agency but based on the central Reskilling Academy model. Per the plan, the administration hopes to reskill some 400,000 federal employees in cybersecurity, data science and other technology-focused areas.
View full post on National Cyber Security
2019 has been a total disaster regarding security considerations. According to a report published by Risk Based Security (via Forbes), there were more than 3,800 reported breaches during the first half of the year, and three of them made it to the 10 largest of all time.
Data leaks are as common now as the vagaries of the weather. Withstanding such a storm is a tough challenge, especially for young companies that are too short of money to build a strong defense against digital villainy.
It’s possible, though. Here is the security guide based on the experience of the startup I work with, focusing on the options that will go at each maturity stage and won’t conflict with the future add-ins.
Nothing To MVP
You’re probably not sure yet if your business is going to raise any investments. In my opinion, your best choices are cheap or free.
• Application security: From my experience, hashing the user’s credentials is essential here. Also, you might not want to store credit card information for now. It’s in the scope of PCI compliance, a set of regulations too hard to chew with limited money.
• Infrastructure security: You should exploit managed services like Google Cloud, Microsoft Azure or Amazon Web Services and configure them properly. Use separate accounts for production and other environments, enclose everything in a virtual private cloud (VPC) and limit the number of IPs that can access the environment.
Other great steps are to move your production configurations out of the code and into a separate repository and enforce multifactor authentication (MFA) on all services that engineers work with.
Also, don’t forget to restrict access to the production server and database, organizing everything through Continuous Integration tools like Jenkins or TeamCity.
• People security: Hire a reliable development and operations engineer to be sure that sensitive accesses are in good hands. Running secure coding training for your engineers will also be beneficial, as one day of their time can save your company. Additionally, a measure as simple as encrypting their laptops and providing them with antivirus software can be a life-saver if some of the gadgets get lost in a coffee shop.
MVP To Seed
You’re still short of funding but already have customers and want to secure their data properly. I believe you should keep focusing on less expensive but impactful measures.
• Application security: You should enforce a password policy for your users and run at least one penetration test, which could help you uncover hidden security breaches. Another good practice is to maintain the OWASP Top 10 status of your app. It’s a regularly updated report on concerns for web security.
• Infrastructure security: Back up your databases, encrypt data in transit and make critical resources only available through the private VPN. These steps are simple but can save the company.
• People security: Your goal here should be to set up basic onboarding and offboarding procedures. You’ll want to revoke all the access to sensitive data when people leave your stronghold. Enforcing password management policy would be useful as well.
Another good step is running engineering-oriented security awareness training. In critical circumstances, everyone should know what to do by heart.
Seed To Series A
You are in an active development phase, might have some money and could have up to 15 engineers in the house. From my experience, this is an excellent time to establish security policies and procedures without losing flexibility.
• Application security: Running application penetration tests should be a habit at this point, but don’t hesitate to change your test vendors sometimes. It will give you fresh eyes on your safekeepings. Also, you should encourage your engineers to follow the Secure Development Lifecycle. From now on, security is at the front and the center of your company.
• Infrastructure security: You might want to become a bit paranoid at this stage since your company could start attracting predators’ attention, so stop sharing any accounts. Everyone accessing the resource should have their own account with the minimally acceptable permissions. You’ll also want to run an infrastructure penetration test regularly and make a disaster recovery procedure. It’s vital to have a plan if something goes south.
Additionally, you’d want to know about any unauthorized attempt to access your servers. A host-based intrusion detection system should help you with that, while a vulnerability scanner should reveal weaknesses in your servers and remind you to keep their software up to date.
• People security: It’s time to get your team through a series of drills. Make an incident response policy and perform a few exercises by simulating an “end of the world” scenario. In addition, run a risk assessment exercise and carry out the company-wide security awareness program. Your nontechnical employees should know what “phishing email” means.
You’ll also want to control every workstation in your company and ensure they have antiviruses, the latest security updates, screen locking timeouts and so on. Any mobile device management software will be of help.
You have a large staff and hordes of happy customers. Hence, you’ve become a tidbit for cybercriminals. I believe there is no better time for serious reinforcements.
• Application security: In my opinion, running a bug bounty program is a must-have here. White-hat hackers are the best at finding vulnerabilities in the software — except for regular hackers, of course. To detect the actual malicious activity in time, use any good application performance monitoring tool. You can also enforce the application change management procedure. Any change in your production systems and infrastructure should get extra approval from one more person.
• Infrastructure security: Use a security information and event management tool. Configure it to receive all security notifications from your servers, vulnerability scanners, intrusion detection systems and so on.
• People security: It would be beneficial to hire an IT team and arm it with the security event monitoring tool in order to manage and control all of your employees’ workstations.
Finally, use centralized account management for providing and revoking system access during onboarding and offboarding.
The modern age provides you with plenty of means to protect your business, and many of them require no more investments than your time. The only hitch is to apply them at the right moment.
You can never be immune to all kinds of hazards, but minimizing their chances of knocking you out is within your reach.
The post Council Post: Cyber Security For Startups: A Step-By-Step Guide appeared first on National Cyber Security.
View full post on National Cyber Security
A woman said her email account was hacked. She told Lee County Sheriff’s Office that she is not being threatened by an unknown suspect with her own photographs.
The woman believed the person found her email address on Facebook.
“Revenge porn is a form of harassment. It’s a form of abuse,” Elizete Velado said. Velado is an attorney at Goldberg and Noone in Downtown Fort Myers.
Velado’s firm is not involved with this particular case. However, she told 4 In Your Corner revenge porn has been a problem for years.
“It’s really important for people to remember it’s not the victim’s fault when someone breaks into their computer,” Velado said. “Breaking into your computer is like breaking into your home,” she added.
The victim told investigators she was bombarded with messages. The unknown person wanted her to pay up. She told the deputy that the person would post the nude pictures of her.
Hackers like the one in this case have stayed slightly ahead of the laws.
“It’s very difficult for the law to keep up with emerging technology and sexual cyber stalking takes many forms,” Velado added.
Florida has laws against sexual cyber stalking. It allows victims to get compensated.
Arrests are few and far between because hackers hide behind IP addresses and proxy servers.
Velado hopes future laws will bring about justice.
“It’s great that we finally got national attention on this. It is an issue that needs to be dealt with. The people that are doing this need to be held accountable,” Velado said.
The woman in this case plans to press charges if and when the suspect is found. She submitted screenshots of the messages to investigators.
The post Hacker gets #woman’s #nude pics, #threatens to #post them #online appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
After a chance encounter with a stranger at the grocery store, one mom is sharing an important lesson with her fellow parents.
Media personality and mom of three, Jaime Primak Sullivan, wrote a Facebook post about finding perspective amid the chaos of parenting.
In the post, Sullivan explained she was sleep-deprived the day after the presidential election and struggling to keep her two youngest children calm in a new grocery store.
“Max, Charlie and I walked in, and immediately they saw flowers, then balloons, then free samples,” she recalled.
The post Powerful Post Reminds Parents To Enjoy The Noise While They Can appeared first on Parent Security Online.
View full post on Parent Security Online
Hackers steal sex tape from Virgin Islands Congressional delegate and post it online two weeks before she runs for re-election
A sex tape and nude photos of the Virgin Islands’ delegate to Congress and her husband were posted online briefly by hackers before they were removed. Democratic Rep. Stacey Plaskett, 52, said that it is a ‘shockingly disgusting’ invasion of her privacy for the sex tape and nude images, including a topless photo, were stolen […]
View full post on National Cyber Security
Hacking group AnonSec has claimed that it has posted files on Pastebin that is managed to copy from servers belonging to Nasa. The group also claimed to have taken control of a Nasa drone. The files are said to include names, phone numbers and email addresses of 2414 NASAemployees, as well as more than 2000 flight logs and 600 video feeds from the agency’s aircraft fleet. AnonSec put the files on the web and explained how it managed to do it. The hackers said that it had bought access to a Nasa server from someone it identified as “Ghosts”. It dubbed the alleged hack “OpNasaDrones” and made the claim that it had even attempted to crash a Nasa Global Hawk drone. The data theft is alleged to have begun in 2013 over a period of several months. The group managed to find admin names and default passwords to remotely access servers. “People might find this lack of security surprising, but it’s pretty standard from our experience,” the group wrote on Pastebin. “Once you get past the main lines of defence, it’s pretty much smooth sailing propagating through a network as long as you can maintain access. Too many corporations and […]
For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com
The post Hackers claim to post 250gb of NASA data on the internet appeared first on National Cyber Security.
View full post on National Cyber Security