Daily Archives: January 13, 2020

#comptia | #ransomware | Rancocas Valley High School students blocked from social media, but can stream music video – News – Burlington County Times

Source: National Cyber Security – Produced By Gregory Evans

Federal law requires schools to protect students from inappropriate content. Schools have different standards on what to block, records show.

MOUNT HOLLY — Facebook, Snapchat and Twitter are off-limits.

Apple TV, Amazon Prime and Hulu video are just fine.

At Rancocas Valley Regional High School, cybersecurity systems are set to block student access to social media but allow teens to stream music and video on classroom devices, according to records released after a legal appeal to the New Jersey Government Records Council.

Beginning Nov. 8, this news organization filed open records requests with all Burlington County school districts.

Four months later, on Jan. 10, district officials released the requested information while apologizing for the delay.

“I reviewed the District’s initial response which did not include all of the documents I advised them to produce,” said George M. Morris, attorney for the school district. “Not sure where there was a breakdown in communication.”

Public schools are required by federal law to protect students from inappropriate content.

The information released by area schools districts shows that they have different standards for filtering content, protecting students and staff as well as the equipment financed by taxpayers.

In October, Cherry Hill School District in Camden County discovered some of its computer systems had been locked down and some district computer screens displayed the word “Ryuk,” a term associated with ransomware attacks.

Rancocas Valley is home to some 2,100 students from Eastampton, Hainesport , Lumberton, Mount Holly and Westampton.

In addition to streaming audio and video, Rancocas Valley students are allowed to access shopping, news and media, sports and travel websites, records show. A long list of blocked content includes dating, gambling, pornographic materials, sex education, tobacco, “sports hunting” and “war games.”

So far, records were provided by Bordentown Regional, Burlington City, Burlington Township, Cinnaminson, Delanco, Eastampton, Florence, Lenape Regional, Lumberton, Maple Shade, Medford, Moorestown, Mount Laurel, North Hanover, Palmyra, Riverside, Riverton, Shamong, Southampton, Springfield and Westampton.

Similar records requests are pending with Beverly City, Chesterfield, Edgewater Park, Evesham, Mansfield, the Northern Burlington County Regional School District and Willingboro schools.

Appeals have been filed with the New Jersey Government Records Council.

Under New Jersey’s Open Public Records Act, government agency must respond within seven days after receiving a request. Government agencies “must ordinarily grant immediate access to budgets, bills, vouchers, contracts,” according to the records council.

Source link

The post #comptia | #ransomware | Rancocas Valley High School students blocked from social media, but can stream music video – News – Burlington County Times appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




Phishing for Apples, Bobbing for Links — Krebs on Security

Source: National Cyber Security – Produced By Gregory Evans

Anyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple, whose brand by many measures remains among the most-targeted. Past stories here have examined how scammers working with organized gangs try to phish iCloud credentials from Apple customers who have a mobile device that is lost or stolen. Today’s piece looks at the well-crafted links used in some of these lures.

KrebsOnSecurity heard from a reader in South Africa who recently received a text message stating his lost iPhone X had been found. The message addressed him by name and said he could view the location of his wayward device by visiting the link https://maps-icloud[.]com — which is most definitely not a legitimate Apple or iCloud link and is one of countless spoofing Apple’s “Find My” service for locating lost Apple devices.

While maps-icloud[.]com is not a particularly convincing phishing domain, a review of the Russian server where that domain is hosted reveals a slew of far more persuasive links spoofing Apple’s brand. Almost all of these include encryption certificates (start with “https://) and begin with the subdomains “apple.” or “icloud.” followed by a domain name starting with “com-“.

Here are just a few examples (the phishing links in this post have been hobbled with brackets to keep them from being clickable):

apple.com-support[.]id
apple.com-findlocation[.]id
apple.com-sign[.]in
apple.com-isupport[.]in
icloud.com-site-log[.]in

Savvy readers here no doubt already know this, but to find the true domain referenced in a link, look to the right of “http(s)://” until you encounter the first forward slash (/). The domain directly to the left of that first slash is the true destination; anything that precedes the second dot to the left of that first slash is a subdomain and should be ignored for the purposes of determining the true domain name.

For instance, in the case of the imaginary link below, example.com is the true destination, not apple.com:

https://www.apple.com.example.com/findmyphone/

Of course, any domain can be used as a redirect to any other domain. Case in point: Targets of the phishing domains above who are undecided on whether the link refers to a legitimate Apple site might seek to load the base domain into a Web browser (minus the customization in the remainder of the link after the first forward slash). To assuage such concerns, the phishers in this case will forward anyone visiting those base domains to Apple’s legitimate iCloud login page (icloud.com).

The best advice to sidestep phishing scams is to avoid clicking on links that arrive unbidden in emails, text messages and other mediums. Most phishing scams invoke a temporal element that warns of dire consequences should you fail to respond or act quickly. If you’re unsure whether the message is legitimate, take a deep breath and visit the site or service in question manually — ideally, using a browser bookmark so as to avoid potential typosquatting sites.



Tags: Apple phishing

The source of this story comes from click here!

The post Phishing for Apples, Bobbing for Links — Krebs on Security appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof




Snake alert! This ransomware is not a game… – Naked Security

Source: National Cyber Security – Produced By Gregory Evans

Here’s some goodish news: the Snake ransomware seems to have made the news last week on account of its name rather than its prevalence.

Because, well, SNAKE!

Like most ransomware, Snake doesn’t touch your operating system files and programs, so your computer will still boot up, log in, and let you open your favourite apps, so that in purely technical terms you have a working system…

…but all your important data files, such as documents, spreadsheets, photos, videos, music, tax returns, business plans, accounts payable and accounts receivable, are scrambled with a randomly chosen encryption key.

Scrambled files consist of the encrypted content written back over the original data, with decryption information added at the end:

Decryption metadata plus the text EKANS (SNAKE backwards) is added at the end of encrypted files.

The original filename and directory are recorded, the decryption key is stored too, and the special tag EKANS, which is SNAKE written backwards, finishes off the encrypted file.

Note that the decryption key for each file is itself encrypted using ‘public-key encryption’, which is a special sort of encryption algorithm in which there are two keys, rather than one, so that the key used to lock data can’t be used to unlock it.

The key used for locking data is called the public key, because you can reveal it to anyone; the unlocking key is called the private key, because as long as you keep it private, you’re the only one who can later unlock the encrypted data.

Most modern ransomware uses this sort of hybrid encryption system.

The malware generates a random key to encrypt the file, using what’s called a ‘symmetric’ or ‘secret-key encryption’ algorithm where the same key both locks and unlocks; then uses a public key to lock up the random key.

To decrypt the file, you need the private key to unlock the symmetric key; then the symmetric key to unlock the file.

Why not just use public key cryptography alone to lock and unlock the file? Why the extra complexity of generating a random secret key to lock the data and then using a public key to lock the secret key? The answer is that symmetric crypto is ideally suited for scrambling large amounts of data, but public key crypto is much slower and suited only for scrambling small amounts of data at a time. Thus you use fast encryption to deal with whole files, followed by slow encryption to keep the secret key safe for the fast decryption safe.