FireSale HackBoy

Knowledge Shared By FireSale HackBoy...

Hacking

The Art Of Exploitation...

Ethical Hacking

Security Experts...Same Techniques To Make Hacker's Stuff Useless.

Black Hat Hacking

Dark Side Of Hacking... In Short Destruction Of Cyber Stuff.

Digital Stuff

All The Digital Stuff Is Under The Influence Of Cyber Attacks... Be Safe

Sunday, June 30, 2019

Malware attack on Yandex Search engine of Russia by ‘Five Eyes’ Intelligence

Russian Internet Search Company ‘Yandex’ was cyber attacked by a malware named ‘Regin’ and the nation’s intelligence is pointing fingers at ‘Five Eyes’ Intelligence sharing alliance formed by Australia, New Zealand, Britain, United States, and Canada.

Reuters which 1st shared the news piece with the world on Friday last week says that the attack was being carried out since October last year and added that the infiltration into the server network of Yandex continued till Nov’18.

Yandex, the largest Russian tech firm which is reported to serve approximately 75% of the Russian Populace said that the attack could have been launched by one or multiple western nations last year. However, the company cleared the air that no data loss or siphoning of data occurred during the period of the incident as it was detected at a very early stage by the Yandex’s security team.

“As the cyber attack was fully neutralized before it could eject any damage, the attack remained concealed from the media due to reasons”, said Ilya Grabovsky, a spokesperson of Yandex Search Engine.

Security analysts from Kaspersky allege that the Regin malware attack was probably meant to gather data intelligence of Yandex users which could be further exploited in the future.

Malware Regin was previously traced on Belgium Telecom service provider “Belgacom” networks in 2012. It is basically an interception malware which was jointly developed by expertise working for US National Security Agency and GCHQ of UK.

Kremlin Spokesperson Dmitry Peskov reacted to the news in a rather sarcastic way by saying that his nation gets attacked by its adversaries every day and the discovery of new attack was not surprising!

The post Malware attack on Yandex Search engine of Russia by ‘Five Eyes’ Intelligence appeared first on Cybersecurity Insiders.


July 01, 2019 at 10:43AM

Amazon data breach leaks sensitive info of Netflix, TD Bank and Ford

Data of Netflix, TD Bank and Ford was allegedly found exposed to hackers on an Amazon Storage bucket which was owned and maintained by data integration and management company ‘Attunity’. The incident was found when a team of researchers from UpGuard was casually looking for vulnerable points to be accessed on Amazon S3 Storage Buckets on May 13th of this year.

The researchers from the Data Breach team of UpGuard argue that the oldest of the data found by them was uploaded in Sept’14. However, they are not clear if the leaked data was publicly accessible since the said time.

Australian Cybersecurity startup UpGuard has cleared the air that its team has informed Attunity on the situation on May 16th of this year. But the service provider reacted to the situation lately i.e. in early June which could have probably deteriorated the situation.

Attunity which was acquired by Pennsylvania based software firm Qlik (now owned by King of Prussia) in last May is yet to release an official statement on this issue.

Cybersecurity Insiders has learned that the leaked info includes business documentation, system credentials, system info, and employee info to a certain extent. A blog post on UpGuard’s website says that the data such as Netflix database
authentication strings, TD Bank Invoices and a preparation slide from Ford were leaked in the incident.

A source from Qlik says that it is aware of the data exposure and has remediated the incident by applying new security standards to Attunity’s storage environments.

Note– Qlik which has over 50,000 customers on a global note was named as a leader in the Magic Quadrant for Analytics and BI for the 9th year in the row this year. It has also bagged the recognition of the Top Ten Most Innovative Companies in Social Good this year.

The post Amazon data breach leaks sensitive info of Netflix, TD Bank and Ford appeared first on Cybersecurity Insiders.


July 01, 2019 at 10:41AM

Saturday, June 29, 2019

Popular Android Zombie game phish users to steal Gmail credentials

By Waqas

The app made its way to Google Play Store was also found phishing users for Facebook credentials. Scary Granny ZOMBY Mod: The Horror Game 2019 is the latest game on Google Play Store that is condemned by the digital security fraternity for sneakily stealing personal data from unsuspecting users. The game, which has been downloaded […]

This is a post from HackRead.com Read the original post: Popular Android Zombie game phish users to steal Gmail credentials


June 29, 2019 at 11:18PM

Friday, June 28, 2019

Crooks steal $28M in crypto using Google Adwords & spoofed domains

By Uzair Amir

Authorities arrested six suspects including five males and one female in simultaneous raids carried out in a joint operation. The raids and subsequent arrests were carried out to trace $28 million worth of stolen Bitcoin.  The raids were conducted as part of a 14-month long, large-scale, global police investigation involving European law enforcement agencies including […]

This is a post from HackRead.com Read the original post: Crooks steal $28M in crypto using Google Adwords & spoofed domains


June 28, 2019 at 09:38PM

2019 top Cloud Security Certifications

As Cloud Computing industry is ever evolving, the workforce has to be re-trained from time to time with updated skills and certifications in order to support the evolving environments.

Cloud Security industry is no exception as the workforce has to train their skills as per the new opportunities in order to live up to the horizon. And the best certification for an individual or the enterprise depends on variables such as industry demand, business needs, cloud platforms, and vendor agnostics.

Two such standout certifications which seem to be evergreen are

Certified Cloud Security Professional(CCSP)-  SANS Institute and ISC2 offer this certification which has succeeded in bagging great accords so far from the industry. From the past few years, Cloud Security Alliance and (ISC)2 have collaborated to design the CCSP certification to the core which helps candidates in designing, managing, and securing data along with applications and infrastructure in the cloud via best practices, policies, and procedures. The said certification also helps the candidates in learning about the basic cloud computing skills given them a strong platform to work for the service providers across the world. This exam costs around USD $580+ per attempt.

Certificate of Cloud Security Knowledge(CCSK)- Cloud Security Alliance offers CCSK certification where candidates need to showcase their skills related to technicalities and abilities to develop holistic cloud security programs accepted on a global note. This exam costs around USD $386+ per attempt.

For those interested in serving the industry related to IaaS Services, there are various vendor-specific certifications that could help employees in getting trained in certifications related to AWS, Microsoft and others like Salesforce. Those trained in these skills can stay assured that their skills get the right kind of cognizance from the employers within no time.

The post 2019 top Cloud Security Certifications appeared first on Cybersecurity Insiders.


June 28, 2019 at 08:52PM

Mozilla’s ‘Track This’ lets you choose fake identity to deceive advertisers

By Waqas

Track This is a new kind of incognito, says Mozilla. It is a fact that everything that you do on the Internet such as using Facebook or Twitter, online shopping or aimlessly surfing the web, is being tracked. Haven’t you noticed that as soon as you search for something, ads relevant to the search start […]

This is a post from HackRead.com Read the original post: Mozilla’s ‘Track This’ lets you choose fake identity to deceive advertisers


June 28, 2019 at 08:32PM

Bitglass Security Spotlight: Canada’s Largest Credit Union Suffers Massive Data Breach

This post was originally published here by Will Houcheime .

Here are the top cybersecurity stories of recent weeks:  

  • Desjardins experiences data breach exposed by previous employee
  • Emuparadise forum member information disclosed
  • Venmo transactions scraped as privacy settings warning
  • Maryland medical records uncovered
  • The US Customs and Border Patrol claim hacked travelers

Desjardins, Canada’s largest credit union, exposed by ex-employee

Desjardins recently discovered that an employee gained access to a database containing information of 2.9 million accounts, which included 2.7 million home users and 173,000 business contacts. Since learning about the exposure, the credit union has fired the employee responsible. Desjardins representatives were able to report that no credit card numbers were uncovered, but that personally identifiable information (PII) had been exposed. This includes first and last names, dates of birth, Social Insurance Numbers (SINs), and addresses for home users. In addition, business accounts had their names, addresses, and phone numbers scraped. Those affected have been addressed by the Credit Union with notification letters. Despite this being the first documented data breach in Desjardins’ company history, the credit union has been quick to add procedure and policy changes to further protect their valued customers. 

1.1 million Emuparadise gaming accounts breached

Gaming site, Emuparadise, reportedly experienced a data breach that left 1.1 million accounts vulnerable. The breach was first discovered in April 2018, but was treated as an allegation. Community members were claiming notices from HackNotice that their information was at risk of exposure. The information included IP addresses, email addresses, passwords, and usernames. It was reported that the stolen information was stored as MD5 hashes. The validity of the exposure was brought to the attention of the gaming site about two weeks ago, when their personnel received notice from DeHashed.com that a certain database was indeed infiltrated. 

Venmo transactions poached as privacy settings caution

Computer science student, Dan Salmon, accessed 7 million Venmo transactions to prove that privacy settings are not being implemented by Venmo users. This underlines that public activity on Venmo can easily be exposed and that users should pay closer attention to changing their account settings to set their transaction settings to private. Venmo users experienced a similar vulnerability a year ago, when a Mozilla user was able to download 207 million transactions. This showcases that Venmo has certain account settings set as a default, which can lead to easy exposure and information scraping. Since then, in an attempt to protect user data, Venmo has tried to make it more difficult for hackers to scrape information from their users instead of defaulting the transactions to private.

Maryland patients at risk of stolen medical records

Following a massive American Medical Collection Agency (AMCA) data breach, many Maryland patients have become at risk of exposure. The AMCA witnessed about 20 million accounts getting exposed last August, which included businesses such as Quest Diagnostics, LabCorp, BioReference Laboratories, and Carecentrix. The compromised data varies for each of the affected companies, but it included patient names, dates of birth, addresses, phone numbers, balances, payment card numbers, and bank accounts. Attorney General Brian E. Frost recently warned Maryland residents to be vigilant about their personal information, as it could be misused in adverse ways.  Patients are being urged to take steps such as obtaining a free credit report, putting a fraud alert on credit files, and considering an account freeze to limit financial risks. 

Unauthorized US Customs and Border Patrol server hacked

The US Customs and Border Patrol (CBP) has discovered that a subcontractor used for data storage was recently breached. The subcontractor transferred copies of license plates and facial recognition photos of those crossing the US-Mexico border. The subcontractor copied the information in violation of the Customs and Border Patrol policies and without the CBP’s authorization or knowledge. The network on which the copies were placed was shortly hacked by a cyberattack, and the CBP has placed full blame on the subcontractor. Although the subcontractor remains nameless, it was reported by The Register, that Boris Bullet-Dodger permeated Perceptics, the company which provides license plate reader technology. The CBP has reported that the hacker did not manage to further penetrate internal networks.   

Photo:The SSL Store

The post Bitglass Security Spotlight: Canada’s Largest Credit Union Suffers Massive Data Breach appeared first on Cybersecurity Insiders.


June 28, 2019 at 07:46PM

EMEA SKILLS GAP PUTS CYBER WORKERS AT A DISADVANTAGE AGAINST ATTACKERS

This post was originally published here by (ISC)² Management.

A severe cybersecurity skills gap in EMEA (European, Middle East and Africa) is making it hard for cybersecurity staff to cope with their workloads or acquire the skills they need to handle emerging technologies, according to a new report by Symantec.

Cybersecurity workers believe they are at a serious disadvantage against attackers. Simply finding the time to learn emerging technologies, such as those related to mobility and cloud, is a challenge for a workforce whose experience as a group ranges from 10 to 30 years, the report says.

“Declining skills are highly problematic for cyber security professionals, who are effectively in an arms race, in which talent and skill are their most important weapons. Unfortunately, enterprises feel they are falling behind in precisely this area,” according to the report, High Alert: Tackling Cyber Security Overload in 2019. The report is based on the findings of a study conducted by the University of London for Symantec of more than 3,000 security decision makers in France, Germany and the United Kingdom.

Citing an IDC statistic, the report says 97% of European enterprises agree a skills gap exists and that it has negative effects. “It means only 3% of enterprises in Europe believe the industry has the requisite talent to deliver on its mandate – to ensure business integrity and protect sensitive company, customer and shareholder data,” the report says.

Cybersecurity Workforce StudyThe cybersecurity skills gap is well documented. (ISC)²’s Cybersecurity Workforce Study, 2018 found that the EMEA region has a shortfall of 142,000 cybersecurity workers. Worldwide, the skills shortage is nearly 3 million, with Asia Pacific experiencing the biggest gap, 2.14 million. The shortfall in North America is about 500,000.

Cyber Struggles

The Symantec report paints a dire picture of the current struggles of cybersecurity teams in Europe. Nearly half of survey participants (45%) say technological change is happening faster than their businesses can adapt; 48% believe attackers “have a raw skills advantage over defenders;” and 44% say their team lacks the necessary skillset to fight cyber threats.

In addition, 33% say the volume of threat makes it harder to protect their organizations. Perhaps not surprisingly, 49% of participants say attackers have unprecedented access to resources and support provided by bad actors.

Even with all these challenges, the report says only 4% to 8% of IT budgets are allocated to security. Those amounts often don’t even cover the costs of hiring and retaining security professionals, which forces CIOs, CISOs and security managers to ask for more money.

Citing information from the Symantec CISO Forum in February 2019, the report says that hiring a cyber professional takes at least six months and often takes even longer – nine to 12 months. As a result, CISOs are taking a pragmatic approach of teaching skills on the job to candidates who make up for lack of experience with “attitude, mindset and potential.”

To help address the skills gap, the report recommends that cyber workers do a better job of learning from each other and take advantage of cloud-based security solutions, managed services and automation. These steps will help reduce repetitive, mundane tasks and let cyber workers focus on higher-value work.

(ISC)² offers free on-demand courses to its members and associates online through its Professional Development Institute in order to help cybersecurity professionals learn new skills at a pace and timing that works for them. These courses are also available for purchase to non-members. To see a listing of available courses, please visit: https://www.isc2.org/development

Photo:Trade & Investment | Wales

The post EMEA SKILLS GAP PUTS CYBER WORKERS AT A DISADVANTAGE AGAINST ATTACKERS appeared first on Cybersecurity Insiders.


June 28, 2019 at 07:29PM

THE PARENT TRAP: LACK OF KNOWLEDGE HOLDS CHILDREN BACK FROM CYBERSECURITY CAREERS

This post was originally published here by (ISC)² Management.

Parents can play an influential role in their children’s choice of careers but when it comes to cybersecurity, most parents have no advice to give. That’s because they really don’t know much, if anything, about the subject.

survey by cybersecurity training provider SANS Institute revealed that 63% of parents in the U.K. can’t answer questions about how to find a job in the cybersecurity field. Almost as many parents (61%) said they have little or no knowledge of any career opportunities in the industry, even though 91% said they have heard of cybersecurity.

And despite the high earning potential of cybersecurity careers, 72% of parents said they’ve never considered a career in the field for their children. This lack of knowledge among parents is troubling considering the EMEA (Europe, Middle East, Africa) region currently has a 142,000 shortage of cybersecurity workers, based on (ISC)² research. If children aren’t receiving advice to consider a cybersecurity career, this lowers the prospect of closing the gap any time soon.

“These findings should be seen as a wakeup call to the cybersecurity industry that it needs to do more to promote itself,” said James Lyne, CTO, SANS Institute. “The only people who can really spread that message are those working in the industry already – it’s another way to help close the skills gap we are currently suffering.”

Cyber Misconceptions

While parental knowledge of cyber careers is seriously lacking, there seems to be more awareness of IT careers. More than a quarter of survey participants (27%) said IT is one of the top five career choices for their eldest child, an indication that parents understand the career potential in the overall IT field.

Interestingly, 69% of parents indicated they thought cybersecurity is taught in school, and 87% said they would like their children to learn about cybersecurity as part of the curriculum and in extracurricular activities.

These findings are evidence that if parents aren’t advising their children to pursue cybersecurity career opportunities, it isn’t out of prejudice against the field. Rather, it’s because they really don’t know enough about it and, given the choice, they want their children to learn more about the subject.

Signs of Hope

On a positive note, the SANS Institute also polled U.K. students and found 46% of them have heard of cybersecurity from their parents. With a little more knowledge among parents, it is likely that interest in cyber careers would get a boost.

To achieve that, as Lyne suggested, the industry has some work to do. Collaboration with schools in raising cybersecurity awareness and education among students and parents would be a step in the right direction. Such efforts may take time, but are definitely worth considering. The alternative is the continuation of the cybersecurity skills gap well into the future.

Photo:Digital Health

The post THE PARENT TRAP: LACK OF KNOWLEDGE HOLDS CHILDREN BACK FROM CYBERSECURITY CAREERS appeared first on Cybersecurity Insiders.


June 28, 2019 at 07:13PM

Thursday, June 27, 2019

Acquisitions happening in the field of Artificial Intelligence

UBER, an American multinational transportation sharing company has formally announced that it has acquired computer vision startup ‘Mighty AI’ for an undisclosed amount. The financial details of the deal remain undisclosed, but over 40 employees of the company which produces tech for self-driving cars are said to join UBER by next month end.

Mighty AI offers software that helps self-driving cars to access their surroundings by autonomously identifying and distinguishing the objects surrounding the vehicle.

“Uber is said to use the tech to enhance the ride experience for its users through self-driving cars”, said Jon Thomson, Vice President of software engineering for the Uber Division.

“We are excited to pair Mighty AI’s Platform and expertise with Uber to generate high-quality labeled data and integrating it into Uber ATG’s World Class Research and Engineering to develop self-driving cars”, said Daryn Nakhuda, the Chief Executive of Mighty AI.

Uber has become the world’s leading ridesharing transport operator and intends to deploy autonomous vehicles and flying cars in the coming years.

Meanwhile, in other news related to acquisitions Apple Inc has confirmed that it has acquired self-driving shuttle services provider ‘Drive.ai’ for an undisclosed amount.

The objective behind the firm’s acquisition is to enhance the engineering talent to boost Apple’s own tech of self-driving cars.

As of now, Drive.ai which has been running a small fleet of test shuttles in Texas was planning to shut down the startup by this year-end.

The post Acquisitions happening in the field of Artificial Intelligence appeared first on Cybersecurity Insiders.


June 28, 2019 at 11:31AM

Office 365 Phishing Protection – Is Native Microsoft Protection Safe?

By ghostadmin

For the last couple of years, there has been a surge in phishing attacks against businesses and unsuspecting users. What’s worse is that phishing, which was previously merely a fraudulent attempt to obtain sensitive information, is now spreading malicious content including ransomware. While tech and cybersecurity companies are focusing on providing top-notch security to their […]

This is a post from HackRead.com Read the original post: Office 365 Phishing Protection – Is Native Microsoft Protection Safe?


June 28, 2019 at 04:17AM

ViceLeaker Android malware steals call recordings, photos, videos & texts

By Waqas

Israeli Citizens are the Primary Target of New Android Mobile Spying Campaign Using ViceLeaker Malware, says Kaspersky. Kaspersky Lab researchers discovered an Android malware campaign active since 2016 and still going strong. Dubbed ViceLeaker; researchers claim that it is the product of a group of hackers that is specifically targeting Middle Eastern and Israeli citizens. […]

This is a post from HackRead.com Read the original post: ViceLeaker Android malware steals call recordings, photos, videos & texts


June 27, 2019 at 08:13PM

The Parent Trap: Lack of Knowledge Holds Children Back from Cybersecurity Careers

Parents can play an influential role in their children’s choice of careers but when it comes to cybersecurity, most parents have no advice to give. That’s because they really don’t know much, if anything, about the subject.

A survey by cybersecurity training provider SANS Institute revealed that 63% of parents in the U.K. can’t answer questions about how to find a job in the cybersecurity field. Almost as many parents (61%) said they have little or no knowledge of any career opportunities in the industry, even though 91% said they have heard of cybersecurity.

And despite the high earning potential of cybersecurity careers, 72% of parents said they’ve never considered a career in the field for their children. This lack of knowledge among parents is troubling considering the EMEA (Europe, Middle East, Africa) region currently has a 142,000 shortage of cybersecurity workers, based on (ISC)² research. If children aren’t receiving advice to consider a cybersecurity career, this lowers the prospect of closing the gap any time soon.

“These findings should be seen as a wakeup call to the cybersecurity industry that it needs to do more to promote itself,” said James Lyne, CTO, SANS Institute. “The only people who can really spread that message are those working in the industry already – it’s another way to help close the skills gap we are currently suffering.”

Cyber Misconceptions

While parental knowledge of cyber careers is seriously lacking, there seems to be more awareness of IT careers. More than a quarter of survey participants (27%) said IT is one of the top five career choices for their eldest child, an indication that parents understand the career potential in the overall IT field.

Interestingly, 69% of parents indicated they thought cybersecurity is taught in school, and 87% said they would like their children to learn about cybersecurity as part of the curriculum and in extracurricular activities.

These findings are evidence that if parents aren’t advising their children to pursue cybersecurity career opportunities, it isn’t out of prejudice against the field. Rather, it’s because they really don’t know enough about it and, given the choice, they want their children to learn more about the subject.

Signs of Hope

On a positive note, the SANS Institute also polled U.K. students and found 46% of them have heard of cybersecurity from their parents. With a little more knowledge among parents, it is likely that interest in cyber careers would get a boost.

To achieve that, as Lyne suggested, the industry has some work to do. Collaboration with schools in raising cybersecurity awareness and education among students and parents would be a step in the right direction. Such efforts may take time, but are definitely worth considering. The alternative is the continuation of the cybersecurity skills gap well into the future.

The post The Parent Trap: Lack of Knowledge Holds Children Back from Cybersecurity Careers appeared first on Cybersecurity Insiders.


June 27, 2019 at 09:08PM

Cyber Attack news trending now on Google

1.) Paying a ransom to hackers seems to be picking up as a trend these days as another city from Florida is alleged to have bowed down to the demands of hackers on a recent note. On Tuesday this week, the news was out that the Lake City of Florida has paid hackers up to $460,000 in Bitcoins to free-up its database from file-encrypting malware.

And the news comes just days after Riviera beach of Florida has made it official that it has paid to hackers $600,000 in digital currency to recover from a ransomware attack.

What’s interesting in this fact is that the latest media revelations have made the private matter public, paving the way or encouraging more such victims to bow down to the demands of hackers.

Note 1- FYI, there is no guarantee that such payments will always help you in freeing up your database from ransomware attacks.

2.) European Union shortly known as EU is all set to conduct war games in order to prepare its nations IT Infrastructure from cyber attacks emerging out from Russia and China.

As a series of recent incidents on the UK have alarmed the governments, Pekka Haavisto, the foreign minister of Finland has decided to react first on behalf of the 28 member states. So, his nation has decided to conduct cyber war games in order to prepare themselves for such attacks on critical infrastructure.

Finland took the decision after conducting a detailed inquiry on the incident which occurred in last October where Russia blocked the GPS signals of Finnish military during its participation in NATO Military Exercises in Norway.

Note 2- Kremlin was found guilty in blocking the GPS signals of Finnish Military and was also found to be involved in a cyber attack on International Chemical Weapons Watchdog which was later foiled by Dutch Military Intelligence.

3) Baltimore city which was digitally immobilized due to a ransomware attack has decided to approve an additional $10 million grant in excess to cover the financial loss incurred due to the incident which happened almost two months ago.

As the attack moved into its 8th week, the fund was sanctioned out of emergency to technologically recover from the hack.

As systems such as water billing and real estate dealings went offline due to the impact from cyber attack the city needed monetary help to replace the systems.

So, the fund was much needed to recover from the loss of $18 million from the hack.

The post Cyber Attack news trending now on Google appeared first on Cybersecurity Insiders.


June 27, 2019 at 09:01PM

Wednesday, June 26, 2019

Ransomware attack on Auburn Food Bank

Auburn Food Bank of Washington has admitted that it has become a victim of a ransomware attack recently bringing its entire computer network to halt. The authorities have confirmed that only one PC on the network was safe from being encrypted and so is being used for the digital charity activities for time being.

Auburn Food Bank which is located in King County of Washington is known to provide food for the families and individuals residing in and around the Auburn School District.

At 2 am on June 5th of this year the non-profit organization was hit by a ransomware strain called GlobeImposter 2.0 making the files and emails inaccessible. A ransom amount in Bitcoins was demanded by the hackers in order to decrypt the files.

Debbie Christian, the director of Auburn Food Bank says that her team is not going to bow down to the hackers and will never pay the ransom, as suggested by the law enforcement agencies.

Prima Facie suggests that the alternative to retrieve the files through backups would be successful only if the infected equipment is replaced at a cost of $8000.

The organization which offers relief to destitute is encouraging the public to make a one-time donation to the food bank by this month end. Those who cannot support the cause on the financial note could volunteer their skills and time to the food bank by providing support in creating word and excel files all by working from home.

The post Ransomware attack on Auburn Food Bank appeared first on Cybersecurity Insiders.


June 27, 2019 at 10:41AM

Bad Cyber Security practices in 8 Government Agencies

Over 8 government agencies have been reported for practicing bad when it comes to following a cybersecurity protocol while handling data of US populace, thus exposing it to hackers.

The report which was made public yesterday by US Senators Rob Portman and Tom Carper, the high ranking members and chairman of US Senate Permanent Subcommittee on Investigations related to Homeland Security and Governmental Affairs.

Cybersecurity Insiders has learned that the report was compiled after analyzing data of the past ten years pertaining to Inspector General with regards to compliance with federal information security standards.

It took over 10 months to create the report with regards to the cybersecurity compliance of over 8 US government agencies and the list as follows 1) The Department of State 2.) The department of transportation 3.) The department of housing and urban development 4.) The Department of agriculture 5.) The department of health and human services 6.) The department of education 7.) The social security administration and 8.) The Department of Homeland Security

US Senate has confirmed that the IT managers of the departments never showed interest in keeping the software updates to the system to date and never maintained cyber hygiene for connecting devices exposing them to various cyber vulnerabilities.

IT staff of the agencies never tried to make changes or improve the security posture in their work environment and so this has deteriorated the situation furthermore. For instance, the agencies used legacy systems or applications which were never supported by the manufactures like the usage of Windows XP which is now an obsolete product of Microsoft.

As most of the Chief Information Officers working for the agencies did not have the ability to take technical decisions on an open note, the IT infrastructure of the state government was totally in a Limbo putting the data of Americans at risk.

The post Bad Cyber Security practices in 8 Government Agencies appeared first on Cybersecurity Insiders.


June 27, 2019 at 10:39AM

EMEA Skills Gap Puts Cyber Workers at a Disadvantage Against Attackers

A severe cybersecurity skills gap in EMEA (European, Middle East and Africa) is making it hard for cybersecurity staff to cope with their workloads or acquire the skills they need to handle emerging technologies, according to a new report by Symantec.

Cybersecurity workers believe they are at a serious disadvantage against attackers. Simply finding the time to learn emerging technologies, such as those related to mobility and cloud, is a challenge for a workforce whose experience as a group ranges from 10 to 30 years, the report says.

“Declining skills are highly problematic for cyber security professionals, who are effectively in an arms race, in which talent and skill are their most important weapons. Unfortunately, enterprises feel they are falling behind in precisely this area,” according to the report, High Alert: Tackling Cyber Security Overload in 2019. The report is based on the findings of a study conducted by the University of London for Symantec of more than 3,000 security decision makers in France, Germany and the United Kingdom.

Citing an IDC statistic, the report says 97% of European enterprises agree a skills gap exists and that it has negative effects. “It means only 3% of enterprises in Europe believe the industry has the requisite talent to deliver on its mandate – to ensure business integrity and protect sensitive company, customer and shareholder data,” the report says.

Cybersecurity Workforce StudyThe cybersecurity skills gap is well documented. (ISC)²’s Cybersecurity Workforce Study, 2018 found that the EMEA region has a shortfall of 142,000 cybersecurity workers. Worldwide, the skills shortage is nearly 3 million, with Asia Pacific experiencing the biggest gap, 2.14 million. The shortfall in North America is about 500,000.

Cyber Struggles

The Symantec report paints a dire picture of the current struggles of cybersecurity teams in Europe. Nearly half of survey participants (45%) say technological change is happening faster than their businesses can adapt; 48% believe attackers “have a raw skills advantage over defenders;” and 44% say their team lacks the necessary skillset to fight cyber threats.

In addition, 33% say the volume of threat makes it harder to protect their organizations. Perhaps not surprisingly, 49% of participants say attackers have unprecedented access to resources and support provided by bad actors.

Even with all these challenges, the report says only 4% to 8% of IT budgets are allocated to security. Those amounts often don’t even cover the costs of hiring and retaining security professionals, which forces CIOs, CISOs and security managers to ask for more money.

Citing information from the Symantec CISO Forum in February 2019, the report says that hiring a cyber professional takes at least six months and often takes even longer – nine to 12 months. As a result, CISOs are taking a pragmatic approach of teaching skills on the job to candidates who make up for lack of experience with “attitude, mindset and potential.”

To help address the skills gap, the report recommends that cyber workers do a better job of learning from each other and take advantage of cloud-based security solutions, managed services and automation. These steps will help reduce repetitive, mundane tasks and let cyber workers focus on higher-value work.

(ISC)² offers free on-demand courses to its members and associates online through its Professional Development Institute in order to help cybersecurity professionals learn new skills at a pace and timing that works for them. These courses are also available for purchase to non-members. To see a listing of available courses, please visit: https://www.isc2.org/development

The post EMEA Skills Gap Puts Cyber Workers at a Disadvantage Against Attackers appeared first on Cybersecurity Insiders.


June 27, 2019 at 09:08AM

New Windows 10 bug causes PCs to take longer to shut down

By Uzair Amir

Windows 10 bug: If you have a device connected via cable to the USB Type-C input, you may have to wait another minute to turn off your computer – The bug exists in USB Type-C Connector System Software Interface (UCSI) software. The new bug in Windows 10 is not a serious one, but it somewhat […]

This is a post from HackRead.com Read the original post: New Windows 10 bug causes PCs to take longer to shut down


June 27, 2019 at 03:42AM

New attack spreads LokiBot & NanoCore malware in ISO image files

By Waqas

Both NanoCore and LokiBot are Info-stealing Trojans. Security researchers at the San Francisco-based firm Netskope have discovered a new malware campaign distributing the info-stealer malware LokiBot and NanoCore via ISO image file attachments that appear to be an invoice. It is noteworthy that LokiBot malware was discovered back in October 2017 and is equipped with […]

This is a post from HackRead.com Read the original post: New attack spreads LokiBot & NanoCore malware in ISO image files


June 26, 2019 at 07:51PM

EMEA Skills Gap Puts Cyber Workers at a Disadvantage Against Hackers

A severe cybersecurity skills gap in EMEA (European, Middle East and Africa) is making it hard for cybersecurity staff to cope with their workloads or acquire the skills they need to handle emerging technologies, according to a new report by Symantec.

Cybersecurity workers believe they are at a serious disadvantage against attackers. Simply finding the time to learn emerging technologies, such as those related to mobility and cloud, is a challenge for a workforce whose experience as a group ranges from 10 to 30 years, the report says.

“Declining skills are highly problematic for cyber security professionals, who are effectively in an arms race, in which talent and skill are their most important weapons. Unfortunately, enterprises feel they are falling behind in precisely this area,” according to the report, High Alert: Tackling Cyber Security Overload in 2019. The report is based on the findings of a study conducted by the University of London for Symantec of more than 3,000 security decision makers in France, Germany and the United Kingdom.

Citing an IDC statistic, the report says 97% of European enterprises agree a skills gap exists and that it has negative effects. “It means only 3% of enterprises in Europe believe the industry has the requisite talent to deliver on its mandate – to ensure business integrity and protect sensitive company, customer and shareholder data,” the report says.

Cybersecurity Workforce StudyThe cybersecurity skills gap is well documented. (ISC)²’s Cybersecurity Workforce Study, 2018 found that the EMEA region has a shortfall of 142,000 cybersecurity workers. Worldwide, the skills shortage is nearly 3 million, with Asia Pacific experiencing the biggest gap, 2.14 million. The shortfall in North America is about 500,000.

Cyber Struggles

The Symantec report paints a dire picture of the current struggles of cybersecurity teams in Europe. Nearly half of survey participants (45%) say technological change is happening faster than their businesses can adapt; 48% believe attackers “have a raw skills advantage over defenders;” and 44% say their team lacks the necessary skillset to fight cyber threats.

In addition, 33% say the volume of threat makes it harder to protect their organizations. Perhaps not surprisingly, 49% of participants say attackers have unprecedented access to resources and support provided by bad actors.

Even with all these challenges, the report says only 4% to 8% of IT budgets are allocated to security. Those amounts often don’t even cover the costs of hiring and retaining security professionals, which forces CIOs, CISOs and security managers to ask for more money.

Citing information from the Symantec CISO Forum in February 2019, the report says that hiring a cyber professional takes at least six months and often takes even longer – nine to 12 months. As a result, CISOs are taking a pragmatic approach of teaching skills on the job to candidates who make up for lack of experience with “attitude, mindset and potential.”

To help address the skills gap, the report recommends that cyber workers do a better job of learning from each other and take advantage of cloud-based security solutions, managed services and automation. These steps will help reduce repetitive, mundane tasks and let cyber workers focus on higher-value work.

(ISC)² offers free on-demand courses to its members and associates online through its Professional Development Institute in order to help cybersecurity professionals learn new skills at a pace and timing that works for them. These courses are also available for purchase to non-members. To see a listing of available courses, please visit: https://www.isc2.org/development

The post EMEA Skills Gap Puts Cyber Workers at a Disadvantage Against Hackers appeared first on Cybersecurity Insiders.


June 26, 2019 at 09:08PM

Microsoft bans employees from using these apps for Security reasons

Microsoft has already banned the use of rival apps and services from Google and Amazon. Now it seems to have extended the list by adding a few early this month. According to a report being circulated internally by Microsoft, the Redmond giant has banned the use of apps such as the free version of slack among its employees.

This includes the use of Slack Free, Slack Standard, and Slack Plus versions as they do not provide proper security controls to protect the intellectual property of the software giant.

According to Microsoft’s internal report services such as Google Docs, Kaspersky Security Software usage, Amazon Web Services, the Cloud version of GitHub, PagerDuty, and Online AI Powered writing assistant Grammarly.

Instead, the company is encouraging its employees to use the services such as ‘Microsoft Teams’ which can later be integrated by Office 365 Apps along with calling & Meeting functionality.

Also if the employees have to use the services from Amazon Web Services and Google Docs then they need to give a business justification on how the services are superior to Microsoft Azure Cloud and Office 365.

As online writing assistant Grammarly has induced Office Add-on into its browser extension there is a high probability that it can offer access to Information Rights Management (IRM) to protect content within emails and documents.

Note- Slack recently announced its public trading debut with a $23 billion value. It is said to have over 90 million users with over 100,000 subscribers.
So, will Google and Amazon follow the same as retaliation…?

The post Microsoft bans employees from using these apps for Security reasons appeared first on Cybersecurity Insiders.


June 26, 2019 at 08:46PM

7 Easy-to-Use Java Performance Tuning Tips

By Owais Sultan

Are you looking for easy-to-use Java performance tuning tips because you want to learn more developer knowledge and experience because of the current over-complicated process of optimization techniques? With a bit of practice, there are a few easy ways to learn best practices that allow you to build and optimize a well-designed and executed application. […]

This is a post from HackRead.com Read the original post: 7 Easy-to-Use Java Performance Tuning Tips


June 26, 2019 at 04:13PM

How Phishing Has Evolved in 2019

By David Balaban

Phishing attacks host every kind of malware and ransomware attack but what’s worse is that these attacks are on the rise. Starting in 2012, ransomware took the Internet by storm, thanks to latest phishing techniques. Unsuspecting and unprepared users, both individuals and businesses, found their screens frozen, their data no longer their own, and the […]

This is a post from HackRead.com Read the original post: How Phishing Has Evolved in 2019


June 26, 2019 at 03:39PM

Tuesday, June 25, 2019

How Doxing can prove as a threat to Cloud Security

Before getting into the details on how ‘Doxing’ could pose a threat to cloud security, let’s first understand the term in a technical way. Well, it is the term which gained momentum from situations where hackers gain personal details of targets and used that data to embarrass them on a further note.

Often cyber crooks are seen screening email & social media accounts of celebrities to access and then later publicly post their memorabilia such as N%$E photographs of celebrities on public platforms- either to gain financially or to further embarrass the victim.

Now, coming to the detail on how the term ‘Doxing’ can apply to cloud environments, here’s a gist on it. Attackers usually gather details about a company and its employees from social media accounts or from the websites where their details are dispersed. This publicly available info can then give them a chance to collect details on human security flaws causing significant damage to the reputation of the company.

In today’s world, Cloud providers give a lot of customizable options for developers to write or run applications to be hosted on cloud platforms. As developers have the concern to complete the projects on time, their show laxity towards security practices which often lead hackers to exploit those flaws from the security viewpoint.

Getting details of developers is not a tough job these days as many tech-related discussion platforms can pave way for criminals to send spear phishing emails to attackers.

So, security teams which are testing the cloud platforms with pen tests should also consider the attacker’s reconnaissance abilities while testing their programs. This helps in remediating human security errors like outlining strict norms for employees on what to post and what not to on public platforms.

The post How Doxing can prove as a threat to Cloud Security appeared first on Cybersecurity Insiders.


June 26, 2019 at 10:23AM

Cellular networks worldwide hit by hackers in espionage attempt

By Uzair Amir

Cybereason, an Israeli-US security firm based in Boston, has reported that certain nation-state hackers managed to compromise the systems of no less than ten cellular carriers across the globe to steal metadata of specific users. Without naming anyone, the company claims that the targeted users and the attackers both belong to China.  The campaign is […]

This is a post from HackRead.com Read the original post: Cellular networks worldwide hit by hackers in espionage attempt


June 25, 2019 at 09:10PM

Telecommunication Companies across the world are hacked

Over a dozen Mobile Carriers from across the world are reported to be under the control of hackers who could shut down the mobile network creating a partial or total blackout any time soon!

Yes, you’ve read it right!

A Boston based security company named Cybereason has discovered the above-said fact in its recent study and added that hackers are holding tons of data by taking control of databases of most of the phone network providers operating in Asia, Africa, Europe, and North America along with the Middle East.

News is out that the infiltration into the network took place in 2012 who then started gaining access to hundreds of gigabytes of data of people. If made public, the activity can easily constitute a massive data breach clearly suggesting that the mobile carriers have completely failed to protect the data of their respective users from past 7-8 years.

Cybereason researchers have found that the cyber crooks have gained data access to such an extent that not only do they now have usernames and passwords, but also have created a bunch of domain privileges for themselves which could also lead to a complete network shut down someday.

“The hack on mobile carriers is said to have reportedly provided cyber crooks access to information such as call logs, text messages, geolocation data. They have already filtered the data to target high-profile victims working for government and military agencies from the west”, says Mor Levi, Vice President, Cybereason.

“The hack was a part of a global Chinese cyber attack campaign dubbed as ‘Operation Soft Cell’ probably having links to Beijing”, said Lior Div, Chief Executive, Cybereason.

Note- The Massachusetts based company has come to a conclusion of Chinese presence in the hack based on the hacking tools used to infiltrate the networks of mobile carriers which were similar to those used by Chinese hacking group named APT10.

The post Telecommunication Companies across the world are hacked appeared first on Cybersecurity Insiders.


June 25, 2019 at 08:50PM

Researchers exploit LTE flaws to send 50,000 fake presidential alerts

By Waqas

Researchers managed to cover a 50,000 seat football stadium using only four malicious portable stations. A group of security researchers from the University of Colorado Boulder has published a paper detailing the findings of their latest research revealing that LTE vulnerabilities can help attackers send out fake presidential alerts. To do this, they only need […]

This is a post from HackRead.com Read the original post: Researchers exploit LTE flaws to send 50,000 fake presidential alerts


June 25, 2019 at 07:29PM

9 risky apps that you need to monitor on your kids’ smartphone

By Owais Sultan

Parents should know if their under 18 child has these apps on their smartphone – No underage child should use these apps. Apart from being a great invention, smartphones are also taken as a most apt tool for killing time. Kids between the age of 11-19 spend 90 percent of their times on their cell […]

This is a post from HackRead.com Read the original post: 9 risky apps that you need to monitor on your kids’ smartphone


June 25, 2019 at 05:03PM

Monday, June 24, 2019

Google Trending News related to Cybersecurity

1.) A sting operation carried out by a security researcher from Emsisoft has found that ransomware recovery firm in the UK named RedMosquito has been simply negotiating ransom payments with hackers and charging the clients with inflated bills.

Going into the details, the UK firm which specializes in rescuing machines infected with malware; when contacted by ransomware victims analyzes the infection range and then starts negotiating with the hackers to offer a decryption key. After finishing off the activity with the hackers, it then starts levying inflated bills to the victims who are forced to pay as they have no other choice.

A source from Redmosquito argues that such kinds of medications are only rendered when the victim has data backups on hand as a data continuity option. 

But Fabian Wosar the security researcher argues that the company is following a sham business model which is riskier than what the ransomware spreading gangs are following in business in today’s world!

2.) The second news is related to US cyber attacks on Iran’s missile infrastructure. News is out that the attacks carried out by United States Intelligence Unit of Pentagon couldn’t show its impact on the infrastructural operations of Iran.

The Iranian government has confirmed the news and said that downing of drones might continue and rise if the Trump administration fails to mend its ways.

Meanwhile, the 45Th US President Donald Trump is all set to impose more sanctions of the nation of Iran from this month end and has circuitously warned the nation of more such cyber attacks in the near future.

3.) Coming to the 3rd news related to cybersecurity, it is regarding the cyber attack which took place on NASA’s Jet Propulsion Laboratory last year. According to an update released by a federally funded research lab more than 500 MB of sensitive data was stolen in the attack and that was launched by a cheap and credit sized computer called Raspberry Pi.

The news is related to the April 2018 cyber attack which took place on JPL Network leaking data related to Mars rovers, International space station experiments, and the Voyager probes.

A detailed investigation carried out by NASA Office Inspector General has said that the network intrusion took place in 2017 and remained active for 10 months siphoning data related to more than 23 files out of which the information related to International Traffic in Arms Regulation Info was vital.

The post Google Trending News related to Cybersecurity appeared first on Cybersecurity Insiders.


June 25, 2019 at 10:15AM

Insecure data storage causing Mobile Security vulnerabilities

Security researchers argue that insecure storage on mobile phones is creating vulnerabilities to be exploited by hackers for accessing sensitive info from both Android and iOS apps.

The study carried out by a security company named Positive Technologies says that 76% of mobile applications open up data to be accessed by hackers leaking out insightful info like personal data, financial info, passwords-all due to the presence of unprotected data storage on the device.

Leigh Anne Galloway, a lead Cybersecurity researcher from Positive Technologies said that users are in a misinterpretation that data-stealing risks only arise when their phone gets stolen on a physical note. But Galloway argues that the current cyber landscape has turned much sophisticated these days as 89% of vulnerabilities could be exploited by malware- totally cutting down the need for physical access.

Insecure transmission of sensitive data happens to be other vulnerability which is being exploited by hackers as most of the data gets transferred with the use of HTTP Communication.

The researchers also pointed out the fact that mobile application interactions done with their servers in an insecure way is also opening up new avenues for hackers to exploit which includes cross-site scripting flaws, poor authorization, and data leakage.

Positive Technologies recommends a methodical approach while designing the apps by application developers to counter this menace and also encourages them to test the software starting from Day 1 of the software lifecycle.

Note- Positive Technologies is a Russia based software development firm which specializes in Information Security providing services in the field of security analysis and compliance management. Founded in the year 2002, the company has bagged the fastest growing company recognition from IDC in 2012.

The post Insecure data storage causing Mobile Security vulnerabilities appeared first on Cybersecurity Insiders.


June 25, 2019 at 10:11AM

New cryptomining botnet malware hits Android devices

By Uzair Amir

Cryptomining malware has become a substantial threat against unsuspecting Android users. In a research conducted by the Tokyo-based cybersecurity and threat defense firm Trend Micro, it was revealed that there is a new cryptomining malware bot that’s particularly targeting Android devices. The miner exploits the Android Debug Bridge port system of the device that performs […]

This is a post from HackRead.com Read the original post: New cryptomining botnet malware hits Android devices


June 24, 2019 at 10:05PM

One Year Later: Finding Harmony between GDPR and the Cloud


Like any budding relationship, there is always a period of trial and error. Expectations are set high, and intentions are meant to meet them, but mistakes can happen. There are lessons to be learned in the fumbles and hopefully a way to improve! As the EU embarked on a new relationship with the GDPR (General Data Protection Regulation) Council, new regulations were firmly implemented on May 25th, 2018. Companies across Europe had to find new ways of working while better managing their data privacy. It’s no secret that organizations globally are moving to the cloud, so how can they manage their customer data and stay compliant seamlessly? On the inaugural anniversary of GDPR, what lessons have we learned? And can organizations find harmony between data protection and operating in an increasingly cloud based business world?

Let’s Recap. What is GDPR?

The main tenants of GDPR include: data consent, mandatory data privacy assessments, data breach notifications, stronger user rights, the need for a Data Protection Officer, and privacy by design as a part of the company’s core processes, procedures and policies. But first, what is the difference between data privacy and data protection? Data Privacy laws seek to protect people’s right to the collecting and sharing of their personal data. Data Protection is a greater security issue related to the controls put around how to collect, store and disclose and dispose of data. One way of making sure that your company is enforcing its highest security practices and staying GDPR compliant at the same time is to adopt an Access Management and Authentication platform. But more on that in a moment…

A Break(up) in Compliancy

Before we look at some ways to introduce solutions to the complex topic of compliancy, let’s take a look at some of the unfortunate violations over the last year. To say the amnesty period is over would be an understatement. There have been several high profile cases of companies who have been hit with hefty fines for violating various aspects of GDPR. “New regulations aim to hold organizations and their executives more accountable in the protection of information assets and IT infrastructure. Communication is key to any successful relationship and sweeping data breach notifications under the rug has proven to be a very risky security strategy. It has been reported there have been nearly 60,000 data breach notifications in the last year with 91 fines applied to them. Most notably, the French data regulator (CNIL) issued the largest GDPR fine so far—US $57 million (€50 million). Similar regulations, such as the California Consumer Privacy Act (CCPA), impose smaller fines (US$7,500 per violation) but highlight the increasing regulatory risks for businesses globally.”

The reality is that cybercrime is here to stay. Malware attacks have only risen over the last three years. Corporations will have to change their way of thinking and spend more time investing in cybersecurity in order to offset the costs of data loss and the fines that accompany them. As any attractive CISO (Chief Information Security Officer) knows, the loss is not only monetary, but goes hand in hand with the reputation and credibility of the company. The trend of phishing attacks on individual employees who are part of a larger organization poses a growing threat. But there are ways to make sure that your company and in turn your end users data is secure.

How Access Management Can Positively Impact Your Business and Solidify Your Compliancy

So how do you marry the idea of a GDPR compliant organization with more and more user identities being distributed among cloud applications? You introduce a central access management strategy! This approach will allow you to prevent the following:

Being increasingly vulnerable to data breaches arising from compromised identities

IT administration overhead costs due to inefficient identity management procedures

User productivity dropping due to password fatigue and password resets

Lack of visibility into cloud access events impeding regulatory compliance

Having a cloud access management solution addresses these challenges, and enables secure cloud adoption in the enterprise through several key functionalities:

Simplified cloud access with smart single sign on (cloud SSO)

Optimized security with granular access policies

Scalability enabled by centralized management

And importantly, improved compliance through visibility into cloud access events

Thales offers SafeNet Trusted Access as a cloud-based access management service that combines the convenience of cloud and web single sign-on (SSO) with granular access security. By validating identities, enforcing access policies and applying Smart Single Sign-On, organizations can ensure secure, convenient access to numerous cloud applications from one easy-to-navigate console.

Among the many benefits SafeNet Trusted Access offers, you gain visibility into all user’s access events for simplified compliance, secured access for partners and contractors as well as Identity as a Service efficiencies.

In the end, GDPR compliancy goes hand in hand with making sure your company performs at its most protected. Embracing an access management service to flawlessly handle the complexity of GDPR will allow your organization and your end users to securely share data in the cloud and live happily ever after!

Learn more about operating in a cloud based business world and make sure to sign up for a SafeNet Trusted Access Free Trial.

Information in this blog has been taken from:
https://accntu.re/2xcZu8O
https://termly.io/resources/articles/general-data-protection-regulation-gdpr-compliance-guide/

The post One Year Later: Finding Harmony between GDPR and the Cloud appeared first on Cybersecurity Insiders.


June 24, 2019 at 09:08PM

Can facial recognition and artificial intelligence humanize air travel?

Facial recognition and artificial intelligence (AI) technologies can help us make the travel experience less alienating. This may seem like a very controversial statement, but let’s explore it further before we jump to any conclusions.

Many of us have experienced a marathon journey through an airport, dreading the endless queues and repeated security processes, leaving us feeling like an item on a manufacturing line. So, how could technologies help make our airport experience smoother?

Facial recognition technology has started to be deployed in airports worldwide in the last couple of years as a response to streamlining the passenger experience at airports. Today, some airlines are letting travelers board or self-drop their bags with just a facial scan. In particular, in the US there are many ongoing trials for biometric boarding such as the one launched in Los Angeles Airport last December, as part of the EXIT Program which launched in October 2017.

Biometric on-boarding will only continue to expand further. The objective of this innovative way to board a plane is to speed up the average boarding time as well as increase the level of customer service for passengers. So far, facial recognition is holding its promise as most passengers enjoy being verified in just seconds by walking past a camera. Furthermore, this technology allows airlines to board 285 passengers in less than 20 minutes. This is two times faster than the manual process, whereby the airline staff verifies each passenger’s passport and boarding pass.

What is AI and how does it benefit the travel experience?

Kaplan and Haenlein define AI as “a system’s ability to correctly interpret external data, to learn from such data, and to use those learnings to achieve specific goals and tasks through flexible adaptation”.

But what does this mean in the context of a journey through an airport?

I smile in anticipation when I imagine myself explaining what AI is to my two wonderful children, aged 8 and 10. I can picture their empty looks and nervous giggles while I attempt to explain such conceptual things in simple words. I like this exercise of trying to explain a concept that can be difficult to understand to your child or your grandmother as I find it always helps to put things in simple and basic terms.

If I had to transpose what AI is in simple terms and explain how it could make traveling easier to my two little smarties, here’s what I’d do. First, I’d describe the context: a typical airport journey.

Airports can be overwhelming for children as well as for any first-time traveler and can even make seasoned travelers anxious too. From the moment you book your ticket to the moment you finally settle on your assigned seat, it’s quite an expedition on its own. You need to make sure you have all the necessary documents, grab your things, rush to the airport, park right, get the terminal right, find the right hall, etc. Sometimes you can already use a coffee break after that, especially if you are travelling with children. But getting to the airport is just the beginning of the journey!

The next step is joining the queue at check-in to get your boarding pass and present your passport. If you’ve already checked-in from home, this is great as it might mean one step less for you, but you still need to queue to drop off your bags and present your passport and boarding pass to a member of staff.

Feeling lighter? Good, you’re now ready to stand in a line for the security check. This could take at least 15 minutes in the best-case scenario! And then you get to hear “Your boarding pass please!” all over again.

At this point, after undressing and dressing again, moaning about having picked the wrong pair of shoes and missed the hole in your right sock, dropped your phone twice and forgotten a bottle of shampoo in your hand luggage, you can usually use a shower.

But you feel valiant, it’s great that we have 5 minutes to get some duty-free perfumes! But again, you need to present your boarding pass when purchasing. Boarding pass, boarding pass, where did I put my boarding pass….

So, there you are, finally queuing to get in the plane after a race through the halls to your gate. The voice says: “Please have your boarding pass and your ID handy!”

Feel familiar?

The benefits of using our faces as a unique mark to prove who we are and let us access an area or a plane instead of pulling out passports and boarding passes all the time is quite easy to understand. Then comes the less obvious part.

AI and what it brings to face recognition technology

I’d again need to set the scene straight for my two little monsters here, explaining what AI actually does. AI is a machine or computer system that is programmed by us humans to be able to learn from the information it has stored and be able to use it to solve problems – just like our brains work. I’d probably ask them what intelligence is and get a flurry of contradictory answers. So, to settle the debate, I’d say there’s no single right answer, as there are many different types of intelligence.

We often take shortcuts when trying to define what intelligence is, and in most cases we end up with a definition that is too restrictive, culturally anchored and limited to a certain group of people at a given point in time, while circumstances and our understanding of the latter are continuously changing. So to remain simple, yet open, I’d offer to agree on defining intelligence as our capacity to connect information, such as things we’ve seen, read, heard, felt, smelled, sensed, etc. to new situations and being able to use our past experiences to deal with unknowns or anticipate possible outcomes. Transposing this to a computer system, AI could do all that but in a much faster way, and with exponential capacity. A bit like pulling together the experiences and intelligence of thousands of human brains!

As AI is able to capitalize on enormous amounts of collected data that can be used to solve problems, this allows facial recognition to continue getting better, enhancing our trust in such technology and the potential uses for it.

Now back to our first statement.

How can facial recognition & AI help make air travel more human?

We are already seeing the benefits in terms of efficiency brought by facial recognition technology, allowing passengers to be cleared to board using their face and a computer program enhanced with AI, instead of showing their documents to airline staff who will compare names and faces manually.

But the most interesting part is that we are learning from current deployments. The introduction of such technology is welcomed by both operators and travelers, who see the benefits in terms of security, time saving and ease of use, as well as the positive impact on the overall experience. So yes, technology is actually improving humanity, in the sense that it helps us focus on the human interaction and on things that cannot be automated such as a welcoming smile, assistance for special needs, answers to particular questions.

When technology reaches the point where it has the computing power and maturity to automate repetitive, time consuming processes that are mandatory to ensure security but also make passengers and operating staff feel alienated, it is ready to become mainstream. We have reached this point with AI-powered facial recognition and will start witnessing how it can really help improve the travel experience and bring back the notion of humanity that is often lost in heavy and time-consuming airport processes.

How can AI revolutionize the airport ecosystem?

Now, besides the use of AI to constantly improve the speed and accuracy of facial recognition algorithms, it also has the potential to revolutionize the entire airport ecosystem. There are already many systems deployed in airport and airline processes that collect passenger data through a diverse network of devices and applications, such as airline reservation systems, frequent flyer apps, passport readers, fingerprint scanners, cameras etc. In the future, AI could help stitch together the data collected by all those sensors and clearly establish that a passenger is who they claim they are.

From there you can ensure an identity is valid and you are eligible to pass a check point or use a service. This trusted identity is then the key to solve more inefficiencies of existing airport processes that are held by different parties and operated in isolation, which is precisely what is making the journey through an airport feel so inhuman. AI will be at the heart of the entire journey through the airport, allowing for a smooth yet secure walk through all the passenger touchpoints.

This full digitization of the traveler experience is the playground for the future attractiveness of air travel, where airports will race to become zero-queue environments that are able to ensure the best experience and anticipate hiccups from curb to gate.

At the Paris Air Show last week, we demonstrated how we’re making flight boarding easier, smoother and faster with facial recognition technology for airport security.

Get ready for a new era of airport travel where friendly agents and responsive flight attendants, who are there to focus on service rather than procedures, will greet you at paperless terminals!

The post Can facial recognition and artificial intelligence humanize air travel? appeared first on Cybersecurity Insiders.


June 24, 2019 at 09:08PM

Ransomware attack on Eurofins cuts of its ties with UK Police

Belgium based scientific testing laboratory Eurofins has unfortunately encountered a ransomware attack on its digital assets on June 2nd this year. And the security breach has made the UK police suspend its ties with Europe’s forensic firm.

Technically speaking, the firm which is actually headquartered in Brussels provides clinical research for companies and government organizations with regards to pharma, Agro, food, consumer products, and environmental studies.

Eurofins is reported to run more than 800 labs across 47 nations located in Asia-Pacific, North and South America, and Europe and has a headcount of 45,000 staff working in and for the laboratory-based research.

Last month the company opened a research lab related to the Internet of Things (IoT) in Groningen, Netherlands- just before a week before the cyber attack.

Cybersecurity Insiders has learned that Eurofins database which records and stores all the research info was hit by unknown ransomware in the first week of June pulling down most of the IT systems operating in the company. The IT staff which were quick to react pulled down other servers and systems as a precautionary measure in order to contain the damage.

On June 10th this year, the company released an official note that the attack was highly sophisticated probably involving some state-funded actors.

Rob Jones, the Director of National Crime Agency has admitted that the incident was notified to them on June 7th and a detailed investigation is in process.

UK’s National Cyber Security Center(NCSC) and the National Police Chief’s Council are trying to mitigate the risks and assess the nature of this incident.

Eurofins has assured that no data was compromised in the malware incident and the incident will be handled in a wise manner.

The post Ransomware attack on Eurofins cuts of its ties with UK Police appeared first on Cybersecurity Insiders.


June 24, 2019 at 08:47PM

Sunday, June 23, 2019

Ministry of Justice MoJ publishes new rules for Cloud Security

The Ministry of Justice (MoJ) has published the latest set of rules for the users of public cloud services provided by Amazon Web Services (AWS). The rules were outlined as a part of new digital services which offer over 800 different technology systems to be integrated with the use of public and private clouds.

In general, the federal executive department mainly uses AWS and Microsoft Azure for its cloud computing needs. But strictly speaking, it has populated much of its projects and apps over 120 AWS accounts, making the service provider as the largest cloud services provider for the department.

So, the intense usage has made the MoJ publish its security baselines for AWS accounts which sets certain principles to be followed while configuring AWS accounts. The objective was to offer good guidance to the admin teams over architectures and applications without encumbering them.

Thus, as a part of the new initiative, all AWS Public Cloud Storage Services serving the departmental needs will have to abide by the new set of rules freshly formulated. And as a part of it, all potential data breaches will be strictly prosecuted.

MoJ baseline has also recommended the use of AWS Threat Detection, User tracking, and configurationally auditing services on all accounts including CloudTrial and GuardDuty.

Cloud security experts suggest that the newly formulated baseline doesn’t constitute all do’s and don’ts, but outlines all basic things to be done in the increasingly complex cloud portfolios which often witness security and access control failures.

The post Ministry of Justice MoJ publishes new rules for Cloud Security appeared first on Cybersecurity Insiders.


June 24, 2019 at 10:11AM

US Cyber Attacks on Iran

Hundreds of systems including those belonging to Iranian Intelligence Group which involved in downing the drone of US & oil tankers were allegedly cyber-attacked by US Intelligence Group from Pentagon on early hours of Friday this week.

Reason for infiltrating into the networks of Iranian government officials was simple– to retaliate to the activities of Iran and warn then against more such serious consequences if they fail to mend their ways on the international arena.

Cybersecurity Insiders has learned that the intrusion was planned on the same day when the US President Donald Trump canceled off the surgical attacks on Iranian targets including radar and missile batteries.

As the cyber attack was supposed to be under the threshold of the armed conflict it was not canceled at the last moment by the trump administration.

Yahoo News was the first resource to report about the online operation conducted by the Pentagon in the early hours of Friday.

A source from The New York Times said that more such operations will be underway with or without the knowledge of the President.

Christopher Krebs, the director of the Department of Homeland Security- Cyber division failed to acknowledge the attacks on Saturday. But he did confirm that such attacks will be on rising.

US Military and Intelligence officials are alleged to be behind the attacks, as the government from Iran is yet to ascertain the news.

More details will be updated shortly!

The post US Cyber Attacks on Iran appeared first on Cybersecurity Insiders.


June 23, 2019 at 02:29PM

Saturday, June 22, 2019

Hackers using pirated software to spread new cryptomining Mac malware

By Waqas

If you download pirated content from torrent platforms, you can be a victim of this Mac malware. There is a new variant of cryptomining malware that is specifically targeting Apple’s Mac devices and those users who prefer downloading pirated software from torrent platforms. Dubbed Bird Miner by researchers; this cryptocurrency mining malware is actually a […]

This is a post from HackRead.com Read the original post: Hackers using pirated software to spread new cryptomining Mac malware


June 22, 2019 at 08:43PM

The Newspaper Test

This post was originally published here by Dave Rogers.

Does your cybersecurity solution measure up to the “newspaper test?”

We’ve all seen the news headlines about data breaches, malware attacks, and other security debacles at some of the top companies and organizations around the world. How often these incidents occur is increasing due to the lack of security that these organizations are implementing when migrating to the cloud. In our latest report, Kings of the Monster Breaches, we examine some of the biggest breaches that have occurred in the past few years, and the effects that they have had on organizations. Also, here are some additional examples of large companies falling victim to cyberattacks:

 

$100-Million Marriott Lawsuit

Hackers Hit Atlanta Hawks

Ransomware Strikes Aebi Schmidt

When customer data is compromised, organizations face consequences such as massive fines, decreases in stock price, and, sometimes, they will even lose a portion of their customer bases. Preventing breaches and staying out of the newspaper is critical for any company that wants to survive. Is your companies’ security posture up to the challenge? For many, the answer is unclear.

Fortunately, with the right security tools in place, organizations can confidently make use of the cloud and even enable bring your own device (BYOD) policies without compromising on cybersecurity. With BYOD, employees can work from any device, anywhere, which increases overall efficiency. However, if not properly protected, unmanaged devices or remote locations can be gateways to your organization’s sensitive data.

Bitglass’ CASB (cloud access security broker) has agentless mobile security for managed and unmanaged devices, as well as zero-day threat protection for defending against known and unknown malware. A suite of advanced DLP (data loss prevention) capabilities can prevent data leakage in any app or device. Keep your organization’s data secure, protect against threats, and stay out the newspaper with Bitglass’ CASB.

Photo:McKinsey

The post The Newspaper Test appeared first on Cybersecurity Insiders.


June 22, 2019 at 06:24PM

Glass Class: Securing Patient Data in the Cloud

This post was originally published here by Will Houcheime.

Organizations that operate within the healthcare industry have an immense responsibility to secure protected health information (PHI), personally identifiable information (PII), and other highly sensitive data. Additionally, the need for mobility in healthcare is critical because employees like doctors often have multiple affiliations, meaning that they access data remotely from personal devices as they travel from hospital to hospital. In our latest Glass Class, we introduce some security tools that allow healthcare organizations to utilize cloud applications in a bring your own device (BYOD) environment without compromising on data protection.

Photo:CIO East Africa

The post Glass Class: Securing Patient Data in the Cloud appeared first on Cybersecurity Insiders.


June 22, 2019 at 06:13PM

SMALL BUSINESSES NOT THE WEAKEST LINK IN THE SUPPLY CHAIN, STUDY SHOWS

This post was originally published here by (ISC)² Management.

A new (ISC)2 study suggests that small businesses may get too much attribution for causing security breaches for their large enterprise clients. While it’s true that enterprises have suffered breaches caused by third parties, they are more likely a result of actions by a large partner, not a small business.

The Securing the Partner Ecosystem study, which polled respondents both at large enterprises and small businesses, revealed about one third of enterprises (32%) have experienced a breach caused by a third party, but in these cases, large partners are more likely to blame (54%) than small business partners (46%). Only 19% of small business respondents overall say they’ve caused a data breach for an enterprise client or partner.

As a rule, enterprises aren’t concerned about the security practices of small business partners, considering 57% said they are confident and 37% very confident in their cybersecurity measures. And while enterprises have no qualms about holding others responsible for security incidents, almost half (48%) would consider themselves “ultimately at fault” for an incident caused by a third party.

For their part, small businesses hold themselves accountable for breaches at large partners – 73% say they would feel liable if a client was breached. That is the case even if their actions were an indirect cause of the incident.

High Confidence

Enterprises have high confidence in their own cybersecurity posture as well as the security practices of partners. Nearly all enterprises in the study (96%) have contract provisions specifying data access, storage and transmission by third parties.

Almost as many (95%) have standard vetting procedures for small business suppliers’ cybersecurity capabilities before allowing them to access systems. Methods employed to evaluate a partner’s security posture include reviews by a security team or provider (85%), on-site inspections (52%) and RFQs (34%).

A full 98% of enterprises are confident (54%) or very confident (44%) in their ability to protect their own data even if a third-party supplier is breached. However, their confidence may not be entirely justifiable.

For one thing, enterprises don’t always have a handle on how much access third parties have to their systems, with 34% of them saying they have been surprised by a third party’s broad level of access to their network and data. An even higher number of small businesses (39%) were just as surprised by the level of access they were granted.

Also pointing to enterprise overconfidence is a finding about how they react when told by a third party about security vulnerabilities. More than one third (35%) of enterprise respondents said that no action is taken to mitigate these vulnerabilities once notified.

Cybersecurity Staffing

Another surprising revelation in the study has to do with the number of cybersecurity staff employed by enterprises vs. small businesses – 42% of small businesses (with 250 or fewer employees) have at least five cybersecurity staff while 75% of large enterprises (1000 employees or more) employ at least 10 staff members dedicated to cybersecurity. This means that proportionally, many small businesses employ a higher percentage of cybersecurity professionals than enterprises.

While some of this may be explained by the types of tasks cybersecurity teams handle – for instance, there could be more automation at large companies – it also suggests that small businesses aren’t as lax with security as often assumed. It’s even possible the finger-pointing over the years has inspired them to strengthen security efforts.

The research leads to the conclusion that an organization’s size may not be the best indicator of its risk profile. Subscribing to cybersecurity best practices, appropriate staffing levels and maintaining good access management are far more important factors to consider.

Photo:Internet of Business

The post SMALL BUSINESSES NOT THE WEAKEST LINK IN THE SUPPLY CHAIN, STUDY SHOWS appeared first on Cybersecurity Insiders.


June 22, 2019 at 06:04PM