now browsing by tag
Inmates’ and correctional facilities employees’ data has been sloshed onto the web, unencrypted and unsecured, in yet another instance of a misconfigured cloud storage bucket.
Security researchers at vpnMentor came across the leak on 3 January during a web-mapping project that was scanning a range of Amazon S3 addresses to look for open holes in systems.
The leaky bucket belongs to JailCore, a cloud-based app meant to manage correctional facilities, including by helping to ensure better compliance with insurance standards by doing things like tracking inmates’ medications and activities. That means that the app handles personally identifiable information (PII) that includes detainees’ names, mugshots, medication names, and behaviors: going to the lavatory, sleeping, pacing, or cursing, for example.
JailCore also tracks correctional officers’ names, sometimes their signatures, and their personally filled out observational reports on the detainees.
Some of the PII is meant to be freely available to the public: details such as detainee names, dates of birth and mugshots are already publicly available from most state or county websites within rosters of current inmates. But another portion of the data is not: that portion includes specific medication information and additional sensitive data, vpnMentor says, such as the PII of correctional officers.
JailCore closed down the data leak between 15 and 16 January: 10 or 11 days after vpnMentor notified it about the breach (and about the same time that the security firm reached out to the Pentagon about it). The company initially refused to accept vpnMentor’s disclosure findings, the firm said.
Risk of identity theft
The leaky bucket held 36,077 PDFs of data from an Amazon server belonging to JailCore. The security researchers didn’t open each file, but the records that they did open pertained to correctional facilities in Florida, Kentucky, Missouri, Tennessee and West Virginia.
JailCore says that it’s a startup that’s currently working with six jails, totaling 1,200 inmates. It thinks that a tiny portion of real people’s information was involved in the breach. From one of its comments cited by vpnMentor:
Of those 6 jails, only 1 is using the application to track medication compliance in a 35 inmate jail and only 5 of those 35 inmates in that jail has a prescribed medication. Meaning all other reports with any mention of medication were all used for demonstration purposes only.
JailCore asked vpnMentor to bear in mind that detainees aren’t free citizens, and that’s a whole ‘nuther can of worms when it comes to privacy rights:
These are incarcerated individuals, not free citizens. Meaning, the same privacy laws that you and I enjoy, they do not.
[…] You cannot look at this like an example of a private citizen getting certain private information hacked from the cloud. These are incarcerated individuals who are PROPERTY OF THE COUNTY (this is even printed on their uniforms) … they don’t enjoy our same liberties.
Does that mean that it’s OK to expose prison inmates to the risk of identity theft? vpnMentor’s take on that risk:
Knowing the full name, birthdate, and, yes, even the incarceration record of an individual can provide criminals with enough information to steal that person’s identity. Considering that the person whose identity is stolen is in jail, cut off from normal access to a cellphone or their email, the damage could be even greater, as it will take longer to discover.
When Vice’s Motherboard contacted JailCore, a representative acknowledged that the records were in fact generated by its app and confirmed that JailCore had sealed up the hole. The JailCore rep also told the publication that the company doesn’t think that any of the compromised PII is personally sensitive or compromising in any way.
A tub full of leaky buckets
And thus does JailCore join the Who’s Who list of organizations that have misconfigured their Amazon S3 buckets and thereby inadvertently regurgitated their private data across the world: Dow Jones; a bipartisan duo including the Democratic National Committee (DNC) and the Republican National Committee (RNC); and Time Warner Cable – to name just a few.
In fact, back in 2017, security vendor Threat Stack conducted a survey of 200 AWS users in early 2017 and found that 73% left SSH open to the public, and 62% weren’t using two-factor authentication (2FA) to secure access to their data.
Amazon took a proactive step by scanning its customers’ S3 buckets and sending warnings when it found spillage, reaching out to customers with bad security before crooks had a chance to.
It doesn’t have to be this way. There’s help out there for organizations that can take a deep breath, step away from their servers, and plunge in to learn how to better secure them: Amazon has an FAQ about how to access AWS Simple Storage Service (S3) controls and encryption.
The post Data about inmates and jail staff spilled by leaky prison app – Naked Security appeared first on National Cyber Security.
View full post on National Cyber Security
#nationalcybersecuritymonth | Bank of England audio leak followed loss of key cybersecurity staff | Business
Source: National Cyber Security – Produced By Gregory Evans The Bank of England restructured its security department and lost multiple senior employees in charge of protecting some of Britain’s most critical financial infrastructure shortly before it suffered a major breach, the Observer can reveal. After the central bank admitted that hedge funds had gained early […] View full post on AmIHackerProof.com
Due to increased threats of an online security breach, the performance of IT staff requires a comprehensive optimization for reinforcing cyber security measures.
According to a Cybersecurity Ventures report, cyber security jobs forecasts haven’t been able to keep up with the massive rise in cybercrime, which is estimated to reach global costs of $6 trillion per year by 2021. In other words, the lack of quality cyber protection leaves corporations, and society in general, vulnerable to cyber-attacks.
However, it’s not only the employee shortage that is the problem. More and more employees use the most convenient nearby tools in order to reduce their labor. This includes applying unmanaged devices for implementing traditional safety measures that are frequently proven to be an ineffective approach to data protection.
So what is the best solution for enhancing cyber security and still managing to reduce the long hours and efforts of the IT department?
Cyber Security Jobs Deficiency
In order to correctly address the lack cyber security staff, CIOs and CISOs should consider opening this position to every IT member within the organization. Businesses need to tackle this issue as a collective and appoint every technician to the protection of sensitive data, technology solutions, applications, and consumers.
The corporate culture has to experience productive changes, so it’s a CIOs and CISOs duty to assure that every employee is aware of the situation and potential threats they might encounter. Whether they need to be informed of phishing emails, password protection and sharing, or using unsafe networks, new policies regarding cyber security have to be adopted.
Let’s not also forget that cyber criminals are getting smarter, as they look for new ways to access the information. Thus, creating awareness of online hazards should be a constant practice to reduce the risks they carry.
Therefore, each IT support specialist and manager, including network technicians, administrators, web developers, and so on need to know the threat they are facing. Of course, it would be favorable that the IT workforce already possess some level of cyber security knowledge. However, that doesn’t mean that they can’t learn the subject and become more proficient.
In fact, one way to deal with cyber security staff shortage is by presenting a career opportunity advancement to current employees. Businesses should organize training in cyber security and use it as a valuable step toward online safety.
The second option to reduce this flaw is by making a clear statement in job opening posts that experienced employees or employees with some previous experience in cyber security have an advantage. After all, the world is about to suffer a major revenue loss of an entire $2 trillion by 2019 due to high cyber risks, not to mention the previous projected global costs of $500 billion in 2015.
Cyber Security Training & Awareness Initiative Development
Business owners need to rethink their cyber security strategy as soon as possible. They need to talk with their employees, raise the risk awareness, and establish some ground rules for everyone to follow. Since this initiative should be comprehensive, use several methods and approaches to ensure that the employees understand new policies such as:
- Classifying and Handling Information. Data need to be encrypted and password protected. Password sharing shouldn’t be allowed.
- Anti-Virus System. The organization requires a quality and licensed anti-virus software that should be used by all employees on a regular basis for scanning every new piece of information like documentation and files.
- Backup Always. Every responsible and reputable organization has to have a secure computer backup system. The same applies for employees, as they should perform a backup at least once a week.
- The Use of the internet. Employees need to be advised that the use of the internet is monitored, and that they shouldn’t be opening malicious web pages or downloading unlicensed tools.
- Email Security. Staff mustn’t open chain letters, advertising campaign materials, and any other emails that are not business-related.
- Network Management. Only authorized users may access the network.
- Third-Party Confidentiality. Confidential information and training materials should not be released to a third-party without a signed confidentiality agreement.
That being said, there is one more thing to take care of apart from the awareness program. That’s right, we are talking about employee training, because “Training and educating employees to remain secure is key.”
If your employees understand that they could potentially endanger the business by accessing confidential data and are given proper training that could lead to better job positions, the company could prosper in cyber security. Otherwise, they are left vulnerable to online vultures, just like the rest of us.
So let the primary goal be implementing a safer and educated company culture with a clear understanding of the benefits and expected results. But first, businesses need to note to what extent security influences the entire scope of their operations, including products and services.
While most establishments do provide cloud-based or on-premises training, that might not be enough to stay safe. This approach requires the proper tools and technology investments as well, because that’s the only adequate manner to meet the demands of cyber security programs.
There is no way around it, the worldwide organizations need to act fast if they want to remain protected from cyber-attacks. And their options lead to better employee training, raising cyber-bullying awareness, and investing in quality technological solutions. Only by attacking the issues from all fronts can we manage to escape the risks of a security breach and personal information leakage.
The post Why Your #IT Staff Must be #Trained in #Cyber Security #Measures appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ Source: National Cyber Security – Produced By Gregory Evans Sales and marketing staff could be a back door to cyber criminals, according to one of the world’s most notorious computer hackers. …
The post STAFF ARE ‘BACKDOOR TO HACKERS’ WARNS FORMER FBI MOST-WANTED appeared first on Become007.com.
View full post on Become007.com
A 15-year-old Park High School student was arrested for assault and other charges for allegedly shoving, punching and biting school staff who had responded to a possible gang-related fight last week.
The Cottage Grove teen ran from Park staff and police after the Feb. 22 cafeteria fight, but stopped when he saw an officer brandish a stun gun, according to the police report.
An assistant principal and at least two other staff members reported suffering minor injuries as they tried to break up the fight and apprehend the aggressor. Park went into temporary lockdown during the incident as a safety precaution for students and staff, the report indicated, and staff tried to close the cafeteria to contain the fighting students.
The post Teen arrested in fight that injured Park High School staff appeared first on Parent Security Online.
View full post on Parent Security Online
WASHINGTON — At a time of increasing threats of cyberattacks on critical infrastructure, the Department of Homeland Security is having trouble recruiting much-needed computer experts because it cannot match the pay of the private sector and does not have the same allure as intelligence agencies. Recent disclosures that Iranian hackers with ties to the government in Tehran had launched a cyberattack against a dam in New York highlighted the need for the department, which is charged with protecting government and private systems from cyberintrusions, to have a staff capable of responding to sophisticated enemies. “We are competing in a tough marketplace against a private sector that is in a position to offer a lot more money,” Jeh Johnson, the Homeland Security secretary, told senators at a hearing last month. “We need more cybertalent without a doubt in D.H.S., in the federal government, and we are not where we should be right now, that is without a doubt.” Concern about the potential for cyberattacks on infrastructure was heightened after a Dec. 23 hack of the Ukrainian power grid that caused a blackout for 225,000 customers. The department, which helped Ukrainian officials investigate the case, confirmed that it was a cyberattack. But […]
The post Homeland Security Dept. Can Not Combat Cyberattacks As They Struggles to Hire Staff appeared first on National Cyber Security.
View full post on National Cyber Security
hacker proof, #hackerproof
The post Homeland Security Dept. Can Not Combat Cyberattacks As They Struggles to Hire Staff appeared first on AmIHackerProof.com.
View full post on AmIHackerProof.com
All four were sacked, while another member of staff was fired for transporting 173kg of marijuana in an official vehicle.
The five cases happened between 1 July 2014 and 30 June 2015, the report said.
The UN report does not include information on any criminal charges brought against the former staff.
The four staff sacked for possession of child pornography were dismissed under “misuse of United Nations information and communications technology”, the report said.
The report details disciplinary actions for misconduct and criminal behaviour involving the UN secretariat’s 41,000 staff. It does not specify where the former staff were stationed, or when they were dismissed.
View full post on Parent Security Online
UK sales staff are the most likely to suffer a cyber attack, according to a new report from Intel Security, cited by Computer Business Review. Their frequent online contact with non-staff members makes companies’ sales teams more vulnerable to online attacks than other workers or even the company chief technology officer (CTO). Call centre and customer services teams are next in line for attack, said the report. Even so, companies are failing to provide security training to non-technical staff, claims Intel Security. More than half (51%) of UK companies do not provide their sales staff with IT security training, despite the risks. Meanwhile, one in ten UK companies are failing to provide any of their staff with mandatory online security training. This is the highest rate across Europe. At the same time, the researchers noted a rise in the number of untrained staff clicking on dangerous links and unwittingly exposing their organisation to a browser attack. The number of suspect URLs soared 87% between 2013 and 2014. Advanced stealth attacks (which disguise themselves to sneak into company networks) are also on the rise – Intel Security uncovered 387 new threats every minute. Browser attacks, along with network abuse, stealthy attacks, […]
For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com
The post Cyber criminals are most likely to go after your sales staff appeared first on National Cyber Security.
View full post on National Cyber Security