Technology

New Delhi, Oct 1 (IANS): A new malware has infected roughly 13,500 Internet of Things (IoT) devices like Android TVs in 84 countries, chiefly in Asia, and that number continues to grow, US-based cybe… [+2396 chars]

The coronavirus pandemic has shaken the world and caused industries all around to take drastic measures and take on major shifts in order to survive the ordeal. As the world’s economy takes a hit and… [+4478 chars]

Coffee machines catching ransomware, Blacklight shines a torch on website tracking, and a woman is freaked out that a complete stranger can turn off her homes security system. All this and much more… [+1713 chars]

<div class="body gsd-paywall article-body"><p>The Cybersecurity and Infrastructure Security Agency (CISA) has released the <a href="https://www.cisa.gov/publication/telework-essentials-toolkit">Telework Essentials Toolkit</a>, a comprehensive resource of telework best practices. The Toolkit provides three personalized modules for executive leaders, IT professionals, and teleworkers. Each module outlines distinctive security considerations appropriate for their role:</p> <ul> <li>Actions for executive leaders that drive cybersecurity strategy, investment and culture</li> <li>Actions for IT professionals that develop security awareness and vigilance</li> <li>Actions for teleworkers to develop their home network security awareness and vigilance</li> </ul> <p>To view the guide, visit https://www.cisa.gov/sites/default/files/publications/20-02019b%20-%20Telework_Essentials-08272020_CLEAN_r3_508pobs.pdf</p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> </div>

To crypto anarchists, Bitcoin is seen as one of the most important tools to help promote self sovereignty and liberation. Yes, there’s fantastic technology involved and “number go up” is fantastic, b… [+8502 chars]

Since their arrival, computers have been beneficial to businesses, offices, institutions, and private use. They have also helped in automating almost every function, including buying and selling good… [+12475 chars]

Coinbase will offer non-aligned employees a severance package, Kadena looks to cut into the DeFi market with a new decentralized exchange and Sushiswap is hemorrhaging liquidity.  Severance offerCoi… [+6016 chars]

The world during the pandemic prepares many surprises for us. Most of them are certainly unpleasant: health risks, inability to travel or meet old friends. One of these unpleasant surprises awaited u… [+4233 chars]

Avast, a global provider of digital security and privacy products, has launched Avast Smart Life for 5G, its smart home security solution for 5G, delivered as a virtualised network function (VNF). A… [+3077 chars]

A source told Billboard that Lanez's team emailed the media pretending to be someone from Megan's label. The situation involving the shooting of rap superstar Megan Thee Stallion is getting more and… [+3008 chars]

<div class="c-article__content js-reading-content"> <p>Cybercriminals are exploiting a $100 million Facebook grant program designed for small businesses impacted by the pandemic, to phish personal information and take over Facebook accounts.</p> <p>The perpetrators are trying to dupe people into thinking that the social network is handing out free money to any user affected by COVID-19, according to a Kaspersky analysis. It’s using messaging platforms to proliferate.</p> <p>“This is an attack that was caught propagating via messengers, such as Telegram,” Vladislav Tushkanov, senior data scientist at Kaspersky, told Threatpost. “This seems to be a common trend – we even see some attacks where after asking for your private info, the perpetrators ask you to forward the scam link to your WhatsApp contacts (e.g. ‘to spread awareness about these benefits’).”</p> <p><a href="https://threatpost.com/newsletter-sign/"><img class="aligncenter wp-image-141989 size-full" src="https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg" alt="" width="700" height="50"></a></p> <p>Despite the “must be too good to be true” aspect of the game that should tip most people off, the cybercriminals are taking steps to make the offer seem legit.</p> <p>“Samples detected by Kaspersky indicate that potential victims viewed an article appearing to come from a prominent media outlet [CNBC] and were prompted to follow a link to apply for the grant,” researchers explained, in a <a href="https://www.kaspersky.com/blog/facebook-grants/37181/" target="_blank" rel="noopener noreferrer">Tuesday post</a>. They pointed out that there is in fact, a real CNBC article about coronavirus-related Facebook grants, but the <a href="https://www.facebook.com/business/boost/grants" target="_blank" rel="noopener noreferrer">legitimate program</a> is for small businesses, not individuals.</p> <div id="attachment_159680" style="width: 150px" class="wp-caption alignright"><img aria-describedby="caption-attachment-159680" class="size-medium wp-image-159680" src="https://media.threatpost.com/wp-content/uploads/sites/103/2020/09/30114317/Facebook-CNBC-140x300.png" alt="" width="140" height="300"><p id="caption-attachment-159680" class="wp-caption-text">The bogus CNBC article. Source: Kaspersky</p></div> <p>If people were sucked into clicking the link, they were taken to a phishing page and asked to enter personal information, even including a scan of both sides of their ID.</p> <p>“First you’ll be asked for your Facebook username and password,” according to Kaspersky. “If you enter them, they’ll go straight to the cybercriminals. Then, to accept your application, the site requires a lot more information, supposedly to verify your account: Your address, Social Security number (for U.S. citizens), and even a scan of both sides of your ID. No fields can be left blank, and the site diligently prompts you about any omissions.”</p> <p>The portal mimics the official site of Mercy Corps, a charity that helps victims of natural disasters and armed conflicts.</p> <p>“However, the only topic on this one is Facebook grants, and the victim is asked to specify how many years they have been a user of the social network,” researchers noted. “The collected information allowed the scammers to gain access of their victims’ Facebook accounts, which they could use to pull off other crimes, including identity theft.”</p> <p>There are a few red flags along the way; for instance, the headline in the purported CNBC article is filled with grammar mistakes.</p> <p>“The grammar should give away the game, and the URL, which does not start with cnbc.com, is another suspicious element,” according to the posting.</p> <p>Also, the grammar on the phishing website “stinks,” the researchers said, and most of the links don’t work. “And, of course, the site URL does not contain facebook.com, so it clearly has nothing to do with Facebook,” they added.</p> <p>Once the information is submitted, the crooks log into the victim’s Facebook account and then try to message friends or leave postings that ultimately are aimed at extracting money from them.</p> <p>“Facebook accounts can be used to scam victims’ friends and relatives directly or to promote further scam,” Tushkanov said.</p> <p>However, the form fields provide the crooks with enough personal information to steal full identities, researchers warned. “Armed with this and scans of your documents, they will likely be able to get into any of your accounts, including online banking.”</p> <p>These types of scams aren’t going away anytime soon, Tushkanov said, so people should be vigilant and careful in vetting “offers” like these.</p> <p>“We have seen numerous attempts to lure people by promising them some kind of <a href="https://threatpost.com/covid-19-scam-scramble-cybercrooks-recycle/154383/" target="_blank" rel="noopener noreferrer">coronavirus-related compensations</a> – for following by stay-at-home orders, payments for children etc.,” he told Threatpost, adding that these kinds of simple scams are the most common. “More sophisticated attacks are by definition more difficult to carry out. So yes, these more simplistic attacks seem to still be the most common ones. Ultimately, almost all scammers are driven by some kind of financial incentive.”</p> <p><strong><a href="https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=oct_webinar" target="_blank" rel="noopener noreferrer" data-saferedirecturl="https://www.google.com/url?q=https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source%3DART%26utm_medium%3DART%26utm_campaign%3Doct_webinar&amp;source=gmail&amp;ust=1601573586021000&amp;usg=AFQjCNEkB-TJfW5GVC9sjRAwqUbzoFWHOA">On October 14 at 2 PM ET</a></strong> Get the latest information on the rising threats to retail e-commerce security and how to stop them. <strong><a href="https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=oct_webinar" target="_blank" rel="noopener noreferrer" data-saferedirecturl="https://www.google.com/url?q=https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source%3DART%26utm_medium%3DART%26utm_campaign%3Doct_webinar&amp;source=gmail&amp;ust=1601573586021000&amp;usg=AFQjCNEkB-TJfW5GVC9sjRAwqUbzoFWHOA">Register today</a></strong> for this FREE Threatpost webinar, “<strong><a href="https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=oct_webinar" target="_blank" rel="noopener noreferrer" data-saferedirecturl="https://www.google.com/url?q=https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source%3DART%26utm_medium%3DART%26utm_campaign%3Doct_webinar&amp;source=gmail&amp;ust=1601573586021000&amp;usg=AFQjCNEkB-TJfW5GVC9sjRAwqUbzoFWHOA">Retail Security: Magecart and the Rise of e-Commerce Threats.</a></strong>” Magecart and other threat actors are riding the rising wave of online retail usage and racking up big numbers of consumer victims. Find out how websites can avoid becoming the next compromise as we go into the holiday season. Join us Wednesday, Oct. 14, 2-3 PM ET for this <strong><a href="https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=oct_webinar" target="_blank" rel="noopener noreferrer" data-saferedirecturl="https://www.google.com/url?q=https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source%3DART%26utm_medium%3DART%26utm_campaign%3Doct_webinar&amp;source=gmail&amp;ust=1601573586021000&amp;usg=AFQjCNEkB-TJfW5GVC9sjRAwqUbzoFWHOA">LIVE </a></strong>webinar.</p> <footer class="c-article__footer"> <div class="c-article__footer__container"> <div class="c-article__footer__col"> <a href="#discussion" class="c-button c-button--secondary">Write a comment</a> </div> <div class="c-article__footer__col"> <div class="c-article__sharing"> <p><strong>Share this article:</strong></p> <nav class="c-nav-sharing"> <div class="social-likes social-likes_notext" data-title="Facebook Small Business Grants Spark Identity-Theft Scam" data-url="https://threatpost.com/facebook-small-biz-grants-identity-theft-scam/159681/" data-counters="yes" data-zeroes="yes"><div class="facebook" title="Share via Facebook"></div> <div class="twitter" title="Share via Twitter"></div><div class="linkedin" title="Share via LinkedIn"></div> <div class="reddit" title="Share via Reddit"></div> <div class="flipboard" title="Share via Flipboard"></div> </div> </nav> </div> </div> </div> <div class="c-article__footer__container"> <div class="c-article__footer__col"></div> <div class="c-article__footer__col"> <ul class="c-list-categories"> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/web-security/">Web Security</a></li> </ul> </div> </div> </footer> </div>

Harold Li is Vice President of ExpressVPN, a privacy and security company protecting users globally with its award-winning service. Getty Encryption is critical to digital security and the key to e… [+4875 chars]

<div class="c-article__content js-reading-content"> <p>Over half of exposed Exchange servers are still vulnerable to a severe bug that allows authenticated attackers to execute code remotely with system privileges – even eight months after Microsoft issued a fix.</p> <p>The vulnerability in question (<a href="https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688" target="_blank" rel="noopener noreferrer">CVE-2020-0688</a>) exists in the control panel of Exchange, Microsoft’s mail server and calendaring server. The flaw, which stems from the server failing to properly create unique keys at install time, was fixed as part of Microsoft’s <a href="https://threatpost.com/microsoft-active-attacks-air-gap-99-patches/152807/" target="_blank" rel="noopener noreferrer">February Patch Tuesday</a> updates – and <a href="https://threatpost.com/microsoft-exchange-server-flaw-exploited-in-apt-attacks/153527/" target="_blank" rel="noopener noreferrer">admins in March were warned</a> that unpatched servers are being exploited in the wild by unnamed advanced persistent threat (APT) actors.</p> <p>However, new telemetry found that out of 433,464 internet-facing Exchange servers observed, at least 61 percent of Exchange 2010, 2013, 2016 and 2019 servers are still vulnerable to the flaw.</p> <p><a href="https://threatpost.com/newsletter-sign/"><img class="aligncenter wp-image-141989 size-full" src="https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg" alt="" width="700" height="50"></a></p> <p>“There are two important efforts that Exchange administrators and infosec teams need to undertake: verifying deployment of the update and checking for signs of compromise,” said Tom Sellers with Rapid7 <a href="https://blog.rapid7.com/2020/04/06/phishing-for-system-on-microsoft-exchange-cve-2020-0688/" target="_blank" rel="noopener noreferrer">in a Tuesday analysis</a>.</p> <blockquote class="twitter-tweet" data-width="500" data-dnt="true"> <p lang="en" dir="ltr">Speaking of Exchange, we took another look at Exchange CVE-2020-0688 (any user -&gt; SYSTEM on OWA). </p> <p>It's STILL 61% unpatched. </p> <p>This is dangerous as hell and there is a reliable Metasploit module for it.</p> <p>See the UPDATED information on the ORIGINAL blog:<a href="https://t.co/DclWb3T0mZ">https://t.co/DclWb3T0mZ</a></p> <p>— Tom Sellers (@TomSellers) <a href="https://twitter.com/TomSellers/status/1310991824828407808?ref_src=twsrc%5Etfw">September 29, 2020</a></p></blockquote> <p><script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script></p> <p>Researchers warned <a href="https://www.volexity.com/blog/2020/03/06/microsoft-exchange-control-panel-ecp-vulnerability-cve-2020-0688-exploited/" target="_blank" rel="noopener noreferrer">in a March advisory</a> that unpatched servers are being exploited in the wild by unnamed APT actors. Attacks <a href="https://www.tenable.com/blog/cve-2020-0688-microsoft-exchange-server-static-key-flaw-could-lead-to-remote-code-execution?utm_source=charge&amp;utm_medium=social&amp;utm_campaign=internal-comms" target="_blank" rel="noopener noreferrer">first started in late February</a> and targeted “numerous affected organizations,” researchers said. They observed attackers leverage the flaw to run system commands to conduct reconnaissance, deploy webshell backdoors and execute in-memory frameworks, post-exploitation.</p> <p><a href="https://threatpost.com/serious-exchange-flaw-still-plagues-350k-servers/154548/" target="_blank" rel="noopener noreferrer">Previously, in April</a>, Rapid7 researchers found that more than 80 percent of servers were vulnerable; out of 433,464 internet-facing Exchange servers observed, at least 357,629 were open to the flaw (as of March 24). Researchers used Project Sonar, a scanning tool, to analyze internet-facing Exchange servers and sniff out which were vulnerable to the flaw.</p> <div id="attachment_159670" style="width: 235px" class="wp-caption alignleft"><a href="https://media.threatpost.com/wp-content/uploads/sites/103/2020/09/30094515/cve-2020-0688_vulnerability_status.png"><img aria-describedby="caption-attachment-159670" class="size-medium wp-image-159670" src="https://media.threatpost.com/wp-content/uploads/sites/103/2020/09/30094515/cve-2020-0688_vulnerability_status-225x300.png" alt="microsoft exchange RCE flaw" width="225" height="300"></a><p id="caption-attachment-159670" class="wp-caption-text">Exchange build number distribution status for flaw. Credit: Rapid7</p></div> <p>Sellers urged admins to verify that an update has been deployed. The most reliable method to do so is by checking patch-management software, vulnerability-management tools or the hosts themselves to determine whether the appropriate update has been installed, he said.</p> <p>“The update for CVE-2020-0688 needs to be installed on any server with the Exchange Control Panel (ECP) enabled,” he said. “This will typically be servers with the Client Access Server (CAS) role, which is where your users would access the Outlook Web App (OWA).”</p> <p>With the ongoing activity, admins should also determine whether anyone has attempted to exploit the vulnerability in their environment. The exploit code that Sellers tested left log artifacts in the Windows Event Log and the IIS logs (which contain HTTP server API kernel-mode cache hits) on both patched and unpatched servers: “This log entry will include the compromised user account, as well as a very long error message that includes the text invalid viewstate,” he said.</p> <p>Admins can also review their IIS logs for requests to a path under /ecp (usually /ecp/default.aspx), Sellers said, These should contain the string __VIEWSTATE and __VIEWSTATEGENERATOR – and will have a long string in the middle of the request that is a portion of the exploit payload.</p> <p>“You will see the username of the compromised account name at the end of the log entry,” he said. “A quick review of the log entries just prior to the exploit attempt should show successful requests (HTTP code 200) to web pages under /owa and then under /ecp.”</p> <p><strong><a href="https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=oct_webinar" target="_blank" rel="noopener noreferrer" data-saferedirecturl="https://www.google.com/url?q=https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source%3DART%26utm_medium%3DART%26utm_campaign%3Doct_webinar&amp;source=gmail&amp;ust=1601573586021000&amp;usg=AFQjCNEkB-TJfW5GVC9sjRAwqUbzoFWHOA">On October 14 at 2 PM ET</a></strong> Get the latest information on the rising threats to retail e-commerce security and how to stop them. <strong><a href="https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=oct_webinar" target="_blank" rel="noopener noreferrer" data-saferedirecturl="https://www.google.com/url?q=https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source%3DART%26utm_medium%3DART%26utm_campaign%3Doct_webinar&amp;source=gmail&amp;ust=1601573586021000&amp;usg=AFQjCNEkB-TJfW5GVC9sjRAwqUbzoFWHOA">Register today</a></strong> for this FREE Threatpost webinar, “<strong><a href="https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=oct_webinar" target="_blank" rel="noopener noreferrer" data-saferedirecturl="https://www.google.com/url?q=https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source%3DART%26utm_medium%3DART%26utm_campaign%3Doct_webinar&amp;source=gmail&amp;ust=1601573586021000&amp;usg=AFQjCNEkB-TJfW5GVC9sjRAwqUbzoFWHOA">Retail Security: Magecart and the Rise of e-Commerce Threats.</a></strong>” Magecart and other threat actors are riding the rising wave of online retail usage and racking up big numbers of consumer victims. Find out how websites can avoid becoming the next compromise as we go into the holiday season. Join us Wednesday, Oct. 14, 2-3 PM ET for this <strong><a href="https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=oct_webinar" target="_blank" rel="noopener noreferrer" data-saferedirecturl="https://www.google.com/url?q=https://threatpost.com/webinars/retail-security-magecart-and-the-rise-of-retail-security-threats/?utm_source%3DART%26utm_medium%3DART%26utm_campaign%3Doct_webinar&amp;source=gmail&amp;ust=1601573586021000&amp;usg=AFQjCNEkB-TJfW5GVC9sjRAwqUbzoFWHOA">LIVE </a></strong>webinar.</p> <footer class="c-article__footer"> <div class="c-article__footer__container"> <div class="c-article__footer__col"> <a href="#discussion" class="c-button c-button--secondary">Write a comment</a> </div> <div class="c-article__footer__col"> <div class="c-article__sharing"> <p><strong>Share this article:</strong></p> <nav class="c-nav-sharing"> <div class="social-likes social-likes_notext" data-title="Microsoft Exchange Servers Still Open to Actively Exploited Flaw" data-url="https://threatpost.com/microsoft-exchange-exploited-flaw/159669/" data-counters="yes" data-zeroes="yes"><div class="facebook" title="Share via Facebook"></div> <div class="twitter" title="Share via Twitter"></div><div class="linkedin" title="Share via LinkedIn"></div> <div class="reddit" title="Share via Reddit"></div> <div class="flipboard" title="Share via Flipboard"></div> </div> </nav> </div> </div> </div> <div class="c-article__footer__container"> <div class="c-article__footer__col"></div> <div class="c-article__footer__col"> <ul class="c-list-categories"> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/hacks/">Hacks</a></li> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/vulnerabilities/">Vulnerabilities</a></li> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/web-security/">Web Security</a></li> </ul> </div> </div> </footer> </div>

The U.S. Securities and Exchange Commission (SEC) is demanding the trial by jury of a Swedish national for his alleged involvement in an international fraud that raked in millions in cryptocurrency. … [+1870 chars]

Social media spreads information fast. But it spreads misinformation faster.  The election this year has been seriously compromised by deliberately misleading posts, and the majority of Americans kn… [+1307 chars]

Social media spreads information fast. But it spreads misinformation faster.  The election this year has been seriously compromised by deliberately misleading posts, and the majority of Americans kn… [+1294 chars]

Synthesis of the vulnerability  An attacker can traverse directories via Archive Utility of Cisco Data Center Network Manager, in order to read/write a file outside the service root path.Impacted pr… [+1405 chars]

An explosive report was made by Billboard earlier today (September 29) after they claim that a source is spilling the beans on Tory Lanez and his team with scathing accusations. Over the last few mon… [+2458 chars]

<div class="body gsd-paywall article-body"><p>September is designated as National Insider Threat Awareness Month, a month-long holiday intended to educate on the importance of detecting, deterring and reporting insider threats.</p> <p>Unfortunately, to close out the month, Shopify publicly disclosed that it was the latest victim of a data breach. Unlike the recent Twitter breach, where hackers gained admin-level privileged access through a spear phishing attack, this particular instance was the result of the direct actions of two malicious internal employees.</p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>It’s believed that none of the stolen data was actually leveraged, and yet having to witness a reputable brand such as Shopify and its associated merchants suffer the fallout remains difficult. Events like this are just another reminder of why zero trust must become the new enterprise security standard and why CISO’s must move quickly to implement the practice.</p> <p><strong>About the Breach </strong></p> <p>According to the Shopify statement, “complete payment card numbers or other sensitive personal or financial information were not part of this incident.” The data stolen includes basic contact information such as emails, names, and addresses, as well as order details, such as  products and services purchased. While this has a marketable value on the dark web, at least it isn’t banking data, which runs a higher security risk if leveraged maliciously.</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> <p>Another silver lining is that this breach didn’t result from a technical vulnerability in the Shopify platform. Since this isn’t a platform-wide issue, the scope — and in turn, the damage— remains narrow.</p> <p>That being said, it’s not entirely a relief that what was stolen was “only” the information mentioned above, because that information is saleable. And, at a bare minimum, it’s useful for companies to leverage for unsolicited target marketing.</p> <p>And, even though Shopify stated the information didn’t contain, “complete payment card information,” there may have been enough information exposed for a savvy criminal to leverage as the basis for a phishing or vishing campaign. People are a lot more likely to believe they are talking to a credit card company representative if that person can correctly provide them the last four digits of their card and the expiration date.</p> <div id="div-gpt-ad-sidebar-mrect-mobile" class="advertisement"></div> <p><strong>How Zero Trust Could Have Helped</strong></p> <p>Zero trust architecture might have helped in this case depending on the roles of the individuals in question and how they went about acquiring the data. For example, since they were customer service representatives, had they slowly harvested this data from a support system with a “need” to service a customer, zero trust would not have caught them. However, if instead they had manually iterated through customer records, this would be anomalous behavior and would have been flagged in a good zero trust environment, stopping the threat in its tracks.</p> <p>The lesson learned here? Insider threats are on the rise, but can be mitigated with the right solutions. Organizations need to take these threats seriously and consider security investments in solutions that help them better understand who has access to what within their organization and who is doing what with this access. And, most importantly, by taking this a step further in creating a zero trust environment, identity verification will help to prevent malicious actors from poking around where they shouldn’t be.</p></div>

<div class="body gsd-paywall article-body"><p>EMA will open <a href="https://www.fema.gov/press-release/20200929/fema-opens-660-million-grant-application-process">applications</a> on Wednesday, September 30, 2020 for two hazard mitigation grant programs totaling $660 million.</p> <p>The two grant programs, the Flood Mitigation Assistance grant and the Building Resilient Infrastructure and Communities grant, or BRIC, will provide funds to states, local communities, tribes and territories for eligible mitigation activities. These programs allow for funding to be used on projects that will reduce future disaster losses and strengthen our nation’s ability to build a culture of preparedness.</p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>This will be the first time FEMA has offered the BRIC grant, which was made possible by the <a href="https://www.fema.gov/disasters/disaster-recovery-reform-act-2018">Disaster Recovery Reform Act of 2018</a>, allowing for a stable funding source to fund mitigation projects annually.</p> <p>“BRIC represents significant work and support from Congress, our partners across the country and our staff to form, and now finally implement, this grant,” said FEMA Administrator Pete Gaynor. “We know that mitigation measures save lives and prevent disaster damages, but now we are taking an active step in ensuring we build our nation’s infrastructure to withstand the hazards we face.”</p> <p>The new BRIC grant is for pre-disaster mitigation activities and replaces FEMA’s existing Pre-Disaster Mitigation program. BRIC will offer $500 million in grants to help support states, tribes, territories and communities throughout the nation as they design and begin new infrastructure projects – projects that will reduce future disaster recovery costs and help save lives. The program will also provide incentives to local governments to adopt and enforce modern building codes.</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> <p>FEMA is also opening the application period for the Flood Mitigation Assistance grants. There is $160 million available in flood mitigation grants, with $70 million of that amount set aside for <a href="https://www.fema.gov/sites/default/files/2020-08/fema_fma_fy-2020_nofo_fact-sheet.pdf">community flood mitigation projects</a>.</p> <p>These grants are used for projects that reduce or eliminate the risk of repetitive flood damage to buildings that are insured by the National Flood Insurance Program. Projects are selected based on the cost-effectiveness and eligibility of the proposal. FEMA has provided more than $1.3 billion on more than 2,900 flood mitigation projects since these grants began in 1996.</p> <p>Both grant applications will be open from Sept. 30 – Jan. 21, 2021. Eligible applicants must apply for funding using the new <a href="https://go.fema.gov/">FEMA Grants Outcome (FEMA GO)</a>. Applications received by FEMA after this deadline will not be considered for funding.</p> <div id="div-gpt-ad-sidebar-mrect-mobile" class="advertisement"></div> </div>

<div class="body gsd-paywall article-body"><p>As of Sep. 29, 2020, employees in Pima County, Arizona who travel to any high-risk COVID-19 area, whether state-to-state or international, will not be permitted to return to work for 14 consecutive days after returning home, and will be required to quarantine.</p> <p>In a memorandum signed by Pima County Administrator Chuck Huckelberry, he <a href="https://www.scribd.com/document/478077812/Pima-County-Travel-Memorandum#from_embed" target="_blank">stated</a>, "If an employee travels to any high risk destination they will be required to quarantine for 14 days upon their return and are required to use vacation time. Where the employee does not have sufficient vacation time to cover the 14-day quarantine period, the time will be unpaid."</p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>If there are extenuating circumstances that lead to the employee’s need to travel to a high risk area, the employee may be allowed to telecommute during the 14-day period with approval from the county- if possible. The memo said that determinations on whether travel is considered high risk can be reviewed online.</p> <p>The Center for Disease Control and Prevention has previously issued advice that “COVID-19 risk in most countries is high and travelers should avoid non-essential travel to high-risk destinations." Based on its proximity to Arizona, this includes travel to Mexico.</p> <p> </p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> </div>

<div class="body gsd-paywall article-body"><p>The 2020 State of Security Operations study from Forrester Consulting finds that enterprise security teams around the world continue to struggle with the growing pace, volume and sophistication of cyberattacks. The commissioned survey of over 300 enterprise security operations professionals reveals that only 46% of enterprises are satisfied with their ability to detect cybersecurity threats. Since the COVID-19 crisis began, the <a href="https://blog.paloaltonetworks.com/2020/07/unit-42-cybercrime-gold-rush/">rate of attacks has soared</a>. One <a href="https://thehill.com/policy/cybersecurity/493198-fbi-sees-spike-in-cyber-crime-reports-during-coronavirus-pandemic">FBI spokesperson was quoted as saying</a> that cybersecurity complaints to the Bureau’s Internet Crime Complaint Center have spiked by 200-300% since the pandemic began. </p> <h2>Every Business Is Vulnerable to a Cyberattack  </h2> <p>Despite all their resources, a number of industry-leading global companies have fallen victim to high-profile cyberattacks in 2020. According to the Forrester survey, 79% of enterprises have experienced a cyber breach in the past year, and nearly 50% in the past six months. This is despite the fact that most organizations have an internal security operations center (SOC) or some form of 24×7 coverage. </p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>Mike Weber, Vice President at <a href="https://www.coalfire.com/">Coalfire</a>, a Westminster, Colorado-based provider of cybersecurity advisory services, says, “In review of the Forrester report, the number of companies that had a data breach within the last year is staggering. However, the impact of a data breach can range from inconsequential to catastrophic. I would surmise that the vast majority of these are somewhere in between, and that these were mostly not life-changing events for these organizations. This shouldn’t reduce the gravity of the report, though. Coalfire put out a report this year that examined the data from penetration tests undertaken over the period of a year, and looking at these numbers next to our findings, it really doesn’t surprise me. Our data demonstrated that over 50% of all organizations could be breached, given an insider threat, and about 20% of organizations could be breached from the internet – and our numbers don’t even address “user error”.</p> <p>"Companies everywhere, regardless of size or industry see similar problems with detection and response capabilities, whether that’s a lack of integration of technologies, or having too many technologies to optimize, or simply having manual processes waste resources chasing alerts that result in false positives, says Weber. "Security is a continuous arms race, and there needs to be a formative change in the technologies that enable rapid and accurate responses to attackers supported with high-quality and actionable information. Perhaps the future will bring AI-powered solutions that can anticipate malicious behavior before it happens? One can hold out hope for tomorrow, but as the saying goes, hope is not a strategy.”</p> <p>Cyberattackers are relentless and getting more sophisticated by the day. Businesses are under constant attack, with the average security operations team receiving over 11,000 security alerts daily. Hamstrung by siloed applications and manual processes, the report finds that a majority of organizations are unable to address most or all of the security alerts they receive in a single day. Alarmingly, 28% of alerts are simply never addressed, the report found.   </p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> <p>The net result is that security analysts are drowning in alerts, which is having a profound impact on their health, wellness and overall job satisfaction. This reactive approach to cybersecurity also has decision makers frustrated and dissatisfied. With Forrester Research estimating the cost of an average data breach at as much as <a href="https://www.forrester.com/report/Estimate+Breach+Impact+And+Costs+To+Drive+Investments/-/E-RES121315#">$7 million per incident</a>, a more proactive approach is needed to quickly prevent, identify and address cyber threats. </p> <p> </p> <h2>Security Teams Face Significant Resource and Technology Challenges</h2> <p>Security analysts are understandably frustrated that they are spending so much time chasing false leads and performing manual processes. They are working longer hours, taking on more responsibility and increasingly under more pressure to protect the business. Despite their efforts, security operations teams are unable to hit <a href="https://blog.paloaltonetworks.com/2020/01/cortex-soc-metrics/">key metrics</a> like mean time to investigate, number of incidents handled, mean time to respond, threat score and number of alerts. Less than 50% of teams report that they meet these metrics most of the time. Based on the survey, Forrester Consulting found two key reasons for this disconnect:</p> <div id="div-gpt-ad-sidebar-mrect-mobile" class="advertisement"></div> <p><strong>Resource gaps: </strong>IT decision makers say finding and keeping experienced security operations staff and enough analysts to support the workload is a major challenge. </p> <p><strong>Technology gaps:</strong> SecOps teams use an average of over 10 different categories of security tools, including firewalls, email security, endpoint security, threat intelligence, vulnerability management and more. But these tools are typically siloed, and implementation tends to be poor.</p> <p>This wide range of tools that enterprises invest in to combat security threats creates a number of problems, including:</p> <ul> <li>Difficulty hiring, training and retaining employees who are adept at using the full security technology stack.</li> <li>Too many low-priority alerts that obscure visibility into the real threats and leave security analysts with little time for threat hunting and process improvement.</li> <li>Siloed workflows that add complexity and time to security processes.</li> </ul> <p>Mark Kedgley, CTO at <a href="https://www.newnettechnologies.com/">New Net Technologies (NNT)</a>, a Naples, Florida-based provider of IT security and compliance software, notes, “One of the big issues cited in this latest report is Security Alert fatigue. It’s a headache that too many cybersecurity vendors are actually guilty of helping to create. It comes about as a side-effect of the features-race, especially in the SIEM market, and trying to automate the identification of security breach activity. Unfortunately, far too many of these Threat Signature technologies just aren’t smart enough to deliver valuable intelligence leading to false positives that serve to mask genuine security incidents. Increasingly, security professionals are looking to simplify their security strategy, seeking to master fundamental security controls instead of being distracted by the latest silver bullet product. As a case in point, using intelligent change control as a more reliable breach detection technology not only cuts out the unwanted change noise from business as usual activities, but provides more meaningful context to changes than simple log data is able to.”</p> <h2>The Modern SOC Requires Automation and Visibility</h2> <p>According to the report findings, only 13% of the surveyed organizations are leveraging the value of <a href="https://blog.paloaltonetworks.com/2020/02/cortex-xsoar/">automation</a> and <a href="https://blog.paloaltonetworks.com/2020/03/cortex-ai/">machine learning</a> to triage, analyze and respond to threats. On the flip side, sophisticated cyberattackers are rapidly developing new ways to use these same tools to scale the scope and impact of their operations. </p> <p>Cody Beers, Technical Training Manager at <a href="https://www.whitehatsec.com/">WhiteHat Security</a>, a San Jose, Calif.-based provider of application security, says, “SecOps teams have been inundated since COVID began, as attacks have increased drastically during this pandemic. On top of that, the plethora of tools that an organization chooses to use can create a time barrier, preventing SOCs from mitigating or preventing attacks at a faster clip. Using AI automation and Machine Learning can be extremely useful for detecting true threats, and there are also products available today that deliver human-verified results directly to the client. These types of tools can be integral to ensuring an expedited response to cyber-attacks, as well as reducing the time-to-fix windows for discovered vulnerabilities.”</p> <p>Forrester Consulting says there are opportunities and solutions businesses can take advantage of to increase control and visibility across the infrastructure. For example, an extended detection and response (XDR) solution can help with analyst fatigue, tool inefficiency and overall security outcomes by:</p> <ul> <li>Improving visibility with unifying technology that seamlessly integrates telemetry from multiple sources.</li> <li>Leveraging security analytics capabilities such as machine learning to surface stealthy attack techniques</li> <li>Automating root cause analysis.</li> </ul> <p>To learn more, download the full Forrester Consulting report: <a href="https://start.paloaltonetworks.com/forrester-2020-state-of-secops.html">The 2020 State of Security Operations</a>.</p></div>

<div class="body gsd-paywall article-body"><p>A new <a href="https://www2.dtexsystems.com/2020-Insider-Threat-Report-Media" target="_blank">report</a> from DTEX Systems shows this year’s shift to a largely remote workforce by the Global 5000 has significantly changed behaviors of trusted insiders. Key findings include a 450% increase in employees circumventing security controls to intentionally mask online activities and 230% increase in behaviors that indicate intent to steal data.</p> <p>The DTEX Counter-Insider Threat Research Team interviewed hundreds of customers and Global 5000 organizations representing a diverse sample set of businesses that varied by size, industry and geography. </p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>“Our findings indicate that in 2020, the equilibrium of employee security and trust has been broadly disrupted and is currently in chaos,” said Mohan Koo, Co-Founder and Chief Technical Officer at DTEX Systems. “Trusted insiders once thought to be reliable and responsible are changing their behaviors and increasing the risk of data loss, external attack and regulatory compliance violations for their employers.”</p> <p>Key Report Findings:</p> <ul> <li>56% of companies reported remote workers actively bypassed security controls to intentionally obfuscate online activity. This is more than 4.5 times higher than 2019 which represents a 450% increase in the first eight months of 2020.</li> <li>More than 70% of the escalated incidents visible to the security and HR teams included at least one attempt to circumvent a second security control to exfiltrate data without detection.</li> <li>Companies reported remote workers most commonly attempted to intentionally bypass the corporate VPN to mask their online activities.</li> <li>72% of companies surveyed saw data theft attempts by a departing employee wanting to take protected IP with them or a new employee looking to inject IP from a previous employer. This represents an increase of 2.3 times, or 230%, over similar behaviors seen in 2019</li> <li>Over 40% of incidents proactively detected flight risk behavior as well as abnormal reconnaissance or data aggregation activities. </li> </ul> <p>The growth in premeditated data theft attempts and intentional activity masking behaviors by employees strongly suggests that companies are facing a heightened risk of data loss as virtual employment models become the norm, furloughs are extended and reduction-in-force actions continue.</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> <p> </p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> </div>

<div class="body gsd-paywall article-body"><p>Santa Cruz Beach Boardwalk, an iconic amusement park in California, recently upgraded its security infrastructure by unifying video and access control park-wide, to allow the park's security team to speed up investigations and emergency response. Touted as the "Coney Island of the West", the seaside park features about 40 rides, 30 restaurants, 15 retail shops, arcades, miniature golf, bowling, and conference and banquet facilities.</p> <p>As an admission-free park, guests can enter through multiple entrances to buy food, purchase ride tickets, or simply walk around and enjoy the surroundings. Unlike gated parks which typically have a main security checkpoint, the park’s security team must be hyper-vigilant to spot potential security threats before they can develop. Security operators constantly monitor video cameras and work directly with field officers to handle issues.</p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>While video surveillance technology helped security teams watch over the large park, aging equipment began compromising their efficiency. As the search for a new video management system began, the team prioritized openness, reliability, and a vendor’s reputation in the market. Moreover, their aging access control system would soon need replacing too.</p> <p>The Santa Cruz Beach Boardwalk team implemented a Genetec Security Center platform to unify video surveillance, access control, and other systems and sensors. </p> <p>With their new system in place, the team at Santa Cruz Beach Boardwalk manages more than 400 cameras and 220 doors across the entire amusement park. From one single interface, operators can monitor cameras and doors, respond to alarms, handle investigations, and export and share video evidence.</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> <p>If motion is detected near a perimeter after opening hours, the platform will trigger an alarm and display live video and a 10-second replay of the event on a dispatcher’s monitor. The team has also expedited investigations by sharing system access with other departments. This includes food service, loss prevention and ticket sales who can handle their own preliminary investigations, if needed.</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> </div>

<div class="body gsd-paywall article-body"><p>The Physical Security industry is at an inflection point. Digital transformation and Security Convergence have accelerated, hastened by the persistent pandemic. Physical Security, HR and IT departments have been forced to work together quickly in designing back-to-work strategies, realizing that separate silos of operations just won’t cut it any longer.</p> <p><strong>The Human Side of Security</strong></p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>The collaboration of HR and Physical Security teams is leading the way for enterprise response and recovery in a COVID-19 world. Even more importantly—the silver lining—it’s building a stronger sense of trust and support and a positive experience among employees. (Learn more about COVID-19 back-to-work strategies <a href="https://alertenterprise.com/newsroom/news/the-role-of-physical-identity-access-management-during-a-pandemic/">here</a>.)</p> <p><strong>The Days of Working in Silos are Over</strong></p> <p>When HR and Physical Security work together, the results are amazing. There’s a newfound focus on health, Safety and well-being—a human side that balances people, time and space—with Identity at the center of it all. Workers feel engaged and in partnership with their employer and thanks to Security Convergence, all the right mechanisms are in place to make it happen.  (Learn more about the advantages of Security Convergence <a href="https://alertenterprise.com/wp-cyber-physical-security-convergence/">here</a>.)</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> <p><strong>Securing Digital Transformation</strong></p> <p>Collaboration between departments, especially HR, has always been a goal but rarely achieved. The move to the cloud and common operating platforms as part of the digital transformation has made it far easier to integrate Security, HR and facilities technologies. (Read more about the digital transformation <a href="https://alertenterprise.com/wp-security-as-the-new-business-enabler/">here</a>).</p> <p><strong>Shift Happens</strong></p> <div id="div-gpt-ad-sidebar-mrect-mobile" class="advertisement"></div> <p>HR is at the center of this much-needed seismic shift. They need to keep people safe, manage exposure incidents and maintain business operations by having the right people at the right place at the right time. Security is refocused on Safety and protecting people from doing things that could inadvertently harm themselves and others — again lending to a positive employee experience. Real-time integration with HR software and Physical Security ties it all together seamlessly, proactively enforcing company policy and compliance while dramatically enhancing workforce productivity and experience. (Learn more about integration with SAP SuccessFactors HCM <a href="https://alertenterprise.com/sap-successfactors-integration/">here</a>.)</p> <p>Managing people and the workspace through Identity has become critical, especially during COVID-19. Now, enterprises can focus uniquely on the individual’s Identity and characteristics, skills and requirements and tie it all together in a single, automated process. We know who is where and when and can automatically and digitally remind workers of policies while proactively enforcing safe behavior. We can correlate and provide data essential to daily activities and reentering the workplace, choregraphing the use of a space in this new normal with sophistication and ease.</p> <p><strong>Leveraging Current Technology Investments</strong></p> <p>The majority, if not all users already have an HR software system in place. What they may not know is that they can integrate it with their Security and Physical Identity platforms — leveraging their current investment. HR systems readily integrate with Visitor Management and Physical Access Control Systems (PACS) and can extend this connection to improve Security and the hire-to-retire journey. Users can migrate simply thanks to Identity Management processes that bridge gaps to incorporate their on-premises access systems. With this approach the results are a converged solution across the enterprise that effectively interfaces HR, IT, Operational Technology (OT) and Physical Security. (Learn more about PACS consolidation <a href="https://alertenterprise.com/ss-pacs-consolidation/">here</a>.)</p> <p><strong>Next Steps</strong></p> <p>It’s no longer a matter of if an organization should digitally transform — it’s come down to how fast they can do it. Fact is, companies who made the move to digitally integrated processes prior to COVID-19 and were already heading down the path of convergence have actually fared better than those who weren’t and are now struggling to get their workforce back safely.</p> <p>HR and Security collaboration is essential from a business and technology perspective. With it comes a new focus on the individual and their Safety at the workplace — creating the human side that perhaps was missing for some organizations.</p> </div>