Friday, July 20, 2018

Just so you know I’m not always about the doom and gloom. On occasion I like to point to people who get it right!
https://hotforsecurity.bitdefender.com/blog/us-clinical-lab-recovers-within-50-minutes-of-getting-hit-by-samsam-ransomware-20118.html
US clinical lab recovers within 50 minutes of getting hit by SamSam ransomware
LabCorp, a clinical lab based in Burlington, North Carolina, fell victim to a ransomware attack last week, in the latest in a long string of hacker attacks on the healthcare sector.
The healthcare testing & diagnostics company reportedly noticed suspicious activity on its information technology network during the weekend of July 14. According to CSO Online, the company made the attack public in an 8K filing with the Securities and Exchange Commission. It later released an advisory to all parties concerned, saying:
“The activity was subsequently determined to be a new variant of ransomware.
… This particular strain was also used recently to infect the Colorado Department of Transportation, as well as the City of Atlanta.
LabCorp estimated it was able to contain the attack within 50 minutes. The lab is currently at 90 percent capacity and expects to fully recover soon, suggesting it had some solid backups on hand as part of an internal anti-breach program.






Imaging how much more damage a deliberate attack could cause…
https://www.yahoo.com/news/belgian-airspace-closed-over-computer-glitch-154450396.html
Belgian airspace closed over computer glitch
Belgium on Thursday closed its airspace following a computer glitch linked to problems downloading data related to flight plans, said Belgocontrol, the company tasked with controlling the country's skies.
… "The airspace was closed for security reasons, in what we refer to as a 'clear the sky' (procedure)," Belgocontrol's spokesman Alain Kniebs told AFP, describing the incident as "very exceptional."






I was just explaining to my students how fake news and shorting a stock could make hackers a lot of money. I don’t think this has anything to do with my highly detailed purely hypothetical lecture.
http://www.foxnews.com/auto/2018/07/20/fake-cnn-website-claimed-elon-musk-was-leaving-tesla.html
Fake CNN website claimed Elon Musk was leaving Tesla
Elon Musk has not announced plans to leave Tesla to start a digital currency company despite a false report circulating online.
The report, carried on a webpage made to look like the CNN Tech site, claims that Musk is leaving his job as CEO of the company so he can focus on "Bitcoin Profit," which is described as "a new company that he thinks will change the world." Links in the story for Bitcoin Profit redirect the user to advertisements or video streaming sites. A similar report made headlines in September and has circulated since then, sometimes with slightly different details.






An amazing statistic. I wonder if it’s true?
https://qz.com/1329961/hackers-account-for-90-of-login-attempts-at-online-retailers/
Hackers account for 90% of login attempts at online retailers
… Online retailers are hit the most by these attacks, according to a report by cyber security firm Shape Security. Hackers use programs to apply stolen data in a flood of login attempts, called “credential stuffing.” These days, more than 90% of e-commerce sites’ global login traffic comes from these attacks. The airline and consumer banking industries are also under siege, with about 60% of login attempts coming from criminals.






Ignore the fact that it looks like a giant conspiracy.
https://www.politico.com/story/2018/07/18/hackers-states-elections-upgrades-729054
States slow to prepare for hacking threats
Most states aren’t planning to use federal funds to make major election upgrades before November.
U.S. intelligence officials and security experts have spent years urging states to shore up their elections’ digital defenses, and the latest indictments from special counsel Robert Mueller drew fresh attention to Russia’s cyberattacks on the 2016 presidential election.
But less than four months before the midterm elections that will shape the rest of Donald Trump’s presidency, most states’ election offices have failed to fix their most glaring security weaknesses, according to a POLITICO survey of all 50 states.
And few states are planning steps that would improve their safeguards before November, even after they receive their shares of the $380 million in election security funding that Congress approved in March.
Only 13 states said they intend to use the federal dollars to buy new voting machines. At least 22 said they have no plans to replace their machines before the election — including all five states that rely solely on paperless electronic voting devices, which cybersecurity experts consider a top vulnerability.
In addition, almost no states conduct robust, statistic-based post-election audits to look for evidence of tampering after the fact.



(Related) No doubt they’ll ignore this too.
https://thenextweb.com/security/2018/07/19/cloudflare-launches-free-protection-for-election-websites/
Cloudflare launches free protection for election websites
Cloudflare has launched a new initiative, called the Athenian Project, to protect electoral websites from online attacks.
The service is available free of charge to state and local governments, and offers Cloudflare’s enterprise-level security and reliability services.



(Related) I wonder if even this will work.
https://www.securityweek.com/doj-cybersecurity-task-force-outlines-plans-protecting-elections
DOJ Cybersecurity Task Force Outlines Plans for Protecting Elections
The U.S. Justice Department’s Cyber-Digital Task Force made public its first report on Thursday, covering the threat to elections, cybercrime schemes, and various other topics.
The first chapter of the 156-page report focuses on what the Attorney General describes as “one of the most pressing cyber-enabled threats” confronting the U.S., specifically “malign foreign influence operations” and their impact on elections and other democratic institutions.
The types of threats described in the report include operations targeting voting machines, voter registration databases and other election infrastructure; operations targeting political entities; and covert influence operations whose goal is to harm political organizations and public officials.
The complete report is available from the DOJ in PDF format.





Oh yeah, them guys again.
https://www.securityweek.com/cyber-axis-evil-rewriting-cyber-kill-chain
A Cyber Axis of Evil is Rewriting the Cyber Kill Chain
The cyber kill chain employed by advanced adversaries is changing. Defenders need to evolve their defensive strategies to meet the new challenge; and they need to develop silent hunting skills.
A new study from Carbon Black queried 37 incident response firms that use its threat hunting tool to gain insight into what is happening after an attacker has breached the network.
Key statistics from the report picked out by Kellerman include the predominance of Russia and China as adversaries. Eighty-one percent of respondents highlighted Russia, and 76% highlighted China. Thirty-five percent say that the end goal is espionage.
… "This evolution coincides with mounting geopolitical tensions," suggests the report. "Nation-states such as Russia, China, Iran and North Korea are actively operationalizing and supporting technologically advanced cyber militias."





Great management and great technology and still the unexpected can happen.
https://www.cnbc.com/2018/07/19/amazon-internal-documents-what-caused-prime-day-crash-company-scramble.html
Internal documents show how Amazon scrambled to fix Prime Day glitches
Amazon failed to secure enough servers to handle the traffic surge on Prime Day, causing it to launch a scaled-down backup front page and temporarily kill off all international traffic, according to internal Amazon documents obtained by CNBC.
And that took place within 15 minutes of the start of Prime Day — one of Amazon's biggest sales days every year.
The e-commerce giant also had to add servers manually to meet the traffic demand, indicating its auto-scaling feature may have failed to work properly leading up to the crash, according to external experts who reviewed the documents. “Currently out of capacity for scaling,” one of the updates said about the status of Amazon’s servers, roughly an hour after Prime Day’s launch. “Looking at scavenging hardware.”
A breakdown in an internal system called Sable, which Amazon uses to provide computation and storage services to its retail and digital businesses, caused a series of glitches across other services that depend on it, including Prime, authentication and video playback, the documents show.
Other teams, including Alexa, Prime Now and Twitch, also reported problems, while some warehouses said they weren’t even able to scan products or pack orders for a period of time.






Perspective. Apparently not even the NYT has the answers.
https://www.nytimes.com/2018/07/19/technology/facebook-misinformation.html
What Stays on Facebook and What Goes? The Social Network Cannot Answer
… it’s been two years since an American presidential campaign in which the company was a primary vector for misinformation and state-sponsored political interference — and Facebook still seems paralyzed over how to respond.
… Presented with straightforward queries about real-world harm caused by misinformation on their service, Facebook’s executives express their pain, ask for patience, proclaim their unwavering commitment to political neutrality and insist they are as surprised as anyone that they are even in the position of having to come up with speech rules for billions of people.
… So to recap: Facebook is deeply committed to free expression and will allow people to post just about anything, including even denying the Holocaust. Unless, that is, if a Holocaust denial constitutes hate speech, in which case the company may take it down. But if a post contains a factual inaccuracy, it would not be removed, but it may be shown to very few people, reducing its impact.
On the other hand, if the misinformation has been determined to be inciting imminent violence, Facebook will remove it — even if it’s not hate speech. On the other other hand, if a site lies repeatedly, spouts conspiracy theories or even incites violence, it can maintain a presence on the site, because ultimately, there’s no falsehood that will get you kicked off Facebook.
All of this fails a basic test: It’s not even coherent. It is a hodgepodge of declarations and exceptions and exceptions to the exceptions.






Simple is too often ignored. This actually looks useful.
https://thenextweb.com/apps/2018/07/19/amazons-new-tool-tracks-down-odd-parts-to-avoid-dreaded-trips-to-the-hardware-store/
Amazon's new Part Finder scans your nuts and bolts to find odd parts
A new Amazon feature first spotted by TechCrunch helps anyone with an iPhone find odd parts that might otherwise involve a trip to the hardware store.
Called “Part Finder,” Amazon‘s new tool is one of the more useful computer vision tools to date. It takes advantage of the iPhone‘s excellent optics to scan, measure, and identify all types of fasteners or other pieces of small hardware. Once found, the app asks for some additional information — screw type, head style, and drive type: Phillips, flathead, etc. — before leading you to the appropriate product on Amazon
To get to the tool, just click the camera from the home screen.
From there it’ll take you to the scanner tool, the same instrument you’d use for scanning barcodes to reorder laundry detergent, for example. Once there, click the bottom of the screen where it says “See more” and the Part Finder tool is hiding in that menu.






For my geeks.
https://analyticsindiamag.com/top-10-free-books-and-resources-for-learning-tensorflow/
Top 10 Free Books And Resources For Learning TensorFlow
TensorFlow, the open source software library developed by the Google Brain team, is a framework for building deep learning neural networks. It is also considered one of the best ways to build deep learning models by machine learning practitioners across the globe. In deep learning models, which rely on a lot of data and computing resources, TensorFlow is used significantly.
While there are many tutorials, books, projects, videos, white papers, and other resources available, we bring you these 10 free resources to get started with TensorFlow and get your concepts clear.






We need a signing App…
https://www.cbsnews.com/news/starbucks-signing-store-washington-dc-set-to-open-in-fall-gallaudet-university/
Starbucks first ever U.S. "Signing Store" will allow customers to order in sign language
Starbucks announced Thursday that they will open its first American "Signing Store," in Washington D.C. this fall, which will be designed with the deaf community in mind. The cafe plans to hire 20-25 employees, from across the United States, who will be proficient in American Sign Language (ASL), meaning deaf individuals will be able to step up to the counter knowing they can communicate easily and effectively.






For some reason, not many of my students have Kindles.
How to Check Out and Read Library Ebooks on Your Phone or Tablet
If your library offers ebooks, one of the easiest ways to search for and check out ebooks is through Overdrive, the leading digital reading platform for libraries and schools worldwide.
But you’re probably not thinking about reading those ebooks on your computer are you? Enter Libby, a mobile app (Android, iOS, Microsoft) meant precisely for reading library ebooks, particularly if you don’t have a Kindle.



No comments: