Just so you know I’m not always about the doom and gloom. On
occasion I like to point to people who get it right!
https://hotforsecurity.bitdefender.com/blog/us-clinical-lab-recovers-within-50-minutes-of-getting-hit-by-samsam-ransomware-20118.html
US clinical lab recovers
within 50 minutes of getting hit by SamSam ransomware
LabCorp, a clinical lab based in Burlington, North Carolina, fell
victim to a ransomware attack last week, in the latest in a long
string of hacker attacks on the healthcare sector.
The healthcare testing & diagnostics company reportedly
noticed suspicious activity on its information technology network
during the weekend of July 14.
According
to CSO Online, the company made the attack public in an 8K filing
with the Securities and Exchange Commission. It later released an
advisory to all parties concerned, saying:
“The activity was subsequently determined to be a new variant of
ransomware.
… This particular strain was also used recently to infect the
Colorado Department of Transportation, as well as the City of
Atlanta.
LabCorp estimated it was
able to contain the attack within 50 minutes. The lab is
currently at 90 percent capacity and expects to fully recover soon,
suggesting it had some solid backups on hand as part of an internal
anti-breach program.
Imaging how much more damage a deliberate attack could cause…
https://www.yahoo.com/news/belgian-airspace-closed-over-computer-glitch-154450396.html
Belgian airspace closed
over computer glitch
Belgium on Thursday closed its airspace following a computer
glitch linked to problems downloading data related to flight plans,
said Belgocontrol, the company tasked with controlling the country's
skies.
… "The airspace was closed for security reasons, in what
we refer to as a 'clear the sky' (procedure)," Belgocontrol's
spokesman Alain Kniebs told AFP, describing the incident as "very
exceptional."
I was just explaining to my students how fake news and shorting a
stock could make hackers a lot of money. I don’t think this has
anything to do with my
highly detailed purely
hypothetical lecture.
http://www.foxnews.com/auto/2018/07/20/fake-cnn-website-claimed-elon-musk-was-leaving-tesla.html
Fake CNN website claimed
Elon Musk was leaving Tesla
Elon Musk has not announced plans to leave Tesla to start a
digital currency company despite a false report circulating online.
The report, carried on a webpage made to look like the CNN Tech
site, claims that Musk is leaving his job as CEO of the company so he
can focus on "Bitcoin Profit," which is described as "a
new company that he thinks will change the world." Links in the
story for Bitcoin Profit redirect the user to advertisements or video
streaming sites. A similar report made headlines in September and
has circulated since then, sometimes with slightly different details.
An amazing statistic. I wonder if it’s true?
https://qz.com/1329961/hackers-account-for-90-of-login-attempts-at-online-retailers/
Hackers account for 90% of
login attempts at online retailers
… Online retailers are hit the most by these attacks,
according to a
report
by cyber security firm Shape Security. Hackers use programs to
apply stolen data in a flood of login attempts, called “credential
stuffing.” These days, more than 90% of e-commerce sites’ global
login traffic comes from these attacks. The airline and consumer
banking industries are also under siege, with about 60% of login
attempts coming from criminals.
Ignore the fact that it looks like a giant conspiracy.
https://www.politico.com/story/2018/07/18/hackers-states-elections-upgrades-729054
States slow to prepare for
hacking threats
Most states aren’t planning to
use federal funds to make major election upgrades before November.
U.S. intelligence officials and security experts have spent years
urging states to shore up their elections’ digital defenses, and
the latest indictments from special counsel Robert Mueller drew fresh
attention to Russia’s cyberattacks on the 2016 presidential
election.
But less than four months before the midterm elections that will
shape the rest of Donald Trump’s presidency, most states’
election offices have failed to fix their most glaring security
weaknesses, according to a POLITICO survey of all 50 states.
And few states are planning steps that would improve their
safeguards before November, even after they receive their shares of
the
$380
million in election security funding that Congress approved in
March.
Only 13 states said they intend to use the federal dollars to buy
new voting machines. At least 22 said they have no plans to replace
their machines before the election — including all five states that
rely solely on paperless electronic voting devices, which
cybersecurity experts consider a top vulnerability.
In addition, almost no states conduct robust, statistic-based
post-election audits to look for evidence of tampering after the
fact.
(Related) No doubt they’ll ignore this too.
https://thenextweb.com/security/2018/07/19/cloudflare-launches-free-protection-for-election-websites/
Cloudflare launches free
protection for election websites
Cloudflare has launched a new initiative, called the
Athenian
Project, to protect electoral websites from online attacks.
The service is available free of charge to state and local
governments, and offers Cloudflare’s enterprise-level security and
reliability services.
(Related) I wonder if even this will work.
https://www.securityweek.com/doj-cybersecurity-task-force-outlines-plans-protecting-elections
DOJ Cybersecurity Task
Force Outlines Plans for Protecting Elections
The
U.S. Justice Department’s
Cyber-Digital Task Force made public its first report on
Thursday, covering the threat to elections, cybercrime schemes, and
various other topics.
… The
first chapter of the 156-page report focuses on what the Attorney
General describes as “one of the most pressing cyber-enabled
threats” confronting the U.S., specifically “malign foreign
influence operations” and their impact on elections and other
democratic institutions.
The
types of threats described in the report include operations targeting
voting machines, voter registration databases and other election
infrastructure; operations targeting political entities; and covert
influence operations whose goal is to harm political organizations
and public officials.
…
The
complete report is available from the DOJ in PDF
format.
Oh yeah, them guys again.
https://www.securityweek.com/cyber-axis-evil-rewriting-cyber-kill-chain
A Cyber Axis of Evil is
Rewriting the Cyber Kill Chain
The cyber
kill chain employed by advanced adversaries is changing.
Defenders need to evolve their defensive strategies to meet the new
challenge; and they need to develop silent hunting skills.
A new
study from Carbon Black queried 37 incident response firms that
use its threat hunting tool to gain insight into what is happening
after an attacker has breached the network.
…
Key statistics from the
report
picked out by Kellerman include the predominance of Russia and China
as adversaries. Eighty-one percent of respondents highlighted
Russia, and 76% highlighted China. Thirty-five percent say that the
end goal is espionage.
… "This evolution coincides with mounting geopolitical
tensions," suggests the report. "Nation-states such as
Russia, China, Iran and North Korea are actively operationalizing and
supporting technologically advanced cyber militias."
Great management and great technology and still the unexpected can
happen.
https://www.cnbc.com/2018/07/19/amazon-internal-documents-what-caused-prime-day-crash-company-scramble.html
Internal documents show how
Amazon scrambled to fix Prime Day glitches
Amazon
failed to secure enough servers to handle the traffic surge on Prime
Day, causing it to launch a scaled-down backup front page and
temporarily kill off all international traffic, according to internal
Amazon documents obtained by CNBC.
And that took place within 15 minutes of the start of Prime Day —
one of Amazon's biggest sales days every year.
The e-commerce giant also had to add servers manually to meet the
traffic demand, indicating its auto-scaling feature may have failed
to work properly leading up to the crash, according to external
experts who reviewed the documents. “Currently out of capacity for
scaling,” one of the updates said about the status of Amazon’s
servers, roughly an hour after Prime Day’s launch. “Looking at
scavenging hardware.”
A breakdown in an internal system called Sable, which Amazon uses
to provide computation and storage services to its retail and digital
businesses, caused a series of glitches across other services that
depend on it, including Prime, authentication and video playback, the
documents show.
Other teams, including Alexa, Prime Now and Twitch, also reported
problems, while some warehouses said they weren’t even able to scan
products or pack orders for a period of time.
Perspective. Apparently not even the NYT has the answers.
https://www.nytimes.com/2018/07/19/technology/facebook-misinformation.html
What Stays on Facebook and
What Goes? The Social Network Cannot Answer
… it’s been two years since an American presidential
campaign in which the company
was
a primary vector for misinformation and
state-sponsored
political interference — and Facebook still seems paralyzed
over how to respond.
… Presented with straightforward queries about real-world harm
caused by misinformation on their service, Facebook’s executives
express their pain, ask for patience, proclaim their unwavering
commitment to political neutrality and insist they are as surprised
as anyone that they are even in the position of having to come up
with speech rules for billions of people.
… So to recap: Facebook is deeply committed to free expression
and will allow people to post just about anything, including even
denying the Holocaust. Unless, that is, if a Holocaust denial
constitutes hate speech, in which case the company may take it down.
But if a post contains a factual inaccuracy, it would not be removed,
but it may be shown to very few people, reducing its impact.
On the other hand, if the misinformation has been determined to be
inciting imminent violence, Facebook will remove it — even if it’s
not hate speech. On the
other other hand, if a site lies
repeatedly, spouts conspiracy theories or even incites violence, it
can maintain a presence on the site, because ultimately, there’s no
falsehood that will get you kicked off Facebook.
All of this fails a basic test: It’s not even coherent. It is a
hodgepodge of declarations and exceptions and exceptions to the
exceptions.
Simple is too often ignored. This actually looks useful.
https://thenextweb.com/apps/2018/07/19/amazons-new-tool-tracks-down-odd-parts-to-avoid-dreaded-trips-to-the-hardware-store/
Amazon's new Part Finder
scans your nuts and bolts to find odd parts
A new Amazon feature first spotted by
TechCrunch
helps anyone with an
iPhone
find odd parts that might otherwise involve a trip to the hardware
store.
Called “Part Finder,” Amazon‘s new tool is one of the more
useful computer vision tools to date. It takes advantage of the
iPhone‘s excellent optics to scan, measure, and identify all types
of fasteners or other pieces of small hardware. Once found, the app
asks for some additional information — screw type, head style, and
drive type: Phillips, flathead, etc. — before leading you to the
appropriate product on Amazon
To get to the tool, just click the camera from the home screen.
From there it’ll take you to the scanner tool, the same
instrument you’d use for scanning barcodes to reorder laundry
detergent, for example. Once there, click the bottom of the screen
where it says “See more” and the Part Finder tool is hiding in
that menu.
For my geeks.
https://analyticsindiamag.com/top-10-free-books-and-resources-for-learning-tensorflow/
Top 10 Free Books And
Resources For Learning TensorFlow
TensorFlow, the open source
software library developed by the Google Brain team, is a framework
for building deep learning neural networks. It is also considered
one of the best ways to build deep learning models by machine
learning practitioners across the globe. In deep learning models,
which rely on a lot
of data and computing resources, TensorFlow is used
significantly.
…
While there are many
tutorials, books, projects, videos, white papers, and other resources
available, we bring you these 10 free
resources to get started with TensorFlow and get your concepts clear.
We need a signing App…
https://www.cbsnews.com/news/starbucks-signing-store-washington-dc-set-to-open-in-fall-gallaudet-university/
Starbucks first ever U.S.
"Signing Store" will allow customers to order in sign
language
Starbucks announced Thursday that they will open its first
American "Signing Store," in Washington D.C. this fall,
which will be designed with the deaf community in mind. The cafe
plans to hire 20-25 employees, from across the United States, who
will be proficient in American Sign Language (ASL), meaning deaf
individuals will be able to step up to the counter knowing they can
communicate easily and effectively.
For some reason, not many of my students have Kindles.
How
to Check Out and Read Library Ebooks on Your Phone or Tablet
If your library offers ebooks, one of the easiest ways to search
for and check out ebooks is through
Overdrive,
the leading digital reading platform for libraries and schools
worldwide.
But you’re probably not thinking about reading those ebooks on
your computer are you? Enter
Libby,
a mobile app (
Android,
iOS,
Microsoft)
meant precisely for reading library ebooks, particularly if you don’t
have a Kindle.
