now browsing by tag


#childpredator | Fact check: No evidence to support QAnon claims of mass arrests, military takeover, illegitimacy of Biden’s presidency or Trump’s return to power | #parenting | #parenting | #kids

#childpredator | Fact check: No evidence to support QAnon claims of mass arrests, military takeover, illegitimacy of Biden’s presidency or Trump’s return to power | Parent Security Online […] View full post on National Cyber Security

#infosec | Ransomware Attack at US Power Station

Source: National Cyber Security – Produced By Gregory Evans

A Massachusetts power station hit by ransomware is refusing to meet attackers’ financial demands.

The Reading Municipal Light Department (RMLD) was targeted on Friday by cyber-criminals hoping to extort money by encrypting data in the station’s computer system. Unfortunately for them, station bosses opted to hire an outside IT consultant to help them deal with the ransomware infection instead of paying for the return of their files.

RMLD said that its IT team had been working tirelessly since Friday to identify and isolate the problem, which was believed to have been contained by yesterday afternoon. Outside help was brought in to make doubly sure that all traces of the malware had been removed.

After attackers drove the electricity provider off their website, RMLD took to Twitter earlier today to spread news of the ransomware attack.

From their account @readinglight, the company posted: “RMLD’s website, http://rmld.com, is currently unavailable due to a widespread issue our vendor is experiencing. There is no ETA for a resolution at this time. This issue is affecting multiple city and town websites in MA. Updates will be shared as they become available.”

Electricity services were not interrupted by the attack, and RMLD said that the grid remains secure.

RMLD said that there were no indications that customers’ financial data had been compromised as a result of the attack. Information regarding customers’ bank accounts and credit cards is stored in a separate system managed by third-party provider Invoice Cloud.

Online payments remained unaffected by the ransomware attack, as they are handled by Invoice Cloud. RMLD said that prompt payment discounts will be honored despite a potential delay in the carrying over of payments from Invoice Cloud to RMLD’s billing system.

Customer data that may have been exposed in the attack includes names, addresses, email addresses, and records of how much electricity an individual has accessed. 

RMLD has not confirmed how the ransomware entered their computer system, nor has the electricity provider stated how much money was requested by the attackers.    

According to records obtained by NBC10 Boston, 1 in 6 Massachusetts communities have been targeted by ransomware and at least 10 communities have used taxpayers’ money to recover encrypted data.


#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity

Source link

The post #infosec | Ransomware Attack at US Power Station appeared first on National Cyber Security.

View full post on National Cyber Security

Unlocking the power of Sophos Central API – Sophos News

Source: National Cyber Security – Produced By Gregory Evans

Last year I wrote about how the Sophos Security Team uses a variety of data streams to help give context to its threat hunting data.

One of those data streams is from our very own Sophos Central, but we have always used an unsupported method to obtain it, until now. The Sophos Security Team is super excited to let you know that the Sophos Central API has been officially released!

This means there’s now a supported method to get tenant information from Sophos Central, and it will help provide context to other security logs you may be monitoring in your estate.

We are also sharing our Sophos Central API Connector Python Library to help you get the information quickly using your Sophos Central API keys.

Let’s dig deeper into how the data is used and obtained.

About the API

There are several steps required to begin querying endpoint and event information from the Sophos Central API. You will need to create and securely store a client ID and client secret to access the API for your tenant(s). We can’t stress enough how important it is to store these keys securely.

Here’s the basic concept of the authorization process:

  1. Authorize and obtain a bearer token for OAuth2 using your client ID and client secret.
  2. Authenticate with the whoami api to get your partner, organization or tenant ID using the bearer token.
  3. If you are a partner or organization, you can obtain all your tenant ID information for your different estates using the specific API.

Once you have your tenant IDs and their associated data region API host, you can begin to get endpoint or event data for those tenants. In this article we’ll focus on two APIs: GET /alerts and GET /endpoints.

GET /endpoints
The Endpoint API focuses on querying computer and server endpoints. It allows you to perform routine actions on them such as gathering system information, performing or configuring a scan, gathering or changing the tamper-protection state, triggering an update, or deleting an endpoint. When using the GET /endpoints path this will get all the endpoints for the specified tenant.

GET /alerts
The Common API is the interactive alert management for open alerts and allows you to act on them. The GET /alerts functionality, which is part of the Common API, fetches alerts which match the criteria you have specified in the query parameters.

Once you have the allowed actions from the alert, you can post to perform an action for that event. Alternatively, there is a path to post a search for specific event criteria, or search for alerts for a specific endpoint ID.

For information on how to create your API keys and more detailed information on the APIs themselves, have a look at the Sophos Central API developer site.

All of this is important to know, but how does the Sophos Security Team obtain and use this data?

What we use the data for

The information obtained from Sophos Central API, coupled with other security/applications logs in our SIEM, allows us to enrich our security use cases. This lets us pinpoint the more serious events and swiftly act on these.

It also aids automation, allowing the flows to act on events and obtain more information from Central on a specific given device. This offers greater insight to the health state of the machine. Not only that – given the alert type, you can clean or delete detections, trigger a new scan, or see which systems you need to focus on in an incident.

We plan to offer even more data and functionality over the coming months. I would encourage you to keep an eye on our What’s New page for further announcements.

Sophos Security Team Central API Connector Library

Our goal when developing the API Connector Library was to make it easy for our team to utilize the Sophos Central API in our various security use cases.

We then realized the library would also be useful for you, our customers, to help you begin ingesting data into your SIEM, or simply obtaining the data so you could see what you could do with it.

So that’s exactly what we have done! The library is now available. You can access it from:

  • PyPI – pip install sophos-central-api-connector
  • GitHub

Alongside the library, we have a sophos_central_main.py which has been written to get the inventory or alert data from Sophos Central API using the CLI.

There are four output options available using the CLI:

  • stdout: Print the inventory information to the console.
  • json: Save the output of the request to a json file.
  • splunk: This will send the data to Splunk with no changes made and apply the settings from the token configuration.
  • splunk_trans: Using this output will apply the information set in the splunk_config.ini for the host, source, and sourcetype. This will override the settings in the token configuration. However, it will not change the Index that the data should be sent to.

I will cover the functionality with an example command, but first we need to cover the different config files it uses.

Configuration Files


The majority of the variables contained in this config file must remain static to maintain the correct functionality of the Sophos Central API Connector. However, there are two variables which can be changed if you’d prefer default behavior to be different.

DEFAULT_OUTPUT: This variable is set to ‘stdout’ so if no output argument is passed to the CLI, results will be returned to the console. You can change this to be another valid value if desired.

DEFAULT_DAYS: This variable is set to ‘1’ if no days argument is passed in certain scenarios. This default is also used for the default number of days passed for polling alert events. More on this to follow below.


While you can set static API credentials in this configuration, we strongly advise that this is only done for testing purposes. Where possible, use AWS Secrets Manager to store your credential ID and token.

You can access your AWS Secrets by configuring your details as below:

secret_name: <secret_name>
region_name: <aws_region>
client_id_key: <specified_key_name>
client_secret_key: <specified_key_name>

The page size configuration is the number of events you would like to appear per page when querying the Sophos Central API. You may specify maximum page sizes, which will be checked during the execution of the connector. If these pages sizes are left blank, the default page sizes will be used as determined by the API.


This config is solely for admins who are sending the alerts and inventory directly to Splunk. There are options for both static token information as well as an option to use the AWS Secrets Manager. We would recommend that the static entry option is only used for testing purposes and the token is stored and accessed securely.

Information on how to enable and setup the Splunk HTTP Event Collector can be found in the HTTP Event Collector documentation.

Example Commands

Once you have set up your config files, you can start see what data you have.

To display syntax help information:

‘python <path to file>/sophos_central_main.py --help’

To get your tenant information:

‘python <path to file>/sophos_central_main.py --auth <auth_option> --get tenants’

To get inventory data:

‘python <path to file>/sophos_central_main.py --auth <auth_option> --get inventory --output <output_option>’

If you wish to just get the inventory for one specific tenant, then the syntax is the following:

‘python <path to file>/sophos_central_main.py --auth <auth_option> --get inventory --tenant <tenant_id> --output <output_option>’

You can use the tenant ID displayed when the get tenant query was run.

As with the option for “get inventory”, you can retrieve alerts for a specific tenant or all tenants. In addition, you can specify the number of days’ worth of alerts you would like to pull back by using the days parameter.

Sophos Central holds event data for 90 days, so when passing the days argument, you can specify days as an integer from 1 to 90. If no argument for the number of days is passed, a default of one day is set, or to whatever was set in the ‘default_days’ in the sophos_central_api_config.py file.

To get the alert data run:

‘python <path to file>/sophos_central_main.py --auth <auth_option> --get alerts --days <integer: 1-90> --output <output_option>’

Because alerts could come into Central at varying times depending on when the machine sends the information back, we needed a way to see what alerts had already been sent to our SIEM. When passing the polling option, a list of successful events will be maintained to prevent duplicates from being sent to the SIEM.

To run the polling option:

‘python <path to file>/sophos_central_main.py --auth <auth_option> --get alerts --days <integer: 1-90> --poll_alerts --output <splunk or splunk_trans>’

There is no polling option for the “get inventory” functionality, as the data for all systems should be returned to obtain a full inventory. This is because the data for each machine can change each time the CLI is run, or simply get specific endpoint id inventory data if required.

Why the Sophos Security Team is excited about Sophos Central API

We love the flexibility Sophos Central API offers, and how it allows us to bring more context to our other logs. We’ve been able to instantly get an idea of the host health and whether there have been any recent detections. Plus, alerts and devices are really easy to maintain from Central.

It’s safe to say that the Security Team has given the API a big thumbs up already, and we hope that you find the Sophos Central API Connector Python Library useful too.

Keep an eye out for more features in the future as Sophos Central API continues to be updated.

Source link

The post Unlocking the power of Sophos Central API – Sophos News appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Bernie Sanders is right, it’s time to redistribute economic power | Mathew Lawrence | Opinion

Source: National Cyber Security – Produced By Gregory Evans

Oligarchy rules the United States: the republic has been ransacked, its commonwealth privatised, and rentierism runs amok. The richest 10% of Americans capture an estimated 97% of all capital income – including capital gains, corporate dividends and interest payments. Since the financial crisis of 2008, almost half of all new income generated in the US has gone to the top 1%. The three wealthiest people in the US now own more wealth than the bottom 160 million Americans. And the richest family in America – the Walton family, which inherited about half of Walmart’s stock – owns more wealth than the bottom 42% of the American people.

The case for bold action is clear and overwhelming. Only a deep reconstruction of economic and political rights can challenge oligarchic power and halt runaway environmental breakdown. Fortunately, Bernie Sanders has just announced a new plan that matches the scale of the crisis.

His announcement on Monday of the corporate accountability and democracy plan is the latest and boldest proposal for economic democracy in America to emerge from the Democratic presidential race. At its core, it seeks to democratise the company by redistributing economic and political rights within the firm away from external shareholders and executive management toward the workforce as a collective. This is about redistributing wealth and income, but critically, it is also about redistributing power and control. Democratising the company would transform it from an engine of wealth extraction and oligarchic power toward a genuinely purposeful, egalitarian institution, one where workers would have a collective stake and say in how their company operates, and would share in the wealth they create together.

The Sanders plan would transform and democratise economic and political rights by fundamentally rewiring ownership and control of corporate America. Companies would be required to share corporate wealth with their workers, transferring up to 20% of total stock over a decade to democratic employee ownership funds. The monopoly on voting rights that private external shareholders and their financial intermediaries have benefited from would be ended; employees would be guaranteed the right to vote on corporate decision-making at work, and have a voice in setting their pay, regardless of the kind or size of company or firm they work for. Corporate boards would be democratised, with at least 45% of the board of directors in any large corporation directly elected by the firm’s workers. And the outrageous power of asset management – whose actions have done so much to accelerate the climate crisis by continuing to invest heavily in fossil fuel companies – would be ended. Asset managers would be banned from voting on other people’s money – the collective savings of millions of ordinary workers – unless following clear instructions from the savers.

Taken as a whole, Sanders’s plan would radically re-engineer how the company is controlled and for whom. The echoes with Labour’s agenda for democratising economic power is obvious, particularly John McDonnell’s inclusive ownership fund proposal, and further evidence of an increasingly fertile transatlantic pollination of ideas and practice, from the Green New Deal to movement building. Common Wealth, the thinktank that I am the director of, is another example of this, committed to designing ownership models for the democratic economy on both sides of the Atlantic. In this, at least, there is much to learn from the right; Anglo-American conservatism and the new right have long shared intellectual and organisational resources and common aims, from the incubation of neoliberalism, to current salivations over a disaster capitalism-style US-UK trade deal. It is time progressives did the same.

An emphasis on reimagining ownership and governance is a vital step forward. We face two deep crises – environmental breakdown and stark inequalities of status and reward – both sharing a common cause: the deep, undemocratic concentration of power in our economy. Working people lack a meaningful stake and a say in their firm. Corporate voting rights are near-monopolised by a web of extractive financial institutions. The needs of finance are privileged over the interests of labour and nature. Tinkering won’t address this deep imbalance in power. To build an economy that is democratic and sustainable by design, we need to transform how the company operates and for whom.

For the left, remaking corporations must be at the heart of a radical agenda. The company is an extraordinary social institution, an immense engine for coordinating production based on a complex web of relationships. The critical question is who controls how it operates and who has a claim on its surplus. Today, the answer is a combination of shareholders, institutional investors and executive management; the company has been captured by finance and extractive economic practices, but it doesn’t have to be that way.

The company – and the distribution of rights within it – are neither natural nor unchangeable. There is nothing inevitable about the existing, sharply unequal distributions of power and reward within them. The company is a social institution, its rights and privileges publicly defined. We can organise it differently: through social control, not private dominion, via democracy, not oligarchy. Sanders’s announcement is an important step toward that democratisation, and the deeper economic reconstruction that both people and planet deserve.

Mathew Lawrence is director of the thinktank Common Wealth

Source link

The post #deepweb | <p> Bernie Sanders is right, it’s time to redistribute economic power | Mathew Lawrence | Opinion <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Cybersecurity at #power plants needs #advice it can #actually use

Source: National Cyber Security News

Security advisories for critical infrastructure like power plants often recommend patches. But in most cases, a report finds, the advice isn’t practical.

Imagine if every time you were sick, all your doctor did was tell you to take some medicine.

That’s it. No prescription, no details on what to take, when to take it, where to get it, or even whether you can take it. Just, “take medicine.” That’d be completely useless information.

This is essentially what vulnerability advisories for industrial controls have been like over the last year, according to a new report by Dragos. The cybersecurity company focuses on critical infrastructure, which includes everything from power plants to factories to water supplies.

Government officials have become increasingly worried about cybersecurity at critical infrastructure facilities. Attacks in recent years have shown that attackers can get access to power grids and factories. In 2016, Russian hackers causing a blackout in Ukraine.

On Wednesday, Dragos CEO Robert M. Lee testified before Congress during a Senate Energy and Natural Resources committee hearing on cybersecurity threats to critical infrastructure.

“I’m very confident the US government has a response if a major cyberattack were to occur,” Lee said.

Read More….


View full post on National Cyber Security Ventures

Cyber Warfare Is The Future – Has Our Power Grid Already Been Hacked?

Source: National Cyber Security – Produced By Gregory Evans

A report by internet security experts, Symantec, says that a hacking group called Dragonfly 2.0 has gained access to 20 power company networks. The American power grid has been hacked, but for some reason, the culprits restrained themselves from taking down the power like they did in Ukraine recently. The targets…

The post Cyber Warfare Is The Future – Has Our Power Grid Already Been Hacked? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity firm Symantec says hackers infiltrated power grid controls in America and abroad

Source: National Cyber Security – Produced By Gregory Evans

Attempts by hackers to break into the energy sector in the US and abroad have made headlines in recent months. According to a report by the cybersecurity firm Symantec, hackers have now successfully infiltrated power grid controls in the US and Turkey, and gained access to systems “that could provide…

The post Cybersecurity firm Symantec says hackers infiltrated power grid controls in America and abroad appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers attacking US and European energy firms could sabotage power grids

Source: National Cyber Security – Produced By Gregory Evans

A hacking campaign is targeting the energy sector in Europe and the US to potentially sabotage national power grids, a cybersecurity firm has warned. The group, dubbed “Dragonfly” by researchers at Symantec, has been in operation since at least 2011 but went dark in 2014 after it was first exposed,…

The post Hackers attacking US and European energy firms could sabotage power grids appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

NotPetya Ransomware Hackers ‘Took Down Ukraine Power Grid’

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ Source: National Cyber Security – Produced By Gregory Evans Ukraine has placed the blame for last week’s ransomware outbreak on Russia. The allegations came as multiple cybersecurity companies claimed there were …

The post NotPetya Ransomware Hackers ‘Took Down Ukraine Power Grid’ appeared first on Become007.com.

View full post on Become007.com

How the Govt plans to power up Australia’s cyber security sector

Source: National Cyber Security – Produced By Gregory Evans

How the Govt plans to power up Australia’s cyber security sector

Here are some of the government’s key strategies in its plan to boost the country’s cyber security sector The Federal Government launched its Cyber Security Sector Competitiveness Plan on 20 …

The post How the Govt plans to power up Australia’s cyber security sector appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures