Technology

-- Gold Backing is Secured by United States Domiciled Company -- NEW YORK, April 13, 2021 /PRNewswire/ -- Dignity Gold, LLC , ("Dignity Gold") is pleased to announce that it has secured a pledge of… [+4046 chars]

NEW YORK, April 13, 2021 /PRNewswire/ -- Dignity Gold, LLC , ("Dignity Gold") is pleased to announce that it has secured a pledge of gold for the gold based digital token of its wholly owned subsidi… [+3882 chars]

Besides anti-state activities, Madani watched and kept pornographic videos on his mobile phone, said Mohammad Iltutmish, a deputy commissioner of Gazipur Metropolitan Police. Iltutmish also said on … [+1099 chars]

<div class="c-article__content js-reading-content"> <p>Adobe has released security patches tackling four critical vulnerabilities in Adobe Bridge, along with other critical and important-rated updates for bugs in Adobe Digital Editions, Adobe Photoshop and RoboHelp.</p> <p>In all, Adobe fixed 10 security holes in its products during its scheduled April updates, seven of them listed as critical.</p> <p><a href="https://threatpost.com/newsletter-sign/"><img loading="lazy" class="aligncenter wp-image-141989 size-full" src="https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg" alt="" width="700" height="50"></a></p> <p>None of the CVEs addressed by Adobe are listed as publicly known or under active attack at the time of release.</p> <p>“This month, Adobe had four updates for Photoshop, Digital Editions, Bridge, and Robohelp and all rated as Priority 3,” Chris Goettl, senior director of product management and security at Ivanti, told Threatpost. “The reasoning behind Adobe’s prioritization is because this update resolves vulnerabilities in a product that has historically not been a target for attackers. Adobe recommends administrators install the update at their discretion.”</p> <p>Goettl noted that this is an aspect of vendor severity ratings that many don’t take into account – if applications are less likely to be targeted by threat actors, Adobe sets the severity of the vulnerability lower, regardless of how severe of a bug it may be. Thus, patching priority should be determined on an organization-by-organization basis.</p> <p>“While historical evidence reflects Adobe’s assessment accurately, it does not remove all risk,” he noted. “Photoshop has had as many as nine exploited CVEs over the years, the most recent being the CVEs in 2015. Of these four updates, Photoshop is the riskiest.”</p> <h2>Adobe Bridge Security Vulnerabilities</h2> <p>Adobe Bridge is a creative-asset manager that helps users preview, organize, edit and publish multiple creative assets in a streamlined way. It contains the four critical bugs as well as two “important” <a href="https://helpx.adobe.com/security/products/bridge/apsb21-23.html" target="_blank" rel="noopener">vulnerabilities</a>:</p> <ul> <li>CVE-2021-21093 and CVE-2021-21092 are critical memory-corruption issues leading to arbitrary code execution;</li> <li>CVE-2021-21094 and CVE-2021-21095 are critical out-of-bounds write bugs also leading to arbitrary code execution;</li> <li>CVE-2021-21091 is an important out-of-bounds read issue that could lead to information disclosure;</li> <li>And CVE-2021-21096 stems from improper authorization and allows privilege escalation.</li> </ul> <p>“Arbitrary code execution, or ACE, vulnerabilities provide an adversary a platform to quickly execute additional code or applications on a target system, opening the door to lateral movement or quick exfiltration of system data,” Jay Goodman, manager of product marketing at Automox, said via email.</p> <div id="attachment_165368" style="width: 880px" class="wp-caption aligncenter"><img aria-describedby="caption-attachment-165368" loading="lazy" class="size-full wp-image-165368" src="https://media.threatpost.com/wp-content/uploads/sites/103/2021/04/13121050/Bridge-April.png" alt="" width="870" height="203"><p id="caption-attachment-165368" class="wp-caption-text">The fully patched versions. Source: Adobe</p></div> <h2><strong>Other Adobe Patches for April </strong></h2> <p>Adobe also addressed two <a href="https://helpx.adobe.com/security/products/photoshop/apsb21-28.html" target="_blank" rel="noopener">critical vulnerabilities</a> in Photoshop, its popular photo-editing software (CVE-2021-28548 and CVE-2021-28549). Both are buffer-overflow bugs that allow arbitrary code execution.</p> <div id="attachment_165367" style="width: 1034px" class="wp-caption aligncenter"><img aria-describedby="caption-attachment-165367" loading="lazy" class="wp-image-165367 size-large" src="https://media.threatpost.com/wp-content/uploads/sites/103/2021/04/13120907/Photoshop-April-1024x173.png" alt="" width="1024" height="173"><p id="caption-attachment-165367" class="wp-caption-text">The fully patched versions. Source: Adobe</p></div> <p>The company also patched a final <a href="https://helpx.adobe.com/security/products/Digital-Editions/apsb21-26.html" target="_blank" rel="noopener">critical vulnerability</a> in Adobe Digital Editions, CVE-2021-21100, which is a privilege-escalation problem allowing an arbitrary file-system write. Digital Editions is Adobe’s e-Book reader software used for acquiring, managing and reading e-books, digital newspapers and other digital publications.</p> <p>“This vulnerability allows an attacker to force the target application to overwrite any file on a system as a privileged user,” Goodman said. “This can allow an attacker to take a system offline by overwriting critical system files.”</p> <div id="attachment_165369" style="width: 891px" class="wp-caption aligncenter"><img aria-describedby="caption-attachment-165369" loading="lazy" class="size-full wp-image-165369" src="https://media.threatpost.com/wp-content/uploads/sites/103/2021/04/13121549/DigitalEditions-April.png" alt="" width="881" height="145"><p id="caption-attachment-165369" class="wp-caption-text">The fully patched version. Source: Adobe</p></div> <p>And finally, Adobe patched one important-rated vulnerability in RoboHelp, which is a platform for authoring technical articles and how-tos. The bug, tracked as CVE-2021-21070, is an uncontrolled search path element that could allow privilege escalation.</p> <div id="attachment_165370" style="width: 814px" class="wp-caption aligncenter"><img aria-describedby="caption-attachment-165370" loading="lazy" class="size-full wp-image-165370" src="https://media.threatpost.com/wp-content/uploads/sites/103/2021/04/13121957/RoboHelp-April.png" alt="" width="804" height="169"><p id="caption-attachment-165370" class="wp-caption-text">The fully patched version. Source: Adobe</p></div> <p>Users can enable auto-updates for the bugs by going to Help &gt; Check for Updates.</p> <p>“These vulnerabilities should be patched within the 72-hour window to ensure attackers do not have the time to weaponize them against your organization,” Goodman noted.</p> <p><strong><em>Ever wonder what goes on in underground cybercrime forums? Find out on April 21 at 2 p.m. ET during a </em></strong><strong><em><a href="https://threatpost.com/webinars/underground-markets-a-tour-of-the-dark-economy/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=April_webinar" target="_blank" rel="noopener">FREE Threatpost event</a></em></strong><strong><em>, “Underground Markets: A Tour of the Dark Economy.” Experts will take you on a guided tour of the Dark Web, including what’s for sale, how much it costs, how hackers work together and the latest tools available for hackers. </em></strong><strong><em><a href="https://threatpost.com/webinars/underground-markets-a-tour-of-the-dark-economy/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=April_webinar" target="_blank" rel="noopener">Register here</a></em></strong><strong><em> for the Wed., April 21 LIVE event. </em></strong></p> <p> </p> <footer class="c-article__footer"> <div class="c-article__footer__container"> <div class="c-article__footer__col"> <a href="#discussion" class="c-button c-button--secondary">Write a comment</a> </div> <div class="c-article__footer__col"> <div class="c-article__sharing"> <p><strong>Share this article:</strong></p> <nav class="c-nav-sharing"> <div class="social-likes social-likes_notext" data-title="Adobe Patches Slew of Critical Security Bugs in Bridge, Photoshop" data-url="https://threatpost.com/adobe-patches-critical-security-holes-bridge-photoshop/165371/" data-counters="yes" data-zeroes="yes"><div class="facebook" title="Share via Facebook"></div> <div class="twitter" title="Share via Twitter"></div><div class="linkedin" title="Share via LinkedIn"></div> <div class="reddit" title="Share via Reddit"></div> <div class="flipboard" title="Share via Flipboard"></div> </div> </nav> </div> </div> </div> <div class="c-article__footer__container"> <div class="c-article__footer__col"></div> <div class="c-article__footer__col"> <ul class="c-list-categories"> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/vulnerabilities/">Vulnerabilities</a></li> </ul> </div> </div> </footer> </div>

ITWeb's Security Summit 2021, now in its 16th year,  will be taking place as a virtual event from 1 to 3 June this year. The the annual gathering of SA's cyber security decision makers will once aga… [+2271 chars]

Q1/21 a symposium was hosted in the US under the title Thinking Outside the SCIF (Sensitive Compartmented Information Facility) to put forward the case for the utilisation of OSINT (Open Source) with… [+9666 chars]

While some apps only get opened once in a while (*ahem* Strava *ahem*), others become part of your daily routine. To help make your days better, here are ten of the best everyday apps currently avail… [+4466 chars]

<div class="body gsd-paywall article-body"><p>Keeping unauthorized intruders from entering a business location is a critical part of protecting corporate assets. Perimeters are the first line of defense but do not conform to a ‘one-size-fits-all’ safeguarding solution. Selection criteria for the most suitable Perimeter Intrusion Detection System (PIDS) must take into consideration perimeter length, topography, environmental conditions, and future site expansion plans.</p><p>In many cases, fencing or walls are adequate deterrents. Other times, more sophisticated intrusion detection systems, such as security cameras, thermal energy detectors, sensors, and other tracking and recording devices are required. In these scenarios, the data recorded by these field devices need to be transmitted in real-time over a network to a communication control room.</p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>For data transmission, some perimeter installations may choose to utilize fiber for its higher bandwidth and greater cable run distances.  However, the security camera and other devices used in the PIDS may only have copper network connectivity ports. In these cases, a Copper to Fiber Media Converter will be needed. These devices convert electrical signals used in copper UTP cabling into light waves used in Multimode or Single Mode fiber optic cabling. This enables perimeter detection devices with copper ports to transmit data up to 160km [99 mi].</p><p>Other perimeter installations will utilize copper cabling that is already installed and cheaper to maintain. However, enabling long-distance Ethernet data transmission over copper cabling is a common problem because the perimeter length may be longer than 325ft, which is the general maximum cable length for copper Ethernet cables. In these scenarios, Ethernet Extenders can be used to forward the data traffic. The benefit of using an Ethernet Extender is that you can use single twisted pair (CAT5/6/7/8), coax, or any existing copper wiring previously used in alarm circuits, E1/T1 circuits, RS-232, RS-422, RS-485, CCTV, or CATV applications.</p><p>When choosing the appropriate Fiber to Copper Converter or Ethernet Extender for a PIDS installation, there are a few other things to consider. To reliably know if a perimeter is being breached, don’t choose a product where the end-to-end connection on the network will always appear as if it is up and running, even though the connection may be broken or disconnected. It is critical to ensure the Ethernet Extenders and Fiber Converters have an on-board microcontroller to deal with error detection and recovery by continuously monitoring the status of the links and sending actionable notifications if there is a problem.</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> <p>Because perimeter security is generally an outdoor application, it is important to choose products with temperature rated components that are fully heat chamber tested. There are a lot of products on the market claiming to operate at -40°F to 167°F (-40°C to 75°C) but, they use “commercial-grade” components that have not been qualified to operate at the claimed temperature ranges. When “commercial-grade” parts are exposed to extremely high or low temperatures, product failures are inevitable. For example, integrated circuits on the PCB overheat causing premature failure of the product. Under-rated connectors do not allow for proper contact between the device and the cables. These failures eventually stop all data communications in these high and low-temperature environments.</p><p>And, in environments where network security is critical, choose an Ethernet Extender or Fiber Converter that supports your exiting security protocols and authorization schemes. Deploying devices that support TACACS+, RADIUS, LDAP, Kerberos, NIS, or RSA will ensure an audit trail is possible. And, to further protect IDs and passwords from someone ‘snooping’ on the network, you should also verify that secure management sessions are supported using SSH/SSL/TLS, SNMPv3, Telnet, and HTTPS. These features are used when managing corporate firewalls, switches, and routers. Therefore, it should be expected that they are available in the devices that connect your PIDS system to your corporate network.</p><p><strong>This article originally ran in <em>Security</em>, a twice-monthly security-focused eNewsletter for security end users, brought to you by <em>Security</em> Magazine.</strong> <u><a href="https://bnp.dragonforms.com/init.do?pk=W.HOME&amp;omedasite=BNP6090_Vtnew">Subscribe here</a></u>.</p> <div id="div-gpt-ad-sidebar-mrect-mobile" class="advertisement"></div> </div>

<div class="body gsd-paywall article-body"><p>The New England College of Optometry (NECO) is a nationally recognized, top-tier optometry school located in Boston. Beyond its excellence in academic and clinical programs, the college provides support and mentoring to help students make a difference in their communities and the eye care profession.</p><p>NECO’s teaching approach for future eye doctors relies heavily on students having live experiences, in-person classes and interactive learning. Once the COVID-19 pandemic became a reality and the Governor of Massachusetts ordered the state into a lockdown on March 17, 2020, NECO closed its facilities and quickly pivoted to a remote learning model. Meanwhile, the school formed its COVID-19 Task Force and COVID Exposure Committees and began exploring ideas to enable in-person learning at the school in a safe, effective and well-planned manner, giving students a full academic experience and continuing toward graduation on-time while being fully prepared to practice optometry as their future profession.</p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>The school took a “swiss-cheese” perspective to its pandemic response, according to Dr. Amy Moy, Chief Compliance Officer and Director of Health Center Network at NECO. As chief compliance officer, Dr. Moy is always putting safety as a top priority at NECO; while she usually directs compliance and health center eyecare in the clinical branch of NECO, her knowledge of infection control enabled her to take on the additional role of helping to enable in-person learning during the pandemic. Response protocols have included surgical-grade masks, hand-hygiene protocols, social distancing, foot traffic and space limitation management, screening questions for entrance, weekly COVID surveillance testing and contact-tracing cards.</p><p>“With significant planning, new tools and teamwork, we were able to welcome back clinicians to our eye care center and our students to a hybrid learning model in which they came to in-person laboratory courses and clinical rotations,” says Dr. Moy.</p><p>One of those solutions that NECO deployed in late August 2020 for the start of the fall semester and helped enable students and clinicians back for in-person learning was a wearable contact-tracing device for COVID-19 called Contact Harald. The Contact Harald system consists of standalone Bluetooth badges that are worn by every student, staff and visitor while on the campus, providing NECO with elements of visual compliance, traceability, and accountability to avoid a campus-wide shutdown should an outbreak arise.</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> <p>NECO staff communicated with employees and students about the new technology and what to expect. “Each employee and student scheduled to be in person at the NECO campus was assigned their own card to be worn with their ID badge. Everyone was informed that their location was not being tracked and only proximity to other individuals with cards,” Dr. Moy explains. “Thus, if a positive COVID case arose, the card data would be uploaded to the system so that we can perform accurate contact tracing.”</p><p>The Bluetooth badges only track proximity between individuals without identifying location information. “Using Contact Harald’s services has been one of the vital tools that NECO has used to remain open during the COVID pandemic,” shares Dr. Moy. “We can more accurately and rapidly conduct contact tracing and respond with safety measures in minutes, not hours. The combination of putting necessary safety measures in place, like social distancing and mask wearing, with effective contact tracing, has been paramount to our ability to serve our students during this unprecedented time.”</p><p>In conjunction with the Bluetooth cards that students and staff wear, a mobile application that staff uses on iPads, register users and upload the data of a card holder who test positive. A cloud-based database only accessible by specific NECO staff, is used to contact trace individuals who have been in proximity during an infectious time period with someone who tests positive, allowing staff to pinpoint who should quarantine after exposure without guesswork.</p> <div id="div-gpt-ad-sidebar-mrect-mobile" class="advertisement"></div> <p>Dr. Moy is proud to say that NECO has had no positive cases arising from in-person activities on campus, and the cards have performed well the few times they have needed to use them. The affected person remotely uploads their card data to a secure URL, where the data can be viewed and sorted on the school’s dashboard in order to pinpoint which close contacts had been within 6 feet for 15 minutes or more on certain days within the window of infection.</p><p>The Exposure Committee, which Dr. Moy chairs, manages each situation and sends out emails with guidance for next steps for travel, exposures, symptoms, etc.</p><p>“We are able to take action immediately and more accurately, no longer reliant on a sign-in sheet or an individual’s recollection of their close contacts,” Dr. Moy says.</p><p>The school has been so satisfied with adding a contact-tracing tool to its pandemic-response arsenal that it has already renewed the solution after its initial six-month battery life, and Dr. Moy says she expects that at the very least, small pockets of infection to trace may be around as a “new normal” for quite a while. But with the proper tools, there is a lot of hope and anticipation for the coming year. </p><p><strong>This article originally ran in <em>Security</em>, a twice-monthly security-focused eNewsletter for security end users, brought to you by <em>Security</em> Magazine.</strong> <u><a href="https://bnp.dragonforms.com/init.do?pk=W.HOME&amp;omedasite=BNP6090_Vtnew">Subscribe here</a></u>.</p></div>

<div class="body gsd-paywall article-body"><p>Building owners, property and facility managers, and architects are now entering year two of the coronavirus pandemic and the lingering realities of health and safety protocols intended to reduce virus transmission. For business and organizational administrators and executives, the three main focus areas have been restoring trust, health and safety, reestablishing and strengthening business continuity and crisis management strategies, and creating a plan that allows the return to full business operations. A major component of these interconnected goals and mandates is the innovative solutions provided by various security technologies. And chief among these solutions are access control systems and the devices they integrate with to secure building entrances and interior doorways.</p><p>According to the research firm <a href="https://memoori.com/physical-security-will-need-to-adapt-innovate-to-drive-growth-in-post-covid-era/">Memoori</a>, a global technology research firm, access control, which generally serves the biggest buildings and the largest companies, has experienced the strongest occupant safety mandates, symbolized by the long-term or permanent work-from-home policies of big tech firms. Consequently, this segment has felt a lot of disruption due to the COVID-19 pandemic and its various mitigation measures.</p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>The firm asserts that high-tech physical access control essentially serves the same purpose as a low-tech lock for an unoccupied building. However, the wide variety of access control systems that employ buttons, touchscreens, fingerprint and palm scanners, and some secured entrances where occupants may touch surfaces could create an infection risk. Memoori says that “the cautious response and highly anticipated consolidation in large commercial real estate will present a challenge to access control companies, unless access control becomes part of the post-COVID solution.”</p><p><strong>Measuring the Security Repercussions</strong></p><p>From the initial secured entrance to the overarching access control system, the emphasis is currently on contactless access control and door entry solutions. A myriad of technologies from NFC and smart mobile devices to facial biometrics will help play a vital role in what are now COVID-driven essentials. For example, people counting has become important to ensure social distancing, while tracking employees throughout facilities supports contact tracing, and using advanced analytics can help audit and identify people entering a building as well as efficiently restricting access inside a facility’s most sensitive areas. An integrated strategy for access control, along with tailgating mitigation options including turnstiles, revolving doors and mantrap portals enables building security to implement even more comprehensive control and prioritized security while making use of touchless credentials.</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> <p>In a <a href="https://www.willistowerswatson.com/en-US/Insights/2020/04/10-key-safety-considerations-for-employers-now-and-after-covid-19">recent blog</a>, consultant Nicholas A. Smith Jr., CPP, who is with Willis Towers Watson, a leading global advisory and solutions company, thinks that following CDC directives for maintaining six feet of distance may become embedded as a new cultural practice in post-pandemic society could present an opportunity to assist security professionals in enhancing physical security as more buildings resume occupancy. He offered that one of the regularly recurring client concerns is discrepancies in pedestrian access into secure facilities or office space. For example, some “piggy backing” or “tailgating” attempts may just be embarrassed employees that forgot their badges – but any such attempt that is not handled with an immediate, sober and no-nonsense manner can give employees the impression that an organization does not take access control seriously and may also encourage anyone seeking unauthorized access opportunities to commit acts of crime or violence onsite. He suggests those businesses currently operating in a physical environment, and for all those planning a post-pandemic stage return to a facility, communicate a clear message to employees stressing 100% access card usage and no tailgating.</p><p>In fact, the repercussions of tailgating and lax entry security, especially in corporate lobbies and commercial buildings is a challenge that 71% of participants in a recent security survey that we conducted considered a serious breach, with more than 50% of those surveyed admitting that a breach might cost their organizations $500 million in losses or more.</p><p><strong>Implementing a COVID-Safe and Secure Solution</strong></p> <div id="div-gpt-ad-sidebar-mrect-mobile" class="advertisement"></div> <p>Because business operations and the security function have collided during the COVID-19 crisis and are sure to be more intertwined moving forward, health and safety mandates are expediting the migration for almost every building’s secured entrances and interior doors to touchless solutions aiming to reduce every possible transmission path for pathogens. Facilities can also consider designating ingress only, and egress only entrances at exterior entrances to facilitate social distancing and traffic flow. Most systems integrators warn clients against opting for a quick fix by retrofitting existing swinging doors with automatic, low-energy, electric operators, designed for disabled entry, warning that this approach can make unauthorized intrusion much easier.</p><p>Instead, integrators and security consultants recommend more advanced security entrance technology such as optical turnstiles and revolving doors that have featured touchless options for decades in various commercial and institutional venues and are specifically designed to protect facilities from intrusion. In fact, even before taking the touchless experience into account, security entrances are the most proven way to address tailgating and other forms of unauthorized entry.</p><p>An integrated solution using turnstiles, revolving doors and portals makes it possible to deliver a fully touchless experience for users that truly enhances the security of most access control systems by combining biometric and other proximity technologies. By reading a device carried by an approaching individual, or recognizing their face, the security entrance can verify credentials and enable access by automatically opening turnstile doors or turning the wings of revolving doors. Thus, providing a highly secure and touchless post-pandemic environment.</p><div> <div style="margin-left:auto;"> <p><strong>This article originally ran in <em>Security</em>, a twice-monthly security-focused eNewsletter for security end users, brought to you by <em>Security</em> Magazine.</strong> <u><a href="https://bnp.dragonforms.com/init.do?pk=W.HOME&amp;omedasite=BNP6090_Vtnew">Subscribe here</a></u>.</p> </div> </div></div>

<div class="body gsd-paywall article-body"><p>Midway Car Rental, the largest privately-owned car rental company in Southern California, caters to both an exclusive and expansive clientele, including VIPs, high-end hotels, and replacement vendors like dealerships and body shops. The company currently owns and operates 15 locations and has aggressive plans for expansion, with 6 or 7 more sites planned for this calendar year.</p><p>With a portfolio that includes Ferraris, Lamborghinis, and Jaguars, Midway can have up to a million dollars of assets parked on any of its lots. Some of the company’s newest locations lack secure perimeter fencing and overall, the company needed security that would protect its vehicles, while ensuring safety of employees and clients. </p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>The problem became acute when Midway opened a new location to provide loaner and replacement vehicles for an adjacent dealership partner. Prior to Midway’s arrival, the lot had been populated by vagrants and the homeless who would sleep in and around the cars parked there. “When we took over the property, we needed to provide a safe and secure environment where we could conduct business,” Sean Perez, Midway’s General Manager, explained. “There were issues with vandalism and graffiti. Some of the displaced homeless would get aggressive. We needed a proactive solution – a way to stop these incidents from happening rather than trying to prosecute the individuals after the damage was done.”</p><p>Traditionally, Midway’s properties have been less exposed, with electronically secure gates or fences that restrict access. However, as Midway’s expansion plans include growing alignment with business partners like dealerships, many future sites will likely face similar security challenges. To address this situation, the company sought:</p><ul> <li>A scalable system that could grow incrementally with Midway’s expansion,</li> <li>Flexible technology that could be moved to new sites with minimal effort,</li> <li>A technology partner capable of servicing and supporting a long-term solution,</li> <li>The ability to outsource monitoring services in the near future.</li> </ul><p>Midway Car Rental deployed ROSA units, <em>­<u>R</u>esponsive <u>O</u>bservation <u>S</u>ecurity <u>A</u>gents</em>, manufactured by Robotic Assistance Devices (RAD).</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> <p>“I have to tell you, I was a bit skeptical at first about these ROSA units,” said Perez. “You can stick an armed guard out there, but the idea that a technology device could provide both consistent monitoring and serve as a deterrent system seemed like a stretch. However, our two ROSAs are really helping us protect our assets. In very short order, our problem decreased and our situation has improved dramatically.”</p><p>ROSA is a compact, self-contained, security and communication solution that can be deployed in about 15 minutes. Its AI-driven security systems include human and vehicle detection, license plate recognition, responsive digital signage and audio messaging, and complete integration with RAD’s software suite notification and response library. Two-way communication is optimized for cellular, including live video from ROSA’s dual high-resolution, full-color, always-on cameras.</p><p>“The folks from RAD sent out an engineer to help us determine where to mount the ROSA units by identifying areas on our site that are most exposed to potential vandalism or other threats,” Perez said. The devices are highly visible, featuring scrolling LED text, colorful neon ribbons, and two video cameras.</p> <div id="div-gpt-ad-sidebar-mrect-mobile" class="advertisement"></div> <p>ROSA may be programmed to display welcome messages or marketing messages during business hours, along with a reminder to visitors that the property is under surveillance. When it detects the motion of humans or vehicles on the lot, it sends an alert to Perez and his team along with an associated video clip, keeping them well informed of activity happening in real-time.</p><p>During off-hours, ROSA's automated response kicks in. Its friendly daytime messaging is replaced with a more stern warning to trespassers. Upon detecting a human or moving vehicle, ROSA responds with flashing red lights and a visual warning to vacate the property immediately. If ROSA continues to detect a presence, more lights, sirens, and a pre-recorded audio message add a sense of urgency. Monitoring personnel, who have been alerted of the event and have access to live video, can also issue pointed commands over ROSA's loudspeaker. Ultimately, if the police must be summoned, the encounter has been thoroughly documented and recorded.</p><p>Perez described ROSA's effectiveness as a deterrent. "I've watched when people encounter the system. Initially, their reaction is one of shock and awe. When the unit goes off with its lights flashing and they hear those verbal commands, they’re terrified. They look like they've seen a ghost. Literally, in less than 10 days after we put those things out, the word had spread to stay away. The vagrants were gone. It was like night and day."</p><p>Currently, Midway's management has chosen to monitor the system themselves. Perez explained, "Initially, I was getting alerts somewhat often, but they quickly tapered off. At this point, they're infrequent. With just these two units in place, plus two more scheduled to go up in Newport Beach in the coming weeks, we can handle the monitoring independently. Within the next year or two, as we open new locations and add more units, we'll take advantage of RAD's monitoring services. We had that in mind when we went this route – that with our continued growth, we would eventually leverage that option."</p><p>"The system is very intuitive and customer-friendly," added Perez. "I've used other systems that are really cumbersome."</p><p>Perez elaborated, "Thanks to the ROSA units, we've addressed all sorts of issues. Damage to vehicles, graffiti on the exterior of the building, the homeless tampering with our electrical outlets to charge their phones, trash left around the property – that’s all gone since we put the ROSAs in. There are also important intangibles that you really can't put a price tag on, like an improvement in employee well-being and productivity because our staff now feels safe at work."   </p><p>The system's scalability and flexibility ensure that Midway's investment will continue to pay dividends. Perez says, "We're growing so fast, we're trying to put flagpoles in the markets where we identify a need, but that doesn't mean we're locking ourselves into long-term leases. Down the road, if we decide to move locations, our ROSAs move with us. We heavily factored their ability to easily install, uninstall, and re-install when deciding to go with this technology."</p><p>Consistent with Midway's plans, RAD's cloud-based software simplifies the management of multi-site systems. As new Midway locations open and ROSA units are installed, management and monitoring of all devices can occur through one login to the centralized RAD SOC dashboard. Alert notifications include the location of the activated unit.</p><p>Midway uses the ROSA units through RAD's subscription model. The company pays a monthly fee that covers unlimited use of the devices, software and software updates, maintenance, and technical support.</p></div>

<div class="body gsd-paywall article-body"><p style="margin-left: 31.5pt;">Whether on or offshore, the work and lifestyle of a remote rotational worker is unique. While lucrative for some, it has long been associated with a high impact on mental health and wellbeing. A groundbreaking global report from the International SOS Foundation and Affinity Health at Work, <a href="https://www.internationalsosfoundation.org/remote-rotational-worker-survey" target="_blank">‘Mental Health and the Remote Rotational Workforce’</a>, provides insight into the psychological impacts of this unique mode of working. The new study highlights evidence of the high level of suicidal thoughts, clinical depression, impacts on physical health (such as diet) and the impact of the COVID-19 pandemic on this workforce.</p><p style="margin-left:31.5pt;">Dr Rodrigo Rodriguez-Fernandez, Medical Director Wellness and NCD’s, International SOS, commented, “There is an urgent need for increased focus, understanding and strategies to mitigate mental ill health and promote better metal health of the remote rotational workforce. This is highlighted in our survey, which uncovers significantly high levels of critical mental ill health issues, including suicidal thoughts and depression. The COVID-19 environment has also added increased stress on this already pressured working arrangement.”</p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p style="margin-left:31.5pt;"><strong>Key study findings:</strong></p><ul> <li> <strong>40% of all respondents experienced suicidal thoughts on rotation some or all the time</strong>. 1 in 5 are feeling suicidal all or most of the time.</li> <li> <strong>29% met the benchmark for clinical depression whilst on-rotation</strong>.</li> <li> <strong>52% </strong>reported a decline in mood, and<strong> their mental health suffered whilst on rotation</strong>.</li> <li> <strong>62% had worse mental health than would be the norm in a population</strong>. While off rotation, this remains at a high of 31% experiencing lower mental health than the general population.</li> </ul><p style="margin-left:31.5pt;">The study also exposed that almost a quarter (23%) of the remote rotational workers surveyed experienced emotional exhaustion on a weekly basis. 46% experienced higher stress levels while on rotation and over half (57%) were not engaged in their work. 23% reported that they received no psychological support from their employers.</p><p style="margin-left:31.5pt;">Dr Rachel Lewis commented, “We would expect burn out to be between 2 to 13% in the general population, so the almost quarter that we see from the survey is particularly high. Burn out can have a serious impact both personally and professionally, on the ability of an individual to carry out their role. Remote rotational work may come with the perks of higher pay, but with its propensity to be isolating at the best of times. On and offshore, working pressures and varying shift patterns also add their weight. And this is not to mention the impact of the current pandemic, which has seen may remote workers unexpectedly away from family and friend networks for longer than anticipated.”</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> <p style="margin-left:31.5pt;"><strong>Impacts of the COVID-19 pandemic</strong></p><ul> <li>65% experienced increased job demands.</li> <li>56% increased working hours stress, anxiety.</li> <li>49% concerned for personal safety (before pandemic?).</li> <li>1/3 became increasingly lonely.</li> <li>23% had more negative physical symptoms (such as headaches and stomach issues).</li> <li>Over a third exercised less (35%).</li> <li>38% experienced worse-quality sleep (38%).</li> <li>Over a quarter (28%) were less able to eat a nutritious diet whilst working.</li> </ul><p>Dr Rodriguez-Fernandez continues, “Mental and physical health are intrinsically linked. Organizations and individuals with a Duty of Care to their remote rotational workers should have visibility and a plan of support for their workforce encompassing both.”</p><p>On the flipside, the majority of respondents felt that their health and safety was prioritized. They report a strong sense of community and support among co-workers and from managers. Many also felt that they could share their mental health concerns with colleagues.</p> <div id="div-gpt-ad-sidebar-mrect-mobile" class="advertisement"></div> <p>The report, along with practical recommendations on mitigation measures for companies is available <a href="https://www.internationalsosfoundation.org/remote-rotational-worker-survey" target="_blank">here</a>.</p></div>

