now browsing by tag


#infosec | Apple Dropped iCloud Encryption Plans After FBI Complaint: Report

Source: National Cyber Security – Produced By Gregory Evans

Apple dropped plans to offer end-to-end encrypted cloud back-ups to its global customer base after the FBI complained, a new report has claimed.

Citing six sources “familiar with the matter,” Reuters claimed that Apple changed its mind over the plans for iCloud two years ago after the Feds argued in private it would seriously hinder investigations.

The revelations put a new spin on the often combative relationship between the law enforcement agency and one of the world’s biggest tech companies.

The two famously clashed in 2016 when Apple refused to engineer backdoors in its products that would enable officers to unlock the phone of a gunman responsible for a mass shooting in San Bernardino.

Since then, both FBI boss Christopher Wray, attorney general William Barr and most recently Donald Trump have taken Apple and the wider tech community to task for failing to budge on end-to-end encryption.

Silicon Valley argues that it’s impossible to provide law enforcers with access to encrypted data in a way which wouldn’t undermine security for hundreds of millions of law-abiding customers around the world.

They are backed by world-leading encryption experts, while on the other side, lawmakers and enforcers have offered no solutions of their own to the problem.

Apple’s decision not to encrypt iCloud back-ups means it can provide officers with access to target’s accounts. According to the report, full device backups and other iCloud content was handed over to the US authorities in 1568 cases in the first half of 2019, covering around 6000 accounts.

Apple is also said to have handed the Feds the iCloud backups of the Pensacola shooter, whose case sparked another round of calls for encryption backdoors from Trump and others.

It’s not 100% clear if Apple dropped its encryption plan because of the FBI complaint, or if it was down to more mundane usability issues. Android users are said to be able to back-up to the cloud without Google accessing their accounts.


#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity

Source link

The post #infosec | Apple Dropped iCloud Encryption Plans After FBI Complaint: Report appeared first on National Cyber Security.

View full post on National Cyber Security

#comptia | #ransomware | Check Point report highlights latest cyber-threats worldwide

Source: National Cyber Security – Produced By Gregory Evans

Check Point Research has published its 2020 Cyber Security Report.

The report highlights the main tactics cyber-criminals are using to attack organisations worldwide across all industries and gives cybersecurity professionals and C-Level executives the information they need to protect their organisations from today’s fifth-generation cyber-attacks and threats.

The 2020 Security Report reveals the key attack vectors and techniques observed by Check Point researchers during the past year.

Highlights include:

Cryptominers still dominate malware landscape – Even though cryptomining declined during 2019, linked to cryptocurrencies’ fall in value and the closure of the Coinhive operation in March, 38% of companies globally were impacted by crypto-miners in 2019, up from 37% in 2018.

This is because the use of cryptominers remains a low-risk, high-reward activity for criminals

Botnet armies surge in size – 28% of organisations globally were hit by botnet activity, an increase of over 50% compared with 2018.

Emotet was the most common bot malware used, primarily because of its versatility in enabling malware and spam distribution services.

Other botnet actions such as sextortion email activity and DDoS attacks also rose sharply in 2019.  

Targeted ransomware hits hard – While the number of impacted organisations is relatively low, the severity of the attack is much higher – as seen in 2019’s damaging attacks against US city administrations.

Criminals are choosing their ransomware targets carefully, with the aim of extorting the maximum revenue possible.

Mobile attacks decline – 27% of organisations worldwide were impacted by cyber-attacks that involved mobile devices in 2019, down from 33% in 2018.

While the mobile threat landscape is maturing, organisations are also increasingly aware of the threat, and are deploying more protection on mobiles.

The year Magecart attacks became an epidemic – These attacks which inject malicious code into e-commerce websites to steal customers’ payment data hit hundreds of sites in 2019, from hotel chains to from commerce giants to SMBs, across all platforms.

Rise in cloud attacks – Currently more than 90% of enterprises use cloud services and yet 67% of security teams complain about the lack of visibility into their cloud infrastructure, security, and compliance.

The magnitude of cloud attacks and breaches has continued to grow in 2019.

Misconfiguration of cloud resources is still the number one cause for cloud attacks, but now we also witness an increasing number of attacks aimed directly at cloud service providers. 

“2019 presented a complex threat landscape where nation states, cybercrime organisations and private contractors accelerated the cyber arms race, elevating each other’s capabilities at an alarming pace, and this will continue into 2020,” says Check Point Software Technologies major intelligence officer Lotem Finkelsteen.

“Even if an organisation is equipped with the most comprehensive, state-of-the-art security products, the risk of being breached cannot be completely eliminated. Beyond detection and remediation, organisations need to adopt a proactive plan to stay ahead of cybercriminals and prevent attacks.

“Detecting and automatically blocking the attack at an early stage can prevent damage. Check Point’s 2020 Security Report shares what organisations need to look out for, and how they can win the war against cyber-attacks through key best practices.”

Check Point’s 2020 Security Report is based on data from Check Point’s ThreatCloud intelligence, the largest collaborative network for fighting cybercrime which delivers threat data and attack trends from a global network of threat sensors; from Check Point’s research investigations over the last 12 months; and on a brand new survey of IT professionals and C-level executives that assesses their preparedness for today’s threats.

The report examines the latest emerging threats against various industry sectors, and gives a comprehensive overview of the trends observed in the malware landscape, in emerging data breach vectors, and in nation-state cyber-attacks.

It also includes analysis from Check Point’s thought leaders, to help organisations understand and prepare themselves for today’s and tomorrow’s complex threat landscape.

Source link

The post #comptia | #ransomware | Check Point report highlights latest cyber-threats worldwide appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Who Should the CISO Report To in 2020?

Source: National Cyber Security – Produced By Gregory Evans The debate over who the CISO should report to is a hot topic among security professionals, and that shows no sign of changing soon. That’s because there is still no standard or clear-cut answer. Ask CISOs themselves for their opinion, and you will get a variety […] View full post on

#cybersecurity | #infosec | LastPass releases its 3rd Annual Global Password Security report

Source: National Cyber Security – Produced By Gregory Evans

LastPass releases its 3rd Annual Global Password Security report

Graham Cluley Security News is sponsored this week by the folks at LastPass. Thanks to the great team there for their support!

LastPass has analyzed over 47,000 businesses to bring you insights into security behavior worldwide. The report helps you explore changes in password security practices worldwide, and see where businesses are still putting themselves at risk.

The takeaway is clear: Many businesses are making significant strides in some areas of password and access security – but there is still a lot of work to be done. Use of important security measures like multifactor authentication is up, but the continued reality of poor password hygiene still hampers many business’ ability to achieve high standards of security.

In the report, we not only highlight key trends by company size, sector, and location, we provide analysis and recommendations to help IT and business leaders take action where it’s needed most.

Download the free report now to see the current state of password security, access, and authentication around the world – and learn what you can do today to better secure your company.

If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.

Source link

The post #cybersecurity | #infosec | LastPass releases its 3rd Annual Global Password Security report appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Raphael Varane Brace Leads Real Madrid to Easy 3-0 Win vs. Getafe | Bleacher Report

Source: National Cyber Security – Produced By Gregory Evans Quality Sport Images/Getty Images Raphael Varane scored twice as Real Madrid beat Getafe 3-0 in their first La Liga match of 2020 on Saturday at the Coliseum Alfonso Perez. Los Blancos took the lead on 34 minutes after goalkeeper David Soria failed to punch Ferland Mendy’s cross clear, […] View full post on

#deepweb | British accountant denies trying to hire hitman on the dark web to kill his ex-girlfriend in the US: report

Source: National Cyber Security – Produced By Gregory Evans

A 24-year-old British accountant has hit back at accusations he spent more than $5,000 in Bitcoin on the dark web in an attempt to hire a hitman to kill his American ex-girlfriend.

Adrian Fry’s name appeared in a Harper’s Magazine article profiling an alleged threat made against Alexis Stern, a recent high school graduate from Big Lake, Minn. The city’s police chief says the FBI has taken over the case – and Fox News has reached out to the bureau for comment.

“I would never think of killing anyone, I’ve never so much as harmed a fly,” Fry, from Bath, told The Daily Mail this week while describing the allegations as “flimsy nonsense.”


The pair are reported to have dated online before Fry visited Minnesota in March 2018. Stern claims he was becoming increasingly bossy and broke up with him during his trip.

“I said very clearly I didn’t want to be with him, and he tried telling me I wasn’t thinking right and I was making a mistake,” she told Harper’s. Stern claimed Fry kept trying to contact her even after he returned overseas and “wouldn’t take no for an answer”.

Then in July of that year, a user with the alias ‘Mastermind365’ posted a message on the secretive Camorra Hitmen website – which advertised assassination services — asking if it was possible for somebody to carry out a kidnapping, according to Harper’s.

A week later on July 15, the same user reportedly wrote: “I have changed my mind since I previously spoke to you.”

“I would not like this person to be kidnapped. Instead, i would just like this person to be shot and killed. Where, how and what with does not bother me at all. I would just like this person dead,” the user reportedly wrote.


The magazine says the user then transferred more than $5,000 in Bitcoin to the website along with a photo of Stern.

The user’s messages were sent to Harper’s from Chris Monteiro, a London-based IT worker who the publication says “spends his nights as a white-hat hacker and independent cybercrime researcher, navigating the shadowy spaces of the dark web.”

Montiero, Harper’s says, believes a scammer was operating the Camorra Hitmen site – one that had no intention of completing any order.

Yet Stern that month was called in for an interview with the Big Lake Police Department, where she was informed about the details of the alleged threat, Harper’s reports. It added that her parents installed a new home security system and she carried around a knife in her purse following that meeting with investigators.

The department’s chief, Joel Scharf, told Fox News on Monday that after the case “originally was reported to our department, we in turn requested that the FBI assume the case, which they did.”

Scharf added that in their records, Fry was “listed as a suspect at the time we took the case.”


The magazine says when it shared Mastermind365’s messages with Stern to see if she could identify who wrote them, she determined that it was Fry.

“It’s definitely him,” she told Harper’s, saying that the user wrote “thankyou” as one word – something Fry would do as well – and that the date of the murder request, July 15, happened to be the same day she informed Fry she was seeing somebody new.

When Fry was approached at his home by The Daily Mail newspaper this week, he said “I can’t believe what I’m hearing and what she’s accusing me of.

“I’m traumatized and hurt that she would even think that it could be me,” he added.

Fry also told The Daily Mail that nobody from the FBI has reached out to him and denied Stern’s claims.

“Sometimes I write thank you as one word and sometimes two,” he said. “I have bad grammar but that doesn’t mean I’m guilty of ordering somebody’s murder.”


He added: “All I did when she told me about her new boyfriend was delete all her pictures and messages and de-friend her from Facebook. I’ve never spoken to her since.”

He continued: “None of the things that Alexis has pointed out is concrete evidence against me. It’s just flimsy nonsense. She’s understandably worried that somebody wants her killed and is looking for a scapegoat, who just happens to be me.”

Source link

The post #deepweb | <p> British accountant denies trying to hire hitman on the dark web to kill his ex-girlfriend in the US: report <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Implementation of Security Council resolution 2334 (2016) – Report of the Secretary-General (S/2019/938) [EN/AR] – occupied Palestinian territory

Source: National Cyber Security – Produced By Gregory Evans

I. Introduction

  1. The present report, the twelfth quarterly report on the implementation of Security Council resolution 2334 (2016), provides a review and assessment of the implementation of the resolution since my previous report on the subject, which was delivered orally by my Special Coordinator for the Middle East Peace Process and Personal Representative to the Palestine Liberation Organization and the Palestinian Authority, on 20 September 2019. The report covers developments from 12 September to 6 December 2019.

II. Settlement activities

  1. In its resolution 2334 (2016), the Security Council reaffirmed that the establishment by Israel of settlements in the Palestinian territory occupied since 1967, including East Jerusalem, had no legal validity and constituted a flagrant violation under international law and a major obstacle to the achievement of the two-State solution and a just, lasting and comprehensive peace. In the same resolution, the Council reiterated its demand that Israel immediately and completely cease all settlement activities in the Occupied Palestinian Territory, including East Jerusalem, and that it fully respect all of its legal obligations in that regard. No such steps were taken during the reporting period.

  2. During the reporting period, some 3,000 housing units in the occupied West Bank, including 300 in East Jerusalem, were advanced or approved by the Israeli authorities. The plans include 182 units in Mevo’ot Yericho, an outpost in the Jordan Valley that the Government of Israel decided, on 15 September, to retroactively legalize as a new settlement. Other notable plans include 382 units in Dolev, west of Ramallah, and 609 units in the large urban settlement of Beitar Elit, west of Bethlehem. Some 40 per cent of the units advanced are to be built in outlying locations, deep inside the occupied West Bank. No new tenders were announced.

  3. On 15 September, a new farm comprising one portable housing unit was reportedly established by Israeli settlers in Umm al-Hawa, east of the Kedar settlement, in Area C of the West Bank. The settlers reportedly claimed that they had bought the land from the Palestinian owners, which the latter deny. A petition was filed by the owners before the High Court of Justice, where a discussion is scheduled for 20 January 2020.

  4. On 1 December, the Defense Minister of Israel instructed the Civil Administration to act “to advance planning procedures” for a new structure for Israeli settlers in the wholesale market in the Old City of Hebron.

  5. On several occasions during the reporting period, Israeli authorities reportedly demolished structures or prevented construction in settlement outposts, including near Yitzhar, Bat Ayin and Kokhav HaShahar, resulting in clashes between settlers and Israeli security forces.

  6. During the reporting period, demolitions and seizures of Palestinian-owned structures continued across the occupied West Bank, including East Jerusalem. Citing the absence of Israeli-issued building permits, which remain almost impossible for Palestinians to obtain, Israeli authorities demolished or seized 150 structures, resulting in the displacement of 260 people, including 133 children and some 60 women, and leaving 1,800 others affected. A total of 16 of the structures were demolished on the basis of military order No. 1797, which authorizes an expedited process that gives owners only 96 hours to demonstrate that they possess a valid building permit. The demolitions in Area C included 26 donor-funded structures.

Source link

The post #deepweb | <p> Implementation of Security Council resolution 2334 (2016) – Report of the Secretary-General (S/2019/938) [EN/AR] – occupied Palestinian territory <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | 4th Global Report on Adult Learning and Education: Leave No One Behind: Participation, Equity and Inclusion – World

Source: National Cyber Security – Produced By Gregory Evans

UNESCO report shows fewer than 5% of people in many countries benefit from adult learning opportunities

Paris, 04 December—In almost one-third of countries, fewer than five per cent of adults aged 15 and above participate in education and learning programmes, according to UNESCO’s fourth Global Report on Adult Learning and Education (GRALE 4). Adults with disabilities, older adults, refugees and migrants, minority groups and other disadvantaged segments of society are particularly under-represented in adult education programmes and find themselves deprived of crucial access to lifelong learning opportunities.

Published by the UNESCO Institute for Lifelong Learning, the report monitors the extent to which UNESCO Member States put their international commitments regarding adult learning and education into practice and reflects data submitted by 159 countries. It calls for a major change in the approach to adult learning and education (ALE) backed by adequate investment to ensure that everyone has the opportunity to access and benefit from adult learning and education and that its full contribution to the 2030 Agenda for Sustainable Development is realized.

“We urge governments and the international community to join our efforts and take action to ensure that no one – no matter who they are, where they live or what challenges they face – is left behind where the universal right to education is concerned,” says UNESCO Director-General Audrey Azoulay, endorsing the report’s recommendations. “By ensuring that donor countries respect their aid obligations to developing countries, we can make adult learning and education a key lever in empowering and enabling adults, as learners, workers, parents, and active citizens.”

The publication stresses the need to increase national investment in ALE, reduce participation costs, raise awareness of benefits, and improve data collection and monitoring, particularly for disadvantaged groups.

Progress in participation in adult learning and education is insufficient

Despite low participation overall, many more than half of responding countries (57% of 152) reported an increase in the overall participation rate in adult learning and education between 2015 and 2018. Low-income countries reported the largest increase in ALE participation (73%), trailed by lower middle income and upper middle income countries (61% and 62%).

Most increases in adult learning and education participation were in sub-Saharan Africa (72% of respondents), followed by the Arab region (67%), Latin America and the Caribbean (60%) and Asia and the Pacific (49%). North America and Western Europe reported fewest increases (38%) though starting from higher levels.

The data shows persistent and deep inequalities in participation and that key target groups such as adults with disabilities, older adults, minority groups as well as adults living in conflict-affected countries are not being reached.

Women’s participation must improve further

While the global report shows that women’s participation in ALE has increased in 59 per cent of the reporting countries since 2015, in some parts of the world, girls and women still do not have sufficient access to education, notably to vocational training, leaving them with few skills and poor chances of finding employment and contributing to the societies they live in, which also represents an economic loss for their countries.

Quality is improving but not fast enough

Quality ALE can also provide invaluable support to sustainable development and GRALE 4 shows that three-quarters of countries reported progress in the quality of education since 2015. Qualitative progress is observed in curricula, assessment, teaching methods and employment conditions of adult educators. However, progress in citizenship education, which is essential in promoting and protecting freedom, equality, democracy, human rights, tolerance and solidarity, remained negligible. No more than 3% of countries reported qualitative progress in this area.

Increase in funding for adult learning and education needed

GRALE 4 shows that over the last ten years, spending on adult learning and education has not reached sufficient levels, not only in low-income countries but also in lower middle income and high-income countries. Nearly 20% of Member States reported spending less than 0.5 per cent of their education budgets on ALE and a further 14% reported spending less than 1 per cent. This information demonstrates that many countries have failed to implement the intended increase in ALE financing proposed in GRALE 3 and that ALE remains underfunded. Moreover, under-investment hits socially disadvantaged adults the hardest. Lack of funding also hampers the implementation of new policies and efficient governance practices.

Source link

The post #deepweb | <p> 4th Global Report on Adult Learning and Education: Leave No One Behind: Participation, Equity and Inclusion – World <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #infosec | Major data center provider hit by ransomware attack, claims report

Source: National Cyber Security – Produced By Gregory Evans CyrusOne, a major provider of enterprise data center services, is reported to have suffered a ransomware attack. The Dallas-headquartered company, which operates more than 30 data centers across the United States, China, London, and Singapore, is reported by ZDnet to have had some of its systems […] View full post on

#infosec | US Hospitals Fined $2.175M for “Refusal to Properly Report” Data Breach

Source: National Cyber Security – Produced By Gregory Evans An American health services provider has agreed to pay a fine of $2.175m after refusing to properly notify Health and Human Services of a data breach. In April of 2017, a complaint regarding Sentara Hospitals was received by the Department of Health and Human Services (HHS). The complainant said […] View full post on