report

now browsing by tag

 
 

#deepweb | 4th Global Report on Adult Learning and Education: Leave No One Behind: Participation, Equity and Inclusion – World

Source: National Cyber Security – Produced By Gregory Evans

UNESCO report shows fewer than 5% of people in many countries benefit from adult learning opportunities

Paris, 04 December—In almost one-third of countries, fewer than five per cent of adults aged 15 and above participate in education and learning programmes, according to UNESCO’s fourth Global Report on Adult Learning and Education (GRALE 4). Adults with disabilities, older adults, refugees and migrants, minority groups and other disadvantaged segments of society are particularly under-represented in adult education programmes and find themselves deprived of crucial access to lifelong learning opportunities.

Published by the UNESCO Institute for Lifelong Learning, the report monitors the extent to which UNESCO Member States put their international commitments regarding adult learning and education into practice and reflects data submitted by 159 countries. It calls for a major change in the approach to adult learning and education (ALE) backed by adequate investment to ensure that everyone has the opportunity to access and benefit from adult learning and education and that its full contribution to the 2030 Agenda for Sustainable Development is realized.

“We urge governments and the international community to join our efforts and take action to ensure that no one – no matter who they are, where they live or what challenges they face – is left behind where the universal right to education is concerned,” says UNESCO Director-General Audrey Azoulay, endorsing the report’s recommendations. “By ensuring that donor countries respect their aid obligations to developing countries, we can make adult learning and education a key lever in empowering and enabling adults, as learners, workers, parents, and active citizens.”

The publication stresses the need to increase national investment in ALE, reduce participation costs, raise awareness of benefits, and improve data collection and monitoring, particularly for disadvantaged groups.

Progress in participation in adult learning and education is insufficient

Despite low participation overall, many more than half of responding countries (57% of 152) reported an increase in the overall participation rate in adult learning and education between 2015 and 2018. Low-income countries reported the largest increase in ALE participation (73%), trailed by lower middle income and upper middle income countries (61% and 62%).

Most increases in adult learning and education participation were in sub-Saharan Africa (72% of respondents), followed by the Arab region (67%), Latin America and the Caribbean (60%) and Asia and the Pacific (49%). North America and Western Europe reported fewest increases (38%) though starting from higher levels.

The data shows persistent and deep inequalities in participation and that key target groups such as adults with disabilities, older adults, minority groups as well as adults living in conflict-affected countries are not being reached.

Women’s participation must improve further

While the global report shows that women’s participation in ALE has increased in 59 per cent of the reporting countries since 2015, in some parts of the world, girls and women still do not have sufficient access to education, notably to vocational training, leaving them with few skills and poor chances of finding employment and contributing to the societies they live in, which also represents an economic loss for their countries.

Quality is improving but not fast enough

Quality ALE can also provide invaluable support to sustainable development and GRALE 4 shows that three-quarters of countries reported progress in the quality of education since 2015. Qualitative progress is observed in curricula, assessment, teaching methods and employment conditions of adult educators. However, progress in citizenship education, which is essential in promoting and protecting freedom, equality, democracy, human rights, tolerance and solidarity, remained negligible. No more than 3% of countries reported qualitative progress in this area.

Increase in funding for adult learning and education needed

GRALE 4 shows that over the last ten years, spending on adult learning and education has not reached sufficient levels, not only in low-income countries but also in lower middle income and high-income countries. Nearly 20% of Member States reported spending less than 0.5 per cent of their education budgets on ALE and a further 14% reported spending less than 1 per cent. This information demonstrates that many countries have failed to implement the intended increase in ALE financing proposed in GRALE 3 and that ALE remains underfunded. Moreover, under-investment hits socially disadvantaged adults the hardest. Lack of funding also hampers the implementation of new policies and efficient governance practices.

Source link
——————————————————————————————————

The post #deepweb | <p> 4th Global Report on Adult Learning and Education: Leave No One Behind: Participation, Equity and Inclusion – World <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #infosec | Major data center provider hit by ransomware attack, claims report

Source: National Cyber Security – Produced By Gregory Evans CyrusOne, a major provider of enterprise data center services, is reported to have suffered a ransomware attack. The Dallas-headquartered company, which operates more than 30 data centers across the United States, China, London, and Singapore, is reported by ZDnet to have had some of its systems […] View full post on AmIHackerProof.com

#infosec | US Hospitals Fined $2.175M for “Refusal to Properly Report” Data Breach

Source: National Cyber Security – Produced By Gregory Evans An American health services provider has agreed to pay a fine of $2.175m after refusing to properly notify Health and Human Services of a data breach. In April of 2017, a complaint regarding Sentara Hospitals was received by the Department of Health and Human Services (HHS). The complainant said […] View full post on AmIHackerProof.com

#deepweb | Cybercriminals also offering Black Friday bargains on dark web: report

Source: National Cyber Security – Produced By Gregory Evans

Black Friday deals have spread to black-market retailers hawking drugs, stolen data and fake IDs online, according to new reports.

The annual discounting bonanza for legitimate businesses is now also a staple of the internet underworld, digital security firm co-founder James Chappell told Sky News. 

“We’ve seen the same strategies that online retailers and physical retailers use, being used in these criminal markets,” said Chappell, whose company is called Digital Shadows.

“We see them used either to provide discounts, ‘stack ’em high and sell ’em cheap’ type strategies, and we’ve seen the same with discount codes, introductions, building up excitement before the event, adverts that entice and enthuse,” he told the outlet.

A week before the big day, Chappell’s company found more than 1,600 posts about “Black Friday 2019” on dark web criminal forums, according to the Independent.

Cybercriminals in the UK make more in illegal online sales than any other European country, per a new report from the European Monitoring Centre for Drugs and Drug Addiction.

The report noted that British dark web retailers pulled in over $30 million USD between 2017 and 2018.

Source link
——————————————————————————————————

The post #deepweb | <p> Cybercriminals also offering Black Friday bargains on dark web: report <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | Report Reveals Businesses Aren’t Ready for 5G

Source: National Cyber Security – Produced By Gregory Evans

A new report looking at 5G cybersecurity readiness has found that many businesses are inadequately prepared for the latest big data acceleration. 

The AT&T Cybersecurity Insights Report: Security at the Speed of 5G, published today, found that enterprises are lagging behind on expanding their virtualization and software-defined networking (SDN) capabilities and are not taking the opportunity to automate security. 

A degree of reticence was also detected when it came to the planned adoption of a shared security model that would enable certain functions to be shifted to carriers.

The report was built using data drawn from a survey of 704 cybersecurity professionals from around the globe, all of whom work for organizations with more than 500 employees. 

Nearly all respondents in the survey expect to make 5G-related security changes within the next five years, and 16% say they have already started preparing before the mainstream wave of 5G deployments arrives. 

Asked about what their preparations were focused on, the larger attack surface topped the list as a worry for 44% of respondents, followed by the greater number of devices accessing the network, which was a concern for 39%. 

Ranking third and fourth, drawing the focus of 36% and 33% of respondents, respectively, were the need to extend security policy to new types of IoT devices and the need to authenticate a larger number and wider variety of devices.

Only 29% of respondents said they plan to implement security virtualization and orchestration during the next five years.

Researchers wrote: “Most of the transitions in networking have been about faster speeds or increased capacity. 5G introduces more complex networking and is being delivered with virtualization in mind. 

“The latter appears to be a crucial gap in the way enterprises are preparing for 5G, as enterprises will need to take advantage of virtualization to make the network nimbler and more responsive, with the ability to provide just-in-time services. Many enterprises are not considering this as a possibility, according to our data.”

With 5G, the size of the cyber-attack surface expands, creating more opportunities for bad actors to strike. Despite this, researchers found that enterprises did not appear to have fully considered how to boost their vulnerability management programs (both patching and mitigation) for devices at the edge, which may carry vulnerabilities that go unnoticed and unpatched.

Additionally, only 33% of enterprises surveyed had implemented multi-factor authentication, and 7% said they plan to implement it during the next five years.

A spokesperson for AT&T wrote: “To better realize how large (and vulnerable) the attack surface becomes with 5G, consider that 274 petabytes of data are currently crossing AT&T’s network each day, and with 5G this number is expected to increase by 10x.”

Currently, neither 5G service nor 5G phones are available everywhere in the United States, and release dates vary for every carrier. Verizon, Sprint, Starry, AT&T, and T-Mobile are providing some coverage already, mostly in major cities, including New York, Washington, DC, Los Angeles, Houston, Chicago, Phoenix, Atlanta, Boston, Denver, and Dallas–Fort Worth.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | Report Reveals Businesses Aren’t Ready for 5G appeared first on National Cyber Security.

View full post on National Cyber Security

Report: Poor Password Security Plagues Businesses

Source: National Cyber Security – Produced By Gregory Evans

Businesses are adopting password security measures such multifactor authentication in greater numbers but poor password hygiene persists, LastPass research says.

Businesses are adopting password security measures such multifactor authentication in greater numbers but poor password hygiene persists, a new study by access security specialist LastPass said.

“The clear message is businesses still have a lot of work to do in the areas of password and access security,” the company said in its latest Global Password Security Report. “Even as many more businesses make the important investment in solutions to address password security and thus safeguard employee access, more action is needed after deployment to bring password hygiene up to par across the organization.”

Although LastPass aggregated data from roughly 47,000 organizations using its software platform to compile the report, the company contended that the “breadth and depth of the data set” are broad enough to extend to the wider security community.

Here’s are some of the study’s macro highlights:

  • More than half of businesses globally have employees using multifactor authentication.
  • IT admins take advantage of policies and integrations to increase security and streamline management, but more IT admins could be mandating the use of multifactor authentication.
  • The Netherlands is the leader in multifactor authentication use.
  • The ability to access passwords on mobile significantly improves the experience and employee adoption.
  • Password reuse is still widespread.
  • Internationally, increased regulations appear to be a driving factor in password security awareness.
  • IT organizations must take responsibility for ongoing training and take proactive measures to eliminate risky password behaviors.

Here’s some drill-down data (based on LastPass customers’ responses):

  • 57% of businesses globally are using MFA, up 12 percentage points from last year’s report.
  • 95% of employees using MFA are using a software-based multifactor
  • Employees at technology/software companies were most often using MFA. Many education organizations also have employees using MFA.
  • The industries that would benefit greatly from MFA due to the sensitive customer data they handle are least likely to have employees using MFA.
  • Globally, 23% of employees are accessing their passwords on their smartphone.
  • Password sharing is a common practice in most businesses. Many departments or teams may have just one or two licenses for a service that needs to be accessed by several employees, or shared with external contractors or organizations.
  • Businesses with fewer than 1,000 employees tend to have the highest rates of password reuse at 10 – 14 times. Larger businesses of more than 1,000 employees are at about four times.

Training employees on security hygiene best practices is a necessity for businesses, LastPass said. “Not only does training need to be a part of your original onboarding plan, it needs to be an ongoing effort to encourage adoption and usage of security tools,” the report reads.


Return Home

Source

The post Report: Poor Password Security Plagues Businesses appeared first on National Cyber Security.

View full post on National Cyber Security

#hacker | #government | Russian Secret Weapon Against U.S. 2020 Election Revealed In New Cyberwarfare Report

Source: National Cyber Security – Produced By Gregory Evans

The FBI has warned that “the threat” to U.S. election security “from nation-state actors remains a persistent concern,” that it is “working aggressively” to uncover and stop, and the U.S. Director of National Intelligence has appointed an election threats executive, explaining that election security is now “a top priority for the intelligence community—which must bring the strongest level of support to this critical issue.”

With this in mind, a new report from cybersecurity powerhouse Check Point makes for sobering reading. “It is unequivocally clear to us,” the firm warns, “that the Russians invested a significant amount of money and effort in the first half of this year to build large-scale espionage capabilities. Given the timing, the unique operational security design, and sheer volume of resource investment seen, Check Point believes we may see such an attack carried out near the 2020 U.S. Elections.”

None of which is new—it would be more surprising if there wasn’t an attack of some sort, to some level. What is new, though, is Check Point’s unveiling of the sheer scale of Russia’s cyberattack machine, the way it is organised, the staggering investment required. And the most chilling finding is that Russia has built its ecosystem to ensure resilience, with cost no object. It has formed a fire-walled structure designed to attack in waves. Check Point believes this has been a decade or more in the making and now makes concerted Russian attacks on the U.S. “almost impossible” to defend against.

The new research was conducted by Check Point in conjunction with Intezer—a specialist in Genetic Malware Analysis. It was led by Itay Cohen and Omri Ben Bassat, and has taken a deep dive to get “a broader perspective” of Russia’s threat ecosystem. “The fog behind these complicated operations made us realize that while we know a lot about single actors,” the team explains, “we are short of seeing a whole ecosystem.”

And the answer, Check Point concluded, was to analyse all the known data on threat actors, attacks and malware to mine for patterns and draw out all the connections. “This research is the first and the most comprehensive of its kind—thousands of samples were gathered, classified and analyzed in order to map connections between different cyber espionage organizations of a superpower country.”

The team expected to find deep seated linkages, connections between groups working into different Russia agencies—FSO, SVR, FSB, GRU. After all, one can reasonably expect all of the various threat groups sponsored by the Russian state to be on the same side, peddling broadly the same agenda.

But that isn’t what they found. And the results from the research actually carry far more terrifying implications for Russia’s capacity to attack the U.S. and its allies on a wide range of fronts than the team expected. It transpires that Russia’s secret weapon is an organisational structure which has taken years to build and makes detection and interception as difficult as possible.

“The results of the research was surprising,” Cohen explains as we talk through the research. “We expected to see some knowledge, some libraries of code shared between the different organizations inside the Russian ecosystem. But we did not. We found clusters of groups sharing code with each other, but no evidence of code sharing between different clusters.” And while such findings could be politics and inter-agency competition, the Check Point team have concluded that it’s more likely to have an operational security motive. “Sharing code is risky—if a security researcher finds one malware family, if it has code shared with different organizations, the security vendor can take down another organisation.”

The approach points to extraordinary levels of investment. “From my perspective,” Yaniv Balmas, Check Point’s head of cyber research tells me. “We were surprised and unhappy—we wanted to find new relationships and we couldn’t. This amount of effort and resources across six huge clusters means huge investment by Russia in offensive cyberspace. I have never seen evidence of that before.”

And the approach has been some time in the making. “It’s is an ongoing operation,” Cohen says, “it’s been there for at least a decade. This magnitude could only be done by China, Russia, the U.S. But I haven’t seen anything like it before.”

The research has been captured in “a very nice map,” as Balmas described it. This map has been built by Check Point and Israeli analytics company Intezer, a complex interactive tool that enables researchers to drill down into malware samples and attack incidents, viewing the relationships within clusters and the isolated firewalls operating at a higher level.

The research has been angled as an advisory ahead of the 2020 U.S. elections. Russia has the capability to mount waves of concerted attacks. It’s known and accepted within the U.S. security community that the elections will almost certainly come under some level of attack. But the findings actually point to something much more sinister. A cyber warfare platform that does carry implications for the election—but also for power grids, transportation networks, financial services.

“That’s the alarming part,” Check Point’s Ekram Ahmed tells me. “The absence of relationships. The sheer volume and resource requirements leads us to speculate that it’s leading up to something big. We’re researchers— if it’s alarming to us, it should definitely be alarming to the rest of the world.”

So what’s the issue? Simply put, it’s Russia’s ability to attack from different angles in a concerted fashion. Wave upon wave of attack, different methodologies with a common objective. And finding and pulling one thread doesn’t lead to any other cluster. No efficiencies have been sought between families of threat actors. “Offense always has an advantage over defense,” Balmas says, “but here it’s even worse. Given the resources Russia is putting in, it’s practically impossible to defend against.”

“It’s alarming,” Check Point explains in its report, “because the segregated architecture uniquely enables the Russians to separate responsibilities and large-scale attack campaigns, ultimately building multi-tiered offensive capabilities that are specifically required to handle a large-scale election hack. And we know that these capabilities cost billions of dollars to build-out.”

I spend lot of time talking to cybersecurity researchers—it’s a noisy space. And given current geopolitics, the Gulf, the trade war, the “splinternet,” there is plenty to write about. But I get the sense here that there’s genuine surprise and alarm at just what has been seen, the extent and strategic foresight that has gone into it, the implications.

And one of those implications is that new threats, new threat actors if following the same approach will be harder to detect. The Check Point team certainly think so. “This is the first time at such a scale we have mapped a whole ecosystem,” the team says, “the most comprehensive depiction yet of Russian cyber espionage.”

And attacks from Russia, whichever cluster might be responsible, tend to bear different hallmarks to the Chinese—or the Iranians or the North Koreans.

“Russian attacks tend to be very aggressive,” Balmas explains. “Usually in offensive cyber and intelligence, the idea is to do things that no-one knows you’re doing. But the Russians do the opposite. They’re very noisy. Encrypting or shutting down entire systems they attack. Formatting hard drives. They seem to like it—so an election attack would likely be very aggressive.”

With 2020 in mind, Ahmed explains, “given what we can see, the organization and sheer magnitude of investment, an offensive would be difficult to stop—very difficult.”

Cohen reiterates the staggering investment implications of what they’ve found. “This separation shows Russia is not afraid to invest enormous amount of money in this operation. There’s no effort to save money. Different organisations with different teams working on the same kind of malware but not sharing code. So expensive.”

All the research and the interactive map is available and open source, Cohen explains, “researchers can see the connections between families, better understanding of evolution of families and malware from 1996 to 2019.”

