years

now browsing by tag

 
 

Facebook Says Encrypting Messenger by Default Will Take Years

Source: National Cyber Security – Produced By Gregory Evans

In March of last year, Mark Zuckerberg made a dramatic pledge: Facebook would apply end-to-end encryption to user communications across all of its platforms by default. The move would grant strong new protections to well over a billion users. It’s also not happening any time soon.

What Zuckerberg didn’t spell out at the time is just how difficult that transition would be to pull off, and not just in terms of political hurdles from encryption-averse law enforcement or a shift in Facebook’s business model. Encrypting Facebook Messenger alone represents a herculean technical challenge. According to one of the Facebook engineers leading the effort, a version of Messenger that’s fully end-to-end encrypted by default remains years away.

“I’ll be honest right now and say we’re still in a place of having more questions than answers,” said Jon Millican, Facebook’s software engineer for Messenger privacy, in a talk today at the Real World Crypto conference in New York. “While we have made progress in the planning, it turns out that adding end-to-end encryption to an existing system is incredibly challenging, and involves fundamentally rethinking almost everything.”

Millican’s presentation at the conference, in fact, wasn’t about how Facebook plans to pull off the transition to default encryption for Messenger, which currently offers the feature only through its Secret Conversations mode. Instead, it seemed aimed at explaining the many hurdles to making that transition, and asking the cryptography community for ideas about how to solve them.

Millican readily admitted that means Facebook users shouldn’t expect to see a default encryption rollout for several years. That also likely means the company’s planned integration of WhatsApp, Facebook, and Instagram messaging will take at least as long, given that all three would likely need to be end-to-end encrypted to avoid undermining the existing default protections in WhatsApp.

“We publicly announced the plan years in advance of being able to actually ship it,” Millican said of Messenger’s encryption rollout in an interview with WIRED ahead of his conference talk, while declining to say when exactly Facebook expects the rollout to be complete. “There are no imminent changes coming here. This is going to be a long process. We’re dedicated to getting this right rather than doing it quickly.”

“If this is taking several years, maybe they’re not putting their money where their mouth is.”

Matthew Green, Johns Hopkins University

Facebook Messenger’s bounty of features—video calls, group messaging, GIFs, stickers, payments, and more—almost all currently depend on a Facebook server being able to access the contents of messages. In an end-to-end encrypted setup, only the people at the ends of a conversation would possess the keys on their devices to decrypt messages, requiring that more of Messenger’s mechanics be moved to apps and browsers. Facebook’s servers would act only as blind routers, passing messages on without being able to read them—which also keep them safer from government agencies or other snoops.

Millican argues that getting to that point will require rebuilding every feature of Facebook Messenger from the ground up. “We’re looking at a full-stack rethink and re-architecture of the entire product,” he says. “We’re not just adding end-to-end encryption to a product, we’re building an end-to-end encrypted product.”

Facebook has, of course, already carried out the sort of billion-user transition to default encrypted messaging that it now says is so difficult. In 2016, Facebook-owned WhatsApp enabled default end-to-end encryption for all its billion-plus users. But Millican points out that transition also took years, despite the WhatsApp of 2016 having been much simpler than Facebook Messenger in 2020. He points to key differences in the two apps; WhatsApp doesn’t support multiple devices, beyond a desktop program that essentially routes messages via the user’s phone. And it doesn’t back up messages to a server so that they’re available when you reinstall the app. Messenger does both.

Apple may present another model of how to achieve the sort of massive end-to-end encrypted network Facebook has committed to create: It’s managed to build rich features and end-to-end encryption by default into iMessage. But it doesn’t have the sort of full-featured, independent web interface that Facebook Messenger offers, which presents other challenges, since it’s designed to allow users to send messages from any device. (WhatsApp’s web interface, like its desktop app, only works when it’s linked with a user’s phone.)

The Original Source For This Story: Source link

The post Facebook Says Encrypting Messenger by Default Will Take Years appeared first on National Cyber Security.

View full post on National Cyber Security

#hacking | New Years Resolution: Organizations push for proactive approach to security

Source: National Cyber Security – Produced By Gregory Evans

#goals

Looking at the security fails of 2019 is amusing but it ought to set against the progress by many in adopting best practice when drawing up the security ledger for the year.

Security success stories tend to start with establishing an effective security policy coupled with a training program and sound contingency planning, a collective approach often absent from organizations.

But businesses and public sector bodies are moving to improve the way they secure personal information, not least because of the harsh fines imposed by tightened data protection rules such as the EU’s General Data Protection Regulation (GDPR).

Requirements for companies to disclose breaches, whether under GDPR or many of the data breach notification laws found throughout the US, are among the main reasons why organizations are starting to become more open about any data loss that they may experience.

This has equally prompted change in the way a business collects and uses data, and how it keeps their customers informed. Increasingly, user or customer education is part of a company’s data security team remit.

Businesses are now finding, in part, that a perimeter security approach – building ever-higher walls around systems and data – is unsustainable. A strong data protection policy, in short, is better for business.

This approach is known as “data stewardship”.

Why it’s worth investing in data stewardship

“Data stewardship starts with an effective data strategy,” Dr. Sanjana Mehta head of market research strategy for EMEA at (ISC)², the security professional association, told The Daily Swig.

“This means asking fundamental questions such as: what data is an organization collecting? What is the purpose of storing or processing that data? And are the data subjects fully aware of and have they consented to these purposes?”

An organization should be collecting only the data it needs for its business process, and it should be informing the customer, citizen, or employee about why the data is needed, how it will be processed, and for how long it will be kept. The GDPR, for example, sets out – for citizens residing in the EU – a legal ‘right to be forgotten’.

Unless organizations practice good data stewardship, knowing the data that they hold and where that data is, they will not be able to meet the obligations set out under the legislation, or indeed any similar data protection law that is to pass in 2020.

“Organizations continuously tread a fine balance between optimizing data processing to inform strategic decisions which means providing more people access to more data and securing the interests of their data subjects, which means tightening access to data,” Dr. Mehta said.

READ MORE Swig Security Review 2019: Part II

Clean data is good for business

Good data management makes it easier to protect information. The business can target protection measures – including firewalls, encryption, and data loss protection tools – and train staff to reduce accidental data loss. This is hardly news to CISOs.

But minimizing data collection, and being clear about why data is needed, goes further. It is also about trust.

“I have been saying for a couple of years that you can’t have customer experience without permission,” Darren Guarnaccia, chief strategy officer at Crownpeak, a digital experience management company, told The Daily Swig.

“Part of that experience is trust… So much of that has been eroded through events of the last couple of years. Brands have to earn some of that back.”

This is why Guarnaccia advocates an open approach to data policies, as well as on-going training for employees. His views are echoed by Phil Slingsby, head of governance, standards and assurance at converged ICT services supplier GCI.

“As a tech company it’s easy to forget the importance of people,” Slingsby warns. “Privacy, in particular, is a human right, so it’s fundamentally focused on people.

He told The Daily Swig: “To be as effective as possible when it comes to data protection, we’ve had to get better at engaging with our people and integrating data protection into the fabric of how we do business.

“This has meant a shift in priority away from just being certificated to things like [the] ISO 27001 [security standard], and more towards ensuring that we are actually ‘doing the right things’ when it comes to data protection.”

Good shepherds

Clear and relevant data collection policies are vital. Some organizations go further, and actively promote data and privacy protection to their customers, as well.

Mozilla, the organization behind the Firefox browser, promotes a free service for internet users to look up pwned passwords, for instance. The service holds breach data going back to 2007.

And Nest, the Google-owned smart home company, set up a service last year warning users about password breaches, even if they were found to affect rivals’ hardware.

But our favorite is the privacy policy video from European low-cost airline easyJet. In a parody of those in-flight safety videos frequent travellers largely ignore, it sets out why the business collects data, and how it might even lead to lower fares.

YOU MIGHT ALSO LIKE Year in Review: Security needs a reboot in 2020

Source link

The post #hacking | New Years Resolution: Organizations push for proactive approach to security appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Business Bulletin: 10 New Year’s resolutions to help you avoid scams

Source: National Cyber Security – Produced By Gregory Evans

Q: What advice and resolutions may BBB offer to consumers in 2020?

A: As the New Year begins, it’s an important time to think about simple changes we can make to ensure that this New Year is better than the last. The Better Business Bureau offers 10 New Year’s resolutions to help you avoid scams, and prevent identity theft and be a smarter consumer in 2020.

Remember, being a savvy consumer is ultimately about staying one step ahead of scammers. The way to do that is to take your time and do your research before making a decision. The scammers are counting on you to be too busy to take these simple steps to protect yourself. By taking a few minutes to implement these tips, you can outsmart scammers and fraudsters.

 

BBB’s Top Ten New Year’s Resolutions for a Consumer-Savvy 2020:

1. Implement a credit freeze. A credit freeze is the best way to protect yourself from financial identity theft because it restricts access to your credit file, making it impossible for identity thieves to apply for a new line of credit in your name. Best of all, it’s now free to freeze and thaw your credit when required.

2. Use technology to block robocalls and other telemarketing calls. Nomorobo, a call blocking feature, can disconnect known telemarketers or scammers from your VoIP landline after one ring. It’s free for landlines; a nominal fee for cell phones. Go to www.nomorobo.com to begin. Also, make sure you register your phones with www.donotcall.gov.

3. Review your permissions and privacy settings on social media. If you’ve signed into an app or website using your social media credentials or taken a fun quiz on social media, you may have unwittingly given permission to third-party apps to access your personal information and contacts. On Facebook, go to “settings” and “apps and websites” to review.

4. Warn others and stop fraudsters by reporting scams to the BBB Scamtracker webpage. www.BBB.org/Scamtracker is a crowd-sourced website where you can report if you’ve been contacted by a scammer. Since reports are plotted on a map, you can also use Scamtracker to find out what’s happening in your area. Please report new scam activity that is not posted. In turn, Scamtracker reports help BBB educate the public with more in-depth reports. You may view these studies at www.bbb.org/scamstudies.

5. Check out businesses and charities first. Conduct research before you buy or donate to make sure you’re working with a reputable company or charity. Check out companies at bbb.org and a full report on charities at give.org. BBB accredited businesses and charities have been evaluated by BBB, and meet and promise to maintain standards.

6. Use secure payment methods. A scammer’s favorite way to steal your money is by asking you to pay with either a gift card or a money wire transfer, such as Money Gram or Western Union. Why? Because these payment methods are irreversible. Credit card payments are more secure and recommended. If fraud is suspected, the charge can be disputed. If you receive a request from someone claiming to be from the IRS, Social Security or a debt collector, it is a scam. If anyone request that you pay with a gift card or a money wire transfer; it is a red flag of caution.

7. Use a unique and complex password for every online account. Consider a pass phrase, which is simply a long password made up of from a collection of multiple words, making them both easier to type and remember. Poor, easy-to-guess passwords are one of the most common ways cyber attackers can hack into your online accounts. If it’s too difficult to remember multiple passwords, consider a password manager. Then, you’ll only have to remember one unique and complex password instead of many.

8. Enable multi-factor authentication whenever it is available. Multi-factor authentication is when you are granted access to an online account only after you have successfully provided two or more pieces of evidence, such as your password and a unique code generated by your smartphone, emailed or texted to you. With multi-factor authentication, if hackers do steal your user name and password, they still can’t access your account.

9. Monitor your existing financial accounts. Gone are the days when you waited for your credit card statement to come in the mail for you to review. Sign up for online access so you can review your financial accounts periodically. Also, take advantage of free text message alerts to notify you of activity, remind you when payments are due, etc.

10. File your taxes early. One common fraud during tax season is identity theft. Scammers use stolen identity to file taxes and redirect refunds. Protect yourself and file early when possible. Visit bbb.org to find accredited tax preparers in your area.

Jim Winsett of the BBB.

Jim Winsett is president of the Better Business Bureau in Chattanooga

Source link

The post #cyberfraud | #cybercriminals | Business Bulletin: 10 New Year’s resolutions to help you avoid scams appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | US Jails NeverQuest Malware Creator for 4 Years

Source: National Cyber Security – Produced By Gregory Evans A Russian hacker who created a piece of malware to steal money from bank accounts has been jailed for four years by a United States court.  Stanislav Vitaliyevich Lisov was arrested by Spanish authorities at Barcelona–El Prat Airport on January 13, 2017, at the request of […] View full post on AmIHackerProof.com

#deepweb | 30 years after the Convention on the Rights of the Child was signed, the IACHR calls on States to renew their commitment to children – World

Source: National Cyber Security – Produced By Gregory Evans

Washington, D.C. – On November 20, when the Convention on the Rights of the Child celebrates its 30th anniversary, the IACHR recalls that children still face enormous barriers to the enjoyment of their rights. In this regard, the Commission calls on the OAS member states to renew their commitment to children and adolescents through the implementation of effective national protection systems.

Thirty years ago, the international community came together to take a crucial step in the protection of children around the world, by negotiating and approving a broad regulatory framework that meant a paradigm shift in the matter. It is from the Convention that the States consolidated the recognition of children as holders of their own rights, universally guaranteed, and not as mere objects of protection. Today, the Convention on the Rights of the Child is the human rights treaty with the highest number of ratifications, as it has 196 States Parties, which underlines the universality of its scope.

Although the Commission recognizes the progress achieved during the three decades since the Convention came into force, it also expresses its concern about the deep gap between the rights established therein and the reality in which millions of children live in the region. According to UNICEF, in Latin America alone, 72 million children aged 0 to 14 still live in poverty, 1 in 5 have their physical growth affected by the lack of access to adequate nutrition and 12 million do not attend to school. In addition, almost 25,000 adolescents between 10 and 19 years old are victims of homicide each year in the region and half of those under 15 years of age are subjected to corporal punishment at home.

This scenario requires that the States renew and strengthen their commitment to protect children from any type of violation of their rights. In this regard, the Commission reiterates the need for States to implement national systems that effectively execute special and reinforced public protection policies aimed at guaranteeing the integral development of children, as well as allowing them to live a dignified life and free from all forms of violence.

“The protection of the rights of children requires a joint effort of all social actors, not only at this time of celebration of the 30th anniversary of the Convention, but permanently, with the States occupying a central place in guaranteeing these rights”, said Commissioner Esmeralda Arosemena de Troitiño, President of the IACHR and Rapporteur on the Rights of the Child. “This renewed commitment, which must continue through the years, needs to hear the voice of children who have the right and are increasingly interested in participating in the decisions that affect them”, she added.

The Commission notes that the United States of America is the only country that has not ratified the text of the Convention. In this regard, the IACHR takes this opportunity to urge the State to adopt measures to ratify the treaty for the benefit of more than 70 million children living in the United States.

A principal, autonomous body of the Organization of American States (OAS), the IACHR derives its mandate from the OAS Charter and the American Convention on Human Rights. The Inter-American Commission has a mandate to promote respect for and to defend human rights in the region and acts as a consultative body to the OAS in this area. The Commission is composed of seven independent members who are elected in an individual capacity by the OAS General Assembly and who do not represent their countries of origin or residence.

Source link
——————————————————————————————————

The post #deepweb | <p> 30 years after the Convention on the Rights of the Child was signed, the IACHR calls on States to renew their commitment to children – World <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | Ransomware: Still Going Strong 30 Years On

Source: National Cyber Security – Produced By Gregory Evans

Next month marks the 30th anniversary of the first ever ransomware attack, and according to new research this particular form of malware is still going strong. 

According to the “Mid-Year Threat Landscape Report” published yesterday by Bitdefender, ransomware increased 74.23% year on year in the first six months of 2019. 

Researchers noted a change in the ransomware landscape following the fall of GandCrab earlier this year. In roughly 18 months of activity, this particular piece of ransomware generated more than $2bn. 

“The fall of GandCrab, which dominated the ransomware market with a share of over 50 percent, has left a power vacuum that various spinoffs are quickly filling. This fragmentation can only mean the ransomware market will become more powerful and more resilient against combined efforts by law enforcement and the cybersecurity industry to dismantle it,” wrote researchers. 

A notable player stepping into the space left by GandCrab’s exit is Sodinokibi (aka REvil or Sodin), which has quickly gained popularity in recent ransomware campaigns, focusing on specific industry verticals. 

To help educate businesses about the threat posed by ransomware, Sophos yesterday published a report titled “How Ransomware Attacks.” In addition to detailing how the threat has evolved over the past three decades, Sophos’ report also takes an in-depth look at the largest ransomware families and highlights the most common types of attacks.

Included in the report are the characteristics and file system activity of ten ransomware variations. Alongside classics such as WannaCry, Ryuk, and SamSam, the report delves into newer strains like RobbinHood, Sodinokibi, and LockerGoga. 

While ransomware continues to wreak havoc, Bitdefender researchers identified coin-mining malware used in cryptojacking campaigns, exploits leveraging unpatched or previously unknown vulnerabilities and fileless attacks, and banking trojans as the top three threats facing businesses and consumers. 

Underlining just how serious the consequences of cyber-attacks can be, the researchers found that the European Union economy could face up to €2.5bn in financial losses, should internet infrastructures be taken offline for a single hour by IoT botnets causing DDoS attacks. The losses for an eight-hour workday reach around €20bn.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | Ransomware: Still Going Strong 30 Years On appeared first on National Cyber Security.

View full post on National Cyber Security

#deepweb | A fake movie review show just spawned one of the year’s best comedies

Source: National Cyber Security – Produced By Gregory Evans

A parody movie review show has, surprisingly enough, spawned an elaborate fictional universe spanning almost a decade. Now it’s making the jump to feature film, and there’s no sign of it losing steam.

The story of Mister America, the new mockumentary about a long-shot campaign for local office out on video on demand Friday, is a complicated one. It begins in 2011 when comedians Tim Heidecker and Gregg Turkington launched the spoof podcast On Cinema, episodes of which center around discussions of classic movies. But the amateur critics, fictional characters who share Heidecker and Turkington’s real names, supply the opposite of insightful commentary, generically declaring “it’s a classic!” before quickly wrapping up.

The gag continued as the podcast became a web series called On Cinema at the Cinema, a shabby Siskel and Ebert-type show with Tim and Gregg reviewing new releases. Once again, there’s no expertise to be found. Observations from the fumbling hosts are always either uproariously wrong or worthlessly broad, and nearly every film gets a glowing review. Both projects hilariously poke at the fact that the internet has fostered a culture of amateur creators oblivious to the uselessness of their creation and amateur commentators clueless about the very topics they’re commenting on.

But beyond being a spoof of pointless online content, On Cinema is also an examination of two pathetic, borderline psychopathic characters. Tim, an egotistical blowhard, and Gregg, a pretentious film “expert” who knows little about film, make each other miserable yet have nothing in their lives but this lousy show, meaning their constant on-screen fights and meltdowns always resolve with a return to set the following episode. The longer they continue coming back and failing to improve themselves or On Cinema, the bleaker, and funnier, it gets.

As On Cinema progresses, references to both characters’ dreary off-screen lives develop a deep mythology, and running jokes build a language for fans to use online while maintaining the charade that the show isn’t fiction. Heidecker and Turkington also further storylines with in-character tweets, essentially creating a year-round alternate reality game. Getting into the series requires patience, seeing as episodes don’t have obvious setups and punchlines. But once you start appreciating the dry humor of the hosts’ passive aggression and believably dumb remarks, there’s nothing quite like it.

Over the years, On Cinema has only grown more ambitious with numerous spin-offs, including Decker, a spy series Tim ineptly directs and stars in that subtly advances the larger story in a way that’s legitimately inventive. One edition of On Cinema, for instance, features Tim interviewing Gregg in front of a green screen for reasons that aren’t clear until Tim later that month uses the footage to insert Gregg into an episode of Decker without his permission, prompting yet another gut-busting squabble in a gag that takes weeks to show its true form. The wildest spin-off of all, though, came in 2017 when Tim faced murder charges in On Cinema‘s ninth season, the latest in a nutty sequence of soap opera level plot turns, and Adult Swim actually streamed a five-hour, surprisingly realistic trial.

This helped launch Mister America, the new mockumentary which follows Tim as he runs for district attorney to exact vengeance upon the prosector who charged him. Shot in a mind-boggling three days, it’s quite small in scale, and like On Cinema itself, it’s not so much about traditional setups and punchlines as it is about stewing in delusion and subtle stupidity; scenes often consist of little more than Tim dictating a nonsensical press release between burps or bloviating about Martin Luther King Jr. While unlikely to have much wide appeal, for On Cinema devotees, it’s a riot.

In a testament to how sprawling On Cinema has become, Mister America pulls from jokes that originated not only in the web series but on Decker, the murder trial, and even the comedians’ social media, where the election storyline unfolded last year. Naturally, it’s hard to imagine key scenes registering with newcomers. But when, for instance, Gregg speaks about Sully in an interview, it gets a huge laugh from those who realize the subtext: he’s only doing so to get in a petty dig at Tim as part of an argument they’ve had, primarily on Twitter, dating back years. When Tim watches Mister America and hears everything Gregg said, not to mention sees everything else he instructed the fictional director not to include, he’ll surely freak out on On Cinema, which is currently in the middle of a new season. This kind of slow burn multimedia storytelling is the series at its very best.

Mister America isn’t any sort of a masterpiece, to be sure; it’s limited by its tiny budget and isn’t as effective of a political satire as it could have been, especially seeing as a final monologue attempting to make a broader point feels at odds with the way the story actually played out. But it’s still consistently funny, and as a small piece of the larger project, it delivers.

This is in contrast to Between Two Ferns: The Movie, another spin-off of a web series about a terrible talk show. With that film, it was clear there had been little thought previously paid to the world the sketch occupies or who its central character is outside of the show, and so the struggle to turn it into a 90-minute feature was palpable. That Mister America, in contrast, feels like a natural evolution of everything that’s been cooking since 2011 is a testament to Heidecker and Turkington’s brilliant creation. It sounds strange to say about a silly spoof, but On Cinema has become a genuinely rich comedic world, and even after all this time, its creators are still finding new ways to expand it.

Want more essential commentary and analysis like this delivered straight to your inbox? Sign up for The Week’s “Today’s best articles” newsletter here.

Source link
——————————————————————————————————

The post #deepweb | <p> A fake movie review show just spawned one of the year’s best comedies <p> appeared first on National Cyber Security.

View full post on National Cyber Security

How #AI will underpin #cyber security in the next few #years

Source: National Cyber Security News

Cyber security risks are growing in complexity and volume, but artificial intelligence techniques can help businesses track and fight them in real time

Cyber criminals continue to launch increasingly sophisticated and devastating attacks on industrial, business and financial organisations around the world – and the damage from such crime could reach $6tn by 2021, according to a report from Cybersecurity Ventures.

It has become clear that organisations cannot simply rely on manpower and human interaction to fight off cyber attacks. Not only is it time-consuming for employees to spot potential threats, but it is also challenging to come up with security technologies to prevent them. So there are fears that businesses will continue to fall victim to hackers.

As a result, organisations are being forced to consider new ways to boost their cyber defences. Whether it is implementing new cloud strategies or big data analytics, many companies are showing that they can think outside the box when it comes to modernising their IT security defences.

But artificial intelligence (AI) is emerging as the frontrunner in the battle against cyber crime. With autonomous systems, businesses are in a far better place to strengthen and reinforce cyber security strategies.

Read More….

advertisement:

View full post on National Cyber Security Ventures

7 New Year’s #Cybersecurity #Resolutions for #Everyone

Source: National Cyber Security – Produced By Gregory Evans

With less than two weeks left on the 2017 calendar, I’ve started to think about life after the holidays and what personal resolve I will need to accomplish some of my goals for next year.

For me, this entails a lot of dedication and discipline as I train for a spring marathon. But I know that’s not for everyone, and in order for our resolutions to be successful, they need to be reasonable and achievable. And while I put a lot of focus on running, I also wholeheartedly believe there are certain things in all our lives that can be changed for the better without a whole lot of effort.

Take cybersecurity for example. Even the biggest technophobes among us can up their game with some reasonable resolutions that will make things like using your credit card or shopping online safer and more secure.

There are some terrific websites out there that offer good advice and information about online safety, like “Stop. Think. Connect” for example. But before you hop over to that site, check out my seven cybersecurity resolutions for everyone to consider adding to their own lists:

1. I Will Be Security-Aware
Being security-aware means that you understand that there are people out there who will deliberately (or even by accident) steal or misuse your personal information. Awareness is the first step. Next comes education and diligence around cybersecurity.

Here’s an easy step: sign up for text and email alerts to get informed about important activity on your bank and credit card accounts. If you’ve misplaced your wallet, you can easily shut off your cards on your accounts’ apps. (I can say from personal experience doing this can give you peace of mind until you finally find your wallet under the driver’s seat of your car.)

2. I Will Stop at the Autofilling Station for Online Shoppers
Online shopping will get a little safer and easier with the latest Android platform “Oreo” due to its expanded autofill framework. For example, Oreo will allow you to recognize credit card forms and addresses, and if you’ve got that information stored in your LastPass vault, we’ll safely fill that up for you.

3. I Will Only Visit Secure, Trustworthy Websites
You don’t need to be a security expert to know if you are on a safe, legitimate website. Simply check the URL to confirm there’s an “s” after “http” at the beginning (like this post’s URL).

By the way, that “s” stands for “secure”. When you’re on your local Starbucks’ or any airport’s Wi-Fi network, you aren’t on a secure connection so reconsider shopping on Amazon Prime until you get home.

4. I Will Treat My Passwords with Kindness and Let Them Thrive
Treat your passwords like you treat your child. They all thrive with discipline, structure and love. For starters, stop leaving your passwords defenseless against cybercriminals because you’ve made them simple and easy to guess, or over-exposed through reuse on multiple websites. Break the cycle with a simple password management tool that will generate strong and unique passwords for every account, change them as often as you like (or as it advises), and keep them locked up tight.

5. I Will Keep My Devices and Applications Updated
When Apple, Microsoft or Google strongly encourage you to apply the latest mobile or laptop operating system update (e.g. Apple iOS, Windows) because of a security vulnerability, they aren’t kidding around. Update it. Or just set it to happen when you’re sleeping.

The inconvenience of managing your software updates is significantly dwarfed by the ever so inconvenient identity theft. Check the settings on your laptops, tablets, and smartphones to manage automatic updates to apps, software, and operating systems. Don’t forget your browsers while you’re at it. They’re a gateway to everything important on your machine. And don’t drag your heels like the folks at Equifax. Earlier this year they neglected to patch a known vulnerability which led to a massive breach of personal data belonging to 146 million people.

6. I Will Not Overshare on Social Media
I was on a popular social site the other day to check out my niece’s new profile. I sent her a link to a photo of her house on Google Earth and noted that anyone could do the same because her home address was public. (I’m subtle like that.)

Check your settings on Facebook, LinkedIn and any other social media site you use. Make sure your personal email address, phone numbers, addresses, and birthdate are only visible to you. (And maybe keep ‘em locked up in a password vault while you’re at it.) All cybercriminals need is a few bits of information about you to put together the rest of the puzzle.

7. I Will Stay Motivated to Meet My Resolutions
Be realistic when setting any of your goals. They should be attainable, not out of reach. Give yourself a reasonable timeline to meet your resolutions, and celebrate milestones along the way. If you don’t lose those 10 pounds by the end of January, fend off the shame and guilt, and keep at it.

So let those passwords of yours thrive. They’re fat-free.

The post 7 New Year’s #Cybersecurity #Resolutions for #Everyone appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cyber #hackers target #Spain’s top #court as Catalonia’s #leader is #threatened with 30 years in prison if he declares #independence

Source: National Cyber Security – Produced By Gregory Evans

Cyber #hackers target #Spain’s top #court as Catalonia’s #leader is #threatened with 30 years in prison if he declares #independence

Spain’s most senior court fell victim to a massive cyber attack as hackers launched an “Operation Free Catalonia” campaign.

The country’s constitutional court said unknown hackers had accessed its computer systems on Friday.

The Spanish National Security Department said the hack was part of a recent campaign to flood government websites with slogans in support of independence for the Spanish region of Catalonia.

Social media groups linked to cyber hacking group Anonymous said they would roll out action as part of “Operation Free Catalonia”.

Meanwhile, Spanish attorney general José Manuel Maza is reportedly preparing to have Carles Puigdemont – president of Catalonia and figurehead of the independence movement – arrested for rebellion.

El Pais reported Puigdemont faces a charge of sedition, punishable by up to 30 years in prison, if he formally declares independence or tries to change the Spanish constitution.

It comes after the regional leaders of Catalonia – including Barcelona – held an independence referendum earlier this month on whether to break away from the rest of Spain.

The separatists claimed victory with a majority of more than 2million votes, but the ballot was declared illegal by the government in Madrid .

There were allegations of police brutality as officers used force to break up pro-independence rallies and close polling stations.

Spain’s Prime Minister Mariano Rajoy on Saturday said he would curb the powers of the parliament of Catalonia, sack its government and call an election within six months in a bid to thwart the independence movement.

It came after Puigdemont failed to meet a deadline to withdraw the threat of a declaration of independence, instead accusing Madrid of refusing to negotiate.

“If the government continues to impede dialogue and continues with the repression, the Catalan parliament could proceed, if it is considered opportune, to vote on a formal declaration of independence,” Puigdemont said in a letter to the Prime Minister.

He also said after the referendum: “At this historic moment… I call for the right for Catalonia to independent and form a republic.”

The Prime Minister responded in parliament on Wednesday: “It’s not that difficult to reply to the question: has Catalonia declared independence?

“Because if it has, the government is obliged to act in one way, and if it has not, we can talk here.”

The measures to curb Catalonia’s autonomy and hold fresh elections must now be approved by Spain’s upper house, the Senate, where a vote is scheduled for October 27.

King Felipe used a prize-giving ceremony in the north-western region of Asturias to indicate support for the government.

The king, normally a ceremonial figure, said: “Catalonia is and will remain an essential part. Spain needs to face up to an unacceptable secession attempt on its national territory, which it will resolve through its legitimate democratic institutions.”

The post Cyber #hackers target #Spain’s top #court as Catalonia’s #leader is #threatened with 30 years in prison if he declares #independence appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures