Wants

now browsing by tag

 
 

Ducey wants federal refugee program changes over child safety concerns | #tinder | #pof | #match | #sextrafficking | romancescams | #scams

Source: National Cyber Security – Produced By Gregory Evans

(Photo by John Moore/Getty Images) PHOENIX — Arizona Gov. Doug Ducey in a letter Wednesday to the U.S. Department of Health and Human Services outlined child safety concerns stemming from […]

The post Ducey wants federal refugee program changes over child safety concerns | #tinder | #pof | #match | #sextrafficking | romancescams | #scams appeared first on National Cyber Security.

View full post on National Cyber Security

Why Jennifer Lopez Wants a Longterm Future With Ben Affleck | #facebookdating | #tinder | #pof | romancescams | #scams

Source: National Cyber Security – Produced By Gregory Evans

_________________________ Jennifer Lopez and Ben Affleck’s romantic reunion is going very well as summer begins, E! reports, and Lopez is very serious about Affleck and their future. […]

The post Why Jennifer Lopez Wants a Longterm Future With Ben Affleck | #facebookdating | #tinder | #pof | romancescams | #scams appeared first on National Cyber Security.

View full post on National Cyber Security

Seth Carey says his accuser wants to murder him | #tinder | #pof | #match | #sextrafficking | romancescams | #scams

Source: National Cyber Security – Produced By Gregory Evans

Former district attorney candidate Seth Carey said this week there is “a real danger” that the woman who lodged criminal charges brought against him will kill him. The Rumford District […]

The post Seth Carey says his accuser wants to murder him | #tinder | #pof | #match | #sextrafficking | romancescams | #scams appeared first on National Cyber Security.

View full post on National Cyber Security

Miley Cyrus: Fans Wants To Know If The Singer Is Dating Someone Or Not | #facebookdating | #tinder | #pof | romancescams | #scams

Trailers are an under-appreciated art form insofar that many times they’re seen as vehicles for showing footage, explaining films away, or showing their hand about what moviegoers can expect. Foreign, […] View full post on National Cyber Security

#sextrafficking | US Virgin Islands wants Jeffrey Epstein-related documents from NY hedge fund billionaire – NewsRadio 560 KPQ | #tinder | #pof | #match | romancescams | #scams

Florida Dept. of Law EnforcementBy JAMES HILL, ABC News (NEW YORK) — The U.S. Virgin Islands government, in an expanding investigation into the alleged sex trafficking enterprise of Jeffrey Epstein, […] View full post on National Cyber Security

#nationalcybersecuritymonth | Covered Security wants you to be smarter about online threats — for your employer’s sake

Source: National Cyber Security – Produced By Gregory Evans

I took a five-minute online quiz created by a Boston startup, Covered Security. It’s designed to give you the cybersecurity equivalent of your credit score — basically, how do your online security habits compare with the average person’s, and how do they compare with the habits of security experts? Let’s just say I have some improvements to make before I reach the “average” mark on Covered’s grading scale.

What Covered is trying to do is motivate people like me to change. Not because we’re a danger to ourselves, but because we’re a danger to our employers.

“Normal people are compromised at a rate that is 124.7 percent higher than security professionals,” says Covered’s founder and CEO, Chris Zannetos.

Unfortunately, it can be tough to get people to change bad habits, such as using the same password for multiple accounts or using easy answers to the security prompt questions for password recovery (like mother’s maiden name.)

As for getting them to pay for new security software or services that might make them less vulnerable? Forget about it, Zannetos says. People are complacent about security until a hacker breaks into their Facebook account and starts messaging all of their friends or cracks a bank account and wreaks havoc.

So Covered is focusing on employers, who have a lot more at stake — billions of dollars, trade secrets, brand reputations, and stock prices. Corporate information security executives, Zannetos says, “always say that people were the soft underbelly of their security program. They are a gateway for hackers to break into the organization,” such as when employees hastily respond to an e-mail that looks like it’s from the boss requesting password information, or asking them to review an attached file. (Oops — malware, which can give the bad guys access to everything on your machine.) So Covered is planning to sell to companies, rather than to individuals, and it already has a handful that are using its software, including Aflac, the Georgia insurance company.

Covered Security was founded in 2016, and it’s still small — fewer than 10 employees, Zannetos says. The objective, he explains, was to create “a FitBit for online security. Could we make it simple, fast, and personally rewarding for people to improve their own security habits?”

Covered’s product is fundamentally about education: What are the ideal things to be doing to protect your passwords and accounts, and where have data breaches occurred recently that may affect you and your account information? The Web-based system gives you pats on the head (“kudos”) when you make small improvements, and your employer can offer prizes to people who have accumulated a certain number of kudos. (Yes, you are on the honor system: You can say that you’re using two-factor authentication — “text me a code so I can log in to my account” — without actually doing it.)

Your employer can’t peer into an individual employee’s Covered profile, Zannetos says. But they can see high-level analytic data about “where the company is weak and where they’re strong, and what behavior they need to incentivize.”

This month, to build buzz, Covered has been giving away gift cards to people who register with the site and start earning kudos.

Danahy, the security entrepreneur, says that while “most people treat the end user as a problem that is not solvable — they will always make mistakes — what Covered is doing has an optimism, and a realism, I think, that you can change that.”

The notion, he says, is that you and I should be more aware of practical behaviors, like using a password repository to create and manage our passwords, as well as read articles about the latest hacker techniques, so that we don’t become victims. Offering kudos and financial incentives to spend time doing that, Danahy says, “gamifies” the process of changing our behaviors. Danahy serves as an adviser to Covered but is not an investor in the company.

Oren Falkowitz, CEO of the California startup Area 1 Security and a former staffer at the National Security Agency and US Cyber Command, says via e-mail that the Covered concept sounds simple. “But the reality is, we humans can’t be taught to be less human. Our innate curiosity, our willingness to trust complete strangers, and our child-like interest in a good story, all work against us in cyberspace.” That’s what makes it impossible, Falkowitz says, to stop phishing attacks without relying on “specific and advanced computer software.”

“The concept of training employees so that they can better avoid being phished or falling prey to other social hacks is not new, and almost every company is doing some level of employee education in this regard these days,” says Maria Cirino, a former cybersecurity CEO and venture capitalist at the Boston firm .406 Ventures. But Covered’s approach and use of technology to change people’s bad habits could prove more effective and measurable, Cirino says. Her firm hasn’t invested. Covered has so far raised a bit more than $1 million from individual investors, and Zannetos hopes to add more to the company’s bank account in the spring.

Covered is in the midst of juggling the four balls that every startup needs to keep in the air: finding investors, closing sales, hiring skilled employees, and continually improving the product.

But the mission — making all of us a little less dumb, when it comes to online security practices — is an important one.


Scott Kirsner can be reached at kirsner@pobox.com. Follow him on Twitter @ScottKirsner.

Source link

The post #nationalcybersecuritymonth | Covered Security wants you to be smarter about online threats — for your employer’s sake appeared first on National Cyber Security.

View full post on National Cyber Security

The FBI Wants Apple to Unlock iPhones Again

Source: National Cyber Security – Produced By Gregory Evans

After anxious days awaiting Iran’s response to the US assassination of Qasem Soleimani, the country sent missiles flying at two Iraqi military that housed US troops—who knew about it well in advance, thanks to an early warning system that dates back to the Cold War. In a rare reversal from the norm, Donald Trump followed up by using Twitter to defuse tensions rather than escalate them further. Iran’s still on a path to developing nuclear capabilities, but they won’t get there any time soon.

As far as anyone knows, Iran hasn’t countered the US directly with a cyberattack, but a new report shows that they’ve spent the last year probing US critical infrastructure. All of which is to say, let’s hope both parties stick with deescalation.

On the home front, Amazon swatted at money-saving extension Honey just in time for the holidays, warning users that it was a security risk without specifying how. Google welcomed alleged spy app ToTok back into the Google Pay Store, while the jury’s still out for Apple. And TikTok recently patched bugs that could have let attackers take over a victim’s account. (No, that doesn’t mean it’s spying on you.)

It was an active week for Facebook; the company made its Privacy Checkup feature a wee bit more granular, acknowledged that encrypting Messenger end-to-end by default will take years, and suffered a bug that doxxed the admins of Pages. Otherwise all good, though.

And while you may have heard that Russia disconnected itself from the internet over the holidays, that’s not quite right. But the Kremlin’s efforts to censor the internet are very real, and increasingly broad.

Stop us if you’ve heard this one before: The FBI has asked Apple to unlock the iPhone of a mass shooter. As it did when the agency did the same in the San Bernadino investigation, Apple has declined. The Cupertino company regularly complies with subpoenas for data stored in its cloud, but argues that breaking into a locked iPhone would be require undermining its own encryption, which in turn would make all iPhones less safe. The prolonged fight in 2016 ended in something of a draw, when the FBI found a way to unlock the iPhone on its own. While its request hasn’t escalated to a court fight yet, it’s only a matter of time before it tries for a rematch.

[A Comprehensive Look at How SMS Two-Factor Authentication Gets Abused](https://www.issms2fasecure.com/

)

We’ve written about the risks inherent in using SMS-based two-factor authentication since 2016. Since then, the plague of so-called SIM-swap attacks that it enables have only grown, hitting even Twitter CEO Jack Dorsey. This week, researchers at Princeton University’s Center for Information technology detailed the many, many ways that SMS 2FA can go wrong, including multiple failings on the part of carriers to vet SIM-swap requests. If this doesn’t convince you to switch to an authenticator app, nothing will.

By now it’s no longer surprising that every voice assistant has a small army of human contractors behind it, transcribing recordings to improve accuracy. (Or did, until the public backlash.) Skype, however, reportedly hit an impressive low by not only using contractors in China but letting them listen to recordings through a Chrome web browser, and were encouraged to all long in through the same account and password. In other words, it would have been almost comically easy to compromise the sensitive data. Microsoft told The Guardian that it has since moved its transcription efforts out of China and into “secure facilities.” It’s unclear exactly what that means, but the bar appears to be extremely low.

To continue the theme: In a letter to US senators this week, Ring acknowledged that four employees sought improper access to video taken by its customers’ cameras over the last four years. The company says that of them were fired for violating company policy, and that currently only three employees can access stored customer videos.


More Great WIRED Stories

The Original Source For This Story: Source link

The post The FBI Wants Apple to Unlock iPhones Again appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | CISA Wants a Vulnerability Disclosure Program At Every Agency

Source: National Cyber Security – Produced By Gregory Evans

The Homeland Security Department on Wednesday released a draft of a binding operational directive that would require every federal agency to create a vulnerability disclosure policy.

Under the measure, each civilian agency would need to create a formal process for security researchers to share vulnerabilities they uncover within the organization’s public-facing websites and other IT infrastructure. Agencies must also develop a system for reporting and closing the security gaps that are uncovered through the program.

Despite the growing popularity of public cyber initiatives like bug bounties, security researchers often find themselves in a legal gray area when reporting cyber weaknesses to the government. By creating vulnerability disclosure policies, agencies can set clear guardrails on legal hacking.

“A [vulnerability disclosure policy] allows people who have ‘seen something’ to ‘say something’ to those who can fix it,” Jeanette Manfra, assistant director for cybersecurity within the Cybersecurity and Infrastructure Security Agency, said in a blog post. “It makes clear that an agency welcomes and authorizes good faith security research on specific, internet-accessible systems.”

The BOD would bring the rest of the government up to speed with the Pentagon and the General Services Administration’s tech office, which have already established vulnerability disclosure programs. DHS is also in the process of finalizing its own policy.

CISA will accept public feedback on the proposed directive through Dec. 27.

Specifically, the measure would give agencies six months to create a web-based system for receiving “unsolicited” warnings about potential vulnerabilities. They must also develop and publish a vulnerability disclosure policy, outlining the systems and hacking methods that are authorized under the program and describing the process for submitting vulnerabilities. 

The directive would require agencies to consistently add new systems to the program over time. Within two years, “all internet-accessible systems and services” must be in scope of the policy, according to the measure. Every system launched after the directive is issued must automatically be considered in scope.

Agencies would also need to set procedures for handling submissions and report both specific vulnerabilities and program metrics directly to CISA.

While the directive gives agencies some latitude in the metrics and policies around their own policies, the measure could ultimately lay the foundation for a standardized, government-wide vulnerability disclosure program, Manfra said. 

“We think a single, universal vulnerability disclosure policy for the executive branch is a good goal … but we expect that goal to be an unrealistic starting place for most agencies,” she said. “The directive supports a phased approach to widening scope, allowing each enterprise–comprised of the humans and their organizational tools, norms, and culture–to level up incrementally.”

Source link

The post #hacking | CISA Wants a Vulnerability Disclosure Program At Every Agency appeared first on National Cyber Security.

View full post on National Cyber Security

Air Force veteran in leak case wants FBI admission suppressed

Source: National Cyber Security – Produced By Gregory Evans

A young woman charged with leaking classified U.S. documents has asked a federal judge to rule that comments she made to FBI agents before her arrest can’t be used as evidence. Reality Winner, a former Air Force linguist who held a top-secret security clearance, worked as a government contractor in…

The post Air Force veteran in leak case wants FBI admission suppressed appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Greece wants more money, top role for EU cyber security agency

Source: National Cyber Security – Produced By Gregory Evans

Greece wants the European Commission to give the Athens-based European Union Agency for Network and Information Security (ENISA) more money and the leading role in managing Europe’s cyber security issues as part of a legal overhaul next month. “We want ENISA to have a bigger role in cyber security and…

The post Greece wants more money, top role for EU cyber security agency appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures