now browsing by tag


#hacking | Online tools help consumers protect against Magecart

Source: National Cyber Security – Produced By Gregory Evans Trustwave researchers outline free card skimmer detection techniques Online shoppers and merchants can detect whether websites are infected by Magecart with easy to use techniques provided from researchers at Trustwave. In a blog post published yesterday (December 19), security researcher Michael Yuen outlined how to determine […] View full post on

#cybersecurity | #hackerspace | How HIPAA-Compliant Communication Tools Can Prepare Home Healthcare for PDGM

Source: National Cyber Security – Produced By Gregory Evans The new home healthcare Patient-Driven Groupings Model (PDGM) released by the Center for Medicare & Medicaid Services (CMS) goes into effect after January 1, 2020. With it, payment periods will be cut in half and therapy volume will no longer be considered when determining home health […] View full post on

#cybersecurity | #hackerspace | Derbycon2019, Michael Fowl’s & Nick Defoe’s ‘Old Tools, New Tricks: Hacking WebSockets’

Source: National Cyber Security – Produced By Gregory Evans

Many Thanks to Adrian Crenshaw (Irongeek), and his Videographer Colleagues for Sharing His and Their Outstanding Videos Of This Last And Important DerbyCon 2019.
Visit Irongeek for additional production credits and important information. Subscribe to Irongeek’s content, and provide Patreon support as well.


The post Derbycon2019, Michael Fowl’s & Nick Defoe’s ‘Old Tools, New Tricks: Hacking WebSockets’ appeared first on Security Boulevard.

Source link

The post #cybersecurity | #hackerspace |<p> Derbycon2019, Michael Fowl’s & Nick Defoe’s ‘Old Tools, New Tricks: Hacking WebSockets’ <p> appeared first on National Cyber Security.

View full post on National Cyber Security

How Facebook’s Anti-Revenge Porn Tools Failed Katie Hill

Source: National Cyber Security – Produced By Gregory Evans

Twitter declined to provide any comment, and instead pointed me to the company’s nonconsensual nudity policy. The original tweet—nude photo, shortened link, and all—remains online, with 1,500 retweets and 2,300 likes.

“What we know about the viral nature of especially salacious material is that by the time you take it down three days, four days, five days after the fact, it’s too late.”

Mary Anne Franks, Cyber Civil Rights Initiative

The photos will indelibly remain on the rest of the internet, too. Once they were published by RedState and, they seeped across networks and platforms and forums as people republished the images or turned them into memes or used them as the backdrop for their YouTube show. (After I contacted YouTube about some examples of the latter, it removed the videos for violating the site’s policy on harassment and bullying.)

It’s one of the many brutal aftershocks that this kind of privacy violation forces victims to endure.

“You can encourage these companies to do the right thing and to have policies in place and resources dedicated to taking down those kind of materials,” says Mary Anne Franks. “But what we know about the viral nature of especially salacious material is that by the time you take it down three days, four days, five days after the fact, it’s too late. So it may come down from a certain platform, but it’s not going to come down from the internet.”

Using AI to Fight Back

Two days after Katie Hill announced she was stepping down from office, Facebook published a post titled “Making Facebook a Safer, More Welcoming Place for Women.” The post, which had no byline, highlighted the company’s use of “cutting-edge technology” to detect nonconsensual porn, and to even block it from being posted in the first place.

Facebook has implemented increasingly aggressive tactics to combat nonconsensual porn since 2017, when investigations revealed that thousands of current and former servicemen in a private group called Marines United were sharing photos of women without their knowledge. Facebook quickly shut down the group, but new ones kept popping up to replace it. Perhaps sensing a pattern, after a few weeks Facebook announced that it would institute photo-matching technology to prevent people from re-uploading images after they’ve been reported and removed. Similar technologies are used to block child pornography or terrorist content, by generating a unique signature, or hash, from an image’s data, and comparing that to a database of flagged material.

Later that year, Facebook piloted a program in which anyone could securely share their nude photos with Facebook to preemptively hash and automatically block. At the time, the proposal was met with some incredulity, but the company says it received positive feedback from victims and announced the program’s expansion in March. The same day, Facebook also said that it would deploy machine learning and artificial intelligence to proactively detect near-nude images being shared without permission, which could help protect people who aren’t aware their photos leaked or aren’t able to report it. (Facebook’s policy against nonconsensual porn extends to outside links where photos are published, but a spokesperson says that those instances usually have to be reported and reviewed first.) The company now has a team of about 25 dedicated to the problem, according to a report by NBC News published Monday.

“They have been doing a lot of innovative work in this space,” Mary Anne Franks says. Her advocacy group for nonconsensual porn victims, the Cyber Civil Rights Initiative, has worked with many tech companies, including Facebook and Twitter, on their policies.

Facebook will also sometimes take the initiative to manually seek out and take down violating posts. This tactic is usually reserved for terrorist content, but a Facebook spokesperson said that after Hill’s photos were published, the company proactively hashed the images on both Facebook and Instagram.

Keep Reading

Hashing and machine learning can be effective gatekeepers, but they aren’t totally foolproof. Facebook has already been using AI to automatically flag and remove another set of violations, pornography and adult nudity, for over a year. In its latest transparency report, released Wednesday, the company announced that over the last two quarters, it flagged over 98 percent of content in that category before users reported it. Facebook says it took action on 30.3 million pieces of content in Q3, which means nearly 30 million of those were removed automatically.

Still, at Facebook’s scale, that also means almost half a million instances aren’t detected by algorithms before they get reported (and these reports can’t capture how much content doesn’t get flagged automatically or reported by users). And again, that’s for consensual porn and nudity. It’s impossible to say whether Facebook’s AI is more or less proactive when it comes to nonconsensual porn. According to NBC News, the company receives around half a million reports per month. Facebook does not share data about the number or rate of takedowns for that specific violation.

The Original Source For This Story: Source link

The post How Facebook’s Anti-Revenge Porn Tools Failed Katie Hill appeared first on National Cyber Security.

View full post on National Cyber Security

4 Best Free Online Security Tools for SMEs in 2020

Source: National Cyber Security – Produced By Gregory Evans Cyberattacks on small and midsized companies in 2019 cost $200,000 per company on average, mercilessly putting many of them out of business, says CNBC in its analysis of a recent Accenture report. In light of the global cybersecurity skills shortage, the number is set to soar […] View full post on

New York offers free #cyber #security #tools to #public to deter #hackers

New York City will offer free cyber security tools to the public as part of a new effort to improve online safety, officials said on Thursday, a week after Atlanta was hit with a ransomware attack that knocked some municipal systems offline.

The program, dubbed NYC Secure, will launch a free smartphone protection app to warn users when suspicious activity is detected on their devices, New York Mayor Bill de Blasio announced at a news conference.

“New Yorkers aren’t safe online. We can’t wait around for other levels of government to do something about it or the private sector,” New York Mayor Bill de Blasio said.

The program will cost the city about $5 million per year, he said.

“It’s our job in government to make sure that people are safe online. It’s a new reality,” de Blasio said.

City agencies will also beef up security protection on public Wi-Fi networks by the end of the year to protect residents, workers and visitors.

Those networks will be secured with a tool, dubbed Quad9, that is available to anybody in New York City and beyond at Quad9 routes a user’s web traffic through servers that identify and block malicious sites and email.

NYC Secure was unveiled as Atlanta officials worked alongside federal law enforcement and technicians from private security firms to investigate the cause of the attack that encrypted data on computers.

Atlanta City Council President Felicia Moore said she was waiting to hear more about how the hackers breached city networks, the scope of the attack and when city services would be fully operational.

“Everybody in the public wants to know. I want to know, too,” Moore said at a news conference. “But I do think that we need to give them an opportunity to get the information.”

Atlanta on Thursday reactivated a website that allows residents to make requests for trash pickup, report traffic signal outages and ask for other public works-related services.

Municipal court services remained offline on Thursday and City Hall employees told Reuters their work computers were still unusable a week after the hack was detected.


The post New York offers free #cyber #security #tools to #public to deter #hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

The #FBI Used #Classified #Hacking #Tools in Ordinary #Criminal #Investigations

The FBI’s Remote Operations Unit (ROU), tasked with hacking into computers and phones, is one of the Bureau’s most elusive departments. But a recent report from the Office of the Inspector General (OIG) for the Department of Justice has now publicly acknowledged the unit’s existence seemingly for the first time. The report also revealed that the ROU has used classified hacking tools—techniques typically reserved for intelligence purposes—in ordinary criminal investigations, possibly denying defendants the chance to scrutinize evidence, as well as destabilizing prosecutors’ cases against suspects.

“Using classified tools in criminal cases is risky for all sides,” Ahmed Ghappour, associate professor of law at Boston University School of Law, and who has researched law enforcement hacking extensively, told Motherboard in a Twitter message.

The ROU is part of the FBI’s Operational Technology Division (OTD), which handles the Bureau’s more technical surveillance methods. The OIG’s report says ROU “provides computer network exploitation capabilities” and has “engineers and vendors who attempt to develop techniques that can exploit mobile devices.” A previous Wall Street Journal report said the FBI can use malware to remotely activate microphones on Android devices.

In 2013, then American Civil Liberties Union (ACLU) principal technologist Chris Soghoian uncovered ROU’s existence by piecing together LinkedIn profiles and sections of documents released through the Freedom of Information Act. Soghoian found that an Eric Chuang heads the ROU, and it appears Chuang is still leading the unit now—the OIG report mentions the current head became chief in 2010.

While most of the OIG’s new report focuses on how the FBI did not fully explore its technical options for accessing the iPhone of one of the San Bernardino terrorists in 2016, several sections shine more light on the ROU, and how they are using their hacking tools. One mentions the ROU chief, based on long standing policy, sees a “line in the sand” against using national security tools in criminal cases—this was why the ROU initially did not get involved at all with finding a solution to unlocking the San Bernardino iPhone. Indeed, it’s important to remember that as well as a law enforcement agency, the FBI also acts as an intelligence body, gathering information that may be used to protect the country, rather than bring formal charges against suspects.

But that line can be crossed with approval of the Deputy Attorney General to use the more sensitive techniques in ordinary investigations, the report adds.

“The ROU Chief was aware of two instances in which the FBI invoked these procedures,” a footnote in the report reads. In other words, although it seemingly only happened twice, the FBI has asked for permission to use classified hacking techniques in a criminal case.

It’s not clear which two cases the ROU Chief is referring to. However, the FBI previously deployed a Tor Browser exploit to over 8,000 computers around the world, including some in China, Russia, and Iran, based on one, legally contentious warrant. At the time of the operation in February 2015, the tool was unclassified. But as Motherboard found using court records, the following year the FBI moved to classify the exploit itself for reasons of national security, despite the case being a criminal child pornography investigation.

Motherboard’s recent investigation into the exploit industry found that an Australia-based company called Azimuth Security, along with its partner Linchpin Labs, has provided exploits to the FBI, including one for breaking through the Tor Browser.

Using classified tools in a criminal investigation may pose issues for both prosecutors and defendants. If the FBI used a classified technique to identify a suspect, does the suspect find out, and have a chance to question the legality of the search used against them?

“When hacking tools are classified, reliance on them in regular criminal investigations is likely to severely undermine a defendant’s constitutional rights by complicating discovery into and confrontation of their details,” Brett Kaufman, a staff attorney at the ACLU, told Motherboard in an email. “If hacking tools are used at all, the government should seek a warrant to employ them, and it must fully disclose to a judge sufficient information, in clear language, about how the tools work and what they will do,” he added.

And on the flip side, if the FBI uses a classified and sensitive tool in an ordinary case, and has to reveal information about it in court, the exploit may then be fixed by the affected vendor, such as, say, Apple. Some may seen that as a positive, but the FBI might have to drop their charges against a criminal as well.

“It’s also a risk for the government, who may be ordered to disclose classified information to the defense to satisfy due process, or face dismissal of the case,” Ghappour said.

With the mentioned Tor Browser attack, a judge ordered the FBI to give defense counsel the code of the exploit; the FBI refused, meaning the evidence the related malware obtained was thrown out altogether.

A spokesperson for the FBI declined to comment on the ROU’s cross-over into criminal cases, and instead pointed to page 16 of the report, which reads, in part, that “FBI/OTD has realigned mission areas for several Units in preparation for a larger re-organization.”


The post The #FBI Used #Classified #Hacking #Tools in Ordinary #Criminal #Investigations appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Eight #cybersecurity tools your #healthcare facility needs #today

Source: National Cyber Security – Produced By Gregory Evans

As hackers become smarter and healthcare facilities rely more and more on the cloud and technology to share and store personal and sensitive information, we’ve seen an increase in security breaches in businesses across the country. In fact, the Identity Theft Resource Center found that breaches are up 25 percent this year.

Many companies are simply not investing enough in IT security, despite the obvious threats. The lack of investment in security infrastructure, professional services and employee training makes them extremely vulnerable. What’s more is that basic security features like firewalls and antivirus protection aren’t enough in today’s “smart” marketplace.

But where should businesses start if they want to avoid the repercussions of a major data breach? Here are 8 tools for businesses to consider to stay ahead of the game and help protect sensitive data and private information in 2018.

Microsoft EMET

Developed specifically for Windows (sorry, Mac users!), the Enhanced Mitigation Experience Toolkit is a tool to help keep a software’s vulnerabilities from being exploited by outside hackers. Often employees unaware of proper security protocols compromise a business’s security. This toolkit helps to prevent these leaks.


With the increase of sensitive data on the move, it’s important to protect the information stored on laptops, external hard drives and IoT devices. ExactTrak uses embedded security to take data protection beyond basic encryption. Both system- and Internet-independent, the technology works to protect information, even when devices are turned off.


Supported on Exchange Online, Office365, G Suite, and Exchange, MailControl works to protect email accounts from Spyware hidden in emails. Spymail can be used to track location, email open rates and browser information through metadata. MailControl works to detect remove and report spymail to protect customer’s private information and data.


If you’re a small business owner just dipping your toes into cybersecurity, and worried about making too large of an initial investment, Comodo is a great place to start. They offer multiple solutions, all either free or low cost, that meet the needs of different businesses. Some include malware prevention, IT management platforms, security for POS systems and SSL certificates.

Evident ID

If you operate a business that is responsible for handling other people’s personal data, you know the stress and risk that comes with the handling of secure data. There is also the added responsibility of organizing and managing this sensitive data. Evident ID serves business by taking them out of the middle of the process. Businesses are able to verify users’ and customers’ information with minimum disclosure, and minimize their security risks.


A recent cybersecurity concern for many businesses is a hacker’s use of ransomware, a malicious software that holds a computer system “hostage” until the ransom is paid.If Ransomware is a concern for you, Cryptostopper is a great line of defense. CryptoStopper uses Watcher Files to detect ransomware in real time and stop the software from running.

Lookout Mobile Security

If mobile security is your main concern, Lookout Mobile Security should be on your list. Lookout recognizes that there are multiple threats to mobile security, and uses 10 years of research to provide threat remediation and app security assessments.

The post Eight #cybersecurity tools your #healthcare facility needs #today appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

WannaCry Some More? Cybercriminals Using NSA Hacking Tools to Attack Citizens

Source: National Cyber Security – Produced By Gregory Evans

A cybersecurity firm has announced hacking tools linked to the US National Security Agency are being exploited by cybercriminals. NSA-linked hacking tools are being used by cybercriminals in efforts to remotely steal money and confidential information from online banking users, according to researchconducted by cybersecurity firm Proofpoint. Proofpoint researchers discovered two different banking trojans in the wild, with computer…

The post WannaCry Some More? Cybercriminals Using NSA Hacking Tools to Attack Citizens appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures


Source: National Cyber Security – Produced By Gregory Evans

THE CONCEPT OF “hacking back” has drawn attention—and generated controversy—lately as geopolitics focuses increasingly on the threat of cyberwar. The idea that cyberattack victims should be legally allowed to hack their alleged assailants has even motivated a bill, the Active Cyber Defense Certainty Act, that representative Tom Graves of Georgia…

The post BUGS IN POPULAR HACKER TOOLS OPEN THE DOOR TO STRIKING BACK appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures