Kriston Capps is a staff writer for CityLab covering housing, architecture, and politics. He previously worked as a senior editor for Architect magazine.
Rep. Matt GaetzMatthew (Matt) GaetzThe Hill’s Morning Report – Biden, McConnell agree on vaccines, clash over infrastructure Katie Hill: Gaetz ‘needs to be held responsible’ if sex allegations true Meghan […]
View full post on National Cyber Security
Online scams have been increased these days. Many complaints have been filed about the illegal money transactions and several bank accounts have been hacked by hackers. It’s an alert for employees who have Employees’ Provident Fund (EPF) saving account as fraudsters can target your account too.
A recent case has come to light where a 68-year-old, retired man named Rajendra Khanna just saved himself from paying Rs 20,000 to a fraudster.
Know how scammer can empty your account:
According to the reports in Moneycontrol, the old man received a call from an unknown number who claimed himself an employee of the Employees’ Provident Fund Organisation (EPFO). He asked Khanna about his personal details like mobile number, Aadhaar number, Permanent account number (PAN), email id, last employment details and universal account number (UAN), etc. Khanna thought the man is the staff of EPFO and hence, he gave all details he asked on a phone call.
Report also said that the fraudster told Khanna that since he had worked between 1990 and 2019, therefore, he is eligible to get a benefit of Rs 80,000 from the EPFO. The scammer continued saying that EPFO has decided to give some benefits to the unclaimed corpus with randomly selected EPFO subscribers. He also trapped Khanna by making false promises that to claim this amount he need to transfer Rs 20,000 as a commission to a particular bank account and get Rs 80,000 credited to his bank account later without hassles.
All efforts of the scammer go in waste when Khanna decided to cross-check him by visiting the official website of the EPFO after putting his call on hold. After visiting the official website, Khanna found a pop-up message with an alert that said, “EPFO never asks you to share your personal details such as Aadhaar / PAN / UAN over the phone. Also, EPFO never calls any member/subscriber to deposit any amount in any bank account for processing an unclaimed amount. Please do not respond to such fake calls.”
After reading the notice, Khanna immediately disconnected the call. Later, the fraudster was unreachable when Khanna tried to contact him again for the fraud explanation.
These days scammers are targeting EPFO subscribers by making false promises so as to transfer one balance in the PF account to a fraud bank account.
In case, you get any such call then immediately rushed to the cyber-police department in your area and lodge a first information report (FIR) report. Also, notify EPFO about the same to keep their eyes on the account if unauthorized activity happening in your PF account.
Due to the increasing use of digital payment and social media, online scams have been increased. What one can do to save himself/herself from such traps, just beware of such fake calls and never give any personal details to an anonymous person.
View full post on National Cyber Security
Data breaches are expensive. By now, most organizations are well aware of this fact. When it comes to resource planning, however, SecOps teams need concrete data to ensure adequate funding is available to handle a breach.
Taking a look at recent breaches and industry analysis can help.
IBM conducts an annual “Cost of a Data Breach” study as the basis for a global analysis of the cost impact of data breaches. According to the study, the average cost of a data breach in the U.S. is growing:
· 2017: $7.35 million
· 2018: $7.91 million
· 2019: $8.19 million
Between 2017 and 2019, the average financial impact of a data breach at a U.S. based company rose 10 percent. Companies that experience “mega breaches” involving millions of records can expect to pay anywhere from $40 million to $350 million to clean up the mess.
IBM expects these figures to continue climbing in the coming year.
A data breach is not limited to a single incident to be mitigated in just a few days. IBM estimates that it takes companies an average of 280 days to fully recover from a breach. Responding to these breaches extends beyond addressing the root cause of the hack.
Companies must satisfy notification requirements, preserve affected documents and logs, and address potential PR concerns. If the breach involved PHI (protected health information) or identifying information like Social Security Numbers, the response becomes even more complicated. Most companies will need to hire outside legal consultants to ensure a proper response has taken place.
Beyond these immediate issues, companies that experience a data breach will face “long-tail” costs, those occurring beyond a year year after a breach. These costs include class action lawsuits, regulatory fines, and the potential loss of customers who have lost trust in the company. IBM estimates that lost business accounts for 36 percent of the average total data breach cost.
Not only will the cost of a data breach increase, so will the odds that a given company will experience a breach.
Companies are more than 30 percent more likely to experience a breach in the coming years, according to IBM. The Herjavec Group estimates that a ransomware attack will affect a new business every 11 seconds by 2021.
The risk of a data breach is not a vague threat intended to scare companies into investing more in backend security response. The risk is simply the reality companies must overcome to protect their clients’ data and their own future success. Bad actors are here to stay, unfortunately, and they are becoming savvier all the time.
Still, companies can make proactive decisions to reduce the risk of a data breach. Key actions that can help include:
· Establishing in-house incident response capabilities
· Integrating advanced machine-learning AI into security platforms
· Increased cybersecurity education for all employees
· Creating DevSecOps teams who address data security from the start of the development process
IBM estimates that the presence of an in-house incident response team has a significant impact on reducing data breach costs. Using incident response teams can reduce the cost of a data breach by an average of 10.5 percent, a figure that can save companies hundreds of thousands of dollars.
Don’t wait until you’re in response mode to come up with a data security strategy. MixMode’s third-wave, machine-learning AI detects vulnerabilities before they attract bad actors, giving our clients the upper hand when it comes to cybersecurity.
Machine learning is a subset of AI that adds automation and intelligence to computer programs. A music platform that can predict which songs and artists a listener will likely enjoy is one example of machine learning at work.
MixMode takes the concept of machine-learning a few steps further. Not only could our context-aware AI make accurate song predictions, but it could also actually create original music compositions in the same vein.
While today’s hackers and cybercriminals are often well-versed in typical machine-learning AI, MixMode’s unique context-aware AI is a world apart.
Our platform takes a deep dive into your network to develop a baseline level of knowledge it will use to evaluate network anomalies. The result is at least a 12 percent reduction in the cost of detecting and responding to data breaches. That’s what happens when SecOps teams don’t have to wade through a mountain of false positives to address real issues.
Learn how MixMode can ensure your organization won’t become the next company to make the news thanks to a data breach. Reach out to MixMode today to set up a demo.
Network Data: The Best Source for Actionable Data in Cybersecurity
Using the MixMode query language to integrate with Splunk
3 Cyberthreats Facing Federal and State Governments in 2020
Staying CCPA Compliant with MixMode’s Unsupervised AI
5 Cybersecurity Threats That Will Dominate 2020
Wire Data: What is it Good For?
Yesterday’s SIEM Solutions Can’t Combat Today’s Cyberthreats
View full post on National Cyber Security
Samsung Electronics just released fourth-quarter earnings that told much the same story as the rest of 2019. Revenue was more or less flat year-on-year — up 1 percent to 59.9 trillion won ($50.7 billion) — while operating profit slid 34 percent to 7.1 trillion won ($6 billion).
The primary reason for the decline remains the fall in prices of memory chips, Samsung’s biggest profit driver in recent years. The display panel business also saw profits fall year-on-year due to weak demand. The mobile division, on the other hand, did better than a year ago, with Samsung calling out “solid” flagship sales and the profitability of phones like the Galaxy A series.
Samsung is hoping that the wider adoption of 5G in 2020 will improve its numbers more or less across the board. The 5G upgrade cycle is likely to help the mobile division, of course, but Samsung notes it should be able to increase memory sales to handset manufacturers and data center companies. The company also plans to develop integrated 5G chips for mass-market smartphones, and expects demand for its OLED displays and high-resolution phone camera sensors to increase.
Samsung cautions, however, that the “actual pace of 5G expansion … remains to be seen,” which probably isn’t the last time we’ll hear that in a tech company’s forecasts this year. How that shakes out in practice is going to have a major effect on Samsung in particular over the next year, since so many areas of its business are involved directly or indirectly.
The post #comptia | Samsung hopes 5G will save its slumping profits this year appeared first on National Cyber Security.
View full post on National Cyber Security
With the next census, for the first time ever, respondents will be able to fill out their questionnaires online. This marks a major transition for the count, which guides the apportionment of seats in Congress and the disbursement of hundreds of billions of dollars in federal funds. Giving Americans the option to fill out the 2020 census by laptop or smartphone means dragging Article 1, Section 2 of the U.S. Constitution into the 21st century. For better or for worse.
Worries over the looming census run beyond the typical concerns about underfunding and understaffing (although those are fraying nerves this time around also). Putting the census online opens a Pandora’s box of new risks, including meddling from hackers and scammers, and there’s evidence that vultures are already circling. While the first-ever online census introduces challenges for consumer protection and data security, the greatest threat to the census itself may be inequality—specifically, the digital divide.
“Asking people to fill out a form on their phone is quite different and complicated from asking people to use a social media app,” says Greta Byrum, co-director of the Digital Equity Laboratory at the New School.
First, the good news: An overwhelming majority of adults in America know about the census and plan to participate. The brand is strong, according to the Pew Research Center, despite the Trump administration’s failed effort to pin a divisive citizenship question onto the questionnaire. Yet its (quite literal) household-name status also makes it a high-value target for players intent on misleading people.
For example, in October, the Republican National Committee issued a mailer in Bozeman and other areas in Montana that represented itself as a “2019 congressional district census.” The document was really a disguised solicitation for President Donald Trump’s re-election campaign, leading officials in Montana to condemn the “imitation census” as misinformation.
Other census-lookalike forms are designed to lure people to sites where they might be asked for identifying personal information or financial records (even though the census doesn’t ask for these details). “We’ve already seen cases of fake mailers, where they ask people to go to some random URL,” Byrum says. She gives an example of a library patron in Canandaigua, New York, who brought a mimic mailer in to the local library to ask whether it was an official census form.
When the official 2020 census launches next April, the mailers that come to households will direct respondents to a web address and provide them with a unique identifying code. That opens a window for fraud: Bad actors might design convincing spoof sites that look like an official census portal, or they might zero in on (say) a wifi network created for census response by a neighborhood complete count committee. All the usual malware maladies that plague email could be tried against the census, and the same people who are vulnerable to those attacks—older people and those less familiar with online interactions—may be victimized. Other scammers pretend to be Census Bureau staffers and use analog methods of deceit to lure victims into handing over Social Security numbers and other identifying personal information over the phone or at the door. Organizations like AARP have been warning members how to better identify census fraud threats and imposters.
The U.S. Census Bureau’s 2020 data collection push itself could also be a target. When Australia launched its first online census in 2016, it was subject to a distributed denial of service attack that crashed the site, forcing authorities to take it down. Security experts have warned the Bureau that census data will be vulnerable both during transmission and at rest. Earlier this year, officials from the Government Accountability Office testified before the House that the Census Bureau had flagged more than 500 corrective actions to be taken during a cybersecurity risk assessment, nearly half of which were deemed high risk.
“The Census Bureau has been extremely guarded about how they’re building these systems,” Byrum says. “There was a long delay on procurement of these contracts because of the [federal government] shutdown [in 2018–19]. The Census Bureau is really far behind on building the IT systems.”
Delays, budget uncertainties, and lapses in leadership have loomed over the census. While three full trials were planned to test all 50-odd new IT systems for the 2020 Census, the bureau scaled back its preparations to a single dress rehearsal in Rhode Island’s Providence County due to funding shortfalls. “When we went into the end-to-end pilot in Rhode Island in 2018, several of the systems were not completed yet. We haven’t seen them. They haven’t been tested in the field. They’re not going to be tested.”
Even the system for ensuring that the census reaches hard-to-count households is brand new. For the 2010 census, the bureau hired about 160,000 temporary workers known as “listers” to canvas nearly every block in the nation and generate the agency’s master address file (part of a much larger temporary workforce). As a cost-saving mechanism, the Census Bureau scaled back the door-to-door canvassing operation for 2020. The agency is splitting this task into “in-field” and “in-office” efforts. The latter involves sophisticated data analysis techniques, including machine learning and satellite imaging, to generate a profile for places that have added addresses.
As a result, the Census Bureau is only physically canvassing a quarter of the blocks that the agency covered for the last census. During the single (and only) end-to-end trial conducted of the census, the in-office (digital) canvassing results differed from the in-field (analog) canvassing results for 61 percent of the blocks tested, according to a final internal report on the trial.
“If there’s an over-representation of folks who have internet at home, we don’t know that the nonresponse follow-up systems as it exists is going to be able to identify who has not been counted,” Byrum says. “We’re not sure there’s any corrective mechanism to identify or measure an undercount.”
There won’t be another dress rehearsal before Census Day (April 1, 2020). The 2018 practice run in Providence County did not exactly inspire confidence, according to James Diossa, the mayor of Central Falls, Rhode Island. Outreach was nonexistent. Worse still, Commerce Secretary Wilbur Ross announced the citizenship question in March 2018, midway through the test, adding to the confusion. “There was no information, no advertising, no discussions happening from the Census Bureau around this test trial run,” Diossa told CityLab earlier this year.
“Folks would rather not transmit their data through systems that they neither understand nor trust.”
Yet outreach is an enormous obstacle for the 2020 census, thanks to the deep divides in the ways that American reach and use the internet. In New York City, for example, more than 917,000 households lack access to broadband at home—29 percent of the city, per a July report on the census from the Office of the New York City Comptroller. This digital divide tracks neatly with existing borders that define marginalized populations, including race, class, and ethnicity. Nearly half of the homes in Borough Park, Kensington, and Ocean Parkway in Brooklyn lack broadband access at home, while on the Upper East Side that figure is just 15 percent.
Broadband access isn’t the only measure of the digital divide. Sticking with New York, about 38 percent of households without internet access at home pay for data on a mobile device. Smartphones may be ubiquitous among communities of color, particularly in low-income communities, but that isn’t a closing of the digital divide, says Maya Wiley, professor at the New School and founder and co-director of the Digital Equity Laboratory. “Try doing your homework on a mobile phone,” she says.
Black and Hispanic adults, who are more likely to have unreliable access to the internet in the first place, also harbor greater doubts about the census, according to the research from Pew. And no wonder: The Trump administration took great pains to introduce a citizenship question as a way to give an edge to Republicans and non-Hispanic whites. While the effort to add the citizenship question failed, the distrust lingers, and putting the census online raises a whole new category of objection.
“Folks would rather not transmit their data through systems that they neither understand nor trust,” says Melva M. Miller, executive vice president for the Association for a Better New York, a nonprofit that has identified 2020 census outreach as a priority.
Maximizing New York City’s self-response rate is one of her association’s goals going into a census that could see the state as a whole lose billions of dollars in federal funds as well as one or more seats in Congress. Developing messaging to reach hard-to-count communities means coming up with the strategy that’s most likely to reach a trusted figure within a particular demographic, whether that’s a maternal head-of-household, religious leader, or social media platform. And the answer changes wherever you go.
“I was in a conference and sitting on a panel with a woman who is organizing in the state of Arkansas, and she mentioned that there’s been some hesitation among the minority community specifically in Arkansas around filling out the form online. Their preference was to complete the form over the phone,” Miller says. “In our focus groups [in New York], we saw the absolute opposite. Filling out the census over the phone was the least favorite option, even after enumerators knocking on individual doors.”
Public libraries are likely to be the front line in census outreach: That’s where many people who don’t have home access to the internet go to get online. And as trusted arbiters of information across many different communities, librarians have been preparing for the 2020 census for at least two years, according to Larra Clark, deputy director for policy at the Public Library Association (part of the American Library Association). In fact, librarians are already doing some heavy lifting for the 2020 count: They’re helping library users apply for and train for jobs with the Census Bureau, processes that have migrated online with this census.
“Every time we see a government activity move online, whether it’s only online or partly online, every single time we see an impact on our public libraries,” Clark says. “So much about the census is about what public libraries do every day ensuring people have a safe and effective online experience.”
Librarians, faith leaders, and other standard bearers have their work cut out for them. For the 2020 census to succeed, they’ll have to help communities across the country bridge the gulfs of digital illiteracy and lack of accessibility. Success assumes that the government’s untested census technologies hold up to attacks from pirates, hackers, and foreign governments. And if everything works—well, we’ll never know, really. The Census Bureau isn’t conducting a control trial to see how the online census measures up to past efforts.
“If we have a census where a large percentage of the population don’t have faith in the results,”Byrum says, “then we’re in a very poor position when it comes to how we make those decisions or how we litigate going forward regarding these very important issues.”
The post #deepweb | <p> Technology Might Save, or Doom, the 2020 Census <p> appeared first on National Cyber Security.
View full post on National Cyber Security
Homeland Security Secretary Kirstjen Nielsen told senators that most states are being cooperative with the whole-of-government effort to protect voting systems from cyberintrusions, though there are two unnamed states “who aren’t working with us as much as we would like right now.”
Members of the Senate Intelligence Committee grilled Nielsen last week about what is being done to secure the vote in light of Russia’s campaign influence operation in the 2016, and for an inside perspective on that campaign season former DHS Secretary Jeh Johnson joined Nielsen at the witness table.
Chairman Richard Burr (R-N.C.) praised DHS for making “great strides towards better understanding elections, better understanding the states, and providing assistance that makes a difference to the security of our elections.”
“But there’s more to do. There’s a long wait time for DHS premier services. States are still not getting all the information they feel they need to secure their systems,” Burr said. “The department’s ability to collect all the information needed to fully understand the problem is an open question, and attributing cyber attacks quickly and authoritatively is a continuing challenge.”
The chairman stressed that “this issue is urgent — if we start to fix these problems tomorrow, we still might not be in time to save the system for 2016 and 2020.”
Vice-Chairman Mark Warner (D-Va.) noted that in 2016 Russian actors “were able to penetrate Illinois’ voter registration database and access 90,000 voter registration records — they also attempted to target the election systems of at least 20 other states.”
“The intelligence community’s assessment last January concluded that Russia secured and maintained access to multiple elements of U.S. state and local election boards,” he said. “And the truth is clear that 2016 will not be the last of their attempts.”
Nielsen described the DHS arm of the election security mission as providing “assistance and support to those officials in the form of advice, intelligence, technical support, incident response planning, with the ultimate goal of building a more resilient, redundant, and secure election enterprise.”
“Our services are voluntary and not all election officials accept our offer of support. We continue to offer it; we continue to demonstrate its value. But in many cases state and local officials have their own resources and simply don’t require the assistance that we’re offering,” she said.
So far, the secretary told senators, “more than half” of states have signed up for DHS’ cyber hygiene scanning service, an automated remote scan “that gives state and local officials a report identifying vulnerabilities and offering recommendations to mitigate them.”
Another tool DHS is using is information sharing directly with election officials “through trusted third parties such as the Multi-State Information Sharing and Analysis Center, or MS-ISAC, and we look forward to the creation of the Election ISAC.”
Nielsen emphasized the need to “rapidly share information about potential compromises with the broader community so that everyone can defend their systems.”
“This collective defense approach makes all election systems more secure,” she said. “We’re also working with state election officials to share classified information on specific threats, including sponsoring up to three officials per state with security clearances and providing one-day read-ins as needed when needed, as we did in mid-February for the secretaries of state and election directors. We are also working with the intelligence community to rapidly declassify information to share with our stakeholders.”
Unlike DHS’ posture in 2016, Nielsen said the department now knows which person to contact in every state to share threat information.
“DHS is leading federal efforts to support and enhance the security of election systems across the country. Yet we do face a technology deficit that exists not just in election infrastructure but across state and local government systems,” she said. “It will require a significant investment over time and will require a whole-of-government solution to ensure continued confidence in our elections.”
Johnson talked about the Obama administration’s reticence to make a wrong move on Russia’s campaign interference and give the appearance that the White House was stepping into the election.
“The reality is that, given our electoral college and our current politics, national elections are decided in this country in a few precincts in a few key swing states. The outcome, therefore, may dance on the head of a pin. The writers of the TV show House of Cards have figured that out. So can others,” Johnson told lawmakers, adding he’s “pleased by reports that state election officials to various degrees are now taking serious steps to fortify cybersecurity of their election infrastructure and that the Department of Homeland Security is currently taking serious steps to work with them in that effort.”
Nielsen said DHS is trying to get security clearances for those three election contact persons in each state, but only “about 20” of those 150 officials have received the full clearance. “We’re granting interim secret clearances as quickly as we can,” she said, adding later that they’re “widely using day read-ins now, so we’re not going to let security clearances hold us up.”
The secretary said “a lot of work” has been accomplished at DHS over the past year on “related processes,” including working with the intelligence community to declassify information as “some of the information does not originate within DHS, so we need to work with our partners to be able to share it.”
