now browsing by tag
PayPal Introduces Fraud Management Tools As Digital Fraud Escalates | #relationshipscams | #dating | romancescams | #scams
_________________________ PayPal launches fraud management tools. The suite of solutions include biometrics and machine learning technology to help merchants minimize the rising risk of digital fraud. Insider […]
View full post on National Cyber Security
Web-conferencing and instant messaging tools are seeing greater usage among travel and tourism trade players who are determined to keep business dialogue alive as the appeal of face-to-face meetings diminish against a backdrop of Covid-19 infection fears.
Sheryl Lim, founder of Singapore-based travel agency Travel Wander, found herself turning to online presentations to keep her regular clientele informed on new adventure tours and destinations as well as reach out to potential new customers.
“Our usual marketing efforts involve conducting product presentations at specific venues but as soon as Covid-19 happened, people started to refrain from going out or meeting other people,” Lim recalled.
“We were in a fix because as a small company, we cannot stop moving and must keep up our marketing efforts. Out of sight, out of mind, as the saying goes, so we must maintain contact with our customers and the marketplace now so that when travel confidence returns, they will consider Travel Wander for their travel planning.”
With print or radio ads priced out of her budget, she turned to web-conferencing tools.
“The travel planning business is a very personal one, where clients prefer meeting face-to-face. But the pandemic has presented us with an unusual situation, and webinars are a good solution that enables us to keep up with sales and marketing communications,” she said.
Travel Wander conducted its first presentation two weeks ago, focusing on the joy of active holidays. The content, delivered through slides and a narration, explained what active holidays were all about, and dispelled myths around such tours. Six people attended it. A week later, a webinar on Sarawak drew 10 people.
Lim has planned a third on Kazakhstan this week, and aims to conduct a weekly session and is working on improving the format to facilitate conversations. The webinars are promoted to regular clients who then spread the word within their social circle.
The product webinars have allowed Lim to determine which destinations were more popular, based on webinar sign-up performance.
For other travel companies that are already utilising web-conferencing, the current pandemic has underscored the value of this mode of communications.
Adam Kamal, general manager of Malaysia’s Suka Travel, said his team is now working remotely from home, relying on WhatsApp video conferencing to address urgent matters, on top of their usual web-conferences with overseas suppliers and outstation agents.
The remote work arrangement was necessary as the government had on Monday evening issued an order to temporarily shutter businesses and restrict movement to fight against Covid-19.
Adam said he introduced and encouraged web-conferencing when he joined the agency last November, and applauded the convenience and cost savings it offers.
“Web-conferencing allows our partners to pull up documents, charts and pictures as they speak. (It also) saves time and costs as we can do meetings virtually. If it were face-to-face meetings, we would have to rent space to hold a seminar and pay for light refreshments,” he said.
Bayu Buana Travel Services Indonesia, which now has 50 per cent of its staff working from home, is encouraging continued reliance on web-conferencing tools to keep dialogues open with airline partners and clients during these trying times.
Agustinus Pake Seko, president director of Bayu Buana Travel Services Indonesia, said his team is familiar with web-conferencing, as there are regular online global meetings with BCD Travel, which the company is part of.
Laurens van den Oever, CMO at research firm ForwardKeys, opined that the “one good thing to come out of the coronavirus” is the emphasis on the value of “how to be savvier with our digital offerings, such as travel alerts, impact reports and newsletters”.
“In every business, you need to invest in the necessary tools and equipment for your team. Different time zones, cultural barriers, epidemics and pandemics should not impede the running of your business nor throw you into the Dark Ages,” Oever said.
The ForwardKeys team relies on a suite of communication services, such as Zoom, Slack, WhatsApp and webinars/web information sessions for internal interaction, and Zoom mostly by its analysts to connect with external clients.
“These have helped us a lot (in maintaining business communications, especially now) with all the travel limitations and tradeshow cancellations due to the (outbreak),” he added. – Additional reporting by S Puvaneswary and Mimi Hudoyo
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans Of all the headaches CISOs deal with daily (and we know there are many!), making a hard-fought case for an appropriate security budget is one they often have to contend with annually. While security and risk mitigation are certainly receiving more attention and priority these days, […] View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans Trustwave researchers outline free card skimmer detection techniques Online shoppers and merchants can detect whether websites are infected by Magecart with easy to use techniques provided from researchers at Trustwave. In a blog post published yesterday (December 19), security researcher Michael Yuen outlined how to determine […] View full post on AmIHackerProof.com
#cybersecurity | #hackerspace | How HIPAA-Compliant Communication Tools Can Prepare Home Healthcare for PDGM
Source: National Cyber Security – Produced By Gregory Evans The new home healthcare Patient-Driven Groupings Model (PDGM) released by the Center for Medicare & Medicaid Services (CMS) goes into effect after January 1, 2020. With it, payment periods will be cut in half and therapy volume will no longer be considered when determining home health […] View full post on AmIHackerProof.com
#cybersecurity | #hackerspace | Derbycon2019, Michael Fowl’s & Nick Defoe’s ‘Old Tools, New Tricks: Hacking WebSockets’
Many Thanks to Adrian Crenshaw (Irongeek), and his Videographer Colleagues for Sharing His and Their Outstanding Videos Of This Last And Important DerbyCon 2019.
Visit Irongeek for additional production credits and important information. Subscribe to Irongeek’s content, and provide Patreon support as well.
The post Derbycon2019, Michael Fowl’s & Nick Defoe’s ‘Old Tools, New Tricks: Hacking WebSockets’ appeared first on Security Boulevard.
View full post on National Cyber Security
Twitter declined to provide any comment, and instead pointed me to the company’s nonconsensual nudity policy. The original DailyMail.com tweet—nude photo, shortened link, and all—remains online, with 1,500 retweets and 2,300 likes.
“What we know about the viral nature of especially salacious material is that by the time you take it down three days, four days, five days after the fact, it’s too late.”
Mary Anne Franks, Cyber Civil Rights Initiative
The photos will indelibly remain on the rest of the internet, too. Once they were published by RedState and DailyMail.com, they seeped across networks and platforms and forums as people republished the images or turned them into memes or used them as the backdrop for their YouTube show. (After I contacted YouTube about some examples of the latter, it removed the videos for violating the site’s policy on harassment and bullying.)
It’s one of the many brutal aftershocks that this kind of privacy violation forces victims to endure.
“You can encourage these companies to do the right thing and to have policies in place and resources dedicated to taking down those kind of materials,” says Mary Anne Franks. “But what we know about the viral nature of especially salacious material is that by the time you take it down three days, four days, five days after the fact, it’s too late. So it may come down from a certain platform, but it’s not going to come down from the internet.”
Using AI to Fight Back
Two days after Katie Hill announced she was stepping down from office, Facebook published a post titled “Making Facebook a Safer, More Welcoming Place for Women.” The post, which had no byline, highlighted the company’s use of “cutting-edge technology” to detect nonconsensual porn, and to even block it from being posted in the first place.
Facebook has implemented increasingly aggressive tactics to combat nonconsensual porn since 2017, when investigations revealed that thousands of current and former servicemen in a private group called Marines United were sharing photos of women without their knowledge. Facebook quickly shut down the group, but new ones kept popping up to replace it. Perhaps sensing a pattern, after a few weeks Facebook announced that it would institute photo-matching technology to prevent people from re-uploading images after they’ve been reported and removed. Similar technologies are used to block child pornography or terrorist content, by generating a unique signature, or hash, from an image’s data, and comparing that to a database of flagged material.
Later that year, Facebook piloted a program in which anyone could securely share their nude photos with Facebook to preemptively hash and automatically block. At the time, the proposal was met with some incredulity, but the company says it received positive feedback from victims and announced the program’s expansion in March. The same day, Facebook also said that it would deploy machine learning and artificial intelligence to proactively detect near-nude images being shared without permission, which could help protect people who aren’t aware their photos leaked or aren’t able to report it. (Facebook’s policy against nonconsensual porn extends to outside links where photos are published, but a spokesperson says that those instances usually have to be reported and reviewed first.) The company now has a team of about 25 dedicated to the problem, according to a report by NBC News published Monday.
“They have been doing a lot of innovative work in this space,” Mary Anne Franks says. Her advocacy group for nonconsensual porn victims, the Cyber Civil Rights Initiative, has worked with many tech companies, including Facebook and Twitter, on their policies.
Facebook will also sometimes take the initiative to manually seek out and take down violating posts. This tactic is usually reserved for terrorist content, but a Facebook spokesperson said that after Hill’s photos were published, the company proactively hashed the images on both Facebook and Instagram.
Hashing and machine learning can be effective gatekeepers, but they aren’t totally foolproof. Facebook has already been using AI to automatically flag and remove another set of violations, pornography and adult nudity, for over a year. In its latest transparency report, released Wednesday, the company announced that over the last two quarters, it flagged over 98 percent of content in that category before users reported it. Facebook says it took action on 30.3 million pieces of content in Q3, which means nearly 30 million of those were removed automatically.
Still, at Facebook’s scale, that also means almost half a million instances aren’t detected by algorithms before they get reported (and these reports can’t capture how much content doesn’t get flagged automatically or reported by users). And again, that’s for consensual porn and nudity. It’s impossible to say whether Facebook’s AI is more or less proactive when it comes to nonconsensual porn. According to NBC News, the company receives around half a million reports per month. Facebook does not share data about the number or rate of takedowns for that specific violation.
The post How Facebook’s Anti-Revenge Porn Tools Failed Katie Hill appeared first on National Cyber Security.
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans Cyberattacks on small and midsized companies in 2019 cost $200,000 per company on average, mercilessly putting many of them out of business, says CNBC in its analysis of a recent Accenture report. In light of the global cybersecurity skills shortage, the number is set to soar […] View full post on AmIHackerProof.com
New York City will offer free cyber security tools to the public as part of a new effort to improve online safety, officials said on Thursday, a week after Atlanta was hit with a ransomware attack that knocked some municipal systems offline.
The program, dubbed NYC Secure, will launch a free smartphone protection app to warn users when suspicious activity is detected on their devices, New York Mayor Bill de Blasio announced at a news conference.
“New Yorkers aren’t safe online. We can’t wait around for other levels of government to do something about it or the private sector,” New York Mayor Bill de Blasio said.
The program will cost the city about $5 million per year, he said.
“It’s our job in government to make sure that people are safe online. It’s a new reality,” de Blasio said.
City agencies will also beef up security protection on public Wi-Fi networks by the end of the year to protect residents, workers and visitors.
Those networks will be secured with a tool, dubbed Quad9, that is available to anybody in New York City and beyond at quad9.net Quad9 routes a user’s web traffic through servers that identify and block malicious sites and email.
NYC Secure was unveiled as Atlanta officials worked alongside federal law enforcement and technicians from private security firms to investigate the cause of the attack that encrypted data on computers.
Atlanta City Council President Felicia Moore said she was waiting to hear more about how the hackers breached city networks, the scope of the attack and when city services would be fully operational.
“Everybody in the public wants to know. I want to know, too,” Moore said at a news conference. “But I do think that we need to give them an opportunity to get the information.”
Atlanta on Thursday reactivated a website that allows residents to make requests for trash pickup, report traffic signal outages and ask for other public works-related services.
Municipal court services remained offline on Thursday and City Hall employees told Reuters their work computers were still unusable a week after the hack was detected.
The post New York offers free #cyber #security #tools to #public to deter #hackers appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
The FBI’s Remote Operations Unit (ROU), tasked with hacking into computers and phones, is one of the Bureau’s most elusive departments. But a recent report from the Office of the Inspector General (OIG) for the Department of Justice has now publicly acknowledged the unit’s existence seemingly for the first time. The report also revealed that the ROU has used classified hacking tools—techniques typically reserved for intelligence purposes—in ordinary criminal investigations, possibly denying defendants the chance to scrutinize evidence, as well as destabilizing prosecutors’ cases against suspects.
“Using classified tools in criminal cases is risky for all sides,” Ahmed Ghappour, associate professor of law at Boston University School of Law, and who has researched law enforcement hacking extensively, told Motherboard in a Twitter message.
The ROU is part of the FBI’s Operational Technology Division (OTD), which handles the Bureau’s more technical surveillance methods. The OIG’s report says ROU “provides computer network exploitation capabilities” and has “engineers and vendors who attempt to develop techniques that can exploit mobile devices.” A previous Wall Street Journal report said the FBI can use malware to remotely activate microphones on Android devices.
In 2013, then American Civil Liberties Union (ACLU) principal technologist Chris Soghoian uncovered ROU’s existence by piecing together LinkedIn profiles and sections of documents released through the Freedom of Information Act. Soghoian found that an Eric Chuang heads the ROU, and it appears Chuang is still leading the unit now—the OIG report mentions the current head became chief in 2010.
While most of the OIG’s new report focuses on how the FBI did not fully explore its technical options for accessing the iPhone of one of the San Bernardino terrorists in 2016, several sections shine more light on the ROU, and how they are using their hacking tools. One mentions the ROU chief, based on long standing policy, sees a “line in the sand” against using national security tools in criminal cases—this was why the ROU initially did not get involved at all with finding a solution to unlocking the San Bernardino iPhone. Indeed, it’s important to remember that as well as a law enforcement agency, the FBI also acts as an intelligence body, gathering information that may be used to protect the country, rather than bring formal charges against suspects.
But that line can be crossed with approval of the Deputy Attorney General to use the more sensitive techniques in ordinary investigations, the report adds.
“The ROU Chief was aware of two instances in which the FBI invoked these procedures,” a footnote in the report reads. In other words, although it seemingly only happened twice, the FBI has asked for permission to use classified hacking techniques in a criminal case.
It’s not clear which two cases the ROU Chief is referring to. However, the FBI previously deployed a Tor Browser exploit to over 8,000 computers around the world, including some in China, Russia, and Iran, based on one, legally contentious warrant. At the time of the operation in February 2015, the tool was unclassified. But as Motherboard found using court records, the following year the FBI moved to classify the exploit itself for reasons of national security, despite the case being a criminal child pornography investigation.
Motherboard’s recent investigation into the exploit industry found that an Australia-based company called Azimuth Security, along with its partner Linchpin Labs, has provided exploits to the FBI, including one for breaking through the Tor Browser.
Using classified tools in a criminal investigation may pose issues for both prosecutors and defendants. If the FBI used a classified technique to identify a suspect, does the suspect find out, and have a chance to question the legality of the search used against them?
“When hacking tools are classified, reliance on them in regular criminal investigations is likely to severely undermine a defendant’s constitutional rights by complicating discovery into and confrontation of their details,” Brett Kaufman, a staff attorney at the ACLU, told Motherboard in an email. “If hacking tools are used at all, the government should seek a warrant to employ them, and it must fully disclose to a judge sufficient information, in clear language, about how the tools work and what they will do,” he added.
And on the flip side, if the FBI uses a classified and sensitive tool in an ordinary case, and has to reveal information about it in court, the exploit may then be fixed by the affected vendor, such as, say, Apple. Some may seen that as a positive, but the FBI might have to drop their charges against a criminal as well.
“It’s also a risk for the government, who may be ordered to disclose classified information to the defense to satisfy due process, or face dismissal of the case,” Ghappour said.
With the mentioned Tor Browser attack, a judge ordered the FBI to give defense counsel the code of the exploit; the FBI refused, meaning the evidence the related malware obtained was thrown out altogether.
A spokesperson for the FBI declined to comment on the ROU’s cross-over into criminal cases, and instead pointed to page 16 of the report, which reads, in part, that “FBI/OTD has realigned mission areas for several Units in preparation for a larger re-organization.”
The post The #FBI Used #Classified #Hacking #Tools in Ordinary #Criminal #Investigations appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures