Phishing
Attacks Hit the C-Suite With High Value Scams
Any information security professional knows that
spear-phishing is effective. Cloudmark calls it "The Secret Weapon Behind
the Worst Cyber Attacks", and lists 10 recent major breaches, from Target
to OPM, that started with a successful spear-phish.
… Two examples of
CEO frauds come with the recent W-2 spear-phishing scams, and what the FBI
calls the Business E-Mail Scam (BEC). For the former, Cloudmark's Tom Landesman
has compiled a list of 55 companies that were taken in by the W-2 attacks,
and comments, "It's likely that even more have been compromised, but have
not come forward."
… CEO frauds are
even more successful than spear-phishing. There are probably two major reasons: firstly,
few companies deliver security awareness training (such as simulated phishing
attacks) against their own C-suite; and secondly, many senior executives still
don't believe that security is their personal concern.
See FBI? All you
have to do is ask nicely.
https://news.vice.com/article/exclusive-canada-police-obtained-blackberrys-global-decryption-key-how
Exclusive:
Canadian Police Obtained BlackBerry’s Global Decryption Key
A high-level surveillance probe of Montreal's criminal
underworld shows that Canada's federal policing agency has had a global
encryption key for BlackBerry devices since 2010.
The revelations are contained in a stack of court
documents that were made public after members of a Montreal crime syndicate
pleaded guilty to their role in a 2011 gangland murder. The documents shed light on the extent to
which the smartphone manufacturer, as well as telecommunications giant Rogers,
cooperated with investigators.
… Government lawyers spent almost two years fighting in a
Montreal courtroom to keep this information out of the public record.
Because in New Jersey, everyone is a Soprano.
Joe Cadillic writes:
Thanks, to DHS & TSA
grants totaling nearly $3 million, the NJ Transit has nearly finished
installing DriveCam
LTYX’s cameras with microphones to spy on every
commuter 24/7. (Note: NJ’s Transit has been
using DriveCam surveillance cameras since 2006.)
NJ Transit officials
say spying on commuters conversations is “necessary
to fight crime and maintain security!” NJ Transit spokesman Jim Smith said, “the
onboard surveillance systems are also a deterrent for crime and unruly behavior.”
Cameras with microphones aren’t
the only thing police use to spy on us, “smart” LED lights
installed at numerous airports are illegally recording everyone’s
conversations.
Read more on MassPrivateI.
Is this what happens when “the right to be forgotten” isn’t
the law of the land? Did they believe it
would work? Have they never heard of the
Streisand effect?
UC Davis
spent thousands to scrub pepper-spray references from Internet
UC Davis contracted with consultants for at least $175,000 to scrub the Internet of negative online
postings following the November 2011 pepper-spraying of students and to improve
the reputations of both the university and Chancellor Linda P.B. Katehi, newly
released documents show.
The payments were made as the university was trying to boost
its image online and were among several contracts issued following the
pepper-spray incident.
[In case you missed it:
If it was simple, we wouldn’t need years of conflicting
opinions.
This Very
Common Cellphone Surveillance Still Doesn't Require a Warrant
The government does not need a warrant to access the
location data created on an ordinary, often minute-to-minute basis by
cellphones and logged with cell providers, the Sixth Circuit for the U.S. Court
of Appeals ruled Wednesday.
The ruling adds to a growing consensus among federal
appeals courts that law enforcement can request this type of data—called
“cell-site location information,” or CSLI—without violating the Fourth
Amendment’s protection against unreasonable search or seizure. But it only complicates the legal situation of
their use, which is now so complex that driving across the border from Illinois
to Kentucky changes how federal authorities can use the technology.
… Right now, CSLI
comes in three flavors. The first is
“real-time,” where police work with a cell provider to access location data
immediately after it’s created. This
usually does require a warrant. The
second is a “tower dump,” when authorities ask for all the phones that have
communicated with a certain tower during a period of time. There’s not a lot of law about how tower dumps
work, but as of September of last year cops rarely sought a
warrant for them.
The third is historical CSLI, where law enforcement
requests a backlog of location data created by a certain phone. This does not require a warrant, and hundreds
of these requests happen per day. In 2015, AT&T alone handled more than 58,000
requests for historic CSLI. (By
contrast, it received about 17,000 real-time CSLI warrants and fewer than 1,500
tower-dump requests.) Warrantless CSLI
may be the most common kind of cellphone surveillance that Americans are
subject to.
Encouraging the creation of the tools of the trade.
SOFT ROBOTS THAT can grasp delicate objects,
computer algorithms designed to spot an “insider threat,” and artificial
intelligence that will sift through large data sets — these are just a few of
the technologies being pursued by companies with investment from In-Q-Tel, the
CIA’s venture capital firm, according to a document
obtained by The Intercept.
Yet among the 38 previously undisclosed companies
receiving In-Q-Tel funding, the research focus that stands out is social media
mining and surveillance; the portfolio document lists several tech companies
pursuing work in this area, including Dataminr, Geofeedia, PATHAR, and
TransVoyant.
Economics for techies.
Network
Revolution: Creating Value Through Platforms, People and Technology
In the first article of a series that will be
published over the coming year, authors Barry Libert, Megan Beck and Jerry
(Yoram) Wind explore why companies whose business models involve leveraging
networks generate more value than traditional firms
If it was a game, students would be rich!
How to
Make More Money with Google Rewards
One of the best ways to get Android apps for free is to use the Google Opinion
Rewards app, a mobile survey tool that rewards you with cash in your Google
account every time you complete a few brief questions. With over 5 million installs, this is a
popular app, but are you making the best of it?
Could you be making more money with Google Opinion Rewards?
See yesterday’s blog for Illustrator templates we might be
able to use here.
Don’t Pay
for Adobe Illustrator: This Free Alternative Is Great
Want to learn how to use
Illustrator but don’t want to subscribe to Adobe
Creative Cloud? Or need to access
its features on the go while using someone else’s computer? With Gravit
you get a lot of the key features offered in expensive standards like Illustrator
or Fireworks.
Best of all, Gravit is completely free.
You just have to sign up for an account to use it. Gravit includes basic vector tools: a pen
tool, line tool, and a Bezigon tool, as well as shapes including a rectangle,
ellipse, triangle, polygon, and star.
Some of this is Windows 10 only, but some is available
now.
Microsoft
kicks off back-to-school wave with new Windows 10, Office 365 Education apps,
services
Microsoft is previewing today, April 14, what's coming on the Windows 10 Anniversary Update, Office 365 and Minecraft fronts for
educators and students as its way of kicking off its back-to-school 2016/2017
wave.
… The company also
is adding a new "Set Up School PCs" app to help teachers
set of a "Shared Cart of Devices" for classrooms which make use of
shared devices. For schools with
dedicated IT support, the updated Windows Imaging and Configuration Designer
tool will aid with setting up shared devices in bulk. And a new "Take a Test" app will create a
browser-based, locked-down environment for quickly taking standardized tests. The "Set Up School PCs" and
"Take a Test" apps will be preloaded with the Windows 10 Education
Edition.
I know students with a dozen of these.
Get A Raspberry Pi 2 Starter Kit
for 85% Off
Today, we have 85% off a giant Raspberry Pi 2 starter kit that comes with
the device itself, the cables and cards you need to make it all work, and
courses that will teach you how to use the Pi to its fullest. It would normally sell for over $800, but you
can get it for just $115! It’s a steal
at this price.
No comments:
Post a Comment