For my next Computer Security class. (and my Ethical Hackers)
New tool helps companies assess why employees click on phishing emails
Researchers at the US National Institute of Standards and Technology (NIST) have devised a new method that could be used to accurately assess why employees click on certain phishing emails. The tool, dubbed Phish Scale, uses real data to evaluate the complexity and quality of phishing attacks to help organizations comprehend where their (human) vulnerabilities lie.
… “The Phish Scale is intended to help provide a deeper understanding of whether a particular phishing email is harder or easier for a particular target audience to detect,” said NIST researcher Michelle Steves in the press release announcing the new tool.
Phish Scale looks at two main elements when assessing how difficult it is to detect a potential phishing email. The first variable the tool evaluates is ‘phishing email cues’ – observable signs, such as spelling mistakes, using personal email addresses rather than work emails, or using time-pressuring techniques.
Meanwhile, the second ‘alignment of the email’s context to the user’ leverages a rating system to evaluate if the context is relevant to the target – the more relevant it is, the harder it becomes to identify it as a phishing email. Based on a combination of these factors, Phishing Scale categorizes the difficulty of spotting the phish into three categories: least, moderate, and very difficult.
Could be a useful tool. Well worth reading the article!
The High Privacy Cost of a “Free” Website
… She said she only allowed three trackers on spartapride.org: cookies from Twitter and Facebook that accompany their “like” buttons on the site, and one from Disqus, a commenting platform she got through a prepackaged website theme she bought off the internet for $59 to build the site.
But when The Markup scanned spartapride.org using our new instant privacy inspector, Blacklight, we found 21 different ad-tech companies tracked visitors to the site, sending possible signals about people’s gender identities to advertisers—without the users’ knowledge or consent.
… The trackers loaded because Disqus sells ads on the free version of its commenting portal, and that ad space comes with third-party tracking. Disqus discloses those trackers on its own website, but the company wouldn’t comment about tracking SPART*A’s users.
… To investigate the pervasiveness of online tracking, The Markup spent 18 months building a one-of-a-kind free public tool that can be used to inspect websites for potential privacy violations in real time. Blacklight reveals the trackers loading on any site—including methods created to thwart privacy-protection tools or watch your every scroll and click.
… Try out Blacklight here. Enter a website, and Blacklight will scan it for user-tracking technologies — and who’s getting your data.
Could be worth watching to see what they come up with…
https://www.cyberscoop.com/secret-service-ciab-cyber-command/
Secret Service looks to outsiders to boost financial cybercrime probes
The U.S. Secret Service is pulling in outside expertise from the private sector and U.S. Cyber Command as it weighs changes to its investigative methods in an attempt to keep pace with international hackers.
… To formalize its interest in tapping into the private sector’s understanding of scammers’ latest tactics, the agency earlier this year established an advisory group composed of cybersecurity practitioners from the private sector, academia, and U.S. government, as CyberScoop first reported.
Known as the Cyber Investigations Advisory Board (CIAB), the group met last week for the first time and is expected to provide insights on how the Secret Service must adapt to a rapidly changing criminal underground.
(Related) The flip side of Hacker prosecution?
https://www.cyberscoop.com/story/arkady-bukh-man-in-the-middle/
Arkady Bukh Man in the Middle
How Arkady Bukh, a New York-based immigrant from the former Soviet bloc, emerged as the go-to defense lawyer for the cybercrime underworld.
How the EU sees AI.
Artificial intelligence: threats and opportunities
Europe's growth and wealth are closely connected to how it will make use of data and connected technologies. AI can make a big difference to our lives – for better or worse - and the European Parliament has established a committee to examine the impact of the technology. Below are some key opportunities and threats connected to future applications of AI.
The volume of data produced in the world is expected to grow from 33 zettabytes in 2018 to 175 zettabytes in 2025 (one zettabyte is a thousand billion gigabytes)
Perspective. Was the topic ethical? Vegetarian (lousy hunter) ethics?
https://phys.org/news/2020-09-ethics-classes-students-moral-behavior.html
Can ethics classes actually influence students' moral behavior?
… The study found that after exposure to a philosophy article, a 50-minute discussion section, and an optional online video concerning the ethics of eating factory-farmed meat, students decreased their rates of meat purchasing from 52% to 45%. That compared to a constant rate of 52% among students in a control group exposed to similar materials on the ethics of charitable giving.
… He added the goal of the study was not specifically to convince students to eat less meat, but to find out whether philosophical ethical instruction is even capable of influencing real-world choices.
No comments:
Post a Comment