What does a Trump presidency mean for cybersecurity?

Cybersecurity played a major role in this year’s election cycle. For the first time in American history, data breaches, email servers and encryption directly influenced who won election to the nation’s highest office. Regardless of which candidate you supported, cybersecurity proved itself to be the ultimate victor this political cycle.

President-elect Trump is preparing for the Oval Office in January. How can the security industry prepare? He released a bulleted list of priorities during the campaign, but beyond that, below are some areas that are sorely in need of attention.

Strengthening private/public sector cooperation

Digital attacks against the United States do not simply focus on our defense infrastructure – they also strike our public infrastructure, and private industry. Our cyber strategy must therefore fold in both public, private, and government entities so that we can all protect America together. President-elect Trump’s plan to create a Cyber Review Team tasked with assessing US cyber defenses, and a Joint Task Force for responding to cyber threats has the potential to do this.

The cybersecurity industry has openly sought a deeper, reciprocal relationship with the public sector to prevent and mitigate cyberthreats for years. The security community is eager to open new partnerships, information-sharing initiatives, and the opportunity to build cutting-edge technology to help protect our nation’s digital assets and infrastructure.

President-elect Trump’s challenge will be attracting leaders from the private sector to buy into his vision for the future. He will need to use his powers of persuasion and find compromises to convince the most influential technology leaders to come together and rally around the same goal: the (digital) safety and security of the American people.

Balancing cyber regulations for businesses and consumers

Non-state cyber actors have proven to be a major threat to US interests. President-elect Trump cites major breaches in the last three years that targeted millions of credit card numbers and medical records, all conducted by non-state actors.

Beyond nation-state actors, President-elect Trump will need to navigate his call for less private-sector regulation with the need to address increased threats from non-state actors against U.S corporations.

Stopping cyber foreign influence

During the campaign, Secretary Clinton avoided answering questions about her private email server, and malicious hacks against it. Whether or not foreign hacks of the system actually took place, they are an example into how technology can become a vehicle for statecraft and foreign affairs.

Globalization of the media and information allow anyone to influence events around the globe, ranging from manipulating social media websites to carrying out large-scale DDoS attacks or infecting voting machines. Most troubling of all, attacks don’t have produce or steal anything to be successful – merely planting a seed of doubt in our elections can be enough.

Final thoughts

President-elect Trump’s challenge will be to restore the American people’s confidence in our digital systems, from civil infrastructure to the e-mail our civil servants use. And to effectively achieve that he will need to foster private/public cooperation, and balance regulations to ensure the private sector is free to innovate and grow. Because like it or not, computers are going to play a major role in Making America Great Again.

from Help Net Security http://ift.tt/2gBbZ4J

Do you know which data compliance standards apply to your organization?

Despite the explosion in data collection among companies in every sector and the well-documented risks of cyber threats, a new Liaison Technologies survey of nearly 500 US C-level executives and senior-level managers reveals that nearly half (47%) are unsure which information security and privacy regulations apply to their organizations.

This troubling statistic suggests that US organizations may still have a long way to go in getting a handle on the privacy and security regulations affecting their industries, even as breaches and their resulting financial impacts become more prevalent and expensive.

“What we found was rather concerning and further evidence of the strong need for comprehensive solutions that can help organizations maintain continuous compliance when handling regulated or other sensitive data, whether the data resides on premises or in the cloud,” said Hmong Vang, Chief Trust Officer with Liaison.

Organizations could be failing their customers or unnecessarily putting data at risk by underestimating the importance – and ongoing effort – of maintaining compliance. Some 25 percent of respondents say it’s unclear who in their organization is responsible for compliance and barely half consider their data to be secure in the cloud, raising questions about how high of a priority data protection is, despite well-publicized data breaches.

Personal liability may be vastly underestimated as well with 85 percent of respondents indicating they do not feel their job security is at risk due to compliance issues. In contrast, the U.S. Department of Health & Human Services alone has investigated over 24,000 cases of HIPAA privacy violations, forcing violators to pay settlements totaling nearly $4 million and referring some cases to the Department of Justice for criminal investigation—a risk that far exceeds job security.

from Help Net Security http://ift.tt/2gIGVD3

Node.js Foundation to oversee the Node.js Security Project

The Node.js Security Project will become a part of the Node.js Foundation, a community-led and industry-backed consortium to advance the development of the Node.js platform.

The Node.js Security Project, founded by Adam Baldwin, collects data around vulnerability and security flaws in the Node.js module ecosystem. The Node.js Foundation will take over the following responsibilities:

• Maintaining an entry point for ecosystem vulnerability disclosure
• Maintaining a private communication channel for vulnerabilities to be vetted
• Vetting participants in the private security disclosure group
• Facilitating ongoing research and testing of security data
• Owning and publishing the base dataset of disclosures
• Defining a standard for the data, which tool vendors can build on top of, and security and vendors can add data and value to as well.

Last year Node.js Foundation worked with The Linux Foundation’s Core Infrastructure Initiative to form the Node.js Core Security Group to encourage security best practices. By overseeing datasets of vulnerability disclosures, which will be publically available and openly licensed, the Foundation is building on this work and expanding its role in fortifying Node.js through strong security governance. It will also allow the Foundation to drive standardization around security data and encourage a broader ecosystem of open source and vendor based tools on top of it.

All security vendors are encouraged to contribute to the common vulnerability repository. Once it is openly licensed, the Foundation expects the repository to grow quickly as other vendors add to it.

With 15 million downloads per month, more than a billion package downloads per week, and growing adoption across numerous industries, Node.js and its module ecosystem underpins some of the most heavily used desktop, web, mobile, cloud and IoT applications in the world.

The need for a more open, robust, and standard process for finding and fixing vulnerabilities within the module ecosystem that surrounds Node.js is essential, according to Mikeal Rogers, community manager for Node.js Foundation.

“The Node.js Security Project will become one of the largest projects to build a community around detecting and fixing vulnerabilities,” said Rogers. “Given the maturity of Node.js and how widely used it is in enterprise environments, it makes sense to tackle this endeavor under open governance facilitated by the Node.js Foundation. This allows for more collaboration and communication within the broad community of developers and end users, ensuring the stability and longevity of the large, continually growing Node.js ecosystem.”

A Node.js Security Project Working Group will be established in the next few weeks to begin validating vulnerability disclosures and maintaining the base dataset. Individuals and anyone from the Technical Steering Committee and Core Technical Committee are encouraged to join the working group and provide input on GitHub. Go to this link to join the working group.

from Help Net Security http://ift.tt/2fHjgmI

Deutsche Telekom goes drone hunting

Drone popularity continues to rise rapidly as they become ever cheaper and more powerful. Easy availability and large payloads conspire to increase the potential for dangerous drone misuse – everything from industrial espionage to drug and weapon smuggling to terrorist attacks.

Such imminent threat demands comprehensive countermeasures. “Over the last few months, Deutsche Telekom has extensively evaluated and thoroughly tested equipment from the most important manufacturers of drone detection and defense systems. We are bundling the best of the technologies under the control of lead partner Dedrone for our Magenta Drone Protection Shield,” explains Dirk Backofen, soon-to-be head of Telekom Security.

Deutsche Telekom will provide all services – from sales, project planning, and installation through management of the system. Project prices start at 30,000 Euro. In the coming weeks, Deutsche Telekom will install Dedrone technology at two of its own properties to secure them against drone intrusions.

Complete system for drone protection

DroneTracker, developed by Dedrone in Kassel, is the key system that detects drones automatically by means of various sensors – such as video cameras, radio frequency scanners, and microphones – and repels them if necessary. At its core is smart software that is able to distinguish drones from birds, helicopters, and other flying objects safely, and even to recognize specific drone models.

DroneTracker is a modular system that can be integrated into customers‘ existing security systems. Open interfaces can be used to connect sensors from other manufacturers, including radar from Airbus or Robin Radar, Rohde & Schwarz radio frequency scanners, and Squarehead Technology microphone arrays. This flexibility allows design of optimal coverage for different areas and buildings.

As soon as DroneTracker detects a drone, it alerts security forces. They can immediately take protective measures and, for example, bring people to safety, seize drones or dropped objects, or block views of sensitive information. Where laws and regulations permit, jamming transmitters such as those from HP Wüst can be used to bring down the drone.

from Help Net Security http://ift.tt/2gIFIeJ

The Highlands Desktop

The First 10 Things To Do When Your PC Can’t Run A New Game

Marinate Tough Greens in Oil (and Use It for Dressing) for Tastier Salads

Remains of the Day: Uber Wants to Track Your Location Even When You're Not Using It

The Loudest Possible Ways to Cheer for Your Team at a Sporting Event

How a Stupid Joke Can Earn You More Money During Salary Negotiations

I'm Richard Wong, Head of Engineering at Coursera, and This Is How I Work

Spark, the Super Customizable Email App, Is Now Available On Mac

Five Rules to Finally Tame Your Inbox

An overflowing, overwhelming inbox is a common lament. How do we manage this constant stream of incoming messages? The Atlantic’s James Hamblin has five golden rules you can follow.

Hamblin says his approach has helped him halve the time he usually spends on emails. Some of the methods might seem curt, he warns, but they are effective.

1. No Signoff: Eliminate “Best,” “Cheers,” and other farewells. You can even skip your name, since the email address makes that abundantly clear.
2. No Greeting: “Greetings and closings are relics of the handwritten missive,” says Hamblin.
3. Three Sentences or Fewer: The crux of an email usually doesn’t need more than three sentences. If you need to write more, consider calling the person.
4. Your Inbox Isn’t a To-Do List: Don’t obsess over answering the latest email you got. Even if you want to reach inbox zero, you don’t always need to have it at inbox zero. That’s not a priority, your other tasks are.
5. Check Only Two or Three Times a Day: The average American worker wastes 30 seconds every time they check their inbox. So check it only two-three times in a day. You might think your job doesn’t allow for that, but try it out; you’ll be surprised.

Your regular email acquaintances will get used to your new style of communication soon enough. For some people, it might seem rude to not greet or sign off, or just write three sentences. Pick and choose when you use brevity, don’t adhere to these rules like doctrine.

How to Email | The Atlantic

from Lifehacker http://ift.tt/2gLt777

Outfit Two Toilets With OxyLED's New Motion Lights For $17

Clean Google Calendar is the Beautiful GCal You Always Wanted

This DIY, Space-Saving Bulletin Board Mounts to Your Monitor

Everything You Need to Know About Netflix Downloads

The Case for Buying Cleaning Products You Love, Even if They're More Expensive

Plex Gets Its Own Kodi Add-On, Plex Media Player Now Available to Everyone

Add a DIY Whiteboard to Your Laptop Lid

Jackery's Thunder Battery Packs Include Quick Charge 3.0 at Standard Charging Prices

Bypassing BitLocker during an upgrade

Facebook users want to continue posting from beyond the grave

What happens to a person’s Facebook page after they die?

One might assume it falls silent, a bleak reminder that when people log out of life there’s no way back to the world of updates and sharing.

But in future that old-world assumption might need to be re-examined, at least according to a survey by UK solicitors Jackson Canter which found that around half of people would like their Facebook homepage to continue updating posthumously in some way.

In fairness, after questioning 2,000 people on the matter, some of the updating was relatively straightforward, with 55% simply wanting replies to expressions of sympathy after their deaths.

However, almost as many wanted a friend of family member to post once or twice a year on their behalf with 10 percent suggesting this this be done as often as once a week to “keep their memory alive”.

Vain perhaps but it does raise the fraught issue of how relatives access the online accounts of dead or incapacitated people, either to enact their wishes or simply suspend the accounts.

In the offline world, executors are given permission to go through a person’s paperwork. Doing that online isn’t yet as standardised.

Facebook is one of the easier ones as it offers all users the ability to specify in advance whether they’d like their account to be deleted or “memorialised” in the event of their death, or whether they’d like a contact to look after it.

Nobody can log into a memorialised account once death has been confirmed, although it is possible for friends to share memories on this timeline if the privacy settings allow it.

That said, many Facebook users won’t have made any provision, which means relatives will either have to make a request post-hoc or get hold of the user name and password by other means.

There doesn’t appear to be any law against logging into the account of a dead person although it will probably be against the service’s terms and conditions unless the individual can provide evidence of assent.

What about the possibly dozens of other online accounts?

One option is to leave login details attached to a will, but solicitors Jackson Canter advises against this in the UK wills are public documents. A better option, the company suggests, is to store them in a sealed envelope and focus on keeping them up to date.

Each approach has pluses and minuses. Leaving them in an envelope risks them becoming out of date (changes generate a fee). Leaving them in a drawer will cost nothing but is less secure.

An online password manager is another option as it can be accessed using a single master password (plus a second factor such as a token if one was being used). For instance, LastPass 4.x onwards offers an “emergency access” feature which allows users to name people authorised to access the password database.

In life, most people are fiercely protective of online accounts. In death, most companies understandably take the same hard line.

Perhaps, then, without any alternative undertaking the answer is to leave the online world of a dead person as they left it, boundless and bare, its final silence speaking for itself.

Follow @NakedSecurity
Follow @JohnEDunn

from Naked Security http://ift.tt/2gVYP5J

The Coolest Features You Can Unlock in Android's Developer Options

News in brief: leniency urged for Snowden; crowdsourced suggestions for Facebook; Berners-Lee slams ‘Snoopers’ Charter’

Your daily round-up of some of the other security stories in the news

Obama urged to be lenient on Snowden

Barack Obama may be feeling a little demob-happy ahead of stepping down from the presidency in January and handing over to president-elect Donald Trump, but it’s doubtful he’ll accede to the call from 15 former members of the Church Committee to allow whistleblower Edward Snowden to return to the US without facing the legal consequences of his actions.

The Church Committee was the 1970s Congressional body set up in the wake of the Watergate scandal to investigate wrongdoing by the CIA. In their letter to Obama, the 15 point out that, the illegality of his actions notwithstanding, Snowden did uncover widespread surveillance overreach and sparked a valuable debate that has led to legislative reform.

They also note that other miscreants have been treated leniently, including former CIA director David Petraeus.

Snowden however should probably plan on staying put in Moscow, as Obama has already said that he can’t pardon someone who hasn’t submitted themselves to the legal process and pleaded their case in court.

Advice to Facebook on fake news

Sometimes when you have a problem the best approach is to crowdsource it. That’s what’s happening with the ongoing headscratcher of how Facebook could and should tackle the torrent of fake news being spread on the platform.

Eli Pariser, the founder and CEO of news site Upworthy, floated the idea on Twitter on November 17 of asking experts to add their ideas to a crowdsourced Google document. That was just over two weeks ago and now that original document has ballooned to more than 100 pages with the contributions of journalists, academics, technologists, editors, social media experts and others.

Pariser has organised the document into sections covering, among others, algorithms, human editors, machine learning and the dark art of behavioural economics, how to measure the reputation of those sharing stories and more.

It’s an extraordinary and rich collection of opinions and suggestions from some of the foremost experts in their fields, within which should be some thoughtful and innovative solutions to a growing problem.

Berners-Lee slams ‘Snooper’s Charter

Tim Berners-Lee, the inventor of the world wide web, has hit out at the Investigatory Powers Act, which became law yesterday, saying it creates “a security nightmare”, and adding that the new law “undermines our fundamental rights online”.

This is strong stuff from the man who is respected around the world not only for having invented the system of hyperlinking that gave birth to the web but also for his always thoughtful commentary on what his invention has become.

Berners-Lee has said that these are “dark, dark days” and told the BBC: “The Snooper’s Charter has no place in a modern democracy.” The democratic process has swung into action to tackle it, however, with a petition to repeal the act heading for 150,000 signatures at the time of writing. Having passed 100,000 signatures, MPs are obliged to debate the proposal – though whether that will lead to any changes, never mind repeal, is another matter altogether.

Catch up with all of today’s stories on Naked Security

from Naked Security http://ift.tt/2fM7G4F

Keep Ants Away From Pet Food Bowls With Petroleum Jelly

Today's Best Deals: Thermos Gear, Your Favorite Blender, Pet Beds, and More

Hackers reuse passwords to access 26,500 National Lottery accounts

Earlier this week UK National Lottery operator Camelot released a statement saying it believed hackers had accessed the accounts of around 26,500 of its 9.5 million online players:

As part of our online security monitoring, we became aware of suspicious activity on a very small proportion of our players’ online National Lottery Accounts

Thankfully, fewer than 50 of those accounts have been touched since the hackers accessed them. And any activity was limited to personal details being changed, potentially by the players themselves. Camelot clarified:

We do not hold full debit card or bank account details in National Lottery players’ online accounts and no money has been taken or deposited.

Nevertheless, this is still very serious. Even though impacted users haven’t had financial details exposed, they have still lost personal information that may be very useful to fraudsters.

How did Camelot react?

Camelot took proactive action, suspending the 50 affected players’ accounts and contacting these players to help them re-activate their accounts securely. In addition to that, it’s also making all 26,500 affected players reset their passwords.

As well as contacting these folks to help them change their passwords, Camelot is handing out advice on online security. Why? Because Camelot believes that…

…the email address and password used on the National Lottery website may have been stolen from another website where affected players use the same details.

In other words, Camelot is pointing the finger at a third-party website, suggesting the cyber criminals may not have stolen the logins from than the National Lottery website itself.

So how does that work?

Hackers like to make the most of their ill-gotten gains. Whenever they steal logins from one website, they try them out on lots of other sites to see if account holders have reused usernames and passwords across services. That means if you use the same username and password on a number of different sites, if ever fraudsters steal your username/password combination from one of those sites, it’s also compromised on all those other sites.

This is simply the “credential stuffing” we reported last week. In this instance it led to rogue Deliveroo transactions that allowed fraudsters to stuff their faces for free.

Be warned – there have been plenty of other recent incidents of thefts and credential stuffing in the UK, including:

It’s not yet known how this happened. Sophos global head of security research James Lyne told us:

The [Camelot] statement doesn’t clarify if it is a site with which Camelot itself shares credentials or whether the problem lies with users having the same e-mail and password across multiple websites – though the latter is far more likely.

He also noted that, although Camelot did recognize that there was suspicious activity on its accounts, the attack did compromise a significantly number of accounts:

Camelot have obviously managed to link suspicious activity to these accounts, such as a shared attacker IP address or common activities, but it is concerning that so many accounts could be compromised with such a common pattern before the attack was detected.

While we wait for more information to become available, the BBC reports that the Information Commissioner’s Office is launching an investigation into the National Lottery breach. The ICO said:

Camelot submitted a breach report to us last night, which we have reviewed. We will be talking to Camelot today… Organisations should be reminded that cybersecurity is a matter for the boardroom, not just the IT department.

What should I do?

Lessons will need to be learnt on both sides. When it comes to securing your passwords, Lyne advises:

• Use a different password on each website as otherwise a breach of any one web service could provide access to your entire online life.
• We recommend users change their password on the National Lottery website and any other service where they use the same email address and password combination.
• Cyber-criminals have executed numerous campaigns re-using stolen credentials recently so avoiding sharing passwords across sites is key.
• Read Sophos’ top password tips.

Follow @NakedSecurity

from Naked Security http://ift.tt/2gKzUha

How to Create the Ultimate Advent Calendar

How’d You Do During the November Money Challenge?

DigiTally

Save $150 On Sony's Noise-Cancelling On-Ears, Today Only

The Best Way to Figure Out Accomplishments to List on Your Resume

Netflix Adds Offline Viewing for Phones and Tablets

The Key to Perfect Waffles Is a Properly-Heated Waffle Iron

Deadspin Bodybuilder Decks Official, Flips Tables, And Completely Freaks Out After Losing | Jezebel

Deadspin Bodybuilder Decks Official, Flips Tables, And Completely Freaks Out After Losing | Jezebel Oh, Right, Here’s Why We Don’t Actually Want to Move to Waco and Live in a Fixer Upper | Gizmodo Watch Humans Destroy the Earth in 30 Years With Google Earth Time Lapse | Jezebel Mitt Romney Had Dinner With Donald Trump and Everything’s Fine With Them Now |

from Lifehacker http://ift.tt/2gJHpVN

These Cheap Thermos Products Make Great Stocking Stuffers

America wonders what path Trump will tread on cybersecurity

Gooligan Android malware used to breach a million Google accounts

Check Point security researchers have revealed a new variant of Android malware, breaching the security of more than one million Google accounts.

The new malware campaign, named Gooligan, roots Android devices and steals email addresses and authentication tokens stored on them. With this information, attackers can access users’ sensitive data from Gmail, Google Photos, Google Docs, Google Play, Google Drive, and G Suite.

Key findings

• The campaign infects 13,000 devices each day and is the first to root over a million devices.
• Hundreds of email addresses are associated with enterprise accounts worldwide.
• Gooligan targets devices on Android 4 (Jelly Bean, KitKat) and 5 (Lollipop), which represent nearly 74% of Android devices in use today.
• After attackers gain control over the device, they generate revenue by fraudulently installing apps from Google Play and rating them on behalf of the victim.
• Every day Gooligan installs at least 30,000 apps on breached devices, or over 2 million apps since the campaign began.

Check Point reached out to the Google security team immediately with information on this campaign. “As part of our ongoing efforts to protect users from the Ghost Push family of malware, we’ve taken numerous steps to protect our users and improve the security of the Android ecosystem overall,” stated Adrian Ludwig, Google’s director of Android security.

Among other actions, Google has contacted affected users and revoked their tokens, removed apps associated with the Ghost Push family from Google Play, and added new protections to its Verify Apps technology.

Check Point’s Mobile Research Team first encountered Gooligan’s code in the malicious SnapPea app last year. In August 2016, the malware reappeared with a new variant and has since infected at least 13,000 devices per day. The infection begins when a user downloads and installs a Gooligan-infected app on a vulnerable Android device, or by clicking on malicious links in phishing attack messages.

from Help Net Security http://ift.tt/2gxce0H

Upgrade Your Measuring Cups To Pyrex For Just $11

Plan Your Budget Around Trends, Not Just Months, to Prepare For Large Expenses

Organized sextortion led four British men to suicide​

Sextortion/webcam blackmail is a booming business for organised crime groups from the Philippines, Ivory Coast and Morocco, and young men across the UK are the most sought-after victims.

What is sextortion?

In sextortion schemes, the victims are usually contacted via social media, dating sites and even LinkedIn, after criminals used those same sources to gauge how much money they could get out of them and how likely they are to pay to avoid embarrassment.

They are contacted by women who are either working with the criminals of their own free will (for a fee) or have been coerced into these actions through threats.

The victims are lured into video chatting with the women via Skype, and into performing sexual acts in front of their webcam. Unfortunately, the video chats are recorded by the criminals, and then used to blackmail the victims – the victims are told that the video will be sent to their loved ones if they don’t pay up.

Of course, women can also be victims of sextortion, usually by being blackmailed or by being coerced into carrying out sexual acts.

The scope of this criminal practice

According to the UK National Crime Agency, there were “864 cases of financially motivated webcam blackmail so far in 2016, more than double the figure from the whole of the previous year (385).” And that’s a conservative number, as many sextortion victims are unlikely to report the crime for fear of their online antics being exposed to family, friends and employers.

“Cases of webcam blackmail – or sextortion – are going up dramatically. As recently as 2012 we were only getting a handful of reports a year, now we’re getting hundreds, and our law enforcement partners across Europe are reporting a similar picture,” Roy Sinclair, from the NCA’s Anti-Kidnap and Extortion Unit, noted.

According to NCA’s statistics, most of the victims are men aged between 11 and 30. And, unfortunately, there have already been instances when the victims – mostly youngsters – felt they had not other option except suicide to escape the shame.

“Younger men do not always have the emotional strength to cope with blackmail. Therefore, a key purpose of our campaigning is to give more victims the confidence to confide in police about any situations or threats they’ve encountered,” Detective Chief Inspector Paul Gelman of the Hampshire Constabulary told Capital FM, which also provided a first-person account of the sextortion experience by a teenager from Hampshire.

The teen was lonely and took to dating sites to meet people, and was contacted by a woman who first chatted with him, then asked him for his Facebook profile and picture, then invited him onto Skype to talk “in person.” It took some weeks for all this to happen, and by the time they got on Skype, “it seemed normal when this woman started talking intimately.” Suspecting nothing, he was persuaded into performing sexual acts, and that was it.

Tips on avoiding sextortion

In the first place, users are advised to be careful about whom they befriend online and about whom they have sex with online.

But for those who have already fallen for the scheme, the advice is to not panic and not pay, contact the police, report the crime, and try to gather evidence.

This document by the Hampshire Constabulary has more detailed advice, as well as instructions on how to remove nude or sexually explicit images or videos that are been shared without their consent online (Facebook, Twitter, YouTube, etc.)

Victims are often doubtful that the police could help them, but the fact is that if they pay once they will be forced to pay again, and even if they pay, there is no guarantee that the videos and photos won’t ultimately be posted by the criminals.

What is law enforcement doing about all this?

Aside from mounting awareness campaigns, police in the UK and around the world is working on solving these crimes.

According to the BBC, last year over 40 arrests were made in the Philippines in relation to sextortion, and there is one ongoing international prosecution connected to one of the suicides reported this year.

Sextortion/webcam blackmail is a crime that has yet to gain widespread awareness. A variant of the scheme has been recently very realistically depicted in an episode of Netflix’s Black Mirror series.

from Help Net Security http://ift.tt/2fD1YH7

Microsoft's Clip Layer Makes It Easy to Copy Text From Any Screen

Why the Fahrenheit Temperature Scale Makes So Little Sense

Like most ways of measuring things, the United States uses a different temperature scale than most of the rest of the world. However, the Fahrenheit scale often doesn’t make much sense compared to the Celsius scale. This video explains why.

As the video above explains, before Celsius or Fahrenheit became standard, getting precise tools to measure temperature was a bigger problem than the scale that temperature was measured on. Daniel Gabriel Fahrenheit was one of the first to use mercury in his thermometers and his tools were reliably accurate. This was a new development at the time, so his thermometers were quickly adopted.

The scale, however, was pretty arbitrary. Fahrenheit kept his formulas secret, so we don’t actually know exactly how he determined where zero should be on the thermometer. Allegedly, zero was supposed to correspond to a salt, ice, and water mixture, with 100 degrees being the temperature of a human body. Neither of these is strictly accurate, but at the time that didn’t matter. What mattered was that the thermometers were consistent. Now, we have better tools to measure with, and so we’ve adopted the more intuitive Celsius scale that sets zero as the freezing point of water and 100 as its boiling point, with the human body temperature set at 37 degrees.

What the Fahrenheit?! | Veritasium

from Lifehacker http://ift.tt/2gIfsPc

Don’t Fall for These Holiday Shopping Scams

IoT camera turned into a zombie in under two minutes

Firefox 0-day exploited in the wild to unmask Tor users

An anonymous user of the SIGAINT darknet email service has revealed the existence of a JavaScript exploit that is apparently being actively used to de-anonymize Tor Browser users.

The warning came through a post on the tor-talk mailing list, which included the exploit (one HTML and one CSS file).

Tor Project leader Roger Dingledine acknowledged the post, noted that the Firefox team is already working on a patch, and once it is done, the Tor Project will see if the Tor Browser needs to be patched, too.

The Tor Browser is based on the Firefox ESR browser – its latest version is based on version 45 of Firefox ESR.

A security researcher who goes by the Twitter handle @TheWack0lian disassembled the exploit and pointed out that it’s very similar to the exploit planted by the FBI in 2013 on Freedom Hosting. The exploit was used to discover the identity of the users of the hidden services hosted by that provider, as it forced their browser to send information about the device they use (hostname, MAC address, IP address) to a server controlled by the bureau.

In this latest exploit, the information was being sent through port 80 to a server located at 5.39.27.226 – an IP address that is assigned to OVH, a French ISP and web hosting company.

Trail of Bits CEO says that the exploit exploits a use-after-free vulnerability in the Firefox’s SVG parser, and ultimately allows the attackers to perform remote code execution on Windows systems, i.e. to plant software that will force the browser to “identify” the machine.

He also says that while the vulnerability is present on macOS, the exploit does not include support for targeting any operating system but Windows.

While the exploit was likely meant to target only Tor Browser users, the fact that it has now been made public means that other attackers could soon leverage it – if they aren’t using it already.

Until Mozilla comes up with a fix, disabling JavaScript on Firefox should protect users, but temporarily using another browser is also a good idea.

Tor Browser users can do the same, although the Tor Project has several reasons for why it keeps JavaScript enabled by default on it. Ultimately, though, they advise users to make their own choice regarding JavaScript, depending on their personal security, anonymity, and usability priorities.

from Help Net Security http://ift.tt/2gFkpKY

Tips for businesses to avoid being the next big headline

Data integrity breaches are set to send shockwaves throughout the world in 2017, with at least one almighty breach disclosure of this type expected next year, according to Jason Hart, CTO Data Protection, Gemalto.

Data integrity is a promise or assurance that information can be accessed or modified only by authorised users. Data integrity attacks compromise that promise, with the aim of gaining unauthorised access to modify data for a number of ulterior motives, such as financial or reputational.

“Data integrity attacks are, of course, nothing new, yet they remain under the radar of businesses who have an ever increasing reliance on data and make huge business decisions based on its analysis. These types of attacks are what I like to call the ultimate weaponisation of data,” said Hart.

The first generation of cyber attacks focused on stopping access to the data, which quickly moved on to stealing it. Today, we’re starting see to more and more evidence that the stolen data is being altered before transition, effecting all elements of operations. With the increasing uptake of the Internet of Things, hackers have more attack surfaces and personas that they can manipulate.

Take a wearable fitness device such as the Fitbit for example, and look at the number of different people that touch it – the user, the manufacturer, the cloud provider hosting the IT infrastructure, the third parties accessing it via an API, etc. You can start to see how this can create a cross pollination of risk that the security industry has not seen before. And, this is just a personal “thing”, so when you take account of all the things that are connected to critical and national infrastructures, you can start to see how this can quickly get out of hand.

“It’s scary, but data integrity attacks have the power to bring down an entire company and beyond; entire stock markets could be poisoned and collapsed by faulty data; the power grid and other IoT systems from traffic lights to the water supply could be severely disrupted if the data they run on were to be altered. And perhaps the greatest danger is that many of these could go undetected for years before the true damage reveals itself,” according to Hart.

Data integrity breaches

• 2008 – Hackers infiltrate the Brazilian governments systems and inflate the logging quotas to disrupt logging industry
• 2010 – Hackers use the Stuxnet Worm to make minor changes in Iran’s nuclear power programme in an attempt to destroy it
• 2013 – A Syrian group hacked into the Associated Press’ Twitter account and tweeted that President Obama had been injured in explosions at the White House – the single tweet caused a 147-point drop in the Dow
• 2015 – Anonymous begin releasing financial reports exposing firms in the US and China trying to cheat the stock market. In one case, damaging the brand reputation of REXLot Holdings, a games developer, which had inflated its revenues
• 2015 – JP Morgan Chase was breached with subsequent attempts at market manipulation
• 2016 – Both the World Anti-Doping Agency and Democratic National Committee are breached with hackers manipulating their data to embarrass the organisations.

Top tips for businesses

1. Understand your data – In order for a business to protect itself, it should first conduct a data sweep to understand what data it has collected or produced and where the most sensitive parts of that data sit. It’s crucial for businesses to understand what they are trying to protect before they can even think about how to protect it.

2. Two-factor authentication – An organisation’s next step should be to focus on the adoption of strong two-factor authentication, which provides that extra layer of security should user IDs or passwords become compromised.

3. Encryption – While two-factor authentication is there to help to stop information being taken in the first place, encryption provides the layer to stop customers’ sensitive data being used if it is accessed. Companies need to utilise encryption to protect this data wherever it is found, that’s a given. Whether this be on-premise, virtual, public cloud, or hybrid environments. More importantly, the traditional data security mind-set has to evolve, with companies needing to approach it with a presumption that perimeters will be breached and, as such, prepare the correct encryption necessary, to protect the most vital aspect, the data.

4. Key management – Once a proper encryption strategy is in place, attention must switch to strong management of the encryption keys. Encryption is only as good as the key management strategy employed, and companies must ensure they are kept safe through steps like storing them in hardware modules to prevent them being hacked. After all, it’s no good having the best locks on your house and then leaving the house keys under the mat for any passing opportunist burglar to pick up!

5. Education – In order to build trust, companies need to educate their workforce and their consumers on the steps they have taken to protect their data. And it doesn’t just end there. Businesses need to employ a two-pronged approach, educating their employees and consumers on the steps they should also be taking to remain safe and protect their personal data themselves, which leads to them understanding how to protect the company’s data.

from Help Net Security http://ift.tt/2fBEKBc

Seal the integrity of your logs with Waterfall BlackBox

Upon discovery of a cyberattack, forensic experts look inside the compromised network’s various logs to locate and analyze tracks left by the attacker. Logs are the baseline information required for quality incident response and forensics. They consist of tracks and hints of the attack and the attacker.

However, once inside your network, after attackers got into a position of control, they know how to remove or alter incriminating information in all log repositories. Covering up the tracks is “basic hygiene” of a cyber attack. This is true for local, centralized or cloud-based log repository systems.

In this podcast recorded at IoT Solutions World Congress Barcelona 2016, Andrew Ginter, VP of Industrial Security at Waterfall Security, explains how, in order to keep log repositories more secure than the attacked network, Waterfall developed the BlackBox.

Waterfall BlackBox was developed with response teams, forensics and other audit professionals in mind, to maintain trust in logged information. Patented and based on Waterfall’s innovative and patented unidirectional security technology, the Waterfall BlackBox secures logs “behind” a unidirectional gateway, ensuring that logs are physically kept trustworthy and out-of-reach of cyber attackers.

With the BlackBox, there is a physical barrier between the network and the logged data so that the data sent to the BlackBox is stored physically “outside” the network, inaccessible and untouchable to anyone looking to cover their tracks.

Inside the BlackBox is a high-speed, high-capacity logging and analysis system, which can be used for revealing attackers’ tracks, detection of attempted changes, manipulation and abnormal activities. In time of need, data can be retrieved and inspected securely by physical access to the BlackBox appliance.

from Help Net Security http://ift.tt/2gUfNS4

SMEs more prone, but still quite oblivious, to cyberattacks

Despite governments, organizations and brands intensifying their cybersecurity awareness campaigns in recent years, as well as several recent high-profile attacks and security breaches, it seems that many small and medium business owners still fail to realize the extent of risk for their companies from hacking, phishing, denial-of-service, and other types of common attacks.

The Department of Homeland Security declared this past October as National Cyber Security Awareness Month. And they’re not alone. Across the pond, the EU is moving towards imposing a minimum level of security for networks, services and digital tech across all its members. That should be good news, but is it too little, too late?

A July 2016 report by the Ponemon Institute outlines just how susceptible small and medium enterprises (SMEs) already are to cybercrime. 55 percent of respondents admitted to having suffered a cyberattack over the past year, while 50 percent experienced a data breach – and let’s not forget that those are only those who were aware of such issues. Forbes highlights that 71 percent of cyberattacks occur at firms with fewer than 100 employees.

SMEs often lack the willingness or the resources to educate their employees about cyber threats. That is why phishing scams, password hacks and malware are among their biggest vulnerabilities. In fact, sometimes it’s the simplest attacks that can cause the most harm because people tend to laugh such attempts off as something they wouldn’t ever personally fall for. And perhaps that’s true once in a while, but can every manager safely say the same about their employees too?

If business titans at Sony Pictures can be hacked using Apple ID phishing emails, SMEs should take heed and should realize how important it is to build their defenses and raise awareness among their staff as soon as possible. In the case of Sony, attackers designed email messages to look like they came from AppleCare. Once unsuspecting employees clicked on the provided link, they ended up on ioscareteam.net, a convincing Apple-like website which asked for their login credentials, which were then recorded. This phishing attack proved simple, but methods used by cybercriminals are advancing rapidly.

There are some attempts to acquire personal data and passwords which are significantly harder to detect, and they often come in the form of a Man in the Middle attack, of which there are many increasingly sophisticated variations. Incapsula explains that every MITM attack has an interception and a decryption phase. Attackers use advanced IP, ARP or DNS spoofing techniques during each phase to convince not only individual users but also their computer systems that they are transmitting sensitive information safely, while it is not the case.

For instance, some attackers adopt a proactive approach, infiltrating to infiltrate DNS servers to alter a domain’s address record. When an individual attempts to access that website, they are instead sent to the attacker’s website, which is set up to look identical to the one they are spoofing. In this case, as with many other MITM attacks, even advanced users cannot detect the risk without specialized security software. This is known as DNS spoofing, and can, of course, prove very effective.

Fortunately, security solutions are constantly improving. New tech brings in a wider range of options, and competitive pricing ensures that SMEs can find the type of cybersecurity that suits their needs. For instance, web application firewalls, previously only the domain of large enterprises, have become more affordable in recent years, and available in the cloud, safeguarding against attacks such as the DNS spoofing explained above.

The average cost of a data breach in 2020 is predicted to exceed $150 million and cybercrime will cost businesses over $2 trillion by 2019, as a Juniper Research whitepaper discusses. Experts highlight the efficiency of a combined and balanced WAF and hardware web security approach, with many providers offering to tailor their security offerings to the type, size and needs of each company.

One final argument, and it’s a big one: Consumers themselves have been demanding better security from companies they buy from, regardless of their size, as the Modern Business Solutions MongoDB data leak in October 2016 showed. Over 58 million subscriber records were made public, followed by another 258 million rows of personal data. To anyone who will tell you that is a big-business problem, let us remind you that Modern Business Solutions provided storage solutions and other services for hundreds of its partners, including SMEs.

from Help Net Security http://ift.tt/2fBzEoz

158% increase in Android platform vulnerabilities

A new Quick Heal report reveals an increase in vulnerabilities on the Android platform, as well as a 33 percent rise in mobile ransomware. Researchers also found a slight decrease in Potentially Unwanted Applications (PUA) and adware, dropping by three percent and 12 percent respectively.

Security vulnerabilities in the Android platform have been growing at a significant rate

Significant report findings:

• Compared to Q2, there was a 14 percent increase in the detection count of malware on Windows-based computers.
• Total malware detection throughout Q3 2016 numbered well over three million, pointing to still unresolved security issues in the Windows operating system. The Android platform also continues to show extreme vulnerability with malware detection growing 158 percent in Q3.
• Mobile ransomware rose 33 percent in Q3, as compared to Q2 of 2016.
• Detection of mobile banking Trojans has also increased steadily, rising 25 percent in Q3 as compared to Q2 of 2016.
• Overall, when compared to 2015, 2016 has seen a 76 percent increase in mobile banking Trojans.

Adware

Attackers have broadened their scope of attacks with the help of adware. Strategies are changing from showing only ads to stealing information and developing destructive capabilities, such as ransomware infections.

Attackers may hook Adware or Potentially Unwanted Programs (PUPs) into running genuine processes, making it difficult for installed security software to trace their presence in the infected system.

Rise in Android vulnerabilities

Given the explosive rate at which security vulnerabilities are being detected on Android devices, attackers are going to ramp up their attacks on Android users.

Moreover, as smartphones continue to replace desktops and laptops as portable “data banks,” hackers will continue to use them as easy targets.

Ransomware

Ransomware variants will grow, and advanced variants of families such as Locky / Zepto will be a challenge for security products. Locky / Zepto ransomware will continue to be embedded in PDFs and other formats for wider dissemination. Ransomware-as-a-service (RaaS) attacks may increase due to “user friendliness” and availability. CrypMIC is another ransomware family that is expected to hit its targets with new variants and sophisticated propagation techniques.

In 2017, new ransomware attacks are expected to rise because CrypMIC has proven to be highly robust and the most profitable malware of its kind so far.

Payment system and banking malware threats will rise

Quick Heal’s Q1 threat report predicted a rise in the detection of banking malware, which has come to fruition. While banks embrace the mobile domain to simplify banking for their customers, this may be a risky strategy. Cyber criminals are taking advantage of this trend, and of organizations and consumers who are not taking their digital security seriously.

“The findings in our most recent report are not surprising in the least,” said Sanjay Katkar, Managing Director and Chief Technology Officer of Quick Heal. “As predicted, bad actors are continuing to take advantage of Android and Windows users and the businesses, especially financial organizations, that depend on these platforms to support daily business processes. Cyber criminals are banking on inevitable complacency and will take advantage of lapses in security protections.”

from Help Net Security http://ift.tt/2fPk0Ew

Employees rely largely on personally owned mobile devices in the workplace

Mobile device adoption in the workplace is not yet mature, found a recent survey from Gartner. Although 80 percent of workers surveyed received one or more corporate-issued devices, desktops are still the most popular corporate device among businesses, with more than half of workers receiving corporate-issued desktop PCs.

The survey findings are based on the 2016 Gartner Personal Technologies Study, which was conducted from June to August 2016 among 9,592 respondents in the U.S., the U.K. and Australia.

Thirty-six percent of workers received laptops, including convertible laptops. Adoption of convertible laptops as a corporate-issued device is still very low, but has been gradually increasing. Gartner analysts expect that more employees will receive convertible laptops in the next three years, driven by the Windows 10 refresh that can enhance the user experience with touch-based input. Adding desktops and laptops (including convertible laptops) together, 75 percent of workers will receive at least one PC-type device in mature countries.

In contrast to the high numbers of corporate-issued PCs in the workplace, relatively few workers receive mobile devices. The majority of smartphones used in the workplace are personally owned devices — only 23 percent of employees surveyed are given corporate-issued smartphones.

“The low adoption of corporate-issued mobile devices underlines the fact that large numbers of personally owned mobile devices are used in the workplace,” said Mikako Kitagawa, principal research analyst at Gartner. “In fact, more than half of employees who used smartphones at work rely solely on their personally owned smartphones.”

The usage rate of personally owned tablets lags behind that of personally owned smartphones. Only 21 percent of employees use tablets — regardless of whether they are corporate issued or personally owned.

“In the era of mobility, it comes as something of a surprise that corporate usage of smartphones and tablets is not as high as PCs, even when the use of personally owned devices is taken into account,” said Ms. Kitagawa. “While it’s true that the cost of providing mobile devices can quickly escalate, proper usage of mobile devices can increase productivity, which can easily justify the extra costs.”

When employees are provided with corporate-issued devices, they are generally happy with the devices that they receive. Less than 20 percent of respondents said they were dissatisfied with their employer-provided devices. The satisfaction level is higher with tablets and smartphones compared with desktop and laptops.

“Usage of personally owned devices in the workplace is nothing new, but the survey results confirm that this trend has become a new workplace standard. Two-thirds of survey respondents said that they use a personally owned device or devices for work,” said Ms. Kitagawa. “Smartphones and phablets are the most popular personally owned devices used for work, with 39 percent of employees using them, compared with just 10 percent who are only using corporate-issued smartphones and phablets.”

from Help Net Security http://ift.tt/2fBo5xV

The Wraparound Window Workspace

Everything You Need to Know About Bed Bugs, In One Video

They’re tiny, resilient, and they want to suck your blood. Bed bugs are a serious issue that isn’t going away any time soon. Here’s what you need to know about the microscopic monsters.

As this video from the SciShow YouTube channel explains, bed bugs are one of the fastest growing pest problems in the developed world—and it’s getting worse. If you’re unfamiliar with bed bugs, or Cimex lectularius, they’re tiny, blood-feeding insects that have acquired a taste for us humans over thousands of years. In the video, you’ll learn that bed bugs can live just about anywhere in your home, stuffing bedding and mattresses in plastic bags to starve out bed bugs doesn’t work, and the most efficient way to kill a bunch of bed bugs is heat. Adults and eggs will die within 10 minutes if exposed to temperatures of 115 degrees Fahrenheit (but don’t go lighting your bed on fire.) Fortunately, bed bugs don’t seem to pass on disease like most other blood-feeding insects, so you can take some solace in that.

There are some things you can do to fight off bed bugs, like freezing blankets and linens for several weeks, or calling an exterminator. But the best thing you can do is try to prevent them. Seal up cracks and crevices around your home so they don’t have anywhere to hide, check hotel rooms for them so you don’t any home, and set out traps.

7 Things You Should Know About Bed Bugs | YouTube

from Lifehacker http://ift.tt/2fOpD6e

Remains of the Day: Facebook Adds Instant Games to Messenger and News Feed

Employ Others to Help Enforce Your Bedtime

Make a Wine Glass-Drying Rack Out of Chopsticks

The Common Ways People Sabotage Short-Term Money Goals

An Ultramarathoner's Method for Pushing Through Walls On Long Runs

Pearl Checks Your Webcam (And Your Looks) in One Click

A Comprehensive Checklist to Buying a Used Car

Is DirecTV Now Really Worth It?

Make Custom Clear Labels with Packing Tape

Line Your Slow Cooker Lid With a Kitchen Towel to Cut Down Condensation

News in brief: Muni hacker is hacked; Facebook warned over data sharing; spy agency releases data tool

Your daily round-up of some of the other security stories in the news

EU regulator warns Facebook over WhatsApp data

Facebook could face further restrictions on its plans to collect user data from WhatsApp, the messaging platform it bought for $22bn in October 2014.

WhatsApp said in September that it would, after all and despite reassurances, share user data with its parent company, only to have both German and UK data regulators tell it to stop collecting data from its citizens.

Isabelle Falque-Pierrotin, who chairs the European Article 29 working party and who heads CNIL, France’s data protection authority, said in Paris that Facebook would probably face “additional action” after the working party’s meeting next month.

She added: ““Looking at the evidence we have, the companies have stopped merging data but possibly not for all WhatsApp services. It’s probably a bit more complicated than that.”

Spy agency releases data analysis tool

GCHQ, the UK’s spy agency, has, in a splendid mash-up of mixed metaphors, posted what it calls a “Swiss Army knife” suite of tools called CyberChef. The tool, a web app for analysing and decoding data without having to get to grips with complex software, is available on Github, the code-sharing site.

The aim, says GCHQ, is to encourage “both technical and non-technical people to explore data formats, encryption and compression”.

You can get a sense of its capabilities via the online demo, and GCHQ hopes that it will spur people on to use its “simple functions [which] can be combined to build up a ‘recipe’, potentially resulting in complex analysis, which can be shared with other users and used with their input”.

San Francisco Muni hacker is hacked

It’s usually considered unkind to enjoy someone else’s discomfort, but San Francisco’s commuters and the people who manage its Muni public transport network could be forgiven a little Schadenfreude at the news that the hacker who unleashed a ransomware attack on the network was himself hacked.

As Brian Krebs reports, he was contacted by a “security researcher” who had, apparently, compromised the hacker’s email by guessing his secret question and resetting his password.

There is a certain irony in the person who apparently caused the network to be forced to let passengers travel for free as a result of his actions falling victim to having his own account compromised so easily.

Catch up with all today’s stories on Naked Security

Follow @NakedSecurity
Follow @katebevan

from Naked Security http://ift.tt/2fz11zA

Dismay as ‘snooper’s charter’ finally becomes law

The PLAY:1 Deal Is Over, But the Rest of the SONOS Line Just Went On Sale

11 Simple Techniques to Wake Up Earlier Every Morning

When Charities Get Donations Because I Clicked, Where Do They Get the Money?

“Steam-Fry” Frozen Dumplings and Potstickers for Perfectly Crispy Skin

Today's Best Deals: Cyber Monday Leftovers, Pajamas, Razors, and More

How to Spot and Debunk Fake News

You’re Allowed to Keep Products Retailers Accidentally Send

Take Your Pick of Two Bluetooth Headphones, Starting at $10

Deutsche Telkom outage: Mirai botnet goes double-rogue

An Easy Way to Get Responses from People Who Never Answer Your Emails

Upgrade Your Brunch by Poaching Eggs in Wine

This Video Tutorial Teaches You to Balance on Your Hands

Live Your Comfiest Life Thanks to Amazon's Slipper Sale

San Francisco transport system ransomware attacker also extorted other US-based businesses

The ransomware attack that hit the San Francisco Municipal Transportation Agency last Friday is just one of many mounted by the same attacker.

According to an unnamed security researcher who managed to hack the attacker’s email account, a number of US-based manufacturing and construction firms have been hit before the SFMTA, and at least one of them paid the ransom.

The researcher told Brian Krebs that he managed to guess the answer to the secret question that allowed him to reset the password for the attacker’s email account (cryptom27@yandex.com).

There he discovered the existence of a backup email account (cryptom2016@yandex.com) which he also managed to compromise by using that very same answer to the secret question.

A perusal of both accounts revealed:

• That the attacker sent a ransom demand to SFMTA infrastructure manager Sean Cunningham last Friday
• That he’s been extorting US-based companies for months
• That he has managed to extort at least $140,000 in Bitcoin from the various victims, and likely more, as the attacker also uses a third email account that the researcher hasn’t managed to access
• Plaintext credentials for accessing on of the attacker’s attack servers, which contains open-source tools used to scan the Internet for vulnerable servers (especially Oracle servers) and compromise them.
• The logs from the attack server point to the attacker accessing it from various IP addresses in Iran. The language used by the attacker to write down notations seems to be Persian (Farsi) – a language primarily spoken in Iran, Afganistan and Tajikistan. User account names on the attack server (“Alireza,” “Mokhi”) also point to someone of Iranian origin. But, curiously enough, the contact phone number tied to another of the attacker’s hosting accounts is provided by a Russian mobile phone provider
• The identity of some of his victims: China Construction of America Inc., Rudolph Libbe Group, CDM Smith Inc., and so on. So far, it’s known that China Construction paid the ransom
• That aside from asking for ransom, the attacker also offered to share tips on securing servers (for a small fee) and, in at least one case, a victimized company accepted the offer and paid for the advice.

The SFMTA did not pay the ransom, and has never even considered doing so.

“We have an information technology team in place that can restore our systems, and that is what they are doing,” a spokesperson for the agency stated on Monday.

“Existing backup systems allowed us to get most affected computers up and running this morning, and our information technology team anticipates having the remaining computers functional in the next day or two.”

No data was stolen from the agency, and the attack did not affect their customer payment systems or payroll system, the spokesperson added.

This publicly revealed attack has proven (again) that ransomware is a lucrative business, and that having a good backup strategy is a must in this day and age for every business.

from Help Net Security http://ift.tt/2gssiAM

The Tor Phone prototype: a truly private smartphone?

Why You Should Check Out as a Guest When Shopping Online

Get Everything You Need For Your New 4K TV With This Guide

Chromecasts Now Add a Notification to Every Device On Your Network, Here's How to Stop It

You, Too, Can Rent the Murai Botnet

Seven Tips to Build a Better Party Playlist

When are you going to die? Ubisoft tool uses Facebook data to tell you

Tech support scammers have started using ransomware

Tech support scammers have begun using ransomware to force users to pay for the “cleaning” of their infected computer.

Unlike most previous tech support schemes, this one tells the truth: the computer IS actually infected, with the so-called VindowsLocker ransomware.

The message it shows after encrypting the files (and adding the .vindows extension to them) is somewhat bizarre:

“this not microsoft vindows support. we have locked your files with the zeus virus. do one thing and call level 5 microsoft support technician at 1-844-609-3192. you will files back for a one time charge of $349.99.”

Users who call the offered number will get a tech support scammer in India, and the scammer will direct them towards a payment page/custom web form which the victims are required to fill out.

The form requests the users’ email, date of birth, social security number, credit card type, number, expiration date, CVV, and the amount that they need to pay. As far as I can tell, the scammers are after information that can be used to make fraudulent payments at a later date.

According to Malwarebytes, even if the victim provides this information, they won’t be receiving a decryption key from the crooks. That’s because the ransomware abuses Pastebin’s API to deliver encryption keys to the crooks by making a private post on Pastebin.

“The author’s intention was to fetch the keys from Pastebin by logging in to their account and later selling them to the victims,” the researchers explained.

“However, they misunderstood the Pastebin API (they hardcoded a user_key) that was meant to be used for a single session. After the predefined period of time, the key expired. That’s why the pasties were assigned to ‘a Guest’, rather than to a specific account. Retrieving them in this intended way became no longer possible.”

But, luckily for the victims, the ransomware uses only symmetric cryptography and all of their files are encrypted using the same key. And thanks to some implementation mistakes by the malware’s authors, Malwarebytes experts were able to create a decryptor tool.

It’s a combination of two command line tools: one for discovering the specific key with which the victim’s files have been encrypted, and the second one to use it to decrypt the files. For more in-depth instruction on how to use it, check out this blog post.

It’s not known how the ransomware-cum-tech support scam is delivered to victims’ computers.

from Help Net Security http://ift.tt/2fx8BLk

McAfee Labs predicts 14 security developments for 2017

Intel Security released its McAfee Labs 2017 Threats Predictions Report, which identifies 14 threat trends to watch in 2017.

“To change the rules of the game between attackers and defenders, we need to neutralize our adversaries’ greatest advantages,” said Vincent Weafer, vice president of Intel Security’s McAfee Labs. “As a new defensive technique is developed, its effectiveness increases until attackers are compelled to develop countermeasures to evade it. To overcome the designs of our adversaries, we need to go beyond understanding the threat landscape to changing the defender-attacker dynamics in six key areas: information asymmetry, making attacks more expensive, improving visibility, better identifying exploitation of legitimacy, improving protection for decentralized data, and detecting and protecting in agentless environments.”

2017 threats predictions

The 2017 threats predictions run the gamut, including threats around ransomware, sophisticated hardware and firmware attacks, attacks on smart home IoT devices, the use of machine learning to enhance social engineering attacks, and an increase in cooperation between industry and law enforcement:

1. Ransomware attacks will decrease in volume and effectiveness in the second half of 2017.

2. Windows vulnerability exploits will continue to decline, while those targeting infrastructure software and virtualization software will increase.

3. Hardware and firmware will be increasingly targeted by sophisticated attackers.

4. Hackers using software running on laptops will attempt dronejackings for a variety of criminal or hacktivist purposes.

5. Mobile attacks will combine mobile device locks with credential theft, allowing cyber thieves to access such things as banks accounts and credit cards.

6. IoT malware will open backdoors into the connected home that could go undetected for years.

7. Machine learning will accelerate the proliferation of and increase the sophistication of social engineering attacks.

8. Fake ads and purchased “likes” will continue to proliferate and erode trust.

9. Ad wars will escalate and new techniques used by advertisers to deliver ads will be copied by attackers to boost malware delivery capabilities.

10. Hacktivists will play an important role in exposing privacy issues.

11. Leveraging increased cooperation between law enforcement and industry, law enforcement takedown operations will put a dent in cybercrime.

12. Threat intelligence sharing will make great developmental strides in 2017.

13. Cyber espionage will become as common in the private sector and criminal underworld as it is among nation-states.

14. Physical and cybersecurity industry players will collaborate to harden products against digital threats.

from Help Net Security http://ift.tt/2fwvCOd

What will the data breach landscape look like in 2017?

While many companies have data breach preparedness on their radar, it takes constant vigilance to stay ahead of emerging threats and increasingly sophisticated cybercriminals, according to Experian Data Breach Resolution.

“Preparing for a data breach has become much more complex over the last few years,” said Michael Bruemmer, VP at Experian Data Breach Resolution. “Organizations must keep an eye on the many new and constantly evolving threats and address these threats in their incident response plans.”

Ann Patterson, senior vice president, Medical Identity Fraud Alliance (MIFA), said: “The consequences of a medical data breach are wide-ranging, with devastating effects across the board – from the breached entity to consumers who may experience medical ID fraud to the healthcare industry as a whole. There is no silver bullet for cybersecurity, however, making good use of trends and analysis to keep evolving our cyber protections along with forecasted threats is vital.”

“The 72 hour notice requirement to EU authorities under the GDPR is going to put U.S.-based organizations in a difficult situation, said Dominic Paluzzi, co-chair of the Data Privacy & Cybersecurity Practice at McDonald Hopkins. “The upcoming EU law may just have the effect of expediting breach notification globally, although 72 hour notice from discovery will be extremely difficult to comply with in many breaches. Organizations’ incident response plans should certainly be updated to account for these new laws set to go in effect in 2017.”

Omer Tene, Vice President of Research and Education for International Association of Privacy Professionals, added “Clearly, the biggest challenge for businesses in 2017 will be preparing for the entry into force of the GDPR, a massive regulatory framework with implications for budget and staff, carrying stiff fines and penalties in an unprecedented amount. Against a backdrop of escalating cyber events, such as the recent attack on Internet backbone orchestrated through IoT devices, companies will need to train, educate and certify their staff to mitigate personal data risks.”

from Help Net Security http://ift.tt/2fZZ5MG

Five step approach to address data breaches, increase online trust

The Internet Society has released the findings from its 2016 Global Internet Report in which 59 percent of users admit they would likely not do business with a company which had suffered a data breach. Highlighting the extent of the data breach problem, the report makes key recommendations for building user trust in the online environment, stating that more needs to be done to protect online personal information.

“One of the key questions raised by this report is why are organisations doing so little to protect their customers’ data?” said Michael Kende, Economist and Internet Society Fellow who authoured the report. “Everyone knows that data security is a major issue for both consumers and businesses, yet companies are not doing everything they could to prevent breaches.”

“According to the Online Trust Alliance, 93 percent of breaches are preventable. And steps to mitigate the cost of breaches that do occur are not taken – attackers cannot steal data that is not stored, and cannot use data that is encrypted. This status-quo isn’t good enough anymore. As more and more of our lives migrate online, the cost and risk of a data breach is greatly increased, and will lead to lost revenues and a lack of trust,” added Kende.

The average cost of a data breach is now $4 million, up 29 percent since 2013. With a reported 1,673 breaches and 707 million exposed records occurring in 2015, the Internet Society is urging organisations to change their stance and follow five recommendations to reduce the number and impact of data breaches globally:

1. Put users – who are the ultimate victims of data breaches – at the centre of solutions. When assessing the costs of data breaches, include the costs to both users and organisations.

2. Increase transparency about the risk, incidence and impact of data breaches globally. Sharing information responsibly helps organisations improve data security, helps policymakers improve policies and regulators pursue attackers, and helps the data security industry create better solutions.

3. Data security must be a priority. Organisations should be held to best practice standards when it comes to data security.

4. Increase accountability – organisations should be held accountable for their breaches. Rules regarding liability and remediation must be established up front.

5. Increase incentives to invest in security. Create a market for trusted, independent assessment of data security measures so that organisations can credibly signal their level of data security. Security signals help organisations indicate that they are less vulnerable than competitors.

The IoT security black hole

The report also draws parallels with threats posed by the Internet of Things (IoT). Forecast to grow to tens of billions of devices by 2020, interconnected components and sensors that can track locations, health and other daily habits are opening gateways into user’s personal lives, leaving data exposed.

“We are at a turning point in the level of trust users are placing in the Internet,” said Internet Society’s Olaf Kolkman, Chief Internet Technology Officer. “With more of the devices in our pockets now having Internet connectivity, the opportunities for us to lose personal data is extremely high. Direct attacks on websites such as Ashley Madison and the recent IoT-based attack on Internet performance management company Dyn that rendered some of the world’s most famous websites including Reddit, Twitter and The New York Times temporarily inaccessible, are incredibly damaging both in terms of profits and reputation, but also to the levels of trust users have in the Internet.”

“Up-to-date security systems, usable security, and awareness on how to deal with threats and social engineering are needed for reducing the opportunities for data breaches and device compromise. The report shows that as much as 93 percent of all breaches could have been avoided if the correct measures were put in place. In a day and age where having a positive online presence really is a case of sink or swim for businesses, gambling with online security isn’t an option. This is why we are urging people to take action and follow our five recommendations to protect themselves both now and in the future,” added Kolkman.

from Help Net Security http://ift.tt/2grfI4Q

SMBs will spend $564 billion on IT hardware, software, and services

IDC forecasts SMBs will spend $564 billion on IT hardware, software, and services, including business services, in 2016. This amount is expected to increase at a compound annual growth rate (CAGR) of 4.2%, reaching $668 billion in 2020.

“The Third Platform has disrupted traditional IT markets and how large organizations deliver IT services. For SMBs, the result has been largely positive: a stronger ability to compete with larger firms, more easily enter new markets, more quickly develop new products, and drive higher levels of employee productivity. Over the next three years, we expect IT solutions to drive business outcomes, and in turn further close the competitive gap between SMBs and enterprises,” said Chris Chute, vice president, Customer Insights and Analysis.

SMBs will invest similar amounts in hardware, software and IT services throughout the 2015-2020 forecast with these three categories representing more than 85% of the worldwide total. While hardware purchases currently represent the largest share of this spending, it will also experience the slowest growth. Software, which is expected to grow faster than the overall market, will overtake both hardware and services to become the largest spending category by 2020. Business services will see the fastest growth of the four categories.

More than half of all SMB software purchases in 2016 will go to applications, led by enterprise resource management (ERM), customer relationship management (CRM), and content applications, with the remainder evenly divided between application development & deployment and system infrastructure software. Hardware spending will be led by purchases of telecommunications equipment, personal computers, and peripherals, which will make up nearly three quarters of all hardware purchases in 2016.

More than 40% of SMB services spending will go to outsourcing, which includes applications management, hosted applications and infrastructure management, and IS outsourcing as well as business process outsourcing. The remainder will be used to purchase project-oriented services and support & training services.

Medium-sized businesses (100-499 employees) will be the largest market throughout the 2015-2020 forecast with 38% of worldwide SMB IT products and services revenues coming from this group of companies. The remaining revenues will be generated about equally by large businesses (500-999 employees) and small businesses/small offices (1-99 employees).

On a geographic basis, the United States represents the largest market with SMB IT spending expected to total $168.7 billion in 2016. The U.S. will maintain a total share of roughly 30% throughout the forecast period. Western Europe and Asia/Pacific (excluding Japan) are the second and third largest regions for SMB IT spending, with Asia/Pacific growing faster than the overall market. The regions with the fastest grow over the five-year forecast are Latin America, the Middle East and Africa, and the United States.

“Western European SMBs show strong interest in adopting new disruptive technologies. Third Platform technologies are now imperative, as they are the building base for the adoption of Innovation Accelerators. In Western Europe, over 99% of companies are SMBs and they spent $154.3 billion in 2016, so they represent a relatively big market that is now transitioning to digital,” said Angela Vacca, research manager, Customer Insights and Analysis, IDC. “European SMBs have been so far deeply rooted in their local market while today they have the opportunity to become more visible across borders as the Internet of Things and robotics combined with cognitive systems and 3D printing are reshaping the IT landscape. The adoption of all these technologies is creating new opportunities and, as a result, demand for highly skilled workers is also increasing across all vertical markets in the SMBs segment.”

from Help Net Security http://ift.tt/2gCVNzc

The Jam Packed Pocket Organizer

The MSF Course Is A Great Way To Start Riding But It's Only The Start

This DIY Soap Sponge Makes Sure You Never Waste Soap Scraps Again

Bar soap always ends up crumbling into tiny, unusable bits as the bar gets worn down that inevitably just dissolve while slowly getting gross in the corner of your shower. This carved out body sponge puts them to good use so you never waste them again.

You can see a demo in the video above. You’ll need a large sponge (like this one from Amazon) and scissors. Cut a hole in the sponge, carving out a hole that goes about halfway through the sponge. Collect your soap bits and put them in the sponge. When you want to use the sponge for cleaning, wet the sponge, scrunch it up so the soap bits are contained and start scrubbing. The soap bits create suds so you’ll get the most out of every bar of soap.

Soap Dish Sponge Making | Nifty (YouTube)

from Lifehacker http://ift.tt/2gcK6SE

Remains of the Day: DirecTV Now to Launch on November 30th

San Francisco Transit System Target of Ransomware

The Fastest Way to Alphabetize Your Bookshelf

Make Talking to People You Hate Easier by Setting Goals for the Conversation

Cyber Monday Miracle: This Absurdly Great Delta Shower Head Is Cheaper Than Ever

How to Learn From Running Injuries and Reevaluate Your Routine

Make a More Flavorful Lunch Salad by Cutting Ingredients to the Same Size

PSA: The Mac App Store Is Filled With Scammy Apps

An Age-By-Age Guide to Teaching Your Children Financial Lessons

Your Favorite Electric Shaver Has Never Been Cheaper

How to Stop iCloud Calendar Spam

DoneGood Suggests Ethical And Eco-Friendly Alternatives When Shopping Online

When you’re looking for good deal online it can be easy to forget that you’re giving your money to corporations whose business practices you don’t necessarily agree with. DoneGood aims to offer sustainable and ethical alternatives in your feed so that you don’t need to do all the research yourself.

Let’s say I’m looking for a new pair of shoes. I might head over to Google and search for “slip ons.” DoneGood will see that you’re interested in shoes and will appear in your search results with recommendations for alternative brands that emphasize sustainability and social responsibility. In the case of the slip on shoes, for example, DoneGood suggested I might be interested in Ecco rather than Vans, as Ecco strives to use environmentally-friendly manufacturing techniques. They also support a lot of smaller companies doing good work like United By Blue, a outdoors bag and clothing maker who pledges to remove one pound of trash from nature with every item sold through their environmental cleanups, or The Root Collective, who work with women in Guatemala in impoverished communities to handcraft their items.

Right now there’s a Chrome extension that works with Google and Amazon. There’s also an iOS app (Android coming soon) that you can use to browse their selection of responsible brands directly, organized by the different issues they support. It’s a nice way to assure your holiday shopping isn’t all for naught.

DoneGood via Mashable

from Lifehacker http://ift.tt/2gAXgWB

Castro Adds Widget Controls for Instant Podcast Listening on iPhone

Turn off iMessage When Switching From iPhone to Android

The Chrome extension that “Firesheeps” you by choice

How “Any Benefit” Mentality Can Throw Your Goals Off Track

This Discounted FoodSaver System Will Pay For Itself

Deutsche Telekom confirms malware attack on its routers

German telecom and ISP giant Deutsche Telekom has confirmed that the connectivity problems some 900,000 of its customers experienced on Sunday are the result of a hack attempt.

“According to our knowledge, an attack on maintenance interfaces is currently taking place worldwide. This was also confirmed by the Federal Office for Information Security,” the company explained.

“Following the latest findings, routers of Deutsche Telekom costumers were affected by an attack from outside. Our network was not affected at any time. The attack attempted to infect routers with a malware but failed which caused crashes or restrictions for four to five percent of all routers. This led to a restricted use of Deutsche Telekom services for affected customers.”

In order to mitigate the attack, Deutsche Telekom implemented a series of filter measures to their network, and has provided a firmware update for the targeted routers: Speedport W 921V and Speedport W 723V Typ (Type) B. The update should stymie this particular attack.

“Currently, a software update is provided to all affected customers to fix the router problem. The software rollout already started and we can see the success of this measure,” the company noted, and instructed affected customers to unplug their router for 30 seconds, as the reboot clears the malware from the device.

Apparently, this particular piece of malware is loaded in the device’s memory, which is wiped after a reboot. The infamous Mirai malware is similarly loaded into target IoT devices, and can be removed by rebooting them.

This latest attack was likely just another attempt to rope users’ devices into a botnet.

After the routers are plugged in and turned on again, the new software will be installed automatically from the servers, but if it’s not, it can be downloaded from here.

Deutsche Telekom has offered a free day Internet pass to affected customers who are also mobile customers of the company, and has instructed the rest of them to contact them for help.

from Help Net Security http://ift.tt/2ftLgdb

Three Questions to Ask Before Picking Your Battles at Work

Translation Apps Are Great Now, but Don’t Use Them

‘Ransomware’ attack halts payments on San Francisco Muni network

Here's Another Half-Terabye, $100 SSD Deal

Why You Should Revisit Your Car Insurance Policy Every Six Months

Ransomware hits San Francisco’s transport system, users get free rides

The computer systems of the San Francisco Municipal Transportation Agency have been hit with ransomware on Friday. The infection apparently still persists on some of the systems, but others have already been cleaned and restored.

According to The Register, some 2,112 computers, including office desktops, CAD workstations, email and print servers, employee laptops, payroll systems, SQL databases, lost and found property terminals, and station kiosk PCs have been compromised after the malware found its way to the company’s network’s domain controller and spread further from there.

The malware is a variant of the HDDCryptor (aka Mamba) ransomware, which encrypts files in mounted drives and network shares, locks the computers’ hard disk, and overwrites their boot disk MBR.

The ransom note left by the malware contained a Yandex email address through which to contact the criminals. They apparently asked for a ransom of 100 bitcoin (around $73,000) to be transferred into a specific bitcoin wallet, but it has yet to be paid by the affected agency.

Its spokesman did not share any details about the attack. He just said that the buses and the Muni rail system are working as usual, and that users could use those services for free starting on Friday night and all through Saturday.

Some payment/ticketing systems have now been restored, but it will likely take a while until all the affected systems are back to normal.

The attackers are apparently not interested in the data those systems contained, just the money they could get for the decryption keys. The Register contacted the attackers through the given email address, and they said that the attack wasn’t targeted. “Our software [is] working completely automatically,” they said,” and the “SFMTA network was very open.”

The attackers told the SF Examiner that the malware got into the network after someone at SFMTA ( with a computer with admin privileges) downloaded a software keycode generator containing the ransomware.

They also confirmed that they weren’t yet contacted by anyone at the agency, and that the ransom has not been paid. They also believe that it won’t be paid.

The SFMTA released a statement about the incident on Sunday, and said that neither customer privacy nor transaction information were compromised in the attack.

“The situation is now contained, and we have prioritized restoring our systems to be fully operational,” they added.

from Help Net Security http://ift.tt/2gzJH9P

Who’s better at reading lips – humans or AI?

How Long It Will Take to Get Out of Debt, Depending on Your Monthly Payment

Energize Yourself with This 30 Second Breathing Exercise

Whether you skip caffeine to get better sleep or have trouble waking up either way, this quick breathing exercise boosts your energy and helps your brain wake up. Try it in the morning, or even in the mid-afternoon when you’re starting to drag a bit.

If you’re doing this in the office to beat the mid-afternoon energy lull, find a quiet spot like a stairwell or unused corner. Rest your arms gently at your sides, stand up straight, and close your eyes. Inhale deeply through your nose and raise your arms above your head. Take as deep breathes as you can, try to feel your rib cage expanding. Exhale fully and lower your arms. Repeat for 30 seconds. As the video above shows, you can do this exercise for longer, but 30 seconds will give you the right effect if you don’t have much time or privacy.

This 2-Minute Breathing Exercise Is Like a Cup of Coffee | YouTube via Lifehacker Australia

from Lifehacker http://ift.tt/2go8Apw

Give the Gift of a Dash Cam This Year - Five Models Are On Sale For Cyber Monday

Will It Sous Vide? Let's Pick Another Topic!

Take the "Inside View" to Gain Motivation For the Task You're Putting Off

Cyber Monday's a Great Excuse To Modernize Your Home Network

Remotely Control Your Fireplace With Google Home and a Raspberry Pi

Concern over FBI operation to catch users of darkweb site

Be the Life of the Party By Playing a Character Like Jim Carrey

If you want to be the kind of person who can entertain everyone at a large party, you’re gonna need more than your usual charismatic tricks. One way to get and keep the attention of your guests is to play characters.

As the video above from Charisma on Command suggests, playing a character—or several characters—allows you to entertain and put people at ease without making yourself feel awkward. By putting on the exaggerated characteristics of a diva or a dope, you can make yourself feel more comfortable in a role that you might not normally feel comfortable with.

Of course, Jim Carrey is an extreme example because he’s a character unto himself. Virtually every aspect of Carrey’s appearance and mannerisms is exaggerated to the extreme. Fortunately, you don’t need to go that far. A shift in tone of voice or a mock facial expression can communicate to your guests that you’re intentionally being silly for their benefit, rather than making jokes that would otherwise be at their expense. Check out the whole video for more tricks on how to entertain your party guests.

How To Be The Life Of ANY Party | Charisma on Command

from Lifehacker http://ift.tt/2gaw1VJ