Daily Archives: November 18, 2019

Americans Fed Up With Lack of Data Privacy

Source: National Cyber Security – Produced By Gregory Evans

Eight out of every 10 US adults are worried over their inability to control how data about them is used, a new Pew Research survey shows.

The majority of American citizens believe that they are pervasively monitored and that their data is regularly collected and used in concerning ways that they cannot control and don’t fully understand, according to a new Pew Research Center study.

The report, based on a nationally representative panel of randomly selected US adults, shows that 62% of Americans feel they cannot prevent companies from collecting data on their activities, while 63% feel the same about government data collection.

Roughly eight out of every 10 Americans say they have very little or no control over how companies use their data, but are very concerned about how companies are using it. The vast majority conclude that the risks of data collection outweigh the benefits, the study found. 

“Clearly this survey adds up to a portrait of distress and a willingness to hear about policy options,” says Lee Rainie, director of Internet and technology research at the Pew Research Center. “The panoramic picture it paints is a society that is not happy … they are concerned. They don’t feel that they have control. They don’t think the benefits outweigh the risks anymore.”

The survey comes a year-and-a-half after the discovery that Cambridge Analytic used data from Facebook to create profiles on Americans to help the Trump campaign target ads against susceptible groups of Americans, and six years after Edward Snowden, a former contractor for the National Security Agency, leaked documents on the surveillance efforts of US intelligence agencies.

American feel that they have not benefited from the data economy and they don’t trust the companies who collect their data, according to the Pew report.

“[L]arge shares are worried about the amount of information that entities, like social media companies or advertisers, have about them,” the report said. “At the same time, Americans feel as if they have little to no control over what information is being gathered and are not sold on the benefits that this type of data collection brings to their life.”

Different segments of Americans have differing thresholds for gauging what is acceptable data use. Almost half — 49% — of American find it acceptable that the government collects data on people to determine if they pose a terrorist threat, while only 25% think it’s okay for a smart-speaker manufacturer to give law enforcement access to recording for law enforcement  

Overall, however, Americans appear to think that companies have not delivered on the trust given to them. 

Consumers “don’t know how to intervene in the system to make it work better,” says Pew’s Rainie. “They don’t think that the companies who collect the data are good stewards of the data.”

Who Reads Those Privacy Notices?

The current system of turning every data relationship between a consumer and a company into a contractual exchange where the customer purportedly reads a notice of how the company intends to use the data and consents to those terms has largely failed, according to the Pew data. While more than half of respondents (57%) encounter a privacy notice at least every week, only one in five (22%) claim they read the notices all the way through before agreeing.

Pew’s Rainie believes that people are likely exaggerating their diligence. “We don’t fact check, so the way we read that (the 22% data point) is that is a high-water mark,” he says. “The overview answer is: A lot of people admit that they don’t read the policies. A third do not read them at all.”

Perhaps, unsurprisingly, Americans are open to new approaches to privacy and data-protection laws. Currently, 63% of those surveyed do not understand current privacy laws, but three-quarters (75%) say that companies should be more regulated than they are now.

However, in potentially good news for companies, more people are in favor of better tools to manage data collection (55%) than are in favor of legislation.

But because citizens do not seem to have the same opinions over where the privacy lines should be drawn, policies continue to be difficult to form, Rainie says. 

“The policymakers would love to know where are the right lines — what seems legitimate to some people is not legitimate to others … The fact that Americans’ view of privacy ends up as a conditional set of judgements makes it hard to say, for every circumstance, this is where the line is. These data do not give that kind of clarity.”

Related Content

Check out The Edge, Dark Reading’s new section for features, threat data, and in-depth perspectives. Today’s top story: “How Medical Device Vendors Hold Healthcare Security for Ransom.’

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT’s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline … View Full Bio

More Insights

Source link

The post Americans Fed Up With Lack of Data Privacy appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof

#infosec | Hacked Disney+ Accounts on Sale for $1

Source: National Cyber Security – Produced By Gregory Evans

Disney’s new video-on-demand streaming service has been compromised within a week of its being launched, with hacked Disney+ accounts offered for sale online for just $1. 

According to The Daily Dot, the hugely popular Disney+ service, which amassed over 10 million subscribers on its first day alone, was targeted by threat actors from the get-go. 

Within hours of the service going live on November 12, Disney+ users began posting messages on Twitter and Reddit stating that their accounts had been compromised. Some users complained of being locked out of pre-paid accounts after receiving alerts that account information, including their password and contact details, had been changed.

Other service users reported finding strange names and profiles linked to their account after logging in. The mystery account users appeared next to avatars of users’ family members. 

Exacerbating the problem is the fact that the Disney+ service has been set up in just the manner you’d expect from a company that pedals the idea of “happily ever after.” For each account, connection to a maximum of ten devices is permitted, and there is currently no way to remove any devices that have been connected. 

Disney+ accounts were on sale for as little as $1 a month on hacking websites, including cracked.to, within a few hours of the streaming service going live. Annual subscriptions were being touted for just $3. 

The new video-on-demand streaming service is not alone in this whole new world of hackers and thieves. Other services, including Netflix, Hulu, HBO Now, and CBS All Access, have been targeted by hackers.

A common ruse used by threat actors is to send a fake email to a streaming service subscriber warning them that their account has been locked. The subscriber is then asked to supply their account information and credit card details. 

After successfully phishing this information from the subscriber, the threat actor can then log in to the account and change the password, blocking the legitimate user from accessing the hacked account.

To prevent their account from being hacked, subscribers to any video streaming service are advised never to answer suspicious emails relating to their account and never to share their login information over email.


#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity

Source link

The post #infosec | Hacked Disney+ Accounts on Sale for $1 appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof

#deepweb | Disney+ accounts being sold on dark web marketplaces

Source: National Cyber Security – Produced By Gregory Evans

If you like to watch movies and TV series online then you should know what Disney+ is but for those who don’t, Disney+ is a video-on-demand streaming service owned by Walt Disney. The service was launched last week on November 12th, 2019.

However, word on the Internet is that hackers have been selling thousands of stolen Disney+ accounts on hacking forums and dark web marketplaces for merely $3 to $7.

See: On Dark Web, Your Facebook ID is worth $5.20 & Gmail ID just $1

Some users have confirmed the issue on Twitter with screenshots of suspicious activities on their accounts including changing of username and password ultimately blocking them from logging in on Disney+.

Furthermore, Disney+ users on Reddit have also complained about suspicious activity on their accounts. One of the users going by the online handle of u/astrapeach said that:

Someone had logged into my account and didn’t change the email address. So I changed my password back pretty quick and they ended up making a profile on my account. I deleted the profile, I guess my question is my card is on the account I can’t remove my card. When you get Disney subscription you have to enter CVV and since they don’t have it can anything happen?

It is worth noting that Disney+ got a massive reception from fans upon its launch. Despite service disruption, the service registered 10 million subscribers on its first day which is positive for the company but also puts it in the list of companies where user data is at risk. Currently, Facebook, Netflix, and Amazon are topping the list.

Source: Twitter

Source link

The post #deepweb | <p> Disney+ accounts being sold on dark web marketplaces <p> appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof

#cyberfraud | #cybercriminals | Cybersecurity Starts With People (Tony Spurlin Commentary) | Arkansas Business News

Source: National Cyber Security – Produced By Gregory Evans

We were unable to send the article.

Every few months we hear about a data breach affecting millions of people. This summer, it was Capital One and some 100 million Americans whose data was collected. Cyberattacks — breaches, denial-of-service attacks, ransomware, phishing and others — are far more numerous in the United States than elsewhere, and increasingly, it’s small and midsize businesses that are the intended targets.

Cybersecurity for small business is a deliverable. The discussion begins with misconceptions around vulnerability, the nature of cybercrime agents, and the liability businesses may face.

Misconception No. 1: My data (or the data I access) isn’t that valuable.

Begin with the premise that all data is valuable. Most companies have client and customer business data that, if compromised, would hurt trust and future business. Do an assessment of data on hand — collected, filed, accessed and transmitted — and inventory it, giving weight to its sensitivity.

Misconception No. 2: Cyber-attacks arrive without anyone’s permission or knowledge.

Attacks occur over all internet connections, but increasingly they start with correspondence. Phishing — and vishing and smishing — is a request for access requiring an initial response. Spear phishing communications ostensibly come from customers or contacts, and they’re very convincing.

The first line of defense is choosing to train staff. Employees should be shown what phishing scams and other opening gambits look like.

Misconception No. 3: Cybersecurity is an advanced technology game.

Robust online security begins with people. True, the average IT specialist can’t write effective antivirus software any more than the average driver builds her own car. Security is best approached as a mix of technology solutions and staff training, along with clear policies and protocols guiding company culture.

Training should emphasize small security thresholds employees can meet at any time:

  • Use strong passphrases and multistep authentication.
  • Limit access to data or systems to staff who need it to perform core duties.
  • Keep a clean machine — clearly promulgate acceptable (if any) internet downloads.
  • Communicate — with supervisors, colleagues, professional associates. Not talking about security is a security risk.

Misconception No. 4: Digital and physical security are altogether separate matters.

Talk about unauthorized physical access to hardware or sensitive assets. Is a staff member where he shouldn’t be, acting suspiciously?

Just as crimes often happen within friend groups and family members, business data security may be breached internally just as it would externally.

Cybersecurity for small business begins by empowering employees to have a stake in it.

Misconception No. 5: Outsourcing to a vendor washes a company’s hands of liability.

It’s true a vendor may be liable, but any business or corporation itself has a legal, not to mention an ethical, responsibility to demonstrate cybersecurity awareness and protect data.

Put data-sharing agreements in place with vendors and have a trusted lawyer review them. Speak with an insurance expert to adequately cover your investment in the event of an attack.

Finally, don’t rest on compliance with “industry standards” when it comes to business data security. Aim for thoughtful, dedicated security, and an incident recovery plan. The National Institute of Standards & Technology’s Cybersecurity Framework is robust.

Misconception No. 6: Cybersecurity is a big investment, and a drag to boot!

One of the pennywise commitments offices small and big can undertake is simply to automate updates. Having the latest software, web browser and operating system protects against viruses and malware. It’s free and effortless.

All of this doesn’t have to be a drag! Security can precipitate upgrades in blazing fast speeds and amazing technologies. Optical fiber internet is powering immersive new workplace experiences, such as near-instantaneous file uploads, and virtual and augmented reality training. Unified Communications as a Service platforms — next-generation VoIP — allow employees to host virtual meetings and conduct business outside the office.

Tony Spurlin is a vice president at Windstream and chief security officer. Email him at [email protected]

Source link

The post #cyberfraud | #cybercriminals | Cybersecurity Starts With People (Tony Spurlin Commentary) | Arkansas Business News appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof