three

now browsing by tag

 
 

#deepweb | Iditarod Teams Yet To Reach Nome Face Overflow, Three Mushers and Their Dogs Rescued – KNOM Radio Mission

Source: National Cyber Security – Produced By Gregory Evans

Earlier today Sean Underwood, Tom Knolmayer, and Matthew Failor requested assistance from race staff after they went through a section of trail with deep overflow from the Solomon River, outside of Nome.

According to Chas St. George, COO of Iditarod, the incident
occurred sometime last night, but the group of teams didn’t activate their
emergency beacons until about 9am this morning.

“Once that was set off, we immediately tried to find out exactly what was happening out there and that led us to realize, a few texts were exchanged and that led us to realize we needed to get in there and get them out of the situation they were in.”

A minimal statement from the Iditarod says Underwood, Knolmayer, and Failor were rescued by helicopter from a section of trail outside of Safety Roadhouse. Safety is the final checkpoint in the 1,000 mile race, which mushers normally cruise through before finishing in Nome. Local Search and Rescue officials confirm the three men were rescued by air guard and brought into town around 1pm.

The mushers were checked into Norton Sound Regional Hospital in Nome and evaluated for precautionary measures. As far as St. George knows, Underwood, Knolmayer, and Failor are doing fine.

“From our periphery they’re okay, and that’s what counts. And also of course, again, the dogs who are first and foremost in this whole equation are doing just fine as well. So everybody should be reunited in Nome in the not too distant future.”

The COO says the plan is to keep the three dog teams,
totaling 28 four-legged athletes, at Safety Roadhouse until Iditarod staff can determine
if they will snowmachine the dogs to Nome or transport them by some other
means.

With temperatures warming up to the mid-30s, melting snow, and high winds in the Nome area within the last 24 hours, water overflow is expected to linger near Safety and even closer to Nome’s shoreline.

Iditarod musher Tim Pappas navigates his team and sled through a strip of overflow just outside of Nome on Thursday afternoon. Photo from JoJo Phillips, KNOM (2020)

According to St. George, the Iditarod will reroute the existing
trail so the last 11 teams, who are all currently resting in Elim, can avoid this
dangerous area.

“We’re actually going to put in a trail that’s just adjacent to the trail that exists already. That looks like there is no overflow in that area, and we’re just going to bypass it basically. That will be done well before the next wave of mushers head up the trail.”

Each of the latest four Iditarod teams to finish in Nome yesterday afternoon told KNOM about their struggles going through other ledes of open water during their run in from Safety to the finish line. So far, 23 out of 37 remaining teams have completed this year’s Iditarod race.

One particularly challenging are of overflow is located at the bottom of a local snow ramp, which mushers use to access Front street and cross into the city for their race-finish in Nome. Iditarod staff have since setup an alternate overland section of trail that avoids that area.

KNOM’s JoJo Phillips also contributed to this report.

Source link
——————————————————————————————————

The post #deepweb | <p> Iditarod Teams Yet To Reach Nome Face Overflow, Three Mushers and Their Dogs Rescued – KNOM Radio Mission <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Three Different Ways Teens Can Get Phished

Source: National Cyber Security – Produced By Gregory Evans

Teens like myself always expect to know everything about what happens on the Internet, ignoring the possible risks because, of course, there can’t be any risks if we’ve got everything under control, right? Well, wrong. Even though we think that we know who we can trust and what is safe (or not), phishers know exactly how to imitate that, becoming a very real hazard to us.

A while back, as part of a Hacker Highschool project, I presented a PowerPoint to my class about phishing, so I have some knowledge about the subject and am aware of the dangers involved. Before that, I didn’t really know all that much about it, but neither did my classmates.

I used to think phishing only appeared in fishy emails or websites that told me that I had won a trip to the Maldives, but after my research I found out that nowadays phishing techniques can be hidden anywhere and it surprised me how innocent and uninformed I was in the past.