<div class="body gsd-paywall article-body"><p>The headlines in state newspapers around the country tell the story of the impact COVID-19 is having on higher education campuses. Within the last two months, institutions including the University of West Virginia, the University of Missouri, Kings College, Michigan State, University of Chicago, Princeton University, Williams College, Spelman College, and American University have either gone fully online or have moved a large percentage of students to online studies and discounted tuitions to help them weather the financial impact of the pandemic.</p><p>The question of whether opening college campuses this fall was the safe and prudent move has also taken on some polarizing aspects reflective of the divisive political state of the nation. According to a recently released <a href="https://www.pewresearch.org/fact-tank/2020/10/26/americans-are-divided-on-whether-colleges-that-brought-students-back-to-campus-made-the-right-decision/">Pew Research Center survey</a> related to reopening the nation’s colleges and universities, it was found that Republicans and Democrats differ in their views about the severity of the public health crisis, restrictions on businesses and other public activities, and mask wearing. In the current poll, 74% of Republicans say schools that are currently providing in-person instruction made the right decision in bringing students back to campus this fall; only 29% of Democrats say the same.</p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p><strong>Ready Or Not, We Are Back – Sort Of</strong></p><p>However, the reality is that most institutions of higher learning have decided to open their campuses this fall regardless of the political rancor, adding the specter of a deadly pandemic to an already challenging campus security environment where campus shootings, physical violence to women and theft usually occupy the top threat metrics for college security administrators. Because college and university campuses have thousands of students and faculty traversing a wide swath of buildings all day, every day, having an access control solution that not only addresses the security aspect of this population, but now one that must also handle myriad safety and health concerns due to COVID-19 to lessen the likelihood of the virus spreading, is a top priority.</p><p>Unfortunately, the haphazard and inconsistent way both federal and state governments have approached guidelines and health enforcement mandates to control this deadly coronavirus has made the situation even more challenging. The uncertainty has already severely impacted the planning and mitigation efforts to subdue the virus and enhance the support of remote-based productivity and learning. With social distancing queues, mask requirements and detection monitoring just to name a few of the changes students are seeing, campus life had already begun to morph into something different because of increased security technology and monitoring. These changes have been accelerated as routine campus activities like large lecture hall discussions, Greek life and collegiate athletics have been quickly supplanted by mitigations such as COVID-intense temperature screening, contact tracing, occupancy controls and people tracking.</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> <p>Additionally, campus security and facility administrators are keen on reducing the surface touchpoints of their access control systems and door entrances.</p><p><strong>Touchless Access Control is No Stranger</strong></p><p>Touchless access control has been around for decades in the form of proximity access cards and biometrics like iris scanners, facial recognition, and other devices. But the current definition of touchless door access is simply the latest innovation in an ever-evolving method of safeguarding sensitive areas and securing students and staff.</p> <div id="div-gpt-ad-sidebar-mrect-mobile" class="advertisement"></div> <p>Touchless access control devices allow secured ingress and egress using a variety of technologies that can grant authorization to enter a certain area without requiring physical contact with a device or a shared unlocking apparatus like a key or an identification card. College and university campuses have been implementing touchless door access controls like mobile credential apps that reside on an employee’s smartphone that monitors their level of access authority into high-security areas like labs and data centers in recent years and have done the same with students who can now use their mobile app as a frictionless access device as well as a debit card. Biometrics are also gaining a higher profile because of their touchless nature in the form of facial recognition software and iris readers. Couple the access control modalities with innovations like doors that open automatically when an authorized person attempts to gain access, eliminating the need for door handles, a frictionless solution can be achieved.</p><p><strong>Let Me Show You The (Security) Door</strong></p><p>Another traditional and common use of touchless technology employed by college campuses are automatic sliding and swinging doors with hand-wave sensors. When it comes to new lobby designs in university buildings like libraries, administrative offices, student unions and sports arenas, touchless entry is no longer a suggestion but a requirement. Emerging COVID-19 safety mandates state that it is important that users not have to touch door surfaces, handles, knobs, and buttons if at all possible. It is also essential that any new lobby design must provide an automated entry experience without compromising on security.</p><p>The continued surge of the coronavirus pandemic has increased the urgency of extending the scope of touchless environments motivating many facilities to begin researching ways to make all their entrances automatic. One solution that has been considered is retrofitting existing manual swing doors with low-energy, electric operators, which are typically used with wide doors for disabled and wheelchair access. They must open a full, 90 degrees and then close slowly to allow the disabled to safely enter. While this can be an easy and timely fix, the issue with any automatic swinging or sliding doors is that they do not deter or detect the infiltration of unauthorized users via tailgating.</p><p>Other options like automatic, optical turnstiles allow contactless entry without compromising security. These turnstiles have swinging or sliding barriers that open for authorized users to proceed into a lane, and then close relatively swiftly. While it may not be practical to replace every swing door in a building with a turnstile, an alternative to consider would be deployment of the turnstiles at key locations inside a building as part of a layered physical security strategy. An extra layer of security that is integrated into security entrances is their ability to approve or deny access based on the data they receive from an access control system. While scanning an RFID employee badge/proximity card at a turnstile is a very common way of entering a building, other credential or identity verification technologies support touchless entry in addition to the biometrics previously mentioned like hand-wave technology for contactless fingerprint scanning and Bluetooth credential apps on mobile phones. Since these solutions may take a second or two to confirm identity, security planners should factor in this extra time when planning for the right throughput to accommodate traffic needs.</p><p>While security entrances are an effective way to deter, detect and prevent unauthorized entry due to tailgating, their safety can also be enhanced with antimicrobial finishes or special films to control germs and kill microbes on contact, in addition to regular cleaning and disinfecting.</p><p> </p><p><strong>And a Turnstile Shall Lead Them</strong></p><p>As the need for social distancing increases and university security staffing could be impacted by possible budget cuts, having the ability to monitor and control student and staff traffic in certain buildings with less security personnel on duty is an advantage. Optical turnstiles are automatic solutions that can be outfitted with automatic swinging or sliding barriers and touchless credential readers for hands-free entry. To support social distancing and decreased building occupancy levels now, organizations could install a large array of optical turnstiles to handle future building traffic, and then “turn off” every other turnstile now, forcing users to spread out. This allows a facility to build and design for long-term occupancy needs, while also addressing current needs during a pandemic. Another health and safety approach for new construction is to plan to stagger or fan out the turnstiles and use railing and glass in between them. Keep in mind that optical turnstile solutions will issue an alarm when tailgating or unauthorized entry happens and are therefore most effective when used in conjunction with nearby guard staff to confront intruders. Other technologies that can increase security and entry efficiency are security cameras, elevator dispatch systems and visitor management systems.</p><p> </p><p><strong>Looking Ahead</strong></p><p>The tsunami of innovative and new touchless access control technologies like wave-to-open door sensors, mobile credentials, contactless fingerprint sensors, iris scanners, facial recognition, various types of wearables and touchless turnstiles and security revolving doors demonstrate the just how adaptable the security marketplace is when faced with a crisis. These new alternatives to traditional access control offer colleges and universities – and other organizations – an opportunity to change the safety and security footprint of their facilities and help earn back the confidence and trust of students and staff to return to a safer campus.</p><p><strong>This article originally ran in <em>Security</em>, a twice-monthly security-focused eNewsletter for security end users, brought to you by <em>Security</em> Magazine.</strong> <u><a href="https://bnp.dragonforms.com/init.do?pk=W.HOME&amp;omedasite=BNP6090_Vtnew">Subscribe here</a></u>.</p></div>

<div class="c-article__content js-reading-content"> <p>A Texas man has been charged with plotting a bombing of Amazon Web Services in a quest to allegedly “kill off the internet.”</p> <p>Seth Aaron Pendley was arrested in Ft. Worth after allegedly attempting to get an explosive device from an undercover FBI employee in a sting. The feds were alerted to Pendley after a concerned citizen contacted them on Jan. 8 about posts from Pendley on MyMilitia.com, a forum dedicated to organizing militia groups.</p> <p>According to <a href="https://www.justice.gov/usao-ndtx/pr/texas-man-charged-intent-attack-data-centers" target="_blank" rel="noopener">an announcement</a> from the Department of Justice issued Friday, “a user who went by the screenname ‘Dionysus’ stated he was planning to ‘conduct a little experiment,’ that he said would ‘draw a lot of heat’ and could be ‘dangerous.’ When another user asked what outcome Dionysus desired, he responded, ‘death.'”</p> <p><a href="https://threatpost.com/newsletter-sign/"><img loading="lazy" class="aligncenter wp-image-141989 size-full" src="https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg" alt="" width="700" height="50"></a></p> <p>The concerned citizen provided the FBI with that user’s email address, which law enforcement traced back to Pendley.</p> <p>The news comes as conversations and headlines are ongoing about privacy, and the role of forums and social media in spreading disinformation and enabling crime or domestic terrorism. For instance, in February researchers from the Digital Citizens Alliance (DCA) and the Coalition for a Safer Web (CSW) found multiple sellers, based both in the U.S. and internationally, offering to <a href="https://www.digitalcitizensalliance.org/clientuploads/directory/Reports/A_Shot_from_the_Darkest_Corner_of_the_Internet_Report.pdf" target="_blank" rel="noopener">illegally sell COVID-19 vaccines</a> [PDF] on Facebook and Telegram.</p> <p>According to authorities, in late January, Pendley started sending messages to another confidential source using the Signal encrypted service. Allegedly, he told the source that he planned to use C-4 plastic explosives to attack AWS data centers in an attempt to “kill off about 70 percent of the internet.”</p> <p>Pendley also boasted on Facebook about taking part in the U.S. Capitol insurrection on Jan. 6.</p> <p>“In private messages, he allegedly told friends that although he did not actually enter the Capitol building, he did reach the platform, where he swiped a piece of glass from a broken window and interacted with police,” according to the DoJ. “He said he brought a sawed-off AR rifle to D.C., but left the weapon in his car during his movement to the Capitol.”</p> <p>On March 31, the confidential source introduced Pendley to an undercover FBI employee posing as an explosives supplier. The employee recorded conversations in which Pendley allegedly said he planned to attack infrastructure that he believed provided services to the CIA, FBI and other federal agencies, to bring down “the oligarchy” controlling the United States.</p> <p>On April 8, Pendley met with the undercover agent again purportedly to pick up bombs (however, the agent delivered inert devices). After the agent showed Pendley how to supposedly arm and detonate the devices, Pendley loaded them into his car, at which point he was arrested.</p> <p>“We are indebted to the concerned citizen who came forward to report the defendant’s alarming online rhetoric. In flagging his posts to the FBI, this individual may have saved the lives of a number of tech workers,” said acting U.S. attorney Prerak Shah. “We are also incredibly proud of our FBI partners, who ensured that the defendant was apprehended with an inert explosive device before he could inflict real harm. The Justice Department is determined to apprehend domestic extremists who intend to commit violence, no matter what political sentiment drives them to do so.”</p> <p>If convicted, Pendley faces up to 20 years in federal prison.</p> <p>“We would like to thank the FBI for their work in this investigation,” AWS said in a media statement. “We take the safety and security of our staff and customer data incredibly seriously, and constantly review various vectors for any potential threats. We will continue to retain this vigilance about our employees and customers.”</p> <p>When it comes to the regulation of tech platforms, 40 percent of Americans in a recent survey emailed to Threatpost from NordVPN think governments should be allowed to break up big tech, and nearly two-thirds (63 percent) think the government should be allowed to fine tech companies for privacy infractions. And, about 66 percent of Americans want disinformation removed from the platforms they use.</p> <p><strong><em>Ever wonder what goes on in underground cybercrime forums? Find out on April 21 at 2 p.m. ET during a </em></strong><strong><em><a href="https://threatpost.com/webinars/underground-markets-a-tour-of-the-dark-economy/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=April_webinar" target="_blank" rel="noopener" data-saferedirecturl="https://www.google.com/url?q=https://threatpost.com/webinars/underground-markets-a-tour-of-the-dark-economy/?utm_source%3DART%26utm_medium%3DART%26utm_campaign%3DApril_webinar&amp;source=gmail&amp;ust=1617825822876000&amp;usg=AFQjCNHZwo9hV4qeXe8sSUICKdoUPZZxJg">FREE Threatpost event</a></em></strong><strong><em>, “Underground Markets: A Tour of the Dark Economy.” Experts will take you on a guided tour of the Dark Web, including what’s for sale, how much it costs, how hackers work together and the latest tools available for hackers. </em></strong><strong><em><a href="https://threatpost.com/webinars/underground-markets-a-tour-of-the-dark-economy/?utm_source=ART&amp;utm_medium=ART&amp;utm_campaign=April_webinar" target="_blank" rel="noopener" data-saferedirecturl="https://www.google.com/url?q=https://threatpost.com/webinars/underground-markets-a-tour-of-the-dark-economy/?utm_source%3DART%26utm_medium%3DART%26utm_campaign%3DApril_webinar&amp;source=gmail&amp;ust=1617825822876000&amp;usg=AFQjCNHZwo9hV4qeXe8sSUICKdoUPZZxJg">Register here</a></em></strong><strong><em> for the Wed., April 21 LIVE event. </em></strong></p> <p> </p> <footer class="c-article__footer"> <div class="c-article__footer__container"> <div class="c-article__footer__col"> <a href="#discussion" class="c-button c-button--secondary">Write a comment</a> </div> <div class="c-article__footer__col"> <div class="c-article__sharing"> <p><strong>Share this article:</strong></p> <nav class="c-nav-sharing"> <div class="social-likes social-likes_notext" data-title="Man Arrested for AWS Bomb Plot" data-url="https://threatpost.com/man-arrested-for-aws-bomb-plot/165351/" data-counters="yes" data-zeroes="yes"><div class="facebook" title="Share via Facebook"></div> <div class="twitter" title="Share via Twitter"></div><div class="linkedin" title="Share via LinkedIn"></div> <div class="reddit" title="Share via Reddit"></div> <div class="flipboard" title="Share via Flipboard"></div> </div> </nav> </div> </div> </div> <div class="c-article__footer__container"> <div class="c-article__footer__col"></div> <div class="c-article__footer__col"> <ul class="c-list-categories"> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/cloud-security/">Cloud Security</a></li> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/government/">Government</a></li> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/privacy/">Privacy</a></li> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/web-security/">Web Security</a></li> </ul> </div> </div> </footer> </div>

MINNEAPOLIS--(BUSINESS WIRE)--Entrust a global leader in trusted identity, payments and data protection, has announced its HyTrust CloudControl solution now an Entrust business now supports VMware Cl… [+3571 chars]

Over five lakh Huawei users reportedly downloaded apps from Huawei's official app store thinking they were legitimate apps, only to get infected with the notorious Joker malware.  According to a repo… [+2272 chars]

<div class="c-article__content js-reading-content"> <p>After embarking on a second unforeseen year of mass remote work, everyone is now accessing corporate resources through the cloud. To help enable this, organizations are introducing new technologies into their standard workflows. The COVID-19 pandemic presented a new realm of unmarked territory as businesses quickly, and almost haphazardly, shifted all employees offsite. Corporate networks were unprepared to handle this new caliber of remote access, and significant security gaps were created along the way. But, organizational and individual data access to corporate and personal information began to evolve long before the pandemic.</p> <p>We want access to anything, from anywhere, on any device. To securely enable that desire, security teams already needed visibility into every device that accessed their corporate infrastructure and data. However, the pandemic catapulted this need to the top of every business leader’s mind, and the ability to block unhealthy devices that put an organization’s security at risk has never been more necessary. Now, with operations shifting almost entirely to the cloud for many, mobile workers have access to much more than just email. This access, however, comes with significant risks.</p> <p>Zero trust, which is rooted in the idea that no device is secure until proven otherwise, has become a widely accepted technical framework as businesses strive to monitor and maintain networks’ health with widely distributed endpoints. This philosophy should be applied to any device that interacts with your network, the most precarious of which are our mobile phones and tablets. With work increasingly being conducted outside the reach of legacy perimeter systems, there is no effective way to determine who or what device you can trust.</p> <p>To implement an effective zero-trust strategy, organizations must first accept three key factors:</p> <ol> <li>Your network is now in every home office</li> <li>Legacy and traditional security technologies do not apply.</li> <li>Mobile devices cannot be trusted.</li> </ol> <h2><strong> </strong><strong>Zero Trust and Personal Devices</strong></h2> <p>Bring your own device (BYOD) is another factor of remote work triggered long before COVID-19 uprooted the global workforce. In fact, Gartner predicted in 2018 that at least “80 percent of worker tasks” would shift to mobile devices by 2020. As this shift took place, mobile users and the organizations that support them must become acutely aware of the added risks posed by reliance on their smartphones and tablets.</p> <p>The mobile device that an employee uses to access their corporate data in platforms such as Google Workspace or Office 365 might be used later to browse social media or download a new app for personal use. These actions present new opportunities for the employee to be phished or introduce malware into their network. Many consumer-focused applications can be easily compromised, leaving the user’s data, and the corporate data they access from that same device, exposed. A robust approach to combating this risk is to deploy a zero-trust security model.</p> <h2><strong>Zero Trust and Cloud Security</strong></h2> <p>At this point, most organizations are embracing the benefits of cloud services to better enable the workforce and modernize their infrastructure. In doing so, they’re also enabling access to sensitive data from any device regardless of whether they manage it or not. This paradigm shift means legacy security strategies that rely on securing the four walls of the office are aging out, and security and mobility teams need to modernize their security strategy to include mobile zero trust if they want to keep up.</p> <h2><strong>Embracing Zero Trust</strong></h2> <p>Mobile devices are the cornerstone of what makes remote work so practical. They also present a new challenge to security teams that haven’t modernized their security strategy to include mobile devices. Since traditional perimeter security is outdated, security teams must move their critical functions to the mobile endpoint and secure data from wherever it is accessed. Zero trust strengthens and modernizes endpoint security by ensuring any device with access to corporate information is routinely evaluated for risk before being trusted. Mobile needs to be part of that.</p> <p><em><strong>Hank Schless, is senior security solutions manager at Lookout.</strong></em></p> <p><em><strong>Enjoy additional insights from Threatpost’s InfoSec Insider community by </strong></em><a href="https://threatpost.com/microsite/infosec-insiders-community/" target="_blank" rel="noopener"><strong><em>visiting our microsite</em></strong></a><em><strong>.</strong></em></p> <p> </p> <p> </p> <p> </p> <p> </p> <footer class="c-article__footer"> <div class="c-article__footer__container"> <div class="c-article__footer__col"> <a href="#discussion" class="c-button c-button--secondary">Write a comment</a> </div> <div class="c-article__footer__col"> <div class="c-article__sharing"> <p><strong>Share this article:</strong></p> <nav class="c-nav-sharing"> <div class="social-likes social-likes_notext" data-title="Zero Trust: The Mobile Dimension" data-url="https://threatpost.com/zero-trust-mobile-dimension/165349/" data-counters="yes" data-zeroes="yes"><div class="facebook" title="Share via Facebook"></div> <div class="twitter" title="Share via Twitter"></div><div class="linkedin" title="Share via LinkedIn"></div> <div class="reddit" title="Share via Reddit"></div> <div class="flipboard" title="Share via Flipboard"></div> </div> </nav> </div> </div> </div> <div class="c-article__footer__container"> <div class="c-article__footer__col"></div> <div class="c-article__footer__col"> <ul class="c-list-categories"> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/cloud-security/">Cloud Security</a></li> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/infosec-insider/">InfoSec Insider</a></li> <li><a class="c-label c-label--secondary-transparent" href="https://threatpost.com/category/mobile-security/">Mobile Security</a></li> </ul> </div> </div> </footer> </div>

Home &gt; News &gt; Training &gt; Security Considerations When Taking Your Business OnlineEcommerce has experienced a boom in recent years, becoming near-essential last year in particular, meaning th… [+2431 chars]

Hummingbird Salamander, it should be said straightaway, is a pulpy page-turner with as many twists, double-crosses, and mystery-box riddles as one of Dan Browns gimcrack potboilers. Its not a fair co… [+6129 chars]

<div class="body gsd-paywall article-body"><p>Marriott International’s largest Marriot property in the world, the Gaylord Opryland Resort and Convention Center in Nashville needed a security upgrade at its sprawling campus to enhance security and efficiency and its risk management operations.</p><p>Marriott International Inc. is the largest hospitality company in the world, and the Gaylord Opryland Resort and Convention Center is the largest Marriott-managed property in the world. Located in Nashville, Tennessee, Gaylord Opryland offers visitors the chance to experience Music City under a single roof. The 700,000-square-foot resort encompasses a sprawling campus, including a hotel with more than 3,000 suites and rooms, a smaller adjacent hotel with more than 300 rooms, a golf course, waterpark, Delta flatboat, 15 restaurants, multiple convention facilities, and a Garden Conservatory that includes waterfalls and nine acres of indoor gardens.</p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>Gaylord Opryland Resort’s Safety and Security Director Greg Pezzo and his team work to ensure the safety and security of the 2,500-member staff and hundreds of thousands of guests each year at the Gaylord Opryland and at the nearby 300-room Inn at Opryland. Pezzo is responsible for managing the day-to-day operations of the resort's fire system, security patrol and video surveillance system. He is also the manager responsible for dealing with claims against the resort and worker's compensation issues. Pezzo has been with the Marriott organization for more than 23 years and has been at the Gaylord Opryland Resort for the last four years. He describes himself as a “risk management professional for the whole resort, dealing with claims, the local police department, fire patrol, event security, and safety.”</p><p>Ryman Hospitality, the organization that owns Gaylord Brand Hotels, decided to embark on a detailed risk assessment of their properties in 2017. Among other areas of improvement, after evaluating several years of resort data that included traffic patterns and incident locations, third-party assessors discovered that surveillance systems were lacking in all of the hotels, including at the Gaylord Opryland Resort.</p><p>As a result of the risk assessment, ownership decided to invest in a complete security upgrade of all its hotels and chose the Gaylord Opryland as its test case. The strategy was to use Opryland as the model and eventually upgrade the other five Gaylord hotels following its success.</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> <p>"We had cameras that weren't working. We had cameras installed in the wrong areas. It was very difficult to play back and extract video — and when we could get video out of the system, it was so poor it wasn't usable," Pezzo says. "It was an abysmal system for a property of this size and complexity."</p><h3> <br> <span style="color:#B22222;"><b>A State-of-the-Art Upgrade</b></span> </h3><p>The resort invested in additional security staff and new security vehicles. They also committed to investing nearly $2.5 million in a new video surveillance system, which included 1,500 cameras from Hanwha Techwin, system servers and video analytics — managed by the open platform XProtect Corporate video management software (VMS) from Milestone Systems.</p><p>"We needed to significantly increase our video coverage throughout the property," Pezzo explains. "We needed high-quality cameras, a video-optimized network server system, and an easy-to-use VMS system. And we needed to partner with an integration professional who could bring it all together."</p> <div id="div-gpt-ad-sidebar-mrect-mobile" class="advertisement"></div> <p>Working with integrator Herring Technology, the team deployed its new solution from November 2019 until September 2020. The resort purchased a variety of Hanwha cameras, including 145 XND-6010 full HD cameras with video analytics, 182 Q series indoor and outdoor dome cameras with IR, and more than 20 PNM 7000 and 9000 multi-directional cameras.</p><p>According to Pezzo, one of the main functions of the upgraded system is protecting the resort against false claims.</p><p>"Our main objective for a video system is to help mitigate false claims and protect against liability from other potential lawsuits. Marriott is a big target and claims are expensive, so this is where our ROI comes in," Pezzo says. "With an effective camera system like we have now, we're able to see if there are inaccuracies in a claim, perhaps we can see where a guest simply tripped on their own or was doing something silly that caused an injury. Or, in the worst case, we can see where someone simply laid down on the floor and is claiming that they slipped. Having these events captured in high-quality video is nearly priceless.</p><p>He continues, “Our new cameras provide excellent overall quality and digital zoom. The 4K cameras are amazing — we've never seen a clearer image. If there's an event or claim, with the Milestone VMS we can easily call up and share recorded video to see exactly what happened. In fact, on the very first day we had a camera installed, someone fell. They tried to make a claim, but we could see that they simply stumbled over their own feet, and there was nothing about the floor that contributed to the fall."</p><p>The security team ensured cameras were placed in high-volume areas where they had experienced problems in the past and also where they didn’t have cameras previously. They also looked at their own data relating to theft and other incidents to help determine camera location. In areas where they needed a better view, they chose 4K resolution cameras for a clearer picture.</p><p>As for the servers behind the system, the team installed 21 Dell RAID 6 units with 192 terabytes, each for a total of 3.6 petabytes of storage. Four Dell video wall servers run the Milestone Smart Wall, which uses 18 monitors with 55-inch 4K displays. An additional set of four Dell servers are being installed for future use with the BriefCam video analytic software.</p><p>"Already, we're able to track someone as they move around the property — it's very impressive," Pezzo says of the video analytic software. "BriefCam is still new to us, but we're really excited to utilize that software much more in the future, especially when we can get back to hosting large events."</p><p>He adds, “The ability to see an individual this clearly as they move through our spaces is incredible. In the past, we would lose people in uncovered sections. They would just disappear. But that doesn’t happen anymore.”</p><p> </p><h3><span style="color:#B22222;"><b>Technology: Doing More With Less</b></span></h3><p>Improved visibility is another major benefit of the upgrade and provides the resort’s security team with an expanded view of the property. For example, previously, a single camera in the lobby could only provide coverage for one door. Now, one camera is able to cover six. In other high-volume locations, like the valet area, the resort has deployed multi-sensor cameras that provide a clear 360-degree view.</p><p>And these features have come in handy during COVID-19. Pezzo explains that in the face of the pandemic, his team has not only dealt with a reduction in visitors and guests, but also a reduction in staff. The new video system allows the smaller security group to continue to cover the entire property. Pezzo has dispatchers around the clock who monitor the video system in real-time, as well as an investigator who reviews recorded video of anything out of the ordinary, such as a car parked in a restricted area or a trespasser in a back-of-house area. Motion detection tools built into the VMS help with this type of surveillance.</p><p>"We never had motion detection before, and it has helped us greatly with our staffing levels," says Pezzo. “We can use motion detection to cover areas late at night where we know nobody should be. When a person walks into one of these motion cover areas, the VMS alerts us, and we can dispatch a security person to the location."</p><p>The Milestone Smart Wall system helps each shift of operators manage their camera views, Pezzo adds. Depending on the time of day, each of the three operator shifts needs to monitor different cameras. The video wall is set up to automatically switch camera views with each shift change. There are times when a single operator is looking at 13 screens with more than 100 camera views, which can be a daunting task.</p><p>Additionally, Pezzo and his team use the XProtect LPR, which is software that reads license plate information from vehicles and links the license plate information with video. Pezzo uses the license plate recognition feature to manage ridesharing drivers who frequent the property. While rideshare services are allowed, the resort has designated pick-up and drop-off areas with 10-minute parking limits. The LPR technology identifies rideshare vehicles as soon as they enter the property, helping staff to track drivers who exceed parking time limits, or become a nuisance by littering or bothering guests.</p><p>For the Gaylord Opryland Resort, the upgrade has had an immediate impact. For 2021, the resort plans to invest in more new cameras as the budget becomes available.</p></div>

<div class="body gsd-paywall article-body"><p>Wales, part of the U.K. is establishing eight innovation and resilience hubs across the country to help farmers, organizations and communities prepare and respond to drought in order to remain resilient. </p><p>In Southern New South Wales, they are planning the opening of a Drought Resilience Adoption and Innovation Hub for their region.</p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>The hubs will support development and uptake of innovative technologies and practices that improve drought resilience, according to the Minister for Agriculture, Drought and Emergency Management David Littleproud.</p><p>In South Wales, Charles Sturt University, will also oversee the co-design with farmers and communities of these projects to ensure needs are met within the region to attain resiliency and continuity in the event of a natural disaster such as drought.</p><p>“Drought Resilience Adoption and Innovation Hubs have come about through the forward-thinking Future Drought Fund – a long term, sustained investment of $100 million each year to build drought preparedness,” Minister Littleproud <a href="https://www.miragenews.com/a-drought-resilience-adoption-and-innovation-542449/" target="_blank">said</a>. “The Southern New South Wales Hub will be a shopfront for farmers to access innovative technologies and practices that enable them to be more prepared and resilient to drought."</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> </div>

<div class="body gsd-paywall article-body"><p>In recognition of National Supply Chain Integrity Month, the Cybersecurity and Infrastructure Security Agency (CISA) is partnering with the Office of the Director of National Intelligence (ODNI), the Department of Defense, and other government and industry partners to promote a call to action for a unified effort by organizations across the country to strengthen global supply chains.</p><p><a id="_Hlk68098403" name="_Hlk68098403">Information and communications technology (ICT) </a>systems underpin a broad range of critical infrastructure activities that support critical functions within our communities, such as generating electricity, operating hospitals, and supplying clean water. If vulnerabilities in these systems and their critical hardware and software are exploited, the consequences can have cascading impacts across organizations, sectors, and <a href="https://www.cisa.gov/national-critical-functions">National Critical Functions</a>.</p> <div id="div-gpt-ad-article-body-sky-mobile" class="advertisement"></div> <p>“As the number of sophisticated cyberattacks increase, we’re reminded that supply chain security in not a nice to have, but an urgent necessity,” said CISA Assistant Director Bob Kolasky. “Government and industry must work together to strengthen and enhance the security and safety of our critical infrastructure and the associated supply chains that support the resilience of our nation.”</p><p>Throughout the month of April, CISA will promote resources, tools, and information, including those developed by the public-private <a href="https://www.cisa.gov/ict-scrm-task-force">ICT SCRM Task Force</a>, to help organizations and agencies integrate SCRM into their overall security posture. CISA themes for each week include:</p><ul> <li>Week 1: <a href="https://www.cisa.gov/blog/2021/04/01/april-national-supply-chain-integrity-month">Building Collective Supply Chain Resilience</a>,<a id="_Hlk67429134" name="_Hlk67429134"></a> </li> <li>Week 2: Assessing ICT Trustworthiness,</li> <li>Week 3: Understanding Supply Chain Threats, and</li> <li>Week 4: Knowing the Essentials.</li> </ul><p>Here's what security executives had to say in honor of National Supply Chain Integrity Month:</p> <div id="div-gpt-ad-sidebar-sky-mobile" class="advertisement"></div> <p><strong>Dave Stapleton, CISO, <a href="https://www.cybergrx.com/">CyberGRX</a>:</strong></p><p>“Leadership by the U.S. government is key as these security initiatives will require broad public/private partnership in order to be effective. I think this resonates with our thoughts on the need for a collaborative approach to addressing a global issue like TPCRM. Also, I like the fundamentals that the NCSC recommended: </p><ul> <li>“Diversify Supply Chains”</li> <li>“Mitigate Third-Party Risks”</li> <li>“Identify and Protect Crown Jewels”</li> <li>“Ensure Executive-Level Commitment”</li> <li>“Strengthen Partnerships”</li> </ul><p> </p><p><strong>Jack Mannino, CEO at </strong><a href="https://nvisium.com/"><strong>nVisium</strong></a><strong>:</strong></p> <div id="div-gpt-ad-sidebar-mrect-mobile" class="advertisement"></div> <p>“Supply chain security will remain a front and center issue for many organizations as the fallout from recent incidents continue to unfold. In addition to traditional software security testing techniques such as code reviews and penetration testing, an increasing number of organizations may be interested in understanding how software behaves through malicious code reviews. These types of tests explore the likelihood that software contains embedded malware, through malicious code commits or by compromised third-party dependencies.”</p><p> </p><p><strong>Yaniv Bar-Dayan, CEO and co-founder at </strong><a href="https://vulcan.io/"><strong>Vulcan Cyber</strong></a><strong>:</strong></p><p>“When a third-party tool is used to breach a business it is usually only a foot in the door. The real damage occurs if the internal systems are also vulnerable and exploitable. Never trust a single layer of protection. Remediate vulnerabilities as quickly as possible and double check that patches are being applied and mitigating actions are being taken. Considering the massive growth and scale of digital systems, and the exponential increase of vulnerabilities every year, this isn’t an easy job but it is possible to succeed.”</p><p> </p><p><strong>Vishal Jain, Co-Founder and CTO at </strong><a href="https://www.valtix.com/"><strong>Valtix</strong></a><strong>:</strong></p><p>“The need for securing supply chains has been accelerated by Covid and enterprises accelerating their digital transformation. Enterprise Infosec teams need to maintain proper checks and balances when exposing their internal valuable assets, aka the keys to the kingdom, to supply-chain vendors and 3rd party services. We have seen too many times in the past, SunBurst from SolarWinds being in recent times, that attacker enters the front gate of the organization exploiting some vulnerability in their supply change vendor. Once those assets get infected, malware can now move laterally via the network and eventually to the crown jewel holding critical data. Malware on the crown jewel connects to the command-n-control center and exfiltrates critical data out to the hacker.</p><p><br> Enterprises need to follow a layered defense approach to protect their assets when a breach occurs via supply chain vendor. They need to have zero-trust security built in with necessary controls to prevent lateral movement of threats (to reduce the blast radius) and egress filtering to prevent data exfiltration. Enterprises also need to evaluate moving to Cloud based services. Cloud is more secure than their on-prem data center when appropriate cloud security controls are in place. Enterprises also need to ensure that supply chain vendors they use follow the best security practices.”</p><p> </p><p><strong>John Hellickson, CxO Advisor, Cyber Strategy at</strong> <a href="https://www.coalfire.com/"><strong>Coalfire</strong></a><strong>:</strong></p><p>“The topic of supply chain security is often more important than we as an industry give it. Until the organization is impacted by a supplier, they themselves are the supplier who has impacted their customers, or a serious event occurs across a given sector that raises concerns by executives or the Board if they were also impacted. There are a lot of elements of a highly mature program which could be daunting when building a program from scratch, however, the larger the organization the more likely there will be elements of existing risk management practices in place that one could build upon. </p><p>A decent supply chain risk program would include elements of Enterprise Risk, Third Party Risk, Cyber Risk, Business Continuity and Physical Security, and a leader in this space would need to also partner with procurement and product teams. When performing discovery &amp; analysis on what is critical to the business, often informed by Business Impact Analyses (BIAs) performed within Business Continuity programs, it is important to tier vendors &amp; suppliers accordingly. When it comes to suppliers, understanding threats facing supply chains is key. Threats such as physical tampering, inadvertent use of sensitive data, IP theft / piracy, theft / inventory manipulation, and remote infrastructure access are examples that could have an impact on supply chain risk. </p><p>When performing due diligence and risk assessments on suppliers &amp; vendors, it has become more relevant to leverage senior cybersecurity resources such as security architects &amp; engineers to participate in more technical assessments of embedded systems that could be exploited within the supply chain. The type of skills these engineers/architects bring can complement the traditional auditors that are often tied to Governance, Risk and Compliance functions of an organization.</p><p>Overall, for many organizations, supply chain security should be a specific topic within enterprise risk committees, while having a dedicated focus within the organization.”</p><p> </p><p><strong>Joseph Carson, chief security scientist and Advisory CISO at </strong><a href="http://www.thycotic.com/" target="_blank"><strong>Thycotic</strong></a><strong>:</strong></p><p>“Organizations have less control and visibility over the actual security that supply chains have put in place. For the most part, this tends to only be covered in legal contracts, rather than a true security risk assessment.  Organizations must prioritize privileged access security to reduce the risks exposed in their supply chain security.      </p><p> </p><p><strong>Michael Isbitski, Technical Evangelist at </strong><a href="https://salt.security/"><strong>Salt Security</strong></a>:</p><p>“No longer can organizations delay patching critical, known vulnerabilities because of concerns over outages, the impact on production users, or the loss of oversight of a system. Unpatched systems are leaving important elements of the IT stack vulnerable, especially APIs, which attackers are increasingly targeting these days since they route traffic directly to valuable data and services.</p><p>There may be many cloud services (and in turn, APIs and data) that an organization is unaware of. These may be used by their own employees or in turn the partners they work with. We hear a lot of this expansion of partner ecosystems and concerns over the digital supply chain.”</p><p> </p></div>

Elon Musk, founder of SpaceX and chief executive officer of Tesla Inc., arrives at the Axel Springer Award ceremony in Berlin, Germany, on Tuesday, Dec. 1, 2020. The second quarter of 2021 is underw… [+10034 chars]

Fifty years ago, the streets around Dhaka University were strewn with corpses of students and intellectuals killed by the Pakistani armed forces, which went around the dormitories looking for Bengali… [+12866 chars]

Fifty years ago, the streets around Dhaka University were strewn with corpses of students and intellectuals killed by the Pakistani armed forces, which went around the dormitories looking for Bengali… [+12866 chars]