Apple Watch saves one more life by notifying user about his unusual heart rate

By Waqas

Who doesn’t like elegant watches, especially those who can literally save your life like the Apple Watch, right? Last time when we talked about Apple Watch, it was related to a 62-year-old man who felt sick at work and decided not to bother his colleagues but when his Apple Watch’s Health and Fitness feature revealed that his heart […]

This is a post from HackRead.com Read the original post: Apple Watch saves one more life by notifying user about his unusual heart rate

September 01, 2018 at 03:53AM

Read More

John McAfee backed Bitfi wallet pwned again

By Uzair Amir

The presumably unhackable Bitfi wallet backed by John McAfee has released a statement announcing that the unhackable tag will be removed from their marketing materials. The step comes after the device’s security was compromised by a Twitter user under the name @spudowiar. The associated bounty program has also been suspended. However, the company has launched […]

This is a post from HackRead.com Read the original post: John McAfee backed Bitfi wallet pwned again

August 31, 2018 at 11:07PM

Read More

VPN Security: What You Need to Know

Read More

Things I Hearted this Week, 31 Aug 2018

After a week in Vegas for Blackhat, and then a week’s vacation, I’m back with your favourite dose of security roundup. Giving you the security news and views you deserve, not need.

So, let’s just jump into it and make up for lost time.

Adventures in Vulnerability Reporting

Discovering vulnerabilities and getting rewarded for bugs is the new hotness. Being new, there are many teething problems as organisations and researchers struggle to get on common grounds as to how to best disclose them.

Natalie Silvanovich of Google’s Project Zero has documented her adventures and an example of a particularly poorly conceived vulnerability disclosure process in this blog:

• Adventures in vulnerability reporting | Project Zero

Natalie raises some very valid points in her post about how researchers will sometimes abandon the disclosure process altogether if it becomes frustrating. As we saw when a Microsoft Windows 0day was disclosed unceremoniously through Twitter.

• Microsoft Windows zero-day vulnerability disclosed through Twitter | ZDNet

And while we’re on the topic of vulnerabilities, Adrian Sanabria drops the truth (with stats) on patching. You should always patch when you can, but when you can’t, you need a plan B.

• Another Year, Another Critical Struts Flaw | Nopsec

Twitter Bots

Twitter bots are spoken about frequently, usually in the same breath as fake news or disinformation. But how big a problem are bots, and do they actually influence public opinion or are they merely trolls?

The good folk over at SafeGuard cyber may be able to shed some light on it with a detailed report that looked at over 300k bots and tracked their behaviour and tactics – providing an analysis of how bots are deployed to reshape public perception.

• How Russian Twitter Bots Weaponize Social Media | SafeGuard Cyber

A True Password Manager Story

I can neither confirm nor deny that I’ve ever blamed Graham Cluley for anything… but this is a good post by Stuart on the trials and tribulations of adopting a password manager.

• I’m OK, but Graham Cluley made me do it | Hidden Text

While we’re discussing passwords, a different Stuart has written a very open and honest discussion on the use of two-factor authentication. It’s well worth a read.

• Before You Turn On Two-Factor Authentication… | Stuart Schechter, Medium

Probably The Best Tech Keynote in the World

I’ll be honest, up until a couple of weeks ago, I hadn’t heard of James Mickens who is a professor at Harvard University.

I watched his keynote presentation at Usenix, and haven’t been this entertained and captivated by a technology talk in … well, never.

It’s well worth carving out 50 minutes out of your day to watch his keynote entitled,

Q: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible?

A: Because Keynote Speakers Make Bad Life Decisions and Are Poor Role Models

The Importance of Wellbeing

Working in any career can take its toll. Technology jobs in particular have a habit of following you around wherever you may go via your connected device. Mo Amin shares a personal account, with some good tips on how one can bring about balance to their lives in the busy times we live in.

• Smashing the Stack but for None of the Fun or Profit: The Importance of Wellbeing | Infosec Mo

Oh, No, Not Another Security Product

“The industry doesn’t need more products, companies, or marketing hype. We need an overhaul of the whole approach to security solutions, not an improvement of components. Security should be built on platforms with a plug-and-play infrastructure that better supports buyers, connecting products in a way that isn’t currently possible.”

• Oh, No, Not Another Security Product | Dark Reading

Somewhat related

• The most important attributes of a cybersecurity platform | CSO Online

      

The post Things I Hearted this Week, 31 Aug 2018 appeared first on Cybersecurity Insiders.

August 31, 2018 at 09:10PM

Read More

DDoS attack from Anonymous Catalonia cripples Bank of Spain website

By Waqas

The official website of Banco de España (Bank of Spain), which is the central bank of the country, was hit by a Distributed Denial of Service (DDoS) attack on Sunday. The attack potentially disrupted the website’s operations and it became inaccessible at the beginning of the week. The attack, reportedly, has been claimed by the […]

This is a post from HackRead.com Read the original post: DDoS attack from Anonymous Catalonia cripples Bank of Spain website

August 31, 2018 at 08:11PM

Read More

Hacker who leaked naked photos of Jennifer Lawrence jailed for 8 months

By Carolina

A Connecticut, USA based hacker who hacked more than 200 iCloud accounts and leaked private photos of top Hollywood celebrities and other people was sentenced to eight months in prison last Wednesday (29). In addition to the incarcerated time, George Garofano, 26, is scheduled to serve three more years of probation and 60 hours of community […]

This is a post from HackRead.com Read the original post: Hacker who leaked naked photos of Jennifer Lawrence jailed for 8 months

August 31, 2018 at 02:29AM

Read More

Cell-Site surveillance devices (Stingray) could disrupt 911 emergency calls

By Uzair Amir

Senator Ron Wyden of Oregon has made startling new revelations about CSS or cell-site stimulators. These cell surveillance devices, better known as Stingray, are used to disrupt communications of cell phones, mostly of criminals and lawbreakers. However, Sen. Wyden asserts that the devices may impact other phones and potentially makes contacting emergency services like 911 […]

This is a post from HackRead.com Read the original post: Cell-Site surveillance devices (Stingray) could disrupt 911 emergency calls

August 30, 2018 at 06:38PM

Read More

RIG Exploit Toolkit Distributing CeidPageLock Malware to Hijack Browsers

By Waqas

A previously discovered browser hijacker malware dubbed as CeidPageLock has resurfaced again, in a bigger and better avatar, reveal researchers at Check Point security firm. This time around it is loaded with new features and is being distributed through the RIG Exploit kit. Trend Micro states that among all the exploit kits, the RIG is […]

This is a post from HackRead.com Read the original post: RIG Exploit Toolkit Distributing CeidPageLock Malware to Hijack Browsers

August 30, 2018 at 05:01PM

Read More

Most SMBs in the UK are keeping Cyber Attacks secret

A survey conducted by Appstractor Corporation has discovered that SMBs operating in the UK have faced at least 5 cyber threats in the last year. And most of them have kept them as a secret for reasons.

Almost four IT decision makers working for SMBs across the UK have confirmed the report findings admitting that their companies did conceal attacks made on their databases, due to the GDPR repercussions which came into effect in May this year.

Only 12% of the respondents who participated in the survey agreed that the cybersecurity software monitoring their IT assets has managed to keep up with the complexities of the threats prevailing in the current cyber landscape- with a third believing that this puts their firms at a higher risk than their big business counterparts.

“Usually we think that only big companies grab many of the cybersecurity headlines. But its the other way around, as SMBs usually become prime targets for criminals who are able to deploy easily available tools and software to automatically mass target thousands of small companies at once”, said Raizy Zelcer, a senior security analyst at Appstractor.

Zelcer added that SMBs often suffer from the fact that many are operated by only a few people and most don’t have the cash or resources to fund full time IT staff. At this juncture, those working for the company/s can crop-up as serious cyber threats.

Meanwhile, as the latest GDPR rules have come into effect from May 26th,2018, SMBs are expected to bolster their cybersecurity policies and practices in order to defend themselves against data breaches.

But in reality, the study found that over 75% of SMBs are not yet ready to upgrade their security strategies for various reasons.- with 27% of them agreeing that they are not even ready to counter even the basic cyber threats like DDoS or password attacks.

Therefore, we can come to a conclusion that most of the SMBs operating in the UK are under-prepared when it comes to securing their digital infrastructure. With many of them either still in a process of reviewing their security policies in line with GDPR or are yet to start the process of evaluating.

What’s your say on this…?

You can share your views through the comments section below.

The post Most SMBs in the UK are keeping Cyber Attacks secret appeared first on Cybersecurity Insiders.

August 31, 2018 at 08:51PM

Read More

Equifax Cyber Attack faces a lawsuit from Canada Citizen

In September 2017, Equifax disclosed that a cyber attack on its database has exposed sensitive info of more than 143 million of its American consumers. The leaked data includes social security numbers, driver licenses, and phone numbers as well.

Daniel Thalheimer, 46, a citizen of Duncan, Canada has now filed a class action lawsuit against Equifax this month which says that the leaked data pertaining to him has/could further expose him to the risk of identity theft and fraud.

Daniel mentioned in his lawsuit that he received a letter from the credit monitoring company in October last year which said that his personal data and info had been compromised. The official letter claimed that hackers gained info to a file named on Daniel’s name which had details such as social insurance number, name, address, date of birth, phone number, email address and a secret question and answer which were credentials to login into the Equifax website. However, the website failed to mention what details were accessed by hackers.

Daniel fears that any hacker who gained details to the sensitive info stored on Equifax database (pertaining to him) can walk into his bank to pose as him to seek a loan or siphon off his money from his account.

“This whole thing scares me and so I filed a lawsuit in BC Supreme Court which happens to be a 2nd such suit in BC and third in Canada”, said Mr. Thalheimer.

Since the data breach occurred due to the vulnerability of the website application, it could have been avoided by the company if it had taken precautionary action in time.

Daniel is said to have launched a private inquiry on this issue in which he found that the developer of the website application has notified of the vulnerability on Feb 14th, 2017 and recommended a premium upgrade which was released on March 6th, 2017.

As per the security patches implementation policy of Equifax, it should have applied the patch within 48 hours of notification. But it did not do it until June 30, 2017- which happens to be the time after the breach had occurred, claims the suit.

On Sept 19, 2017, Equifax Canada notified to the world via a press statement saying that 100,000 Canadians were affected in the breach. But less than a month, it released another press statement saying that the impacted Canadians could be less than 11,000.

In March this year, Equifax issued a press statement that only 2.4 million US consumers were impacted by the breach.

As the statements were contradictory, Daniel chose to drag the company to the court.

Moreover, the Equifax letter which Thalheimer received had a mention of 12 months free complimentary credit monitoring as compensation to the breach. But Daniel was already a member of one such plan at that time. So, the announced reparation was useless in his perspective.

Daniel wants general, special aggravated and punitive damages as the compensation from the breach and David Moriarty is the attorney who is representing the said person in the court.

The post Equifax Cyber Attack faces a lawsuit from Canada Citizen appeared first on Cybersecurity Insiders.

August 31, 2018 at 11:18AM

Read More

Iran hackers Cyber Attack Australian Universities

Hackers from Iran are reportedly found targeting Australian Universities in order to rob valuable digital information from research work- a serious threat to national security. 

According to a news post from ABC News, Australia hackers have so far targeted thousands of staff and student accounts at prominent universities to siphon data from academic journals, dissertations, and ebooks.

Reports are pouring in that the hackers have targeted seven universities so far located in every state, except the Northern Territory and Tasmania.

Professor Matt Warren from Deakin University’s Cyber Security Research segment confirmed this news and said that the hackers are indulging in such activities to gain advantages from economic and defense perspective.

Warren warned the more such attacks are imminent if the government of Australia shows a blind eye towards its cyber adversaries.

According to The New Daily, over 26 Australian Universities were targeted by hackers hailing from Mabna Institute- an organization funded by Iranian Government. The victimized universities list includes Australian National University, Queensland University of Technology, and Monash University.

A spokesperson from Monash Educational Institute confirmed the news. However, she added that the hackers did try to intercept the network, but did not gain access to any info due to the presence of robust and sophisticated networks systems having the potential to detect, protect and defend against all variants of cyber attacks.

Alex Tilley, a senior researcher from SecureWorks said that the attack took place through a phishing campaign where hackers attempted to tempt students and staff by sending an email with the fake log-in page. It’s said that hackers used over 16 domains containing 300 spoofing websites to target 76 universities located in 14 countries with fake login pages.

Sources reporting to Cybersecurity Insiders say that a hackers group named ‘Cobalt Dickens’ were behind the attack and succeeded in targeted schools in the United States, United Kingdom, Australia, Canada, China, Japan, Israel, and Turkey so far. But none from Russia were reportedly attacked.

Note- As Iran has some economic sanctions pressed against it by the United States, the government might be indulging in such black hat strategies to gain economically or politically through the cyber landscape.

The post Iran hackers Cyber Attack Australian Universities appeared first on Cybersecurity Insiders.

August 30, 2018 at 10:10PM

Read More

Ethical Hacking: An Update

How has the world of hacking changed over the past decade? More and more companies are hiring ethical hackers to hack systems and show vulnerabilities. Penetration testers try to access systems by any means possible, including through social engineering. Let’s look at what ethical hacking is, how it’s done, and how it will change in the future.

Source

Ethical Hacking

Commonly known as “white hat” hackers, as opposed to black hat, ethical hackers are generally employed by a company to hack into the company’s systems and show them vulnerabilities. Some will help patch up the holes, while others simply expose what’s wrong and leave it to the company’s IT team.

The word “hacker” carries a certain connotation and is usually negative. However, it’s best to think of them in “Old West” terms. The sheriff in the old west always wore a white hat and was the good guy. The outlaw wore a black hat. Hence, the terms white hat and black hat hacker; one aims to help while the other is malicious.

In order to combat black hat hackers, white hat hackers have to think like black hat hackers. Some may have even started as black hat hackers, gained skills, and decided to use those skills for good.

Unlike in previous years, where dealing with ethical hackers could be a grey area, white hat hackers are often certified as an ethical hacker. They can prove they are using their skills to benefit a company rather than trying to break into the company’s system and actually steal information.

Penetration Testers

Coincidentally, penetration testers do steal information. They can also steal physical computers, hard copies of information, and more. Pen testers are sometimes not limited to just computer systems. Instead, much like the mindset of a hacker mentioned above, they do whatever they can to access a system, such as using social engineering or email spoofing. They are often part of the “red team,” hired to find holes in security.

Imagine, for instance, someone calling IT and claiming they forgot their password. The password is reset, and the employee leaves happy. The problem is that it wasn’t actually the employee but someone posing as them who now has access to the system.

A member of the red team might be able to swipe a pass card, enabling them access to a server room. From there, they can directly connect to the server, accessing information. The sticky note Jan from accounting keeps on her computer monitor to remind her of her logins? Gone the next morning. Everyone from Microsoft to the U.S. Army employs red teams and pen testers to identify gaps in their cybersecurity and physical security that could lead to a system breach.  

AI and Machine Learning

How will this change in the future? The simple answer is that hackers will begin to rely on AI and machine learning to infiltrate systems. While many claim it is already happening, this is just fear mongering. Yes, as AI and machine learning become more accessible and powerful, hackers are likely to let the computer do all the work for them. However, we are not there yet.

Source

It’s important to understand how hackers can and probably will use AI and machine learning in the future, and to prepare defenses, but it’s still a ways off from being a reality. Instead, it’s important to take a step back and, with the help of ethical hackers, make sure your current employees are well trained.

Your Employees

An accountant might be using Starbucks as a virtual office, doing work using an office laptop. What they might not know is that the network they are connected to isn’t actually the Starbucks’ network, but a dummy network, or “honey pot,” and the open Wi-Fi network is used to observe data sent to and from the computer. Important corporate financial information could be stolen easily by a hacker without even trying hard.

Having a pen tester, ethical hacker, or red team tail employees and make sure they are observing good cybersecurity practices is essential. Employees can be a weak link in security, and without ethical hackers observing, you might never know what the employee is doing wrong. Instead, they need to be gatekeepers and the first line of defense, trained by ethical hackers on what not to do so as not to compromise otherwise tight security.

Ethical hackers are incredibly important in today’s corporate society. As black hat hackers get more advanced, using not just computer but social engineering — and soon enough AI and machine learning — to hack companies, it’s important to have someone who can identify where you need to increase security. Whether it’s training employees to be more observant or creating a more secure server, ethical hackers, pen testers, and red teams will help your company be more secure.

      

The post Ethical Hacking: An Update appeared first on Cybersecurity Insiders.

August 30, 2018 at 09:09PM

Read More

Meet Your Cybersecurity Advocate: 5 Questions with Tony Vizza

Tony Vizza, CISSP, is the newest addition to the (ISC)² Cybersecurity Advocacy team! Based in Sydney, Australia, Tony works with corporations, government agencies and academic institutions to encourage collaboration across the industry, effective cybersecurity curriculums and strong legislation to attract and enable the workforce we need to manage the Asia-Pacific region’s most critical security issues. Tony has worked in the field for more than 25 years and has earned the CISSP certification, as well as the CRISC, CISM and is certified as an ISO/IEC 27001 Lead Auditor. To get to know Tony a bit better, we asked him five questions …

• What brought you into the profession we now know as “cybersecurity?”

I started at a young age “discovering vulnerabilities” in my school’s network systems. From there, I went on to study computer science at university. IT has always been in my blood and over the past ten years, network security and cybersecurity have been the core of my professional career.

• What career accomplishment are you most proud of?

Far and beyond all else – even both of my university degrees – I am most proud of achieving my CISSP certification. It was a culmination of months of study and preparation, on top of years of experience, and it finally made me feel proven to work in the field of information security. I had fantastic mentors and supporters who helped me through the process and I felt both disbelief and on top of the world when I passed my exam!

• What is something about cybersecurity that you wish those outside of the field had a better understanding of?

Like many other industries portrayed in the media, our reality is much more mundane than the fictionalized version the rest of the world is presented with. The most effective protection against “hackers” isn’t what you see on CSI, but rather understanding the value of your own personal data. It’s important to understand how IT devices share information and remember to be mindful of what you post on social media. Human education is infinitely important. In fact, it is the most important factor in ensuring good cybersecurity.

• What are you most looking forward to in your role as a Director of Cybersecurity Advocacy at (ISC)²?

I am looking forward to making a difference in the lives of many people in the APAC region, by helping to empower our members. When our members are able to succeed in their own endeavors, that is the best way to magnify our message of creating a safe and secure cyber world.

• When not advocating for the cybersecurity professional – and the profession itself – where might our members find you?

You will most likely find me playing with my two toddler children, helping my partner with housework, studying law at university, or (hopefully) catching up on sleep! I also enjoy watching live stand-up comedy, taking a relaxing walk along the beautiful coastline of Sydney or attending a great music festival with my family.

Tony joins John McCumber, our director of cybersecurity advocacy for North America, in working for you, the cybersecurity professional. You’ll be hearing even more from Tony in this blog, our InfoSecurity Professional magazine and at cybersecurity events around the Asia-Pacific region.

The post Meet Your Cybersecurity Advocate: 5 Questions with Tony Vizza appeared first on Cybersecurity Insiders.

August 30, 2018 at 09:09PM

Read More

Germany to counter US with DARPA like Cyber Security Agency

Germany has decided to not depend on the United States for research in Cybersecurity field from now on as it has planned to establish its own agency in lines with US Defense Advanced Research Projects Agency (DARPA).

Germany’s Defense Minister Ursula Von Der Leyen has confirmed the news and said that her country is getting ready to invest in technologies that protect the nation’s critical digital infrastructure.

The Defense and Interior ministries will manage the federal agency meant for cyber defense and the prime objective will be to defend Germany’s digital assets from cyber attacks.

However, the news has not gone well with few of the German Lawmakers as they suspect that such agency works will negatively impact Germany’s stand to outlaw cyber weapons at the UN. They are in an opinion that Germany could lose to the cyber politics arms race with the United States like China, North Korea, and Russia.

Readers of Cybersecurity Insiders have to notify a fact over here that all these days, Germany and other European nations were relying on US technologies when it comes to defending their IT infrastructure against cyber attacks from adversaries. Now, the country has decided to not allow other country governments to sneak into their business in the cyber landscape. And so has decided to establish Bundeswehr’s Cyber and Information Domain Service (CIDS) against the background of rising numbers of cyber attacks.

CIDS was established in April 2017 and it has now become fully operational allowing the military to protect the nation’s critical networks and information systems. The agency runs on the nucleus of over 260 staff which includes defense and civilians working across various units.

Currently, the cyber defense agency doesn’t have an army of hackers. But Ursula says that her country will soon engage a group of white hat hackers from military and private organizations to retaliate attacks coming from the nation’s adversaries.

The post Germany to counter US with DARPA like Cyber Security Agency appeared first on Cybersecurity Insiders.

August 30, 2018 at 11:28AM

Read More

EMEA pays high to ransomware spreading hackers

A survey conducted by Barracuda on over 630 organizations, says that corporate organizations from the EMEA region are paying hackers the demanded ransom in order to free up their databases from encrypting malware. This approach is being highly discouraged by law enforcers and security experts as it doesn’t guaranty data access to the victims and there are instances where the hackers could demand more to the previous sum, in exchange for the decryption key.

The research also discovered that businesses operating in the APAC region are least mature in terms of deploying cybersecurity technology and best practices. Their laxity towards cyber defense is due to the fact that their company heads do not show seriousness when it comes to cyber attacks due to their reactive nature towards the incidents.

In such cases, security experts suggest that the mindset of the company heads can only be changed by educating them on the latest happenings in the cyber landscape. This will not only encourage them in training their employees but will also help in bringing down the attack scale levels.

Barracuda survey confirms that 35% of businesses are still falling prey to ransomware attacks predominantly due to email phishing. Thus, until the organizations tend to better educate their users, they will continue to pay dividends for the criminals

Finally, Ransomware spread can not only cause downtime, user frustration, and productivity loss but can also bring down a business to a permanent standstill. Thus, by properly understanding the threat facet, businesses around the world can fair a better chance of recognizing and blocking an attack before it’s too late.

Note- A ransomware is a kind of malware variant which locks down a database from access with encryption until a ransom amount is paid to the hackers. Usually, the ransom demand is in Cryptocurrency.

The post EMEA pays high to ransomware spreading hackers appeared first on Cybersecurity Insiders.

August 30, 2018 at 11:27AM

Read More

Company that Sells Spyware to Domestic Abusers Hacked

By Waqas

An infamous seller of iOS and Android spyware app, TheTruthSpy, has been hacked. The company was criticized for selling spyware primarily to domestic abusers and openly marketing about it. The company markets its spyware as the best solution for spying upon cheating husbands and claims the software to be undetectable. Yet the company couldn’t protect […]

This is a post from HackRead.com Read the original post: Company that Sells Spyware to Domestic Abusers Hacked

August 30, 2018 at 01:47AM

Read More

US President to impose mandatory sanctions on Critical Cyber Threat Actors

US President Donald Trump is all set to impose mandatory sanctions on Critical Cyber Threat Actors soon. Yes, the above-stated words will turn into a reality if a new bipartisan bill introduced in the Senate receives an endorsement from the Trump & administration.

Sens. Cory Gardner and Chris Coons have introduced the bill “The Cyber Deterrence and Response Act” which makes mandatory sanctions against all adversaries and people who are responsible for attacking the IT infrastructure in the United States.

How the bill will take its shape and how the on-paper rules will be implemented is still a mystery. But if in case, the bill gets an approval, then Trump is sure to spit fire against all those who are going against its objective of making America ‘Great’, if not the greatest.

The legislation states that all state-sponsored cyber activities that are putting a dent on the economic health and national security of United States will have to face the wrath of the American Government. This includes all countries like China, Iran, and Russia that try to use cyber attacks to undermine American security and prosperity.

As per the sources reporting to Cybersecurity Insiders, the sanctions will also be imposed on suspects tied to Putin’s regime. So, Americans involved in Russian energy projects will also be blocked from transposing high dollar real estate transactions.

What’s more interesting is the fact that the bill will also make it mandatory to investigate and disclose facts of Vladimir Putin’s net worth of movable and immovable assets- estimated to be valued between $70 billion ~ $200 Billion.

Wonder what will the White House do with Putin’s riches….any guesses?

The post US President to impose mandatory sanctions on Critical Cyber Threat Actors appeared first on Cybersecurity Insiders.

August 29, 2018 at 09:13PM

Read More

Reddit Breach Takeaways: MFA and Access Management

Read More

Ransomware attack on Cloquet School District

The Minnesota based Cloquet School District database was reportedly hit by a ransomware attack early this month. And it’s said that the school administration decided not to bow down to the hackers and instead recreate the data lost due to the encrypting malware.

As per the sources reporting to Cybersecurity Insiders, the said public school district which houses K-12 sections with a student-teacher ratio of 17:1 was hit by a malware attack on August 8th of 2018. And TJ Smith, the Technology Director of the Cloquet School District called in an emergency board meeting on August 13th, 2018 to discuss the issue.

The administrative staffs were left with only two options- either to bow down to the demands of the hacker or to recover data and get the investigation done through a Cybersecurity firm.

After much discussion, the board members along with the administrative staff chose not to pay the hackers and decided to recreate data by rebuilding the servers.

Smith released a public statement on the issue yesterday stating the staff advocated to go for the second option as the lost data was not so important and the whole of the IT assets of the school was covered by a cyber insurance policy which will help in paying for the recovery of the servers.

A cybersecurity firm is yet to find out the source from where the malware entered. But the firms prima facie has ruled out the indulgence of state-funded hackers in the incident.

Smith is sure that the technical staff will be able to rebuild the servers by the start of September this year- which opens up the next academic year 2018-2019.

Note- Cloquet School District was hit by a similar cyber incident in March 2016 where the ransomware attack impacted the daily operations of the school for one full day. However, the technology staffs were quick enough to recover the data from the malware with the help of an excellent data continuity plan.

The post Ransomware attack on Cloquet School District appeared first on Cybersecurity Insiders.

August 29, 2018 at 11:43AM

Read More

Brazilian Crypto exchange hacked; private data of over 264,000 users exposed

By Waqas

A Brazilian firm Crypto exchange Atlas has become a victim of a security breach and over 264,000 users’ email addresses, phone numbers, and cryptocurrency amount related information might have been leaked. The news of data hack was reported firstly by a YouTube channel in Brazil called Investimentos Digitais (Digital Investment). The channel has claimed that14,500 […]

This is a post from HackRead.com Read the original post: Brazilian Crypto exchange hacked; private data of over 264,000 users exposed

August 29, 2018 at 02:14AM

Read More

6 Tips to Protect Your Online Business from Cyber Attacks

By Carolina

Cybercrime is on the rise, there is no denying this fact. With people becoming more reliant on technology, using their smartphones to log into their bank accounts and using social media which stores and uses your data, hackers are sometimes able to take advantage of this. You may think your business is impenetrable, however, this […]

This is a post from HackRead.com Read the original post: 6 Tips to Protect Your Online Business from Cyber Attacks

August 28, 2018 at 09:33PM

Read More

Hackers Publish PoC of Zero-day Vulnerability in Windows on Twitter

By Waqas

New Privilege Escalation Bug Identified in Windows OS. Recently a Twitter user, using the handle SandboxEscaper, disclosed that the Microsoft Windows OS has a zero-day vulnerability, which is yet unknown to the company. Tweeting on the microblogging platform, the user stated: “Here is the alpc bug as 0day. I don’t f**king care about life anymore. […]

This is a post from HackRead.com Read the original post: Hackers Publish PoC of Zero-day Vulnerability in Windows on Twitter

August 28, 2018 at 05:35PM

Read More

Lazarus Group’s AppleJeus MacOS malware targeting cryptocurrency exchanges

By Waqas

Lazarus Group is believed to be backed by the North Korean government and now it is using AppleJeus MacOS Malware. Security researchers from the Global Research and Analysis Team at Kaspersky Lab have discovered the first-ever Lazarus deployed malware for MacOS. It is reported that Lazarus has launched a new hacking campaign using AppleJeus malware. The group […]

This is a post from HackRead.com Read the original post: Lazarus Group’s AppleJeus MacOS malware targeting cryptocurrency exchanges

August 28, 2018 at 12:47AM

Read More

AlienVault Product Roundup July / August 2018

It’s been a busy summer at AlienVault! Amid some major company announcements, we continue to evolve USM Anywhere and USM Central with new features and capabilities that help you to defend against the latest threats and to streamline your security operations. You can keep up with our regular product releases by reading the release notes in the AlienVault Product Forum. Here are a few of the highlights from our July and August 2018 releases:

New EDR capabilities with the new AlienVault Agent

On July 31, 2018, we publicly launched new endpoint detection and response (EDR) capabilities in USM Anywhere, extending the platform’s powerful threat detection and response capabilities to the endpoint. Read the blog post here. By deploying the AlienVault Agent – a lightweight and adaptable endpoint agent based on osquery –  you can expand your security visibility to detect modern threats and monitor critical files (FIM) on your Windows and Linux endpoints, whether in the cloud, in your data center, or remote.

The new EDR capabilities were made available automatically and seamlessly to all USM Anywhere customers, without requiring any subscription upgrades, system updates, or the purchase of add-on products to access the capabilities.

AlienApp for ConnectWise

The AlienApp for ConnectWise is now included in the Standard and Premium editions of USM Anywhere. Service management teams that use ConnectWise Manage can leverage automated service ticket creation from USM Anywhere alarms and vulnerabilities as well as synchronization of asset information.

Slaying Defects and Optimizing the UX

In addition to these new capabilities and apps, in every update this summer, the team has rolled out enhancements to the user interface and / or has addressed multiple defects and inefficiencies. Make sure to read the product release notes for all the details.

USM Central Roundup and Look Ahead

Earlier this month, Skylar Talley, AlienVault Senior Product Manager for USM Central, wrote a blog post recapping the recent improvements to USM Central and outlining his vision for the product in the next few months. You can read the full post here. The highlights include:

• Two-way alarm status and label synchronization
• Orchestration rules management across USM Anywhere deployments
• USM Central API availability (You can find the API documentation here.)

Threat Intelligence Highlights

USM Anywhere receives continuously updated rules and (new!) endpoint queries to detect not only the latest signatures but also higher-level attack tools, tactics, and procedures – all curated for you by the machine and human intelligence of the AlienVault Labs Security Research Team.

The AlienVault Labs Security Research team publishes a weekly threat intelligence newsletter, keeping you informed of the threats they are researching and delivering as actionable threat intelligence automatically to the platform. Read the AlienVault Threat Intelligence newsletters here.

In their spare time, our security researchers break down emerging and evolving threats in excellent blog posts. Recently, the team wrote on the following emerging attacks:

• Off-the-shelf RATs Targeting Pakistan
• Malware Analysis using Osquery Part 1
• ZombieBoy
• Malicious Documents from Lazarus Group Targeting South Korea
• GZipDe: An Encrypted Downloader Serving Metasploit

Until next month!

      

The post AlienVault Product Roundup July / August 2018 appeared first on Cybersecurity Insiders.

August 28, 2018 at 09:09PM

Read More

Meet Gemalto at the Gartner Security and Risk Management Summit

Thinking about attending the upcoming the Gartner Security and Risk Management Summit, 20 – 21 August 2018, in Sydney, Australia?

As a Summit sponsor, we’d like to offer you a special discount code (SECSPONSOR2) that will help save you $425 off the standard conference fee.

If you do plan to attend, please drop by the Gemalto Booth S2 and meet the Gemalto team.

Since the Notifiable Data Breaches (NDB) started on 22 Feb 2018, there have been 305 breaches declared, with compromised credentials being the majority of malicious breaches. Come meet our cyber security experts and discuss how to develop an access management strategy that includes multi-factor authentication to protect your organisation from identity theft.

We would also be happy to discuss how data encryption and encryption key management can help you to transform your cybersecurity, risk management and compliance strategies to meet the pace and scale of today’s digital business whether on-premise or in the Cloud.

During the Networking Reception on Day 1 come and play our CyberHero Virtual Reality game for a chance to win a great prize!

We hope to see you at the Gartner Summit.

The post Meet Gemalto at the Gartner Security and Risk Management Summit appeared first on Cybersecurity Insiders.

August 28, 2018 at 09:09PM

Read More

VMware acquires CloudHealth to bolster Security across native Public Cloud

Virtualization giant VMware has made it official on Monday that it is planning to acquire CloudHealth Technologies for an undisclosed amount. The objective of the purchase is to help enterprises analyze cost, usage, security, and performance of computing environments across public clouds such as Microsoft Azure, AWS and Google Cloud.

VMware is in a plan to integrate CloudHealth platform with its existing Wavefront, Secure State and Cloud Automation services in order to suffice the service needs of its customers in multi-cloud operations.

“The purchase of CloudHealth will benefit our customers as it offers cost management, resource optimization, granular visibility and reporting”, said Raghuram, the COO of Products and Cloud Services, VMware.

For those who aren’t aware of the services provided by Wavefront and Secure State, here’s a briefing from the company COO. The former provides insights and analytics at scale for cloud-native apps, while the latter offers the privilege of customizing configuration standards by searching out discrepancies across multiple cloud assets.

The deal is to provide VMware a substantial amount of customer base of appx. 3000 from Cloud health and this includes world-renowned clients such as Zendesk, Skyscanner, SHI, Dow Jones, and Yelp.

Note- News is out that the deal will close in the 3Q of 2019.

In other news related to the cloud world, Amazon and VMware chose to introduce a version of Amazon’s Cloudbase Database Management Software that is still using on-premise data centers.
The software is said to allow network admins in data centers to run their database across multiple servers, regardless of whether those machines are stored in cloud or in-house. All popular database services which include Microsoft and Oracle will be supported by the latest software which is tentatively titled as Amazon Relational Database Service.

The post VMware acquires CloudHealth to bolster Security across native Public Cloud appeared first on Cybersecurity Insiders.

August 28, 2018 at 11:40AM

Read More

Bank of Spain website hit by DDoS Cyber Attack

Bank of Spain (BoS) which was established in Madrid in 1782 has officially declared that a DDoS cyber attack hit its website database on Sunday last week. However, the company specified in its statement that none of the data of the account holders was compromised in the attack which is reported to have lasted for 4 hours.

Banco De Espana (BoS), now a part of European System of Central Banks has made it clear in its statement that the attack did not impact its banking services or communication with the European Central Bank or other financial institutions and there was no data breach.

Sources reporting to Cybersecurity Insiders say that the attack resulted in blocking the web traffic access to the website for a couple of hours. And the IT staff of the bank acted swiftly to bring back the services to normalcy by early Monday.

Note 1- Distributed Denial of Service Attack (DDoS) also known as the denial of service attack is a variant of the cyber attack in which cybercrooks hit the target computer/server with humungous amounts of fake traffic generated from bots. This targeted fake traffic results in disruption of the hosted website on a temporary note.

Note 2- Bank of Spain is reported to be a national supervisor of the Spanish banking system and is regulated by the law of Autonomy of the Banco De Espana. It is being partially governed by the Spain government and is said to have 9, 05 million troy ounces- as of 2015.

Note 3- Troy Ounces is a unit used to measure precious metals like gold, silver, palladium and such…. 1 Troy ounce is equal to $1200 appx and is subjected to market changes.

The post Bank of Spain website hit by DDoS Cyber Attack appeared first on Cybersecurity Insiders.

August 28, 2018 at 11:36AM

Read More

Chapter Spotlight: London

The (ISC)² London chapter received its official (ISC)² Charter on March 16, 2018, after completing the chartering process and attending the (ISC)² Secure Summit UK earlier this spring.

The London Chapter’s president, James Packer, outlined the chapter’s goals at the Secure Summit UK event, which included plans for hosting the chapter’s own events, forming industry partnerships, and spawning beneficial initiatives such as in education and healthcare.  As a result of the Chapter’s presence at the Summit, over 50 people signed up to become a member of the Chapter. This is a record number of people who have ever signed up to join a chapter at a Secure Summit event in the UK.

The (ISC)² London Chapter’s recently held its first member meeting as an official chapter on June 6, 2018. This was a significant event with a highly engaged, interactive audience. The event was very diverse, covering topics including education, the cyber skills gap, DevSecOps, and deceptive security; education was a key theme for this meeting. 

The inaugural meeting is one of the chapter’s cornerstone initiatives; The chapter members are passionate about taking action towards both raising awareness around the vulnerabilities that people face whilst living in the digital world, and in championing cyber security as a career choice for adolescents considering subject choices at GCSE, A Level and University level.

The meeting was opened by James, the Chapter President, and an update on Chapter activities was provided by each of the officers. James presented a thought-provoking overview of the issues facing the young whilst online and how we can all do our part as individuals.

An extremely lively and engaging panel discussion then ensued, again around education and career development which showed the chapter the level of support and collaboration that so many like-minded people are already involved in or are keen to be involved in.

The meeting also had presentations by subject matter experts: The first presentation, hosted by the chapter’s Membership Officer Omar Saenz Herrera, focused on DevSecOps. The second presentation was on Deceptive Security, presented by Tony Cole, CTO at Attivo Networks.

The meeting ended with some fantastic networking, snacks, and drinks for all attendees.  Additional photos of the event can be found by CLICKING HERE.

(ISC)² London Chapter

Email: membership@isc2londonchapter.co.uk
Website:  www.isc2-london-chapter.com

The post Chapter Spotlight: London appeared first on Cybersecurity Insiders.

August 28, 2018 at 09:08AM

Read More

Google finds flaw in Android Fortnite’ Samsung Installer leading to malware installation

By Waqas

Another day, another Fortnite malware vulnerability. Epic Games’ decision of skipping Google Play Store and releasing Android Fortnite on its official website directly was perceived as an unwise move. We recently informed our readers about the salient repercussions of this decision. It definitely was risky for gamers as they would be encouraged to download from unreliable […]

This is a post from HackRead.com Read the original post: Google finds flaw in Android Fortnite’ Samsung Installer leading to malware installation

August 27, 2018 at 08:13PM

Read More

Earning a Cyber Security Certificate: Pros and Cons

The need for highly skilled cyber security professionals is not slowing down. As cyber crime continues to plague both the public and private sectors, demand is soaring for experts with the skills to help protect businesses and combat ever-evolving threats.

If you’re looking to pursue or advance your career in cyber security, you may be wondering how much education you’ll need to qualify for certain jobs. As cyber crime has intensified over the past decade, new educational programs have emerged to help train aspiring cyber security experts. There are now undergraduate and graduate degrees, along with certificates and certifications focused on cyber security.

In this article we’ll examine the certificate option. Careers in cyber security tend to pay well and — because a certificate requires a significantly smaller investment in time and money than an undergraduate or graduate degree — it can be an appealing option to those looking to get their start in cyber security or make a career switch. But because cyber security is a particularly complex field, a certificate on its own may not be enough. Depending on your goals and your situation, a certificate may or may not offer the return on investment you are seeking. Here’s a related blog on whether certificates are worth your time.

Is a Cyber Security Certificate Right for You?

If you are looking to launch a career in cyber security, it’s very possible that you’ll need more than a certificate to get your foot in the door. In fact, although there is an abundance of job openings, many of these openings exist because employers can’t find candidates with the right level of education and experience.

A certificate may be a good option if you are just looking to learn more about the field and are still considering your career options but are not ready to commit to more than that. On the other hand, if you are more advanced in your career and are looking into pursuing a certificate with the possibility of moving into a degree program, you should make sure to find a certificate program that will allow you to transfer your courses.

A certificate could also be a good option for those working in human resources, information security, web development, computer network architecture or similar tech-related fields who need to brush up their cyber skills but don’t need or want to commit to more.

Since most certificate programs include high-level introductory classes that cover the basics of cyber security, such programs can be a great way to get a taste for what working in the field might be like. However, if you’re hoping to pursue a career in cyber security, a certificate on its own likely won’t suffice to get you where you want to go.

What to Consider When Pursuing a Cyber Security Certificate

1. If you decide that a certificate program is right for you, be sure to find a university that offers graduate programs in cyber security and will allow you to transfer your credits should you decide to advance your education even further.
2. Be wary of for-profit programs. If you are going to pursue a certificate, there are many well-regarded institutions that offer certificate programs and will likely deliver a stronger education coupled with a better reputation.
3. Remember that there is a big difference between a certificate and a certification. While both can be valuable depending on your goals, they are quite different. A certification is typically looked at as the more significant achievement of the two, as a certification is a specialized credential focused on a targeted topic. Certifications are usually offered by professional organizations or companies and typically require recertification after a certain time period. Certificates, on the other hand, are more often geared toward entry-level professionals and are usually offered by a college or university. Certifications are typically geared toward professionals already in the field or with experience and/or education in cyber security.

Final Considerations

If you are looking for a way to learn the basics of cyber security and to determine if the field is the right fit for you, a certificate could be a great choice. However, if you determine that you need more than what a certificate program can offer, you may want to consider the many benefits of a graduate degree in cyber security. With a graduate degree, your earning potential increases significantly and your career options expand dramatically.

Although it takes a more committed investment to pursue a graduate degree vs. a certificate, the return on your investment will almost always be higher as employers continue to seek highly educated experts who are able to adapt and evolve with changing cyber-crime tactics. Ensuring that you have a strong foundation and the right level of education is the first step to building a successful career in cyber security.   

      

The post Earning a Cyber Security Certificate: Pros and Cons appeared first on Cybersecurity Insiders.

August 27, 2018 at 09:09PM

Read More

OCSI Certifies SafeNet Luna PCIe Cryptographic Module for Use as QSigCD and QSealCD

The Italian Organismo di Certificazione della Sicurezza Informatica (OCSI) certified the SafeNet Luna PCIe Cryptographic Module 6.10.9 when embedded within a SafeNet Luna Network HSM 6 “SafeNet Luna HSM 6” for use as a Qualified Electronic Signature Creation Device (QSigCD) and a Qualified Electronic Seal Creation Device (QSealCD). OCSI has published the Attestation of Conformity on its site and also on the list of QSCD approved devices published by the EU Commission.

OCSI’s certification means that organizations can use Gemalto’s solution embedded in a SafeNet Luna Network HSM as a QSigCD and a QSealCD in compliance with the European Union’s (EU) Regulation No 910/2014 (eIDAS). This legislation, which was passed in July 2014, lays out requirements for ensuring the integrity of electronic signatures within the EU. Among them is provision 51, which affirms the following:

It should be possible for the signatory to entrust qualified electronic signature creation devices to the care of a third party, provided that appropriate mechanisms and procedures are implemented to ensure that the signatory has sole control over the use of his electronic signature creation data, and the qualified electronic signature requirements are met by the use of the device.

This isn’t the first time OCSI has certified one of Gemalto’s SafeNet HSM products, but it is the first time for its SafeNet Luna HSM 6 platform.

Organizations can embed this asset within the SafeNet Luna Network HSM 6. From there, they can use SafeNet Luna HSM 6 to ensure the integrity and security of their cryptographic keys across their entire lifecycle. As such, customers need not worry about non-compliance. They can now use SafeNet Luna HSM 6 for eIDAS digital certificates, time stamping and digital signature use cases in compliance with eIDAS requirements. eIDAS is crucial for banking, finance and any other type of situation where the confidentiality/integrity/non-repudiation of a transaction is critical.

Allan MacPhee, Product Manager said: “This certification is beneficial to both customers and Gemalto partners offering Digital Signature solutions as it provides them with the confidence to select SafeNet Luna Network HSMs for projects that require HSMs certified to be used as Qualified Signature / Seal Creation Devices. OCSI’s attestation of conformity will enable existing customers to upgrade their existing Digital Signature implementations to Gemalto’s latest certified product and allow for the expansion of new Digital Signature projects to proceed.

More information on the latest OCSI certification can be found on our Data Protection Updates blog.

The post OCSI Certifies SafeNet Luna PCIe Cryptographic Module for Use as QSigCD and QSealCD appeared first on Cybersecurity Insiders.

August 27, 2018 at 09:09PM

Read More

Avoiding the Security Pitfalls of Digital Transformation

By 2020, 60 percent of enterprises will be implementing a digital transformation strategy as they seek to leverage technologies such as cloud and software-defined infrastructures. However, as they embark on a digitization journey, too many are ignoring security risks that could bite them back later.

Earlier this year, telecommunications giant AT&T developed a cybersecurity report based on interviews with 15 subject matter experts, including several (ISC)² members, to determine who holds responsibility for this transformation process. The report cautions organizations to be sure they evaluate and update their defense systems before implementing digitization plans. “Security models are changing as infrastructure goes virtual. If the number of cyberattacks in the news points to any one pattern, it’s that companies are grappling with how to secure their businesses from ‘edge-to-edge,’ across their endpoints, networks and cloud services,” the report says.

Some companies are taking a short-term approach to cybersecurity by overly relying on cyber insurance. “More than a quarter (28 percent) of organizations see cyber insurance as a substitute for cyber defense investment, rather than as one component of a multi-layered cybersecurity strategy.”

While cybersecurity can address the immediate impact of a breach, it cannot prevent long-term reputational damage. Instead, organizations should take a more balanced, comprehensive approach that includes layered security implementations and help from third parties where appropriate.

The report points out that U.S. companies are the least confident in their in-house security, according to the AT&T 2017 Global State of Cybersecurity survey, with 56 percent of U.S. respondents expressing confidence, compared to 70 percent in EMEA and 72 percent in APAC.

Security Steps

Properly planning for digital transformation requires several steps. The first is to gain an understanding of all security implications and then come up with a plan to address them. Organizations need a solid understanding of the security controls they have in place to determine if they are appropriate as their infrastructures evolve to include software-defined systems and Internet of Things (IoT) devices.

Then they should address whatever gaps they identify through a multi-layered security strategy and advanced security measures. For instance, it makes sense to virtualize security to replace simple firewalls with advanced web filtering and data loss prevention, the report suggests.

Another recommendation is to get buy-in not only from the top but also across the entire enterprise. For one thing, it’s important to recognize that the CFO is often the executive in charge of digital transformation, which means the CFO needs to be part of the team in charge of cybersecurity.

“This might seem counterintuitive for a technical project, but the CFO’s compliance and risk management responsibilities and their budget-allocation powers make them an obvious leader,” the report says. But because of the CFO’s “traditional lack of technical expertise,” the cybersecurity team also needs to include the CISO, CTO or whoever else is responsible for security.

Raising Awareness

To ensure everyone within the organization is invested in digital transformation and security, it makes sense to run training programs and workshops explaining how the new infrastructure will affect day-to-day operations. Cybersecurity awareness training should be ongoing, the report says.

The better a company’s employees understand security risks, the more likely they are to avoid doing something that could cause a breach. As companies become more reliant on digital and automated processes, this will become more important than ever.

The post Avoiding the Security Pitfalls of Digital Transformation appeared first on Cybersecurity Insiders.

August 27, 2018 at 09:09PM

Read More

You are not alone; The Pirate Bay is down for everyone

By Carolina

The Pirate Bay is down for everyone for more than 20 hours. From the United States to India, all around the world authorities have told their Internet service providers (ISPs) to block each and every piracy site including The Pirate Bay but what about when these sites go down due to technical error or cyber attack?  […]

This is a post from HackRead.com Read the original post: You are not alone; The Pirate Bay is down for everyone

August 27, 2018 at 07:58PM

Read More

Turkey hackers sneak into social media accounts of US Journalists

According to the latest alert issued by Cybersecurity Firm CrowdStrike, hackers being funded by Turkish government are said to be breaking into the social media accounts of many US journalists in order to sneak into their minds on the current political situation in the United States.

As US Journalists use their respective social media accounts to voice-in their opinion on various issues prevailing in the United States, Turkish hackers are showing a lot of interest in tapping those who have a negative opinion on the Trump administration.

Perhaps the aim is to hijack their minds and use them against Trump election campaign for the upcoming midterm elections scheduled to be held in November this year.

Some of the hackers have also managed to take over the social media accounts of few of the top-notch US Journalists to praise Turkish President Recep Tayyip Erdogan. The photos of the compromised accounts were shared by Crowdstrike with CNBC which ran a news post on this weekend.

The hacking group behind these attacks is identified as Ayyildiz Tim- a group of hackers who are being funded by Erdogan’s security forces.

Elizabeth MacDonald from Fox news, Tom Keene from Bloomberg, and Vanessa Friedman from the Times were the victims of the recent cyber attack conducted by the Turkish hacking group.

Security researchers from CrowdStrike claim that the accounts can also be later used by hackers to launch phishing attacks on those who are connected or following the journalists. Around 67 of them were identified as victims of the cyber attack by the California based firm.

13 of the spoofed media accounts replicating BBC and other media outlets such as APT Online were also created by the group. But Twitter and Facebook managed to pull them down on time.

IT experts from Times have confirmed the news reported by CrowdStrike and issued a statement that they have succeeded in locking down and securing the account of Freidman.

The post Turkey hackers sneak into social media accounts of US Journalists appeared first on Cybersecurity Insiders.

August 27, 2018 at 11:24AM

Read More

Beware of these 10 email phishing subject lines

Want to keep your PC or network safe from phishing attacks. Then beware of these 10 email phishing subject lines, as they can not only prove notorious (by spreading malware infection to PCs) but can be used to drain down your bank accounts.

1.)    Password check or change of password is required immediately
2.)    A delivery attempt was made
3.)    Press release to all employees
4.)    deactivation of service- Your immediate attention needed
5.)    Bluedart/FedEx/UPS label delivery
6.)    Official data breach notification
7.)    New company policies
8.)    Security Alert
9.)    Revised vacation and sick time policy
10.)    Unusual sign-in activity

Emails suggesting that someone has requested to follow you/ liked your photo/ has mentioned your tweet handle in their tweets are also considered to be notorious.

The subjected lines mentioned here are those who have passed through the corporate filters and landed in the inbox of various users.

How to react when you receive such emails
•    Just mark them as spam if your feel suspicious right from reading the subject lines
•    Hover over the links provided in the email before clicking on them directly
•    Usage of anti-malware solutions makes sense
•    Disable macros to avoid ransomware attacks
•    Never click on unsolicited email attachments
•    Educate yourself and peers on the social engineering attacks happening in the real world
•    Check the Federal Trade Commissions scan alerts on a regular note where you’d find the latest news alerts on the latest security happenings in the cyber landscape.

The post Beware of these 10 email phishing subject lines appeared first on Cybersecurity Insiders.

August 27, 2018 at 11:20AM

Read More

T-Mobile data breach: Personal data of 2 million users stolen

By Waqas

The stolen data also includes “encrypted” passwords. Another day, another T-Mobile data breach. This time, the telecommunication giant T-Mobile has announced that it has suffered a data breach in which unknown hackers have stolen personal data of 2 million customers. According to the official statement by T-Mobile, on August 20th, its cybersecurity firm identified an unauthorized access to certain information […]

This is a post from HackRead.com Read the original post: T-Mobile data breach: Personal data of 2 million users stolen

August 25, 2018 at 07:22PM

Read More

6 ways commercial drones improve our lives

New drone innovations and achievements are commonplace now; it seems the possibilities are endless and the world of science fiction is becoming a reality. For many, this is an exciting time as drone use opens a multitude of new opportunities to enrich and simplify our lives. However, it’s worth bearing in mind that for the commercial use of drones, some security issues have been reported (such as privacy or collisions), as a result, some people still have reservations when it comes to drones and security.

The good news is, these issues should become less prevalent thanks to a systematic approach to secure the drone ecosystem and addressing privacy & security. And at the same time, there are now many more examples of drone use that are truly awe-inspiring; impressive enough to win over even the most drone-skeptic people. With this, we are seeing a gradual increase in ‘drone social acceptance’. So, what are some of the best use cases currently in play?

1. Food deliveries

Modern day life is more hectic that ever – we often don’t have time or the energy to head out into town and track down our next meal. As a result, the food delivery industry is growing at an incredible rate; can the delivery drivers keep up to meet the surging demand? Fortunately for consumers, drones are here to help. As an example, UberEats has announced it will begin delivering fast food by drone soon; In San Diego, delivery time estimates could be between 5-30 minutes with this new system. And it’s not just consumers who would benefit from this; if food deliveries by drone take off (no pun intended), we could see a significant reduction in traffic on our roads, benefiting countless drivers and other industries that rely on clear roads for their business.

2. Drone search and rescue

SAR (Search and Rescue) operations depend on speed, precision and communication, among other things. Unsurprisingly, this is another area where drones are now playing a significant role due to their versatility. Drones are already improving search and rescue times thanks to high tech detectors and quick response and flight times.

When a call for assistance comes in; teams of rescue personnel have to scramble into action, organize themselves, plan the rescue and climb aboard their transport. While this is happening, drones can take off almost immediately, and head over to the scene of the accident; at the scene, the drone can begin assessing the scene and administering aid. Often in these situations, the sooner we can assess an accident, the higher the chances of a successful rescue.

There are already several brilliant examples now of how effective drones can be when it comes to rescue efforts – earlier this year, two teenagers were lucky enough to be rescued near Byron Bay, thanks to a drone. And according DJI, 65 lives last year in total were saved by drones.

3. Medical deliveries

Medical supplies, such as blood and medication, will always be in high-demand across the world. And in some areas, it’s a more urgent situation than others. For example, in the poorest countries, where aid is scarce and time is precious for those in need, the speedy delivery of crucial supplies can be the difference between life and death. Fortunately, drones are here to help. In fact, the world’s fastest ever delivery drone could deliver medical supplies in the US soon. And in Africa, medical drones are already saving many lives, particularly in Rwanda. There is now a delivery network throughout the country, started by a Silicon Valley company called Zipline; in the past year, the network has helped deliver nearly 1000 blood drops. This form of medical delivery is only the beginning; it’s now likely that this method will become the norm in years to come, across the world.

4. Coral mapping

Unfortunately, as many of us know, coral reefs are under threat all over the world due to ocean pollution and global warming. As a result, keeping track of how big they are and where there are most at risk is crucial for conservationists. However, mapping them can be very tricky and expensive when using manned aircraft. So, can drones be the solution to budget and man-power restraints? Fortunately, the answer appears to be YES! An international team of scientists from the Leibniz Centre for Tropical Marine Research (ZMT) has now developed a new method of investigating the condition of coral reefs using drones. This has provided highly valuable data to scientists working tirelessly to protect what is left of the reefs.

According to the leader of the project, Elisa Casella, the detail and accuracy of the images taken can be astonishing, far superior to satellite images. Hopefully, with continued help from a fleet of mapping drones, the reefs will be better-protected and monitored from now on, and the damage to them can be limited.

5. Wildlife protection

From protecting people, to animals. Drones are also in use now when it comes to protecting endangered wildlife, particularly rhinos. Poaching is still a major problem across Africa – in South Africa alone, over 1,200 rhinos were killed in 2014. To help the fight against poachers, drones have been brought in so that we can keep a closer eye on them, which enables the authorities and military to predict their movements and cut them off before they launch an attack.

Drones have also proved to be effective and cost-efficient when monitoring other forms of wildlife, in a variety of different climates. For example, the eBee, a fixed-wing drone, is now used to survey gray seal breeding colonies in the US and Canada.

6. Sports and entertainment filming

Some sports are difficult to film; such as long-distance running, rowing, sailing, and extreme sports. There are places that a normal cameraman simply can’t get to which drones can.

There are of course many other benefits available now thanks to drones; whether it be pollution control or improving traffic flows – both of which are pressing issues in our modern world. For example, drones are far greener than using trucks for deliveries, and traffic flow systems can be greatly improved by a mobile drone that monitors different areas of the network; the data gathered can then be given to a control center team which will then come up with a solution to traffic jams. The list really could go on!

Of course, all these services and use cases will continue to grow exponentially, improving our lives, within a secure drone ecosystem. However, we must ask how consumers will see the commercial use of drones in the future? To answer this, we have conducted a survey across 7 countries. Stay tuned, the next blog will reveal it all.

What are some of the best use cases you’ve seen for drones around the world? Let us know, by tweeting to us @Gemalto. Or leave a comment in the section below. And for more information about the amazing potential of drones and the important of cyber security when using them, see our dedicated webpage, here.

 

The post 6 ways commercial drones improve our lives appeared first on Cybersecurity Insiders.

August 24, 2018 at 09:08PM

Read More