“The second one is on victim notification. We have a role there, but so does FBI and so does MS-ISAC, which in this case the Multi-State Information Sharing and Analysis Center was in some cases the first organization to identify some of the targeting,” Nielsen said. “So we have to work with whomever originates the information. We all have different roles. So we’ve worked to pull it all together so that we can quickly notify victims of what has occurred.”
Pressed on the current level of cyber threat from malicious actors heading into midterm elections, Nielsen replied that “the threat remains high.”
“We think vigilance is important, and we think there is a lot that we all need to do at all levels of government before we have the midterm elections,” she said. “I will say our decentralized nature both makes it difficult to have a nationwide effect, but also makes it perhaps of greater threat at a local level. And, of course, if it’s a swing state or swing area that can, in turn, have a national effect.”
“So what we’re looking at is everything from registration and validation of voters — so those are the databases, through to the casting and the tabulation of votes, through to the transmission — the election night reporting, and then, of course, the — the certification and the auditing on the back end. All of those are potential vulnerabilities. All of those require different tools and different attention by state and locals,” Nielsen continued, adding that the federal government continues to work with state and local jurisdictions “to also help them look at physical security.”
“They need to make sure that the locations where the voting machines are kept, as well as the tabulation areas, they need access control and very traditional security like we would in other critical infrastructure areas,” she said.
Johnson told senators that “with the benefit of two years’ hindsight it does seem plain… that the Russian effort has not been contained; it has not been deterred.”
“In my experience, superpowers respond to sufficient deterrence and will not engage in behavior that is cost prohibitive. Plainly, that has not occurred and more needs to be done,” the former DHS chief said. “With the benefit of hindsight, the sanctions we issued in late December  have not worked as an effective deterrent and it’s now on the current administration to add to those and follow through on those.”
View full post on National Cyber Security Ventures
On Wall Street, backing up data now comes with a code name.
Nearly three dozen banks are leading a group called Sheltered Harbor that’s designed to protect consumers’ access to their data in the event a financial institution is hacked. Banks, credit unions and brokerages representing 400 million accounts — or 70 percent of U.S. retail accounts and 60 percent of U.S. brokerage accounts — have signed up to be part of the effort, which went live earlier this year.
Sheltered Harbor requires members to encrypt their customer account data and store it in a vault that is both survivable and accessible in case of a cybersecurity incident, according to the group’s website. If a breach does occur, the affected bank must retrieve and transmit its data to another financial institution, which can load it onto its core platform. That way customers of the hacked bank can still access their account information.
“The focus is on really trying to protect the consumers’ access to their assets,” Steve Silberstein, chief executive officer of Sheltered Harbor, said in a telephone interview. “We have to continue to make the system safer, and it continues to require some amount of sharing and some amount of cooperation to do that.”
For large global banks, it costs $50,000 to participate in Sheltered Harbor, which helps the firms coordinate responses to a cyber attack. For everyone else, fees are based on the amount of assets each one has and can range from $250 to $25,000, according to the group’s website.
The group was formed in November 2016 and its recent progress was reported Sunday by The Wall Street Journal.
Sheltered Harbor is a subsidiary of the Financial Services Information Sharing and Analysis Center — or FS-ISAC. Phil Venables, chief operational risk officer at Goldman Sachs Group Inc., and James Rosenthal, former chief operating officer at Morgan Stanley, are co-chairs of the project, according to a press release from FS-ISAC.
The group was formed after banks participated in an exercise in 2015 that was run by FS-ISAC and the U.S. Treasury Department called the Hamilton Series. The exercise exposed how data breaches could hurt consumer confidence in the financial system, even if the incident occurred at a regional or community bank.
Sheltered Harbor does not hold any of the bank account data. Instead, it has created the standards for joining the group and monitors banks’ adherence to those standards, said Silberstein, who was previously the chief technology officer at Sungard Data Systems Inc.
View full post on National Cyber Security Ventures
A new breakthrough in quantum computing may mean quantum key distribution (QKD) is on its way toward being a practical cybersecurity protocol.
View full post on National Cyber Security Ventures
Source: National Cyber Security – Produced By Gregory Evans Cyberattacks we’ve seen to date have been child’s play relative to what’s possible, according to a government expert. We could soon see how bad it can get — and our best defense may be highly capable cyber-warriors. “Sometime in the next few years, we’re going to […] View full post on AmIHackerProof.com | Can You Be Hacked?