Phishing Tactic #1 Copying a Reliable App

While I was presenting to my classmates, I showed them two pictures side by side. The first picture was a screenshot of one of those fake scammy websites and the other one was a link for the login information to retrieve their Instagram password. I told them to observe them both and tell me which one would seem more dangerous if they encountered them online. The first picture was the more obviously suspicious option. When I told them that both options were equally risky a few jaws dropped.

The fact that a phisher could imitate exactly what the login information page looked like was a shock to my schoolmates and, to be fair, to me too.

After informing them of the dangers of both websites, I asked them why they thought that the first one was risky but the second one was safe. One person told me that it was because they were used to seeing those typical fishy websites send fake or risky news and on the other hand, they had never seen something so legitimate-looking turn out to be a trap. I couldn’t have agreed more, primarily because we all consider Instagram to be a really trustworthy app, so if we get an email that looks like it came from them, most teens wouldn’t bother making sure if it’s real or not. On top of that, from time to time Instagram does send us emails, so receiving one from them wouldn’t even be considered strange.

Another case of using a reliable app for phishing teens happened a couple of years ago, also with Instagram. Many apps and websites were promising to fill your account with followers, likes and comments in a matter of minutes. Although I personally wasn’t interested, many of my friends and other teens were, and they gave away passwords and accounts for it.

Of course, there were a few apps that actually did work, but a few others just kept their account information and never fulfilled their promise. None of my friends that did it seemed to have any issues until someone started posting all sorts of spam and links on their accounts.

Phishing Tactic #2 Through Fake “Rewards” for Videogames

Like I mentioned before, the promise of rewards like winning a trip to the Maldives or a new phone don’t really work on most teens because we are sophisticated enough to know these are scams, but phishers do occasionally pull one over even on the most jaded teen.

A while back, many people played the game Episode and would spend lots of money on gems and tickets, which made the game more fun. Phishers knew this, and around 2016 many videos were uploaded to YouTube claiming that there was a website that could hack the game for you and get you unlimited free gems and tickets. Supposedly this was safe and perfectly legal.

Even though now I can see that it’s clearly illegal to hack an app, and quite impossible with our knowledge, thousands of teens – some of them were my friends and I – clicked on the link with hopes of gaining unlimited supplies of goodies.

Once I clicked on the link, I remember seeing on the side of the screen a very extensive list of people that apparently already got thousands of gems for the day. This was exciting until I learned the hard way that they were just bots. Long story short, the web page wasn’t the miracle we were all waiting for, but a big phishing trap instead. It was one of those cases of “too good to be true.”

To get all these “free” gems and tickets you were asked to give them lots of personal information – name, where you live, etc. – and then you had to go through a “human verification” process in which you had to answer a ton of personal questions to just end up in the home page all over again with no access to freebies. Luckily, I never put any personal information on there due to the fact that I wanted to go through it fast, so I just put whatever I came up with at the moment.

Long story short, phishers can easily take advantage of teens by exploiting their desire for free items for their favorite games. Certainly this could catch out adults too, but several studies demonstrated that teens and young adults are far more likely not to exercise caution and fall for trips like this, especially because we have this unrealistic sense of what is trustworthy and what isn’t.

Phishing Tactic #3 The Fake Email

Here we’re talking about something different from the Instagram scam I mentioned above. When I was presenting to my classmates, I asked them to explain to me how they would differentiate an email or a message from a friend from an email sent by a phisher pretending to be a friend. Everyone’s response was pretty similar: they could tell easily just by how they talk, what expressions they use and even how they type. But a phisher determined to access your online info would study all of these things beforehand, so just by letting our gut tell us if it’s our friend or not is what gets us in the trap in the first place.

I also asked my classmates how they would identify if a person is real and has genuine intentions about what they’re asking for or if it’s a phisher, because it’s one thing to try to recognize a friend, but recognizing a stranger who is genuine is something else. When asking this question I didn’t really get clear responses; some said to see if the email address looked safe or if there was a web page linked to it that could feel fishy, but again, no real response there. I realized my classmates’ approach to a phisher would purely be by feelings and trust, two factors that could be easily manipulated by the phisher themselves.

I got an email once that said that I had activity on my Google account that wasn’t mine and that I had about thirty minutes to regain control of my account. To regain it, I had to click on a link and enter my username and password. My initial reaction was to freak out and to do it before the timer ended, but luckily enough I remembered that phishing techniques love to use pressure, and that Google wouldn’t make me rush to type in a new password.

Just because I was lucky enough to not fall into that trap doesn’t mean other teens wouldn’t have.

So basically, using a fake email most definitely is a good way to get teens to give all sorts of information to the phisher, just because we prefer to trust our gut rather than using actual research on the cause.

In conclusion, several studies have demonstrated how crucial it is to protect teens from phishers, just because we’re the most vulnerable age group to fall in their traps.

Although I consider myself lucky, because thanks to the Hacker Highschool project I had to do, I learned a lot about their tactics and have been able to be extra careful when being online, and on top of that my parents have always warned me to be cautious.

I think it’s important for parents to let their teens know that phishers can pretend to be anything or anyone they want, including family members or close friends. Even if this might sound obvious to the more informed adults, it’s really shocking for most of us teens because we think it’ll only happen in movies, when in reality, it can happen to us. 

Source link

The post #cybersecurity | #hackerspace |<p> Three Different Ways Teens Can Get Phished <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | Only three of the Top 100 international airports pass basic security checks

Source: National Cyber Security – Produced By Gregory Evans Image via Eduardo Cano Photo Co. Only three of the world’s Top 100 international airports pass basic security checks, according to a report published last week by cyber-security firm ImmuniWeb. The three are the Amsterdam Schiphol Airport in the Netherlands, the Helsinki Vantaa Airport in Finland, […] View full post on AmIHackerProof.com

#deepweb | Opinion: Three Spurs players who were far from their best against Man City – Spurs Web

Source: National Cyber Security – Produced By Gregory Evans Tottenham Hotspur recorded a famous 2-0 win over Man City this afternoon in the Premier League, leapfrogging up to fifth in the table. Goals from Steven Bergwijn and Heung-min Son sealed a delightful win and clean sheet for the Lilywhites against the current champions. However, a […] View full post on AmIHackerProof.com

#cybersecurity | hacker | Samba issues patches for three vulnerabilities

Source: National Cyber Security – Produced By Gregory Evans

Samba
released security updates patching three issues CVE-2019-14902, CVE-2019-14907,
and CVE-2019-19344.

The medium-rated
CVE-2019-14902 fixes a problem where a newly delegated right, but more
importantly the removal of a previously delegated right, would not be inherited
on any domain controller other than the one where the change was made. This
means if a user had been delegated the right to make alterations to a subtree,
such as changing passwords, and that right was then rescinded, that move would
not automatically be taken away on all domain controllers.

The patch
fixes this issue, but Samba noted, “it
is vital that a full-sync be done TO each Domain Controller to ensure each ACL
(ntSecurityDescriptor) is re-calculated on the whole set of DCs.”

CVE-2019-14907,
medium rated, can allow a crash after failed character conversion at log level
three or higher affecting Samba 4.0 and later. In the Samba Active Directory
Domain Controller this may cause a long-lived process to terminate.

The final
issue, CVE-2019-19344,
covers a use after free issue during DNS zone scavenging in Samba Active
Directory Domain Controller in versions 4.9 and later. When Samba 4.9 was
rolled out it contained an off by default feature to tombstone dynamically
created DNS records that had reached their expiration point. There is a
use-after-free issue in this code that if the proper conditions exist save that
read memory into the database.

Patches for
all three issues have been posted.

Original Source link

The post #cybersecurity | hacker | Samba issues patches for three vulnerabilities appeared first on National Cyber Security.

View full post on National Cyber Security

#nationalcybersecuritymonth | DCC UK second-gen smart meter network passes three million mark

Source: National Cyber Security – Produced By Gregory Evans Smart DCC, the licence-holder building and managing the secure national infrastructure that underpins the roll-out of smart meters across the UK, has passed a milestone in its network capability, with the three millionth second-generation smart meter (SMETS2) attached to its smart network. The Capita subsidiary was […] View full post on AmIHackerProof.com

“Three in four” #councils do not #provide #mandatory #cyber security #training

Source: National Cyber Security News

Three in four local authorities do not provide mandatory cyber security training to their staff, Big Brother Watch has revealed, despite human error being a significant factor in most data breaches.

The privacy campaigners behind the research said they were concerned by their findings given the rapid accumulation of personal data by councils across the country.

The report revealed that more than a quarter of councils (114) have had their computer systems breached in the past five years and that 25 had experienced a breach that resulted in a loss of data.

More than half of those hit by a breach did not report it, the report found. However, the Freedom of Information results used to gather the data did not reveal how many of those breaches affected personal information.

Organisation are not legally required to report data breaches, but the Information Commissioner’s Office urges them to do so anyway. When GDPR comes into force in late May, firms could face significant fines if they fail to.

Jennifer Krueckeberg, lead researcher at Big Brother Watch, said she was shocked to discover that the majority of councils’ data breaches go unreported and that staff often lack basic training in cyber security.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Top #Three #Health Care #Cybersecurity #Threats for 2018

Source: National Cyber Security – Produced By Gregory Evans

The medical field has undergone massive digitization in recent years with the emergence of interconnected medical devices and the broader exchange of health care information. In less than a decade, nearly all hospitals and physician offices have adopted electronic health record (EHR) systems.[i] But the adoption and investment related to cybersecurity has been slow. According to the Health Care Industry Cybersecurity Task Force, “a majority of the health care sector made financial investments in cybersecurity only in the last five years.”[ii] This expansion of digitizing critical information without an investment in cybersecurity has, in large part, led to the current environment where health care providers are easy targets for attackers. In a 2017 report, the American Medical Association found that 8 out of 10 physicians had experienced a cyberattack in practice.[iii]

In fact, 2017 introduced some of the largest and most widespread cybersecurity attacks in recent memory. The health care industry was shown to be particularly vulnerable to these threats. In 2018, health care providers should be on the watch for the following threats and should take efforts to protect against them.

Ransomware will Continue to Plague Providers
Ransomware is malware that exploits vulnerabilities in a system to encrypt or remove access from the information contained on the system. The infected system displays a message informing users that their data will not be released unless they pay the demanded ransom. Industries where access to information is critical to providing services—such as health care–are particularly targeted by such attacks.

Health care providers will remember 2017 as the year of large ransomware attacks, starting with the WannaCry ransomware attack, which spread to over 150 countries and infected more than 400,000 machines in just two days.[iv] The United Kingdom’s National Health Service was hit hardest by this attack, causing it to cancel nearly 7,000 appointments – including operations – as a direct result of the attack.[v] Hospitals here in the U.S. were also affected by this attack, including medical devices such as Bayer’s MedRad device that assists in MRI scans.[vi] WannaCry was followed by another global ransomware attack in June 2017 known as NotPetya. Several hospital systems and other health care entities were impacted by this attack, including Merck, one the U.S.’s largest pharmaceutical manufacturers.[vii] Health care providers can expect to see more of the same in 2018, as neither their vulnerabilities nor their mitigation efforts have drastically changed.

Targeting of Connected Medical Devices
The potential vulnerabilities in medical devices have long been on the radar. Successful hacks dating back to 2011 have affected a variety of medical devices, ranging from insulin pumps to pacemakers.[viii] Medical devices connected to a broader computer network have been used as easy access points for attackers to gain unauthorized entry to the network. In 2013, the Department for Homeland Security (DHS) issued a warning that 300 medical devices tested for cybersecurity vulnerabilities all failed to meet minimum standards.[ix] This warning spurred the Food and Drug Administration (FDA) to issue recalls due to cybersecurity vulnerabilities and, in 2016, to issue cybersecurity guidance for medical devices.[x] This year, Congress took notice, and the Medical Device Cybersecurity Act of 2017 was introduced.[xi] Although the bill failed to pass, by all indications regulatory and legislative actions seeking to address this concern will continue in 2018.

In the meantime, medical devices remain extremely vulnerable. Unlike other devices that receive multiple and frequently automatic updates that may protect against certain security holes, medical device manufacturers remain slow to update their products, and the process for implementing updates may be less user friendly. Further, the fact that hospitals and similar health care entities “typically have 300-400% more medical equipment than IT devices”[xii] provides more possible targets for hackers seeking access to a provider’s networks.

Falsification of Electronic Medical Records
As an increasing number of providers deploy certain protections (backups, frequent updates, etc.) against ransomware and refuse to pay the demanded ransoms, cybercriminals undoubtedly will turn to other methods that could increase the potential harm to providers and lead to higher ransom payments. One change we may see in 2018 is the possibility that hackers, instead of making data within a medical record unavailable or encrypted, will simply change the stored data so that it is inaccurate.[xiii] If providers have no way of knowing what information in the medical record is accurate, substantial liability may arise from issuing a contraindicated prescription, amputating the incorrect leg, or being falsely alerted that a patient has flatlined. The possibility that these attacks could even more directly threaten life or safety of patients presents an opportunity for attackers to exploit and profit from ransom demands at a greater degree.

These three potential areas of cybersecurity concern, along with many others (such as mobile device and vendor security), will continue to trouble providers in 2018. As we head into the new year, health care entities should take steps to protect their information systems, the medical information they create, and the patients they serve.

The post Top #Three #Health Care #Cybersecurity #Threats for 2018 appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Three #Steps To #Protect Your #Network From #Hackers

Three #Steps To #Protect Your #Network From #HackersSource: National Cyber Security – Produced By Gregory Evans According to a recent Technology, Media and Telecom Risk Index, c-level executives voted cyberattacks/hijacks as the fourth most pressing risk to their business. A perfect storm of legacy systems, complex hybrid networks, and the influx of data traffic is exposing vulnerabilities for hackers to not only […] View full post on AmIHackerProof.com | Can You Be Hacked?

Three out of five #Americans concerned #hackers could #spy on them via their #webcam

Source: National Cyber Security – Produced By Gregory Evans

Three out of five Americans concerned hackers could spy on them via their webcam

Avast solutions help users control who can access their webcam to prevent unwanted spying.

In October, we conducted an online survey around webcam security awareness and found that 61% of Americans are concerned hackers could spy on them through their computer’s camera.

They have every reason to be concerned.

Tools that can hack a computer’s webcam are available on the regular web, as well as the darknet, in some cases even for free. Although many computers come with a light that indicates the webcam has been activated, tools can circumvent the light from being triggered.

The survey reveals that Americans are more aware that hackers can spy on them without activating their webcam’s indicator light compared to the global results. Globally, two in every five (40%) respondents are unaware of the threat, while two-thirds of Americans claim they know of the possibility.

Many people, like former FBI Director, James Comey, and Facebook CEO, Mark Zuckerburg, cover their webcam to prevent unwanted spies from watching them. However, despite concerns being high, only 52 percent of Americans have physically covered up their computer’s webcam.

Covering webcams is a good start, but can be an inconvenience if you frequently need to use your webcam. We at Avast understand this inconvenience, which is why we give our users complete control over who can use their camera, without having to physically cover it up. – Ondrej Vlcek, CTO of Avast

Avast’s new feature, Avast Webcam Shield, which comes with Avast Premier, ends webcam spying for good by blocking malware and untrusted apps from hijacking webcams. Furthermore, users have the option of forcing all apps to ask their permission before they can access the computer’s webcam. The same feature is offered in AVG Internet Security, under a different name, Webcam Protection.

Source:

The post Three out of five #Americans concerned #hackers could #spy on them via their #webcam appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures