Monthly Archives: December 2019

#cyberfraud | #cybercriminals | What You Need to Know

Source: National Cyber Security – Produced By Gregory Evans

Guest Contribution by Harold Kilpatrick, PR Consultancy

A recent study showed that 66% of consumers had made an online purchase as a result of marketing campaigns. But most don’t even need research to know how useful email marketing can be. Between extensive reach, low cost, and fantastic flexibility, few things beat the ROI of email marketing.

But this type of marketing isn’t without risks both to you and your customers. Here are the key things you need to know about email marketing and security.

Understand the Risks

Each time you send an email, it creates a potential portal for hackers and malware. When you market on a large scale, it magnifies the risk exponentially. Some of the many threats in email marketing include:

  • Scams
  • Spoofing
  • Malware
  • Phishing

Scams

Emails scams are about as old as emails themselves. Everyone has seen countless examples of it every day. And scams are bad news for email marketers. They harm consumer trust and result in your emails ending up in the spam folder.

To fight this, you need to take steps to make sure your emails are as authentic and relevant as possible. Use personal names and other ways to establish a bond with customers.

Likewise, you need to recognize scam replies to your marketing campaigns. Cybercriminals often penetrate the email accounts of unsuspecting victims. They then use these to launch a wide variety of attacks. Companies need to recognize suspicious user activity and handle it appropriately.

Spoofs

Spoofs are forgeries that make emails appear as if they come from a company or brand rather than a cybercriminal. In some cases, cybercriminals may create realistic imitations of actual brands. They even go as far as to create an identical copy of a landing page that the company uses.

They can use it to gain access to login credentials and payment information. Spoofing can harm your brand identity. You don’t want to become associated with cyber criminals or the variety of issues they create.

Malware

Malware includes spyware, adware, keyloggers, ransomware, and more. Different types of malware can shut down your marketing campaign. Malware is bad news. And hackers know how to disguise it. It may be an innocent-looking link or download. Whatever it is, you need to take precautions against it.

Phishing

Phishing attacks hit consumers hard. Victims often fall for intelligent social engineering techniques. And these enable criminals to steal consumer personal and financial data. But these attacks also impact businesses.

Cybercriminals can pretend to be customers or other interested parties. They gradually learn enough information, like the answers to account recovery questions. Once they hijack these login credentials, they can disrupt your business.

In the worst-case scenario, they may impersonate corporate banks or credit card companies. They then use this information not only to defraud you but also target customers on your email marketing list.

Protect Your Email Campaigns and Your Company

It’s never too soon to start getting serious about email marketing security. Here’s a list of some essential tips that you need to implement right now.

1) Encrypt Emails

Companies often send emails that include sensitive customer information. For example, customer addresses, phone numbers, the last four digits of credit cards, and more. You should use encryption on all emails between you and your customers and business contacts. That way, they’re unreadable to anybody other than the intended recipient.

2) Verify Your Email List

It’s not the size of your email list; it’s the quality of it. You need to make sure everybody on it is still the customers who signed up. Often, inactive accounts are significant targets for hackers. They then use this as a base of operation for a massive range of cybercrimes.

3) Use a VPN

When you send an email, the data enters the world wide web where unauthorized parties can intercept it. You can reduce such risks by sending emails over virtual private networks (VPNs). When you connect to a secure VPN server (https://nordvpn.com/servers/), your ISP, hackers, and other prying eyes can’t track your internet activity. It enhances your privacy and security.

4) Enable Firewalls and Other Security Tools

There are many free or inexpensive security tools right in front of you. Email firewalls can filter emails with attached malware and other problematic materials. Antivirus software can scan for viruses, worms, and Trojan horses on your email client before you ever download anything.

5) Educate Employees, Coworkers, and Customers

Finally, you need to create a culture of cybersecurity in your workplace. Train employees on how to recognize potential threats, how to avoid them, and what they should do if they suspect a computer virus or other dangers. Also, make sure your customers are aware of cyber threats and scams that imitate your brand.

Achieve Greater Email Security

Email marketing is an incredible tool for businesses. But companies need to be smart and start adopting safer practices. Not only will it protect them but also prevent email clients from flagging their emails for being suspicious or containing a possible threat. This type of security-based approach is a win for everybody but the cybercriminals.

Source link

The post #cyberfraud | #cybercriminals | What You Need to Know appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#cyberfraud | #cybercriminals | Here’s What Trump’s Appointees Achieved in 2019

Source: National Cyber Security – Produced By Gregory Evans

Photo courtesy Wikimedia commons.

In 2019, the Trump administration issued 44 executive orders, signed 94 bills into law and finalized more than three thousand new rules. One hundred judges were confirmed to the federal bench, the most of any year in Trump’s term. Simply put, it was a busy year in Washington.

But there were dozens of stories that flew under the radar—policy changes and personnel sagas, norms eroded and scores settled—that captured the essence of what happened in the marrow of Trump’s government. Often, these stories ran in parallel to the glitzier headlines that consumed Washington (SharpieGate, anyone?). But even as the Ukraine scandal unfolded and impeachment became a certainty, the Trump administration was leaving its mark on policy and government agencies in ways that often went unnoticed, and yet are likely to affect Washingtonians and the country for generations.

A Cabinet secretary held in contempt of court. A labor office whose staff plummeted by 10 percent. Thousands of citizen children facing eviction. A lot happened this year that was easy to miss. Luckily, we were watching the news closely, too. The result is a year-end diary of the company town—a catalogue of the large and small-scale changes that have situated Washington in the age of Trump in 2019.

Housing and Urban Development.

Most overlooked: HUD forgets Puerto Rico. HUD issued disaster relief notices for all eighteen states and territories except one: Puerto Rico, still reeling from Hurricane Maria. The omission seemed like an oversight, until HUD officials acknowledged that the delay was intentional. Two years after Maria, Puerto Rico (whose residents are U.S. citizens) has received about a third of the funds Congress allocated for recovery.

Most WTF: Ben Carson’s “Oreo” faux pas. The Internet came down harshly on HUD Secretary Ben Carson for mishearing “Oreo” instead of “REO” during a hearing. More disconcerting was Carson’s acknowledgement he didn’t know the meaning of REO—a policy that refers to houses owned by HUD. (The program is described on HUD’s web page.)

Most consequential: Civil rights protections rolled back. The administration moved to make it harder to prove housing discrimination, adding new hurdles for plaintiffs and affording more leeway to landlords and insurers. Fair housing groups warned the new test makes it “virtually impossible” to challenge discrimination.

Honorable mention: Bad news for transgender homeless. HUD reversed Obama-era guidelines, granting homeless shelters the ability to turn away transgender persons on religious or other grounds. Explaining the move to staff, Carson reportedly complained about “big, hairy men” descending on women’s shelters. He later doubled down on the comments.

Statistic of the year: Thousands of children facing eviction. A proposal to rescind housing aid for undocumented immigrants would incidentally evict up to 55,000 children—all of whom are citizens or of legal status, but live with an undocumented family member.

Finance, Treasury and Wall Street.

Least Noticed: Trump loosens the Volcker Rule. The Volcker Rule, adopted after the Great Recession, prevented banks from using capital for proprietary trading. This year, opponents like Goldman Sachs got a “big win” when regulatory agencies voted to ease Volcker’s requirements on banks—eliminating the most stringent requirements and replacing them with the lighter standards of less-capitalized banks.

Most WTF: CFPB tells CFPB to drop dead. Lawyers for the Consumer Financial Protection Bureau asked the Supreme Court to let the agency essentially abolish itself. The request follows a pattern of self-sabotage in 2019. Under director Mick Mulvaney, the agency began instructing consumers not to trust the CFPB’s data. It also advanced measures to unshackle private debt collectors, sanctioning an array of aggressive tactics that experts warn will absolve collectors of fraudulent and misleading behavior.

Most consequential: Banks stop planning for the worst. The Federal Reserve moved to loosen a Dodd-Frank rule designed to avoid another taxpayer-funded bailout, by requiring large banks to prepare a detailed plan for an emergency meltdown once a year. The relaxed rule allows banks to pass the test with plans that are four years old.

Honorable mention: Tax law faces reality. 2019 was the year economists concluded the $1.5 trillion tax overhaul signed in 2017 didn’t pay for itself. In year one, government revenues fell by $83 billion while the economy grew at the same rate as 2015.

Statistic of the year: IRS forfeits $34 billion. A study found that cuts to staff and resources at the IRS allowed public companies to escape paying $34 billion in taxes.

Commerce Department.

Least Noticed: Ross’s rolling ethics fiasco. Commerce Secretary Wilbur Ross was found not to have divested from personal assets until later than promised—including up to $50 million of stock that appreciated seven-fold—prompting an ethics office not to certify Ross’s financial disclosure report. Experts say they still don’t know whether Ross has actually divested; one former official says “a million red lights are going off that there is something odd here.”

Most WTF: Commerce dragoons the weather. After Trump used a sharpie to edit a hurricane map, Ross threatened to fire two officials at the National Oceanic and Atmospheric Administration if they contradicted the President. (Commerce denies the charge.)

Most consequential: Politicizing the Census. The White House had planned this year to finalize a citizenship question on the Census that would swing electoral power to Republican districts. But the Commerce Department’s apolitical rationale for the move was skewered by a federal judge and the Supreme Court, which provisionally blocked the question. Trump vowed to find the citizenship data elsewhere. Describing the Census roller coaster, lawyer and author Josh Matz told Washingtonian, “On a scale of one to ten, measuring the sheer insanity of the administration’s legal arguments…this registered around 11.”

Honorable mention: The secretary’s emails. The Washington Post obtained emails in which Ross was conducting official Commerce business on a personal email account, prompting an investigation. Ross told the Post, “These hysterical, baseless allegations of illegal activity are without merit.”

Labor policy.

Least Noticed: Apprenticeships get privatized. The Department of Labor moved to undercut the federal apprenticeship program. Since the New Deal, the program has ensured apprentices get actual on-the-job training and other benefits, preventing scams in the vocational sectors. The administration has devised a deregulated, “industry-led” program with few safeguards, inspiring opposition from 150 lawmakers.

Most WTF: HR gets religious. The administration proposed to allow hiring and firing on religious grounds for some contractors. Critics have called the rule “taxpayer-funded discrimination”—which is at least half accurate, since it will cost taxpayers $20,325,900.

Most consequential: 3 million lose out on overtime. The Labor Department released long-awaited rules about overtime pay, amending a policy first adopted in the Obama era. Between administrations, the new number of workers eligible to receive overtime was downgraded by 3 million people.

Honorable mention: Civil rights enforcement at historic low. The Equal Employment Opportunity Commission has launched the fewest probes into civil rights complaints in nearly a decade.

Statistic of the year: NLRB hemorrhages staff. After years of decline, the National Labor Relations Board saw its staff abruptly fall by nearly 200 personnel since 2017—ten percent of its total—prompting lawmakers to call for reversing the shortfall.

Veterans and the service branches.

Least Noticed: Navy shuts down climate research. The Navy’s Task Force Climate Change was quietly shut down in March, a move one retired Rear Admiral called “suspicious.” Although the Navy succeeded in shutting down the task force, they forgot to shut down the link: The web portal still redirects to a page that is blank—headlined, perhaps appropriately, “Climate Change Fact Sheets.”

Most WTF: Military getaways at Trump resort. The U.S military spent nearly $200,000 during roughly three dozen stays at a Trump-owned resort in Scotland since 2017.

Most consequential: Immigration policies fall on service members. As the White House advanced a wave of hardline immigration policies, one of 2019’s most persistent themes was how often they fell on the armed service branches.

Honorable mention: Trump intervenes in war crimes case. After Tweeting his support for Edward Gallagher, a Navy Chief Petty Officer charged with murder, Trump personally intervened in the case to reverse the Navy’s punishment, an extraordinary step. The imbroglio led to the firing of Navy Secretary Richard Spencer, who warned that Trump’s move sent the message that “you can get away with things.”

Statistic of the year: Transgender troops shut out. The Pentagon’s ban on transgender troops went into effect. The order could impact as many as 6,000 troops estimated to be on active duty.

Education.

Most overlooked: DeVos slapped with contempt ruling. A federal judge ordered Education Secretary Betsy DeVos to stop collecting on student loans from a fraudulent for-profit college—but she didn’t, continuing to garnish wages of students victimized by the fraud. The judge held DeVos in contempt, ordering her to pay back the students. The department now admits in court they underreported the number of targeted students by almost thirty thousand.

Most WTF: Diversity office mysteriously ransacked. An Education staffer found her office in disarray, her African figurines missing heads and limbs, and a framed civil-rights era poster of a black schoolgirl shattered on the floor. The staffer had recently been tasked with conducting diversity training. A department investigation suggested the artwork fell off the well.

Most consequential: For-profit colleges off the hook. In June, DeVos repealed a signature Obama-era rule that protected students from fraudulent for-profit colleges, by requiring proof that their degrees result in gainful employment for graduates.

Honorable mention: Accreditation weakened. The rules that guide how educational institutions gain their accredited status, and who accredits them, underwent a major rewrite this year, with some experts calling it “the largest unraveling in history of rules that guide accreditation.”

Health care.

Most overlooked: Congress deletes Obamacare. Senators thought they were tinkering with the Affordable Care Act when they lowered the bill’s individual mandate penalty to $0. Instead, a federal judge in Texas ruled the zero-dollar provision made the entire law unconstitutional. This year, a federal appeals court agreed, though it remanded the case with the goal of salvaging parts of the law. If upheld, the ruling—almost certain to reach the Supreme Court—will cost 17 million Americans their health insurance.

Most WTF: Medicaid Chief cadges for Ivanka bling. Medicaid and Medicare chief Seema Verma requested $47,000 in taxpayer-funded reimbursements for stolen jewelry and other items—including a pendant from the Ivanka Trump jewelry line made of gold, diamonds and prasiolite, which Verma reported was worth $5,900.

Most consequential: Women’s healthcare dealt a blow. The White House found a new cudgel in its salvo on Planned Parenthood: Title X, the popular program that provides non-abortion health screenings for poor and uninsured women. A new White House policy rescinded Title X dollars for clinics that provide abortion referrals. The rule has already resulted in a loss of health funds for more than 850 clinics—as well as Planned Parenthood, which had covered 40 percent of Title X recipients, including the entire state of Utah.

Statistic of the year: Uninsured grows to record number. The number of Americans without health insurance reached a three-year high in 2019.

State Department.

Most overlooked: Staffers punished for being “disloyal.” Long before Marie Yovanovitch, State Department officials suffered MAGA-touting supervisors from hell. An investigation found Trump appointees “frequently berated employees,” calling career staff “traitors” and “disloyal,” and one employee removed after they raised concerns about the partisan atmosphere.

Most WTF: Trump staffer fudges resume. Mina Chang, a deputy assistant secretary, falsified details on her résumé—including that she graduated from Harvard Business School and a program at the Naval War College—and photoshopped herself onto a cover of TIME Magazine that appeared in an online video.

Most consequential: Gaping vacancies. More than a fifth of key offices are still vacant in the State Department as Trump enters the final year of his term—including a quarter of ambassadorships. There is no Senate-confirmed ambassador to Pakistan or Brazil, nor undersecretaries for four of the ten highest offices at Foggy Bottom. Other arms of foreign policy are similarly understaffed: at USAID, about half of top positions remain vacant.

Honorable mention: Underwriting harassment of journalists. A State Department program that counteracts foreign propaganda itself funded an online group known to harass American reporters and academics with exaggerations and falsehoods. Following the revelation, the program’s funding was frozen.

DHS and immigration policy.

Most overlooked: Trump’s never-disclosed immigration directive. The year was rocked by controversial immigration policies. But some experts are beginning to believe there may be immigration policies the White House never published and kept hidden from public review. A little-noticed lawsuit this year in D.C. alleges that asylum seekers abruptly saw their “credible fear” tests—the first hurdle to apply for asylum—mysteriously denied at rates that skyrocketed from 3% to a staggering ninety percent. The lawsuit alleges that confidential rules may be the cause—such as rejecting a refugee before the interview is over, or holding multiple interviews to provoke inconsistencies—and that the changes were hidden from Congress.

Most WTF: DHS gets idea from “Orange Is The New Black.” ICE shut down a toll-free legal aid hotline for detained migrants, two weeks after it was conspicuously featured on the show Orange Is The New Black.

Most consequential: Making life miserable for legal immigrants. When the White House announced its public charge rule—denying green cards based on applicants’ need for public services—it was only the culmination of a year marked by similar efforts to make legal immigration more difficult at nearly every stage. Efforts included:

Honorable mention: Extending family detention. The administration pushed forward on plans to detain immigrant parents and children indefinitely. (The pending program has been blocked in court.)

Source: MPI analysis of WRAPS data from the State Department, Bureau of Population, Refugees, and Migration.

Statistic of the year: Muslim versus Christian refugees. The share of Muslim refugees admitted has been cut by more than half. During the same period, the share of Christians increased to nearly 80 percent.

EPA and climate change.

Most overlooked: Censoring science. The EPA advanced rules that require scientific datasets to be publicly revealed—a poison pill, essentially, to winnow down the types of reputable scientific input that EPA staff can use to draft policy. Opponents say the rule resembles the tobacco industry efforts to stanch research.

The administration has trailblazed similar “back-end” techniques to restrict science—“drastically” restricting the range of evidence used to regulate Mercury, for instance, and artificially limiting computer climate models. They’ve also zeroed in on scientists, replacing EPA experts and academics with industry advocates, ignoring advisory panels, and generally making life torturous for career staff. This year, three separate scientists—from the Agriculture Department, National Park Service and Centers for Disease Control—each came forward with similar stories of scientists being punished for researching climate change. One scientist told the New York Times: “It reminds me of the Soviet Union.”

Most WTF: Crickets at the Weather Service. The administration has inexplicably declined to fill positions at the National Weather Service—a growing bête noire of some Trump activists, who have argued for privatizing weather prediction. There have been more than 400 vacancies reported.

Most consequential: A wave of new rules. The White House has advanced a barrage of deregulatory policies this year. In 2019, the Trump administration:

Honorable mention: Wall Street buries environmental infractions. The Securities and Exchange Commission plans to allow companies to report fewer environmental penalties to the investing public. The SEC would let companies decide which penalties are relevant, while raising the reporting standard threefold—though the SEC is considering relaxing the standard by as much as ten times that amount.

Statistic of the year: A study this year found 9,700 more Americans died due to air pollution in 2018 than in 2016, due in part to regulatory changes.

Energy policy.

Most overlooked: DOE’s stall strategy. The Senate found the Department of Energy has missed legal deadlines for 25 energy efficiency standards mandated by Congress.

Most WTF: Trump’s dishwasher obsession. The conservative activist pushing for a DOE rule to bring back inefficient dishwashers—a rollback so excessive even manufacturers oppose it—is 24-year-old Daniel Savickas, who really doesn’t like his dishwasher. “The dishwasher in my apartment is absolute garbage,” Savickas complained to the New York Times. “I have to run cycles multiple times.”

Most consequential: Coal plants get a power-up. A proposal changes how electricity is priced on the energy grid, boosting profits for coal plants and some nuclear facilities.

Honorable mention: Lightbulb prospects go dim. The White House officially killed a rule this month in order to roll back efficiency standards for light bulbs. The reversal is estimated to cost $14 billion for consumers and add 38 million tons of CO2 per year into the atmosphere.

Agriculture.

Most overlooked: Crackdown on food benefits. The administration is moving to prevent states from offering more generous food subsidies, known as SNAP benefits. Thirty-nine states would have to cut SNAP beneficiaries.

Most WTF: Relocation scheme backfires. The Agriculture Department announced a controversial plan to relocate two science and economic offices out of DC—moves Mick Mulvaney privately suggested were aimed at obliterating the divisions. But the scheme has not exactly gone as planned: So many staffers opted to resign in protest that the department has had to offer temp work to retirees around the DC area.

Source: Politco/Patterson Clark, USDA ARS

Most consequential: Clamping down on climate research. A Politico investigation found the Agriculture Department wouldn’t publicize dozens of studies on the effects of climate change, such as nutrient runoff in the Mississippi, decompensation of rice crops, and longer allergy seasons.

Honorable mention: Slashing pork, literally. A new policy successfully curtailed health inspections in pork slaughterhouses, allowing companies to inspect themselves. Two whistleblowers have come forward to caution that unsafe pork is reaching supermarkets, warning that “the consumer is being duped.”

Statistic of the year: Corporate welfare for farms. Trump promised that a $6 billion aid package to farmers—compensation for the effects of trade policies—would make small farms the “big beneficiaries.” An analysis instead found that the richest 10% of industrial farms received 50% of the aid package.

Interior Department and federal lands.

Most overlooked: Parks Service broke the law. A government watchdog found the Interior Department broke the law during the government shutdown, when it used funds from park coffers to keep national parks open, presumably to blunt political fallout.

Most WTF: Interior shuts out oversight. After an allegedly “aggressive and unprofessional” phone call from a House Appropriations staffer, officials at the Interior Department suspended department-funded oversight trips. It’s not clear what, exactly, got the Interior officials so upset. House staffers said the tiff was “concocted” to “stymie the House’s critical oversight work.”

Most consequential: Anti-public lands activist guards public lands. A longtime opponent of public lands policy, William Perry Pendley, was picked to lead the Bureau of Land Management, where he is tasked with overseeing the government’s 245 million acres. Pendley has proposed selling off almost all federally-owned lands.

Honorable mention: Secretary lasts a week before investigations. Less than a week after being confirmed by the Senate, Interior Secretary David Bernhardt became subject of an internal investigation over alleged ethics violations, which included intervening to halt a report about pesticide impacts on endangered species. (A report cleared Bernhardt of legal wrongdoing while acknowledging the intervention was “unusual.”)

Statistic of the year: New BLM down to skeleton crew. The BLM’s effort to relocate its headquarters to Colorado has found few takers: At last count, just two employees have made the move. Bureau staffers expect major losses, including career staff who manage of hazardous materials and oil and gas development.

Ethics and the rule of law.

Most overlooked: ‘Acting’ nation. The administration announced a new rule allowing itself to promote agency officials without authorization from a permanent director—a move that normalizes the unprecedented number of “acting” directors throughout the federal government.

Most WTF: Federal Elections Commission becomes powerless. After losing its final voting voting member for a quorum, the FEC is essentially paralyzed before the 2020 elections. A commissioner told Washingtonian the loss is a “broader strategy to try to reduce the impact of this agency.”

Most consequential: Murder on Fifth Avenue goes from fantasy to legal argument. Donald Trump’s personal lawyer told a federal judge that the president is immune from criminal prosecution in office under any circumstances—even shooting someone on Fifth Avenue, as Trump once boasted during his campaign. The legal argument, which will likely reach the Supreme Court, goes to the heart of the doctrine marshaled by the Trump administration in its arguments of absolute immunity, including its blanket refusal to comply with subpoenas in the House impeachment investigation.

Honorable mention. Trump-appointed ethics office: Fire Conway. Several administration officials have been found in violation of the Hatch Act, the law that prevents overt political activity in public office. They include Lynne Patton, a HUD official, and Kellyanne Conway—who violated the law so many times that the Office of Special Counsel urged the White House to remove her, writing that her actions “erode the principal foundation of our democratic system—the rule of law.”

Statistics of the year: Three-way tie.

    • Lobbyists in the Cabinet. Trump has set a record for former lobbyists in a presidential Cabinet in under three years.
    • IRS boosts dark money. The IRS advanced guidelines to allow groups like the NRA, ACLU, Chamber of Commerce and labor unions to omit the names of large donors from tax forms.
    • Unqualified judges. The Trump administration has set a new record for nominating the most judges to receive an “unqualified” rating from the American Bar Association.

Bonus: From the ‘Why We’re Here’ Department.

In October, the Washington Post reported the following news:

A multiyear State Department probe of emails that were sent to former secretary of state Hillary Clinton’s private computer server concluded there was no systemic or deliberate mishandling of classified information by department employees, according to a report submitted to Congress this month.

The report appears to represent a final and anticlimactic chapter in a controversy that overshadowed the 2016 presidential campaign and exposed Clinton to fierce criticism that she later cited as a major factor in her loss to President Trump.”

Benjamin Wofford

Staff Writer

Benjamin Wofford is a staff writer at Washingtonian.

Source link

The post #cyberfraud | #cybercriminals | Here’s What Trump’s Appointees Achieved in 2019 appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#cyberfraud | #cybercriminals | Many ups and downs for Karnataka Police this year- The New Indian Express

Source: National Cyber Security – Produced By Gregory Evans

Express News Service

The year 2019 saw many ups and downs for the State Police. Early into the year the police faced severe embarrassment when one senior officer complained against another for illegally tapping his phone calls and soon the issue snowballed into a major political slug-fest. A public debate ensued over the invasion of privacy of citizens. The case was handed over to the CBI and is still under investigation. While the law will no doubt take its course, police would do well to strictly adhere to the letter and spirit of regulations for surveillance.

The state police, however, did commendable work in handling the severe flood situation in many parts of the state. This disaster was managed superbly with minimum loss of lives. Similarly police were able to maintain public order effectively.

Though the State remained free from serious public order incidents till the end of the year, violent protests against the CAA erupted in some parts of the State. Mangaluru police had to open fire to quell a riotous mob in which two were killed. Compared to their counterparts elsewhere,Karnataka police exhibited restraint and tact while handling these protests and prevented escalation of tensions, loss of lives and public property.

The State police left no stone unturned to see the elections to the Lok Sabha passed off peacefully. They also handled the byelections to the State Assembly in a fair and objective manner.Compared to 2018, there wasn’t a perceptible change in the security scenario in Karnataka in 2019. The State remained free from any terrorist incident. The arrest of a suspected terrorist

Habibur Rahman in Doddaballapur by the NIA reinforced the belief that many sleeper cells for various terror outfits have made Karnataka their home and there is a need to be extremely, vigilant. Naxal activities were also dormant in the year.

The IMA scam didn’t portray the State police in good light. The fact that the investigating agency, the CBI, has sought permission of the Government to prosecute certain officers has been a big embarrassment to police.

If the police and other officials had been alert to this scam and had warned public to be careful, hundreds of poor and middle class citizens would not have lost their hard earned money.

Such Ponzi scams have been taking place in the State at regular intervals and police have a duty to educate citizens to be wary of such get-rich-quick schemes and take action against the cheats quickly and effectively.

Bangalore City Police came for a lot of praise when they unearthed the KPL cricket betting scam and arrested half a dozen persons allegedly involved in this.In so far as the offences against lives and properties, the total number of cases under the Indian Penal Code did not show any perceptible increase during 2019.

The nature of crimes has changed with increase in cyber crimes. With an average of 1,000 cyber cases being registered every month, police officers would do well to sensitize the general public as to how to avoid becoming victims of cyber crime.

With the geometrical increase in the number of vehicles on our roads, fatal motor accidents have also increased. On an average, 10,000 persons lose their lives in the State annually due to motor accidents.
With the recent amendments to the Motor Vehicles Act, especially with respect to drunken driving, it is hoped that the fatalities would decrease in 2020.

The partial acceptance of Auradkar Committee Report by the Government in 2019 has no doubt brought some cheer to the cops in the State. What is needed is regular recruitment to all ranks of police and periodical capacity building to make Karnataka Police more citizen-centric.

D V GURUPRASAD
Director General of Police
(Retired)

Source link

The post #cyberfraud | #cybercriminals | Many ups and downs for Karnataka Police this year- The New Indian Express appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#cyberfraud | #cybercriminals | Purcell column: Don’t take cyber scammers’ bait in 2020

Source: National Cyber Security – Produced By Gregory Evans

One of 2019’s biggest stories will be bigger in 2020: Cyber scams are on the rise.

“As people increasingly conduct business and live their lives online, more and more criminals are leveraging the internet to steal,” reports Forbes’ Stu Sjouwerman.

The dirty rotten scammers continue to evolve, too, targeting businesses, government organizations and individuals alike with increasingly sophisticated schemes.

One is ransomware — malicious software that blocks access to computers until money is paid.

Scammers also send phony “phishing” emails — often spoofing emails from big retailers — with fraudulent links or attachments that, when clicked, give scammers unfettered access to computer users’ data.

Google “ransomware attack” and you’ll see a sizable list of big companies and entire cities that have been completely shut down by scammers.

They also spoof text messages. Apparently from reputable companies, such as banks, these messages trick individuals into revealing passwords or credit card numbers.

Scammers continue to succeed with the good old telephone, too. I received a call this year from a man claiming he was from the Social Security Administration, who told me my account was blocked and he would help me reactivate it.

Aware that Social Security never makes phone calls (unless you’re having a legitimate conversation with it), I knew what the scammer was after: my full name, birthdate, address and Social Security number.

I asked him how he could sleep at night, knowing he was hurting innocent people. He cussed at me and hung up.

The greatest worry about scammers is that elderly people are especially at risk. They’re more trusting of callers from government agencies and more likely to fall for one especially mendacious tax scam.

Using phishing techniques, scammers access data on a taxpayer’s computer, then use that stolen information to file a fraudulent tax return in the taxpayer’s name and have the refund — often larger than is actually owed — deposited into the taxpayer’s actual bank account.

According to Intuit, the scammers then “contact their victims, telling them the money was mistakenly deposited into their accounts and asking them to return it.”

Many victims, fearful of the IRS, readily comply.

According to Pew Research, Americans view cybercrime as their greatest security concern. But what are government agencies doing to combat it?

Not enough.

Americans are often victimized by scammers operating from elsewhere in the world. How can the bad guys be tracked down and forced to make amends?

Nation-states are often behind sophisticated attacks on organizations. Russian-financed scammers are actively targeting our utilities, election systems and other systems.

Creating new laws and agencies to combat cybercrime is a daunting challenge. Cybersecurity bills passed by the U.S. House move slowly through the Senate. Even if the Senate passes them and the president signs them, regulators could take months to draft and implement actual policies. Scammers aren’t bogged down by such bureaucratic processes.

What it comes down to is that every individual must learn to detect and avoid cyber scams. The Department of Homeland Security has helpful info at https://www.dhs.gov/stopthinkconnect-cyber-tips.

Always verify that an email, text or link is legitimate before you click. Always be suspicious — because that’s the only way that cyber scams won’t be an even bigger story in the new year.

Copyright 2019 Tom Purcell. Tom Purcell, author of “Misadventures of a 1970’s Childhood,” a humorous memoir available at amazon.com, is a Pittsburgh Tribune-Review humor columnist and is nationally syndicated exclusively by Cagle Cartoons Inc. For info on using this column in your publication or website, contact [email protected] or call (805) 969-2829. Send comments to Tom at [email protected]

Source link

The post #cyberfraud | #cybercriminals | Purcell column: Don’t take cyber scammers’ bait in 2020 appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#nationalcybersecuritymonth | Tech 2019: Our biggest technology stories

Source: National Cyber Security – Produced By Gregory Evans

As 2019 splutters to a close, it’s time for our annual lookback at our most-read tech stories, and to ask: “What happened next?”.

Facebook and its family of apps dominates this year’s list with four entries – it probably won’t be a surprise that none of them were particularly brand-enhancing.

The Chinese viral video app TikTok makes the cut for the first time. And many of the other “big tech” names are there too in one form or another.

But there are a few notable exceptions. Neither Elon Musk nor Tesla made it, despite the window-smashing launch of the Cybertruck and plans to hack our brains. Google’s co-founders were originally on the list after deciding to give up day-to-day control of their empire, but were squeezed out just before publication.

Video gaming also missed out, even though Prince Harry attracted lots of attention for suggesting Fortnite should be banned.

And both Huawei and Samsung are absent, even though the former’s loss of Google’s apps and the latter’s folding phone fiasco were two of the year’s standout developments.

In any case, here’s what attracted most eyeballs in each month of the year:

January: When three becomes one

Image copyright
Getty Images

A leak forced Facebook to reveal plans to merge the behind-the-scenes tech of messaging on WhatsApp, Messenger and Instagram. The effort was reported to be a pet project of chief executive Mark Zuckerberg.

He later justified the move saying it would draw the three products closer together, making it easier for users to send posts between them. Furthermore, he said it would also help the firm expand its end-to-end encryption features, which help keep the messages secure.

Many observers noted, however, the action would also make it more difficult to split the company apart. And as the year went on that became a growing threat, with first Senator Elizabeth Warren and then other Democratic presidential candidates suggesting Facebook has too much power and influence.

But it may not take a change of administration for Mr Zuckerberg’s ambitions to be thwarted. The Wall Street Journal recently reported that the Federal Trade Commission may intervene to prevent the apps being integrated.

February: Don’t be scared

Social media, the mainstream news and even the police all got in a tizzy over Momo for no good reason in February. It was claimed that youngsters’ social media accounts were being “hacked” to show the bulging-eyed monster alongside “challenges” that would put their lives at risk.

Online articles followed, linking more than 100 teenagers’ deaths in Russia to the sensation. Except, of course, there was no evidence to back up any of this.

This was not even the first time an image of the Japanese bird-woman sculpture had gone viral. There had been a similar smaller-scale scare in 2018 when the “game” had been linked to deaths in South America and India – again without any documented proof.

Pundits described it as a “panic [that] won’t go away”. Except it did.

These days a search for Momo on Twitter turns up ads for masks of the ghoul, but little else.

And on TikTok the hashtag #momochallenge surfaces videos of people cooking and eating small dumplings that go by the same name in parts of Asia.

March: Turn it off and on again

Image copyright
Getty Images

Facebook’s family of apps experienced 14 hours of disruption, in what was billed as their “most severe outage” to date.

In many cases, users were unable to access the services at all over the period. And it took the firm about another 10 hours to give itself the all-clear, at which point it tweeted that a “server configuration change” had been to blame.

That allowed it to deny suggestions that it had been hacked, while remaining suitably vague about the actual cause.

April: How did they get in?

Image copyright
Getty Images

Cyber-security experts despaired after a study indicated that the most popular online password was “123456”.

The UK’s National Cyber Security Centre’s finding came with a warning that the string of digits is not only easy to guess, but would be one of the first codes tested by automated hacking tools.

The public is advised to instead register a different complex login for each service they join, and use a password manager. But the hassle involved in having to copy and paste them in each time, has encouraged the adoption of biometric tests that automate the process if users pass a face, eyes or fingerprint ID check.

Another alternative is to log in via another platform and let it do the heavy lifting. And in September, Apple joined the party when it allowed users to access third-party apps via a new Sign In With Apple button, mirroring earlier efforts by Google, Facebook and Twitter.

May: WhatsApp cracked

Image copyright
Getty Images

When WhatsApp confirmed that a vulnerability in its app had been exploited to install surveillance software on victims’ phones, one of the immediate questions was how widespread the attack had been.

It took until October to get some clarification, at which point Facebook said it believed about 1,400 of its users had been directly compromised. It added that they included “at least 100 human rights defenders, journalists and other members of civil society” across at least 20 countries.

The tech firm alleges NSO Group, an Israeli private security firm, is responsible and is currently suing it in the US courts. NSO disputes the claim and has said it will “vigorously fight” the case.

Whatever the outcome, the affair highlighted that if an attacker can load spyware onto a target’s phone or other device, end-to-end encryption and other security measures may be in vain.

June: The death of Etika

Image copyright
Etika/YouTube

Brooklyn-based Desmond “Etika” Amofah had a large online following, thanks to his quick wit and Nintendo video-game reaction videos on YouTube and Twitch. But in mid-June he caused concern when he posted a clip in which he discussed suicide. Days later the New York City Police Department confirmed he had killed himself.

Several of his friends and colleagues have since taken steps to memorialise him. An online store sells goods branded with his logo, and donates its profits to the National Alliance on Mental Illness. YouTuber PewDiePie also teamed up with actor Jack Black to raise further funds for the charity in Etika’s name.

Others have marked the tragedy by getting themed tattoos. A still active Twitter account – @Etika – was created to keep his memory alive. And last month, a large mural was unveiled in Brooklyn featuring the gamer’s face alongside a pair of Nintendo Switch controllers.

Most recently, YouTube faced complaints for not referencing the late creator in its Rewind recap of the year. “No one should be surprised that YouTube still doesn’t understand its platform,” posted one frustrated user.

In any case, Etika’s claim in his final video that “this world’s gonna forget me” shows no sign of coming true any time soon.

If you’ve been affected by a mental health issue, help and support is available. Visit BBC Action Line for more information about support services.

July: Photo glitches

Image copyright
Getty Images

Further technical problems at Facebook HQ prevented users being able to upload new photos and videos to its apps, and in some cases prevented existing ones being viewable. The disruption lasted for about nine hours.

Facebook never really explained the cause, beyond saying it had been triggered by a maintenance operation.

Other smaller glitches persisted throughout the year, including intermittent outages in the US on Thanksgiving.

But given that it now serves more than 2.4 billion users who log into at least one of its services once a month, it is a considerable feat of engineering to keep everything ticking along.

August: iPhone booby traps

Image copyright
Getty Images

Studies indicate that Apple’s mobile devices face fewer serious cyber-security threats than Android-powered equivalents. So when Google revealed that hackers were using booby-trapped websites to exploit previously unidentified flaws in iOS, potentially affecting “thousands of visitors per week”, it was big news.

Google added that compromised handsets made it possible for the perpetrators to steal private messages, photos and location data in real-time.

For days there was speculation about who might have been exposed. Apple eventually released a statement saying it believed that fewer than a dozen websites focused on “content related to the Uighur community” had been affected. Many took this to suggest that the Chinese state was involved. However, Apple did not explicitly draw this conclusion itself, which was unsurprising given its ties to the country.

This was not Apple’s only Uighur-related controversy this year. The campaign group Sum of Us has repeatedly claimed that the firm’s willingness to comply with a Chinese ban on virtual private network (VPN) apps has made it harder for civil rights defenders to safely discuss claims of abuses against the ethnic minority. The organisation now plans to raise the matter at Apple’s next annual shareholders’ meeting.

September: More cameras

Media playback is unsupported on your device

Media captionWATCH: Taking a slowfie with the iPhone 11

The iPhone 11 range got more cameras, longer-lasting batteries and a new “pro” moniker for the top-of-the-range models. But there was no 5G – despite Samsung, Huawei and other rivals having already launched compatible smartphones. And whispers that Apple chief executive Tim Cook might be ready to unveil an augmented reality headset accessory, proved to be unfounded.

Market watchers have since reported the iPhones sold better than they expected – particularly in the US and Western Europe.

And there is now talk of 2020 being the year of an “iPhone supercycle” thanks to an expected revamped design along with the introduction of 5G.

October: Jedi wars

Image copyright
Getty Images/Reuters

Amazon – and many outsiders – thought it had the strongest bid for a high-profile contract to provide the Pentagon with cloud computing and artificial intelligence services. So there were shockwaves when Satya Nadella’s Microsoft clinched the so-called Jedi deal instead. It could be worth as much as $10bn (£7.7bn) over time.

Not only was this a big sum to miss out on, but Microsoft’s marketing team should also find it easier to pitch the firm’s Azure services to other government departments and private companies as a consequence. This could put Amazon Web Services’ current status as the market leader under strain.

Amazon is challenging the award, claiming that President Trump pressured the Department of Defense into rejecting its bid because of a personal vendetta against its chief executive Jeff Bezos.

All of this could all have ramifications for the 2020 presidential election. Regulation of big tech is already on the agenda, and Amazon could make a tempting target for Mr Trump during the campaign.

But if Mr Bezos believes the Republican leader’s re-election could threaten his business, his status as one of the world’s richest men and the owner of the Washington Post could make him a formidable foe.

November: The eyes have it

Media playback is unsupported on your device

Media captionWATCH: Feroza Aziz rejects TikTok’s explanations for blocking her from its app

At the start of the year, TikTok was fairly obscure beyond its core teenage audience. These days it is one of the most talked about apps. It has launched one meme after another, and earned a reputation as being one of the most joyous places to be on the internet. But there are also concerns about it being Chinese-owned.

Matters came to a head last month when an American teenager posted a video that started off like an eyelash beauty tutorial. But creator Feroza Aziz quickly changed tack to criticise China’s treatment of the Uighurs.

Her clip went viral. Shortly afterwards, the 17-year-old discovered she had been blocked from posting new material. And soon after that, TikTok took the clip offline.

Then the social network reversed course. It put back the clip, blaming the removal on a “human moderation error”. And it re-established Ms Aziz’s access, saying that she had been locked out because of unrelated past behaviour.

The app insisted that there had been no attempt to suppress criticism of the Chinese government’s actions, but Ms Aziz was not convinced.

She has continued to flag concern about the Uighurs. And in her latest “skin care” video also raises awareness about India’s controversial citizenship law, which offers illegal immigrants from nearby countries amnesty but only if they are non-Muslims – something she claims is “immoral”. For whatever reason, the post has attracted far more views on Twitter and Instagram than the copy posted to TikTok.

Meanwhile, TikTok bosses are reportedly looking for a new global headquarters outside of China to help reinforce their claims to autonomy. But the app’s owner Bytedance has denied rumours that it might sell off the division to give it true independence.

December: Age of the Splinternet?

Image copyright
Sasha Mordovets

It’s been a long while since the internet was a free-for-all, in which governments had little ability to restrict what their citizens did online. Even so, Russia’s announcement that it had successfully tested what it terms a “sovereign internet” still felt like a significant moment.

The initiative involves forcing all web traffic through special nodes – a term for network connection points – where content can be filtered to remove what is deemed to be risky material. Furthermore, the intention is that in an “emergency” all data from outside the country could be blocked and the Runet – a term for the Russian internet – isolated.

The achievement is described in the state media as a way to protect domestic companies and government bodies from cyber-attacks. But human rights campaigners warn that once the effort is up and running, the Kremlin may also use it to limit Russian people’s access to “undesirable” information.

In doing so, the Russian government would be following the path of its counterparts in China, Saudi Arabia and Iran, which all censor dissenting voices.

And it would be following a wider trend. The US-based Freedom House digital rights group has warned that global internet freedom declined for a ninth consecutive year in 2019. Beyond Russia, it highlighted Kazakhstan, Sudan and Brazil as examples of places where digital surveillance, targeted cyber-attacks and/or online disinformation campaigns were cause for concern.

We should hear more about Russia’s effort once President Putin has had a chance to examine the results of the tests, and decides how to proceed. For now, a Kremlin spokesman has denied it has any intention of “cutting the internet” up into separate parts.

Source link

The post #nationalcybersecuritymonth | Tech 2019: Our biggest technology stories appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#cybersecurity | hacker | UK New Year Honours list mistakenly doxes honorees

Source: National Cyber Security – Produced By Gregory Evans


The 1,000-plus New Year Honours 2020 recipients in the UK received a doxing in addition to the acknowledgement of their good deeds by the Cabinet Office.

The annual
list of those honored for their activity in the arts, science, medicine, sport
or government had not only their names published as is the normal custom, but
also mistakenly their home and work addresses and postal codes, reported the BBC. The list
of honorees
was posted on December 28 and included those ranging from Elton
John, to cricketer Ben Stokes, former Conservative Party leader Iain Duncan
Smith along with many lesser-known figures such as senior police officers.

“A
version of the New Year Honours 2020 list was published in error which
contained recipients’ addresses. The information was removed as soon as
possible,” the spokesman said,” the Evening Standard reported.

The government
has reported the incident to its own Information Commissioner’s Office for
further investigation.





Next post in Privacy & Compliance News and Analysis

Original Source link

The post #cybersecurity | hacker | UK New Year Honours list mistakenly doxes honorees appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#nationalcybersecuritymonth | 4 easy cybersecurity rules for technophobes

Source: National Cyber Security – Produced By Gregory Evans

Having your data exposed in a breach feels inevitable, so securing your information online is a must. But with terms like VPN, SSO and HTTPS being bandied about, it’s hard to know where to start.

It’s true, there are many, many steps you could take to improve your security — some involving acronyms — but experts say a few basics will help a lot.

“It can seem overwhelming, but it’s really not,” says Kelvin Coleman, executive director of the National Cyber Security Alliance. “Low-hanging fruit can be very, very effective in keeping you safe.”

These simple habits will protect you against some of the most common threats to your personal and financial data, such as identity theft.

1. Update your devices

“Security software is quite effective against known malware,” says Curtis Dukes, executive vice president of the Center for Internet Security. That’s because engineers are constantly creating new versions in response to current threats.

Your computer and mobile devices likely have security software built into their operating systems, and they should notify you of updates automatically. The pop-ups might feel intrusive, but they’re there to protect you.

So you should resist the urge to delay updates. “I wish I could lobby to have that ‘or later’ button deleted,” Coleman says.

2. Use secure passwords (and helpful password services)

“Unfortunately, a significant number of people still use 123456 and password1,” as well as other easy-to-guess login credentials, Coleman says. If you reuse the same password, it’s easy for criminals who’ve hacked one of your accounts to access others.

If you’re not interested in designing and remembering complicated passwords for all of your approximately 500 online accounts, Dukes recommends a password manager — consider 1Password or LastPass — that can suggest and store them for you.

Also read: 5 easy steps to better online security

Erin Shepley, Cybersecurity Awareness Month Lead for the Department of Homeland Security, also suggests using multifactor authentication on your most important accounts, such as your email and bank logins. This process requires you to approve a sign-in on a separate device — such as your phone — making it easier to detect and foil unauthorized logins. If your account offers it, the option is typically available under security settings. (Google calls it “two-step verification.”)

“If it takes more time for the malicious actor, they’ll move on to someone who doesn’t have that in place,” Shepley says.

3. Be wary of public Wi-Fi

You’ve heard it before, but “public wireless ‘hot spots’ are just that, public,” Dukes says. Information you transmit on them — including credit card data or logins — can be intercepted by a hacker on the same network. Networks without passwords, such as the ones you’ll find at some airports or hotels, are especially risky.

Related: Here’s the worst mistake people make that compromises their online security

Not only that, but criminals might spoof a legitimate access point. It’s always smart to confirm you have the correct network name before you use it, according to the DHS.

If you really must do sensitive tasks — such as shopping or checking your bank balance — outside of your home network, using your own personal hot spot is safer than public Wi-Fi. And always make sure the URLs you’re using for these tasks begin with “https://,” Shepley says.

4. Don’t fall for phishing scams

It’s not new, but criminals still do it because it works: They contact you, claiming to be someone — maybe someone you know — who needs your financial data, Social Security number or other personal information. They can then use this data to access your accounts.

“Phishing is still the threat vector of choice,” Shepley says. “They prey upon the human nature in people.”

See: 4 costly scams targeting older people that you should know about — but probably don’t

It’s not always easy to tell a legitimate message from a scam, but if you’re being asked for money, login credentials or other personal data, you should verify the message before responding. For example, if you receive an email purporting to be from your bank, the DHS recommends calling your bank for confirmation on a phone number you’ve googled; don’t click any links within the suspicious email.

Safety doesn’t have to be complicated

Once you’ve mastered these steps, you can absolutely take further action to lock down your online presence. You might even be inspired to set up a VPN, or virtual private network, a service that can create a secure connection on a public network.

But the good news is that simple changes — like using unique passwords — can go far in keeping you safe online. “It won’t save you every time. But … it’s better to have it than not have it,” Coleman says.

More from NerdWallet:

Source link

The post #nationalcybersecuritymonth | 4 easy cybersecurity rules for technophobes appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#cyberfraud | #cybercriminals | Inside the mind of the online scammer

Source: National Cyber Security – Produced By Gregory Evans

When Dame Helen Mirren revealed she had been the victim of a “humiliating” scam on the press junket for her latest movie (in which, coincidentally, she also plays the victim of a hoax), it highlighted how everyone needs to be on their guard against fraudsters. Even members of the royal family are not immune, as was illustrated when Prince Charles was dragged into a major counterfeit art scandal. But what motives scammers, other than greed? I believe the answer can be gleaned by investigating why humans lie in the first place.

Online fraudsters carry out a sophisticated and well-planned array of deceiving strategies to con people. These include romance scams in which the victim is enticed to contribute cash to foster a fake romantic relationship, fraudulent lotteries, prize draws, sweepstake games and auction sites. Substantial winnings are offered if the victim can send in some cash.

The fraudsters are constantly building better mousetraps in order to lure in increasingly sophisticated mice. For example, scams are being personalised to the victim by including references to familiar people or by targeting the victim’s occupation.

What’s behind the deception?

Scams are carried out using almost untraceable methods, so the criminals are often unknown, despite concerted efforts by law enforcement to identify and prosecute them. But the knowledge from several disciplines (ethology, social psychology and criminology) can help us to understand them.

Deception to ensure survival

Ethologists study animal behaviour. They have observed that species, including humans, have developed a complex means of deceiving their prey in order to ensure their survival. For example, ethologists have identified complex forms of deceptions in other species, such as the jumping spider, which uses behavioural and chemical mimicry. This allows them to coexist with ants and feed on them. This is regarded as comparable to humans engaging in embezzlement by which they use their privileged access to resources and reputation for illegally extracting finances from other people.

Altruistic lies?

Social psychologists have found that when humans lie for altruistic purposes or advancement of the group, the lie is often praised rather than denigrated. For example, even young children (aged between five and seven) show a willingness to tell “white lies” in order to make others feel better. Meanwhile other research shows that adults perceive lying that benefits others (because sometimes the truth hurts) as more “ethical” than honest statements.

Typical and serious lies

Social psychological research shows that lying is part of normal life. Frequently, people tell everyday lies that are rather benign. Most of these lies are self-serving, but many are designed to benefit others.

People most often tell “serious lies” to their closest relationship partners. They tell serious lies in order to avoid punishment, protect themselves from confrontation, appear a highly desirable person, to protect others and also to hurt their partner. Common serious lies tend to involve affairs and taking money from others without their knowledge.

Liars, fraudsters and corruption

Frauds represent a complex array of deceptive behaviour that originates in species and arises, in part, from some of the typical motivations for deception. It is, of course, a criminal activity that is well understood by criminologists. Most criminals are typically male and have parents with criminal records, delinquent peer friends, arrests at a young age and come from poor areas with higher crime rates.

Today’s most common online scams are often carried out by people from poor countries. These countries and their government officials are generally regarded as corrupt by international corruption indexes. Such corruption conveys the message that deception is a desirable strategy. Poverty combined with high corruption contributes to a heightened motivation to deceive others for survival.

The criminals in question tend to have traits of psychopathic and antisocial personality disorders. Research has investigated illegal downloading and hacking in adolescents from 30 countries. It was found that “cyber deviance” was mostly carried out by males and by people who experienced “school disorganisation” (stealing and vandalism) and “neighbourhood disorganisation” (having untrustworthy or criminal neighbours).

These “cyber deviants” tend to have elevated cognitive ability and, of course, have access to computers and technology. This type of fraud is often well planned and the fraudsters employ a range of deceptive tactics.

The FBI’s Operation reWired targeted business email compromise (BEC) scammers.
FBI/Twitter

The law tries to keep these criminals at bay. In September 2019, Operation reWired in the US succeeded in prosecuting 281 email scammers from several countries.

But the large numbers of fraudsters who combine deceptive and complex strategies make it extremely difficult to keep these crimes under control. So an understanding of how their minds work and their modus operandi is vital if one is to avoid becoming a victim.

Source link

The post #cyberfraud | #cybercriminals | Inside the mind of the online scammer appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#nationalcybersecuritymonth | Applied Cybersecurity Club wins National Collegiate Penetration Testing Competition for 3rd consecutive year

Source: National Cyber Security – Produced By Gregory Evans

A six-person team from Stanford’s Applied Cybersecurity club placed first for the third straight year at the annual National Collegiate Penetration Testing Competition (CPTC) last month. 

Since it began competing in CPTC in 2017, the team has won first place every year. The fast-growing club — which turned a basement server room closet into its club space — attributes its success to its members’ dedication to training for the competition, equipping themselves with the necessary technical skills, and the communication and bond that the team shares. 

The team includes Colleen Dai ’20, Anna Zeng ’20, Pierce Lowary ’21, Jack Cable ’22, Michaela Murray ’22 and fourth-year physics Ph.D. student Will DeRocco. They first competed in a regional competition in October, where they won first place and were one of the 10 teams out of 60 collegiate teams internationally to go to nationals. The team then flew out to the three-day national competition held in Rochester, New York, starting on Nov. 22. 

The CPTC competition is meant to teach students how to behave like real-world penetration testing consultants, as though a team were hired to perform a penetration test on a pseudo-company’s network and system.

In penetration testing, a team looks for vulnerabilities within the system, trying to exploit applications or services they are given. This year, the competition also included a physical ATM and an interactive voice recording system for teams to hack into. 

Teams receive a copy — the entire domain(s), IP addresses, sites that make up the system, and a virtual environment — and conduct penetration testing on these systems for the first two days. They submit a report and presentation by 2 a.m. on the second night, and they deliver presentations the next day, judged based on accuracy and thoroughness. 

During the regional competition, the Stanford team found two “zero-days,” vulnerabilities previously unknown to the creator that have no security patch. By reconstructing some of the systems and hosting them in their lab at Stanford, the team members found a SQL injection attack, which allowed them to look at the database, as well as a path traversal vulnerability that allowed them to gain administrator access to the database. While the team was initially uncertain about its chances of winning because there were twice as many teams competing this year, due to its zero-day findings, the team became more confident in their chances, according to Dai. 

In 2017, the first time Stanford competed in CPTC, its team had two of the three females present at the entire competition. At that time, it was a shock to most people, and the Stanford team was known as the team with females, according to two people on the team that year. That year, team members described being faced with sexism. One judge, a tech executive, implied that the only reason women are needed in cybersecurity is that they’re “empathetic,” according to three members of the team who were present.

“What made a super big impression on me and even make me question my interest in security was the ratio I saw when I first did CPTC —  it was three girls among 60 people in the competition, two of which were from Stanford,” said Dai, who later founded Women in Applied Security at Stanford. “It was just a very big shock, and I didn’t expect it to be that bad.”

“We’ve seen the gender gap close in the past three years, which is really inspiring and makes me feel like we can do something about this disparity,” she added.

Additionally, because the winning team from Stanford has had a large proportion of women these past few years, Dai and Zeng said they have heard that their team’s gender diversity has encouraged other teams to be more diverse.

Almost all team members in the past three years came into the club with little to no experience with cybersecurity, and through participating in the club, doing practices and asking people for help, they were ready for the competition. 

“It’s definitely learnable, and one of our goals is to make security more accessible to people,” Zeng said. 

Members come from all different majors ranging from computer science and physics to English, and some go on to complete security internships and pursue careers in cybersecurity. As new members make up the majority of the CPTC team each year, the club is actively integrating interested new members through workshops and speaker events. 

The club also has several active projects such as writing ita own metasploit modules, reversing malware, developing the Stanford Bug Bounty Program (where students hack Stanford websites like Axess to win money) and testing Stanford RFID card scanners. The club is also currently preparing for the Collegiate Cyber Defense Competition (CCDC), which happens in spring. 

Contact Jennifer He at jenhe ‘at’ stanford.edu.

Source link

The post #nationalcybersecuritymonth | Applied Cybersecurity Club wins National Collegiate Penetration Testing Competition for 3rd consecutive year appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#cyberfraud | #cybercriminals | SunLive – NZ losing millions from cyber crimes

Source: National Cyber Security – Produced By Gregory Evans

Potentially the biggest tech issue New Zealanders will confront this year, will be the growing impact of fake news and an inability to discern real from fake, says NZTech chief executive Graeme Muller says.

With massive increases in scams and phishing, criminals are benefiting from Kiwis’ cyber ambivalence, stealing more than $3.8 million in the last quarter alone.

“We know anti-vaxxers in the United States were bombarding the Samoan government’s website claiming the vaccination was the cause of the measles epidemic.

“Then there was the recent survey of New Zealanders that found many consider urban myths to be real. A staggering 46 per cent surveyed, still consider 5G radio waves will be harmful to humans, even after the Prime Minister’s chief science advisor published an analysis of the scientific evidence to the contrary.

“The scale and reach of social media makes it so easy to propagate opinions, as if they are facts. We are all naturally prone to confirmation bias, which is when we subconsciously cherry-pick information that reinforces our opinions,” says Graeme.

“Unfortunately, this is the ideal combination for fake news to thrive. Add the ability to produce deep fakes; video footage that is created by artificial neural networks to look real and you can no longer really believe anything you read, see or hear. So, where does that leave us?

“New Zealand may be targeted for testing in the latest wave of tech-enabled social engineering, ahead of the 2020 election. How will people know what they are reading, hearing or viewing is true?

“Could this present an opportunity for media to collaborate and create some form of trust mark – only publishing news that they can guarantee is real? Or will capitalism win and we are fed whatever is found on social media, or from US media giants.

“If that isn’t bad enough, last week CERT NZ, the government agency responsible for tracking cybersecurity issues, reported that yet again, the previous quarter reached an all-time high.”

“Cybersecurity and trust are critical enablers of a successful digital nation and these disturbing trends further reinforce why the successful delivery of the digital technology curriculum at all schools for students in years one to ten starting next January is essential.

Source link

The post #cyberfraud | #cybercriminals | SunLive – NZ losing millions from cyber crimes appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#nationalcybersecuritymonth | 12 months of FE Week: October

Source: National Cyber Security – Produced By Gregory Evans

For the last 12 days of 2019 we’re running back through the previous 12 months of FE Week. Today we take a look at October…

Colleges received a welcome boost when analysis revealed 78 per cent of them had received the top two Ofsted grades – ‘outstanding’ or ‘good’ – a record high proportion since comparable records began in 2015.

After being shown FE Week’s analysis, Gavin Williamson described FE as a “vital” part of the education system and expressed his thanks to all lecturers, leaders and support staff for their hard work.

The education secretary also defended his old sixth form, Scarborough Sixth Form College, after it dropped out of offering digital T-levels, as he pledged to convene business leaders in an attempt to address shortages of work placement opportunities.

One week later it was announced that NCFE and City & Guilds had won contracts to deliver the second wave of T-levels.

The Association of Employment and Learning Providers also held its autumn conference this month, where chief executive Mark Dawe alleged that sex discrimination may lay behind decisions on funding rates.

Thousands of students, staff and people who love colleges across the country then signed pledge cards and handed them to their local MP to mark this year’s Colleges Week.

Hannah H from National Cyber Security Centre told us why it is vital that everyone in the FE sector understands their own role in protecting their networks, following a string of cyber hacks.

She provided five measures colleges could take to make any attack less likely to succeed in the first place and, if they are affected, to reduce its impact.

FE Week also continued its revelations about Hull College Group. The investigation of the college surviving on bailout funding was understood to include more than £100,000 spent on a computer game app, computer game-style cinema advertising and a PR agency that promoted a music event and computer game.

The spending on hiring an orchestra was described as “concerning” by the college’s local MP, Emma Hardy, a member of the education select committee.

Meanwhile, the government announced plans for a radical overhaul of its subcontracting rules amid high-profile cases of “deliberate” fraud, and a former adviser to the minister for higher education expressed “concern” that dozens of providers delivering level 6 and 7 apprenticeships are still going without inspection, more than four years after the courses began.

We also sat down with Charlotte Bosworth, the managing director of Innovate Awarding, who told Jess Staufenberg that she is quite happy to be known as the “end-point assessment woman”.

Staufenberg then set out what Lord Agnew’s appointment as a minister for FE might mean for the sector, having closely followed his career in the schools sector, where his reputation divides opinion.

Source link

The post #nationalcybersecuritymonth | 12 months of FE Week: October appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#cyberfraud | #cybercriminals | Cybercriminals are using Star Wars, Greta Thunberg to rip off Canadians

Source: National Cyber Security – Produced By Gregory Evans

An Etobicoke mother is upset that seven-and eight-year-old kids were shown a library presentation consisting of an emotional speech by child climate activist Greta Thunberg and a carbon clock predicting humans have eight years left to act before the point of no return for saving humanity from climate change.

During the presentation at least one child shouted out something to the effect of “We’re all going to die!” or “I don’t want to die!” in response to a clock showing two scenarios of global temperatures rising above the point of no return, the direr one showing a clock ticking down with only eight years left on it.

The bleak message throughout the presentation and the outburst about death upset some of the children, according to Lejla Blazevic, the mother of an eight-year-old grade three student who came home distressed after she left the presentation thinking she only had eight more years to live.

A picture Blazevic’s daughter drew of the carbon countdown clock from the presentation elementary school children as young as seven.

The Greta Thunberg speech played to the children was the famous one from when she spoke at the UN Climate Action Summit in September, rising to international superstardom. Blazevic is still wondering why the Toronto District School Board (TDSB) included such an emotionally charged in a presentation given to young children.

“My message is, we’ll be watching you,” says Thunberg near the start of her viral speech, addressing those in power. “This is all wrong. I shouldn’t be up here. I should be back in school, on the other side of the ocean. Yet, you all come to us young people for hope. How dare you! You have stolen my dreams, and my childhood with your empty words. And yet, I’m one of the lucky ones. People are suffering. People are dying,” Thunberg says in the speech shown to the kids at the elementary school in Etobicoke, the western part of Toronto.

The only other part of the presentation was a popular climate change carbon clock that counts down the time certain climate scientists predict humans have left before the effects of increased carbon in the atmosphere are irreversible.

Screenshot of the climate clock.

The Post Millennial was provided audio recordings of three meetings, a phone call with the superintendent and emails between Blazevic and TDSB representatives. Blazevic requested the meetings after her daughter came home distraught from seeing the presentation at Elmbank Junior Middle Academy.

“She was shocked. She was like, ‘Mommy! They told us today that we are going to die in eight years.’ She was totally shocked,” said Blazevic.

Before her first meeting with school staff, the librarian sent Blazevic an email explaining the presentation he gave to the children.

“The theme for ECO initiatives at the TDSB this year is ‘Students as Agents of Change’. Greta was 15 at the time she gave the speech. The “message” of her speech for our students was that they can make a difference and the future of our planet concerns our children most directly.

“It is our intention to use the leadership and example of Greta to spur discussion and “action” on climate change. Ms. Davis’ class will be analyzing the data referenced and discussing dissenting opinions and eventually some of the changes and solutions that are on the horizon. BTW, our own Prime Minister has yet to have the audience Greta did.

“It was not the intention to cause distress in our students. Climate change issues are facing all of us. Joylea’s concerns and fears are the very reason we need to respond. I encourage parents to discuss climate change issues. As adults, we all need to reflect on the impact our current life style choices will have on future generations.”

Part of an email the librarian sent to Blazevic.

At the first meeting, the librarian further explained the reason behind showing a de facto doomsday clock.

“Well the purpose of the clock is to give a sense–there’s apparently–the scientists say there’s a C02 budget and there are two scenarios. One is 1.5 degrees of warming and the other is two degrees of warming. Two degrees of warming says that our CO2 budget is 25 years and the 1.5 degree says it’s eight years,” said librarian Timothy Du Vernet at the first meeting.

“Even though Greta is a child, here she is talking at the UN to adults, a child can make change–that was our main focus,” teacher Suzanne Petillot said at the first meeting Blazevic had with the school. Petillot explained their reasoning for showing the children the video. Petillot also told Blazevic that only one child said they were all going to die and she stepped in right away saying, “No, we are not.”

“My concern, everyone’s concern, and part of her role is mental health, so if there’s something–the unfortunate reality is, that whether it’s this video or another video, the eco elements are everywhere,” Du Vernet explained to Blazevic on why they did the presentation.

“So I think my concern at this point is … my daughter came home, she said she was taught at school that she was going to die. And she said that many of the other children in the class also exclaimed that ‘I don’t want to die.’ I think that this might of been a traumatic situation for all the children. I think we all are aware that the climate change information, especially when given to very young children such as eight- and seven-year-olds, is shown to cause a lot of depression in children, PTSD and even suicide. So I think it’s really important that I get to the bottom of what happened,” said Blazevic said to her daughter’s teacher, librarian and principal.

The teacher and librarian said the reaction from many of the other children was positive.

“I had another student that came up to me and she was really excited about this as well. She participated so much,” said Petillot in the meeting.

“Children were shaking and children were saying, ‘I don’t want to die,’” Blazevic said, retelling her daughter’s version of events.

“We were talking about climate change. We talked about how Greta is a young child … she’s been a role model for others, especially for adults in powerful positions. And even though you are kids, you too can make a change,” said Petillot shortly after in the meeting.

“We went to a workshop yesterday, where clearly the message to us was, that we need to be changing our message, and the message is not just a little about the facts, but also what we can do, the hope we can have in making a difference,” Du Vernet further explained on how they were changing the climate change lessons for young children.

“It’s very current, students walking out of school on strike for the earth. And this is happening, and it’s still going to continue to happen. So this is another reason why, it’s in the news. It’s in the news almost every day, about children walking out for the earth,” said Petillot, explaining why they chose to show Thunberg’s speech.

When Blazevic asked if the staff think it’s good or bad, the principal stepped in.

“It’s happening and current. We can’t decide good or bad, but, is it effective? Is it something having students use their voice to say to adults… ‘You guys need to do something different and we’re not happy that in 30 years the worlds going to be…”

“We’re going to suffer the consequences,” Petillot jumped in.

“We want our students to make informed decisions. And so the only way they can make informed decisions is by having information,” Du Vernet added.

“So it can be a doom and gloom scenario, especially for kids ages eight through ten, these are formative years,” Blazevic responded.

The TDSB’s curriculum also includes a theme of “Students as Agents of Change” in which teachers promote children getting active in what they believe in.

Blazevic is concerned that this theme may be inappropriate for young children who are being taught what to believe and to act on those beliefs, despite lacking critical thinking skills needed to decide for themselves.

“The issue with the presentation is that the children were traumatized. They were told they were going to die in eight years. Even if it [was a misunderstanding], because of their reaction [the clock] told them there is something wrong,” said Blazevic told The Post Millennial. “It’s not developmentally appropriate for a grade two-three class.”

“They did have a clock, but it wasn’t a countdown to the end of the earth or anything like that. What it was, I’ve seen this all over the place, is that it was a countdown clock of ‘We might be reaching the point where can no longer turn things around,’” said TDSB spokesperson Ryan Bird in a phone interview with The Post Millennial.

“So then you have a boy that yells out something like, ‘We’re all going to die.’ It was said in jest, the teacher also immediately jumped on that and said, ‘No, that’s not the case.’ We followed up with that kid’s mom, and they weren’t worried,” said Bird. “‘We also followed up with the rest of the class so they knew that wasn’t the case, and no one seemed to get the sense that that was the case.”

Asked about the TDSB’s climate change curriculum, and the suggestion they’re promoting children to become climate activists, Bird said that is not the school board’s goal.

“We encourage our students to have their voices be heard. So, you know, if that’s activism then I guess that is, but we’re not trying to change them into climate change activist at all. If you believe strongly about something, whether it be the environment or something else, talk about it. You can take part, you can do things to help the environment, to help other issues that you think are important, that kind of thing,” said Bird.

“Everyone was talking about [climate change] at the time, but of course we aren’t going to do any doom and gloom kind of presentation that was suggested, we just wouldn’t do that,” said Bird.

“At the second meeting the principal actually admitted, he said, ‘If I could take that clock back I would’ve done it,’” said Lejla Blazevic.

Blazevic also says the school officials’ story changed several times.

“At the third meeting [the principal] wanted to change that. He said, “Actually, November 4 was the second time I spoke to the child. I spoke to the child for the first time before. The teachers and the librarian, we all knew who this one child was before the first meeting.’”

Blazevic says the school staff first said they learned later who the child was because of a pattern of behaviour.

“The reason why I’m here is because something doesn’t make sense. If you say this child has said this before, and when I came to the meeting, which was two weeks after the actual event, the teacher still didn’t know who that one child was. And you’re telling me the child has had a habit of saying this even before the presentation,” Blazevic said at the third meeting.

“Well I did say, he has said that before. He has said, “I’m going to die” before, he’s said, ‘Oh my God, we’re all going to die.’ He’s said that before. Which is what led the teacher to think that that was the child who had said it,” said Principal Michael George of Elmbank Junior Middle Academy.

“The teacher spoke to the class again as a follow-up and spoke to the student specifically.”

Blazevic’s says she believes her daughter’s version of events, that many of the kids said they didn’t want to die when presented with the countdown clock.

“My daughter is very clear on what happened. The majority of the class yelled out “I don’t want to die” … I spoke to a little seven-year-old girl from her classroom and she nodded her head, and she said, ‘I don’t mind dying soon.’ And me and her father were shocked, we looked at her, and she said “because that means I’m not going to get married.” So what I know 100 percent is what my daughter is telling me, who is an excellent student,” said Blazevic.

“She is very good,” George concurred. Blazevic says her daughter is the top student in her class.

“The teachers that were there … are quite sure that there was the one, maybe the two students who had said that,” George said.

Blazevic also had a phone conversation with the superintendent.

TDSB superintendentLorraine Linton told the mother that the school’s staff were going to have a celebration to flip the script on the previous stark presentation.

“The conversation shouldn’t be at any point, ‘We’re going to die in a few years.’ … Somehow this turned into somebody yelling out, ‘We’re all going to die,’ and then everybody had to address it,” Linton said in the conversation with Blazevic.

Linton also explained the school staff were working with the TDSB ECO school department to flip the script.

“The children that I spoke to, that were shown this presentation, they’re all in unison saying it was never brought up again, it was never reflected on, it was never clarified. They’re in unison all saying that,” said Blazevic in the phone conversation with the superintendent. “We don’t know how many children went home with this message, it could’ve been all of these classes that were shown this presentation.”

“They never asked the children what your voice is,” said Blazevic in a phone interview with The Post Millennial. “Instead, they are telling the children the voice they need to have and this voice you can share.”

Source link

The post #cyberfraud | #cybercriminals | Cybercriminals are using Star Wars, Greta Thunberg to rip off Canadians appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#nationalcybersecuritymonth | The Top 10 Cybersecurity Stories Of 2019—A Window Onto The 2020 Threatscape

Source: National Cyber Security – Produced By Gregory Evans

There can be no doubt, as 2019 draws ever closer to an end, that it has been quite the year as far as cybersecurity is concerned. I have reported on everything from the world’s top 100 worst passwords to how Apple’s iPhone FaceID was “hacked” in less than 120 seconds. The year didn’t even start on a high note, with the revelation of the “Collection 1” data dump affecting more than 770 million people. Within a month, this had been followed by collections two to five, taking the total number of hacked accounts involved to 2.2 billion. Hardly surprising, then, that the first six months of 2019 alone saw data breaches expose more than 4 billion records. The most difficult story I had to write, though, was how one in six CISOs were self-medicating or abusing alcohol as a result of the stresses the job entails. The cybersecurity mental health warning doesn’t only affect those at the top of the corporate tree; security researchers are also at risk. The one thing that all the stories above have in common is that none of them feature in the top 10 of my cybersecurity stories as measured by how many of you were reading them. So, without further ado, here are the top 10 cybersecurity stories of 2019, which open a window onto the 2020 cyber threatscape.

1. The Google Camera app security threat to hundreds of millions of Android users (1.9 million views)

On November 19, I reported how security researchers had uncovered a vulnerability that affected users of the Google Camera and Samsung Camera apps. What did the researchers discover? Oh, only a way for an attacker to take control of smartphone camera apps and remotely take photos, record video, spy on your conversations by recording them as you lift the phone to your ear, identify your location, and more. All of this performed silently, in the background, with the user none the wiser. Will this be the last time I write about a high-profile, used by millions, smartphone app that comes with a high-rated vulnerability? I want to say yes, but the truth of the matter is that I doubt I’ll have to wait too long into 2020 before the first such story appears. If Google, with all the resources available to it, still misses threats like this, then the chances of smaller, less well-resourced development teams will be any different.

2. Critical security vulnerability for 40 million Galaxy and Note users (1.2 million views)

At the start of October, Samsung confirmed a whole bunch of vulnerabilities that affected users of the Galaxy S8, S9, S10 and Note 9 and 10 smartphones. The most serious of the 21 security issues revealed by the October security maintenance release (SMR) was a critical vulnerability with the potential to impact a total of 40 million Galaxy S9 and Note 9 users. Although the vulnerability was fixed in that SMR, the problem of the threat window being open between the disclosure of the problem and the point when end-users could apply the patch remains problematical. As an Android user is all too aware, the fragmentation of the smartphone ecosystem means that security updates are rarely rolled out to everyone immediately. This is a problem that won’t be going away in 2020. On December 9, I wrote about an Android “permanent denial of service” vulnerability across versions eight through ten of the smartphone operating system. This was fixed by the December security update that was quickly rolled out. As I write this on December 27, my Note 10+ 5G has yet to receive that patch.

3. U.S. Government steps in to warn Windows users to update now (1 million views)

The updates theme continues with this story that focused on the United States Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issuing a warning to Windows users in the light of a critical security vulnerability. The threat in question being BlueKeep, and the update issue being that older versions of the Windows operating system were at risk as they were not being updated with the relevant patch. This despite Microsoft making an out-of-band fix available for systems running on Windows XP. As Windows 7 reaches end-of-life status on January 14, 2020, I doubt it will be the last time we see security issues such as this.

4. New Orleans declares state of emergency following cyber-attack (731,000 views)

On October 2, the FBI issued a “high-impact” cyber-attack warning in response to ransomware attacks on state and local government targets. The FBI issued mitigation advice that included updating operating systems, software, and device firmware with the latest security patches and ensuring data was backed up regularly and those backups verified. Fast-forward to December 14, and the City of New Orleans declared a state of emergency following, yep you guessed it, a ransomware attack. Given that the state of Louisiana had already come under attack in November, and 23 government agencies in Texas were taken offline following a cyber-attack in August, I’m sadly all but sure I’ll be writing similar reports in 2020.

5. Samsung firmware updates confusion (590,000 views)

This report covered another Samsung smartphone update story, but not relating to a critical vulnerability in Galaxy and Note devices this time. Instead, it concerned an app that had been downloaded by 10 million Samsung users that was designed to help manage firmware updates, and so improve the security of those devices. Security researchers warned that the app wasn’t “officially affiliated with Samsung” and that users could find themselves paying an annual fee to download free of charge updates. After a discussion with the app developers, who explained the misunderstandings of who the app was intended to be for and what problems it solved, the app was removed from Google Play while several updates were made. A good result with the developers taking note of concerns and taking immediate steps to rectify them. This is one story I hope will be repeated, in terms of outcome, during 2020.

6. Windows 10 update woes, part one (539,000 views)

Now you are probably wondering why there have been no Windows 10 security stories in the top 10 so far. If so, your concerns are about to be sated. And then some. Windows 10 update issues were a recurring theme for me during 2019, and rarely for positive reasons. This story is an excellent example of how Microsoft has got itself into something of a mess as far as the user perception of the Windows 10 update system is concerned. By this point in the year, October 9, users were already confused by the update process that promised to make their computers more secure but delivered more than just broken promises; a borked Windows Defender ATP for enterprise users being amongst the most serious. This particular story, however, involved Microsoft telling Windows 10 users to install updates in a specific order to prevent a multiple restart loop. I hope that 2020 will be the year that I stop writing about Windows 10 update problems. I’m not betting my house on it though.

7. Windows 10 update woes, part two (518,000 views)

On August 17, I reported how Microsoft confirmed an update warning for Windows 10 users as well as Windows 8.1 and Windows 7 and 8 for that matter. As well as causing black screens after the update for some users, this story warned about Visual Basic scripts that stopped working and impacted Microsoft Office users. As well as repeating my closing sentiment from story number six, I’d add that I expect to write about Office security problems into 2020 as well.

8. Windows 10 update woes, part three (515,000 views)

The Windows Defender Advanced Threat Protection (ATP) service breaking update to Windows 10 enabled the most surreal of headlines to be used for this story: Windows 10 Security Alert As Microsoft Says: “Do Not Install This Update.” To be honest, I don’t think I can add any more here. Just another in a long line of Windows update-related stories from 2019 that I fear we won’t have seen the last of.

9. Google Gmail and Calendar credential-stealing threat warning (513,000 views)

Threat actors were found to be exploiting the incredible popularity of the Google Calendar and Gmail services to target a credential-stealing attack. The researchers described it as a “sophisticated scam” that employed the tight and automatic integration between different Google services against users to target them with malicious exploits. “Beyond phishing, this attack opens up the doors for a whole host of social engineering attacks,” Javvad Malik, a security awareness advocate at KnowBe4, said. Malik told me that to gain access to a building, for example, you could put in a calendar invite for an interview or similar face to face appointment such as building maintenance which, he warned “could allow physical access to secure areas.” Exploiting application functionality is an attack vector that is going nowhere in 2020, expect to see plenty more reporting on such things.

10. National Security Agency warns Windows users (473,000 views)

The final entry in this top 10 of cybersecurity stories that caught your attention across 2019 is directly related to number three in the list. Yep, it’s another BlueKeep warning. On Jun 7, I reported how the U.S. National Security Agency (NSA) had urged Microsoft Windows users to update now if their systems were not fully patched. This after Microsoft had already issued multiple update now warnings itself, such was the seriousness of the BlueKeep threat. I would expect, as older Windows operating system versions reach the end of life and end of support but not end of use, we will see more such threats emerging.

Source link

The post #nationalcybersecuritymonth | The Top 10 Cybersecurity Stories Of 2019—A Window Onto The 2020 Threatscape appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#cybersecurity | #hackerspace | DEF CON 27, Blue Team Village, @Lak5hmi5udheer’s, @dhivus & @NarayanGowraj’s ‘Who Dis Who Dis: The Right Way To Authenticate’

Source: National Cyber Security – Produced By Gregory Evans

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn.

Permalink

The post DEF CON 27, Blue Team Village, @Lak5hmi5udheer’s, @dhivus & @NarayanGowraj’s ‘Who Dis Who Dis: The Right Way To Authenticate’ appeared first on Security Boulevard.

Source link

The post #cybersecurity | #hackerspace |<p> DEF CON 27, Blue Team Village, @Lak5hmi5udheer’s, @dhivus & @NarayanGowraj’s ‘Who Dis Who Dis: The Right Way To Authenticate’ <p> appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




#nationalcybersecuritymonth | What I taught 60,000 NASA employees about cybersecurity

Source: National Cyber Security – Produced By Gregory Evans

Working for NASA is a big job and a true honor. Every day, the talented men and women of NASA must think on a cosmic level because it’s not just about space exploration and research. Sometimes it’s about planetary safety, such as their plan to destroy Earth-ending asteroids. Tap or click here to read about NASA’s innovative plan.

Other work involves preventing cyberattacks on Earth or the International Space Station. Like corporations or government agencies, NASA has to protect itself from the most sophisticated hackers.

But it begs the question: Do tens of thousands of NASA employees and contractors know how to protect their personal devices at home?

One vulnerable moment on a private server could lead to astronomical problems. So how do NASA employees defend their personal computers and myriad of devices? It starts by practicing good habits online. Tap or click to read 8 stupid things you’re doing on the web that put you at risk. Are you guilty of any of these?

I recently had the distinct pleasure of giving a keynote speech at NASA’s Glenn Research Center in Cleveland, Ohio for National Cybersecurity Awareness Month. I discussed essential safety procedures everyone needs to know these days.

I covered three major topics during the event and, while each is important, luckily it’s not rocket science. You need to adhere to all three in 2020.

1. Your first line of defense

I get it; no one spends much time thinking about their router; you just want it to work. But for meaningful cybersecurity, your router is your first line of defense for keeping criminals out of your network.

Hackers could have compromised your router already and have complete access to your data, files, and network. Tap or click here for a free test to see if your router has been hacked.

Right out of the box, your router comes with a default username and password. Since these credentials are available on the internet, amateur hackers how to break in and do all kinds of damage. So, the first order of business is to log into your router’s administration console and get that generic password changed.

If you don’t know your router’s password, tap or click here to learn how to find it and change it.

Next, update your router’s firmware to the latest version. The exact steps depend on your router brand and model, but all the modern options have an administrator page you can access via browser.

All you have to do is type the default IP address of your particular router on your browser address bar, and that will take you directly to that page. Tap or click here for detailed steps on updating your router’s firmware.

Once the credentials have been changed and the system is up to date, it’s time to adjust a few settings. If you’ve been using the same router for years and all you see in your security options is WPA or WEP, trust me, it’s time to go shopping for a new one.

Look for WPA2 or the latest standard, WPA3, and make sure your new router has a firewall, which comes built-in on just about every newer model. While you’re at it, there’s even more you can do. Tap or click here for 5 security settings to turn on before it’s too late.

2. Don’t leave home without it

Every time NASA provides a laptop for working remotely, the employee is required to use a VPN. That’s precisely why they were created in the first place — to securely connect business networks through the internet to allow secure access from home.

A virtual private network, or VPN, is a layer of protection between your devices and the internet. It hides your IP or MAC address along with your location and encrypts the data that travels from your device to websites you visit.

Get Kim’s latest tips and trusted advice with the free Komando.com App.

 

Most importantly, when you’re using public Wi-Fi and not a trusted network, a VPN provides a critical layer of security. They’re inexpensive and easy to procure.

If you’re on an unsecured network like the one you might find at a coffee shop, airport, library, or other public places, you send queries through cyberspace, and they route through private networks to other computers or servers, exposing you to skilled hackers.

If you want a more in-depth look at VPNs, tap or click for a complete guide to choosing and setting up your own VPN.

3. Beware the inbox

Phishing attacks are no joke. Scam attempts that come into your email, social media accounts and text messages can be persuasive at first, until you take a closer look.

Phishing scams have become more sophisticated in recent years. Instead of the long-lost uncle leaving you a $10 million inheritance, scammers pose as real businesses or government agencies.

You might get an email that looks like it’s from Netflix, saying your account has been compromised, and you need to reset your password. Tap or click here to see what it looks like. If you click the link from your email, you’ll be taken to a website that probably looks like the real thing.

RELATED: Hackers are smarter than ever, and they have new ways to fool even the savviest among us. Tap or click here for 3 ways to avoid falling victim to these smart phishing attacks.

The next type of scam is called spear phishing, and it’s a little more personal: Realistic-looking emails from real companies or agencies might include your name, phone number, and even your job title or home address. This information could be culled from social media, or maybe it originated from a data broker.

Phishing attacks could include malicious links or even attachments that can infect your system with malware. That way, they can access what’s on that device or worse: infect your entire network and potentially any other device on it.

So don’t wait. If these techniques are good enough for NASA, they’ll definitely work for you.

BONUS TIP FOR EXTRA KNOW-HOW: How to see all the devices connected to your network

If you use wireless internet at home, you probably have several devices connected to your network. It’s so easy to keep piling on additional devices, too: your new laptop, another video game console, a new tablet or even your friend’s phone.

You may even begin to lose track of everything that’s connected, or worse, notice things that don’t belong. There may even be users who have tried to connect to your Wi-Fi network without your permission or knowledge.

This is bad news for a few reasons. Someone could be stealing your network bandwidth — or your personal information. Luckily, there are simple ways to determine which devices are connected to your network, and you can prune what should and shouldn’t be there.

Tap or click here to take a closer look at who’s using your connection.

What digital lifestyle questions do you have? Call Kim’s national radio show and tap or click here to find it on your local radio station. You can listen to or watch The Kim Komando Show on your phone, tablet, television or computer. Or tap or click here for Kim’s free podcasts.

Copyright 2020, WestStar Multimedia Entertainment. All rights reserved.

Learn about all the latest technology on the Kim Komando Show, the nation’s largest weekend radio talk show. Kim takes calls and dispenses advice on today’s digital lifestyle, from smartphones and tablets to online privacy and data hacks. For her daily tips, free newsletters and more, visit her website at Komando.com.

Source link

The post #nationalcybersecuritymonth | What I taught 60,000 NASA employees about cybersecurity appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof