This happens here, but rarely in connection with
IT companies.
Express News Service reports:
Proprietors of three small-scale IT companies were arrested on Saturday in connection with the data leak of students who appeared for the class 10 and 12 state board exams this year. The serious breach of data came to light recently as data companies were openly selling the district-wise details of nearly 8 lakh students along with their address, phone numbers and other personal information, which were collected by the School Education department from the students.
A statement from the city police said three companies in the city were found involved in selling the data and arrested owners of the three companies. But the police could not tell the origin of the breach of data from the government’s database.
Read more on New
Indian Express.
Why Russia (and others) have such an easy time
hacking the US.
GAO –
Urgent Actions Are Needed to Address Cybersecurity Challenges Facing
the Nation
Urgent Actions Are Needed to Address Cybersecurity
Challenges Facing the Nation, GAO-18-645T:
Published: Jul 25, 2018. Publicly Released: Jul 25, 2018. “GAO
has identified four major cybersecurity challenges and 10 critical
actions that the federal government and other entities need to take
to address them. GAO continues to designate information security as
a government-wide high-risk area due to increasing cyber-based
threats and the persistent nature of security vulnerabilities…”
“GAO has made over 3,000 recommendations to agencies aimed at addressing cybersecurity shortcomings in each of these action areas, including protecting cyber critical infrastructure, managing the cybersecurity workforce, and responding to cybersecurity incidents. Although many recommendations have been addressed, about 1,000 have not yet been implemented. Until these shortcomings are addressed, federal agencies’ information and systems will be increasingly susceptible to the multitude of cyber-related threats that exist…”
Russia wants to turn off your lights? When does
this rise to an act of war?
Russian
Hackers Meddling with U.S. Power Grid Poses Huge Threat to National
Security
The newest cyber threat troubling top U.S.
government officials is the prospect of Russian hackers breaking into
the U.S. power grid and selectively causing blackouts across the
country. According to officials at the Department of Homeland
Security (DHS), members of a shadowy, state-sponsored group known as
Dragonfly or Energetic Bear have been escalating hacking attacks on
the U.S. energy grid, nuclear facilities and other critical U.S.
infrastructure since 2014. The next inevitable step is for these
hackers to “throw the switch” on control systems at power plants
in order to cause blackouts.
… First, they gained access to networks of key
utility vendors using simple tactics such as spear-phishing attacks
and watering-hole attacks. Once they gained the right passwords and
credentials, that’s when they went to work studying the ins and
outs of the U.S. power grid using their newfound backdoor access.
Since these utility vendors had the ability to
update software and run diagnostics, hackers who worked for a Russian
state sponsored group gained a valuable back door into key elements
of the national power grid. What if, for example, they decide to
delete some of the grid software instead of updating it? Or what if
these Russian hackers decide to alter the diagnostics testing in
order to expose the system to more risk?
The real concern, say DHS officials, is that
Russian hackers will eventually get to the point where they could
automate hacking attacks from a distance.
(Related)
Russians
Are Targeting Private Election Companies, Too — And States Aren’t
Doing Much About It
The American election system is a textbook example
of federalism at work. States administer elections, and the federal
government doesn’t have much say in how they do it. While this
decentralized system has its benefits, it also means that there’s
no across-the-board standard for election system cybersecurity
practices. This lack of standardization has become all the more
apparent over the past two years: Hackers probed
21 state systems during the lead-up to the 2016 election and
gained access to one. But the federal government and states don’t
appear to have made great strides to ensure that this doesn’t
happen again. To do so, they’d need to deal with not only their
own cybersecurity deficits but also those of the private companies
that help states administer elections.
Voting machine manufacturers and the makers of
election software and electronic poll books (which are lists of
eligible voters) are crucially intertwined with state election
systems. All states, to some extent or another, rely on these
private companies for election products. But despite the central
role these companies play, state regulations of them are relatively
lax.
Useful ability for my Computer Security students?
Interesting research: "You
are your Metadata: Identification and Obfuscation of Social Media
Users using Metadata Information," by Beatrice Perez, Mirco
Musolesi, and Gianluca Stringhini.
Abstract: Metadata are associated to most of the information we produce in our daily interactions and communication in the digital world. Yet, surprisingly, metadata are often still categorized as non-sensitive. Indeed, in the past, researchers and practitioners have mainly focused on the problem of the identification of a user from the content of a message.
In this paper, we use Twitter as a case study to quantify the uniqueness of the association between metadata and user identity and to understand the effectiveness of potential obfuscation strategies. More specifically, we analyze atomic fields in the metadata and systematically combine them in an effort to classify new tweets as belonging to an account using different machine learning algorithms of increasing complexity. We demonstrate that through the application of a supervised learning algorithm, we are able to identify any user in a group of 10,000 with approximately 96.7% accuracy. Moreover, if we broaden the scope of our search and consider the 10 most likely candidates we increase the accuracy of the model to 99.22%. We also found that data obfuscation is hard and ineffective for this type of data: even after perturbing 60% of the training data, it is still possible to classify users with an accuracy higher than 95%. These results have strong implications in terms of the design of metadata obfuscation strategies, for example for data set release, not only for Twitter, but, more generally, for most social media platforms.
Good summary, useful graphic.
The 6 Types
Of Cyber Attacks To Protect Against In 2018
Perspective. The decline and fall of American
society?
The First
Augur Assassination Markets Have Arrived
"Killed, not die of natural causes or
accidents."
Pretty much everyone saw them coming, but it was
no less disturbing when assassination markets actually began to
appear on Augur, a decentralized protocol for betting on the outcomes
of real-world events and that launched
two weeks ago on ethereum.
The markets – which allow users to bet on the
fates of prominent politicians, entrepreneurs and celebrities – in
some cases explicitly specify assassination, as the quote above
shows. (CoinDesk is intentionally not providing links to these
markets or naming the individuals concerned.)
In addition to targeting individuals, some markets
offer bets on whether mass shootings and terrorist attacks with
certain minimum numbers of casualties will occur.
I keep threatening my students with an infographic
project. Maybe this Quarter I’ll actually assign one.
15 Free
Infographic Templates in Powerpoint
-
Infographics are a powerful tool for capturing the attention of your target audiences. In fact, businesses that publish infographics grow their traffic an average of 12% more than those that don’t.
-
The hard part, of course, is finding time and resources to create these infographics. That’s why we’ve created fifteen fully customizable infographic templates that will give you the inspiration and foundation you need to build your own infographics right in PowerPoint or Illustrator.”
-
Note – requires free registration…”
1 comment:
Hi,
I'm Candy from PearlMountain Limited. I'm wondering if you could write something about our DesignEvo on your site.
DesignEvo is an online logo maker for creating professional logos in seconds. Try it out:https://www.designevo.com/. Some of its key features:
* 5000+ professionally designed templates.
* Over one million icons available to search through.
* Hundreds of text fonts and shapes to choose from.
* Fully customizable features.
Besides, it also has mobile versions:https://www.designevo.com/for-mobile/.
The version for Mac:https://www.designevo.com/desktop/.
Could you please take a look and make a video for this app? If you are interested, please feel free to ask me for the coupon to get its premium logo packages for free.
Look forward to hearing from you soon.
Best Regards,
Candy
Post a Comment