now browsing by tag
Apple dropped plans to offer end-to-end encrypted cloud back-ups to its global customer base after the FBI complained, a new report has claimed.
Citing six sources “familiar with the matter,” Reuters claimed that Apple changed its mind over the plans for iCloud two years ago after the Feds argued in private it would seriously hinder investigations.
The revelations put a new spin on the often combative relationship between the law enforcement agency and one of the world’s biggest tech companies.
The two famously clashed in 2016 when Apple refused to engineer backdoors in its products that would enable officers to unlock the phone of a gunman responsible for a mass shooting in San Bernardino.
Since then, both FBI boss Christopher Wray, attorney general William Barr and most recently Donald Trump have taken Apple and the wider tech community to task for failing to budge on end-to-end encryption.
Silicon Valley argues that it’s impossible to provide law enforcers with access to encrypted data in a way which wouldn’t undermine security for hundreds of millions of law-abiding customers around the world.
They are backed by world-leading encryption experts, while on the other side, lawmakers and enforcers have offered no solutions of their own to the problem.
Apple’s decision not to encrypt iCloud back-ups means it can provide officers with access to target’s accounts. According to the report, full device backups and other iCloud content was handed over to the US authorities in 1568 cases in the first half of 2019, covering around 6000 accounts.
Apple is also said to have handed the Feds the iCloud backups of the Pensacola shooter, whose case sparked another round of calls for encryption backdoors from Trump and others.
It’s not 100% clear if Apple dropped its encryption plan because of the FBI complaint, or if it was down to more mundane usability issues. Android users are said to be able to back-up to the cloud without Google accessing their accounts.
#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
The post #infosec | Apple Dropped iCloud Encryption Plans After FBI Complaint: Report appeared first on National Cyber Security.
View full post on National Cyber Security
Check Point Research has published its 2020 Cyber Security Report.
The report highlights the main tactics cyber-criminals are using to attack organisations worldwide across all industries and gives cybersecurity professionals and C-Level executives the information they need to protect their organisations from today’s fifth-generation cyber-attacks and threats.
The 2020 Security Report reveals the key attack vectors and techniques observed by Check Point researchers during the past year.
Cryptominers still dominate malware landscape – Even though cryptomining declined during 2019, linked to cryptocurrencies’ fall in value and the closure of the Coinhive operation in March, 38% of companies globally were impacted by crypto-miners in 2019, up from 37% in 2018.
This is because the use of cryptominers remains a low-risk, high-reward activity for criminals
Botnet armies surge in size – 28% of organisations globally were hit by botnet activity, an increase of over 50% compared with 2018.
Emotet was the most common bot malware used, primarily because of its versatility in enabling malware and spam distribution services.
Other botnet actions such as sextortion email activity and DDoS attacks also rose sharply in 2019.
Targeted ransomware hits hard – While the number of impacted organisations is relatively low, the severity of the attack is much higher – as seen in 2019’s damaging attacks against US city administrations.
Criminals are choosing their ransomware targets carefully, with the aim of extorting the maximum revenue possible.
Mobile attacks decline – 27% of organisations worldwide were impacted by cyber-attacks that involved mobile devices in 2019, down from 33% in 2018.
While the mobile threat landscape is maturing, organisations are also increasingly aware of the threat, and are deploying more protection on mobiles.
The year Magecart attacks became an epidemic – These attacks which inject malicious code into e-commerce websites to steal customers’ payment data hit hundreds of sites in 2019, from hotel chains to from commerce giants to SMBs, across all platforms.
Rise in cloud attacks – Currently more than 90% of enterprises use cloud services and yet 67% of security teams complain about the lack of visibility into their cloud infrastructure, security, and compliance.
The magnitude of cloud attacks and breaches has continued to grow in 2019.
Misconfiguration of cloud resources is still the number one cause for cloud attacks, but now we also witness an increasing number of attacks aimed directly at cloud service providers.
“2019 presented a complex threat landscape where nation states, cybercrime organisations and private contractors accelerated the cyber arms race, elevating each other’s capabilities at an alarming pace, and this will continue into 2020,” says Check Point Software Technologies major intelligence officer Lotem Finkelsteen.
“Even if an organisation is equipped with the most comprehensive, state-of-the-art security products, the risk of being breached cannot be completely eliminated. Beyond detection and remediation, organisations need to adopt a proactive plan to stay ahead of cybercriminals and prevent attacks.
“Detecting and automatically blocking the attack at an early stage can prevent damage. Check Point’s 2020 Security Report shares what organisations need to look out for, and how they can win the war against cyber-attacks through key best practices.”
Check Point’s 2020 Security Report is based on data from Check Point’s ThreatCloud intelligence, the largest collaborative network for fighting cybercrime which delivers threat data and attack trends from a global network of threat sensors; from Check Point’s research investigations over the last 12 months; and on a brand new survey of IT professionals and C-level executives that assesses their preparedness for today’s threats.
The report examines the latest emerging threats against various industry sectors, and gives a comprehensive overview of the trends observed in the malware landscape, in emerging data breach vectors, and in nation-state cyber-attacks.
It also includes analysis from Check Point’s thought leaders, to help organisations understand and prepare themselves for today’s and tomorrow’s complex threat landscape.
The post #comptia | #ransomware | Check Point report highlights latest cyber-threats worldwide appeared first on National Cyber Security.
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans The debate over who the CISO should report to is a hot topic among security professionals, and that shows no sign of changing soon. That’s because there is still no standard or clear-cut answer. Ask CISOs themselves for their opinion, and you will get a variety […] View full post on AmIHackerProof.com
Graham Cluley Security News is sponsored this week by the folks at LastPass. Thanks to the great team there for their support!
LastPass has analyzed over 47,000 businesses to bring you insights into security behavior worldwide. The report helps you explore changes in password security practices worldwide, and see where businesses are still putting themselves at risk.
The takeaway is clear: Many businesses are making significant strides in some areas of password and access security – but there is still a lot of work to be done. Use of important security measures like multifactor authentication is up, but the continued reality of poor password hygiene still hampers many business’ ability to achieve high standards of security.
In the report, we not only highlight key trends by company size, sector, and location, we provide analysis and recommendations to help IT and business leaders take action where it’s needed most.
If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
The post #cybersecurity | #infosec | LastPass releases its 3rd Annual Global Password Security report appeared first on National Cyber Security.
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans Quality Sport Images/Getty Images Raphael Varane scored twice as Real Madrid beat Getafe 3-0 in their first La Liga match of 2020 on Saturday at the Coliseum Alfonso Perez. Los Blancos took the lead on 34 minutes after goalkeeper David Soria failed to punch Ferland Mendy’s cross clear, […] View full post on AmIHackerProof.com
#deepweb | Implementation of Security Council resolution 2334 (2016) – Report of the Secretary-General (S/2019/938) [EN/AR] – occupied Palestinian territory
- The present report, the twelfth quarterly report on the implementation of Security Council resolution 2334 (2016), provides a review and assessment of the implementation of the resolution since my previous report on the subject, which was delivered orally by my Special Coordinator for the Middle East Peace Process and Personal Representative to the Palestine Liberation Organization and the Palestinian Authority, on 20 September 2019. The report covers developments from 12 September to 6 December 2019.
II. Settlement activities
In its resolution 2334 (2016), the Security Council reaffirmed that the establishment by Israel of settlements in the Palestinian territory occupied since 1967, including East Jerusalem, had no legal validity and constituted a flagrant violation under international law and a major obstacle to the achievement of the two-State solution and a just, lasting and comprehensive peace. In the same resolution, the Council reiterated its demand that Israel immediately and completely cease all settlement activities in the Occupied Palestinian Territory, including East Jerusalem, and that it fully respect all of its legal obligations in that regard. No such steps were taken during the reporting period.
During the reporting period, some 3,000 housing units in the occupied West Bank, including 300 in East Jerusalem, were advanced or approved by the Israeli authorities. The plans include 182 units in Mevo’ot Yericho, an outpost in the Jordan Valley that the Government of Israel decided, on 15 September, to retroactively legalize as a new settlement. Other notable plans include 382 units in Dolev, west of Ramallah, and 609 units in the large urban settlement of Beitar Elit, west of Bethlehem. Some 40 per cent of the units advanced are to be built in outlying locations, deep inside the occupied West Bank. No new tenders were announced.
On 15 September, a new farm comprising one portable housing unit was reportedly established by Israeli settlers in Umm al-Hawa, east of the Kedar settlement, in Area C of the West Bank. The settlers reportedly claimed that they had bought the land from the Palestinian owners, which the latter deny. A petition was filed by the owners before the High Court of Justice, where a discussion is scheduled for 20 January 2020.
On 1 December, the Defense Minister of Israel instructed the Civil Administration to act “to advance planning procedures” for a new structure for Israeli settlers in the wholesale market in the Old City of Hebron.
On several occasions during the reporting period, Israeli authorities reportedly demolished structures or prevented construction in settlement outposts, including near Yitzhar, Bat Ayin and Kokhav HaShahar, resulting in clashes between settlers and Israeli security forces.
During the reporting period, demolitions and seizures of Palestinian-owned structures continued across the occupied West Bank, including East Jerusalem. Citing the absence of Israeli-issued building permits, which remain almost impossible for Palestinians to obtain, Israeli authorities demolished or seized 150 structures, resulting in the displacement of 260 people, including 133 children and some 60 women, and leaving 1,800 others affected. A total of 16 of the structures were demolished on the basis of military order No. 1797, which authorizes an expedited process that gives owners only 96 hours to demonstrate that they possess a valid building permit. The demolitions in Area C included 26 donor-funded structures.
The post #deepweb | <p> Implementation of Security Council resolution 2334 (2016) – Report of the Secretary-General (S/2019/938) [EN/AR] – occupied Palestinian territory <p> appeared first on National Cyber Security.
View full post on National Cyber Security
#deepweb | 4th Global Report on Adult Learning and Education: Leave No One Behind: Participation, Equity and Inclusion – World
UNESCO report shows fewer than 5% of people in many countries benefit from adult learning opportunities
Paris, 04 December—In almost one-third of countries, fewer than five per cent of adults aged 15 and above participate in education and learning programmes, according to UNESCO’s fourth Global Report on Adult Learning and Education (GRALE 4). Adults with disabilities, older adults, refugees and migrants, minority groups and other disadvantaged segments of society are particularly under-represented in adult education programmes and find themselves deprived of crucial access to lifelong learning opportunities.
Published by the UNESCO Institute for Lifelong Learning, the report monitors the extent to which UNESCO Member States put their international commitments regarding adult learning and education into practice and reflects data submitted by 159 countries. It calls for a major change in the approach to adult learning and education (ALE) backed by adequate investment to ensure that everyone has the opportunity to access and benefit from adult learning and education and that its full contribution to the 2030 Agenda for Sustainable Development is realized.
“We urge governments and the international community to join our efforts and take action to ensure that no one – no matter who they are, where they live or what challenges they face – is left behind where the universal right to education is concerned,” says UNESCO Director-General Audrey Azoulay, endorsing the report’s recommendations. “By ensuring that donor countries respect their aid obligations to developing countries, we can make adult learning and education a key lever in empowering and enabling adults, as learners, workers, parents, and active citizens.”
The publication stresses the need to increase national investment in ALE, reduce participation costs, raise awareness of benefits, and improve data collection and monitoring, particularly for disadvantaged groups.
Progress in participation in adult learning and education is insufficient
Despite low participation overall, many more than half of responding countries (57% of 152) reported an increase in the overall participation rate in adult learning and education between 2015 and 2018. Low-income countries reported the largest increase in ALE participation (73%), trailed by lower middle income and upper middle income countries (61% and 62%).
Most increases in adult learning and education participation were in sub-Saharan Africa (72% of respondents), followed by the Arab region (67%), Latin America and the Caribbean (60%) and Asia and the Pacific (49%). North America and Western Europe reported fewest increases (38%) though starting from higher levels.
The data shows persistent and deep inequalities in participation and that key target groups such as adults with disabilities, older adults, minority groups as well as adults living in conflict-affected countries are not being reached.
Women’s participation must improve further
While the global report shows that women’s participation in ALE has increased in 59 per cent of the reporting countries since 2015, in some parts of the world, girls and women still do not have sufficient access to education, notably to vocational training, leaving them with few skills and poor chances of finding employment and contributing to the societies they live in, which also represents an economic loss for their countries.
Quality is improving but not fast enough
Quality ALE can also provide invaluable support to sustainable development and GRALE 4 shows that three-quarters of countries reported progress in the quality of education since 2015. Qualitative progress is observed in curricula, assessment, teaching methods and employment conditions of adult educators. However, progress in citizenship education, which is essential in promoting and protecting freedom, equality, democracy, human rights, tolerance and solidarity, remained negligible. No more than 3% of countries reported qualitative progress in this area.
Increase in funding for adult learning and education needed
GRALE 4 shows that over the last ten years, spending on adult learning and education has not reached sufficient levels, not only in low-income countries but also in lower middle income and high-income countries. Nearly 20% of Member States reported spending less than 0.5 per cent of their education budgets on ALE and a further 14% reported spending less than 1 per cent. This information demonstrates that many countries have failed to implement the intended increase in ALE financing proposed in GRALE 3 and that ALE remains underfunded. Moreover, under-investment hits socially disadvantaged adults the hardest. Lack of funding also hampers the implementation of new policies and efficient governance practices.
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans CyrusOne, a major provider of enterprise data center services, is reported to have suffered a ransomware attack. The Dallas-headquartered company, which operates more than 30 data centers across the United States, China, London, and Singapore, is reported by ZDnet to have had some of its systems […] View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans An American health services provider has agreed to pay a fine of $2.175m after refusing to properly notify Health and Human Services of a data breach. In April of 2017, a complaint regarding Sentara Hospitals was received by the Department of Health and Human Services (HHS). The complainant said […] View full post on AmIHackerProof.com