The perceived threat to the 2020 election is “speculation,” Check Point acknowledges. “But it’s based on how the Russians are organizing, the way they’re building the foundation of their cyber espionage ecosystem.”

So, stepping back from the detail what’s the learning here? There have been continual disclosures in recent months on state-sponsored threat actors and their tactics, techniques and procedures. The last Check Point research I reported on disclosed China’s trapping of NSA malware on “honeypot” machines. Taken in the round, all of this increased visibility on Russian and Chinese approaches, in particular, provides a better sense of the threats as the global cyber warfare landscape becomes more complex and integrated with the physical threats we also face.

On Monday [September 23], 27 nation-states signed a “Joint Statement on Advancing Responsible State Behavior in Cyberspace,” citing the use of cyberspace “to target critical infrastructure and our citizens, undermine democracies and international institutions and organizations, and undercut fair competition in our global economy by stealing ideas when they cannot create them.”

The statement was made with Russia and China in mind, and a good working example of how such attack campaigns are supported in practice can be viewed by exploring Check Point’s Russian cyber espionage map, which is now available online.

Source link

The post #hacker | #government | Russian Secret Weapon Against U.S. 2020 Election Revealed In New Cyberwarfare Report appeared first on National Cyber Security.

View full post on National Cyber Security

Cisco #report finds #AI & machine #learning still hot #topics in #cybersecurity

Source: National Cyber Security News

Artificial intelligence and machine learning in cybersecurity prove to be hot topics amongst security professionals and they’re looking to spend more on tools that can do those very tasks, according to the 11th Cisco 2018 Annual Cybersecurity Report.

According to the report, machine learning is able to help enhance network security and defences by learning how to detect unusual traffic patterns in cloud and IoT environments.

That technology is in hot demand, particularly as the volume of legitimate and malicious web traffic grows. According to Cisco statistics from October 2017, 50% of web traffic is encrypted. Over a 12-month period, Cisco researchers also spotted a threefold increase in malware samples that used encrypted network communication.

Network encryption is causing challengers for defenders who are trying to identify and monitor any potential threats – however security professionals are eager to adopt machine learning.

While machine learning comes with drawbacks such as false positives, security professionals realise that machine learning and AI technologies are still in their infancy.

The report also found that more than half of all cyber attacks result in financial damages of more than US$500,000 (AU$637,630) including lost revenue, customers, opportunities and out-of-pocket costs.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Pizza Hut hack: Thousands of customers’ data stolen as users report fraudulent card transactions

Source: National Cyber Security – Produced By Gregory Evans

Pizza Hut hack: Thousands of customers’ data stolen as users report fraudulent card transactions

Hackers hit Pizza Hut earlier in October and reportedly stole customers’ financial information. Pizza Hut said that its website was hacked and some of its customers who used the fast food chain’s website and app were affected by the breach.

Although Pizza Hut reportedly sent out emails notifying its customers of the breach, the alerts came two weeks after the company’s website was hacked. Some users took to Twitter to complain about the delayed notification. Some customers also reported fraudulent card transactions, which they suspect may have occurred due to the Pizza Hut hack.

“Pizza Hut has recently identified a temporary security intrusion that occurred on our website. We have learned that the information of some customers who visited our website or mobile application during an approximately 28-hour period (from the morning of October 1, 2017, through midday on October 2, 2017) and subsequently placed an order may have been compromised,” the company said in an email sent to affected customers, Bleeping Computer reported.

“Pizza Hut identified the security intrusion quickly and took immediate action to halt it,” the fast food chain added. “The security intrusion at issue impacted a small percentage of our customers and we estimate that less than one percent of the visits to our website over the course of the relevant week were affected.”

It is still unclear as to how many users may have been affected by the breach and whether the hackers were able to get their hands on any corporate data. IBTimes UK has reached out to Pizza Hut for further clarity on the incident and will update this article in the event of a response.

Source:

The post Pizza Hut hack: Thousands of customers’ data stolen as users report fraudulent card transactions appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Report outlines cybersecurity threats for Olympics, other sporting events

Source: National Cyber Security – Produced By Gregory Evans

You don’t have to be Michael Phelps to know that sports can often be so much more than just a game. A new report from the Center for Long-term Cybersecurity based at UC Berkeley’s School of Information shows how malicious manipulation of new digital technologies can threaten public safety, undermine…

The post Report outlines cybersecurity threats for Olympics, other sporting events appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures