Public

now browsing by tag

 
 

#cyberfraud | #cybercriminals | Rimbey RCMP warn public scams related to COVID-19 cropping up – Stettler Independent

Source: National Cyber Security – Produced By Gregory Evans

Rimbey RCMP are warning residents of scams using the COVID-19 outbreak as a cover.

Scams associated with the global pandemic have been cropping up, feeding on people’s fear, uncertainty and misinformation during a difficult time.

“Fraudsters are exploiting the crisis to facilitate fraud and cyber-crime,” Rimbey RCMP said in a press release.

Scammers are using many different means to attempt to exploit innocent victims.

There have been a number of reported scams concerning COVID-19.

These scams include door-to-door sales people, and people posing as an official from the Red Cross.

RCMP say they following scams that have been reported:Cleaning or heating companies – offering duct cleaning services or air filters to protect from COVID-19

Local and provincial hydro/electrical power companies – threatening to disconnect your power for non-payment

Centers for Disease Control and Prevention or the World Health Organization – offering fake lists for sale of COVID-19 infected people in your neighbourhood

Public Health Agency of Canada – giving false results saying you have been tested positive for COVID-19, tricking you into confirming your health card and credit card numbers for a prescription

Red Cross and other known charities – offering free medical products (e.g. masks) for a donation

Government departments – sending out coronavirus-themed phishing emails, tricking you into opening malicious attachments, tricking you to reveal sensitive personal and financial details

Financial advisors – pressuring people to invest in hot new stocks related to the disease, offering financial aid and/or loans to help you get through the shut downs

Door-to-door sales people – selling household decontamination services

Private companies – offering fast COVID-19 tests for sale – Only hospitals can perform the test. No other tests are genuine or guaranteed to provide accurate results and the selling fraudulent products that claim to treat or prevent the disease threaten public health and violate federal laws

RCMP are reminding residents to be mindful and award of the following:Spoofed government, healthcare or research information

Unsolicited calls, emails and texts giving medical advice or requesting urgent action or payment

Unauthorized or fraudulent charities requesting money for victims, products or research

High-priced or low-quality products purchased in bulk by consumers and resold for profit. These items may be expired and/or dangerous to your health

Questionable offers, such as: miracle cures, herbal remedies, vaccinations, faster testing

Fake and deceptive online ads, including: cleaning products, hand sanitizers, other items in high demand

It is important to remember where to find trusted information and advice about COVID-19.

For the latest updates on health information look to the Public Health Agency of Canada and the World Health Organization, RCMP say.

Any questions or concerns about any health insurance should be directed to your insurance provider.

RCMP also recommend having anti-virus software install on your devices to protect from suspicious email or ads online.

Coronavirus

Get local stories you won’t find anywhere else right to your inbox.
Sign up here

Source link

The post #cyberfraud | #cybercriminals | Rimbey RCMP warn public scams related to COVID-19 cropping up – Stettler Independent appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Microsoft Acquires npm: A Healthy Move for Critical Public Infrastructure

Source: National Cyber Security – Produced By Gregory Evans

Today, news broke that GitHub and its parent company Microsoft, acquired npm and its public repository of open source JavaScript packages.

In 2018 when Microsoft acquired Github, many in the developer community had a cautious, even emotional response. Given today’s announcement that GitHub is acquiring npm — the same concerns are likely to surface again since JavaScript is one of the world’s most popular programming languages and since the commons of the global JavaScript community reside within the fabric of npm.

On one hand, such concern is understandable. After all, open source projects are created by the community and they exist to serve the community. I can imagine the argument going like this, “npm as the central repository of JavaScript can only provide value if the community at large trusts those who are responsible for running it.” But, what is “trust”? And how do public repositories like npm, Maven Central, or even Microsoft’s NuGet gallery go about earning the trust of a global developer community?

At Sonatype we’ve been the stewards of the Central Repository (Central), the world’s largest component repository of Java and other JVM related components since 2007. Based on this experience, I’ve learned first hand how challenging it can be to serve as the steward for a public repository. I know how hard it is to gain and keep the trust of millions of open source software developers. In my humble opinion, earning trust starts with “picking up a shovel” and solving a problem on behalf of a community to help it grow and flourish. Community trust is further amplified when you can muster enough resources to solve the same problem in a reliable and scalable manner over a period of many years.

But, here’s the thing; operating a public repository in support of millions (Read more…)

Source link

The post #cybersecurity | #hackerspace |<p> Microsoft Acquires npm: A Healthy Move for Critical Public Infrastructure <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | A Public Index for the Web? How the Blockchain Could Potentially Fight Deepfakes

Source: National Cyber Security – Produced By Gregory Evans

Over the past two years a cottage industry has emerged of media experts and journalists warning of the potential dangers of “deep fakes.” Videos of Vladimir Putin or Barack Obama saying whatever a video-editor wants them to say have been widely shared on mainstream networks to raise fears over privacy and the dangerous “post-truth” world of the Internet. 

While most mainstream networks have a vested interest in questioning the legitimacy of digital and citizen-led news, there is no doubt that verifying video content is becoming more difficult. 

On the one hand, deep fakes are likely to become a central component of internet culture, fueling the political caricature and memes of tomorrow. On the other hand, there is a darker side. It’s not unrealistic to envision a future in which videos from inside Syria or a protest in Iraq are doctored in a way that could alter our understanding of key events.

It’s not unrealistic to envision a future in which videos from inside Syria or a protest in Iraq are doctored in a way that could alter our understanding of key events.

The blockchain may have a solution. According to Amy James of Alexandria Labs, one of the fundamental problems of the web is that there is no public index. Today when we search the web, we’re searching a private index. This makes detecting changes to search rankings, or the de-platforming of certain ideas and even individuals, very difficult to determine.
 


Amy James of the’Open Index Protocol’ explains how a distributed global index for the web could help fight deepfakes.
 

There’s also a less obvious reason why a public index might be a good idea. James argues that “because the web doesn’t have a transparent, secure and version-controlled index it can be difficult to discern truth from fiction online.”

“the web was intended to be fully decentralised.”

On a blockchain immutable index in which every ‘transaction’ is public and recorded, it should be easier to notice when a video is first uploaded and edited, or if different versions of the exact same video are in existence. 

James adds “the web was intended to be fully decentralised.” The apps we all know and love – from Spotify, to Netflix – provide customization and allow networks to scale. At the same time, “private companies build the walled garden infrastructure that we have today so the web could scale and be convenient.” While this model maybe profitable, it centralizes information and control in the hands of closed platforms. “When the web was developing in the early 90s the technology didn’t exist yet to build an index as an open standard protocol,” states James.

“When the web was developing in the early 90s the technology didn’t exist yet to build an index as an open standard protocol”

Alexandria Labs believes the future is a “fully decentralized open protocol for indexing and distribution.” Instead of artificial barriers to content access, an open-source and decentralized protocol would index all public data on the Web, recording it on the blockchain. That’s one way of figuring out if a video of Nancy Pelsoi drunk is actually real. 
 

Full disclosure: Al Bawaba is exploring blockchain solutions on the Open Index Protocol. 

Source link
——————————————————————————————————

The post #deepweb | <p> A Public Index for the Web? How the Blockchain Could Potentially Fight Deepfakes <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | #RSAC: Realize the Harms and Benefits of Technology and Create Policies to Enable the Public

Source: National Cyber Security – Produced By Gregory Evans

Speaking at the Cloud Security Alliance (CSA) summit at the RSA Conference in San Francisco, Alex Stamos, adjunct professor at Stanford University’s Freeman-Spogli Institute, said that issues and decisions made by technology companies have angered people.

Stamos, who previously served as CISO of both Facebook and Yahoo, said that once he stepped out of those roles and “out of constant emergencies” he could see the bigger picture.

He said that “tradeoffs from a policy perspective are poorly understood by the public and usually go back to the engineering adage of do you want it done correctly, cheaply, or quickly—pick 1 of 3.” Stamos said that this is a basic problem of society, as people say that they don’t want companies looking at their data, but to stop bad things happening you need to see bad things. “Politicians say companies have to find the bad guys, but you cannot have two things.”

Another issue Stamos highlighted is the balance that technology companies have for “solving societal ills,” as he pointed out that technology companies provide platforms while “every bad thing [that] happened [was] done by people.”

He said that companies have to “embrace transparency and make decisions in a transparent manner.” However, the line has to be drawn around bullying and harassment, as “nothing has changed since the last election.”

Stamos said that Google, Facebook, and Twitter came up with policies on political advertising “in closed rooms with no transparency,” and these will be the rules that the 2020 election will be fought on.

He recommended that the tech industry adopt a regulatory framework similar to what Germany did regarding what speech is allowed online, but should consider how this can be adopted by countries with reduced democratic freedoms. “Or you end up with tech companies who are happy if they get regulated if they can make money, as most people who use the internet don’t live in democracies, or if they do, it is with reduced free speech.”

Stamos concluded by saying that we “have to realize that technology has made changes in good and bad ways” and take responsibility for that.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | #RSAC: Realize the Harms and Benefits of Technology and Create Policies to Enable the Public appeared first on National Cyber Security.

View full post on National Cyber Security

You’ve seen WHAT on public Trello boards? – Naked Security Podcast – Naked Security

Source: National Cyber Security – Produced By Gregory Evans by Alice Duckett Over the past couple of years, Sophos’ Director of Security Craig Jones has discovered a worrying amount of personal data on public Trello boards. Mark says companies shouldn’t microchip their employees and Duck discusses a bug that could have blown a hole in […] View full post on AmIHackerProof.com

#deepweb | 3,000 government emails leaked, Ministry of Information’s data also became public

Source: National Cyber Security – Produced By Gregory Evans Cybersecurity researchers claim 3,2020 government emails have been leaked. The report claimed that the email IDs of 11 departments, including the Bhabha Atomic Research Center and the Ministry of Information, exist on the dark web. Sai Krishna Kothapalli, an IIT-Guwahati alumnus and founder of the cybersecurity […] View full post on AmIHackerProof.com

#deepweb | SEIU reaches tentative agreement at Cleveland Public Library in attempt to avert strike

Source: National Cyber Security – Produced By Gregory Evans   SEIU reaches tentative agreement at Cleveland Public Library in attempt to avert strike By Isaac Finn 25 January 2020 On the evening of January 23, Cleveland Public Library (CPL) and Service Employees International Union (SEIU) 1199 reached a tentative agreement covering roughly 400 librarians, assistants […] View full post on AmIHackerProof.com

#school | #ransomware | Las Cruces Public Schools computers still offline a week after hacking attack

Source: National Cyber Security – Produced By Gregory Evans Education LAS CRUCES, New Mexico — The computer network for the Las Cruces Public Schools remained offline a week after a ransomware attack by hackers forced the shutdown of the entire system. After originally trying to get existing servers for dozens of schools back online late […] View full post on AmIHackerProof.com

#cyberfraud | #cybercriminals | Alpharetta Warning Public About Online Dating Scams, Threats

Source: National Cyber Security – Produced By Gregory Evans

ALPHARETTA, GA — The City of Alpharetta is warning the public to be cautious when using online dating websites after a citizen was recently blackmailed.

The Alpharetta Department of Public Safety recently took a report from a citizen who was using a dating app and made a decision to send intimate pictures to the person they connected with, the city said.

“The victim has now paid thousands of dollars to the person to keep those pictures off social media channels,” the city said. “The perpetrator, in this case, has not gone away and continues to threaten and demand more money from the victim.”

Cyber dating and the apps that make it possible attracts millions of people. Many in search of companionship, many seeking long-term relationships, and many seeking to steal identities or worse, the city said. The world of online dating is fraught with top-of-mind risks (Is that photo really the person I’m talking to? Could this person be a predator?), but there is also a growing list of concerns related to data privacy.

“The fact is, dating sites and apps have a history of being hacked,” Alpharetta said. “For example, in 2018 BeautifulPeople.com was hacked and the responsible cyber criminals sold the data of 1.1 million users, including personal habits, weight, height, eye color, job, education and more, online. In early 2019 detailed user records of more than 42 million dating app users were found on a Chinese database that was not even protected by a password. The user records found on the data base contained everything from IP addresses and geo-locations to ages and usernames, giving potential hackers plenty of information to take advantage of.”

But, there are also many stories of people who found each other via online dating apps and are in very happy relationships today, Alpharetta wrote. So, the city said it does not want to scare any adult away from using them. The city said it wants everyone to be safe with their online dating activities.

With that in mind, here are a few tips that the city encourages all online daters to use:

Account Security

As with all of your Internet accounts, use a strong, unique password and two-factor authentication, if it’s available.

Beware of anyone sending you links, and especially links using shortened URLs. Hackers will try to lure you away from the dating app to sites that can more easily harvest your data. This is one of the most common Tinder scams. Rest your cursor over any link before you click it to see the address.

Only ever access your dating app on a secure WiFi network. An even better option is to protect the Internet connection of your dating app with a trustworthy VPN. This will add an extra layer of security to the app’s encryption.

Privacy And Social Engineering

Never share your full name, address, or place of work in your profile. Tinder, Bumble and Happn all allow users to add information about their job and education. With just this information and a first name, Kaspersky researchers were able to match a dating app profile to a LinkedIn or Facebook account 60 percent of the time.

Do not link your account on a dating app to your Facebook account. This makes it easier for hackers to connect your social media profile to your online dating one. It also would expose your data if Facebook were to suffer a data breach.

Using the same logic, do not link your Instagram, Twitter, or WhatsApp accounts to your dating app or share them in your profile.

For accounts or relationships based on your email, don’t use your everyday email address. Instead, get a separate, anonymous email just for that specific app or relationship.

Always disable any location-sharing features in your accounts on dating apps.

If you are uncomfortable sharing your cell phone number with someone you just met online, there are services that allow you to create a separate phone number. These services give you temporary phone numbers that last a couple of weeks for free or for a small fee. Since they are temporary, it is hard to use such a phone number on your dating app account, but it could give you some time to meet your matches in real life before you trust them with your phone number.

If an account looks suspicious, try doing a reverse image search of the profile pictures. If your search finds the photo is from a modeling agency or a foreign celebrity, you are likely looking at a fake account.

Eventually, you will have to share information about yourself. You are trying to convince someone that you are interesting enough to meet. Try to talk more about your interests, ambitions, and preferences and avoid specific information that could identify you. More “I love pizza” than “My favorite pizza restaurant is on the corner of Main St. and 2nd Ave.” Never be afraid to say “no” if someone asks you for personal information that you’re not yet comfortable sharing.

Avoid sending digital photos to users you do not trust. Digital photos can contain metadata about when and where the photo was taken along with other information that could be used to identify you. If you must share a photo, be sure to remove its metadata first. Also, always keep in mind that any explicit pictures you send could be used for blackmail.

If you are chatting with someone and they are responding incredibly fast or if their responses seem stilted and full of non-sequitur questions, you should proceed carefully. While it is possible you have enchanted someone so thoroughly that they are struggling to respond coherently, it is more likely you are chatting with a bot. Online bots are getting harder and harder to detect, but one test you can try is to work gibberish into a phrase, like “I love a;lkjasdllkjf,” and see if the bot repeats the non-word or transitions into a non-sequitur question. (If it’s a human, you can always cover by saying your phone slipped.)

This may seem obvious, but if someone asks you over a dating app to send them money, your answer should always be “No.”

Do not immediately friend your matches on Facebook. Once someone has access to your Facebook account, they can see your friend and family network along with your past activity and location. Wait until you have been dating for a month or two before friending them.

Physical Safety

Have a mutual understanding of boundaries. No matter what kind of date you have planned, it is always safer to know exactly what you’ll be doing. By discussing a plan beforehand, you can both go into the situation knowing what you are and aren’t comfortable with.

Meet in a public place first. No matter what kind of date you’re going on, it is always safer to meet in an open and public place first. Avoid meetings that take place in remote areas, vehicles or anywhere that makes you feel uncomfortable.

Always let someone know where you are. Before meeting up with someone, let a friend or family member know where you’ll be. Some apps let you share your location with others so that someone can keep an eye on you during your date.

Source link

The post #cyberfraud | #cybercriminals | Alpharetta Warning Public About Online Dating Scams, Threats appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | Cyber security incident: Public message from Tū Ora Compass Health

Source: National Cyber Security – Produced By Gregory Evans

As a Primary Health Organisation, one of our roles is to collect and analyse data that comes from your medical centre. We do this to improve the care people receive. It helps to ensure people get proactive screening for diseases like cancer and get treatment for conditions like diabetes. This saves lives and helps keep people well.

On 5 August, our website was attacked as part of a global cyber incident. As soon as we became aware, our server was taken offline, we strengthened our I.T. security and started an in-depth investigation. The investigation has found previous cyber attacks dating from 2016 to early March 2019. We don’t know the motive behind the attacks. We have laid a formal complaint with Police and they are investigating.

We cannot say for certain whether or not the cyber attacks resulted in any patient information being accessed. Experts say it is likely we will never know. However, we have to assume the worst and that is why we are informing people.

Tū Ora holds data on individuals dating back to 2002, from the greater Wellington, Wairarapa and Manawatu regions. Anyone who was enrolled with a medical centre in that period could potentially be affected.

Tū Ora does not hold your GP notes, these are held by individual medical centres. This means the notes made on consultations you have had with your GP are not at risk of being illegally accessed through this cyber attack. We do not hold the data contained in your patient portal if you have one.

As stewards of people’s information, data security is of utmost importance to Tū Ora. While this was an illegal attack by cyber criminals, it was our responsibility to keep your data safe and I am very sorry we have failed to do that.

We are now focused on doing everything we can to support people and making sure it can’t happen again. We have set up a number (0800 499 500 or +64 6 9276930 if dialling from overseas) for people to call to obtain more information.

While we have no evidence that patient data was accessed, we encourage you to be vigilant to unusual online requests.

Cert NZ has more information about staying safe online on their website at www.cert.govt.nz . Please read our FAQs below for more information.

Again, I want to apologise for this situation and the distress it will cause.

Ngā mihi,

Martin Hefford

Chief Executive

Tū Ora Compass Health

Source link
____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

The post #cybersecurity | Cyber security incident: Public message from Tū Ora Compass Health appeared first on National Cyber Security.

View full post on National Cyber Security